Mobile app developers: Make sure your back end is covered

Application security isn’t just a developer’s problem. IT staff and the security team also have roles to play in setting up the infrastructure and implementing security controls. When IT administrators forget the security basics for the app’s back-end servers, they undermine the developer’s good security decisions.

Researchers at mobile security company Appthority recently analyzed apps installed on enterprise devices (including both mobile devices issued and managed by enterprise IT as well as personal devices in a BYOD scenario) and found more than 1,000 apps where data was being exposed because the apps’ backend servers lacked security controls. The servers, which hosted databases for storing user data and analytic tools to mine and analyze collected data, didn’t have firewalls, did not require authentication, and was publicly accessible from the internet.

To read this article in full or to leave a comment, please click here

from CSO Online Data Protection http://www.csoonline.com/article/3200367/application-security/mobile-app-developers-make-sure-your-back-end-is-covered.html#tk.rss_dataprotection

IDG Contributor Network: May 18th: The birthday of the DPO

What does May 18th, 2018 mean to you? If you conduct business with European individuals or businesses it is time to hire a Data Protection Officer (DPO). The European General Data Protection Regulation is 11 months away. This regulation is intended to strengthen and unify data protection for all individuals within the EU. It addresses the export of personal data outside the EU. The primary objectives of the GDPR are to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.  

This regulation embodies the nexus between privacy and cybersecurity via “protection’. GDPR will eliminate plausible deniability as the penalties for non-compliance i.e. lack of protection will equate to 4% of revenue. This is a game changer. No longer will cybersecurity be viewed as an expense ; now it will become a functionality of conducting international business.

To read this article in full or to leave a comment, please click here

from CSO Online Data Protection http://www.csoonline.com/article/3199667/data-protection/may-18th-the-birthday-of-the-dpo.html#tk.rss_dataprotection

How computer security pros hack the hackers

The long, awkward silence is always the first sign that a previously over-confident hacker realizes he’s suddenly become the victim. It happens every time.

The malicious hacker had been firing his “ion cannon” at my network address trying to overwhelm my home computer and internet connection. I had sent him an email the day before letting him know that I knew who he was, what he did for a living (he was a budding wedding photographer), his name (Rick), and that he was newly married to a beautiful girl. That’s enough to frighten off most hackers, but sometimes, like Rick, they persist.

On his private, Tor-protected instant messaging channel, Rick was telling his buddies that he was getting ready to launch an even bigger distributed denial-of-service (DDoS) attack against me. He had been using a child-like hacker tool, but now he was thinking of paying a professional hacking service to attack me.

To read this article in full or to leave a comment, please click here

from CSO Online Data Protection http://www.csoonline.com/article/3199548/security/how-computer-security-pros-hack-the-hackers.html#tk.rss_dataprotection

Google uses machine learning for new security features in Gmail

Google has pushed four new security features to enterprise users on G Suite, the search giant’s hosted business offering. The new protections come shortly after Citizen Lab report exposed a Russia-linked Phishing and disinformation campaign using Google services, including Gmail.

Google makes no mention of the Citizen Lab report in their posts on the new security features, but many of the protections take aim at common Phishing techniques used to steal data and credentials.

The Citizen Lab report describes a Phishing and disinformation campaign by Russian actors, which targeted more than 200 people across 39 countries.

To read this article in full or to leave a comment, please click here

from CSO Online Data Protection http://www.csoonline.com/article/3198996/security/google-uses-machine-learning-for-new-security-features-in-gmail.html#tk.rss_dataprotection

Proposed ‘hack back’ law would not have stopped WannaCry

On Monday, the Financial Times published a story concerning a proposed bill form Representative Tom Graves, a Republican from Georgia’s 14th district.

Graves has proposed changing the Computer Fraud and Abuse Act (CFAA) to allow organizations to fight back when being attacked online. But is this a smart, or even workable solution for enterprise operations?

To read this article in full or to leave a comment, please click here

from CSO Online Data Protection http://www.csoonline.com/article/3198490/security/proposed-hack-back-law-would-not-have-stopped-wannacry.html#tk.rss_dataprotection