The week in security: IoT attacks hit 80% of companies; time to destigmatise data breaches?

Australian businesses are struggling to sell roles in ICT – and, even more problematic, in cybersecurity – to women, and one female cybersecurity wonk believes the problem is that too many young women aren’t being encouraged to ask questions more proactively.

Speaking of asking questions, many companies aren’t taking enough time to consider who should be on an insider risk team. The roster may be broader than you think, particularly since the push by even non-technology businesses to become cloud providers is demanding new perspectives on how to roll out and deploy the services.

This should fit in with the new way of doing things within Australian companies where, one Cisco executive argues, executives are increasingly driving security planning and execution from the top down. That approach is also fuelling an opportunity for security executives to get more open with employees about security breaches – encouraging them not to fear reporting problems so they can be identified and fixed more quickly.

Some were wondering whether vulnerabilities and malware should be the #1 security priority. They may have a point, given that security issues on the Internet of Things (IoT) continue to be a problem, with researchers recently finding 5.3m vulnerable smart devices in Spain alone and a study suggesting that over 80 percent of companies had been hit with IoT breaches. A security researcher revealed that the CloudPets toy can be used to spy on kids, raising questions about whether toy makers are ignoring warnings about data breaches.

Researchers warned that home and industrial robots are just as vulnerable to security issues as IoT devices, which had some wondering why years of concern about ultra-intelligent robots had not made us more concerned about the implications.

Meanwhile, a startup called Dojo floated a $US200 network monitoring device designed to stop IoT problems. Cisco offered a tool that can help discover abuse of the Cisco Smart Install tool.

Even as the much-maligned SHA-1 was used to launch a collision attack capable of breaking code repositories using the Subversion revision control system, a startup’s novel approach to encryption was producing a more secure version of the HTC A9 smartphone. This, as the Google Play store was hit by more than 130 Android apps containing malicious code.

Palo Alto Networks paid $US105m ($A138m) to acquire behavioural-analytics vendor LightCyber, while investigations suggested that executives at Internet stalwart Yahoo botched the company’s response to its 2014 data breach.

Google boosted the top bounty for its web sites by 50 percent and expanded its Safe Browsing service to make the macOS version of its Chrome browser protect programs from rogue ad injections, while researchers scored a small victory by releasing software capable of decrypting Dharma ransomware.

A bug in Slack opened up the opportunity for a hack that can steal user access, while bug-bounty provider HackerOne began offering its services to open-source projects for free.

A US surveillance law was said to be allowing that country’s National Security Agency to spy on people overseas – yet there were also domestic concerns as it was revealed that US Vice President Mike Pence previously used private email servers – which were hacked – while working as governor of Indiana.

Tags breachICTIoTCSO Australiabreach-notificationinsider risk teamCisco executivewoman in IT

Show Comments