32million workers “share passwords”

photo5

One third of US workers admitted to sharing passwords or accounts with their co-workers, equating to a potential 32million. 42% claimed they did so to collaborate with each other, while 38% claimed it was simply “company policy”. A survey conducted by SurveyMonkey also revealed that almost a quarter of all workers use the same password on multiple work accounts. In 2017, security breaches in the US cost $1.3million.

Major breach discovered in biometric system

photo4

A public database containing personally identifiable information such as facial scans and fingerprint information has been discovered. More than 1 million users may have been affected by the leak, which was found on a database for a company that serves UK banks and the Metropolitan Police. Security researchers revealed that the company’s Biostar 2 platform, which uses facial recognition and fingerprints, was unprotected and mostly unencrypted. They added that this posed further danger as users “cannot change their fingerprint”.

A-level grade boundary leak caused by human error

photo3

Exam boards had to reassure students in August after it emerged that grade boundaries for this year’s Edexcel A-level maths papers had been leaked. Exam boards set grade boundaries after all papers have been marked, and students were advised not to spread the leak in order to avoid unnecessary stress. The leak comes two months after alleged exam papers were sold on Twitter for £70, leading to two arrests but no charges. A spokesperson for Pearson certifications said: “Our systems are working as they should and the information was shared today via a password-protected, secure website.”

Why PAM can be compromised – and what you can do

photo2

Time constraints, complexity and lack of understanding can all lead to PAM bypasses. In order to prevent privileged information from falling into the wrong hands, enterprises must educate their teams on the dangers of unmanaged SSH keys, and also avoid cutting corners. According to Security Intelligence, enterprises must understand and detect risks, secure credentials and recover them after an incident.

Amazon needs Zero-Trust PAM

photo1

A leading Enterprise and Cloud journalist has shared his two cents on Amazon’s Identity and Access Management (IAM). Writing for Forbes, Louis Columbus commented that Amazon had done well to centralise identity roles, but would need to go further to make Privileged Access Management secure at enterprise level. Currently, Amazon Web Services provides a free baseline level of support for its IAM services, but Columbus says this is not enough for businesses looking to operate in multi-cloud environments.

Enterprises prepare for strong customer authentication

photo5

September 2019 will see the launch of a new ecommerce authentication law as set out by the EU. Strong customer authentication, otherwise known as PSD2, will require all customers buying and banking online to use two-factor authentication to identify themselves, for example password and fingerprint. Enterprises around the EU are now trying to identify the banks that recognise the new law so that they can transition effectively without fines.

Imperial College London launches new international cybersecurity centre

photo4

A London-based university has announced the launch of a new cybersecurity centre which will unite the UK, US and Japan. During a launch meeting in Tokyo, proponents of the new centre said it would bring together experts in the field to tackle emerging challenges in cybersecurity. Issues that the centre will tackle involve security for large-scale events, such as the forthcoming Tokyo 2020 Olympics. The centre has five founding institutions, including the University of Maryland, Keio University and Royal Holloway.

Shoppers warned of new threat ahead of Amazon Prime Day

photo3

Cybersecurity experts have warned shoppers and companies to be careful when shopping on Amazon Prime Day this July. A prominent antivirus company has released information on a new phishing technique that hackers may be using to steal thousands of customers’ data. The phishing tool invites customers to click on a link to a website through an email, and then encourages them to enter personal data. Amazon has offered its shoppers tips to stay safe.

2018 cybersecurity investment trend cannot be matched

photo2

2018 saw a record investment in cybersecurity, according to FinTech Global. Following three large transactions in Hong Kong, 2018 saw the biggest investment in cybersecurity in history, valued at £6.9 billion. Now however, experts are saying that the same investment is not to be expected in 2019, having hit just $3.1 billion in H1. However, this is due to much smaller companies making smaller investments, rather than a downward trend in cybersecurity. 2018’s record was linked to a $500m investment from AI company SenseTime.

Cloudflare denies outage was attack

photo1

Hundreds of enterprises faced website downtime in July as it was reported that Cloudflare had experienced a major outage. Notable companies affected included Dropbox, Shopify and Zendesk, which in turn affected many businesses using their services. Content delivery network provider Cloudflare suffered two outages within the same week, and was subject to rumours that the outages were caused by a DDoS attack in China. However, the company claimed that the outages were down to a bad software deployment that was promptly rolled back. The company categorically denied an attack in their blog.