In this week’s episode (#120): more than 100,000 U.S. voters submitted their ballots in the last presidential election via email in 2016. Despite that: hardly any attention has been paid to the security of email and online voting systems used by 32 states.
In-brief: RSA Conference is next week. The Security Ledger will lead two sessions looking at a hardware root of trust for Internet of Things, and the challenge of securing government data in an age of cloud computing.
Headline grabbing data breaches are such a fixture of our modern business environment that they’ve even spawned a knock-off market: phony data breaches designed to harm a company’s image by making it look as if the firm has lost control of critical data. That’s the conclusion of a research note from Deloitte, which warns that malicious actors are increasingly using false claims about massive data breaches to bedevil established firms – inflicting real economic and reputation damage.
It has become obvious (to me, anyway) that spam, phishing, and malicious software are not going away. Rather, their evolution (e.g. phishing-to-spear phishing) has made it easier to penetrate business networks and increase the precision of such attacks. Yet we still apply the same basic technology such as bayesian spam filters and blacklists to keep the human at the keyboard from unintentionally letting these miscreants onto our networks. Ten years ago, as spam and phishing were exploding, the information security industry offered multiple solutions to this hard problem. A decade later, the solutions remain: SPF (Sender Policy Framework), DKIM (Domain Keys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting & Conformance). Still: we find ourselves still behind the threat, rather than ahead of it. Do we have the right perspective on this? I wonder. The question commonly today is: “How do we identify the lie?” But as machine learning and data science become the new norm, I’m […]