Study: More than 50% of SMBs were breached in the past year
A new study conducted by the Ponemon Institute and
sponsored by password management provider Keeper Security analyzed the state of
cybersecurity in small and medium-sized businesses (SMBs) and found that
confidence in SMB security is shockingly low (just 14% of the companies
surveyed rated their ability to mitigate cyber attacks as highly effective).
- 50 percent of respondents reported that they had data breaches involving customer and employee information in the last 12 months.
- Three out of four survey respondents reported that exploits have evaded their anti-virus solutions.
- 59% of respondents say they have no visibility into employees' password practices and hygiene.
- 65% do not strictly enforce their documented password policies.
The scale of a breach is very difficult to measure
quickly, as articles like this consistently illustrate.
Remember when Wendy’s updated its breach disclosure in May
to report that it was 300 stores
impacted? They subsequently revealed
that they had found two types of malware and the number of impacted stores
could be “considerably higher.”
… Wendy’s first reported unusual payment card
activity affecting some restaurants in February 2016. In May, we confirmed that we had found
evidence of malware being installed on some restaurants’ point-of-sale systems,
and had worked with our investigator to disable it. On June 9th, we reported that we
had discovered additional malicious cyber activity involving other restaurants.
That malware has also been disabled in
all franchisee restaurants where it has been discovered. We believe that both criminal cyberattacks
resulted from service providers’ remote access credentials being compromised,
allowing access – and the ability to deploy malware – to some franchisees’
point-of-sale systems.
[Apparently
only the Wendy’s in Thornton Colorado was hit.
Bob]
Ah the joys of having the latest technology!
Megan Scudellari reports:
“It knows too much,” says Wang, an assistant professor of
computer science at Binghamton University in Upstate New York. “If you are
using a smart watch, you need to be cautious.”
He would know. Wearable
devices can give away your PIN number, according to research he and colleagues
presented in June at the 11th annual Association for Computing Machinery
Asia Conference on Computer and Communications Security (ASIACCS) in
Xi’an, China. By combining smart watch sensor data with an algorithm to infer key entry
sequences from even the smallest of hand movements, the team
was able to crack private ATM PINs with 80 percent accuracy on the first try
and more than 90 percent accuracy after three tries.
Read more on IEEE
Spectrum.
Computer Security, Data Management and Data Architecture!
Buyers Beware: The Latest Wave of Retail Cyber Scams
… “Retailers have
been caught out by bad data
architecture. You should
never store sensitive information on a network that third-party vendors have
access to. Create a systematic classification categorizing what’s sensitive and
what’s not,” suggests Yoo.
Daniel
Garrie, CEO of consulting firm Law & Forensics and senior advisor at
Risk Assistance Network and Exchange (RANE), suggests to his retail clients to go as far as providing cybersecurity to
the vendors themselves. “I
tell my clients you need to secure them. Spending any amount of money is worth
it if these are vendors you can’t live without.”
Will this reignite the encryption debate? Stay tuned.
‘Secret Conversations:’ End-to-End Encryption Comes to
Facebook Messenger
Just a few years ago,
end-to-end encryption was a nerdy niche: a tiny collection of obscure software
let you encrypt communication so only your recipient could read it, but the
vast majority left you no option to hide your words from hackers or
eavesdroppers. This year, that balance
shifted. And now, roughly 900 million
more people are about to be invited into the crypto club.
On Friday, Facebook plans to roll out a beta version of a new feature
it calls “secret conversations.” It’s
encrypted messages, end-to-end, so that in theory no one—not a snoop on your
local network, not an FBI agent with a warrant, not even Facebook itself—can
intercept them. For now, the feature
will be available only to a small percentage of users for testing; everyone
with Facebook Messenger gets it later this summer or in early fall.
I’ll use this the next time I teach Statistics. Isn’t the question wrong? Did insurance rates change for these
drivers?
From TheNewspaper:
Three years ago, the insurance
industry set up ten covert speed cameras across Northern Virginia to photograph
and access the personal information of 65,000 drivers. A motorist rights group is crying foul. The Insurance Institute for Highway Safety
(IIHS) gathered all of this data to make a political point.
“The association between higher speed
limits and faster vehicle speeds is well-established, but not as much is known
about how horsepower affects travel speeds,” wrote in a May 24 report.
The report was made possible by
the 2014 decision of Virginia Department of Motor Vehicle Commissioner Richard
D. Holcomb to release vehicle identification number (VIN), age and sex
information from the records of 65,000 vehicle owners. IIHS compared this personal information
against the facial photograph captured by the industry’s speed cameras to conclude
that vehicles “packing more horsepower” drive faster than the posted speed
limit.
[…]
“Why precisely the insurance industry advocates felt the need to capture
facial images of drivers and compare that to personal data in DMV records is a
mystery,” NMA president Gary Biller told TheNewspaper. “Identifying drivers isn’t germane to the
horsepower versus speed question.”
