Thursday, June 11, 2015

Even if you don't adopt “Best Practices,” you should not assume you are the first company ever to address this issue. My Computer Security students would easily identify the security failures listed here.
Weak Remote Access Practices Contributed to Nearly All PoS Breaches: Trustwave
In a new report from Trustwave, experts examined data from 574 breach investigations across the world from 2014. The researchers discovered that the number of PoS breaches they investigated jumped some seven percent compared to 2013 and accounted for 40 percent of the firm's investigations last year. By and large, those PoS compromises came down to a failure to control remote access.
Many businesses don't keep technical staff in-house, explained Karl Sigler, threat intelligence manager at Trustwave. As a result, much of the networking infrastructure and PoS systems are often fitted with remote access software to prevent technicians from having to be physically present every time there is a technical problem or a patch release, he said.
"Unfortunately, these remote access solutions are often poorly secured," he said. "They are often open publicly on the internet as opposed to being locked down with proper access controls to only allow the technician’s systems access. They not only typically have weak or no passwords, they usually also share the exact same password across all systems in order to make it easy on the remote technician. Maintaining and remembering unique passwords for every store is often considered too complicated."
The full report can be read here.

Not the type of Data Management my students would approve (if they wanted to pass my class) Data must be exchanged between the engines and the cockpit, but perhaps certain commands should be filtered out while the plane is airborne?
Fatal A400M crash linked to data-wipe mistake
A military plane crash in Spain was probably caused by computer files being accidentally wiped from three of its engines, according to investigators.
Plane-maker Airbus discovered anomalies in the A400M's data logs after the crash, suggesting a software fault.
And it has now emerged that Spanish investigators suspect files needed to interpret its engine readings had been deleted by mistake.
This would have caused the affected propellers to spin too slowly.
… The control systems of the A400M aircraft are heavily automated.
Each engine is run by a separate computer called an Electronic Control Unit.
… It was not foreseen that three propellers would be affected simultaneously, making it impossible to keep the plane airborne.

Does this make you feel better or worse?
Kaspersky Lab cybersecurity firm is hacked
One of the leading anti-virus software providers has revealed that its own systems were recently compromised by hackers.
Kaspersky Lab said it believed the attack was designed to spy on its newest technologies.
It said the intrusion involved up to three previously unknown techniques.
… Kaspersky Lab said that it had detected the breach in the "early spring", and described it as "one of the most sophisticated campaigns ever seen".
The malware does not write any files to disk, but instead resides in affected computers' memory, making it relatively hard to detect.
… This time, Kaspersky said, the malware was spread using Microsoft Software Installer files, which are commonly used by IT staff to install programs on remote computers.

Another article me Data Management and Business Intelligence students should be reading. (That's what us professors call a “HINT!”)
How to Get More Likes and Comments on Instagram, According to Science

For my Data Governance students. See? Just like the textbook says.
Many Organizations Lack Maturity to Address Security Risks: RSA
Nearly three quarters of global organizations lack the maturity to address cybersecurity risks, and size is not a determinant of strong maturity, according to RSA’s inaugural Cybersecurity Poverty Index.
The report from EMC’s security division is based on the responses of over 400 IT security professionals from 61 countries who were asked to self-assess the maturity of their cybersecurity programs using the NIST Cybersecurity Framework as a benchmark.
RSA has also noticed some differences when comparing critical sectors such as telecommunications, financial services, and government. The telecommunication sector ranked highest with half of organizations having developed or advantaged capabilities. At the other end of the chart we have the government sector, where only 18 percent of respondents are pleased with their capabilities.
It’s not uncommon for organizations to experience cyber security incidents that have a negative impact on business operations. RSA’s study shows that the more incidents an organization deals with, the more mature its capabilities are. More precisely, companies that reported 40 or more incidents in the past year are 2.5 times more likely to have developed or advantaged capabilities. On the other hand, 63 percent of the respondents with 40 or more incidents still admitted having an inadequate level of maturity.

For my Spreadsheet students (with tools for my Business Intelligence students!)
Power Up Excel with 10 Add-Ins to Process, Analyze & Visualize Data Like a Pro
… You can power up your Excel experience with add-ins. Ranging from data visualization to external databases, you’re bound to find something to push Excel into overdrive.
Power BI
It can be a little tricky to get used to, and it does have its own, separate interface, but it will enable you to build beautiful data analytics dashboards you can share with the entire company. And people will be impressed, especially if they haven’t seen it before. You can consult the detailed Power BI support pages to get started or when you’re stuck.
Send to Power BI
A nice little add-in that allows you to send your data directly to the Power BI dashboard and analytics tool.

For my Ethical Hacking students, just because...
5 Must-See Documentaries About Hacking and Hackers

No comments: