Here’s an overview of some of last week’s most interesting news and articles:
Worst passwords of 2019: Are you using one of them?
SplashData released their “Worst passwords of 2019” list, which includes the top 25 most dangerous and most commonly leaked passwords. In an interesting turn of events, password has for the first time in the list’s history been knocked out of the top two spots.
How Google applies Europe’s Right to Be Forgotten
Five years ago, after a landmark ruling of the Court of Justice of the European Union, Google began receiving, evaluating and acting upon requests to delist certain URLs appearing in search results.
Oil and gas industry risks escalate, cybersecurity should be prioritized
The oil and gas industry and its supply chain face increased cybersecurity risks from advanced threat groups and others as they continue to build out digitally connected infrastructure, Trend Micro reveals.
Windows 7 is reaching end-of-extended-support, what to do?
Windows 7, released in October 2009, was one of Microsoft’s big successes. Ten years later and despite its end-of-extended-support deadline being imminent (January 14, 2020), the popular OS is still in use on 27 percent of all desktop computers running Windows.
PCI Point-to-Point Encryption Standard 3.0 released
The PCI Security Standards Council (PCI SSC) has updated the PCI Point-to-Point Encryption Standard (P2PE) and supporting program. PCI P2PE Version 3.0 simplifies the process for component and solution providers to validate their P2PE products for cardholder data protection efforts.
The cybersecurity labor crunch highlights gaps in threat intelligence practices
In Greek mythology, Sisyphus, the King of Corinth, was punished by Hades by being forced to roll a huge stone up a hill, only to have it roll down again as soon as he reached the summit, and then have the process repeat ad infinitum. The Paradox of Sisyphus exemplifies the modern state of cybersecurity.
Most security pros admit to accidental internal breaches at their organization
44% percent of executives believe employees have erroneously exposed personally identifiable information (PII) or business-sensitive information using their company email account.
Data collection balancing act: Privacy, trust and consumer convenience
With the advent of laws like the EU’s GDPR and California’s CCPA, which are sure to be portents of things to come (i.e., more and better data privacy legislation), companies with a global presence are starting to think about whether they should implement different user data privacy protection regimes for each region or whether it would be easier to globally comply with the strictest of the existing laws.
Top enterprise analytics trends for 2020
The top 10 enterprise analytics trends to watch in 2020 have been announced by MicroStrategy in collaboration with analysts and influencers from Forrester, IDC, Constellation Research, Ventana Research and others.
Hackers go phishing for the holidays
It’s that time of year again. Everyone’s busy – at work and at home. That includes cybercriminals, too. In fact, the holiday season is when busy, distracted people tend to be especially vulnerable to phishing attacks. Just one click on a phishing link in a realistic-looking email or package shipment notice from even the savviest small business user opens the door to scammers.
Know your enemy: Mapping adversary infrastructure quickly and accurately
Group-IB is a known quantity in the information security arena: in the sixteen years since its inception, the company – now headquartered in Singapore – has detected and detailed many high-profile threats, performed over a thousand successful investigations across the globe and gained widespread recognition for helping private and public entities and law enforcement worldwide track down and prosecute cybercriminals.
Things to keep in mind when raising capital for your cybersecurity venture
In cybersecurity, as in any other industry, one might start with a good idea and an adequate first realization of it, but if there is no plan for the future, there will be no desired future.
Hacking and malware cause 75% of all data breaches in the financial services industry
Only 6% of all breaches in 2019 were suffered by financial services firms, according to Bitglass. However, these breaches compromised significantly more records than those that occurred in other industries.
Major vulnerabilities found in popular wireless presentation system
F-Secure consultants have discovered several exploitable vulnerabilities in Barco’s ClickShare wireless presentation system. Attackers can use the flaws to intercept and manipulate information during presentations, steal passwords and other confidential information, and install backdoors and other malware.
The privacy and security trends that will shape 2020
Privacy concerns will ratchet up further around IoT and 5G. Even if the industry manages to secure the billions of IoT devices already deployed, they permeate so many aspects of life that it will be nearly impossible to keep personal and private information out of the public domain.
CISOs are skeptical about claims made by cybersecurity vendors
There is a high level of skepticism about claims due to vague product descriptions, ambiguous statistics, limited ability to measure product effectiveness, and a general lack of follow-through by cybersecurity vendors, a Valimail survey reveals.
The holiday season: A cybercriminal’s winter wonderland
It’s the most wonderful time of the year – for cybercriminals that is. With increased online sales, major commercial holidays like Black Friday and Cyber Monday present plenty of cyberthreats for both companies and consumers.
What is the actual role of a threat hunter?
The role and tasks of a threat hunter are confusing, according to a ThreatQuotient and SANS study based on data collected from 575 participating companies that either work with or operate their own threat hunting teams.
Hardware hacks: The next generation of cybercrime
Despite the fact that businesses around the world are deploying new cybersecurity tools to fend off these persistent attackers, cybercriminals are working around the clock to find new and improved ways to get around them and infect software and hardware.
Cybersecurity industry predictions for 2020 and beyond
When it comes to cybersecurity industry predictions for 2020, Optiv researchers expect to see a focus on privacy, evolving threat actors, pervasive deepfake videos, and increased election interference.
Reach the next frontier of security automation while maintaining visibility and control
As the technologies we rely on continue to evolve, they are growing at a rate that outpaces our ability to protect them. This increasing risk potential necessitates a change in approach and the ability for organizations to automate more of their network security operations to reduce their cyber-attack surface.