Category

Security+Privacy

Insight into the information security and privacy issues enterprises grapple with.

 
avatar

If one listed the top technology concerns for CIOs and CEOs around the world, cybersecurity has to be right at the top. Over the last year, serious data breaches have been increasingly common. Perhaps the most publicized was the one that occurred at Target during the Christmas season last winter. Millions of customers’ credit information was disclosed and Target did not discover/acknowledge the breach for nearly three weeks. The ensuing scandal cost the CSO, CIO and eventually the CEO their jobs and the company hundreds of millions of dollars in lost sales and in falling stock prices. Recently, EBay’s PayPal subsidiary disclosed that it had been broken into in February 2014 and the breach was …

Read more

 
Politics, Profiling, and Big Data

The ongoing IRS scandal, in which various groups were targeted according to keywords such as “tea party” in the search for infractions, has important lessons for emerging big data techniques. Because analytics based on huge amounts of streaming social data linked with demographics provide the possibility of creating social profiles, a door has been opened for new types of abuse that may create invisible legal issues. Profiling has always been problematic, but it has generally been overt, and the result of a conscious decision. Invisible social profiles, on the other hand, might not even be fully understood by the analyst. The IRS example is fairly primitive, and is actually at least partly a response to …

Read more

 
avatar

I’m excited about the Internet of Things (IoT), and I expect it to create incredible opportunities for companies in almost every industry. But I’m also concerned that the issues of security, data privacy, and our expectations of a right to privacy, in general — unless suitably addressed — could hinder the adoption of the IoT by consumers and businesses and possibly slow innovation. So, with all the hype of the IoT, I’m going to play devil’s advocate, because these issues tend to receive limited coverage when considering the impact of new technology developments on society. First of all, I am amazed at all the connected products and services that are starting to appear. These include, …

Read more

 
IoT, Big Data, Mobile Apps, Drones to Impact Privacy & Security

Here are my predictions for 2014: 2014 will bring exponential expansion and evolution of the Internet of Things (IoT). This will also bring new opportunities for information security trailblazers unlike any we’ve seen before. The potential benefits of the IoT will be huge, but just as large will be the new and constantly evolving information security and privacy risks. We will see some significant privacy breaches resulting from the use of IoT devices as a result. New IoT risks, and resulting security incidents and privacy breaches, will bring a significant need for technology information security pros to also understand privacy concepts so they can implement privacy protections within all these new devices, and into the …

Read more

Dec 162013
 
Securing Internet Traffic

By the end of 2014 or the beginning of 2015, various large cloud providers as well as the Internet Engineering Task Force (IETF) will have developed mechanisms to protect most Internet traffic against the pervasive domestic spying performed by the U.S. National Security Agency. The NSA won’t be unable to decrypt the traffic it really cares a lot about, but it will just take too much computer time to decrypt all traffic, as it can do right now. I predict this because there is a great convergence happening. First, the NSA’s antics have finally made companies aware of the security issues involved in taking client-server traffic that used to be inside the firewall and moving …

Read more

 
Things That Go Bump in the Night

By the end of the decade, self-driving cars will be on the roads in many developed countries. The electric grid will tell our heaters when it is more economical to run, “learning thermostats” will be in many homes, and we will track the movements of people, pets, packages, and many other things. By some estimates, the number of devices connected to this “Internet of Things” (IoT) will pass the number of connected human users by 2016. The question is: will serious accidents be necessary before people take the risks seriously and harden this infrastructure? Because the IoT senses and controls physical objects, serious harm can happen — either accidentally or intentionally. We need devices to …

Read more

 
avatar

Just in time for National Cyber Security Awareness month is the Cutter IT Journal issue — Privacy and Security in the Internet of Things. Guest Edited by Privacy by Design Ambassador and Cutter Senior Consultant Rebecca Herold and her host of expert authors — this issue highlights the many possible data hacking scenarios your organization could be privy to as the IoT gathers speed. With no current restrictions on how data collected by IoT-related devices is analyzed — the market is an open playing field for potential exploit. Explore the implications of the IoT and learn some strategies for mitigating the possibility of data breaches in this exciting new issue! Cutter clients read this issue …

Read more

 
avatar

The latest technology tsunami creates great market opportunities, and simultaneously wreaks havoc on the business world. The Internet of Things (IoT) is all about connecting sensors and other data-generating devices to everyday objects and ultimately to the Internet, generating a wealth of intelligence and real-time data, and merging and blurring the physical and virtual worlds. Already established in the consumer products world, the IoT offers corporations the opportunity to develop new offerings or to reconfigure existing products to collect intelligence. This will drive an increase in big data implementations, cloud, and other emerging technologies as corporations begin to capitalize on this up and coming phenomenon. Every new trend comes with its share of challenges and …

Read more

 
avatar

Some argue that a cyber-Armageddon — or a “digital Pearl Harbor” — may be just around the corner, while others counter that while cybersecurity needs to be taken seriously, the overall cyberthreat and its consequences are vastly overblown and are merely a convenient excuse to sell over-priced security software and consulting. The May 2011 Cutter IT Journal will try to separate the wheat from the chaff as pertains to security threats from current and potential cyberweapons. Proposals of interest are due 2 March 2011. To respond, please visit http://www.cutter.com/content-and-analysis/journals-and-reports/cutter-it-journal/callforpapers02.html

 
avatar

Security and the law have not caught up with technology and the outlaws. But most people seem to be ignoring the risks in favor of the opportunities and I don’t see that changing in 2011. A high profile incident is bound to happen, probably sooner rather than later. The headlines this year have been full of security issues facing the internet. First, there was the Zeus Trojan Horse which has stolen millions of dollars from small businesses and individuals. Zeus steals your credentials from your computer, and then uses them to make numerous small transfers from your bank account (under the $10,000 limit for reporting) until it has been emptied out. Since your computer was …

Read more