Things I Hearted this Week, 20th July 2018

July 20, 2018 | Javvad Malik
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

INFOSEC RECRUITING - IS THE INDUSTRY CREATING ITS OWN DROUGHT

We've all been blasted with many a report that infosec has a massive skills gap. But what if the problem doesn't lie with the lack of skilled professionals, but the hiring process itself?

Thomas Fischer makes a compelling argument, using some of his personal recent experiences from both sides of the hiring process.

GDPR

Did you think that discussions around GDPR were over? You thought wrong.

SEXTORTION SCAMS

A clever new twist on an on extortion email scam includes a password the recipient previously used at a hacked website, to lend credence to claims that the sender has hacked the recipients computer / webcam and recorded embarrassing videos.

TESLA

Elon Musk continues to make the headlines, sometimes for the right, and other times for the wrong reasons. But it's worth taking a look at the company's security. While there was the infamous email a few weeks back where Musk pointed the finger of blame to a rogue employee, it's not the first case of cybersecurity gone wrong in the company.

Tesla sued an oil-industry executive for impersonating Musk in an email. The trickster's goal was to undermine Tesla's energy-efficient transportation.

RELATED OLDER NEWS

So is Tesla more a car company or a software company that happens to make cars?

THOUSANDS OF MEGA LOGINS DUMPED ONLINE

Thousands of credentials for accounts associated with New Zealand-based file storage service Mega have been published online.

The text file contains over 15,500 usernames, passwords, and files names, indicating that each account had been improperly accessed and file names scraped.

Somewhat related, the NY Times has rolled out a new feature to secure subscriber accounts that locks accounts whose passwords have appeared in breaches.

WE'VE HAD A DATA BREACH... LET'S NOT TELL ANYONE

It’s a basic question in the face of a data breach: do we fix it and keep quiet? Or do we tell the world and risk the consequences. A major fuel company was recently confronted by this challenge, and their response and how they communicated it provides a worrying lesson for issue and crisis managers everywhere.

DEMYSTIFYING THE PUBLIC OR PRIVATE CLOUD CHOICE

Everyone wants to operate like a tech company today. Chances are, your business can’t thrive without improving how you do IT, and executives must decide where to house and process their data. Companies like Liberty Mutual are able to enter a new market in just six months and double the average sales rate, while government organizations are defying expectations with rapidly developed and deployed applications across the board from tax collection to war-fighting.

Your cloud strategy is going to be nuanced. A recent Forrester study found that just four percent of organizations run their applications exclusively in the public cloud; 77 percent of organizations are using multiple types of clouds, both on-premises and off-premises. So do you go the public or private cloud route? It can be a complicated question. Let’s look at some starting considerations.

RANDOMNESS

A few other stories I enjoyed reading recently.

Javvad Malik

About the Author: Javvad Malik
The man, the myth, the blogger; Javvad Malik is a London-based IT Security professional. Better known as an active blogger, event speaker and industry commentator who is possibly best known as one of the industry’s most prolific video bloggers with his signature fresh and light-hearted perspective on security. Prior to joining AlienVault, Javvad was a senior analyst with 451 Research providing technology vendors, investors and end users with strategic advisory services, including competitive research and go-to-market positioning.
Read more posts from Javvad Malik ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
GET PRICE FREE TRIAL