Circuit Secures the IoT Against Quantum Attack


One of the most frequently mentioned fears about future quantum computers is that they will someday crack our encryption codes and lay all our digital secrets bare. Despite it being a truly far-off possibility, cryptographers are already taking the threat very seriously.

Employees and Contractors Expose Information Online in 98 Percent of Organizations

An anonymous reader shares a report: Employees and contractors are exposing confidential and sensitive information online and in the cloud in some 98 percent of organizations. This is found primarily in Dropbox, Google, and Microsoft SharePoint. This is among the findings of a new report from insider threat specialist Dtex Systems which has analyzed information from work-issued endpoints and more than 300,000 employee and contractor accounts.

All of the assessments detected employees and contractors transferring confidential and sensitive data via unencrypted USB drives, personal email accounts, and cloud applications, an increase of 10 percent over 2018. In addition 97 percent of assessments detected employees and contractors who were flight risks, a class of insider threat that often steals data and IP. This is an increase of 59 percent over 2018. 95 percent detected employees and contractors attempting to bypass or circumvent security controls via anonymous browsing, VPN and TOR usage, up 35 percent over 2018.

Which Cybersecurity Framework is Right for You?

SOC 2, CIS, NIST, ISO27001, PCI and more. How do you choose?

Given the growing amount of information and data that businesses of all sizes are having to manage, great cybersecurity is increasingly the most critical element of IT. Accenture estimates there will be $5.2 trillion in losses to companies over the next five years due to cyber attacks. Because of that risk, IT teams are looking at different frameworks to help guide their cybersecurity programs. Unfortunately, there are so many frameworks that it’s hard to select, and implement the right one for your company.

Sophisticated phishing: a roundup of noteworthy campaigns

Phishing is a problem nearly as old as the Internet. Yet, criminals continue to reach into their bag of phishing tricks in 2019 because, in a nutshell, it just works. Dialing into the human psyche and capitalizing on emotions such as fear, anxiety, or plain laziness, phishing attacks are successful because they take aim at our weaknesses and exploit them—in much the same way an exploit kit takes advantage of a vulnerability in a software program.

The Elephant in the Room: A Holistic View of Third-Party Risk

Key Takeaways

  • Managing third-party risk today is critical, but many organizations face challenges like a lack of resources or insufficient information from security audits that aren’t up to date or don’t consider all sources of risk. It’s hard to get the context needed to make educated decisions about how to manage risks that stem from third parties.
  • A new report from ESG says to focus on three capabilities when looking for a risk management solution: it should supplement static third-party risk assessments with real-time risk visibility metrics, it should enable alerting on changes to risk scores, and it should provide transparency so that you get more context behind what goes into a particular risk score or recommended course of action.
  • A threat intelligence solution that automatically gathers and correlates data, like the Recorded Future® Platform, meets all three criteria. Whatever the source, threat intelligence is becoming increasingly essential for managing third-party risk.

Last week, we looked at some of the challenges of managing third-party risk laid out in a new report from Enterprise Solutions Group (ESG). That report “paints a rather bleak [third-party risk management] picture” — one in which many of the organizations that ESG surveyed “rely on sporadic TPRM audits by under-resourced cybersecurity and GRC teams, leading to an ongoing TPRM gap that can’t address business requirements sufficiently.”

Badge.Team: Badges Get A Platform

Electronic conference badges are now an accepted part of the lifeblood of our community, with even the simplest of events now sporting a fully functional computer as an eye-catching PCB on a lanyard. Event schedules and applications are shipped on them, and the more sophisticated ones have app libraries and support development communities of their own.

Good bots, bad bots: friend or foe?

One of the most talked about technologies online today is the ubiquitous bot. Simultaneously elusive yet also responsible for all of civilisation’s woes, bots are a hot topic of contention. If we went purely by news reports, we’d assume all bots everywhere are evil, and out to get us (or just spreading memes). We’d also assume every single person we ever disagreed with online is a bot.