Category: Secure

Secure provides guidance and insight on the myriad issues that business technologists grapple with while protecting business data assets and ensuring continuity.

New Research Reveals C-Level Execs Are Prime Targets for Cyber Attackers

by Amy Larsen DeCarlo, posted in Secure
A. DeCarlo
A. DeCarlo

Summary Bullets:

  • Due to their privileged access to high-value corporate assets, executives are in the crosshairs of cyber attackers, according to the latest Verizon Data Breach Investigations Report.
  • The Verizon report found that the combination of access and the need to make quick decisions made C-level executives more vulnerable to social engineering attacks.

Enterprising cyber attackers driven by a money motive are setting their sights on objects that will deliver the highest returns. Thanks to their access to high-value systems and data, C-level executives are a prime target for social engineering hacks. This year’s Verizon Data Breach Investigation Report (DBIR) found social attacks, including business e-mail compromises (BECs) against enterprise executives, are on the rise. Speculating that the combination of proximity to high-value assets and the intensive pressure of their roles, which limits executive time to scrutinize messages, makes them more vulnerable than most employees with less critical roles, the Verizon DBIR claimed that staffers in leadership are 12 times more likely to be the victims of credential theft or other social incidents, such as being tricked into transferring money to an adversary’s bank account. Continue reading “New Research Reveals C-Level Execs Are Prime Targets for Cyber Attackers”

Can We Use Blockchain to Thwart Fake News?

by John Marcus, posted in Cloud Enable, IT Leader, Secure
J. Marcus

Summary Bullets:

  • Digital media faces a ‘fake news’ problem where sources may be biased or worse, and actual content may be manipulated.
  • Orange is behind Safe.press, a blockchain-based consortium for certifying news sources as legitimate – and not ‘fake.’

As investigative journalists and whistleblowers struggle to be heard in calling out the rampant abuse of social networks in propagating ‘fake news,’ one startup is trying to tackle the issue with new technology. Continue reading “Can We Use Blockchain to Thwart Fake News?”

Amazon Catches Heat for Alexa’s Dependence on Human Intellect

by Amy Larsen DeCarlo, posted in Secure
A. DeCarlo
A. DeCarlo

Summary Bullets:

  • Amazon Alexa is relaying recorded consumer speech for analysis by Amazon staff and contractors for product improvements.
  • There is a simple workaround to turn off the default communications between Alexa and Amazon employees.

Alexa apparently needs a little help from human sources to better decipher user requests. Amazon acknowledged that individual staff and contractors in a number of countries including Romania, India, Costa Rica, and the U.S. each evaluate as many as 1,000 recorded requests to Alexa during their nine-hour shift. The staffers feed notes into software that provides better context to requests, which Amazon said will ultimately produce a better user experience. Continue reading “Amazon Catches Heat for Alexa’s Dependence on Human Intellect”

Deutsche Telekom’s Car SOC is Ready to Protect Drivers—Is the Auto Industry?

by John Marcus, posted in Secure
J. Marcus

Summary Bullets:

• Connected cars are vulnerable to the same threats facing any Internet user or device

• Deutsche Telekom proposes its Car SOC to the industry, but as of today no one is responsible for protecting drivers from cyber attacks

Connected cars, like anything else using the Internet, are exposed to a range of vulnerabilities most drivers dare not even contemplate. Even without being connected, the digital technology in place is at risk from attackers, whether through the cloning of remote control key entry and engine starting, or from malware introduced to internal systems via infected diagnostic tools at the local garage. Continue reading “Deutsche Telekom’s Car SOC is Ready to Protect Drivers—Is the Auto Industry?”

Google in Hot Water Over Latest Privacy Misstep

by Amy Larsen DeCarlo, posted in Secure
A. DeCarlo
A. DeCarlo

Summary Bullets:

  • Google is under fire for failing to disclose that its Nest Secure home alarm system has an embedded microphone.
  • Privacy advocates are calling for significant change in light of the digital giant’s checkered data handling history.

When Google announced in early February that the company had added a feature to its Google Nest Secure system that allows it to work with Google Assistant to become a smart speaker, some consumers were surprised to learn the home security and alarm system has an embedded microphone. Google copped to failing to disclose the integrated microphone, admitting that detail should have been included in product information. Continue reading “Google in Hot Water Over Latest Privacy Misstep”

Alibaba Cloud Looks for Growth Outside of China, and Indonesia Is a Good Target

by siowmeng, posted in Cloud Enable, Network, Secure
S. Soh

Summary Bullets:

  • Alibaba Cloud is gaining a stronger foothold in Indonesia with its second data centre, a growing partnership ecosystem and an initiative to support start-ups to develop their business through a cloud-native approach.
  • Alibaba needs to grow its international presence, and it is establishing an early presence in markets such as Indonesia where competitors do not yet have a local presence.

