The week in security: Revisiting security defences as breaches, BEC losses mount

Even as the US FBI warned that business email compromise losses had hit $US12 billion and were continuing to grow, Ticketmaster was warning customers about a payment-card hack after the compromise of a chat-bot tool led to a high-profile compromise.

This sort of event has become more common, highlighting the importance of having an adequate defence against advanced persistent threats (APTs) and consideration of defences against corporate espionage.

Effective security starts from the inside, of course. Yet with small and medium businesses (SMBs) still struggling to get up to speed with adequate security solutions, the message quickly gets more complicated – even around seemingly uncontroversial tools such as single sign-on (SSO) platforms.

Support from the judiciary could help simplify things, with the UK set to open a court in London that specialises in cybercrime.

Insurance-industry support is also proving valuable, with the EU GDPR and other new compliance requirements driving businesses to consider new ways of protecting their data and their insurance cover.

Yet even as businesses get more options for protection, they also face new threats such as the continuing evolution of complex Internet of Things (IoT) security issues.

IoT has followed, conceptually at least, in the footsteps of cloud computing – whose rapid emergence and evolution has created new security issues as quickly as customers can adopt it.

There were warnings about the adequacy of the security in new WPA3-certified routers, which provide an incremental improvement to data security.

Those seeking to improve security should perhaps consider reading up on tactics for better securing cryptographic keys. And, Microsoft argues, they should also consider upgrading to Windows 10 – which the company credits with stopping a ‘double zero-day exploit’ before anybody was infected.

Mozilla will trial the HaveIBeenPwned data breach search tool, while Chrome 67 users were automatically getting defences against the Spectre vulnerability.

And GitHub, for its part, expanded its Ruby and JavaScript security alerts to Python, which will be automatically checked for known vulnerabilities.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags mozillaTicketmaster

More about EUFBIMicrosoftMozillaTicketmaster

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by David Braue

Latest Videos

More videos

Blog Posts