Identity in the News – Week of April 30, 2018

Selections from the top news items this week in the world of identity and application security.

Twitter advising all 330 million users to change passwords after bug exposed them in plain text

From The Verge: Twitter is urging all of its more than 330 million users to immediately change their passwords after a bug exposed them in plain text. While Twitter’s investigation showed that there was no evidence that any breach or misuse of the unmasked passwords occurred, the company is recommending that users change their Twitter passwords out of an “abundance of caution,” both on the site itself and anywhere else they may have used that password, which includes third-party apps like Twitterrific and TweetDeck.

Trusted Key Solutions raises $3 million for blockchain digital identity

From VentureBeat: Trusted Key Solutions has raised $3 million to advance its blockchain technology to create secure digital identities for enterprise customers. Seattle-based Trusted Key raised the money from Founders Co-Op, an early-stage venture fund, with participation from Pithia, a venture capital company associated with the RChain Cooperative. The company wants to combine blockchain with smartphones and cryptography.

Data Protection Standards Need To Be Global

From WIRED: The Facebook-Cambridge Analytica saga has triggered much-needed debates over the necessity for greater regulation and the potential breakups of de facto monopolies. But these debates will lead nowhere if the global community doesn't manage to tackle the main challenge of how to treat and govern customer data.

Building a Framework for the Safe Management of Digital Identities and Data

From the Wall Street Journal: For much of history, our identity systems have been based on face-to-face interactions and on physical documents and processes. But the transition to a digital economy requires radically different identity systems. In a world that’s increasingly governed by digital transactions and data, our existing methods for managing digital identities and privacy are proving inadequate. Data breaches, large-scale fraud, and identity theft are becoming more common.

Will Brontech's Experiment in Blockchain-Based Identity Succeed?

From Nasdaq: Brontech is an Australian startup focusing on the issuance, verification, and usage of sovereign digital identity. It seeks to create a decentralized ecosystem that allows users to manage and control their data — who sees it and what it’s used for. This platform, which will be layered on top of the blockchain, will utilize state-of-the-art technologies such as Interplanetary File System (IPFS), zero-knowledge proofs, and distributed hash tables, among others.

Digital identity debate resurfaces following Windrush scandal

From Information Age: In the wake of the Home Secretary’s resignation over the Windrush scandal, the question of national, digital, ID cards has been brought into national conversation. Indeed, Jesper Frederiksen – head of EMEA at identity management company Okta – has suggested the UK government needs to adopt digital identities to avoid repeating the same mistakes with EU citizens post-Brexit.

Reduce cloud IT management headaches by approaching IAM the right way

From CSO: Moving to the cloud has opened up new identity-related concerns and worries that we’ve never experienced before. However, businesses don’t have to fight the identity security battle on their own, and solutions, strategies and best practices already exist to help them address this very challenge.

Password Reuse Abounds, New Survey Shows

From Dark Reading: A new survey by LogMeIn of some 2,000 individuals in the United States, Australia, France, Germany, and the UK has revealed what can only be described as broad apathy among a majority of users on the issue of password use. Though 91% of the respondents profess to understand the risks of using the same passwords across multiple accounts, 59% said they did so anyway. More than half of the respondents confess to not changing their passwords in the past 12 months even though they were aware of the risks.

North Korea's AV Software Contains Pilfered Trend Micro Software

From Dark Reading: Researchers get hold of a copy of Kim Jong Un regime's mysterious internal 'SiliVaccine' antivirus software, provided only to its citizens, and find a few surprises. A rare hands-on analysis of the antivirus software that North Korea provides its citizens shows the proprietary tool is based on a 10-year-old version of Trend Micro's AV scanning engine that also was customized to ignore a specific type of malware rather than flag it.

Data Breaches Are Stressing Americans, Canadians Out

From PYMTS: Kaspersky Lab, the cybersecurity company, revealed in a new survey on Tuesday that 81% of Americans and 72% of Canadians are stressed out about the recent rash of data breaches. The new report, dubbed “The State of Cyber-Stress,” highlights consumers’ lack of awareness as to how they can protect themselves from hackers online. According to the company, this is leading to increased stress around technology and cybersecurity in general.

The Average Cost of an Insider Threat Hits $8.7 Million

From Security Intelligence: The mean cost of a cybersecurity breach involving employees or others within an organization is $8.7 million, according to a global study of insider threats. Based on interviews with IT security professionals across more than 700 organizations, the “2018 Cost of Insider Threats: Global Organizations” report, conducted by the Ponemon Institute, benchmarked the common causes of insider incidents over a 12-month period.

Learn more about the topics in the news this week:

• Whitepaper: Moving Beyond the Username and Password
• Okta + ServiceNow: Helping Companies Improve Incident Response
• Context + Access: How Identity-Driven Security Can Prevent Breaches in Your Business
• 5 Identity Attacks that Exploit Your Broken Authentication
• 4 Myths About Credential Phishing You Can’t Ignore