Alibaba Cloud has launched a second data centre in Indonesia after launching the first data centre 10 months earlier. The second data centre enables Alibaba Cloud to increase capacity, provide higher availability and improve disaster recovery capabilities. The company also launched the Internet Champion Global Accelerator Program to support the growth of start-ups and local talents. The program will provide training, mentorship and venture capital opportunities to enterprises and professional services. The program is launching in Jakarta, and it will be extended to Bali in January 2019, as well as other global markets in the future. This is a strategic move since start-ups and SMEs in general are more ready to adopt a cloud-native approach and can become heavy cloud users as they scale up. Continue reading “Alibaba Cloud Looks for Growth Outside of China, and Indonesia Is a Good Target”

Social Media Roasts Apple over Its Subpar Response to the FacePalm Bug

by Amy Larsen DeCarlo, posted in IT Leader, Secure
A. DeCarlo
A. DeCarlo

Summary Bullets:

  • Reports surfaced that Apple ignored multiple efforts from an Arizona lawyer to alert the company that her teenage son had uncovered a bug which allows one FaceTime user to spy on another.
  • Twitter users blasted Apple for ignoring the lawyer’s attempts and then being slow to disable the affected feature and issue a fix.

News that Apple seemingly ignored repeated reports for a week that its popular FaceTime video app had an alarming privacy-invading bug is going viral on social media. Twitter users questioned whether Apple was ignoring calls to investigate a FaceTime group chat bug that allows the initial caller to listen on the call recipient even if the person on the receiving end didn’t pick up, or if the company might have been surreptitiously working on a fix before notifying users about the embarrassing flaw. Continue reading “Social Media Roasts Apple over Its Subpar Response to the FacePalm Bug”

Orange Cyberdefense on Turning the Skills Shortage into an Advantage

by John Marcus, posted in Secure
J. Marcus

Summary Bullets:

• At a recent Orange Cyberdefense analyst event, the company addressed (among other things) the familiar topic of the skills shortage in cybersecurity

• In doing so, it illustrated ways in which it might turn this fundamental market challenge into an advantage

The theme at Orange Cyberdefense’s recent analyst event was combining the best of both human and technology resources, so it was no surprise that the inescapable cybersecurity skills shortage was a featured topic alongside sessions dedicated to strategy, portfolio, and innovation. Without directly saying so, the managed security service provider (MSSP) is clearly trying to turn this global challenge into an advantage – at least in France, where it can claim market leadership with only about a 15% share due to a highly fragmented environment involving hundreds of solution providers.

With its strategy for retraining and recruitment well underway, Orange Cyberdefense has managed to increase the size of its team despite the people shortage and its associated side effect of high turnover among qualified employees. With 100 Orange employees upskilled and recruited by its own Cyberdefense Academy since 2017, plus the addition of 300 new external recruits in 2018, the group’s security business now has 1,300 “humans” on board. Continue reading “Orange Cyberdefense on Turning the Skills Shortage into an Advantage”

TM Forum Digital Transformation Asia 2018: CenturyLink Strengthens Asia-Pacific Business

by Alfie Amir, posted in Cloud Enable, IT Leader, Network, Secure
A. Amir

Summary Bullets:

  • CenturyLink expands and enhances its portfolio in Asia-Pacific to challenge other carriers and grab the growing opportunity.
  • However, there are still gaps with its competitors, especially in portfolio and presence in the region.

At the TM Forum Digital Transformation Asia 2018 in Malaysia earlier this month, CenturyLink shared its direction to strengthen its presence and expand the business in Asia-Pacific. The move is in line with its global expansion strategy announced this year at its annual Analyst Forum. In Asia-Pacific, CenturyLink has over 2,000 employees, on-net presence in 12 countries and sales presence in six key markets (i.e., Australia, China, Hong Kong, India, Japan and Singapore). With the existing resources in the region, the carrier plays to its strength by focusing on inbound MNCs as well as Asian-based enterprises expanding beyond the region. It focuses in certain verticals, including OTT/content, media, entertainment, financial services, energy and utilities, retail and manufacturing sectors. Continue reading “TM Forum Digital Transformation Asia 2018: CenturyLink Strengthens Asia-Pacific Business”

Super Micro Supply Chain Attack May Be Fake, But Supply Chain Risk is Genuine

by Eric Parizo, posted in Secure
E. Parizo

Summary Bullets:

• It turns out a recent bombshell report detailing how rogue microchips infected an unknown number of computer servers may not be true.

• The event illustrates that supply chain risk is legitimate, and enterprises must plan for the risk and implement methods to detect such compromises.

Cybersecurity’s biggest mystery is centered on a microchip so small, it might not even exist.

It all started on 4 October, when U.S. news agency Bloomberg reported that many of the motherboards manufactured by Super Micro Computer had been compromised before they ever left the factory. Continue reading “Super Micro Supply Chain Attack May Be Fake, But Supply Chain Risk is Genuine”