Skip to main content

Tag: cybersecurity

CDW/IDC Canada report: Businesses facing unprecedented cybersecurity risks

Written by Carmi Levy on . Posted in Blog, StringN. No Comments on CDW/IDC Canada report: Businesses facing unprecedented cybersecurity risks

WORRYING NUMBERS, WORRYING TRENDS According to the 2023 Canadian Cybersecurity Study, businesses are under increasing pressure from cybercriminals as both the frequency and sophistication of attacks continue to escalate. Around 40% of respondents said they had faced more than 250 security-related attacks or threats throughout 2022. Just as concerning, approximately 10% of all cyberattacks over the same period were successful. Compared to the previous year’s report, the number of attacks resulting in a breach – defined as the unauthorized removal of data or files – increased by 130%....

Continue reading

LastPass breach: an historic – and likely ignored – cybersecurity lesson

Written by Carmi Levy on . Posted in Blog, StringN. No Comments on LastPass breach: an historic – and likely ignored – cybersecurity lesson

THE PASSWORD MANAGEMENT PROMISE Password management has always been a struggle between convenience and security, with end-users often using the same password across multiple systems and using passwords – such as names of pets or significant others – containing clues easily obtained from social media. Some will even use the same passwords for years at a stretch, which can extend vulnerability long after their authentication information has been compromised in a breach. Password management solutions like LastPass, 1Password, and Dashlane promise to address the weakest...

Continue reading

Cybersecurity staffing alert – Gartner sounds the alarm about stress and retention

Written by Carmi Levy on . Posted in Blog. No Comments on Cybersecurity staffing alert – Gartner sounds the alarm about stress and retention

IT’S A PEOPLE PROBLEM We tend to think of cybersecurity events, like incursions, breaches, and ransomware attacks, as largely caused by failures in technology. But Gartner’s figures paint a different picture where over-stressed cybersecurity leaders are increasingly thinking of quitting. The numbers also highlight how under-resourced employees are bypassing organizational protections and exposing stakeholders to unacceptable risk. The report suggests that by 2025, almost half of all cybersecurity leaders will have moved on from their current jobs – and 25% of them will exit the...

Continue reading

Threads privacy policies reveal need for better development best practices

Written by Carmi Levy on . Posted in Blog, StringN. No Comments on Threads privacy policies reveal need for better development best practices

HUNGRY, HUNGRY HIPPO Now that the first few heady weeks of Threads’ existence are giving way to the cold, harsh reality of long-term use, we’re beginning to get a better look at what lies underneath. And what we’re seeing – at least from the perspective of end-user privacy – merits additional discussion, because Threads collects significantly more data than competing apps in the microblogging space. While apps like Twitter, Mastodon, Hive Social, and Bluesky all have their own privacy policies, all of them are far less aggressive in their data collection.  It’s...

Continue reading

As business concerns over AI ethics continue to worsen, new best practices emerge

Written by Carmi Levy on . Posted in Blog. No Comments on As business concerns over AI ethics continue to worsen, new best practices emerge

EARLY AND BUGGY Since ChatGPT was first made available for public consumption in late 2022, it has served as the poster child for the generative AI revolution. It has also become something of a proving ground for millions of AI newbies still trying to figure out how all of this applies to them. But like any new technology, it comes with its own dark side. AI chatbots tend to “hallucinate”. Also known as going rogue, they can just as easily return outright lies the longer we interact with them. These imperfections are largely based on the fact that their training methods often...

Continue reading

Cybersecurity budgets fail to keep pace with intensifying threat landscape

Written by Carmi Levy on . Posted in Blog, StringN. No Comments on Cybersecurity budgets fail to keep pace with intensifying threat landscape

INFRASTRUCTURE INCREASINGLY UNDER THREAT The Suncor attack reflects the accelerating vulnerability of organizations in the infrastructure space – see Colonial Pipeline and JBS Foods for earlier examples of high-profile ransomware events that resulted in widespread consumer impact. It also comes on the heels of a warning from the Canadian Centre for Cyber Security (CCCS) that the oil and gas sector is increasingly being targeted by opportunistic cybercriminals. Barely two months ago, the Globe & Mail newspaper reported on pro-Russian claims that...

Continue reading

Massive Pentagon data leak shines light on insider cybersecurity risks

Written by STEP Software on . Posted in Blog, StringN. No Comments on Massive Pentagon data leak shines light on insider cybersecurity risks

NO LONGER JUST A GAME Massachusetts Air National Guard member Jack Teixeira, 21, was arrested last week for allegedly stealing the highly classified military documents and sharing them on a Discord gaming channel. The compromised data includes signals-based intelligence that could impact American information gathering efforts for years to come. In the ever evolving pantheon of major cybersecurity events, this ranks among the most damaging. What is especially troubling about this particular breach is the amount of time it took to be discovered. Military officials were unaware...

Continue reading

Twitter source code gets leaked online. Here’s why it matters.

Written by STEP Software on . Posted in Blog, StringN. No Comments on Twitter source code gets leaked online. Here’s why it matters.

THE SECRET SAUCE, NO LONGER SECRET The New York Times reported on March 26th that Twitter had sent a copyright infringement notice to GitHub. The company asked the developer forum to remove a repository containing what it said was leaked source code. GitHub removed the code the same day, and while it was not immediately known when the leak first occurred, the Times reported the code had been exposed for a number of months. The optics are troubling. Any leak of source code is worrisome for any company. For a software or platform company, however, it’s infinitely worse. Source code...

Continue reading

TikTok bans are a long overdue wakeup call for mobile security

Written by STEP Software on . Posted in Blog. No Comments on TikTok bans are a long overdue wakeup call for mobile security

A GATHERING STORM The Canadian move echoes similar moves in recent weeks by the U.S. government, the European Union, and at least half of all American states. It falls short of a full-on national ban, however such legislation has been proposed in the U.S. Nevertheless, this marks a serious foreign policy rebuke from Canada to China. The growing global turbulence around TikTok reinforces the disparity between its populist perception as a non-threatening app, and accusations that it represents a major security threat on a personal, organizational, and national level....

Continue reading

Italian ransomware attack highlights bad patch management

Written by STEP Software on . Posted in Blog, StringN. No Comments on Italian ransomware attack highlights bad patch management

TARGETING THE WEAK The newest attack impacted servers across Italy. At its peak, traffic was reduced to 26% of normal levels across the country. Servers in France, Finland, the United States, and Canada were also affected. The French cybersecurity agency, ANSSI, which issued the first alert on Friday, warned of continuing attacks against vulnerable servers in the days to come, and reiterated its guidance to administrators to patch their affected systems. So, in case we’re keeping score, here’s where we’re at: VMware identified a weakness in its products 2 years ago. The company...

Continue reading