The week in security: Taking humans out of the security equation
- 24 July, 2017 11:59
A major reshuffle of Australia’s government security structure had an impact on cybersecurity policy bodies, with encryption named a key concern in a move that’s sure to put the government at loggerheads with secure-messaging companies like Malcolm Turnbull favourite Wickr.
This, as IBM released a system to dramatically increase the use of encryption across enterprises. FedEx confirmed that some of its systems are still down after being hit with the Petya ransomware attack – serving as a reminder of the difficulties in snaring the malware and the need to remind employees about the indicators of a potentially damaging phishing attack.
Even as constant pressure from security firefighting makes them struggle to maintain visibility of potential threats, administrators should also be reminded about the key cloud-security controls they should have in place, with many obvious oversights often leading to inadequacies in corporate cyber defences.
Tools like Keeper and True Key can help reduce this exposure. Yet sometimes it’s not humans’ fault but governments’ fault, as in a Swedish disaster after a massive leak of military secrets and the country’s driver registry.
A hacker allegedly stole $US7.4m ($A9.5m) worth of Ether cryptocurrency, while in a separate incident hackers stole credit-card and other sensitive data about guests that stayed at 14 Trump hotels. Experts clearly know what they’re talking about when they say profit-minded hackers are a clear and present danger.
Google locked down OAuth after a Gmail phishing attack, while there were concerns after revelations that an Internet of Things (IoT) messaging protocol lacks encryption and adequate device authentication security. Meanwhile, a buggy shared library exposed millions of IoT devices to the ‘Devil’s Ivy’ flaw. That’s the sort of thing that keeps IoT entrepreneurs like Elon Musk up at night: his key priority is to prevent a fleet-wide hack of his highly-connected cars.
Apple patched a serious Wi-Fi exploit while a high-profile Dark Web takedown had many people asking about the difference between the Dark Web and Deep Web. It’s a reminder that everyone gets breached sometime – so you’ll need a response plan when it happens.
Finally, emerging use of artificial intelligence is highlighting the importance of large quantities of data to security. The technology is getting so good that pretty soon, your most important security expert won’t even be a person.