Infosecurity Opinions
How Can Your Company Radically Curb Insider Threat?
At Zalando, our internal bug bounty program underlines the need to hack, learn from mistakes, and in the process, develop the most secure products.
Exploiting SS7 Vulnerabilities in Mobile Networks for Criminal Gain
Signaling System Number Seven, or SS7, is a widely-used protocol that enables mobile operators’ subscribers to communicate with each other. At the heart of an operator’s network, SS7 contains highly important data such as a subscriber’s identity, status and location, providing the operator with the ability to manage communications and bill their subscribers for the services they use.
The SS7 Security Threat is Real. How Can MNOs Respond?
It was only a matter of time, but the shortcomings of SS7 have become an issue impossible to ignore.
Data Breaches – Just a Cost of Doing Business or Tip of the Spear for Threats to Business?
Now that major data breaches have become so commonplace, there is a growing perception that they are inevitable costs of doing business and resulting costs need to be paid, with the fallout contained as quickly as possible—and move on.
Metadata as a Divining Rod for Security
Most security tools are not equipped to handle the increases in traffic speed as well as attack frequency
SOC Up and Listen
It’s often said that listening is a skill in itself, and yet we’ve yet to grasp the nuances of listening to network noise. From the chatter on social media, to the deep recesses of the subterranean dark web, there’s now a vast array of data that we need to tap into, monitor and interpret to get advance warning before threats are realized.
What You Need to Know About Secure Voice Recording and Storage in Financial Services
With such a wide range of services covered in MiFID II, there are inevitably changes that may not receive due attention.
Gone in Less Than 60 Seconds: Why the Automotive Industry Needs to Get up to Speed with Security
Given that our cars are going to communicate even more in the future, it’s imperative we get this right now to stop the hacker getting into the driving seat.
Confronting the Talent Shortage: How to Invest in Your Existing Cybersecurity Staff
To advance security in the face of talent, time and other shortages, we need to think bigger than training.
Time to Get Quick on Your Feet: Navigating the Network Security Minefield
Cyber-space is the land of opportunity for hacktivists, terrorists, and criminals motivated to wreak havoc, commit fraud, steal information, or take down corporations and governments. They can hide out in the dark web, geographically removed from the scene of their crimes, launching automated attacks on thousands of targets knowing a fraction will succeed.
What Exactly is Quantum Cybersecurity Anyway?
Over the past few years, we’ve seen a seemingly endless stream of tech and mainstream media headlines on the topic of quantum technology developments, primarily focusing on quantum computers, their capabilities, and the threat they pose to cyber-security infrastructure as we know it.
Shrinking the Exploding Attack Surface
Nowadays, it seems that no organization is immune from being hacked; and governments globally are recognizing the need to invest heavily to protect vital services and infrastructure. However, today’s security models are not completely flawed; they are, perhaps, naïve.
Design Vulnerabilities: They Hide and You can’t Catch Them
Exploiting memory-corruption bugs to compromise computers and gain access to organizations is all too common and relatively simple. But what we haven't heard much about are so-called design vulnerabilities in operating systems or other software that can provide other avenues of attack into an organization's network.
Thin Clients and Isolation; is the Future of Computing off the Desktop?
The future of computing, at least personal computing, has been showing signs of weaning away from the traditional desktop for quite some time now.
How Psycholinguistics helps you Spot Potential Danger to your Company Before it’s too Late
How can you tell if someone going through a personal crisis poses a threat to your company? Is a disgruntled employee about to steal sensitive data or sabotage one of your key systems?
Bangladeshi Bank Hack – Firewalls, Fat Fingers and ‘Fandation’
The Bangladesh bank’s naïve approach to managing a firewall was made worse by the use of second-hand routers to connect their internal systems to the global financial networks.
The First 48 Hours: How to Respond to a Data Breach
The first few hours after a breach are critical in asserting control of the situation and, as such, businesses must have a comprehensive incident response plan in place that enables them to react immediately should the worst happen.
It’s Time to Stop Relying on Passwords to Protect Our Information Online
Mass adoption of mobile devices around the world means organizations can implement more robust, two-factor or multi-factor authentication systems without having to worry about the high cost of providing the devices to consumers themselves.
Teaching Users to Practice “Safe IT”
The subversion of IT by users introducing applications, which are not formally provided by IT - whether deliberate or accidental - presents a management and support challenge to the IT department and a potential security risk to the organization as a whole.
BYOD? More like “Bring Your Own Divide"
Basic first steps will go a long way in making BYOD a credible, transparent and, most of all, secure way to work.
