The week in security: Security fatigue bites users, CISOs as IoT exploits soar

There were concerns that enterprises were focusing too much on protecting themselves from sophisticated attacks and leaving themselves open to attackers utilising common techniques, while some analysts were warning that the incessant focus on security was causing password and security fatigue for users and CISOs alike. Little wonder many companies are keen to phase out passwords completely.

Even as the massive Yahoo data breach provided clarity for experts trying to pin down the cost of a data breach – which may, Verizon warned, include downgrading the purchase price for the company. Yahoo was also in hot water as legislators called for answers about its email surveillance program run in conjunction with the FBI.

The US government handed down its investigation into the massive Office of Personnel Management (OPM) breach, while thousands of online shops were being compromised for credit-card theft and a US-Indian business was charged with scamming consumers to pay for tech support they didn't need.

One security and scalability-minded CEO was lauding the continuing role of the mainframe in modern computing infrastructure. Also gaining continuing support was communal measuring-tools aide BSIMM, which is attracting a younger membership.

WikiLeaks dropped another collection of emails allegedly sourced from a Hillary Clinton staffer, while payments network SWIFT was dealing with the discovery of a second hack that led the G7 to jump into action and publish updated guidelines for protecting the global finance sector.

With Internet of Things (IoT) security proving elusive and devices regularly being compromised to help attackers target e-commerce and other sites at a record pace, European authorities are drafting new IoT security regulations to boost consumer confidence.

This, even as there were warnings that attackers were exploiting a 12-year-old bug to launch attacks, and that users could be spied upon by their own Apple Watches. Indeed, there are as many IoT security threats as there are IoT devices – which has driven road builders to closely consider the implications of broader sensor usage in the way they build roads into the future.

There were warnings that many 1024-bit encryption keys may have been based on prime numbers that intentionally created backdoors in a way that cannot be detected. Certificate issuers StartCom and WoCom were shaking up their management in the wake of findings that they had mis-issued a number of digital certificates.

American Civil Liberties Union claims suggested that Facebook, Instagram, and Twitter had been using a monitoring tool to give police data for tracking protesters. Russian president Vladimir Putin denied that his country is behind US election-related hacking.

Join the CSO newsletter!

Error: Please check your email address.

Tags security fatigueemail surveillanceverizonwikileaksIoTmalwareCSO AustraliacyberattacksYahoo data breachOffice of Personnel Management (OPM)passwordsecurityDavid BraueCISOfbi

More about AppleFacebookFBITwitterVerizonYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts