This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.Cybersecurity experts are excited about big data because it is the “crime scene investigator” of data science. If your organization is hacked and customer information compromised, your use of big data to collect massive amounts of information on your systems, users and customers makes it possible for data analysts to provide insight into what went wrong.But while big data can help solve the crime after it occurred, it doesn’t help prevent it in the first place. You’re still left cleaning up the mess left behind by the breach: angry customers, possible compliance issues with data privacy standards like HIPAA and PCI DSS, maybe even government fines and class-action lawsuits.To read this article in full or to leave a comment, please click here
New products of the weekImage by DabkicksOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Cumulus Linux 3.2Image by Cumulus NetworksTo read this article in full or to leave a comment, please click here
Major cyberattacks against organizations of all sizes seem to happen almost weekly. On Dec. 14, Yahoo announced the largest-ever data breach, involving more than 1 billion customer accounts.Despite the scale and potential harm from such attacks, there's wide recognition that corporate leaders, especially boards of directors, aren't taking the necessary actions to defend their companies against such attacks. It's not just a problem of finding the right cyber-defense tools and services, but also one of management awareness and security acumen at the highest level, namely corporate boards.To read this article in full or to leave a comment, please click here
Look after your home 24/7 in crisp 1080p HD. With Nest Cam Indoor, you can check in, even when you’re out, and even at night with its built-in high-quality night vision. Nest Cam features a versatile magnetic stand that lets you put it anywhere. See who’s there, listen in and speak up to get their attention. With Nest Aware, you can get a special alert if Nest Cam sees a person, and save 10 or 30 days of continuous video history in the cloud. Then speed through it in seconds and quickly find the moment you’re looking for in Sightline. Nest's indoor camera is a best-seller on Amazon with 4 out of 5 stars from over 4,300 people (read reviews). Its typical list price of $199 has been reduced 15% to $169.99 on Amazon.To read this article in full or to leave a comment, please click here
When the story broke a week before the election about Macedonian teenagers creating fake pro-Trump news stories in order to harvest ad clicks, it triggered a serious feeling of déjà vu among those who work in cybersecurity.Scrappy bands of shady Eastern Europeans entrepreneurs taking advantages of weaknesses in our tech infrastructure to make a buck, and maybe fulfill sinister more designs? The debate over fake news is roiling the political world, but elements of it look very familiar to tech veterans—and represent a potentially new attack vector that IT needs to worry about.To read this article in full or to leave a comment, please click here
Apple has backtracked on a plan to force iOS developers to encrypt their app communications by the end of the year.The company had previously announced at its Worldwide Developers’ Conference in June that all apps submitted to the App Store will need support the App Transport Security (ATS) feature starting January 1st, 2017. It has not yet set a new deadline.ATS is a feature first introduced in iOS 9 that forces apps to communicate with internet servers using encrypted HTTPS (HTTP over SSL/TLS) connections. It's an improvement over the third-party frameworks that developers previously used to implement HTTPS because it ensures that only industry-standard encryption protocols and ciphers are used.To read this article in full or to leave a comment, please click here
Visitors to the U.S. under a visa waiver program are being asked by the Department of Homeland Security for information on their social media accounts, a plan that had drawn criticism from civil rights groups for its potential encroachment on privacy.
The U.S. Customs and Border Protection unit of the DHS asked for written comments earlier this year on its proposal that would add to the Electronic System for Travel Authorization (ESTA) and to a form called I-94W the following entry: “Please enter information associated with your online presence—Provider/Platform—Social media identifier,” which visitors can fill optionally.To read this article in full or to leave a comment, please click here
The black market value of stolen medical records dropped dramatically this year, and criminals shifted their efforts from stealing data to spreading ransom ware, according to a report released this morning.Hackers are now offering stolen records at between $1.50 and $10 each, said Anthony James, CMO at San Mateo, Calif.-based security firm TrapX, the company that produced the report.That down a bit since this summer, when a hacker offered 10 million patient records for about $820,000 -- or about $12 per record -- and even a bigger drop from 2012, when the World Privacy Forum put the street value of medical records at around $50 each.To read this article in full or to leave a comment, please click here
The cyberespionage group blamed for hacking into the U.S. Democratic National Committee (DNC) earlier this year has also infiltrated the Ukrainian military through a trojanized Android application used by its artillery units.The group, which is known in the security industry under different names, including Fancy Bear, Pawn Storm, and APT28, has been operating for almost a decade. It is believed to be the sole user and likely developer of a Trojan program called Sofacy or X-Agent that has variants for Windows, Android, and iOS.Fancy Bear has been responsible for many cyberespionage operations around the world over the years, and its selection of targets has frequently reflected Russia's geopolitical interests. Researchers from security firm CrowdStrike believe the group is likely tied to the Russian Military Intelligence Service (GRU).To read this article in full or to leave a comment, please click here
By now, everyone in our industry has provided 2017 cybersecurity predictions and I’m no exception. I participated in a 2017 infosec forecast webcast with industry guru Bruce Schneier, and ESG also published a video where I exchanged cybersecurity prophecies with my colleague Doug Cahill (note: I am an ESG employee).Yup, prognosticating about the future of cybersecurity has become a mainstream activity, but rather than simply guess at what will happen next year, I think it is useful to review what actually happened over the past few years and extrapolate from there.To read this article in full or to leave a comment, please click here
By now, everyone in our industry has provided 2017 cybersecurity predictions, and I’m no exception. I participated in a 2017 infosec forecast webcast with industry guru Bruce Schneier, and ESG also published a video where I exchanged cybersecurity prophecies with my colleague Doug Cahill.Yup, prognosticating about the future of cybersecurity has become a mainstream activity. But rather than simply guess at what will happen next year, I think it is useful to review what actually happened over the past few years and extrapolate from there.To read this article in full or to leave a comment, please click here
