Friday, 23 June 2017

198 Million US Voter Records Leaked

Earlier this week, it was reported that 198 MILLION US voter records were leaked on a public Amazon S3 storage server owned by a Republican data analytics firm, Deep Root Analytics. This is reportedly the biggest leak of its kind in history.

Various databases were found on the server, containing personal information of American citizens, including their name, date of birth, home address, phone number, and voter registration details- which shows their own voting preference. Deep Root Analytics, a republican data analytics firm, uses various data sets to help their political partners target potential voters, by analyzing big data, and was used in the 2016 presidential campaign.

They have since spoken out to take responsibility for the leak, whilst acknowledging they have no reason to believe their security systems were compromised.

Terry Ray, chief product strategist at Imperva, gave some insight on the breach;

“This was less a leak, but was rather an identified exposed server. From the information provided, the data is not known to have been stolen necessarily.  It sounds to me that this is another case of incorrectly secured cloud based systems. Certainly, security of private data – especially my data, as I am a voter – should be of paramount concern to companies who offer to collect such data, but that security concern should ratchet up a few marks when the data storage transitions to the cloud, where poor data repository security may not have the type of secondary data centre controls of an in-house, non-cloud data repository.

With more data being collected by companies than ever before, securing it is no small task. There are many factors that need to be taken into consideration. Are the environment and the data vulnerable to cyber threats? Who has access to the data? And there’s also the issue of compliance. Big data deployments are subject to the same compliance mandates and require the same protection against breaches as traditional databases and their associated applications and infrastructure.

He added-

“Much of the challenge of securing big data is the nature of the data itself. Enormous volumes of data require security solutions built to handle them. This means incredibly scalable solutions that are, at a minimum, an order of magnitude beyond that for traditional data environments. Additionally, these security solutions must be able to keep up with big data speeds. The multiplicity of big data environments is what makes big data difficult to secure, not necessarily the associated infrastructure and technology. There is no single logical point of entry or resource to guard, but many different ones, each with an independent lifecycle.”

Andrew Clarke, EMEA director at One Identity gave some pointers on how best to avoid this type of data breach in the future;

  • “Always ensure that only the right people can access data
  • Empower the owners of the data to easily put the proper access controls in place
  • Don’t assume that just because it is password it is safe (use multifactor and role-based access controls)
  • Slow down and make sure that governance is in place, especially for data stored in the cloud this means: The owners of the data decide what is right (not IT); making it easy for someone that is right for the data to get to the data; run periodic attestations to validate that all of the people with permission to access the data actually should have that permission”

He adds- “Once a “security first” and “Identity is the new perimeter” attitude is adopted, incidents will be dramatically reduced”.

 

The post 198 Million US Voter Records Leaked appeared first on IT SECURITY GURU.



from 198 Million US Voter Records Leaked

Westfield CIO: Data And Personalisation Are Key To Shopping Centre Survival

Shopping is fast becoming an online activity, but Westfield has a plan to keep consumers coming back to its two London facilities.

View Full Story 

ORIGINAL SOURCE: Silicon UK

The post Westfield CIO: Data And Personalisation Are Key To Shopping Centre Survival appeared first on IT SECURITY GURU.



from Westfield CIO: Data And Personalisation Are Key To Shopping Centre Survival

Fraudster Made £100K from Online Banking Bug

An online fraudster has been jailed after pocketing nearly £100,000 by exploiting a glitch in his online banking platform.

View Full Story 

ORIGINAL SOURCE: Info Security Magazine

The post Fraudster Made £100K from Online Banking Bug appeared first on IT SECURITY GURU.



from Fraudster Made £100K from Online Banking Bug

Variant of Marcher Android malware poses as Flash Player update

Developers of the Android banking malware Marcher are now disguising the trojan as an Adobe Flash Player update, the cloud security company Zscaler has reported in a Thursday blog post.

 

View Full story 

ORIGINAL SOURCE: SC Magazine

The post Variant of Marcher Android malware poses as Flash Player update appeared first on IT SECURITY GURU.



from Variant of Marcher Android malware poses as Flash Player update

Blockchain: Helping secure digital identities

Blockchain allows individuals, independent of each other, to rely on the same shared, secure and auditable source of information for managing identity.

View Full Story 

ORIGINAL SOURCE: Information Age

The post Blockchain: Helping secure digital identities appeared first on IT SECURITY GURU.



from Blockchain: Helping secure digital identities

RIG Exploit Kit Usage Declines as Browsers Are Getting Harder to Hack

Another major exploit kit (EK) looks like it’s heading for the EK graveyard as activity from the RIG EK has fallen to less than 25% of what the exploit kit used to handle three months ago, in March 2017.

View Full Story

ORIGINAL SOURCE: Bleeping Computer

The post RIG Exploit Kit Usage Declines as Browsers Are Getting Harder to Hack appeared first on IT SECURITY GURU.



from RIG Exploit Kit Usage Declines as Browsers Are Getting Harder to Hack

Cybersecurity Ventures Predicts 3.5 MILLION Cybersecurity Jobs by 2021!

This week, Cybersecurity Ventures released their latest report, predicting that by 2021, there will be 3.5 million unfilled cybersecurity jobs; a dramatic and noticeable increase from previous estimates. Previous reports have estimated much smaller estimates when predicting the skills gap of the future; the 2015 report by Symantec reported a projected shortfall of 1.5 million from the global demand of 6 million for cybersecurity workers, and the 2016 ISACA skills gap analysis predicted a global shortage of 2 million cybersecurity professionals by 2019.

Either way, these numbers illustrate pretty clearly that the cybersecurity world is struggling to keep up with the huge increase in cybercrime.

With Cybercrime estimated to cost the World $6 trillion annually by 2021, and that figure consistently rising, the growing skills gap is concerning to many all over the World. NASSCOM estimates India alone will need 1 million cybersecurity professionals to meet the demands of its ever expanding economy; Intel Corp’s 8 nation study suggests a shortage of cybersecurity  professional shortage in all countries in the study ((Israel, the US, Australia, France, Germany, Japan, the UK and Mexico). Australia is reportedly the most at risk, and is facing the largest hit; CIO reported that 88% of IT professionals  and decisions makers feared the cybersecurity shortage both within their own organisation, and as a nation.

So what can be done to resolve this impending issue?

Robert Herjavec, founder and CEO at Herjavec Group​ says, ”Unfortunately the pipeline of security talent isn’t where it needs to be to help curb the cybercrime epidemic. Until we can rectify the quality of education and training that our new cyber experts receive, we will continue to be outpaced by the Black Hats.”

He adds, ““I highly recommend pursuing your education in information technology or computer science” says Herjavec, directing his comments at IT workers and new entrants to the field — including college graduates. “There is a zero-percent unemployment rate in cybersecurity and the opportunities in this field are endless. Gone are the days of siloed IT and security teams. All IT professionals need to know security – full stop. Given the complexity of today’s interconnected world, we all have to work together to support the protection of the enterprise.”

 

The post Cybersecurity Ventures Predicts 3.5 MILLION Cybersecurity Jobs by 2021! appeared first on IT SECURITY GURU.



from Cybersecurity Ventures Predicts 3.5 MILLION Cybersecurity Jobs by 2021!