The week in security: CSO50 winners doing security right where so many others still aren’t

Security analysts must be getting tired of repeating themselves: one analysis lashed out at “negligent and unqualified” executives that are continually threatening consumer privacy with inadequate security and governance practices. Few have seen the problem from both sides – as ANZ CISO Lynwen Connick shared the insights she has gathered during the transition.

This, as 41 Hyatt hotels – including the Hyatt Hotel Bali – were hit with a credit-card breach and Equifax updated the number of UK records compromised in its massive breach to 15.2 million.

Research firm Forrester joined the ranks of the compromised, with reports that an outside attacker stole the company’s core intellectual property – its massive base of industry reports.

All could learn a few things from the winners of the CSO50 2018 awards, which recognise the most innovative security players and those that have turned security strategies into real business value.

Authorities around the world were joining the call for better security during Stay Smart Online Week 2017 – although few users will warm to Victoria Police’s suggestion that secure passwords must be at least 16 characters long.

Hacking of cars at a distance remains one area of concern but passwords and other issues were forefront at AISA 2017, where a range of security experts explored questions including whether bug-bounty programs involved ethical compromise, whether changing our security mindset can improve information-security success, and whether industry players should be allowed to hack their hackers in an “active defence” strategy.

The scramble for better security is increasingly turning towards face recognition – which raised eyebrows when the Turnbull government recently announced it would combine driver’s-license photos from around the country but is, one expert believes, accurate and fast enough to be used in mainstream applications including verification of financial transactions and authentication by IoT devices.

Of course, the well-developed SAML standard already plays a strong role in authentication, while Google’s Grafeas has provided a common base for sharing of metadata about application containers.

Yet artificial intelligence is also gaining currency as a tool to improve security, particularly as the ongoing skills shortage pushes companies to explore new ways of gaining key security capabilities.

Microsoft was patching a compromised Office flaw amidst revelations that Outlook 2016 has been sending plaintext copies of encrypted content for the past 6 months.