Developers of the popular Signal secure messaging app have started to use Google's domain as a front to hide traffic to their service and to sidestep blocking attempts.Bypassing online censorship in countries where internet access is controlled by the government can be very hard for users. It typically requires the use of virtual private networking (VPN) services or complex solutions like Tor, which can be banned too.Open Whisper Systems, the company that develops Signal -- a free, open-source app -- faced this problem recently when access to its service started being censored in Egypt and the United Arab Emirates. Some users reported that VPNs, Apple's FaceTime and other voice-over-IP apps were also being blocked.To read this article in full or to leave a comment, please click here
Shortage still?Image by EthanMany reports touted the fact that there are not enough workers with the proper cybersecurity skills necessary to fill all the vacant jobs. Forrester suggests looking to external expertise and automation for a quarter of the work. The complexity curve facing enterprises hasn’t reached its peak yet, which leaves security stuck solving problems of capacity and capability with limited resources already burdened with too many technologies, too many alerts, and too much to do. This combined spending will include security outsourcing, managed security services, security consultants and integrators, and security automation technologies.To read this article in full or to leave a comment, please click here(Insider Story)
There are more free information security tools out there than you can highlight with a fist full of whiteboard pointers. While many are trial ware-based enticements designed to lure decision makers to purchase the pricey premium counterparts of these freebies, many are full-blown utilities. A few important categories include threat intelligence tools, tools to build security in during the development stage, penetration testers, and forensics tools.Threat intelligence tools include AlienVault’s Open Threat Exchange, which collects and shares online threat intelligence as well as the Hailataxii and Cymon.io threat exchanges. There are a variety of SAST (Static Application Security Testing) tools for security testing software applications that developers write using different languages whether C/C++, Ruby on Rails, or Python. For penetration testing, we present the Nmap Security Scanner and the broadly useful Wireshark network protocol analyzer. Specific forensics products include the GRR remote forensic framework, and Autopsy and SleuthKit, which analyze hard drives and smartphones, and the Volatility Foundation’s open source framework for memory analysis/forensics.To read this article in full or to leave a comment, please click here(Insider Story)
Whether quantum computing is 10 years away -- or is already here -- it promises to make current encryption methods obsolete, so enterprises need to start laying the groundwork for new encryption methods.A quantum computer uses qubits instead of bits. A bit can be a zero or a one, but a qubit can be both simultaneously, which is weird and hard to program but once folks get it working, it has the potential to be significantly more powerful than any of today's computers.And it will make many of today's public key algorithms obsolete, said Kevin Curran, IEEE senior member and a professor at the University of Ulster, where he heads up the Ambient Intelligence Research Group.To read this article in full or to leave a comment, please click here
Virtual private networks (VPNs) encrypt internet connections between two points, to secure them from casual snoopers and hackers. These VPN services are particularly useful when accessing the internet from an untrusted location, such as a hotel, café or coworking space.A plethora of modern VPN services, with dedicated connectivity apps, have put an end to the maddening manual configuration VPNs once required. No two VPN offerings are alike, however, and it can be a challenge to find the right VPN. Here's a look at some of the top VPNs for privacy and security.To read this article in full or to leave a comment, please click here
The financial services industry lives with a mixed blessing. On the one hand, it is at the heart of everything from economic health and growth to the daily reality of how consumers pay for housing, transportation or even a coffee on the go to start their day.Because our world is powered by transactions, both consumers and businesses alike look to the financial services industry to constantly innovate. That’s the good part of the mixed blessing: the opportunity to improve and reinvent. + Also on Network World: Financial services firm adopts agile for digital development +
On the other hand, there is a constant challenge around juggling changes. In an era when financial institutions are more highly regulated than ever before, risk and compliance mandates add an entirely new level of complexity.To read this article in full or to leave a comment, please click here
As I’ve written many times, the cybersecurity skills shortage is the biggest cybersecurity issue we face today. Not only are there too few bodies to fill the cybersecurity jobs, but a recent series of research reports from ESG and the Information Systems Security Association (ISSA) indicates that many currently employed cybersecurity professionals are overworked, not managing their careers proactively, and not receiving the proper amount of training to stay ahead of increasingly dangerous threats. Yikes!So, the skills deficit is clear but which types of cybersecurity skills are in the highest demand? In the recently published ESG/ISSA research report title, Through the Eyes of Cybersecurity Professionals, 371 cybersecurity professionals were asked to identify areas where the organizations they worked for had the biggest skills gaps. The results are as follows:To read this article in full or to leave a comment, please click here
BlackBerry reported another quarter of losses and declining revenue on Tuesday, but CEO John Chen forecast that the company will break even next quarter, its first since quitting the smartphone business.The company signaled its departure from the smartphone hardware business last week, licensing its brand to TCL, the Chinese manufacturer that built the last two BlackBerry handsets.Chen's break-even forecast had a caveat: It didn't include restructuring charges, stock compensation expenses, fair-value adjustments and a host of other things, so the company will still make a loss, but a smaller one.With smartphones out of its product mix, BlackBerry is looking to a different kind of mobility to drive its future growth: the automotive industry, the major source of revenue for its QNX embedded software platform.To read this article in full or to leave a comment, please click here
If two state representatives get their way and their newly proposed law moves forward, then people in South Carolina will be blocked from accessing online porn after purchasing a new device.There are many missing pieces to fully explain how porn blocking would work under the Human Trafficking Prevent Act, and reading the bill doesn’t make it any clearer. However, the bill sponsors—Reps. Bill Chumley (R-Spartanburg) and Mike Burns (R-Greenville)—wrote that porn is a “public health hazard” and viewing porn online has impacted the “demand for human trafficking and prostitution.”To read this article in full or to leave a comment, please click here