Taylor Armerding
Author Archives: Taylor Armerding
- Home → Author's archive:
Taylor Armerding
0
Will a cyber crisis add to chaos of Trump’s first 100 days?
While plenty of controversy has surrounded President Donald Trump’s fledgling administration, it hasn’t yet faced a major crisis.But according to Forrester Research, aside from any political or military events, the new president will face a cyber crisis sometime within his first 100 days.The company made the prediction last fall, prior to the election, as part of its “Predictions 2017” brief, so it didn’t specifically focus on either Trump or Democratic candidate Hillary Clinton.To read this article in full or to leave a comment, please click here
0
Will a cyber crisis add to chaos of Trump’s first 100 days?
While plenty of controversy has surrounded President Donald Trump’s fledgling administration, it hasn’t yet faced a major crisis.But according to Forrester Research, aside from any political or military events, the new president will face a cyber crisis sometime within his first 100 days.The company made the prediction last fall, prior to the election, as part of its “Predictions 2017” brief, so it didn’t specifically focus on either Trump or Democratic candidate Hillary Clinton.To read this article in full or to leave a comment, please click here
0
FDA ‘guides’ the way to medical device security
The U.S. Food and Drug Administration (FDA) has, for the second time in two years, issued recommendations to improve the security of connected medical devices. Not mandates – recommendations.Which immediately raises the question: Will anything that is non-binding put enough pressure on manufacturers to spend the time and money it will take to improve device security?That, as is frequently said, remains to be seen.The FDA issued what it called “guidance” on the “postmarket management of cybersecurity for medical devices,” at the end of last year.To read this article in full or to leave a comment, please click here
0
Too many victims say yes to ransomware
If you are a victim of ransomware, don’t pay!That has been the mantra of the FBI for several years now – one that was forcefully echoed by one of the nation’s highest-profile security bloggers – Brian Krebs – in a recent post.But based on the statistics, either a lot of people aren’t listening, or it’s a bit more complicated than that. The reality is that the success of ransomware isn’t just increasing. It’s exploding.To read this article in full or to leave a comment, please click here
0
Too many victims say yes to ransomware
If you are a victim of ransomware, don’t pay!That has been the mantra of the FBI for several years now – one that was forcefully echoed by one of the nation’s highest-profile security bloggers – Brian Krebs – in a recent post.But based on the statistics, either a lot of people aren’t listening, or it’s a bit more complicated than that. The reality is that the success of ransomware isn’t just increasing. It’s exploding.To read this article in full or to leave a comment, please click here
0
Can the FTC save the IoT?
Nobody in the IT industry would argue that the Internet of Things (IoT) is becoming more secure. Pretty much the opposite.But not for lack of effort. There have been multiple, ongoing initiatives over the past decade, both public and private. There have been dire warnings, publication of various standards and best practices, technology improvements, legislation to encourage threat information sharing and exhortations from government agencies, congressional committees, security firms and conference speakers.Unfortunately, none of them has worked very well so far.In spite of some of the best minds and technology improvements in the world focused on it, most of the IoT’s billions and billions of connected devices remain catastrophically insecure, lacking what experts call the most basic “security hygiene.” The flaws include hard-coded credentials, simple and default user names and passwords and the lack of any way to patch or update exploitable vulnerabilities.To read this article in full or to leave a comment, please click here
0
Can the FTC save the IoT?
