Reid Wightman, a security researcher, has discovered that internet-connected operational technology can ‘easily’ be attacked and damaged.
The post Operational technology ‘susceptible to remote attacks’ appeared first on We Live Security.
Tag Archives: News
Data thieves ‘need to be handed tougher sentences’
Data thieves need to receive tougher sentences, says Christopher Graham, the UK’s information commissioner, as this will be a more effective deterrent.
The post Data thieves ‘need to be handed tougher sentences’ appeared first on We Live Security.
Your smartwatch may be revealing your card’s PIN code
Wearable devices bring us a whole world of technological innovation, yet at the same time it appears as though they also bring with them a serious security risk.
The post Your smartwatch may be revealing your card’s PIN code appeared first on We Live Security.
The security review: BlackEnergy, CES 2016 and Windows 10
Highlights from the last seven days in information security include the return of the BlackEnergy trojan and security insights from CES 2016.
The post The security review: BlackEnergy, CES 2016 and Windows 10 appeared first on We Live Security.
IoT – The Biggest Security Threat to Everything
I’ve seen seven platform shifts in my lifetime, including the shift from mainframe to PC and the shift from desktop to mobile. With every shift, technology is getting closer to our skin—literally, given the wearables gracing many of our wrists. We are sharing information that is more personal and valuable—such as sleep patterns, health data, driving data, shopping habits and location—which companies are piecing together to create a mosaic of our individual lives. And they are doing so in the name of more personalized advertising.
At some point, people will balk at this loss of privacy, and that point is arriving quickly. In our latest MEF Global Consumer Trust Report, we learned that 36% of respondents reported online privacy and security concerns; 27% said privacy and security concerns prevent them from using apps; and 47% said they’d pay extra for a privacy-friendly app that guaranteed the data it collected would not be shared.
Contrast this sentiment of consumer concern with the Wild West atmosphere of the IoT. Companies are engaged in a massive, frenetic land grab in which access to the IoT and freedom to innovate are the prevailing values. In the Wild West, there was no principle of “privacy,” and even the idea of “security” as a human right was barely supported, depending on the whims of the local sheriff.
The IoT is similar, with speed, freedom and access as the chief values prioritized among hardware manufacturers and software companies. Everyone wants a piece of the IoT, but few are looking beyond their own homestead, to see what’s happening across the industry and to seek ways to ensure that the IoT remains a viable platform to deliver goods and services.
Now we’re faced with two roads—speed and trust—and they diverge. The road of speed is what we’ve been on—fast-paced innovation and growth in the IoT, which in itself has produced some pretty exciting technology. However, on this road we also find a lot of potholes and bad guys—ranging from legitimate commercial concerns that are inadvertently weakening the security of the IoT to learn more about consumers to full-fledged criminals who hack into systems to fulfil their desire for money and power.
In addition to direct breaches to secure credit card information, these criminals buy and sell intellectual property and private information—for example, information exploited from the Ashley Madison attack that can be used to blackmail targets. Health data is the next major target.
On the road of trust, it’s slower-going. Building the IoT sustainably requires industrywide participation and agreement upon standards. Companies will need to realize that they’re only as strong as the ecosystem they’re a part of, and that’s a tough mindset to adopt when you’re eagerly seeking a competitive advantage over everyone who crosses your path.
This week I addressed an audience at CES’s first-ever Cybersecurity Forum on this very topic. If attendees got only one thing from that talk, I hope it was that it’s up to us, the industry, to make the Internet of Things private and secure, and that will require a level of inquiry and accountability that we’re not accustomed to.
If you’re a device manufacturer or a software provider, think bigger and broader. Participate in standards groups; help define policies and start being part of a smart framework of the next-gen IoT.
As we go in to 2016, let’s tackle this challenge together. And in fact, there is no other way to tackle it. Hopefully, I’ll be standing in front of the crowd at next year’s CES celebrating our progress.
