29.7.16

5 highlights from the ‘information security Olympic Games’

There is nothing quite like the Summer Olympic Games. Often described as one of the greatest sports events in the world, the spectacle of this historic sporting extravaganza, in terms of the pomp of the ceremony to the amazing feats achieved by the athletes, makes for captivating viewing.
In the spirit of this year’s event, which is being held in Rio de Janeiro, we thought we’d host our own little information security Olympic Games. Here are some standout moments.
1. Gold for shot put – Muscular data backup
Ransomware’s rapid rise in recent years has been reflective of its desire to secure its place in ‘cybercrime athletics history’ and its aggressiveness has been instrumental in making it a contender for this category. However, the sheer power and effectiveness of a data backup meant ransomware had no real chance of winning first place.
2. Gold for long jump – Complex passphrases
This prestigious medal was secured by passphrases that are long, complex and easy to remember. It has set a new standard in ‘long jump security’ that will be hard to beat in the coming years, meaning we can’t imagine easy passwords competing at this level again. We can all live with that.
3. Gold for high jump – Solid encryption

It is no surprise that encryption has long been vying for the top prize in this event. While there are some that doubt its talents, others have rightly recognized its potential. At these games, it leaped further than ever before, setting a new record. We predict that this security athlete is going to be a dominant force.
4. Gold for 100 meters hurdles – Proactive social media
Social media had it easy when it started out – cybercrime was not a major competitor, meaning it was able to dominate this sporting discipline relatively unchallenged. However, the latter has been busy stepping up its game and it’s now a serious threat. Nevertheless, social media picked up some top tips, helping it overcome the many ‘cyber hurdles’ in its way.
5. Gold for 100 meters sprint – Responsive Nato
Cyberattacks have busy working out in the ‘digital gym’ and, in turn, have become faster, stronger and more sophisticated. Luckily, Nato picked up on this, speeding up its cyber responsiveness. A well-deserved gold for the ‘100-meter cyberdefence sprint’ – it’s got a bright future ahead of it.
So, there you have it, an event to remember. There was a mix of highs and lows, some unexpected twists and turns, and lots of moments that have stopped us in our tracks. When it comes to the next Olympic Games in Tokyo, 2020, let’s hope that information security continues to succeed across the board and leave cyberthreats in last place eating cyber dust.

26.7.16

Auto industry publishes first ever cybersecurity best practices


The auto industry has published its first set of cybersecurity best practices, as it attempts to combat rising and future threats facing the connected car.
The best practices are designed to provide guidance on how individual companies can enhance automotive cybersecurity, focusing on seven key areas in particular.
“It’s expected that by the mid-2020s, virtually all new vehicles will have data connections.”
Areas with best practice guidelines include governance, risk assessment and management, security by design, threat detection and protection, incident response, awareness and training, and collaboration and engagement with appropriate third parties.
More than 50 automotive experts from around the world participated in creating the guidelines on behalf of the Automotive Information Sharing and Analysis Center (Auto-ISAC).
The working group – which includes members from nearly all of the major automakers operating in North America – was set up in late 2015 to share vulnerability information, carry out analysis and develop solutions that are beneficial to both the industry and its customers.
As reported by Forbes, it’s expected that by the mid-2020s, virtually all new vehicles will have data connections. Risks for connected cars could range from data theft to ransomware and – in the case of autonomous vehicles – cars being remotely controlled and crashed.  
“Automakers are committed to being proactive and will not wait for cyber threats to materialize into safety risks,” said Auto-ISAC chairman Tom Stricker of Toyota.
“The best practices initiative represents this commitment to proactive collaboration that our industry made when we stood up the Auto-ISAC last year. I’m proud of the way we have united in our endeavor to minimize the risks our consumers might face from cybersecurity and privacy threats.”
As ESET senior security researcher Stephen Cobb wrote last week, ‘jackware’, or ransomware in vehicles, is still a theoretical threat and not yet ‘in the wild’. But as the modern car adapts and evolves to include more onboard technology, best practices like these could prove crucial in fighting cybercrime in the industry.
To read Auto-ISAC’s findings in more depth, view the report’s Executive Summary.
Author Narinder Purba, We Live Security


http://www.welivesecurity.com/2016/07/25/auto-industry-cybersecurity/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Security%29