Nobody in the IT industry would argue that the Internet of Things (IoT) is becoming more secure. Pretty much the opposite.But not for lack of effort. There have been multiple, ongoing initiatives over the past decade, both public and private. There have been dire warnings, publication of various standards and best practices, technology improvements, legislation to encourage threat information sharing and exhortations from government agencies, congressional committees, security firms and conference speakers.Unfortunately, none of them has worked very well so far.In spite of some of the best minds and technology improvements in the world focused on it, most of the IoT’s billions and billions of connected devices remain catastrophically insecure, lacking what experts call the most basic “security hygiene.” The flaws include hard-coded credentials, simple and default user names and passwords and the lack of any way to patch or update exploitable vulnerabilities.To read this article in full or to leave a comment, please click here
0
Obama’s cybersecurity legacy: Good intentions, good efforts, limited results
President Obama is only a couple of weeks out of office, but his legacy on cybersecurity is already getting reviews – mixed reviews.According to a number of experts, Obama said a lot of good things, did a lot of good things and devoted considerable energy to making cybersecurity a priority, but ultimately didn't accomplish the goal of making either government or the private sector more secure.The most recent, stark illustration was the series of leaks, enabled by hacks that US intelligence agencies attribute to Russia, that undermined both the credibility of Democratic presidential candidate Hillary Clinton and the election itself.To read this article in full or to leave a comment, please click here
0
Obama’s cybersecurity legacy: Good intentions, good efforts, limited results
President Obama is only a couple of weeks out of office, but his legacy on cybersecurity is already getting reviews – mixed reviews.According to a number of experts, Obama said a lot of good things, did a lot of good things and devoted considerable energy to making cybersecurity a priority, but ultimately didn't accomplish the goal of making either government or the private sector more secure.The most recent, stark illustration was the series of leaks, enabled by hacks that US intelligence agencies attribute to Russia, that undermined both the credibility of Democratic presidential candidate Hillary Clinton and the election itself.To read this article in full or to leave a comment, please click here
0
Repealing passwords is a long way away
The campaign to eliminate passwords has been ongoing, and growing, for close to a decade. There are even some declarations that this might be the year, or at least ought to be the year, that it happens.Don’t hold your breath. Brett McDowell, executive director of the FIDO (Fast IDentity Online) Alliance, is as passionate an advocate of eliminating passwords as anyone. He says that day is coming, given the creation of a, “new generation of authentication technology” largely based on biometrics, and a “massive collaboration among hundreds of companies” to define standards for that technology.To read this article in full or to leave a comment, please click here
0
Can government really fix the IoT mess?
The private sector often views government as the problem, not the solution. But, in the view of a growing number of experts, the opposite is true when it comes to addressing the rampant and increasing security risks of the Internet of Things (IoT).While it is not a unanimous view, there is general agreement that the blessings the IoT brings to modern life are being undermined by its curses – and that the market will not correct those curses.Its almost magical benefits are well documented and well advertised – self-driving cars and the ability to lock or unlock doors or adjust a home thermostat from hundreds of miles away were fantasies only a few years ago. But its billions of connected devices are so lacking in security that they are putting not only individual users at risk, but public and private infrastructure as well, including the infrastructure of the internet itself.To read this article in full or to leave a comment, please click here
0
Can government really fix the IoT mess?
The private sector often views government as the problem, not the solution. But, in the view of a growing number of experts, the opposite is true when it comes to addressing the rampant and increasing security risks of the Internet of Things (IoT).While it is not a unanimous view, there is general agreement that the blessings the IoT brings to modern life are being undermined by its curses – and that the market will not correct those curses.Its almost magical benefits are well documented and well advertised – self-driving cars and the ability to lock or unlock doors or adjust a home thermostat from hundreds of miles away were fantasies only a few years ago. But its billions of connected devices are so lacking in security that they are putting not only individual users at risk, but public and private infrastructure as well, including the infrastructure of the internet itself.To read this article in full or to leave a comment, please click here
0
Medical data: Accessible and irresistible for cyber criminals
