Call it the sticky-note hole: As information security vulnerabilities go, it is low tech but profoundly dangerous nonetheless. And in the case of organisations that are suppliers to some of Australia’s highest-profile enterprises, including major financial institutions, the consequences of employees scribbling down passwords on a piece of paper are potentially devastating. The chief executive of Security in Depth, Michael Connory, said that while Australian businesses have been focused on protecting data “they tend to leave their front door open — they tend to forget about their staff”. Earlier this year Security in Depth launched what the CEO described as a “cyber credit score”: The Cyber Assurance Risk Rating (CARR) is audit service that helps organisations asses the risk represented by a particular supplier. The service provides the company’s clients with an indication of the relative security maturity of a supplier, allowing an … [Read more...] about Security: ‘Sticky note’ vulnerability still bringing organisations undone
Best security awareness training
For many, the most intense race leading up to Election Day won't be among politicians. It'll be the mad, final scramble by county officials and tech companies to make sure your votes are safe from hackers.But with the slow pace of funding, unprepared campaigns and lack of cooperation among counties, many cybersecurity experts wonder if they'll reach that finish line by the first Tuesday in November. An election director in Illinois, for instance, still hasn't received any federal funding for cybersecurity. A security expert who traveled across the country to train campaigns found shockingly inadequate protection. Protecting the integrity of the US voting system has been a national priority since hacks by Russia in 2016 interfered with the election that year, yet the nation still isn't ready. While tech companies like Facebook have worked to fight fake news, state election systems have seen little change over the last two years. That means the November elections are just as … [Read more...] about Election security is a mess, and the cleanup won’t arrive by the midterms
Financial institutions have been attractive hacking targets for many years, and this attention has not diminished with the addition of cloud and mobile technology. FinTech emerged in the 21st century as an industry that uses technology to make financial services more efficient and is now valued as a $35 billion industry (2018). As information is more readily available to consumers, financial companies have only become more desirable to attackers. The stakes continue to grow as far greater losses and penalties have the ability to cause a lot of damage if security is not taken seriously.Nowadays there are security practices put in place by industry to help financial companies remain compliant (such as the Payment Card Industry Data Security Standard, PCI DSS). I sat down with Kunal Bhattacharya to discuss what he is doing at Credit Karma to help keep the FinTech company secure. He also shared his thoughts on the critical importance of security testing for financial technology … [Read more...] about Why security testing is a core business value for FinTech?
With global giants such as Dixons, Carphone Warehouse and Ticketmaster all suffering serious data breaches in the past 12 months and Javelin Strategy & Research finding that more people than ever before have had their identities compromised, cyber security continues to be big news. These continued threats combined with the implementation of GDPR makes protecting and monitoring employee and business data a top priority.Security was a major theme highlighted in Okta’s latest global Businesses @ Work report, which uses real-world, anonymised data from our customer network to shed light on trends driving deployment of cloud apps. The data clearly showed that organisations are no longer just adopting the best technologies, they’re securing them.But given the ever-increasing number of cyber attacks, there’s still room for businesses to bolster every line of defense. Adopting new security technologies and maintaining both strong password hygiene and multi-factor … [Read more...] about Rethinking security at work: it goes far beyond passwords
Security orchestration, automation and response platforms need careful consideration in easing the security management burden.A surge in cyber threats and the administrative burden involved in staying on top of data security management is putting pressure on enterprise IT departments that cannot afford to risk a serious data breach, reputational damage and operational disruption.Faced with an ongoing cyber security skills shortage, organisations need a different approach to security provision unrestricted by manual processes – one that reduces their dependence on hard-pressed humans by harnessing automation, machine learning, artificial intelligence, predictive analytics and other innovative technologies to help identify, filter, neutralise and remediate cyber threats before they have a chance to do significant harm.Ultimately what security professionals and analysts are looking for is a way not only to reduce compromise to detection dwell times, but also detection to remediation … [Read more...] about Security automation SOARs to top of 2018 agenda