Indeed. And they
could have let me know so that I could comb my hair before blowing off their
speed limits in my little sports car.
Read more on TheNewspaper.com.
Well, if no one in Congress cares…
EFF – FBI Must Not Sidestep Privacy Protections For Massive
Collection of Biometric Data
by Sabrina
I. Pacifici on Jul 7, 2016
Iris Scans, Palm Prints, Face Recognition Data, and More
Collected From Millions of Innocent Citizens – “The FBI, which has created
a massive database of biometric information on millions of Americans never
involved in a crime, mustn’t be allowed to shield this trove of personal
information from Privacy Act rules that let people learn what data the
government has on them and restrict how it can be used. The Electronic Frontier Foundation (EFF) filed
comments today with the FBI, on
behalf of itself and six civil liberties groups, objecting to the agency’s request to exempt the Next Generation Identification (NGI) database from key provisions
of federal privacy regulations that protect personal data from misuse and
abuse. The FBI has amassed this database
with little congressional and public oversight, failed for years to provide
basic information about NGI as required by law, and dragged its feet to disclose—again,
as required by law—a detailed description of the records and its policies for
maintaining them. Now it wants to be
exempt from even the most basic notice and data correction requirements…”
(Related) “We’re
going to do it, but we don’t know what we’re going to do yet.”
lan Lior and Or Kashti report:
Interior Minister Arye Dery
announced on Thursday that starting next year, joining the biometric database
will be obligatory.
“From now on anyone obtaining a
document from the Interior Ministry, whether an ID card or a passport, will
receive a biometric one. We’ve decided on having this database and we’ll soon
decide what will be included in it,” Dery said at a ceremony marking
the millionth person to join the biometric database, which was held at the new
Population and Immigration Authority office in south Tel Aviv.
Read more on Haaretz.
So with the U.S.
banking sector also embracing biometrics and with everyone’s Social
Security number already have been leaked or compromised in numerous breaches,
can the U.S. be far behind in switching to biometrics for identity
authentication?
And if so, isn’t it even more important, then, that the
FBI not be able to exempt the biometrics database from Privacy Act
protections? Have you signed EFF’s
petition on this? If not, go
do so right now.
Perspective. At
least, something to think about.
Deciphering Facebook's Software Philosophy
Last week, Facebook offered a peek into the philosophy
governing its News Feed algorithm, the piece of software that decides which
posts are shown to people when they log into the platform’s app or homepage. The announcement was more than just academic. One in five
adults worldwide use Facebook, and 44 percent of Americans
get their news from the platform. If traditional agenda-setting news barons like
Rupert Murdoch count as powerful, then surely the News Feed algorithm wields
influence, too. In fact, its algorithm
may be one of the most powerful pieces of software in the world.
Which makes the ideas governing such a piece of software
extra-important. These particular ideas
came in a blog post entitled “News Feed Values,”
written by Adam Mosseri, a Facebook vice president and the product manager of
the News Feed. The post is a list of
broad principles and vague promises that users should expect from their News
Feed. It was at once a piece of
marketing and—more interestingly—a set of operational ethics, a kind of guide
to what Facebook values when it decides to alter the feed.
(Related)
Pew – The Modern News Consumer
by Sabrina
I. Pacifici on Jul 7, 2016
“Wave after wave of digital innovation has introduced a
new set of influences on the public’s news habits. Social media, messaging apps, texts and email
provide a constant stream of news from people we’re close to as well as total
strangers. News stories can now come
piecemeal, as links or shares, putting less emphasis on the publisher. And, hyper levels of immediacy and mobility
can create an expectation that the news will come to us whether we look for it
or not. How have these influences shaped
Americans’ appetite for and attitudes toward the news? What, in other words, are the defining traits
of the modern news consumer? A new, two-part survey by Pew Research Center,
conducted in early 2016 in association with the John S. and James L. Knight
Foundation, reveals a public that is cautious as it moves into this more
complex news environment and discerning in its evaluation of available news
sources…”
The difference is important!
Augmented vs. Virtual Reality: What’s the Difference?
… Augmented
reality (AR) refers to devices that combine elements of the real world
with virtual aspects laid over it. This
often manifests itself in using your phone’s camera to display the “real world”
with a virtual overlay, though not always.
… VR essentially
boils down to: creating an entire world within virtual space. Whereas augmented reality relies on input from
the “real world”, virtual reality aims to create its own distinct and separate
world.
For the Movie club?
Watch 100+ Free Public Domain Movies on YouTube Now
… The list of
films on the aptly named Public Domain
Full Movies channel is truly staggering, ranging from some in
the 60s and 70s, and going all the back to the silent film era of the early
1900s.
No comments:
Post a Comment