Information Security Specialist Sounds Respectable
Take a glance at the most discussed cybersecurity topics of the week.Well, we guess after reading this research, some information security specialists will burst from their chairs and hit their tables, saying “We’ve had it!”
Kids’ watches are under attackers’ control
Threatpost on January 30, 2019
Again. It seems kids’ safety will never stop to be at risk.
The makers of IoT devices continue to provide parents with the false sense of security of their kids. Recently it was discovered that GPS-tracking watches were exposing sensitive information of nearly 35,000 children, including their location in real time.
The experts unveiled a serious privilege-escalation vulnerability – the system failed to estimate that the user had the respective permission to take the admin control. Therefore, a malefactor simply needed to change the user level parameter to get access to all account information.
Although the manufacturer fixed this issue, there are watches, using the same backend, that may still be affected.
On a wider scale, the GPS watch market needs to ensure that their products are adequately tested. Our advice is to avoid watches with this sort of functionality like the plague. They don’t decrease your risk, they actively increase it.
Vangelis Stykas, Security Consultant at Pentest Partner
The first step to make medical devices secure is done
The Washington Post on January 29, 2019
When we wrote that hackers are everywhere, we did not think of the opportunity of hacking medical equipment. However, the reality is cruel – pacemakers, insulin pumps, and MRI machines are highly vulnerable to hacking.
Although nowadays there is no federal mandate for those medical devices to have cybersecurity guarantees, a government-backed coalition of hospitals and medical device manufacturers took initiative and released a “joint security plan”. The document outlines a list of protections manufacturers should implement and hospitals should require.
By the way, last year we mentioned that hackers can target brain implants. Thus, we totally agree with Greg Garcia, Executive Director at Healthcare Sector Coordinating Council, who said “companies and hospitals are finally signaling they are willing to cooperate on fixing the problem, rather than saying it’s the other’s responsibility to fix”.
Consumers’ cybersecurity misperceptions make them more vulnerable
Venture Beat on January 25, 2019
Although the cybersecurity threats are becoming a matter of public concern, consumers still lack a clear understanding of how and where potential dangers are evolving. This is one of the findings of the Cuji AI study.
The company organized an online survey to analyze its end users’ perceptions. Good news first – nearly 90% of participants consider cybercrime risks are increasing, while about 40% among them know someone who was a victim. One-fourth of respondents answered they had been victims themselves and almost 50% of participants do not feel fully protected.
However, users are focused on traditional cybersecurity measures in their data protection and do not consider the actual digital dangers. For instance, in a ranking of threats, the highest awareness was around “viruses,” at 97.4 percent, while Cujo’s data ranks viruses tenth on the list of most common types of attacks.
Cybersecurity pros need more respect
The Next Web on January 25, 2019
Well, we guess after reading this research, some information security specialists will burst from their chairs and hit their tables, saying “We’ve had it!”
The Thycotic research finds out that many security pros believe they have an image problem. Two-thirds think their teams are regarded as company naysayers. Yeah, there were even nicknames like “doom mongers” and a “necessary evil”.
Actually, 90% of the respondents said that other departments could have a better understanding of their goals and nearly the same number emphasized the difficulty in explaining their values to the HR and finance top managers. Furthermore, 74% of security specialists experienced negativity when introducing new security rules.
While 39% of employees barely notice security rules notification, is it possible to mitigate the consequences of human error in the security breaches? The answer would correlate to a naysayers’ approach.