Selections from the top news items this week in the world of identity and application security.
Facebook Has Hosted Stolen Identities and Social Security Numbers for Years
From Motherboard: The social security numbers, addresses, phone numbers, and alleged credit card numbers of dozens of people are being advertised and sold on Facebook. The internet giant deleted some of them after Motherboard flagged the posts.
Google Adds Security Features to Gmail Face-lift
From Dark Reading: This week Google announced a wave of G Suite updates, most of which focus on Gmail. The email service is getting a new Web look, advanced security features, artificial intelligence applications, further integrations with apps across G Suite, and management changes in Tasks. "This week's [changes] are about giving users more agency in the cloud," explains Suzanne Frey, Google's director of security, trust, privacy, and compliance.
Another Data Breach? Say It Ain't So
From The Motley Fool: It seems like we're hearing about new data breaches on a regular basis, and SunTrust's recent one affecting 1.5 million customers could seem alarming. Here's what investors — and consumers — need to know about it and how this one is different from some of the other high-profile data breaches we've heard about. Two Motley Fool reporters discuss the recent data breach at SunTrust, explaining it originated from an insider threat.
Calculating the cost of cyber-risk
From Raconteur: Most businesses understand the need to protect networks and data assets if client trust and operational functionality are to be maintained. With the General Data Protection Regulation coming into force on May 25, failure to do so could lead to fines of up to €20 million or 4 percent of global annual turnover. Ultimately it is all about protecting the bottom line.
Despite Risks, Nearly Half of IT Execs Don't Rethink Cybersecurity after an Attack
From Dark Reading: A recent survey suggests that a troubling degree of security inertia lurks within scores of organizations., effectively rendering them unable to repel or contain cyber threats. Such complacency puts sensitive corporate data, IT infrastructure, and assets at risk. In fact, an overwhelming 46% of respondents say their organization can't stop the bad guys from infiltrating internal networks each time they try.
Commentary: How Blockchain Could Put an End to Identity Theft
From Fortune: We lack control of our personal identities, and that’s a problem. Birthdates and home addresses have long been accessible through a quick Google search, but now a trip to the dark web will turn up the information many of us still hold precious: Social Security numbers, bank accounts, health insurance details, and whatever else a criminal may desire. But with the emergence of blockchain technology, the word privacy may regain its meaning.
Cybersecurity leader takes a risk-based approach to cloud management
From SiliconANGLE: Virtualization is catalyzing dramatic transformations throughout tech and demanding rapid adaptation of most enterprise processes. The rapid shifts caused by cloud migrations, mass data, and “internet of things” edge computing are creating challenges for many organizations, particularly in the unstable new world of cybersecurity.
The AI Cybersecurity Arms-Race: The Bad Guys Are Way Ahead
From Forbes: Who will win the race to adopt artificial intelligence for cyber warfare—the defenders of vulnerable corporate networks or the cyber criminals constantly inventing new ways to attack them? The promise—or unrealistic hope—that AI will “transform the world,” has given rise to a number of significant races.
Cloud Services Provider Sees Biometric Advantage as GDPR Looms
From FindBioMetrics: A cloud storage specialist is taking advantage of biometric security to help clients comply with the impending GDPR regulations in the European Union. Based in California, Zadara is the company behind Zadara Storage Cloud and VPSA Services. And the company is putting its security processes in the spotlight ahead of the implementation of the EU’s new privacy guidelines, which it called “the most significant and broad reform to data protection law in 20 years” in a statement.
New Phishing Attack Targets 550M Email Users Worldwide
From Dark Reading: A new phishing campaign was discovered sending more than 550 million emails within the first quarter of 2018. Victims receive emails disguised to come from popular brands and services in their home country. Attackers try to steal their banking information by offering coupons or discounts in exchange for their participation in an online quiz or contest.
US Healthcare Firms Among Dozens Hit in 'Orangeworm' Cyberattack Campaign
From Dark Reading: Dozens of healthcare organizations, many of them in the United States, have become victims of what appears to be a highly targeted international campaign to steal data on sophisticated medical equipment and systems. The campaign is notable for the potential it has to execute extensive damage to high-value x-ray machines, MRI systems, and other medical devices as well as their network infrastructure.
Why Hackers Love Healthcare
From Dark Reading: Much like the rest of the world, healthcare organizations are shifting work to cloud services in order to improve accessibility and patient care. However, the migration of these workloads and moving valuable information to the cloud has also led to cybercriminals taking a particular interest in the industry. From 2011 through 2014, the sector — including hospitals, labs, pharmacies, drug companies and outpatient clinics — experienced the highest number of data breaches of all industries.
Learn more about the topics in the news this week: