The week in security: CSO-CEO relationships reviewed as hackers run riot
- 23 June, 2014 14:38
Even as the importance of privacy protections was reinforced by a survey suggesting people won't sacrifice their online privacy, some suggested that Target had the wrong reporting infrastructure in place by having its CSO reporting to its CIO rather than its CEO.
This issue remains a contentious one, with one IBM strategist arguing that CSOs need to engage executives in the security “team sport” to better keep up with changing security threats – and the head of the ANZ Bank's cybersecurity efforts sharing his experience inculcating a security culture within the highest echelons of that organisation.
Meanwhile, a FireEye expert believes that the real key to ensuring a strong defence is having a stronger focus on real-world testing. This sort of thing requires better security skills, however, with the NSA reportedly having no problem filling cybersecurity jobs.
Symantec shuttered its second attempt at cloud-based file storage and declared it was going to refocus its efforts in other areas. Little wonder: cloud security continues to scare many people and the cloud-storage game is getting trickier and tricker, not the least because of developments like a tool that can collect iCloud backup files without even knowing a person's Apple ID.
Also notching their belts were hackers who stole 650,000 customer records from Domino's Pizza, then sent a mocking ransom demand. Others hacked a Synology NAS device to generate Dogecoins cryptocurrency, while many popular HTTPS sites were still vulnerable to the recently discovered OpenSSL connection hijacking attack. Google pushed out a patch for an OpenSSL vulnerability, while Microsoft was doing the hackers' job for them after a Patch Tuesday fix broke Office 2013 for thousands of users, and revelations confirmed that maliciously crafted files can disable Microsoft security products.
Yet there were also successes on the part of those working against hackers: a UK student developed an antidote for the Simplocker Android-based file-encrypting ransomware, even as researchers debated whether the TowelRoot Android tool was designed for friends or foes. Yet there was little doubt in the motivations of some malicious apps found in the Google Play Store, which would steal credentials used by Amazon Web Services developers.
A government-backed PAS 754 'software trustworthiness' standard was launched to help organisations avoid software failures, while British spying centre GCHQ said it would share technology with private companies and Europe's highest court will review personal data exchange between the European Union and United States.
Apple and Cisco Systems weighed in on Microsoft's side in the fight against a US warrant for email that has been stored overseas. Yet even as the US House of Representatives voted to limit the US National Security Agency's (NSA's) ability to search US records, British spies were apparently allowed to intercept Google and Facebook traffic. Yet with new standards like HTML5 posing new security concerns and internal risks like DNS servers still sitting ducks inside many organisations, warrants may be the least of many organisations' concerns.