Last week’s DDoS attack against Dyn Inc. had an impact on many organizations beyond the reported hits to PayPal, Twitter, Amazon, Spotify, and others. Even Cutter’s website search function was out of commission for a short while! Experts have warned that at some point, smart versions of devices such as refrigerators, televisions and thermostats could be manipulated to alter their basic functions, but did anyone foresee that these devices would be used to launch a third-party attack? This isn’t the first time it’s happened, and it’s not likely to be the last. In the July 2016 Cutter article Securing the IoT: It Takes the Global Village, author David Tayouri discusses the threats Internet of Things Read more
Insight into the information security and privacy issues enterprises grapple with.
Cutter’s Curt Hall is conducting research on the measures organizations are taking to safeguard their data in light of the persistent breaches that have become commonplace in our world. This confidential survey seeks to gauge the various trends impacting organizations’ data security protection practices, and the extent to which organizations are using data-centric practices and technologies. Survey results will be revealed in upcoming Cutter Consortium research. Those who complete the survey will receive a $50 Cutter Bookstore credit. Thanks in advance for your participation! Take the survey.
This upcoming issue of Cutter IT Journal seeks articles on new approaches, strategies, and solutions to help IT professionals address and prevent the possibility of cyber attacks stemming from IoT related devices. Cyber threats have been on the rise, and more so with the advent of the Internet of Everything (IoE). Common appliances are now featuring intelligent processing and real-time connections to the Internet. Health measurements are now collected in real-time by smart wearables, including general purpose smart watches. The latest models from automobile manufacturers feature cloud connectivity for enabling remote software updates, tracking fuel consumption, and streaming dashcam activity. On a larger scale, the smart grid ensures seamless and dynamic allocation of energy where Read more
At the recent RSA Security Conference in San Francisco, data-centric security and protection received a lot of attention. Several trends account for this. The main one, of course, is the large number of high-profile data breaches and other cyber attacks continually making the news — a trend that shows no sign of subsiding. In addition to this constantly lurking threat, we can add growing compliance and regulatory requirements as well as the advent of new (difficult to protect) technologies, applications, and architectures. Throw in all the revelations about hacking by various government intelligence services, and it’s easy to see why organizations and security solutions providers have made data-centric security and protection a top priority. The Read more
In 2015, almost every CIO will be tasked with assessing their organizations and technology to ensure data and confidential information is protected. Current Situation Target, Home Depot, Staples, who’s next? These are just the most recent retail outlets that made the news. What is not making the headlines are the multitude of private- and public-sector organizations that have been hacked and lost data and information — many times totally unaware until after the fact. Pain Why is security so important for IT leaders in 2015? Because it cost a LOT of money once you have your network and systems breached! South Carolina recently lost large and significant quantities of data from its Department of Revenue Read more
The “Internet of Things” will take further hold and become more fully embedded as a reality in our society. However, a tipping point is likely to be reached in 2015 as public awareness of the potential for these technologies to violate personal privacy increases. This will lead to an associated public outcry for stricter controls and government legislation regarding how people, organizations and government collect and use this information. The public will no longer be satisfied to leave technology companies and users to self-police their uses of their personal data. Surveillance and other technologies that permit the collection of data about people will continue to proliferate. Analytical tools are emerging to interpret this information, and Read more
I predict there will be a major hack to a connected devices, causing havoc and putting a temporary damper on the stampede towards the Internet of Things. It will be widespread, as the hackers will want to show just how vulnerable we are. This will be a temporary setback, and the precise impact will depend on the severity of the damage done — but the Internet of Things development will continue. In a related note, it will be revealed that the government has experimenting with novel ways to conduct surveillance using these connected devices. My biggest bet is that LEDs used to light public areas will be the first discovered, but there may be even Read more
It is becoming clear that the prevailing piecemeal approach to security is no longer sufficient to thwart increasingly sophisticated attacks. Gaps in coverage provide possible entry points, blended attacks in several sectors can mask the actual threat, and sophisticated attacks involving multiple targets and approaches can find their way around many current defenses. Interest is growing in unified threat management (UTM) for small to medium-sized businesses, which centralizes all network intrusion response in a single device, and next-generation firewalls (NGFs), which defend against most of the same things but are aimed at the enterprise. Although some currently define these as separate product areas, major vendors are now providing this form of protection as a continuum. Read more
We’ve been rounding up Dennises lately: Dennis Adams and Dennis Hogarth have joined our team of expert consultants. But along with the Dennises, we welcome Nancy Williams, Murray Cantor and Don MacIntyre. Dennis Adams is a long time Cutter contributor. He’s frequently presented the academic viewpoint for Cutter Benchmark Review. (If you’re not familiar with CBR, it partners academics and practitioners who co-write a survey, analyze the data, and then write opinion pieces — influenced by their academic/practitioner perspective — that are based on the findings. Looking at an issue or technology from both an academic and practical perspective gives CBR readers the 360 view they won’t otherwise see.) Now Dennis will add his expertise Read more
It took home improvement retailing giant Home Depot about a week before it finally confirmed it had suffered a data breach. Home Depot first reported the possibility of a breach on 2 September 2014, but did not actually confirm the hacking until 8 September. During that time, the company made somewhat vague statements that it was still carrying out an investigation to determine whether or not its systems had actually been compromised. Based on the company’s recent press release confirming the breach (see “The Home Depot Provides Update on Breach Investigation“), it appears that Home Depot’s internal IT security team was unaware that its payment data systems had been compromised. Instead, it looks as if Read more