As the Internet of Things (IoT) permeates further into our everyday lives, the potential for hackers to line their pockets and even disrupt key critical infrastructure moves increasingly from theory to practice. We’ve already seen Ukrainian power stations crippled by malware, connected car vulnerabilities reach crisis point and even smart baby monitors hacked.
Voice assistants are the latest piece of the IoT ecosystem to come under scrutiny. A new Trend Micro infographic highlights the key privacy issues, vulnerabilities and attack scenarios which could affect smart home users. For those IT and business leaders looking for more guidance, check out our CLOUDSEC conference next week. Continue reading →
Any IT security professional expecting a quiet summer this year will have been bitterly disappointed. From the global destruction wreaked by NotPetya in June to revelations of a dangerously widespread flaw in the IoT ecosystem the following month, there’s been plenty keep the white hat community busy. Most recently, WikiLeaks has publicised yet another CIA attack tool, this time one designed to capture video from connected cameras. The sheer volume of threats discovered on an almost weekly basis can be mind-boggling. Continue reading →
It’s difficult to even discuss data breaches today without referencing the European General Data Protection Regulation (GDPR). With less than a year to go, it is a major area of focus for UK IT leaders keen to avoid mandatory breach notifications and potentially astronomical fines. Yet breaches aren’t all about the customer data governed by the GDPR, as HBO found out this week. Hackers have reportedly made off with 1.5TB of data from the US TV network, uploading a script from an upcoming Game of Thrones episode and two full episodes.
It’s a good example of why IP theft-related risk should be just as big a driver of improving cybersecurity as attacks targeting customer data. Fortunately, attendees at this year’s much anticipated CLOUDSEC event will have some great learning opportunities designed to help them bolster defences against just such attacks. Continue reading →
Security experts have for years been urging organisations to adopt a data breach posture of “not if but when”, and to develop and test incident response plans accordingly. With sweeping new EU regulations coming into force early next year, those plans have never been more important. For those CISOs looking for a real-world example of what can happen when things go awry, look no further than the cautionary tale of automobile giant the AA. Continue reading →