Taylor Armerding
Author Archives: Taylor Armerding
- Home → Author's archive:
Taylor Armerding
0
Vocal theft on the horizon
Your voice is yours alone – as unique to you as your fingerprints, eyeballs and DNA.Unfortunately, that doesn’t mean it can’t be spoofed. And that reality could undermine one of the promised security benefits of multi-factor authentication, which requires “something you are,“ along with something you have or you know. In theory, even if attackers can steal passwords, they can’t turn into you.But given the march of technology, that is no longer a sure thing. Fingerprints are no longer an entirely hack-proof method of authentication – they can be spoofed.To read this article in full or to leave a comment, please click here
0
Vocal theft on the horizon
Your voice is yours alone – as unique to you as your fingerprints, eyeballs and DNA.Unfortunately, that doesn’t mean it can’t be spoofed. And that reality could undermine one of the promised security benefits of multi-factor authentication, which requires “something you are,“ along with something you have or you know. In theory, even if attackers can steal passwords, they can’t turn into you.But given the march of technology, that is no longer a sure thing. Fingerprints are no longer an entirely hack-proof method of authentication – they can be spoofed.To read this article in full or to leave a comment, please click here
0
Human weakness enabling financial cybercrime
It may be time for a revision of, “the customer is always right,” at least in the financial sector.That, Boston Police Detective Steven Blair told an audience of bankers at the Boston Fed’s 2017 Cybersecurity Conference on Monday, is because too many banking “customers” are fraudsters, who take advantage of the generally laudable desire of front-line employees to provide good customer service.Attendees had heard Kenneth Montgomery, first vice president and COO of the Boston Fed, say earlier that cybersecurity is now, “the number-one operational and enterprise issue” for the financial sector. He said the worldwide costs of cybercrime are estimated at $3 trillion annually now, and expected to double by 2021.To read this article in full or to leave a comment, please click here
0
Human weakness enabling financial cybercrime
It may be time for a revision of, “the customer is always right,” at least in the financial sector.That, Boston Police Detective Steven Blair told an audience of bankers at the Boston Fed’s 2017 Cybersecurity Conference on Monday, is because too many banking “customers” are fraudsters, who take advantage of the generally laudable desire of front-line employees to provide good customer service.Attendees had heard Kenneth Montgomery, first vice president and COO of the Boston Fed, say earlier that cybersecurity is now, “the number-one operational and enterprise issue” for the financial sector. He said the worldwide costs of cybercrime are estimated at $3 trillion annually now, and expected to double by 2021.To read this article in full or to leave a comment, please click here
0
Failure to communicate helps ransomware prosper
At least one of the major reasons for the ongoing exponential increase in ransomware as a criminal business model could be summed up with the iconic line from the prison boss in 1967’s “Cool Hand Luke”: “What we got here is a failure to communicate.”That was a recurring theme from those on a “Ransomware Panel” Thursday at SOURCE Boston 2017, moderated by Paul Roberts, founder and editor in chief of The Security Ledger.The communication breakdown occurs at all levels, the panelists said, starting with victims. ■ MORE FROM SOURCE Boston: Cyber infrastructure: Too big to fail, and failing Frank McLaughlin, a Boston Police detective, said when a business gets hit with ransomware, “the police are the last people they want to call, for obvious reasons. It becomes a public record.”To read this article in full or to leave a comment, please click here
0
Failure to communicate helps ransomware prosper
At least one of the major reasons for the ongoing exponential increase in ransomware as a criminal business model could be summed up with the iconic line from the prison boss in 1967’s “Cool Hand Luke”: “What we got here is a failure to communicate.”That was a recurring theme from those on a “Ransomware Panel” Thursday at SOURCE Boston 2017, moderated by Paul Roberts, founder and editor in chief of The Security Ledger.The communication breakdown occurs at all levels, the panelists said, starting with victims. ■ MORE FROM SOURCE Boston: Cyber infrastructure: Too big to fail, and failing Frank McLaughlin, a Boston Police detective, said when a business gets hit with ransomware, “the police are the last people they want to call, for obvious reasons. It becomes a public record.”To read this article in full or to leave a comment, please click here
0
Can AI and ML slay the healthcare ransomware dragon?
