Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Top Stories

 

PODCAST: Why ‘machine identities’ represent a wide-open attack vector — and what your company should do about it

By Byron V. Acohido

Companies spend about $8 billion a year on identity and access management (IAM) systems, geared to keep track of humans, but spend practically nothing guarding machine identities. This is a problem because, according to consultancy firm Gartner, 50 percent of all network attacks in 2017 will use stolen or forged machine identities to launch the attack.

Just as people use names and passwords to get onto the network and identify themselves to a machine, the machine also needs to have an “identity” by which it can be identified verified, and allocated particular permissions. If not, we—or the other people and machines on our network—could be talking to the wrong person or the wrong machine.

Related article:…more

PODCAST: Survey shows consumers fully aware of ‘smart home’ security, privacy risks

By Byron V. Acohido

If you don’t already have an Internet of Things (IoT) device in your home, chances are you will in the not too distant future.

Following record growth in 2016, which saw 80 million smart devices delivered to homes across the world (an increase of 64 percent from the year before), analysts are saying that 2017 is the year of the smart home.

According to Gartner, by the end of 2017 there will be 5.2 billion connected consumer devices worldwide. This will represent 63percent of the total number of connected devices in existence.

Related article: Why detecting IoT vulnerabilities will never be easy

Of course, the more IoT devices in our homes, the …more

VIDEO: Tempered Networks introduces ‘identity-based networking’

By Byron V. Acohido

Tempered Networks got its start by taking a unique approach toward locking down the industrial control systems (ICS) used at the Boeing Co.’s airplane manufacturing plants.

The problem Boeing was trying to solve at the time turns out to be much the same as the puzzle organizations of all types face today: How do you ingrain security into complex hybrid networks without completely throwing out legacy systems.

Striking that balance in the age of cloud computing and the Internet of Everything is crucial to empowering employees to securely and productively leverage modern IT systems. “Security is great, but business has to run,” says Marc Kaplan, vice president of security architecture and services at Seattle-based Tempered Networks.

ICS technologies predate the internet. So those …more

NEWS THIS WEEK: Scammers target hurricane victims; pacemakers at risk of being hacked; Tillerson signals closure of cybersecurity office

By Byron V. Acohido

Scammers are using robocalls to try to fleece survivors of Hurricane Harvey. The robocalls tell people that their premiums are past due and that they must send money immediately or else have their flood insurance canceled. “That is pure fraud. You should only be taking information from trusted sources,” said Roy E. Wright, director of the National Flood Insurance Program at the Federal Emergency Management Agency. Saundra Brown, who handles disaster response for Lone Star Legal Aid in Houston, described a typical move by dishonest contractors: They ask a survivor to sign a contract for repairs on a digital tablet, but when printed out, the bid is thousands of dollars higher. Or the survivor may have unwittingly …more

ROUNDTABLE: The significance of the ‘Onliner’ spambot leaking 711 million emails

By Byron V. Acohido

A spambot, referred to as Onliner, has been discovered delivering a malicious banking Trojan. What’s worse, the spammers behind Onliner inadvertently exposed some 711 million email addresses held in their possession.

Some context is needed to grasp the significance of this. Consider that spambots have been around for a long time. For the most part, garden-variety spambots are a huge nuisance, designed to carry out a two-stage mission. First, a spambot crawls the internet seeking out email addresses from websites, news group postings and chat-room conversations, and from this crawling activity it compiles a gargantuan mailing list. Next, a spambot blasts out email pitches for all manner …more

PODCAST: What senior executives need to understand about the global threat landscape

By Byron V. Acohido

While many organizations take cybersecurity seriously, there generally remains a great need for companies and agencies to think more deeply and comprehensively about network security.

That’s a top-line summary of a wide-ranging discussion I had at Black Hat 2017 in Las Vegas with Peter Alexander, chief marketing officer for Check Point Software. Below is a summary of some specific takeaways. (For a deeper drill down, take a few minutes to listen to the accompanying podcast.)

Big picture: Deter, detect, defend, debug

“There is still a perception that security is almost like insurance,” Alexander told me. “But the key difference with security is that it’s not for something that might happen; it’s for something that you know is …more

NEWS THIS WEEK: Identity theft hits record levels globally; Researchers find robots susceptible to hacks; Sen. McCain calls Trump’s cybersecurity policy ‘weak’

By Byron V. Acohido

In the news this week, identity theft is reaching “epidemic levels,” says U.K. fraud prevention group Cifas, with people in their 30s the most targeted group. A total of 89,000 cases were recorded in the first six months of the year, a 5 percent increase over the same period last year and a new record. “We have seen identity fraud attempts increase year on year, now reaching epidemic levels, with identities being stolen at a rate of almost 500 a day,” said Cifas CEO Simon Dukes. “The vast amounts of personal data that is available either online or through data breaches is only making it easier.” ID theft accounts for more than half the fraud that Cifas records. …more