Things move fast in cybersecurity, and it’s always worth investing time to stay up-to-date on the state of the field. I’ve gathered 15 articles all about cybersecurity news and insights to provide some food for thought.
1. Joseph Steinberg—As “Legal Hidden Cameras and Microphones Proliferate, We Need Better Privacy Laws
Steinberg discusses the rising problem of hidden microphones. We’re not just talking about creepy guys with hoodies masking their faces, but major airlines and Google as well.
Interesting quote: “Is hiding a microphone within an electronic device that a user purchases really all that different from hiding one within a painting or sculpture sold [and] delivered to the same person – a technique that was leveraged by spies during the Cold War?”
2. Byron V. Acohido—Memory hacking arises as a go-to tactic to carry out deep, persistent incursions
A great article on how memory hacking works and why these attacks get past even the best layered defenses—you know, the defenses that companies spent $216 billion on over the last two years.
Interesting quote: “The concern on the horizon is that memory attacks will give threat actors a firm foothold to corrupt the smart homes, smart workplaces, and smart transportation systems that are coming [online] in the next few years.”
Samani points out that smart home tech is exploding. And it’s a hugely attractive attack vector for cybercriminals, these devices often have weak or nonexistent security controls.
Interesting quote: “The mobile ecosystem is continually changing. Operators and developers can get wise to tactics used by criminals but criminals will never give up in their pursuit for profit. If one door closes on them, they’ll just open another one.”
4. Adam Levin—The Cybersecurity Lessons Your Company Can Learn From A Sensational Police Misconduct Story
Levin uses a truly wild law enforcement story to demonstrate why companies should review the information accessed on their databases.
Interesting quote: “Law enforcement officers’ lives are on the line every day, and they regularly need to know who they’re dealing with fast. There is no time to ask for permission to access data that could drastically affect the outcome of a dangerous situation unfolding in real time. The presumption is that law enforcement officers will not abuse their access to data, any more than they might the power of a gun and a badge.”
Excellent reporting as always, Krebs reveals yet another Facebook security failure.
Interesting quote: “My Facebook insider said access logs showed some 2,000 engineers or developers made approximately nine million internal queries for data elements that contained plain text user passwords.”
Nice interview with Scott Schober that goes over some helpful security practices.
Interesting quote: “The odds are stacked against us but if we collectively worry less about admitting that we’ve been compromised and spend more time sharing knowledge, we all benefit.”
Morgan provides facts and figures that demonstrate why companies need to focus on insiders threats, whether they’re malicious or not.
Interesting Quote: “In Healthcare, 24 percent of cyberattacks are due to insider misuse – and for 13 percent of [that] type, employees attributed the breach to ‘curiosity’ – for example, if a celebrity had recently been a patient, according to a story in Becker’s Health IT & CIO Report.”
An insightful essay from Odlyzko that takes a truly critical look at the state of cybersecurity today.
Interesting quote: “The promise of real security was hollow. If there is anything that we can now regard as solidly established, it is that we don’t know how to build secure systems of any real complexity.”
9. Dell Cameron—It’s Scary How Much Personal Data People Leave On Used Laptops and Phones, Researcher Finds
The numbers really are scary. Cameron delves into the negligence many people show when it comes to old devices and personal information.
Interesting quote: “The pile of junk turned out to contain 41 Social Security numbers, 50 dates of birth, 611 email accounts, 19 credit card numbers, two password numbers, and six driver’s license numbers. Additionally, more than 200,000 images were contained on the devices and over 3,400 documents. He also extracted nearly 150,000 emails.”
Schober conducts a video interview with Eric Vanderburg on his cybersecurity and technology concerns.
Interesting quote: “Our level of complacency and dependence upon technology… We’ve seen throughout history that when cultures become somewhat complacent, they’ve been supplanted: the Syrians by the Babylonians, the Babylonians by the Persians, the Persians by the Greeks, the Greeks by the Romans, the Romans by the barbarians.”
Good article from Korolov that discusses the cybersecurity challenges introduced by many companies’ moving processes to the periphery.
Interesting quote: “Unfortunately, companies are often less security conscious when it comes to their edge devices, not more. For example, passwords used to access the devices are often simple or default passwords.”
A write-up of Andy Ellis’s (CSO of Akamai Technologies) talk at this month’s RSA Conference.
Interesting quote: “Organizations have ‘historical paranoia,’ where the focus is on not doing something that previously got someone else in trouble, without explaining why. In fact, if anyone asks for the reason, the question is dismissed.”
13. Benedikt Kammel, Demetrios Pogkas, and Mathieu Benhamou—These Are the Worst Corporate Hacks of All Time
A really cool interactive infographic that visualizes all the major hacks over the course of over a decade.
Interesting quote: “Technology companies, retail, and financial institutions are the most typically targeted industries, but healthcare providers and hotels have also suffered some high-profile hacks.”
14. Stéphane Nappo and Ludmila Morozova-Buss—“Know Thyself.” Ten Commandments for Cyber Resilience Strategy
The title says it all—Nappo and Morozova-Buss go over ten ways to improve your cyber resilience.
Interesting quote: “In essence, automation should NEVER create a function. In the aim of preserving corporate identity and user/customer experience, automation must be driven by a clear functional need and relevant compliance knowledge.”
In his article, Blaze discusses why you should always update your devices immediately, despite the threat of malicious updates.
Interesting quote: “To protect against the insidious threat of malicious updates, it might be tempting to immediately disable these mechanisms on your computers and smartphones. But that would be a terrible idea, one that would expose you to far more harm than it would protect against.”
What do you think?
These experts have offered a lot of ideas to consider. Which articles do you find the most thought-provoking? Which do you agree or disagree with? Let me know below.