ISMS.online News Roundup – 10th October 2019

Welcome

Twitter apologises over misusing data; hacked mailing list email gives users advice; British Airways customers can now sue; tips for protecting passwords; and more in this weeks edition of ISMS.onlines cyber and information security news roundup.

Understand how hackers work

In this brilliant article for Mozilla’s blog, they debunk stereotypes of what a hacker is as data breach hackers usually start by attacking organizations rather than specific individuals, their goal is to get information from as many individuals as possible in order to make money by using, reselling and exploiting data.

Read the full article here.

Should Schools Teach Cybersecurity?

In this fascinating article for What Mobile, Jonny Mackley explores how today’s schoolchildren have been raised around technology so it is important that they are given the necessary skills to keep them safe when it comes to browsing the web for both recreation and work.

Read the full article here.

How to become a cybersecurity titan

There has been a recent boom in technologies, from cloud platforms to voice-activated devices, that are slowly reimagining how we work. Laura Mullan investigates, in this wonderful article for Gigabit, how to keep your business secure from risks and threats that arise with these innovations as well as, from a cybersecurity point of view, what this entails.

Read the full article here.

A cybersecurity expert says you can take these steps to make sure your accounts aren’t ‘low-hanging fruit’ for hackers

Often cyber-attacks hit people who have not taken basic steps to protect their accounts, leaving them easy targets for hackers. While it’s impossible to predict if you’re going to be the target of a cyberattack, with a few simple changes you can dramatically reduce one’s chances. Aaron Holmes outlines some expert-recommended actions to avoid the traps that may compromise your accounts and sensitive information in this brilliant article for Business Insider Australia.

Read the full article here.

Challenges and Pitfalls of DIY Cybersecurity

Organizations want their networks and information to be secure more than ever. While most fall within regulatory or compliance frameworks that require a certain level of cybersecurity. Nevertheless, building and maintaining successful cybersecurity is challenging as well as expensive. In this insightful Security Boulevard post, Tony Bradley discusses if it is possible to create your own cybersecurity system and whether you should or not.

Read the full article here.

U.S. Companies Unaware Of EU Cybersecurity Regulations

In this insightful article for Forbes, Jody Westby explores why U.S. companies have been concerned about GDPR compliance requirements as U.S. businesses are largely unaware of the EU’s cybersecurity regulatory behaviour. Westby continues by describing the U.S. market and the regulatory bodies response to this.

Read the full article here.

Why a Cybersecurity Assessment Needs to Be Part of Your M&A Due Diligence Checklist

In our new, hyper-competitive world, mergers and acquisitions are a vital part of doing business, and of all the considerations that go into the valuation of a transaction, cybersecurity should be of utmost importance. Adeeb Rashid examines how doing due diligence while finalizing M&A transactions is so important for business and security leaders, in this insightful Security Intelligence article.

Read the full article here.

NCSC plans new approach to Cyber Essentials

The National Cyber Security Centre intends to turn over its Cyber Essentials program to the IASME Consortium next spring. Mark Say explores what this transition entails or what this could impact in this brilliant article for UKAuthority.

Read the full article here.

Hackers breach Volusion and start collecting card details from thousands of sites

In this excellent ZDNet post, Catalin Cimpanu explains how hackers have infiltrated Volusion’s network, a supplier of cloud-hosted online stores, and distribute malware that tracks and exploits users ‘ online payment card details.

Read the full article here.

Who Are Your IT Stakeholders? Different Projects Need Different Players

Dave Doucette discusses why centralized departments, college-level executives and academic technologists should all have a presence in campus IT projects, in this insightful article for EdTech Magazine. Doucette goes on to explain how different educational stakeholders need to be involved in order for these efforts to be successful, as well as how IT administrators may need clarification to recognize who should be included in project planning.

Read the full article here.

Number of Girls Applying for British Cybersecurity Courses Surges

In this fantastic article for Infosecurity Magazine, Sarah Coble reports on how Britain’s National Cyber Security Centre announced a substantial increase in the number of young women applying to cybersecurity programs as girls ‘ submissions to CyberFirst summer courses at the NCSC rose by 47 per cent in comparison to last year.

Read the full article here.

The Worst Threat to Business Data Security: Employees

In this brilliant article for PCmag, Eric Griffith outlines the findings of a new Data Exposure Report which, while information security professionals may believe that employees are the best line of defence, found that they are the most troubling risk for infosec, along with infographics of the reports other findings.

Read the full article here.

Consumers Warned over Thomas Cook Phishing Sites

In this fantastic article for Digit, Ross Kelly discusses how more than 50 fake websites have been set up in the aftermath of the collapse of Thomas Cook. Many of them seem to be cybercriminals exploiting the organization’s former customers and employees.

Read the full article here.

Facebook encryption: Should governments be given keys to access our messages?

UK, US, and Australian governments have urged Facebook to overturn their plans to introduce end-to-end encryption to its platforms in an open letter on Friday. This is the latest in a long dispute between privacy and security that has been going on between governments and tech firms since digital communication became a mass market. Jane Wakefield asks what is end-to-end encryption, in this wonderful article for the BBC, and why has this only become a problem now?

Read the full article here.

Andrew Yang: Our data should be a property right, new proposal says

2020 presidential candidate Andrew Yang released a policy proposal this week that calls for personal data to be regarded as a property right, as technology companies are currently capable of collecting, repackaging and selling data of individuals with hardly any oversight. Stephen Johnson details what the proposal includes and what it might entail if it were implemented, in this terrific article for Big Think.

Read the full article here.

Toms Shoes’ Mailing List Hacked to Tell Users to Log Off

Joseph Cox explains, in this excellent Motherboard article, that one hacker breached the retailer’s TOMS Shoes mailing list on Sunday to send a message telling users it’s time to log off. Cox goes on to interview the hacker and detail the organisation’s reaction.

Read the full article here.

Police Scotland Issues Ransomware Advice Amid Growing Concerns

Due to various ransomware attacks on local authorities in Florida capturing headlines earlier this year as they agreed to pay large sums of money to recover their information ; Ross Kelly outlines how Police Scotland now provides valuable guidance on how to identify the signs of a possible ransomware attack as part of an effort to raise awareness of cybersecurity, in this fantastic article for Digit.

Read the full article here.

Twitter apologises for using personal information to advertise to users

Paul Hill reports, in this terrific article for Neowin, on how Twitter has issued an apology for using users ‘ personal data to target ads to them. Hill also explains how the social media company stated that none of this information was exchanged with any other third parties.

Read the full article here.

British Airways Customers Given Go-Ahead to Join Class-Action Lawsuit

The High Court has authorized for passengers affected by the 2018 data breach of the airline British Airways so that they can now enter a class-action lawsuit against the company. Dominique reports, in this wonderful article for Gigit on what this means for the half a million customers impacted.

Read the full article here.

Reusing passwords could be putting your business at risk of attack

Password sharing and reuse is still a prominent issue in the business world by a significant margin. Poor employee password hygiene causes the majority of hacking incidents that occur in the business world. Sead Fadilpašić investigates the findings of the third annual Global Password Security Report, from which this information comes, and which companies are at the highest risk, in this brilliant article for ITProPortal.

Read the full article here.

SplashData’s Top 100 Worst Passwords of 2018

John Hall investigates SplashData’s eighth annual list of the Year’s Worst Passwords, in this excellent post for TeamsID. Over 5 million passwords leaked on the Internet were analyzed in the study, the company found that computer users tend to use the same common, easily guessable passwords.

Read the full article here.

 

This Week on Twitter

Achieve your information security goals with us

ISMS Online Rating: 5 out of 5
Share This