Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Uncategorized

 

NEWS THIS WEEK: Walmart tracks customers’ facial expressions; teachers hacked; Asians seek cyber insurance

By Byron V. Acohido

In news this week, Walmart has filed a patent for video technology to track customers’ facial expressions as they shop, potentially allowing employees to address customer needs before they have to ask. The system would use video to scan for customers who are frustrated or unhappy if they can’t find a product or figure out pricing. The system also could see when a display or product pleases shoppers. According to the patent filing, Walmart says it’s easier to retain existing customers than acquire new ones. Walmart also will use the technology to analyze trends in shoppers’ purchase behavior over time, according to the patent filing. The system links customers’ facial expressions to their transaction data—meaning how much they’re …more

VIDEO: How phishers are coming after you — and what you should do about it

By Byron V. Acohido

The current cybersecurity climate makes it hard not to be cautious of phishing attacks. Forget reclaiming lost family fortunes or assisting Nigerian princes, today’s phishing scams are targeted, complex and incredibly prevalent.

It feels like a new, high-profile phishing attack is getting reported every other month. In May, Google Docs users were being targeted with malicious invitations to edit fictional documents. Before that, DocuSign users were sent bogus emails encouraging them to download a Microsoft Word document that installed malicious malware.

Related infographics: Phishers focus on smaller financial institutions

Despite increased awareness for these attacks and “I’d never fall for that” attitudes, Verizon’s 2017 Data Breach Investigations Report showed that 1 in 14 users fell for a phishing …more

GUEST ESSAY: 6 ways to use a ‘secure code review’ to engrain security during software development

By Amit Ashbel

An application or update is days, or possibly just hours away, from release and you’ve been working hard to ensure that security tools and processes are integrated throughout the development process. You believe you’ve followed all the steps and your app is ready to go, right?

Wrong. You have one more step in the security process before you can give the green light: a secure code review.

Related podcast: How application security testing can dovetail into ‘DevOps’

Ashbel

If you’re wondering what a secure code review is, it’s the process organizations go through to identify and fix potentially risky security vulnerabilities in the late and final stages of development. They …more

PODCAST: Dell SecureWorks discloses how faked personas fuel targeted attacks

By Byron V. Acohido

In the wake of phishing attacks involving Google Docs and DocuSign, corporate awareness of socially engineered cybersecurity threats is at an all-time high. Naturally, this has led to an increase in employee training and awareness.

This kind of action couldn’t be more necessary. According to Software Advice, 39 percent of employees admitted to opening emails they suspected might be fraudulent. And only 36 percent felt they were very confident in recognizing and resisting phishing attacks.

While increased awareness of corporate-based phishing attempts is vital, so, too, is awareness of phishing attempts that start in an employee’s personal environment before transitioning into the company. This is what happened in the curious case of Mia Ash.

I recently was …more

GUEST ESSAY: Why neutralizing insider threats should be a much higher priority

By Thomas Jones

As we have seen in the headlines, insider threats are a constant challenge for government agencies. But the problem comes with one silver lining. Each time a successful insider threat strikes, it pushes agencies to bolster their cybersecurity programs.

The National Industrial Security Program Operating Manual (NISPOM) Change 2 is an example of just that. Released by the U.S. Department of Defense in May 2016, NISPOM Change 2 mandates federal contractors implement an insider threat program. One key requirement went into effect on May 31, mandating contractors hold insider threat employee awareness training for all cleared employees before being granted access to classified information and annually thereafter.

The requirement is a positive step in tackling the insider threat problem. The training includes …more

GUEST ESSAY: What you should know about how ‘unstructured data’ exposes your operations

By Erik Brown

Recent high-profile photo hacks have made headlines. In March, internet hackers targeted celebrities including Miley Cyrus, Emma Watson and Amanda Seyfried, among others, resulting in the leak of intimate photos that were posted on sites such as 4chan and Reddit. Similarly, back in 2014 hacker Ryan Collins exposed nude photos and videos of several celebrities after obtaining them from iCloud accounts.

But celebrities aren’t the only ones vulnerable to hackers. Imagine if your organization’s C-level executives had sensitive information stored in their email or documents. Hackers could obtain proprietary information, causing financial nightmares and damaging your organization’s reputation.

Related Q&A: High net worth individual face focused attacks

…more

PODCAST: Tech advances arrive to help secure legacy industrials control

By Byron V. Acohido

Many critical infrastructure systems, such as those that control the electric grid, oil and gas refineries, and transportation, are now getting linked to the internet. That makes them easier to manage and maintain, but also could put them in the line of fire for cyber attacks.

I recently discussed the issues involved in upgrading and protecting these critical industrial control systems with Patrick McBride, chief marketing officer at Claroty, a startup that intends to secure the operational technology networks that run companies’ infrastructure systems. A few big takeaways from our conversation:

When industrial systems were built, sometimes decades ago, no one considered the need for digital protections.
“The systems were never designed, especially 10, 15, 20 years ago, with cybersecurity …more