Week in review: Marriott data breach, GDPR’s impact, HITBSecConf2018 Dubai

Here’s an overview of some of last week’s most interesting news and articles:

The fundamentals of network security and cybersecurity hygiene
The two fundamental building blocks to ensuring that your data is secure are physical infrastructure and network security. Understanding and protecting your information from threats and human error require meticulously layered security protocols.

Cybersecurity 2019: Predictions you can’t ignore
The good news: advanced security technologies are constantly being brought to market. The not-so-good news: threat actors are not letting that get in the way; witness more intensified and ever more sophisticated attacks.

Industry reactions to the enormous Marriott data breach
On September 8, 2018, Marriott received an alert from an internal security tool regarding an attempt to access the Starwood guest reservation database in the United States. Marriott engaged security experts to help determine what occurred, and learned during the investigation that there had been unauthorized access to the Starwood network since 2014.

Blind spots and how to see them: Observability in a serverless environment
Relinquishing infrastructure control to the provider creates a new set of risks for both development and security teams, including several major blind spots that traditional security toolsets are not able to capture.

GDPR’s impact: The first six months
GDPR is now six months old – it’s time to take an assessment of the regulation’s impact so far. At first blush it would appear very little has changed. There are no well-publicized actions being taken against offenders. No large fines levied. So does this mean its yet another regulation that will be ignored? Actually nothing could be farther from the truth.

Take cybersecurity into your own hands: Don’t rely on tech giants
Trusting solely in technology is never a good option.

Is security the real stuff of nightmares?
With more customer data gathered and stored than ever before, the risk of implementing a sub-par security strategy effects every level of the organisation. These are the three main things keeping CISOs up at night.

Why compliance is never enough
Being in compliance does not guarantee that a company has a comprehensive security strategy in place, as these are ultimately two fundamentally different disciplines.

For recent big data software vulnerabilities, botnets and coin mining are just the beginning
The phrase “with great power comes great responsibility” was excellent advice when Ben Parker said it to his nephew Peter, aka Spiderman. It is even more applicable to any organization using open source software to manage their big data analysis.

HITBSecConf2018 Dubai
Help Net Security was at the Hack In The Box conference in Dubai this past week, where there was no shortage of interesting talks and happenings.

Why you shouldn’t be worried about UPnP port masking
If your DDoS mitigations fail to protect against randomized ports, they aren’t sufficient mitigations in the first place, so the hype around UPnP Port Masking confuses the real issues around DDoS protection.

The current state of cybersecurity in the connected hospital
Abbott and The Chertoff Group released a white paper that shares key findings from a recent study of 300 physicians and 100 hospital administrators on cybersecurity challenges in the hospital environment.

Internal negligence to blame for most data breaches involving personal health information
Your personal identity may fall at the mercy of attackers on many websites, but when it comes to health data breaches, hospitals, doctors offices and even insurance companies are oftentimes the culprits.

7 trends driving enterprise IT transformation in 2019
Verizon Enterprise Solutions’ view of enterprise technology trends that are most likely to impact our global business and government customers in 2019.

ATM attackers strike again: Are you at risk?
The United States National ATM Council recently released information about a series of ATM attacks using rogue network devices. The criminals opened the upper half of the ATM and installed the device, most likely into the Ethernet switch. The device then intercepted the ATM’s network traffic and changed the bank’s “withdraw denied” response to “withdraw approved,” presumably only for the criminals’ cards.

Are we chasing the wrong zero days?
When it comes to critical infrastructure, unknown digital payloads and unidentified gaps in code may not be the easiest way for attackers to penetrate systems or to inflict damage. There may be an even more dangerous type of “zero day” in play — humans.