The week in security: As Trump ban hits tech, researchers ask: why are humans so bad at security?

US president Donald Trump’s controversial travel ban had security executives seriously concerned, even as the new leader prepared and then delayed the signing of a far-reaching order around government cybersecurity.

Trump still asked businesses to boost their cybersecurity, even as Russia charged two FSB officers with treason for allegedly helping US intelligence services. Russia was also in the news as the UK urged NATO to fight off Russian cyberattacks, and a review of an Obama-era sanction found that it had hampered US tech firms from selling their products in the country.

The Office of the Australian Information Commissioner debuted a data-visualisation portal whose design suggests it may become an active monitor of Australia’s long-delayed breach notification laws. Governments have also been pushing harder into adopting secure collaborative workspaces, even as experts warned that healthcare security is continuing to lag well behind.

As a mass phishing test proved people are still quite easy to deceive, researchers in the UK were looking into why humans are so bad at cybersecurity. Some suggested security alerts might get more consideration if they were twirling and jiggling in place. Others highlighted another problem: that many hackers are actively recruiting company insiders to help with their attacks.

Blocking spear phishing is hard work, even with tools in place. Indeed, attacks seemed to be shifting to become more targeted and sophisticated even as their overall numbers dropped over the last quarter. This, as spam reportedly made a resurgence.

With cybercriminals tapping artificial intelligence constructs to improve their attacks, there were concerns that SMBs were becoming too dependent on cloud security and must improve their security management instead.

Facebook is weighing alternatives to account-recovery security questions by releasing a new protocol that would avoid the use of email for this common process. Despite the push for change, however, passwords aren’t likely to be going anywhere soon.

A mobile security firm was offering money to hackers to share their old exploits, while other experts were pushing Wordpress users to patch a “severe” API bug that was quietly fixed by WordPress. And Microsoft was moving to fix a bug in its SMB implementation that could crash systems or worse.

As if to demonstrate just how real concerns about Internet of Things (IoT) security are, Washington DC’s network of CCTV cameras was disrupted after a ransomware attack.

Tags mobile securityFacebookAustralian Information CommissionerDonald TrumpAustralian Information Commissioner (OAIC)TrumpUS president

Show Comments