FFT news digest Nov 16 2018

Bad habits getting worse

New research suggests most of us are pretty dreadful at staying safe when we're travelling. The survey by ObserveIT of more than 1,000 employees in the US found most of them prioritised connectivity and efficiency above security. More than three quarters said they used their work devices on free or unprotected WiFi networks, and more than half used unapproved, private devices to access work emails and data. The 'insider risk' is underlined by a separate survey in which 75% of respondents admitted reusing passwords across accounts, including work and personal. Such behaviour continues despite increased awareness among organisations of the importance of cybersecurity. There is no magic solution to this, but we believe strongly in the effectiveness of explaining how staying safe affects all of us in our private and our work lives. Creating that foundation for training ensures it makes sense to people in their lives as a whole.

Snake oil and the GDPR

Many unscrupulous businesses have sought to exploit the EU's new data protection regulation, the GDPR, but few are as disgraceful as a site calling itself the GDPR Non Compliance Register. The site encourages visitors to check whether a company is compliant with the GDPR and suggests up to £5,000 can be claimed from non-compliant organisations which have lost personal data. Reports say businesses have been receiving emails trying to scare them into paying to be removed from the 'register'. There's not enough space to list the ways in which the site is misleading but, obviously, any such emails should be referred to the UK's data protection regulator, the ICO. Meanwhile, for the first time, the ICO has successfully pursued a prosecution under the Computer Misuse Act rather than the Data Protection Act. As a result, a man working for an accident repair company has been sentenced to 6 months in prison for accessing customer records without permission - and continuing to do this when he changed jobs.

Cyber risk

Cyberattacks are seen as the key risk to doing business in Europe, North America and the East Asia and Pacific region, according to the World Economic Forum (WEF). The WEF's extensive survey found that, globally, cyberattacks are the 5th biggest issue, after unemployment, failure of national governance, energy price shock, and fiscal crises. In Europe, they are the top risk, perhaps not surprising since, as the WEF points out, the region has seen a sharp rise in the number of such attacks. According to the WEF, "We will look back at 2017 as the year that the world began to take seriously the potential extent of our vulnerability to cyber-attack disruptions." Despite this, a report from NTT Security says there has been "no real change in cybersecurity preparedness" and found a lack of focus and no clarity about where responsibility for day-to-day security lies.

Avoiding bad gifts

If you're considering giving an electronic device as a gift this year, the people behind the Firefox browser have produced a guide to which ones are too creepy for comfort. The guide looks at 70 popular items and found only 33 of them met Mozilla's minimum security standards. Among those that didn't were a sous vide cooking device, 2 drones and a baby monitor. For most of the other items, Mozilla was unable to confirm the exact security status. Obviously, there are many thousands of internet-connected devices so Mozilla's survey only scratches the surface of the issue. But we think it's an excellent way of highlighting some of the considerations to take into account when deciding what to spend money on. One general rule does apply; devices aimed at children tend to be poorly secured. In the latest such example, researchers found they could easily access data from a location-tracking smartwatch because its security was so poor.

Ransomware

There's been a 500% increase in ransomware attacks against Apple devices, according to backup provider, Datto. Its State of the Channel: Ransomware Report surveyed companies providing managed services to small and medium sized businesses. In the first 6 months of 2018, 9% had seen ransomware on both MacOS and iOS devices. Respondents described lack of cybersecurity training as the key reason for ransomware success, saying "employees today are largely unprepared to defend themselves against these attacks." They said phishing emails were the top ransomware delivery method, followed by malicious websites, web ads, and clickbait. The report underlines the importance of having a multi-layered defence to protect against ransomware and, above all, a comprehensive backup and recovery plan.

Defeating fingerprint ID    

We're frequently asked whether biometric data such as fingerprints are a good way to authenticate someone's identity. The short answer is that they are...despite their inherent flaws. In the case of fingerprints, it's four years since hackers demonstrated how to fake the German Defence Minister's fingerprints using some high-definition photographs. Now, researchers from New York University have managed to create artificial fingerprints that amount to a "master key" for biometric identification systems. In a paper, they showed their system managed to achieve a success rate far higher than should have been possible. Part of the reason for their success is that fingerprint readers only scan part of the finger, rather than requiring the time-consuming process of examining all of it. Together with the fact that some fingerprint features are common, their findings mean that it might not be possible to break into a specific account, but it could be effective on a mass scale. So we're not suggesting anyone stops using TouchID but it's worth being aware of the issue.

In brief

Security journalist, Brian Krebs, has a warning not to lose control of domain names. As he explains, "domains have been getting scooped up by crooks who use them to set up fake e-commerce sites that steal credit card details from unwary shoppers."

Venezuela is building a system to monitor the behaviour of its citizens with the help of Chinese telecoms company, ZTE. Reuters reports the "fatherland card" is being linked to subsidised food and health.

The European Commission has told Romania not to abuse the EU's new data protection regulation. The warning comes after the Romanian data protection regulator threatened to fine investigative journalists unless they revealed their sources.

What happens to the data people give to dating apps? Artist and researcher, Joanna Moll, can tell you because she bought 1 million dating profiles for the princely sum of €136. As well as deeply sensitive information, the data included almost 5 million photos.

Would you put one of Facebook's Portal devices in your home? On diverse websites, reviewers explained why they wouldn't. The Wall Street Journal's reporter said, "I just couldn’t bring myself to set up Facebook’s camera-embedded screen in the privacy of my family’s home.” 

Japan's minister in charge of cybersecurity has told a parliamentary committee that he doesn't use computers. Yoshitaka Sakurada, who's also in charge of planning for the Olympics, said that, since the age of 25, secretaries and employees had handled such tasks for him.

Updates

Microsoft: Monthly set of updates includes fixes for vulnerabilities in 32-bit Windows 7 versions and Windows Data Sharing Service. There is also guidance for configuring BitLocker to enforce software encryption on solid-state drives (SSDs)

Adobe: 3 updates for vulnerabilities in Adobe Flash Player 31.0.0.122 and earlier, Adobe Photoshop CC for Windows and MacOS, Adobe Acrobat and Reader for Windows.

SAP: 11 new Security Patch Day Notes. Most serious addresses vulnerabilities in SAP HANA Streaming Analytics.

Firefox: Mozilla rolls out data breach monitor to desktop app. Tool provides alert if a user visits a site that has been breached in past 12 months.

Final Cut Pro X: Major update integrates third-party apps directly into editing interface. First "workflow extensions" are Frame.io, Shutterstock, and CatDV.

Full Frame Technology

What we do 
Who we are 
Need to know
Privacy Notice
Website terms

Address

152-160 City Road
London, EC1V 2NX

Contacts
Email: info@fullframetech.com
Phone: +44 (0) 20 3290 2205
Support: +44 (0) 20 3290 2207

Company registration no. 10243217

© Copyright 2021 Full Frame Technology - All Rights Reserved