Week in Review 14th July 2017

A license to hack

The Singapore government may soon require hackers to get a license.

As part of a draft bill that will make sweeping changes to Singapore’s national cybersecurity regime, already rated the world’s best by the International Telecommunication Union (ITU), hackers who conduct investigative work such as penetration testing—probing systems for holes in their security—will be required to obtain a license. The same goes for specialists conducting forensics work.

Anyone caught hacking without a license could be facing 2 years jail time and a hefty fine.

In theory it’s may be a good idea… actually I’m struggling to think as to any good reason why this is a good idea. The definition of hacking is very wooly at best. Changing a character in a URL could be perceived as parameter tampering, or it could be a genuine mistake. And would tools need to be licensed too?

Of course, rules never hurt the bad guys, they will presumably still carry on doing what they’ve always been doing.

Visualising The Information Tracking Superhighway

Remember when the internet was often referred to as the information superhighway? Well, it probably still is, except the real juicy information is heading in the opposite direction.

But just how much information is being tracked? Whatever your guess is, you should probably double it. This visualisation does a great job of showing just how much tracking is going on, and the biggest culprits.

The future of privacy looks pretty bleak.

When Cyber crime hits the books

What is the real cost of a cyber security attack? Many guesses and estimates have been thrown out. Some believe each breach costs companies multi-million dollars, while others believe it is almost negligible with no immediate impact on share price.

But Reckit Benckiser Group in its last annual report ranked cyber security as eighth on the top 12 biggest specific risks it faces.

That danger became real when the consumer goods giant was hit by the Petya attack last month.

Reckitt said this will probably cost it 2pc of second-quarter sales, some of which will never be recovered. It's tempting to see this as an unlucky one-off. That would be too kind.

At last, the true cost of cyber crime turns up on the books

The Uber of Umbrellas

I imagine that investors must be sick to their back teeth of pitches that start off with, “We’re like the Uber of x…”

But why not, crowdsourcing and sharing seem to be fashionable at the moment. So it isn’t necessarily surprising to see all manner of companies looking to pursue this route.

What is surprising is when a Chinese-based company was able to get its plan off the ground to invest in 300,000 umbrellas to share.

Just because you can do something, it doesn’t necessarily mean something should be done. The company ended up losing most of its 300,000 umbrellas in three months.

Chinese Umbrella sharing startup lost 300,000

Apple sets up China data center to meet new cyber-security rules

Apple is the first foreign firm to announce amendments to its data storage for China following the implementation of a new cyber-security law on June 1 that requires foreign firms to store data within the country.

Overseas business groups said the law's strict data surveillance and storage requirements are overly vague, burdening the firms with excessive compliance risks and threatening proprietary data.

It will be interesting to see what other companies follow suite and setup Chinese data centres. But it’s also a good insight into how global organisations are significantly impacted by local legislation.

Apple sets up China data center to meet new cyber-security rules

Net Neutrality

Like a blast from the past, well 2014 to be exact, the net neutrality fight is back. With companies like Netflix, Google, Reddit, Amazon, Twitter, and Facebook amongst others taking their virtual banners and marching down the streets.

Even Tim Berners-Lee posted a video about it.

Bupa Data Breach

In a case of another insider hit is Bupa, the international healthcare group with a presence in 190 countries. It's been stung by a data breach, after an employee inappropriately copied and removed information from one of the company’s systems.

The data includes the names, dates of birth and nationality of customers, as well as some contact and administrative information such as membership numbers of some 108,000 customers.

Companies across all verticals and of all sizes should invest in security controls. Risks can materialise from many angles and in many guises. With so many successful attacks in recent years, ignorance is no longer an excuse for ineffective security controls.


Article Link: http://feeds.feedblitz.com/~/397598328/0/alienvault-blogs~Week-in-Review-th-July