The week in security: As Wi-Fi is KRACKed, slow breach detection threatens CISOs and their data

Figures suggest that if you haven’t spotted a breach within 3 hours the chances are that it’s already gone

The discovery of a security vulnerability in every implementation of Wi-Fi’s WPA2 standard sent mainstream media into a frenzy, with warnings of a catastrophic impact on Android devices.

That threat offered little solace to corporate data users that are already struggling with the need to detect breaches more quickly than they are doing.

Yet that process is harder than many believe: figures suggest that if you haven’t spotted a breach within 3 hours the chances are that it’s already gone.

Money could be siphoned away from companies even faster than that due to new banking technology that’s set to accelerate the speed at which transfers are cleared.

That’s hardly reassuring to CISOs just trying to keep their data protected – with threats lingering due to everything from Petya and NotPetya to fake Telstra and EnergyAustralia email bills, to ransomware and shoddy smartwatch security.

Some CISOs are turning to the synchronised security approach, while others in the industry are seeking to address developers’ security-skills deficiency: one security startup debuted technology that builds customised security wrappers around software as it’s being rapidly iterated during frequent builds under Agile development processes.

Meanwhile, Google debuted an option for Gmail that boosts security by locking access to the service unless a hardware key is presented.

This, even as some security pundits begin to worry what happens when cybercriminals get their heads around the potential of machine learning to make their attacks more effective than ever.

Show Comments