ISMS.online News Roundup – 24th October 2019

Welcome

The NCSC releases their third annual review and its takeaways; the newspaper that sacked its director of information security; how cybersecurity can learn from popular culture; are your virtual home assistants listening to you; and much more in this weeks edition of our information and cybersecurity news roundup!

The NCSC Annual Review 2019

This week, the NCSC published its third annual review. The report looks back on trends and highlights of the past year, as well as insights from people at the centre of the NCSC campaign to make the UK the best place to live and work online.

Read the full report here.

As it’s Cyber Security Month, we’ve created this brilliant infographic detailing the top breached passwords of 2018, as reported earlier this year. Passwords are essential in protecting your data from outside threats and yet in our professional and personal life, we often rely on names and dates familiar to us in order to generate passwords.

See if yours is on the list here.

How to develop an Asset Inventory for ISO 27001 – A pragmatic approach

 

If you are adopting an asset-based information security risk assessment for ISO 27001:2013, (as well as the ISO 27001:2017 updates) and experts agree it is a robust and pragmatic risk methodology to adopt, then you will be relying on a thorough inventory of all assets in the scope of your information security management system.

Read the full post here.

The Future of AI & Cybersecurity

While AI and machine learning is a valuable asset for information and cybersecurity, the same can be said for its use in attacks on our systems. In an informative piece, Professor Ben Azvine looks at both sides and looks at what we can do as a response to threats.

Read the full article here.

Stolen staff data could be your biggest security weakness

Employee data such as corporate email addresses are exploitable targets for cyber criminals and are still not being taken seriously in this article by Danny Palmer. While companies are more worried about the safety of customer data, considerations should be directed internally also.

Read the full article here.

Shadow IT: A Business Risk or Competitive Advantage?

This past week, Entrust Datacard released a new study detailing how introducing strategies that enable your staff to choose their work experience could lead to higher efficiency, better retention of staff, and increased leadership confidence. In this interesting Government Technology article, Dan Lohrmann discusses what shadow IT is and whether it is a benefit or a business drawback.

Read the full article here.

EU Cybersecurity Certification Schemes Will Surprise U.S. Businesses

In this excellent Forbes article, Jody Westby discusses that, with the EU seeking to take the international lead on cybersecurity, many U.S. companies will be shocked at how the EU Cybersecurity Act, that came into effect earlier this year, can affect them and impede their ability to trade on the EU market.

Read the full article here.

How does Manufacturing Industry Need to Address Cybersecurity Threats?

Manufacturing industries are becoming more vulnerable to cybersecurity threats as investments in production networks incorporating connected devices increase their susceptibility to cyberattacks.  Charles Garst investigates how manufacturers strive to make cybersecurity an integral part of their spending on information technology, in this inciteful article for The Market Jury.

Read the full article here.

3 Things MSPs Can Learn About Cybersecurity from Game of Thrones

Rob Simopoulos explains how a recent report revealed that MSPs in the U.S. are at risk of losing their small business clients if they do not supply their consumers with affordable, robust technology strategies in this brilliant article for Channel Futures. Simopoulos continues to explore three things that MSPs can learn from Game of Thrones about cybersecurity to avoid a bad ending.

Read the full article here.

Cybersecurity: Hostile nations responsible for ‘significant’ number of attacks against UK organisations

Danny Palmer explains how, in this brilliant article for ZDNet, the NCSC annual report revealed the number of incidents that it had to assist companies with over the last 12 months, as well as suggesting that nation-state hackers are a major source of this.

Read the full article here.

NSC Makes Cyber Security For Space Industry ‘Top Priority’

In this fascinating article for Breaking Defense, Theresa Hitchens discusses how under a new public-private arrangement, multiple US departments, such as the National Security Council and NASA, will communicate analyzes, alerts, and future responses to cybersecurity risks to the industry on satellites and ground stations.

Read the full article here.

The Cybersecurity Threats That Keep K–12 CIOs Up at Night

From phishing and ransomware, schools are not safe from cyberattacks, K–12 IT administrators have much to consider. Jennifer Zaino discusses in this brilliant article for EdTech how there are many approaches can assist in protecting schools.

Read the full article here.

Cyber chief: The IoT could provide a model for improved internet security

In this insightful post For ZDNet, Danny Palmer explores how no one expected the problems of hackers and cyberattacks could cause when the internet was created, and now that we know better, Ciaran Martin of NCSC suggests we must prepare for it.

Read the full article here.

Privacy legislation: The road ahead

In this brilliant article for CSO magazine J. Trevor Hughes investigates how the rate of change in US privacy laws and the technology they aim to control is only increasing and the need for a cohesive approach to preserving user personal data.

Read the full article here.

What infosec pros can learn from Tony Stark

At a recent security conference in Toronto, global security strategist Aamir Lakhani likened information security pro’s to Tony Stark and his avengers. For those who like their movie analogies, Howard Solomon has delivered an interesting article right here.

Read the full article here.

Fake WordPress plugins again allowing hackers into unsecured sites

In this fascinating article for TechRadar, Anthony Spadafora investigates how a recent study found that cybercriminals use fraudulent plugins to gain access and maintain a hold on WordPress pages, hiding in plain sight and serving as backdoors. Researchers found that the plugins will only reveal their existence to an intruder if they use a GET application with specific parameters such as initiation activity or test key to access the website.

Read the full article here.

Ensuring network security in the 5G era

5G implementation is highly anticipated, but it also poses multiple network security issues because modern technology demands a quick, stable and robust network to maintain the momentum of innovation. Ralf Llanasas examines how new businesses and technology operating in the 5 G age may experience new security and privacy threats, in this excellent article for Gigabit.

Read the full article here.

Bombshell EU Report Warns Microsoft Likely Not GDPR-Compliant

The European Data Protection Supervisor today advised in a shocking document that Microsoft’s software may not conform with GDPR as used by EU organisations. Ed Targett explores the initial findings that accompany an inquiry launched by the EDPS in April, in this fantastic article for CBR Online.

Read the full article here.

Alexa and Google Home devices can be exploited to eavesdrop on users, phish passwords

Researchers at SRLabs have revealed how straightforward it is for hackers to take advantage of smart speakers that many homeowners have purchased to spy on conversations and even steal passwords and bank details. In this excellent story for Bitdefender, Graham Cluley explores how this was allowed to happen and what can be done to prevent it.

Read the full article here.

New York Times abruptly eliminates its “director of information security” position

Cory Doctorow reports on how the New York Times fired their senior information security director, in this thought-provoking article for BoingBoing.net, stating that there is no need for a specialized focus on the newsroom and journalistic security.

Read the full article here.

Can the new Government Chief Digital Information Officer accelerate change?

The UK Cabinet Office announced that it is on the lookout for a Government Chief Digital Information Officer (GCDIO). In this post for Open Access Government, Paul Jackson explains how this role could reform the government’s outdated systems and improve their cybersecurity.

Read the full article here.

NordVPN Breach: How Bug Bounty Programs Can Help And Resolve

Security experts focus on how NordVPN confirmed it was hacked by an old internal private key, in this article for InformationSecurityBuzz, as VPN services are becoming more popular due to their security claims. 

Read the full article here.

Log into Firefox’s new Privacy Protections Panel to see who’s following you, and how

In this interesting post for TechRadar, Cat Ellis reports on how Firefox 70’s release has launched a new feature designed to allow you to see more explicitly how companies are trying to track you across the internet, and what you can do about it.

Read the full article here.

This Week in Tweets

Here are the top tweets we have found from the world of cybersecurity using the hashtag #CyberSecMonth

ISMS Online Rating: 5 out of 5
Share This