Thursday, September 28, 2017

How do you control vendor security?
Third-Party Cyber Risks a Rising Threat, Research Shows
The Ponemon study (PDF), commissioned by risk and compliance firm Opus, questioned 625 individuals familiar with their organizations' third-party risk management posture. The BitSight study (PDF) took a different approach and examined the visible security posture of more than 5,200 legal, technology, and business services companies known to be third-parties to finance organizations. Both surveys show a significant gap in the security posture of primary organizations and their third-party suppliers.
For many large organizations, this gap is increasingly exploited by malicious actors as the soft underbelly route into the company. The Ponemon study shows that this situation is, if anything, worsening; while the BitSight study highlights some of the security weaknesses commonly found in third-party vendors.
Ponemon found that 56% of respondents had suffered a third-party data breach in the last year -- an increase of 7% over the previous year.
Part of the problem is that organizations have little visibility of, or into, their supply chain. Fifty-seven percent of Ponemon's respondents don't have an inventory of the third-parties with which they share sensitive data, and the same number don't know if their suppliers' policies would prevent a data breach.

What have I been telling my Computer Security students?
The Strange Case of Gas Pumps & Bluetooth Skimmers
You might not think of an IEEE Summit as the most likely place to hear an intense talk about the lack of security at America's gas pumps, but that's exactly what happened last week at the The 38th IEEE Sarnoff Symposium in Newark, N.J.
Scott Schober, president and CEO of Berkeley Varitronics Systems (BVS) , used his 20 minutes on the podium to talk about how unsuspecting customers are putting themselves at risk using a debit or credit card at a gas pump in the US.
"Security and convenience don't go in hand-in-hand," he chided the crowd.
… A couple of people in the crowd asked about chip and PIN systems -- where you insert the card and it reads the chip rather than a magnetic strip -- and while Schober allowed that these were moderately more secure, he reminded people: "There's no chip and pin in any gas stations in the US," and there is unlikely to be until 2020.

Trends in cyber-crime.
DDoS Attacks More Likely to Hit Critical Infrastructure Than APTs: Europol
While critical infrastructure has been targeted by sophisticated threat actors, attacks that rely on commonly available and easy-to-use tools are more likely to occur, said Europol in its 2017 Internet Organised Crime Threat Assessment (IOCTA).
The report covers a wide range of topics, including cyber-dependent crime, online child exploitation, payment fraud, criminal markets, the convergence of cyber and terrorism, cross-cutting crime factors, and the geographical distribution of cybercrime. According to the police agency, we’re seeing a “global epidemic” in ransomware attacks.
When it comes to critical infrastructure attacks, Europol pointed out that the focus is often on the worst case scenario – sophisticated state-sponsored actors targeting supervisory control and data acquisition (SCADA) and other industrial control systems (ICS) in power plants and heavy industry organizations.

Is this their gameplan for November?
11 ways Facebook tried to thwart election interference in Germany
Facebook may have dropped the ball with the U.S. presidential election, but it was much better prepared for last weekend’s federal election in Germany. Today, Facebook outlined all its efforts to prevent malicious actors from meddling in the election.
“These actions did not eliminate misinformation entirely in this election – but they did make it harder to spread, and less likely to appear in people’s News Feeds,” wrote Richard Allan, Facebook’s VP of Public Policy for EMEA.
That includes:
  • Deleting tens of thousands of suspicious accounts
  • Fighting fake news in video and text clickbait
  • Showing alternative perspectives on news stories via Related Articles
  • Offering space where political parties could describe stances on core issues
  • Providing a comparison tool for the political parties
  • Launching an Election Hub to see which candidates were on the ballot
  • Sending in-app notifications for people to learn about and follow their newly elected leaders
  • Working with the German Federal Office for Information Security
  • Training political candidates about online security issues
  • Establishing a dedicated support channel for reports of election security and integrity issues
  • Giving news outlets access to its Berlin studio for distributing Facebook Live reports on election results

Just because this job is so rare…
Why your ‘personal’ data is anything but: Q&A with Washington state’s first chief privacy officer
In the digital age, it’s hard to know which data about ourselves is really ours. Who is allowed to have data on your internet use? Your shopping habits? What about data on your body, your voting record or how furniture is laid out in your home?
It may surprise you that various companies and government agencies around the U.S. may already have that data, even if you never consented to give it to them.
For Alex Alben, this is a huge problem. Alben is a privacy advocate and he’s Washington state’s first-ever chief privacy officer. It’s his job to try and protect the personal data and the privacy of citizens in Washington, and by extension, around the country.
We speak with Alben on this episode of the GeekWire Podcast to learn about how our personal data ends up in the hands of unfamiliar people, as well as what citizens and organizations can do to help protect privacy.

