As the pace of technology innovation continues to quicken - including the ability to make payments via everything from Alexa to Facebook Messenger - risk-based security is imperative to maintain a frictionless customer experience, says Tim Ayling of Kaspersky Lab.
Many of the devices that go into so-called smart cities and buildings are not built to be secure, making it difficult for security operations centers to manage risk, warns Sarb Sembhi, CTO and CISO of Virtually Informed, who describes what needs to change.
The latest edition of the ISMG Security Report features Kevin McDonald of the Mayo Clinic discussing how to secure connected medical devices. Plus, updates on the indictments of Chinese agents for hacking and the unveiling of the Financial Services Sector Cybersecurity Profile.
Kevin McDonald, director of clinical information security at Mayo Clinic, spells out several steps for helping to ensure the security of medical devices, stressing there's no "silver bullet" that can do the job. He'll be a speaker at ISMG's Healthcare Security Summit, to be held Nov. 13-14 in New York.
Two years after Mirai botnets first appeared, security researchers say telnet-targeting botnets are attempting to compromise internet of things devices by pummeling them with 1,065 different username/password combinations. Some of these attacks are designed to install Linux DDoS malware.
Cryptojackers and eavesdroppers are continuing to exploit a one-time zero-day flaw in unpatched MikroTik routers, despite a patch that's been available for six months as well as the actions of a vigilante "gray hat" hacker who's forcibly "fixed" 100,000 vulnerable routers.
With at least 20 billion new consumer devices set to be internet-connected by 2020, initiatives in the U.K. and California are trying to ensure that as many IoT devices as possible will be out-of-the-box secure, for starters by not shipping with default passwords.
Millions of internet-of-things devices made by the Chinese company Xiongmai and sold in stores such as Home Depot and Wal-Mart still have glaring security problems, a security consultancy warns. The findings come two years after the Mirai botnet targeted Xiongmai devices.
As new payment options continue to emerge via mobile phones and internet of things devices, the PCI Security Standards Council is broadening its security efforts, starting with a new standard for contactless payments coming early next year, says Troy Leach, PCI SSC's chief technology officer.
IoT devices are increasingly becoming a way to pay for goods and services, shifting the "internet of things" to the "internet of transactions." Gord Jamieson of Visa Canada discusses steps the card network is taking to ensure these payments are secure.
The internet of things promises to change how enterprises operate - as well as the cybersecurity risks they will face. Robert Falzon of Check Point Software Technologies outlines IoT risks and how to prepare to mitigate them.
The threat landscape is changing as the industrial internet of things radically broadens the attack surface for critical infrastructure, says Kenneth Carnes, CISO for the New York Power Authority, who discusses how to address the shift.
Unknown attackers are intercepting every piece of data handled by more than 7,500 routers made by MikroTik, while also using another 239,000 compromised routers to serve as proxies, researchers say. It's a continuation of a wave of attacks that exploit a vulnerability patched by MikroTik in April.
The latest edition of the ISMG Security Report offers an update on how Russian bots and trolls are spreading misinformation on vaccines via social media - and the public health impact of the campaign. Plus: Tips on disaster recovery, internet of things security.