On July 19, Visa posted an important and timely security alert regarding“Chatbots”. In a nutshell, Visa says that due to the rise in online and mobile commerce, AI and chatbots (both text and voice) have become increasingly important to payment system companies to handle increasing call volumes. With that said, Visa goes on to say that they have become aware of attackers targeting these online chat service providers and distributing malware to intercept payment card data.Read More
Privacy and protection of personal information has almost always seemed like it should be a basic human right everywhere in the world, not only in the European Union where it has long been acknowledged as such. Within the last 10 years, however, that notion has been blurred by social media, the rise of online shopping, and subsequently the hacking of just about everything that lives on the Internet. For the longest time people have sort of just accepted this overreach and misuse of their personal information as the price you pay for using the Internet. Sure, maybe they delete Facebook for a while or change their passwords, but now that is starting to seem like it is not enough and governments from around the world are beginning to step in, in a big way.Read More
Hi folks, my name is Tim McCreight and I’m a new member of the Risk, Security & Privacy practice here at Online. I wanted to take this opportunity to introduce myself to a new audience and write about one of my favourite topics in the security industry – Risk!Read More
By now, most of the world has heard about the alarm pertaining to a zombie alert in Lake Worth, Florida. Do we think that zombies were getting their day in the sun, or could it possibly be that whomever was responsible for writing the power alert application (or for testing it) was in some sort of zombie state at the time?Read More
Neighbors, babysitters, handymen, even family members; your backyard, upstairs deck, even your own front door…
Statistics show the vast majority of burglaries and theft, especially identity theft, are perpetrated by a household acquaintance or family member. The US Department of Justice says that “Offenders were known to their victims in 65% of violent burglaries; offenders were strangers in 28%.” Similarly, any Google search yields countless articles listing front doors, backyards, and ground floor windows as the most common points of entry for burglars.Read More
With RSA Conference 2018 behind us, we asked Onliner Derek Nwamadi to share some of his observations from the conference floor.
This year’s RSA Conference did not disappoint. Once again attendees were treated to a great line up of presentations, events, and an always impressive expo floor. Looking back at my week at RSA, one word kept coming to
Trust; we seem to be living in an age where we are technology and data rich but trust poor.
As always, there are some technologies and buzzwords that become industry hot buttons and generally drive it for the rest of the year (more on that later).
It’s not uncommon for me to be asked how often an organization should review its own InfoSec alerting framework and library. My answer usually goes as follows: Like so much of security, nothing is straightforward, but there are some fundamental best practices that provide critically helpful guidance. The bottom line is that Threat Detection and Response (TD&R) management is really a lifecycle operation.Read More
Over the past decade, the level of attacks, breaches, and potential dangers to vital data have escalated to the point where organizations in every industry need to take measures to ensure their assets and technical infrastructure are safeguarded. A key part of that protection is having the continuous knowledge of where your environment is vulnerable and the type of risks that may threaten it. The approach you take to continuously monitoring for threats and vulnerabilities can vary based on a number of factors, such as existing technology, staffing, and internal processes. Not to mention the financial impact based on your organization’s resources and maturity. This leaves you with several critical decisions your organization should consider when determining an in-house, or outsourced approach to security operations.Read More
In Part One of my blog series aimed at breaking down each section of Online’s security policy, we looked at some general best practices surrounding the development of a security policy. This included answering the question of “why develop a security policy?” and went into detail about developing the scope of content contained within. Part Two analyzed the organizational roles and responsibilities needed to implement an effective security policy. Now let’s take a look at how Electronic Communication plays into an effective policy.Read More