How valuable is personal healthcare data?Apparently it depends. Based on at least some price comparisons on the Dark Web – the underground online marketplace for cyber criminals – electronic health records (EHR) are not even close to premium goods.McAfee, now a division of Intel Security, reported recently that the price for an individual medical record ranges from a fraction of a cent to $2.50, while a so-called “fullz” record – name, Social Security number plus financial account information from a credit or debit card can fetch $14 to $25.To read this article in full or to leave a comment, please click here
0
Medical data: Accessible and irresistible for cyber criminals
How valuable is personal healthcare data?Apparently it depends. Based on at least some price comparisons on the Dark Web – the underground online marketplace for cyber criminals – electronic health records (EHR) are not even close to premium goods.McAfee, now a division of Intel Security, reported recently that the price for an individual medical record ranges from a fraction of a cent to $2.50, while a so-called “fullz” record – name, Social Security number plus financial account information from a credit or debit card can fetch $14 to $25.To read this article in full or to leave a comment, please click here
0
Top 15 security predictions for 2017
Looking into the crystal ballImage by ThinkstockIt is once again, as the song doesn’t quite say, “the most predictive time of the year.” Not that anybody knows for sure what will be happening even a month from now, never mind six months to a year.But that does not, and should not, stop organizations from trying. The way to get ahead and stay ahead, especially in online security, is to look ahead.To read this article in full or to leave a comment, please click here
0
Top 15 security predictions for 2017
Looking into the crystal ballImage by ThinkstockIt is once again, as the song doesn’t quite say, “the most predictive time of the year.” Not that anybody knows for sure what will be happening even a month from now, never mind six months to a year.But that does not, and should not, stop organizations from trying. The way to get ahead and stay ahead, especially in online security, is to look ahead.To read this article in full or to leave a comment, please click here
0
The IoT: Gateway for enterprise hackers
A very merry Christmas could give way to a not-so-happy New Year security hangover for enterprises, once a few million more Internet of Things (IoT) devices are unwrapped and migrate from homes into the workplace.So, a webinar this week hosted by The Security Ledger titled: “Who Let the IoT in?: Finding and securing wireless devices in your environment,” was designed to offer some advance advice on how to cope with it.Paul Roberts, founder and editor in chief of The Security Ledger, who moderated the event, began by framing part of the problem: Although the IoT is now well established, many of the legacy tools enterprises still use to identify and manage vulnerable devices were, “designed for the ‘Internet of Computers’ rather than the IoT.To read this article in full or to leave a comment, please click here
0
The IoT: Gateway for enterprise hackers
A very merry Christmas could give way to a not-so-happy New Year security hangover for enterprises, once a few million more Internet of Things (IoT) devices are unwrapped and migrate from homes into the workplace.So, a webinar this week hosted by The Security Ledger titled: “Who Let the IoT in?: Finding and securing wireless devices in your environment,” was designed to offer some advance advice on how to cope with it.Paul Roberts, founder and editor in chief of The Security Ledger, who moderated the event, began by framing part of the problem: Although the IoT is now well established, many of the legacy tools enterprises still use to identify and manage vulnerable devices were, “designed for the ‘Internet of Computers’ rather than the IoT.To read this article in full or to leave a comment, please click here
0
Ransomware as a Service fuels explosive growth
Believe it – you too can become a successful cyber criminal! It’s easy! It’s cheap! It’s short hours for big bucks! No need to spend years on boring things like learning how to write code or develop software.Just download our simple ransomware toolkit and we can have you up and running in hours – stealing hundreds or thousands of dollars from people in other countries, all from the comfort of your home office – or your parents’ basement. Sit back and watch the Bitcoin roll in!OK, that’s not the literal pitch coming from the developers of ransomware. But, given the rise of Ransomware as a Service (RaaS) – a business model in which malware authors enlist “distributors” to spread the infections and then take a cut of the profits – it sounds like it could be a candidate for the kind of “direct-response” TV ads that made the late pitchman Billy Mays famous.To read this article in full or to leave a comment, please click here
0
Ransomware as a Service fuels explosive growth
Believe it – you too can become a successful cyber criminal! It’s easy! It’s cheap! It’s short hours for big bucks! No need to spend years on boring things like learning how to write code or develop software.Just download our simple ransomware toolkit and we can have you up and running in hours – stealing hundreds or thousands of dollars from people in other countries, all from the comfort of your home office – or your parents’ basement. Sit back and watch the Bitcoin roll in!OK, that’s not the literal pitch coming from the developers of ransomware. But, given the rise of Ransomware as a Service (RaaS) – a business model in which malware authors enlist “distributors” to spread the infections and then take a cut of the profits – it sounds like it could be a candidate for the kind of “direct-response” TV ads that made the late pitchman Billy Mays famous.To read this article in full or to leave a comment, please click here