At the official start of summertime 2016 in Britain we are starting to consume the labor of last autumn, five gallons of alcoholic homemade cider (yum!) made from eight apple varieties grown in mine and my neighbors’ gardens. I’m very VERY careful sterilizing glassware, containers, and buckets: there was this unfortunate incident three years ago (no, you don’t want to hear the horrible details), enough to say I watch each step like a hawk to ensure a batch does not become tainted.
Why am I bothering you with my alcoholic side-line?
The Growing Linux Wave: POINTS TO DEMAND FOR IDENTITY AND ACCESS MANAGEMENT SOLITIONS
According to a Linux Foundation’s end-user trends report, Linux leads the way in enterprise deployments. Fox Technologies conducted a survey to find out how enterprises currently manage their Linux servers and their plans in the next year. The results point to an increasing demand for identity and access management (IAM) solutions.
Identity Access Management (IAM)
I just read a recent article about IAM (Identity Access Management) projects, and the level of complication that can ensue when trying to plan and implement a project of the scale and scope that a comprehensive IAM project entails.
The theme of the article is that AD (Active Directory), in many enterprises, is the identity store of choice; the idea being that if you could align your enterprise to use a single account, there is an economy of scale, reducing the number of places where access and permissions would need to be managed. Continue reading
2015 has been the year where social engineering became the common trend among many high-profile breaches – resulting in hundreds of millions of compromised records. Going into 2016, Wired Magazine is predicting the top 5 security threats to be: extortion hacks, attacks that change or manipulate data, chip-and-pin innovations, the rise of the IoT zombie botnet, and more backdoors.
What do you think the biggest security threats of 2016 will be?
THIS YEAR, LAWMAKERS surprised us by taking initial steps—albeit, baby ones—to rein in some of the NSA’s mass spying and provide better oversight of the intelligence agency’s activities. It’s unclear, however, if these gains and other privacy victories will hold or will be undone in the panic after the Paris attacks.
Following the terrorist assault in November, which killed more than 100 people, US government officials seized the opportunity to revive their campaign against encryption and password-protected devices, calling on companies like Apple and Google to install “voluntary backdoors” in their phones so law enforcement can access protected content with, or perhaps even without, a warrant. Lawmakers have also introduced legislation that would reinstate the NSA’s program for bulk-collecting US phone records, a program that lawmakers ended earlier this year.
When it comes to voting, there are basically two arguments: a civic one, which states that voting is the moral duty of every able citizen in a democracy, and an economic one, which states that voting is a fruitless endeavor in a game with terrible odds. Perhaps the economists had the right of it. A massive database with 191 million voter records has made its way online, and the strangest part is, no one can quite figure out who put it there or when it will be taken down.
The year’s most significant attacks highlight how hackers are changing tactics — and how security must evolve in the year ahead.
Not a week went by in 2015 without a major data breach, significant attack campaign, or serious vulnerability report. Many of the incidents were the result of disabled security controls, implementation errors, or other basic security mistakes, highlighting how far organizations have to go in nailing down IT security basics.
This was not a breach in any classic sense. What happened here is that a patch was applied to a database, and that patch appears to have removed certain safeguards that would prevent one party from viewing another parties database. And, it appears that when one party discovered that the safeguards were down, they took advantage of the situation and did, in fact, view the other parties data.
More than 720 data breaches occurred this year, and the top seven cyberattacks alone have left more than 193 million personal records open to fraud and identity theft, according to 10Fold Communcations.
Of the seven, the healthcare industry has the dubious honor of three top spots, with the Anthem breach leading the pack.
“Our research indicates that cybercriminals are increasingly going after targets in the medical and healthcare verticals, which store valuable patient data that can’t be reissued like a credit card,” Angela Griffo, vice president of 10Fold’s security practice, said in a press statement.
Nowadays, it seems that it’s not a case of if an organisation will suffer a data breach but when.
Be it as a result of human error, or a sustained cyber attack by hackers, 2015 in particular has demonstrated that almost no organisation is immune to the effects of a data breach.
So, how do organisations prepare for this apparent inevitable event and how do they measure the potential impact it might have? It’s by putting value and ownership on the data, agreed a panel of experts at Computing’s recent Enterprise Security and Risk Management Summit 2015.