The week in review: If endless reports of poor security make you WannaCry, try laughter instead

Straight from the should-have-known-better files, IT services firm HCL was found to have left employee passwords, and details of customer projects, exposed online without any form of authentication.

No wonder cloud-based security is creating issues for CISOs that are finding themselves marginalised by the very same automation and API-based integration tools that were supposed to make their lives easier – but are instead allowing development teams to bypass security controls altogether. No wonder GitHub is offering new enterprise tools to build security capabilities into development workflows.

This, as an expanding roster of nbn™ business services helps improve the interface to cloud-based services by providing more, and more controllable, bandwidth for a broad range of purposes including increasing business assurance.

Bigger bandwidth is also creating new avenues for mass attacks on targets – including, increasingly, executives that are being targeted by cybercriminals at increasing rates.

If you’re struggling to put a lid on phishing attacks, a new study has found that just enabling SMS-based 2-factor authentication will block most phishing.

Even more important, of course, is engaging employees to get them to stop succumbing to phishing in the first place – and that means getting them to care about security. And that, one expert has found, means making security funny.

It’s all part of the life of the CISO – and it continues to get even more fun, with the Internet of Medical Things (IoMT) posing specific threats that highlight just how problematic the increasing number of connected devices has become.

Not to mention that 90 percent of the data sent by those devices is unencrypted, according to a recent report that reinforces security experts’ concerns that increasingly connected homes pose a security ‘death trap’.

Yet IoT devices aren’t the only embarrassingly awful security breach in the average network: Google, it was revealed, has been storing some passwords for its G Suite business services in plaintext for nearly 14 years. Oops.

Regular updates have long been known to be a key part of the solution – just like vaccinations in people – and Microsoft played to this by releasing the Windows 10 May 2019 Update, which includes more controls.

Yet as well as technological controls, it’s important to conduct business-related audits – particularly in the age of the EU’s general purpose data regulation (GDPR) and its ilk.

Tags mass attackspoor securityWannaCry

Show Comments