The internet of things is being compromised by malware-wielding attackers exploiting default credentials baked into devices. What will it take for manufacturers to ship devices that are secure by default?
New federal guidance that describes processes in the current round of HIPAA compliance audits - which could lay the foundation for future rounds of audits - illustrates the massive amount of documentation demanded for these "desk audits."
The U.S. Office of Personnel Management breach continues to reveal such staggering levels of information security problems, paper-pushing and seeming incompetence that it's creating a new cyber-espionage category: the "victim-as-a-service" provider.
Initial reports suggested that Russian hackers could behind an attack against JPMorgan Chase, and perhaps other U.S. banks. While it's still far from clear who the culprits are, experts discuss the potential hacking motivations of a nation-state.
A multi-layered approach known as "context-aware security" is the most effective strategy for fighting both insider and external cyberthreats, says Gartner analyst Avivah Litan, who explains how this strategy works.
"With a company-issued device, you can issue a policy that says users have no rights of privacy over information on the device," says Javelin's Tom Wills. But with employee-owned devices? A whole new set of issues.
Anomaly detection and behavioral monitoring are minimum requirements or mitigating online risks, and the newly-issued supplement to the FFIEC Authentication Guidance highlights why banks and credit unions should be doing more, says Terry Austin of Guardian Analytics.
The FFIEC's updated online authentication guidance urges banks and credit unions to do better jobs of authenticating and identifying devices, areas that aren't bolstering the kind of security they could, says security expert Ori Eisen.
Now that the FFIEC's updated online authentication guidance is out, banking institutions need to move forward in preparation for 2012 compliance, says Julie McNelley, banking fraud analyst for Aite Group.