The One IT Security Issue That Too Many Media Are Totally Missing

Posted by Gerd Meissner

Jun 8, 2017

Tumbnail Illustration: InfoSec Luminary Lineup: The One IT Security Issue That Too Many Media Are Totally Missing - Authentic8 BlogSECURITY, NEWS

Did you notice how some journalists ask one particular question at the end of an interview? It’s usually a good sign: "Is there anything I didn't ask you but should have?"

This question indicates curiosity to go past the obvious talking points. It shows the interviewer’s openness to considering new angles. We decided to rephrase and broaden that question and pose it to our InfoSec Luminaries:

"What's the one IT security issue that you wish journalists would cover more or better, and why?"

No media bashing or gripe-airing intended here. Reporting on IT security, computer crime, data protection and privacy - and getting it right - is tough enough. It looks like more fun from the outside (if you’re not  doing it yourself ) than it actually is. We get it.

But even those in the industry who enjoy stellar media coverage can point to an issue or two that deserves more attention than it is actually getting.

The premise of this Lineup was to highlight aspects that rarely make it on page 1 of the Daily Data Breach. Perhaps we can even seed one or two story ideas. In any case, all our contributors welcome your questions if you’re a journalist covering the industry and looking for expert input or a fresh perspective on a related topic.

Illustration: InfoSec Luminary Lineup Discussion: The One IT Security Issue That Journalists Should Cover Better Or More

At Authentic8, for example, we would like to see more light shed on the web’s inherent security weakness, for better general awareness of what's needed to better protect ourselves. Below, our InfoSec Luminaries highlight the IT security issues that they think could otherwise get lost in the shuffle.

The submissions cover a broad range this time. They address gender aspects and the human element (Daniel Garrie/ Masha Simonova, Eric Vanderburg). They offer facts and insights for less dark (Fred Scholl) and more diligent (Benjamin Wright, Mike Baukes, Pete Kofod) reporting.

Another one highlights an upcoming regulatory requirement that will have a significant global impact (Steve Durbin). And we close this round with a practical reminder that WiFi connections always warrant a second look - for all of us, but for journalists in particular (Joseph Raczynski).

On that last note, check out these posts on how to secure a WiFi connection when traveling and why Stealing Data Over WiFi Is Easier Than You Think.

PS: Do you have something to add or would you like to be included in future InfoSec Luminary Lineup discussions? Connect with us through one of the links at the top of this page or use the comment form below.

Topics: News, Security

ISPs & Privacy: Why it Matters, and How to Cover Your A$$

Posted by Scott Petry

Apr 5, 2017

Illustration: ISPs & Privacy: Why it Matter, and How to Cover Your A$$NEWS, POLICY

Both the US Senate and the House of Representatives have cleared the way to remove privacy rules for internet service providers (ISPs) like AT&T, Charter, Comcast and Verizon. The President  signed the executive order to repeal these rules, which were originally put in place by the FCC in 2016 to protect consumers on the web. 

Topics: News, Policy

Book Review: What They Really Do With Your Medical Data

Posted by Scott Petry

Jan 28, 2017

Thumbnail: Book Review: What They Really Do With Your Medical Data - Illustration for Authentic8 blog review of Our Bodies, Our Data by Adam TannerSECURITY, IDENTITY, NEWS

Happy Data Privacy Day.  A new book provides an in-depth look at the commercial trade in patient medical data.  Sensitive data, a vibrant market, and not much cause for celebration.

*

A while ago, I wrote about the wave of data breaches at healthcare organizations and medical identity theft that is impacting millions and what we can do to protect ourselves better.

One of the readers of that post was acclaimed journalist Adam Tanner, who has reported on data collection and consumer privacy since 2012.

Adam and I have had an ongoing discussion on data privacy and security matters since we met a few years ago.  He was covering the issue for Forbes, and I had a chance to brief him on our secure browser solution.

A few weeks ago, he kindly directed my attention to an unknown - to me, at least - aspect of our personal medical records.

Topics: News, Identity

Industrial Control Systems Under Attack: Secure Browser, Anybody?

Posted by Scott Petry

Jun 28, 2016

Illustration: Blog Post Industrial Control Systems Under Attack - Secure Browser, Anybody?SECURITY, NEWS

The primary threats against Industrial Control Systems (ICS), the computing infrastructure at the heart of utilities and manufacturing plants, come from secret agent style espionage like you see in the movies, right? Wrong.

***

Remember the “Stuxnet” attack that sent the centrifuges in Iran’s Uranium enrichment plant into a self-destructive spin? In that attack, a USB stick was used to cross the security “air gap” of that unconnected computer, and drop malicious software on the (Windows-based) Siemens control units.

Now, attackers targeting critical infrastructure don’t even need to drop a USB stick in the parking lot. They can simply rely on employees opening a phishing email, or visiting a compromised website. That’s all it takes for a motivated outsider to wreak havoc, steal data or lock down critical ICS processes with ransomware.

Topics: News, Security

Must-Have Features of a Secure Virtual Browser

Posted by Gerd Meissner

Jun 21, 2016

Illustration: Whitepaper Cover - Why a Virtual Browser is Important for Your EnterpriseSECURITY, POLICY

How did the local browser become the “security sinkhole" of today’s enterprise? And, more importantly, what’s the alternative ? How can enterprise IT leaders protect their infrastructure against web-borne threats, without putting productivity at risk by restricting web access?

Topics: News, Security

Monthly News Roundup - December 2015 (TL;DR)

Posted by Drew Paik

Jan 1, 2016

2015-12-31_GCluley.png

NEWS

This month we learned that Microsoft’s browser is vulnerable and many people’s Java has security flaws. No, you haven’t traveled back in an infosec time machine. These old-fashioned headlines came back in a new way this month. Oh, and a mere 191 million people’s personally identifiable information was exposed online. Check out those stories plus much more in our December 2015 news roundup:

Topics: News

Monthly News Roundup - November 2015 (TL;DR)

Posted by Drew Paik

Dec 1, 2015

2015-11-30_SCMagazine.pngNEWS

This month we learned about a host of newfangled malware and hacks that compromise everyday websites, online ads, hotel chains, and British tabloids. Plus, State Department employees recently found out that their love of Facebook made them vulnerable to the Axis of Evil. Check out November’s biggest infosec headlines, below:

Topics: News

Monthly News Roundup - October 2015 (TL;DR)

Posted by Drew Paik

Nov 1, 2015

NEWS

October was Cybersecurity Awareness Month and look what we got you: A collector’s edition of this month’s news highlights. Network World also did a product overview of Silo.  According to the headlines, social engineering is on the rise, Flash remains vulnerable, and organizations that shouldn’t be hacked, are. Here’s a look back at October’s biggest infosec news:

Topics: News

Trojan Shmojan (or) How to undermine the world’s greatest digital security threat

Posted by Drew Paik

Oct 12, 2015

2015-09-29_FBI

NEWS

Late last month, a US federal court judge sentenced a Russian cyber criminal Dimitry Belorossov to four-and-a-half years in prison. Apparently, the not-so-nice Mr. Belorossov was guilty of using a computer virus to steal money from unwitting victims. His hacking tool of choice was a software program called Citadel. Citadel is a kind of malware known as a Trojan. It fools victims into giving criminals user IDs and passwords. It can also steal other other important information a user types into their device when they’re online.

Topics: News

Monthly News Roundup - September 2015 (TL;DR)

Posted by Drew Paik

Oct 1, 2015

2015-10-01_DarkReading

NEWS

International hacking was a big theme among this month’s headlines. In addition, we learned about the new dangers of router firmware and Apple’s not-so-secure app approval process. Network World also did a product overview of Silo. Those stories and more in the September InfoSec news roundup:

Topics: News