No organisation is breach-proof: we all know that the odds are stacked too high in the attackers’ favour. However, by following industry best practices we can make it as difficult as possible for hackers, and discourage all but the most determined and well resourced. That’s why it will dismay many in the industry to learn that Equifax knew about the vulnerability that it claims led to a massive breach at the firm this year, all the way back in March. However, it was apparently only fully patched months later once the damage had been done.
Given the scale of the breach, and the fact the firm could have been hit with fines of over $60m under the forthcoming GDPR regime, this should serve as yet another cautionary tale to IT leaders. Best practice security, including effective patch management, is called “best practice” for a reason. Continue reading →
The EU General Data Protection Regulation (GDPR) is one of the most important and far-reaching pieces of legislation ever to come out of Brussels. That’s part of the reason so much has already been written about it. But before you reach GDPR-saturation point, consider new findings from a comprehensive new Trend Micro study which has revealed a worrying lack of leadership from senior executives when it comes to compliance efforts.
More concerning still, three-quarters (73%) of UK IT bosses we spoke to weren’t even aware of the potentially huge fines in store for non-compliance. With a 25 May 2018 deadline fast-approaching, time is running out. Continue reading →
As the Internet of Things (IoT) permeates further into our everyday lives, the potential for hackers to line their pockets and even disrupt key critical infrastructure moves increasingly from theory to practice. We’ve already seen Ukrainian power stations crippled by malware, connected car vulnerabilities reach crisis point and even smart baby monitors hacked.
Voice assistants are the latest piece of the IoT ecosystem to come under scrutiny. A new Trend Micro infographic highlights the key privacy issues, vulnerabilities and attack scenarios which could affect smart home users. For those IT and business leaders looking for more guidance, check out our CLOUDSEC conference next week. Continue reading →
Any IT security professional expecting a quiet summer this year will have been bitterly disappointed. From the global destruction wreaked by NotPetya in June to revelations of a dangerously widespread flaw in the IoT ecosystem the following month, there’s been plenty keep the white hat community busy. Most recently, WikiLeaks has publicised yet another CIA attack tool, this time one designed to capture video from connected cameras. The sheer volume of threats discovered on an almost weekly basis can be mind-boggling. Continue reading →