Equifax updates.
Equifax Will Offer Free Credit Locks for Life, New CEO Says
Equifax Inc. will debut a new service that will permanently give consumers the ability to lock and unlock their credit for free.
The service will be introduced by Jan. 31, Chief Executive Officer Paulino do Rego Barros Jr. wrote in a Wall Street Journal op-ed Wednesday, a day after taking the helm. The company will also extend the sign-up period for TrustedID Premier, the free credit-monitoring service it’s offering all U.S. consumers, he said.
… Most significantly, the service will be offered free, for life.”
… TransUnion, a rival credit-reporting company, also offers a free credit lock called TrueIdentity “and we have for some time,” company spokesman David M. Blumberg said in an emailed statement.
… A representative for Experian Plc, another rival, didn’t immediately return a message seeking comment.

(Related). Oh, the horror!
Equifax CEO to collect $90 million: report
… Smith, who announced his retirement Tuesday, will collect about $72 million this year and $17.9 million in coming years, according to Fortune. This reportedly adds up to about 63 cents for each customer who was potentially exposed in the company’s data breach.

I forget. What was this Tweet supposed to distract us from?
Trump suggests Facebook colluded with media against him
President Trump on Wednesday seemed to suggest that Facebook had colluded with the news media against him during the 2016 presidential race.
"Facebook was always anti-Trump. The Networks were always anti-Trump hence, Fake News @nytimes (apologized) & @WaPo were anti-Trump. Collusion?" the president tweeted.

(Related). And remember, he’s not running for office…
Zuckerberg defends Facebook against Trump attack
Mark Zuckerberg defended Facebook on Wednesday after President Trump accused the company of being “anti-Trump.”
Every day I work to bring people together and build a community for everyone,” Zuckerberg wrote on the site. “We hope to give all people a voice and create a platform for all ideas.”
Trump says Facebook is against him,” he continued. “Liberals say we helped Trump. Both sides are upset about ideas and content they don't like. That's what running a platform for all ideas looks like.”

The financial equivalent of a President Trump Tweet? Over the top?
In Boeing victory, U.S. Commerce Dept. slaps massive tariff on small jets from Canada’s Bombardier
… A decision in favor of Boeing was widely expected, but the size of the tariff imposed on Bombardier — 219.63 percent, to be precise — shocked all sides, especially the Canadians.
Mike Nadolski, Bombardier’s vice president of communications, called the amount “absurd and divorced from the reality about the financing of multibillion-dollar aircraft programs.”
In its petition, Boeing had asked for a 79 percent tariff because of the subsidies.

I’ll have to think about this. Should I create the dullest book ever? But it might be useful for pulling posts on specific topics.
Turn a Blog Into a Book
One of the reasons that I continue to encourage teachers to blog with students is that it helps to create a record of what your students have observed, learned, created, and shared throughout the school year. At the end of the year, you may want to take that blog and turn it into a physical item that your students can share with their parents. BlogBooker is a tool that can help you do that.
BlogBooker is a service that allows you to turn your the contents of your Blogger or WordPress blog into a PDF. Using BlogBooker is a fairly straight-forward process. BlogBooker walks you through each step of the process including the first step which is exporting the contents of your blog as an XML file. The second step is entering the URL for your blog. After completing those two steps just sit back and wait as BlogBooker creates a PDF or Word file based on the text and images in your blog posts.
The free version of BlogBooker limits you to three books and one year's worth of blog posts. There are upgrades available that will allow you to include more blog posts and will include higher resolution images.

No comments: