What’s happened? British Airways is facing a record fine of £183 million, after its systems were breached by hackers last year and the personal and payment card information of around 500,000 customers were stolen. 183 million quid!? That sounds huge! Yes, it’s the biggest fine ever handed out by the UK’s Information Commissioner’s Office (ICO).
Due to the revolution of the internet, cyber-attacks on unsecured networks are increasing tremendously and organizations are on the verge of data breaches. Securing proprietary information, Personally Identifiable Information (PII), or any other sensitive data have become a daunting task. Preventing business disruption, information theft, and reputational loss is necessary to thrive and survive in the competitive industry.
Level Setting on Tech Companies Let’s start by defining what a technology company is. Think hardware, software, and technology service companies who are creating a form of technology that others can purchase and utilize. Some of the biggest and most popular players in this space that may come to mind include Facebook, Microsoft, IBM and Google. These companies provide pure technology to their consumers for a price. Though common, the sector is not limited to these types of companies either.
Compliance with the Payment Card Industry Data Security Standard (PCI DSS) and its 281 directives can be a time-consuming hassle. Fortunately, there are ways to minimize your PCI DSS scope, saving time and resources for your organization and auditor, and ratcheting down your stress levels. Larger organizations—those processing more than 1 million credit-card transactions annually—may need two years to reach initial PCI DSS compliance.
Speed and security. Old-fashioned thinking contended that the two were incompatible; that high-velocity development and deployment of apps and software services invariably introduced higher levels of risk. However, it has become increasingly apparent that speed is a necessary aspect of security. The stakes are sky-high, with some estimates projecting that the annual cost of cybercrime losses and damage will reach $6 trillion by 2021.
According to Google, Ryuk is ‘a fictional character in the manga series Death Note’. I have no idea what this is, but I imagine it’s significantly less interesting than the Ryuk ransomware campaign that’s currently hitting businesses right across the world. The UK’s NSCS is investigating such campaigns and has recently published an advisory on it, and we’re no strangers to Ryuk at Bulletproof either.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. Well, I hope everyone’s recovered from the annoying network outages this week. I’m not going to talk about that, instead here is something to bring other annoyances: How UI done badly can be really bad… People are people, and while there are often oversights in locking down systems, they often still fall prey to moments of madness which starts a chain towards disaster.
An industry that is worth more than $2 billion, SIEM keeps growing and evolving. The first instances of SIEMs appeared as descendants of numerous security technologies: LSM, SIM, SLM/SEM, SEC and such. The earliest versions were so limited that they were barely able to scale across large companies and were rather slow. They also needed huge teams to manage thus raising the costs ever-higher. However, SIEMs have changed greatly since.
Identity verification has progressed drastically with the infusion of technology over a period of time. Currently, identity verification depends on physical and digital proof managed by a central authority which includes verification of valid documents like passport, driver’s license, OTP etc. However, the processes and identity parameters vary from country to country making it extremely difficult to standardise the verification process.
If you are a security practitioner, then you may have noticed that much of the security industry exists because of vulnerabilities. Regardless of what job position you occupy, vulnerabilities are oftentimes the reason why you wake up every morning and ultimately engage infosec from within your cutting-edge working environment. Vulnerabilities will continue to arise; this is a fact of the environmental change that goes with any business or organization.
