Tag Archives: CLOUDSEC London

As millions more records hit the dark web, CLOUDSEC offers best practice security advice

by Ian Heritage

The cybercrime economy has an insatiable appetite. It’s a beast that generates an estimated $1.5 trillion each year, feeding in part off stolen data grabbed in large-scale breaches. Over the past few years both organisations and consumers have arguably become desensitised to these, although with the advent of the GDPR there’s a major new incentive for boards to take security seriously. The latest incidents at CafePress and StockX serve as a depressing reminder that firms are still getting things wrong.

If you are an IT/security leader and need a refresher in current best practices for data security and incident response, Trend Micro’s CLOUDSEC conference next month could offer a great opportunity.

Focus on response
No organisation can expect to be 100% secure today. The odds are stacked too heavily in favour of the attacker. But they can be quick to react to a possible intrusion, blocking and kicking out the hackers before they’ve had a chance to impact the business. Yet both CafePress and StockX have come under criticism for their handling of the respective breaches.

In the case of online merchandise store CafePress, the breach of an estimated 23 million customers was first reported on breach notification site HaveIBeenPwned? in August, despitethe incident occurring back in February. It’s unclear how attackers broke into to the firm’s customer database, but it has been revealed that around half the passwords in the trove were protected by the weak SHA-1 algorithm. The firm’s sluggish approach to notifying its customers, coupled with its storage of passwords in a potentially crackable format, may have put them at extra risk.

In the case of StockX, a database of over 6.8 million user accounts is reportedly already being sold and distributed online. Username and password combinations are fetching as little as $2 and a dark web user has apparently already decrypted the MD5-hashed passwords. It’s fairly certain that these credentials, like those of the CafePress breach, will be used in automated credential stuffing attacks designed to crack open accounts with the same log-ins.

Lessons from the experts
While it’s certainly the responsibility of users to manage their passwords securely, via a password manager and/or 2FA, there are clearly things the firms in question could have done better to reduce the impact of the breaches. Under GDPR rules, notification must happen within 72-hours, for example. Regulators would also take a dim view of firms using weak encryption to protect key data.

Best practice security evolves over time, so it always pays for CISOs to stay abreast of the current recommended advice. That’s where conferences like CLOUDSEC can come in handy, by offering an opportunity to hear from security leaders, industry practitioners and global experts. This year’s event features keynotes from CISOs at Thomson Reuters, Oxford University and Swedish giant Stena alongside Trend Micro experts, a former White House CIO and the UN’s Cybercrime and Cryptocurrency Advisor.

Throughout there’ll be a focus on real-life examples and case studies, to inform and educate attendees about the latest developments in the threat landscape, and how their peers have been able to successfully mitigate cyber risk.

Make sure you book your place at this year’s event today!

What: CLOUDSEC 2019
When: 13 September 2019
Where: Old Billingsgate Market, London

As North Korean crypto-theft ramps up, it’s time for CISOs to prepare for a new reality at CLOUDSEC

by Ian Heritage

It has just emerged that North Korean hackers have made an estimated $2 billion from a long-running campaign targeting banks and cryptocurrency exchanges. The leaked UN report detailing the scheme to make money for the hermit nation’s illegal weapons programme is food for thought for CISOs everywhere. It’s proof of a new reality: that organisations must counter the threat from nation states as well as organised cyber-criminals.

At Trend Micro’s CLOUDSEC conference next month, UN Office on Drugs and Crime (UNODC) cybercrime and crypto-currency advisory Alexandru Caciuloiu will be on hand to share his wisdom.

Continue reading

As Cybercrime Prosecutions Fall Again, CLOUDSEC Offers Food for Thought

by Bharat Mistry

Policing the Wild West of the internet has never been an easy job, but as cyber-criminals get more organised and better equipped thanks to the dark web economy, it has become even harder. That’s especially true in the UK where austerity measures have had a major impact on police budgets. So it might not come as a surprise that new figures show a decline in the number of cybercrime prosecutions in the country, the second year in a row.

At Trend Micro’s CLOUDSEC conference next month, experts from law enforcement and industry will come together to discuss what can be done. As we’ve shown in the past, public-private partnerships can produce some impressive results. Continue reading

Why Local Government Should Consider Third-Party Expertise to Manage Office 365 Cyber Risk

by Simon Edwards

Local government in the UK is increasingly encouraged to migrate to the cloud to drive efficiencies and improve agility and productivity while minimising costs. Office 365 is an obvious choice here, especially as Microsoft is changing its discount structure to encourage greater take-up. But there’s still a great deal of uncertainty and anxiety in the sector around cloud infrastructure, especially cybersecurity concerns.

That’s why Trend Micro has developed a new white paper for local government IT managers. It explains how working with trusted third-party providers can enhance existing protections in Office 365 and minimise risk as organisations transition away from GSI secure email. Continue reading