CSO, from IDG, provides news, analysis and research on a range of security and risk management topics. Areas of focus include information security, data protection, social media security, social engineering, security awareness, business continuity and more.
"Alexa, (cough) what's the weather today? (sniffle)"
"The forecast for today is partly cloudy with a high of 56 degrees. By the way, I hear you have a cough. Are you interested in buying cough medicine or learning more?"
That's a possible scenario if Amazon follows through with its patent granted on Oct. 9, 2018. If that technology is built, there’s no reason for Alexa to stop with your request and also detect abnormal emotion states and serve up ads or other content based on that “emotional abnormality.”
After asking, “Alexa, what’s the weather today?” would you want your voice assistant to tell you, followed by whatever “winning audio content” was based on your real-time status? For example, would you want Alexa to follow up your weather report with “by the way, I hear you have a sore throat, are you interested in buying cough medicine or learning more?”
According to Amazon’s patent granted on October 9, there’s no reason to stop with detecting your real-time physical status when Alexa could also detect abnormal emotion states and serve up ads or other content based on that “emotional abnormality.”
It’s common in many organizations for network and security operations to exist in silos. This may have been OK a couple of decades ago when threats only came in through a single point and applications were vertically integrated. Today, however, the environment is completely different, as the cloud, mobility, Internet of Things (IoT), and other trends have fundamentally changed the security landscape. Consequently, finding the source of a breach has never been more difficult.
Security professionals need network data
Today’s CISOs and security architects need to think differently and turn to the network for a source of information. The world has become network-centric, and the network holds a wealth of valuable information that’s relevant to security. The problem is legacy network monitoring tools are designed for network teams, which prevents security professionals from being able to tap into that network information and extract the information they need.
Okay, so it’s October and that means it’s Cybersecurity Awareness Month. And, for the past four years, I have maintained that “cybersecurity is everybody’s business.” I maintain this is, in fact, the case. However, it’s clear that, for many of us, our responsibilities related to cybersecurity are, well, not clear.
According to newly released ISACA and CMMI Institute research on cybersecurity culture, only 34 percent of employees have a sound understanding of their role in their organizations’ security culture. While some may find this statistic startling, I see it more as sobering. It’s a stark reminder that a culture change does not happen overnight, and when it comes to cybersecurity, it comes as no surprise that 95 percent of respondents indicate a significant gap between the culture their organization desires versus the its current state. The ISACA and CMMI research also found that a lack of employee buy-in is the primary factor inhibiting a strong culture of cybersecurity. And a subtle irony of this is that employees are the weakest link in the cyber threat chain. However, as pointed out in a 2017 ENISA report, employees also offer the potential to “become robust human firewalls against cyber attacks.”
When it comes to protecting yourself and your organization against cyber scams, there’s no “one-size-fits-all” solution. As organizations and people alike continue to adopt new devices and technology, they’re opening themselves up to more opportunities for cybe rattacks. In order to effectively protect the valuable information that motivates cybercriminals, it’s important that we understand the different types of scams targeting us.
Understanding the Warning Signs of Modern Cyber Scams
Cybercriminals use a wide variety of scam tactics in order to gain access to a device or network, extort money, or steal valuable information. When it comes to understanding today’s threats and how to protect yourself and your organization against them, knowing the various ways they leverage social engineering tactics to trick users can go a long way.
Smart contracts are a key component of blockchains. These little slices of business logic are the self-executing code that enables developers to create the rules and processes that make up any blockchain-based application. However, while they have the potential to automate and simplify business processes, they are also the main target of any malicious actor looking to compromise such an application.
Despite Microsoft patching a zero-day vulnerability in its JET Database Engine, you are not fully protected. Researchers at 0patch warned that Microsoft’s official patch was “incomplete.”
The Zero Day Initiative first revealed the flaw which could lead to remote code execution in September after Microsoft failed to patch it within the 120-day disclosure timeline. Within 24 hours, 0patch released a micropatch as all versions of Windows contain the JET Database Engine.
The AV-TEST Institute recently tested the most popular Windows 10 client antivirus products on three primary criteria: protection, performance, and usability. Only five of the 18 products tested earned a perfect rating of 6 for each of those criteria: Bitdefender Endpoint Security 6.6 and Endpoint Security Elite 6.6, Kaspersky Lab Endpoint Security 11, Kaspersky Small Office Security 6, and Microsoft Windows Defender Antivirus 4.12 and 4.16. The top 13 antivirus offerings shown here in alphabetical order scored at least 17 points out of a possible 18.
The AV-TEST Institute recently tested the most popular Windows 10 client antivirus products on three primary criteria: protection, performance, and usability. Only five of the 18 products tested earned a perfect rating of 6 for each of those criteria: Bitdefender Endpoint Security 6.6 and Endpoint Security Elite 6.6, Kaspersky Lab Endpoint Security 11, Kaspersky Small Office Security 6, and Microsoft Windows Defender Antivirus 4.12 and 4.16. The top 13 antivirus offerings shown here in alphabetical order scored at least 17 points out of a possible 18,
The latest expose (thanks, Wall Street Journal) of the 500,000 accounts of Google+ users and the silence that Google maintained, despite having discovered and patched the bug back in March, triggered a thought process that culminated in this article.
One of the oft used acronyms when it comes to describing cybersecurity is CIA, which stands for Confidentiality, Integrity and Availability. It was developed as a security framework to provide a universal standard for evaluating and implementing cybersecurity regardless of the underlying hardware, software or organization. And it has served its purpose well – until recently. But before we go any further, let’s define the definitions of these terms.