It’s common knowledge that healthcare organizations are prime – and relatively easy – targets for ransomware attacks. So it is no surprise that those attacks have become rampant in the past several years. The term “low-hanging fruit” is frequently invoked.But according to at least one report, and some experts, it doesn’t have to be that way. ICIT – the Institute for Critical Infrastructure Technology – contends in a recent whitepaper that the power of artificial intelligence and machine learning (AI/ML) can “crush the health sector’s ransomware pandemic.”To read this article in full or to leave a comment, please click here
0
Can AI and ML slay the healthcare ransomware dragon?
It’s common knowledge that healthcare organizations are prime – and relatively easy – targets for ransomware attacks. So it is no surprise that those attacks have become rampant in the past several years. The term “low-hanging fruit” is frequently invoked.But according to at least one report, and some experts, it doesn’t have to be that way. ICIT – the Institute for Critical Infrastructure Technology – contends in a recent whitepaper that the power of artificial intelligence and machine learning (AI/ML) can “crush the health sector’s ransomware pandemic.”To read this article in full or to leave a comment, please click here
0
Robots: Lots of features, not much security
Robots are supposed to do good things for us, not bad things to us.But there is plenty of evidence that, like the billions of other connected devices that make up the Internet of Things (IoT), the growth of robot technology is coming with loads of features, but not much of a security blanket.More evidence came in a report on home, business and industrial robots released last month by security research firm IOActive, which found that “most” of them lacked what experts generally call “basic security hygiene.”Those included the predictable list: Insecure communication channels, critical information sent in cleartext or with weak encryption, no requirement for user names or passwords for some services, weak authentication in others, and a lack of sufficient authorization to protect critical functions such as software installation or updates.To read this article in full or to leave a comment, please click here
0
Robots: Lots of features, not much security
Robots are supposed to do good things for us, not bad things to us.But there is plenty of evidence that, like the billions of other connected devices that make up the Internet of Things (IoT), the growth of robot technology is coming with loads of features, but not much of a security blanket.More evidence came in a report on home, business and industrial robots released last month by security research firm IOActive, which found that “most” of them lacked what experts generally call “basic security hygiene.”Those included the predictable list: Insecure communication channels, critical information sent in cleartext or with weak encryption, no requirement for user names or passwords for some services, weak authentication in others, and a lack of sufficient authorization to protect critical functions such as software installation or updates.To read this article in full or to leave a comment, please click here
0
IP theft: Declining, or just more stealthy?
Eighteen months ago, President Obama and Chinese President Xi Jinping announced, with considerable fanfare, an agreement aimed at curbing economic espionage.According to the Sept. 25, 2015 White House press release, “neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.”So, with Xi due to meet with President Trump in early April, an obvious question is: Has the agreement been effective?The reviews on that are mixed, but there is general agreement that while it hasn’t stopped, the theft of intellectual property (IP) by the Chinese against the US is not as rampant as it was several years ago when The Commission on the Theft of American Intellectual Property estimated total losses, including jobs, competitiveness, stock value, market share, in the hundreds of billions, and former National Security Agency director Gen. Keith Alexander famously called it, “the greatest transfer of wealth in human history.”To read this article in full or to leave a comment, please click here
0
IP theft: Declining, or just more stealthy?
Eighteen months ago, President Obama and Chinese President Xi Jinping announced, with considerable fanfare, an agreement aimed at curbing economic espionage.According to the Sept. 25, 2015 White House press release, “neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.”So, with Xi due to meet with President Trump in early April, an obvious question is: Has the agreement been effective?The reviews on that are mixed, but there is general agreement that while it hasn’t stopped, the theft of intellectual property (IP) by the Chinese against the US is not as rampant as it was several years ago when The Commission on the Theft of American Intellectual Property estimated total losses, including jobs, competitiveness, stock value, market share, in the hundreds of billions, and former National Security Agency director Gen. Keith Alexander famously called it, “the greatest transfer of wealth in human history.”To read this article in full or to leave a comment, please click here
0
Critical infrastructure: Off the web, out of danger?
The debate over the chances of a catastrophic cyber attack taking down a major part of the nation’s critical infrastructure (CI) has been ongoing for a generation.But it hasn’t been settled – in some ways it is more intense now than ever.On one side are those, including high government officials, who warn of a “cyber Pearl Harbor” that could leave swaths of the country in darkness and cold – without electric power – for months.Retired Adm. James Stavridis, dean at Tufts Fletcher School and a former NATO supreme allied commander, used that term just three months ago, saying such an attack would be aimed either at the electrical grid or the financial sector.To read this article in full or to leave a comment, please click here
0
Critical infrastructure: Off the web, out of danger?
