How do you control vendor security?
Third-Party
Cyber Risks a Rising Threat, Research Shows
The Ponemon
study (PDF),
commissioned by risk and compliance firm Opus, questioned 625
individuals familiar with their organizations' third-party risk
management posture. The BitSight study (PDF)
took a different approach and examined the visible security posture
of more than 5,200 legal, technology, and business services companies
known to be third-parties to finance organizations. Both surveys
show a significant gap in the security posture of primary
organizations and their third-party suppliers.
For many large
organizations, this gap is increasingly exploited by malicious actors
as the soft underbelly route into the company. The Ponemon study
shows that this situation is, if anything, worsening; while the
BitSight study highlights some of the security weaknesses commonly
found in third-party vendors.
Ponemon found
that 56% of respondents had suffered a third-party data breach in the
last year -- an increase of 7% over the previous year.
…
Part
of the problem is that organizations have little visibility of, or
into, their supply
chain. Fifty-seven percent of Ponemon's respondents don't have
an inventory of the third-parties with which they share sensitive
data, and the same number don't know if their suppliers' policies
would prevent a data breach.
What have I been telling my Computer Security
students?
The Strange
Case of Gas Pumps & Bluetooth Skimmers
You might not think of an IEEE Summit as the most
likely place to hear an intense talk about the lack of security at
America's gas pumps, but that's exactly what happened last week at
the
The
38th IEEE Sarnoff Symposium in Newark, N.J.
Scott Schober, president and CEO of
Berkeley
Varitronics Systems (BVS) , used his 20 minutes on the podium to
talk about how unsuspecting customers are putting themselves at risk
using a debit or credit card at a gas pump in the US.
"Security
and convenience don't go in hand-in-hand," he chided
the crowd.
… A couple of people in the crowd asked about
chip and PIN systems -- where you insert the card and it reads the
chip rather than a magnetic strip -- and while Schober allowed that
these were moderately more secure, he reminded people: "There's
no chip and pin in any gas stations in the US," and there is
unlikely to be until 2020.
Trends in cyber-crime.
DDoS
Attacks More Likely to Hit Critical Infrastructure Than APTs: Europol
While
critical infrastructure has been targeted by sophisticated threat
actors, attacks that rely on commonly available and easy-to-use tools
are more likely to occur, said Europol in its 2017 Internet Organised
Crime Threat Assessment (IOCTA).
The report covers a wide range of topics,
including cyber-dependent crime, online child exploitation, payment
fraud, criminal markets, the convergence of cyber and terrorism,
cross-cutting crime factors, and the geographical distribution of
cybercrime. According to the police agency, we’re seeing a
“global
epidemic” in ransomware attacks.
When it comes to
critical
infrastructure attacks, Europol pointed out that the focus is
often on the worst case scenario – sophisticated state-sponsored
actors targeting supervisory control and data acquisition (SCADA) and
other industrial control systems (ICS) in power plants and heavy
industry organizations.
Is this their gameplan for November?
11 ways
Facebook tried to thwart election interference in Germany
Facebook may have
dropped the ball with the U.S. presidential election, but it was much
better prepared for last weekend’s federal election in Germany.
Today,
Facebook
outlined all its efforts to prevent malicious actors from
meddling in the election.
“These actions did not eliminate misinformation
entirely in this election – but they did make it harder to spread,
and less likely to appear in people’s News Feeds,” wrote Richard
Allan, Facebook’s VP of Public Policy for EMEA.
That includes:
-
Deleting tens of
thousands of suspicious accounts
-
Fighting fake
news in video and text clickbait
-
Showing
alternative perspectives on news stories via Related Articles
-
Offering space
where political parties could describe stances on core issues
-
Providing a
comparison tool for the political parties
-
Launching an
Election Hub to see which candidates were on the ballot
-
Sending in-app
notifications for people to learn about and follow their newly
elected leaders
-
Working with the
German Federal Office for Information Security
-
Training
political candidates about online security issues
-
Establishing a
dedicated support channel for reports of election security and
integrity issues
-
Giving news outlets access to its Berlin
studio for distributing Facebook Live reports on election results
Just because this job is so rare…
Why your
‘personal’ data is anything but: Q&A with Washington state’s
first chief privacy officer
In the digital age, it’s hard to know which data
about ourselves is really ours. Who is allowed to have data on your
internet use? Your shopping habits? What about data on your body,
your voting record or how furniture is laid out in your home?
