The number of large-scale, highly damaging data breaches over the past few years has led some to believe the market is on its way to another systemic crisis, similar to the Great Recession.Corporate greed, lax risk management procedures and insufficient oversight by regulators contributed to the 2008 financial crisis. Likewise, the perception that cybersecurity is just another cost center coupled with organizations’ tendencies to implement bare minimum security measures could be paving the way for a systemic cybersecurity crisis. + Also on Network World: How CISOs should address their boards about security +
There is a widespread notion that cybersecurity is one more hurdle for executives to deal with that drains company resources. Cisco surveyed more than 1,000 executives, and 74 percent of participants said the main purpose of cybersecurity is to reduce risk rather than enable growth. This ideology that cybersecurity is costly, hinders productivity and is maintained based on a company decision maker’s level of paranoia is not just inaccurate, it is harmful. As a result, many organizations underinvest in their cybersecurity programs, implementing minimal security measures that may be obsolete in a few short years as cyber threats evolve and new attack vectors emerge. Continue reading
The number of large-scale, highly damaging data breaches over the past few years has led some to believe the market is on its way to another systemic crisis, similar to the Great Recession.Corporate greed, lax risk management procedures and insufficient oversight by regulators contributed to the 2008 financial crisis. Likewise, the perception that cybersecurity is just another cost center coupled with organizations’ tendencies to implement bare minimum security measures could be paving the way for a systemic cybersecurity crisis. + Also on Network World: How CISOs should address their boards about security +
There is a widespread notion that cybersecurity is one more hurdle for executives to deal with that drains company resources. Cisco surveyed more than 1,000 executives, and 74 percent of participants said the main purpose of cybersecurity is to reduce risk rather than enable growth. This ideology that cybersecurity is costly, hinders productivity and is maintained based on a company decision maker’s level of paranoia is not just inaccurate, it is harmful. As a result, many organizations underinvest in their cybersecurity programs, implementing minimal security measures that may be obsolete in a few short years as cyber threats evolve and new attack vectors emerge. Continue reading
It's been over a year since I presented on LostPass at ShmooCon, and in that time, many more bugs have been found in password managers. The most severe of which are in browser-based password managers extensions such as LastPass. Tavis Ormandy yesterday demonstrated a remote code execution on the latest LastPass version. This isn't the first extremely severe bug he's found in LastPass, either; there've been so many extremely severe bugs in LastPass it would be tedious to list them out. But LastPass isn't alone: Keeper, Dashlane and even 1Password have had severe vulnerabilities that allowed attackers to steal all of the passwords in a user's account without their knowledge.To read this article in full or to leave a comment, please click here
It's been over a year since I presented on LostPass at ShmooCon, and in that time, many more bugs have been found in password managers. The most severe of which are in browser-based password managers extensions such as LastPass. Tavis Ormandy yesterday demonstrated a remote code execution on the latest LastPass version. This isn't the first extremely severe bug he's found in LastPass, either; there've been so many extremely severe bugs in LastPass it would be tedious to list them out. But LastPass isn't alone: Keeper, Dashlane and even 1Password have had severe vulnerabilities that allowed attackers to steal all of the passwords in a user's account without their knowledge.To read this article in full or to leave a comment, please click here