December 2018

13 data breach predictions for 2019

By | Date posted: December 19, 2018

 

…”Data breaches are inevitable at any organization. But what form will those breaches take? How will the attackers gain access? What will they steal or damage? What motivates them to attempt the attacks? CSO has gathered predictions from industry experts about where, how and why cyber criminals will attempt to break into networks and steal data during the coming year.”
Senior Editor, CSO

 

1. Biometric hacking will rise

The growing popularity of biometric authentication will make it a target for hackers. We will likely see breaches that expose vulnerabilities in touch ID sensors, facial recognition and passcodes, according to the Experian Data Breach Industry Forecast. “Expect hackers to take advantage not only of the flaws found in biometric authentication hardware and devices, but also of the collection and storage of data. It is only a matter of time until a large-scale attack involves biometrics either by hacking into a biometric system to gain access or by spoofing biometric data. Healthcare, government, and financial industries are most at risk,” said the report’s authors.

2. A cyber attack on a car will kill someone

The ability to hack and take control over a connected vehicle has been proven. Such a hack can not only turn off the car’s engine but disable safety features like…

Continue to read full article on CSO

 

 

 

API Security Critical to Federal IT Modernization Strategy

By | Date posted: December 5, 2018

 

…As Federal agencies seek to incorporate an application programming interface (API) strategy into their IT modernization initiatives, a word of caution: make sure you have API-specific security integrated into your IT infrastructure.

 

“Modern applications often involve rich client applications and APIs, such as JavaScript in the browser and mobile apps, that connect to an API of some kind (SOAP/XML, REST/JSON, RPC, GWT, etc.). These APIs are often unprotected and contain numerous vulnerabilities,” according to the OWASP report..

OWASP has identified five key steps for protecting APIs. The organization recommends that agencies should fully understand the threat model and what defenses they have in place, especially as it concerns the often overlooked APIs that are tying everything together. Their specific advice can be broken down into five major points. They include:

  1. Ensure that you have secured communications between the client and your APIs.
  2. Ensure that you have a strong authentication scheme for your APIs, and that all credentials, keys, and tokens have been secured.
  3. Ensure that whatever data format your requests use, that the parser configuration is hardened against attack.
  4. Implement an access control scheme that protects APIs from being improperly invoked, including unauthorized function and data references.
  5. Protect against injection of all forms, as these attacks are just as viable through APIs as they are for normal apps.

Read full article in Meritalk