Japan has been scanning its entire IPv4 address space to find insecure home routers, web cameras and sensors. The results are encouraging, and the country's program could serve as a model for other nations aiming to avoid large-scale IoT security problems.
IoT devices can be made cheaply and quickly. But as a result, they may lack adequate security features. The Atlantic Council is proposing regulations that would require technology retailers to sell devices that meet security standards, which would, in turn, put pressure on IoT component makers.
This edition of the ISMG Security Report analyzes whether IoT devices will outlive their security updates. Also featured: Why security spending needs to shift further upstream; could banks be custodians of identity?
Troy Leach of the PCI Security Standards Council discusses how the shift to card-not-present transactions during the COVID-19 pandemic has created new fraud-fighting challenges and offers an update on pending standards revisions.
A massive DDoS attack generating 809 million packets per second was recently directed against a large European bank, according to the security firm Akamai, which describes in a new report the unusual approach the attackers took.
It's a good time to be a CISO. You have the board's attention, and now you can use your position to ensure appropriate resources to tackle key challenges such as identity & access, cloud application security and third-party risk. Expel CISO Bruce Potter discusses how best to influence these decisions.
Greg van der Gaast, head of information security at the University of Salford in the United Kingdom, has strong opinions on why some security investments aren't reaping maximum benefits. "We are addressing problems too far downstream," he says.
The Evil Corp cybercrime group, originally known for the Dridex banking Trojan, is now using new ransomware called WastedLocker, demanding ransom payments of $500,000 to $1 million, according to security researchers at NCC Group's Fox-IT.
Enterprises need to move away from manual threat detection methods to leverage artificial intelligence, which can help boost defenses, says Dr. Jassim Haji, president of Artificial Intelligence Society, Bahrain Chapter.
Many ransomware gangs hell-bent on seeing a criminal payday have now added data exfiltration to their shakedown arsenal. Gangs' extortion play: Pay us, or we'll dump stolen data. One massive takeaway is that increasingly, ransomware outbreaks also are data breaches, thus triggering breach notification rules.
The recent leak of 269 GB of sensitive data from more than 200 police departments and the FBI could be a sign that law enforcement agencies are becoming a prime target for hackers, given recent civil unrest.
Integrating IoT devices into OT systems brings a raft of security concerns. Microsoft's acquisition of CyberX, which offers a specialized IoT/OT security platform, may give some organizations more confidence to tackle what can be a messy business of securing and monitoring IoT controls across a network.