Even if you don't adopt “Best Practices,” you
should not assume you are the first company ever to address this
issue. My Computer Security students would easily identify the
security failures listed here.
Weak Remote
Access Practices Contributed to Nearly All PoS Breaches: Trustwave
In
a new report from Trustwave, experts examined data from 574 breach
investigations across the world from 2014. The researchers
discovered that the number of PoS
breaches they investigated jumped some seven percent compared to
2013 and accounted for 40 percent of the firm's investigations last
year. By and large, those PoS
compromises came down to a failure to control remote access.
Many
businesses don't keep technical staff in-house, explained Karl
Sigler, threat intelligence manager at Trustwave. As a result, much
of the networking infrastructure and PoS systems are often fitted
with remote access software to prevent technicians from having to be
physically present every time there is a technical problem or a patch
release, he said.
"Unfortunately,
these remote
access solutions are often poorly secured," he said. "They
are often open publicly on the internet
as opposed to being locked down with proper access controls to only
allow the technician’s systems access. They not only typically
have weak or no passwords,
they usually also share
the exact same password across all systems
in order to make it easy on the remote technician. Maintaining and
remembering unique passwords for every store is often considered too
complicated."
… The
full report can be read
here.
Not the type of Data Management my students would
approve (if they wanted to pass my class) Data must be exchanged
between the engines and the cockpit, but perhaps certain commands
should be filtered out while the plane is airborne?
Fatal A400M
crash linked to data-wipe mistake
A military plane crash in Spain was probably
caused by computer files being accidentally wiped from three of its
engines, according to investigators.
Plane-maker Airbus discovered anomalies in the
A400M's data logs after the crash, suggesting a software fault.
And it has now emerged that Spanish investigators
suspect files needed to interpret its engine readings had been
deleted by mistake.
This would have caused the affected propellers to
spin too slowly.
… The control systems of the A400M aircraft
are heavily automated.
Each engine is run by a separate computer called
an Electronic Control Unit.
… It was not foreseen that three propellers
would be affected simultaneously, making it impossible to keep the
plane airborne.
Does this make you feel better or worse?
Kaspersky
Lab cybersecurity firm is hacked
One of the leading anti-virus software providers
has revealed that its own systems were recently compromised by
hackers.
Kaspersky Lab said it believed the attack was
designed to spy on its newest technologies.
It said the intrusion involved up to three
previously unknown techniques.
… Kaspersky Lab said that it had detected the
breach in the "early spring", and described it as "one
of the most sophisticated campaigns ever seen".
The malware does not write any files to disk, but
instead resides in affected computers' memory, making it relatively
hard to detect.
… This time, Kaspersky said, the malware was
spread using Microsoft Software Installer files, which are commonly
used by IT staff to install programs on remote computers.
Another article me Data Management and Business
Intelligence students should be reading. (That's what us professors
call a “HINT!”)
How to Get
More Likes and Comments on Instagram, According to Science
For my Data Governance students. See? Just like
the textbook says.
Many
Organizations Lack Maturity to Address Security Risks: RSA
Nearly three quarters of global organizations lack
the maturity to address cybersecurity risks, and size
is not a determinant of strong maturity, according to
RSA’s inaugural Cybersecurity Poverty Index.
The report from EMC’s security division is based
on the responses of over 400 IT security professionals from 61
countries who were asked to self-assess the maturity of their
cybersecurity programs using the NIST Cybersecurity Framework as a
benchmark.
… RSA
has also noticed some differences when comparing critical sectors
such as telecommunications, financial services, and government. The
telecommunication sector ranked highest
with half of organizations having developed or advantaged
capabilities. At
the other end of the chart we have the government sector,
where only 18 percent of respondents are pleased with their
capabilities.
It’s
not uncommon for organizations to experience cyber security incidents
that have a negative impact on business operations. RSA’s
study shows that the more incidents an organization deals with,
the more mature its capabilities are. More precisely, companies that
reported 40 or more incidents in the past year are 2.5 times more
likely to have developed or advantaged capabilities. On the other
hand, 63 percent of the respondents with 40 or more incidents still
admitted having an inadequate level of maturity.
For
my Spreadsheet students (with tools for my Business Intelligence
students!)
Power Up
Excel with 10 Add-Ins to Process, Analyze & Visualize Data Like a
Pro
… You can power up your Excel experience with
add-ins. Ranging from data
visualization to external
databases, you’re bound to find something to push Excel into
overdrive.
… Power
BI
It can be a little tricky to get used to, and it
does have its own, separate interface, but it will enable you to
build beautiful
data analytics dashboards you can share with the entire company.
And people will be impressed, especially if they haven’t
seen it before. You can consult the detailed Power
BI support pages to get started or when you’re stuck.
Send
to Power BI
A nice little add-in that allows you to send your
data directly to the Power BI dashboard and analytics tool.
For my Ethical Hacking students, just because...
5 Must-See
Documentaries About Hacking and Hackers
No comments:
Post a Comment