It may surprise you that various companies and
government agencies around the U.S. may already have that data, even
if you never consented to give it to them.
For Alex Alben, this is a huge problem. Alben is a
privacy advocate and he’s
Washington
state’s first-ever chief privacy officer. It’s his job to
try and protect the personal data and the privacy of citizens in
Washington, and by extension, around the country.
We speak with Alben on this episode of the
GeekWire Podcast to learn about how our personal data ends up in the
hands of unfamiliar people, as well as what citizens and
organizations can do to help protect privacy.
Equifax updates.
Equifax
Will Offer Free Credit Locks for Life, New CEO Says
Equifax
Inc. will debut a new service that will permanently give
consumers the ability to lock and unlock their credit for free.
The service will be introduced by Jan. 31, Chief
Executive Officer Paulino do Rego Barros Jr. wrote in a Wall Street
Journal op-ed Wednesday, a day after taking the helm. The company
will also extend the sign-up period for TrustedID Premier, the free
credit-monitoring service it’s offering all U.S. consumers, he
said.
… Most significantly, the service will be
offered free, for life.”
… TransUnion, a rival credit-reporting
company, also offers a free credit lock called TrueIdentity “and we
have for some time,” company spokesman David M. Blumberg said in an
emailed statement.
… A representative for
Experian
Plc, another rival, didn’t immediately return a message seeking
comment.
(Related). Oh, the horror!
Equifax
CEO to collect $90 million: report
… Smith, who announced his retirement Tuesday,
will collect about $72 million this year and $17.9 million in coming
years, according to
Fortune.
This reportedly adds up to about 63 cents for each customer who was
potentially exposed in the company’s data breach.
I forget. What was this Tweet supposed to
distract us from?
Trump
suggests Facebook colluded with media against him
President Trump on Wednesday seemed to suggest
that Facebook had colluded with the news media against him during the
2016 presidential race.
"Facebook was always anti-Trump. The
Networks were always anti-Trump hence, Fake News @nytimes
(apologized) & @WaPo were anti-Trump. Collusion?" the
president tweeted.
(Related). And remember, he’s not running for
office…
Zuckerberg
defends Facebook against Trump attack
Mark Zuckerberg
defended Facebook on Wednesday after President Trump accused the
company of being “anti-Trump.”
“
Every day I
work to bring people together and build a community for everyone,”
Zuckerberg wrote
on the site. “We hope to give all people a voice and create a
platform for all ideas.”
“Trump says
Facebook is against him,” he continued. “Liberals say we helped
Trump. Both sides are upset about ideas and content they don't like.
That's what running a platform for all ideas looks like.”
The financial equivalent of a President Trump
Tweet? Over the top?
In Boeing
victory, U.S. Commerce Dept. slaps massive tariff on small jets from
Canada’s Bombardier
Mike Nadolski, Bombardier’s vice president of
communications, called the amount “absurd
and divorced from the reality about the financing of
multibillion-dollar aircraft programs.”
In its petition, Boeing had asked for a 79 percent
tariff because of the subsidies.
I’ll have to think about this. Should I create
the dullest book ever? But it might be useful for pulling posts on
specific topics.
Turn a Blog
Into a Book
One of the reasons that I continue to encourage
teachers to blog with students is that it helps to create a record of
what your students have observed, learned, created, and shared
throughout the school year. At the end of the year, you may want to
take that blog and turn it into a physical item that your students
can share with their parents.
BlogBooker
is a tool that can help you do that.
BlogBooker
is a service that allows you to turn your the contents of your
Blogger or WordPress blog into a PDF. Using
BlogBooker
is a fairly straight-forward process.
BlogBooker
walks you through each step of the process including the first step
which is exporting the contents of your blog as an XML file. The
second step is entering the URL for your blog. After completing
those two steps just sit back and wait as BlogBooker creates a PDF or
Word file based on the text and images in your blog posts.
The free version of BlogBooker limits you to three
books and one year's worth of blog posts. There are upgrades
available that will allow you to include more blog posts and will
include higher resolution images.