Uber agrees to $20,000 penalty over poor data security practices
The app-based taxi company Uber has agreed to pay a $20,000 penalty for poor data security practices and to reform its privacy policies.
The post Uber agrees to $20,000 penalty over poor data security practices appeared first on We Live Security.
Time Warner Cable: Customer data ‘may have been compromised’
Time Warner Cable, one of the biggest cable telecommunications companies in the US, has revealed that some of its customer data ‘may have been compromised’.
The post Time Warner Cable: Customer data ‘may have been compromised’ appeared first on We Live Security.
When Will Our Data Be Secure?
As CES gets underway, it’s even more apparent that 2016 is projected to be the year of the “reluctant sharer”. The overwhelming common denominator of the conference seems to be cybersecurity, whether regarding drones, autonomous sport cars, or wearables; practically every device announced at CES has some type of Internet connection, adding to the already-reluctant sharer’s worries.
The latest MEF Global Consumer Trust Report 2016, in partnership with AVG, addresses digital citizenship – consumers’ responsibility to secure their online data and privacy. As an industry, are we sufficiently holding up our end of the deal, our responsibility to the consumers? One of the most striking findings in this year’s report, is the rise of the “reluctant sharer,” a growing 41% who don’t want to give up their personal information but know they need to in order to use an app. While consumers recognize more than ever how vital it is to protect themselves online, they feel caught. In just a single year, 20% more consumers shared personal information they would rather not have, just to be able to use apps and services.
With innovation in the connected world happening at an incredible pace, is resignation really the feeling we want customers to have at the beginning of our relationship with them? Year over year, this report has revealed a decrease in consumer trust, and in 2015, more people than ever (36%) said that lack of trust is the number one reason they decided against using software or apps. As an industry we can do better.
We needn’t look far to see how this might play out. Consumer distrust, leading to complete intolerance, has irrevocably disrupted the business model of digital publishing, in regards to ad blockers. While controversy surrounding the phenomenon is nothing new, Apple’s recent decision to allow ad-blocking apps has tipped the issue into mainstream consciousness and forced an entire industry to re-evaluate how it operates; and, perhaps most important, the value it offers to the people who make it all possible: their readers (consumers).
I predict that as high-profile hacks, like those on Talk Talk, Ashley Madison, the US Office of Personnel Management, and even the FBI, continue to dominate mainstream media conversations, fewer and fewer consumers will be willing to take this ‘devil’s bargain’ of privacy in exchange for services. And who can blame them? In fact, nearly half (47%) of everyone surveyed for this year’s report said they’d be willing to pay for an app that guaranteed not to share any collected data. That number is surely on the rise as consumers at large become more aware of the risks.
Given all this, I think the real question is not whether 2016 will signal a tipping point for consumers, but whether it will be the tipping point for us, the industry.
We, in mobile, have to decide if we want more than simply to avoid digital publishing’s troubles. We must put our customers first, and go beyond being only “good enough” at protecting them. Transparency and education need to go hand-in-hand with an industry-wide commitment to set, adhere to, and hold each other accountable for honorable, human-centered behavior principles. It is no longer enough to show consumers the “what” of data collection and sharing—we need to explain the purpose and consumer benefit of doing so, without spin, in real-life terms.
Who will step up to the challenge?
Ultimately, people should not have to trade privacy and security to benefit from the wealth of data-enabled services that are available now and on the horizon. Our customers are speaking loud and clear. Will we listen?
UK police force hire ‘Britain’s greatest fraudster’ to help tackle cybercrime
Once described as ‘Britain’s greatest online fraudster’, reformed Tony Sales has been hired by West Midlands Police in the UK to help tackle ongoing cybercrime.
The post UK police force hire ‘Britain’s greatest fraudster’ to help tackle cybercrime appeared first on We Live Security.
Gozi trojan coder free after being sentenced to time served
Deniss Calovskis, one of the men found to be responsible for the Gozi trojan, is free to return home to Latvia after being sentenced to time served.
The post Gozi trojan coder free after being sentenced to time served appeared first on We Live Security.
