Week in review: Hacking intelligent buildings, trust in critical systems under attack

Get a copy of the upcoming book "Secure Operations Technology"

Here’s an overview of some of last week’s most interesting news and articles:

The current state of USB data protection
The vast majority of employees rely on USB devices. In fact, nine out of 10 employees rely on USB devices today and 69 percent of respondents maintain that USB drives increase workplace productivity.

Macro-less word document attacks on the rise
Total malware attacks are up by 33 percent and cyber criminals are increasingly leveraging Microsoft Office documents to deliver malicious payloads.

Are there too many cybersecurity companies?
Ken Elefant, Managing Director at Sorenson Capital, recently spoke with several CISOs from major companies about their needs from specialized threat analysis and protection vendors and learned a surprising fact: these organizations averaged over 80 security vendors helping to protect them. That may sound like an enviable position; so many vendors providing protection for a company’s business efforts. But it signals that there is too much noise in the market.

Nation-state hackers are attacking our trust in critical systems
In the last few years, the lines between cyber criminals and nation-states have become increasingly blurry and it has become obvious that the private sector is not capable of handling cyber threats on its own, Chris Inglis, former deputy director of the National Security Agency, told the crowd at World Cyber Security Congress.

How Facebook’s data issue is a lesson for everyone
Many businesses have grown weary of hearing about the major impact that GDPR will have on their operations – but this is no time to be complacent. Had the Facebook incident taken place after GDPR’s implementation on 25th May, the company would have been liable for a much more sizeable fine, up to 4% of its revenue.

Analysis of 560 incidents demonstrates need for cyber resilience
Recognizing that entities need a source of reliable information on what actually happens during an incident, the BakerHostetler Privacy and Data Protection team published the 2018 edition of its Data Security Incident Response Report, which contains statistics and insights based on more than 560 data security incidents managed by the firm in 2017.

Digital innovation held back as IT teams firefight security threats
European IT professionals working in financial institutions on both the buy-side and sell-side believe that insufficient cybersecurity strategies combined with reacting to other daily struggles is preoccupying too much of their time.

Gang leader behind malware attacks targeting 100 financial institutions arrested in Spain
The leader of the crime gang behind the Carbanak and Cobalt malware attacks targeting over a 100 financial institutions worldwide has been arrested in Alicante, Spain.

Hacking intelligent buildings using KNX and Zigbee networks
A great many of us are living, staying or working in “smart” buildings, relying on automated processes to control things like heating, ventilation, air conditioning, lighting, security and other operation systems. We expect those systems to work without a glitch and withstand attacks but, unfortunately, the security of these systems is still far from perfect. A group of researchers from Tencent Security Platform is getting ready to demonstrate just how imperfect it is at the Hack in the Box Conference in Amsterdam.

Organizations blame legacy antivirus protection for failed ransomware prevention
Behind employee carelessness as the primary cause (56 percent blamed this), failed legacy AV protection is viewed as the leading factor in successful ransomware attacks.

Businesses suspect their mobile workers are being hacked
More than half (57%) of organisations suspect their mobile workers have been hacked or caused a mobile security issue in the last 12 months, according to the iPass Mobile Security Report 2018.

Do you have what it takes to withstand modern DDoS attacks?
As the latest record DDoS attack hit GitHub and threatened to overwhelm its edge network, the popular Git-repository hosting service quickly switched to routing the attack traffic to their DDoS mitigation service.

Experiences and attitudes towards cloud-specific security capabilities
Dimensional research conducted a survey of IT professionals responsible for cloud environments. The survey, which is comprised of data collected from over 600 respondents from around the world, provides an overview of experiences and attitudes in regards to cloud security.

Phishing, malware, and cryptojacking continue to increase in sophistication
Attacks such as ransomware are becoming a worldwide threat and are seamlessly bypassing legacy security solutions because organizations are neglecting to patch, update, or replace their current products.

Crypto mining runs rampant in higher education: Is it students?
The higher education sector exhibited a startling increase in potentially damaging cryptocurrency mining behaviors, according to Vectra.

Consumers worry that small privacy invasions may lead to a loss of civil rights
A new report by The Economist Intelligence Unit (EIU) shows that consumers around the world perceive wide ranging risks in how their personal information is collected and shared with third parties. They want greater transparency and control, as well as commitments from government and industry to protect privacy.

You can’t hide from this top trend at RSA Conference, no matter where you operate
If you’re among the 90% of IT professionals that believe GDPR will be difficult to achieve, you might be in luck. A quick look at the RSA Conference agenda and you’ll see a plethora of options to “get smart” on the topic before May 25.