AWS

Use IAM access advisor with AWS Organizations to set permission guardrails confidently

AWS Identity and Access Management (IAM) access advisor uses data analysis to help you set permission guardrails confidently by providing service last accessed information for your accounts, organizational units (OUs), and your organization managed by AWS Organizations. Permission guardrails help control which services your developers and
/
IBM News

IBM to win unconditional EU okay for $34 billion Red Hat deal: sources

BRUSSELS (Reuters) - U.S. tech giant International Business Machines Corp is set to secure unconditional EU approval for its $34 billion bid for software company Red Hat, people familiar with the matter said on Wednesday. IBM is seeking to expand its subscription-based software offerings via
/

DLP Technology

In regards to data loss prevention (DLP), in the last five years many companies rushed to implement DLP solutions without taking the time to first identify the data that should not transit egress points. Most of these rushed implementations have not been successful. Security analysts, in particular 451 Research, have been recommending that companies should first identify and classify data before deploying DLP. Unfortunately, we are just now seeing companies execute this approach. Companies in 2017 that identity and classify data before they begin implementing DLP solutions will see a dramatic increase in the effectiveness of their data protection programs.

In 2017, attacks that seek to access a company’s sensitive data will increase. Some of the attacks will be conducted by activists looking to damage their targets’ integrity and reputation – similar to the intent behind the Sony breach. Other attacks will be for financial gain, predominantly tied to ransomware. Hiding behind the anonymity of bitcoin and other cryptocurrencies, ransomware continues to be a crime where the culprits can remain anonymous and difficult or even impossible to capture. Cybercriminals will continue to upload stolen data publicly to make investigations and containment trickier.

The likelihood of a data breach is higher than ever and organizations must get serious about the sensitive data sprawl that is occurring across their networks. In the case of the Sony breach, one of the biggest and most newsworthy breaches since 2014, the majority of the damage was done from sensitive data that was stored unprotected on their network. Companies need to develop enterprise-wide data security programs to address vulnerabilities.

Data sprawl continues to be a major threat to enterprises and governments alike. In the majority of recent attacks – the Home Depot breach, the SWIFT network breach, the DNC breach – the common denominator is the unaccounted-for sensitive data. Unknown or misplaced sensitive data that is stolen is the most valuable to the cyber thieves and the most devastating to companies. Enterprises and government organizations must take action to ensure they eliminate sensitive data sprawl across their organizations. This is the very first and most critical step in protecting themselves, their employees and their customers from the major risk of a data breach.

We also see Internet of Things (IoT) devices as a weak link in the security chain. The vast majority of IoT device manufacturers are not be able to address security threats, as we saw in the DDoS Dyn attack. Early IoT security failures will push the industry toward authentication standards but these standards will not be implemented before 2017 comes to a close. Operational technology needs to be aggressive with their cybersecurity approach – by hiring experts and assigning the businesses responsibility of cybersecurity to individuals.

By Dr. Jo Webber

Jo Webber

Dr. Webber is an experienced technologist and software company CEO having led three previous companies including Energy Solutions International, an Inverness Graham Portfolio company. She has served on 12 boards and has substantial M&A and international experience.

She has a PhD in Quantum Physics and has authored four patents. She is a Fellow of the Royal Society of Chemistry.

View Website
Why ‘Data Hoarding’ Increases Cybersecurity Risk

Why ‘Data Hoarding’ Increases Cybersecurity Risk

Data Hoarding The proliferation of data and constant growth of content saved on premise, in cloud storage, or a non-integrated ...
Miha Kralj

Cloud Native – Design, Delivery and Management of Applications

Going cloud native, the right way Moving from a traditional IT organization to one that’s cloud native is an inevitability ...
10 Security Related Resources

10 Security Related Resources

Security Resources We have a compiled a small list of interesting free security tools and resources as part of our ...
Podcast #3: Show-rooming, Blockchain, and the Content Your Commerce Site Needs

Podcast #3: Show-rooming, Blockchain, and the Content Your Commerce Site Needs

CLOUDTWEAKS PODCAST It’s not your grandma’s SEO. Using content management to promote your ecommerce business is a lot different than ...
NYT

Hit by Ransomware Attack, Florida City Agrees to Pay Hackers $600,000

/
MIAMI — The leaders of Riviera Beach, Fla., looking weary, met quietly this week for an extraordinary vote to pay nearly $600,000 in ransom to hackers who paralyzed the city’s ...
ISC2

Cybersecurity Falls Short in Organizations Undergoing Digital Transformation

/
While C-level executives understand the need for cybersecurity as their organizations undergo digital transformation, they aren’t prioritizing it enough, according to a recent Deloitte report based on a survey of ...
Reuters news

Bitcoin tests 15-month highs after 10% weekend jump

/
LONDON (Reuters) - Bitcoin tested 15-month highs on Monday after jumping more than 10% over the weekend, with analysts ascribing the spike to growing optimism over the adoption of cryptocurrencies ...