The debate over the chances of a catastrophic cyber attack taking down a major part of the nation’s critical infrastructure (CI) has been ongoing for a generation.But it hasn’t been settled – in some ways it is more intense now than ever.On one side are those, including high government officials, who warn of a “cyber Pearl Harbor” that could leave swaths of the country in darkness and cold – without electric power – for months.Retired Adm. James Stavridis, dean at Tufts Fletcher School and a former NATO supreme allied commander, used that term just three months ago, saying such an attack would be aimed either at the electrical grid or the financial sector.To read this article in full or to leave a comment, please click here
0
Want good cyber insurance? Read the fine print
One of the main reasons to buy insurance is to prevent the cost of an accident or other disaster from breaking the bank. But what if simply buying insurance threatens to break the bank?That scenario is starting to worry some organizations, for several reasons.First is the simple but powerful market force of supply and demand. More and more organizations, spooked by regular stories of catastrophic breaches – such as the compromise of more than 1.5 billion Yahoo! accounts, which took down its acquisition value by a reported $350 million – are seeking insurance. And when demand rises, the price tends to do so as well.To read this article in full or to leave a comment, please click here
0
Want good cyber insurance? Read the fine print
One of the main reasons to buy insurance is to prevent the cost of an accident or other disaster from breaking the bank. But what if simply buying insurance threatens to break the bank?That scenario is starting to worry some organizations, for several reasons.First is the simple but powerful market force of supply and demand. More and more organizations, spooked by regular stories of catastrophic breaches – such as the compromise of more than 1.5 billion Yahoo! accounts, which took down its acquisition value by a reported $350 million – are seeking insurance. And when demand rises, the price tends to do so as well.To read this article in full or to leave a comment, please click here
0
Bots: Biggest player on the cybercrime block
In the world of cybercrime, ransomware and DDoS attacks had the highest profile by far during the past year. There was an entire day devoted to a ransomware “summit” at the recent RSA conference in San Francisco.But when it comes to money being lost (and made), bot fraud is king – by a lot.Most estimates of losses in the US from ransomware during 2016 were in the $1 billion range. By contrast, a study published in January 2016 by White Ops and the Association of National Advertisers (ANA) titled “Bot Baseline: Fraud in Digital Advertising,” estimated global losses in 2016 would be $7.2 billion.To read this article in full or to leave a comment, please click here
0
Bots: Biggest player on the cybercrime block
In the world of cybercrime, ransomware and DDoS attacks had the highest profile by far during the past year. There was an entire day devoted to a ransomware “summit” at the recent RSA conference in San Francisco.But when it comes to money being lost (and made), bot fraud is king – by a lot.Most estimates of losses in the US from ransomware during 2016 were in the $1 billion range. By contrast, a study published in January 2016 by White Ops and the Association of National Advertisers (ANA) titled “Bot Baseline: Fraud in Digital Advertising,” estimated global losses in 2016 would be $7.2 billion.To read this article in full or to leave a comment, please click here
0
Comey: Strong encryption “shatters” privacy-security bargain
FBI Director James Comey told a Boston audience this morning that “ubiquitous strong encryption” – the kind now available on most smartphones and other digital devices – is threatening to undermine the “bargain” that he said has balanced privacy and security in the US since its founding. Actually, he went further, declaring that such default encryption “shatters” the bargain. “This is a big deal, and I urge you to continue to engage in a hard conversation about it. I love privacy, but I also love the bargain,” he said, noting that the FBI’s inability to crack encrypted devices means the investigative “room” where the agency works is increasingly growing dark, and therefore undermining security.To read this article in full or to leave a comment, please click here
0
Comey: Strong encryption “shatters” privacy-security bargain
FBI Director James Comey told a Boston audience this morning that “ubiquitous strong encryption” – the kind now available on most smartphones and other digital devices – is threatening to undermine the “bargain” that he said has balanced privacy and security in the US since its founding. Actually, he went further, declaring that such default encryption “shatters” the bargain. “This is a big deal, and I urge you to continue to engage in a hard conversation about it. I love privacy, but I also love the bargain,” he said, noting that the FBI’s inability to crack encrypted devices means the investigative “room” where the agency works is increasingly growing dark, and therefore undermining security.To read this article in full or to leave a comment, please click here