// archives

review

This tag is associated with 2 posts

This weeks top of the news in Cybersecurity (week 45)

Information on Cybersecurity is becoming almost overwhelming. The series on “this weeks top of the news in Cybersecurity” is a collection of a few articles that I found noteworthy throughout the week. Perfect Friday or weekend reading to catch up on events if you have missed them or have been too preoccuppied or swamped with the Bond Spectre movies review!

 

Blackberry Priv. Can an awesome keyboard justify the Blackberry Priv?
Wired

It has been a (very) long time since I have used a Blackberry and frankly I am not missing it. I have also not tested the Blackberry Priv and will not do so but I still found the review interesting as I like some of the features that Blackberry built in it. For example I would like to have a notification if an app tries to access something and then bind it back if I don’t like it. But the more interesting and yet also more alarming part is that Blackberry will patch the Android OS on a monthly basis with security updates and in addition hotfixes when things cannot wait a month. More information can be found here but I ask myself if it really needs to be the phone vendor and not the OS vendor that should do that as this way we will never get to a better protected overall mobile phone base.

 

The Role of Machine Learning in Cyber Security
IT Pro Portal

 I believe that machine learning and big data will have a huge impact on cybersecurity and we will see impactful applications especially of machine learning more and more in the close future. With that in mind I found the Q&A with Garry Sidaway (SVP Security Strategy & Alliances at NTT Com Security) interesting. It is fairly short but gives a few ideas on the topic.

 

Security Tools’ Effectiveness Hampered by False Positives 
CSO

False positives are a significant problem at many enterprises and valuable events get burried under large amount of data. It goes so far that I have talked to large companies who invested substantial money into SIEM’s only to then turn them off again as they could not handle the amount of information. This article takes a look at the problem of false positives and how they distract companies from dealing with legitimate security alerts.

 

U.S. and U.K. Testing Response Scenarios for FinancialSector Cyberattacks
The Daily Dot

As cyberattacks don’t just target typically one country it makes sense to approach the defense against them with a wider view than most of today’s critical infrastructure protection efforts do. The U.S. and UK have scheduled test response scenarios that will take place later this month in an effort to mitigate the consequences of a large-scale cyberattack again their respective financial sectors.

 

More Companies Form Data Breach Response Plans  
Business Insurance

Being prepared for a data breach is critical today as realistically your company will be breached or has been breached and you may or may not know about it. A new study by the Ponemon Institute finds that although more companies are launching new data breach response plans (good!), relatively few have confidence in their effectiveness (bad). Talking to many CISO’s and CIO’s it seems to me that most companies just don’t have the resources for this and in my view will have to more and more use managed security services and work with retainers for such events.

 

U.S. Retailers Push Banks to Use PINs on Credit Cards as Confusion Reigns
Reuters

From a european perspective this is just plain silly. I have a few credit cards and only my american one does not have a chip and pin. Looking around there seems to be no problem whatsoever to use pins with credit cards on a quite large scale throughout Europe. Now some US retailers are looking to use PINs (personal identification numbers) on their store-branded credit cards that are embedded with computer chips, but are getting resistance from the banking industry. Really?

 

SnowdenBlessed ‘Signal’ Encrypted Calling, Messaging App Comes to Android
NBC News

A new Android app is claimed to securely make phone calls and send messages , which Edward Snowden says he uses “every day.” I found that a bit a special statement and probably would touch that app even less if I would have an Android phone as now the attack motivation just skyrocketed and I have a hard time seeing how Edward Snowden would have the actual technical capabilities to verify the security of such an app.

 

ACSC Releases 2015 Threat Report  
US-CERT

I always like to look through the different threat reports so will include this one here in my recommended reading list. The Australian Cyber Security Centre (ACSC) has released its 2015 Threat Report. It provides information about threats that Australian organizations are facing, such as cyberespionage, cyberattacks, and cybercrime and conclusions towards other geographies are certainly realistic.

 

And that is it for today and best wishes for the weekend!

This weeks top of the news in Cybersecurity (week 42)

Information on Cybersecurity is becoming almost overwhelming. The series on “this weeks top of the news in Cybersecurity” is a collection of a few articles that I found noteworthy throughout the week. Perfect weekend reading to catch up on events if you have missed them!

A Second Snowden Has Leaked a Mother Lode of Drone Docs
Wired

Another leak of classified documents on the use of America’s unmanned vehicles. It is not the first release of sensitive documents (remember Snowden and Chelsea Manning of course) and most likely it will not be the last. Everybody involved in sensitive topics should have a very hard look into their Cybersecurity investments and also put Information Rights Management on the list.

 

CyberAttack Warning After Millions Stolen from UK Bank Accounts  
The Guardian

Law enforcement in the UK, U.S., as well as Interpol, are searching for cyberattackers who have stolen at least £20 million from British bank accounts through the Dridex malware. On the good news side is that with most security products (including Microsoft’s) the malware is detected now and removed.

Additional Information: The United States Computer Emergency Readiness Team (US-CERT) has released an alert to provide further information about the Dridex botnet.

 

Consumer Alert: Debit Card Fraud at Walmart Discovered in 16 States
CSO

There has been an increase in fraudulent purchases made at Walmart, most of which include charges that are US$50 and under. While this is US centric it serves as a warning to check your credit card statement diligently to detect such fraud activities. No credit card is safe today any more.

 

FBI Takes Down Alert on Chip Credit Cards After Bankers Complain
Network World

Wrong priorities in my view for the financial services institutions. A warning from the US Federal Bureau of Investigation (FBI) on October 8, 2015, was removed the next day. The announcement warned that chip-enabled credit cards should only be used with a PIN (personal identification number). The message was removed after there were complaints from banks that issue the credit cards. I know that many banks are very hesitant to talk about fraud and cyberrisks but if we want to make progress in this we need to be more open for information exchange.

 

87% of Android Devices Are Exposed to at Least One Critical Vulnerability
Sophos

The University of Cambridge reports that 87 percent of Android devices are exposed to at least one known critical vulnerability. I know that it is not always easy or even possible to update Android devices but it is crucial to do it as quickly as possible once an update is available. The latest Android version is called Marshmallow right in time for making smores – yumm!

 

Amazon, Google Boost Cloud Security Efforts
eSecurity Planet

Kudos to Amazon and Google as they have announced new features to provide security safeguards on their cloud services. One of the areas where Microsoft’s cloud services are heavily investing and in my view market leaders. It is good to see Amazon and Google investing here too significantly.

About the Author

Reto is partner at PwC Switzerland. He is leading the Cybersecurity practice and is member of PwC Digital Services leadership Team. He has over 15 years work experience in an information security and risk focused IT environment. Prior to working at PwC he was Microsoft's Chief Security Officer for Western Europe and also has work experience as group CIO, Chief Risk Officer, Technical Director and Program Manager.

more about me and contact info

Translate

Chinese (Simplified)EnglishFrenchGermanItalianPortugueseRussianSpanish

replica Rolex