A few years ago, a news story about a man who was being paid six figures to watch cat videos went viral. Unfortunately, his company didn’t realize that this is what they were paying him to do all day. How did this happen? The employee, whom we’ll refer to as “John,” worked for a company in the US and was getting paid six figures as a developer.
There are many things within Information security that pundits have been claiming are dead, or should be killed by fire - passwords are usually found at the centre of such debates. But this isn’t a post about passwords, it’s a post about honesty, and trust. But let’s first take a look at the other side of the coin.
PCI DSS, or the Payment Card Industry Data Security Standard, is the set of regulatory requirements all organizations who process card payments must adhere to. Sounds simple enough, right? But PCI compliance can pose a major challenge to organizations if they’re not equipped with the proper knowledge and tools.
A lot could happen within 100 days. One could start a new company, travel around the world or train for a marathon. One hundred days is also around the average time that attackers spend frolicking around compromised networks before being detected. For countries in Europe, Middle East, and Africa the number goes up to 175, or almost half of a year. To make matters worse, the longer a breach remains undetected the more expensive it becomes.
The General Data Protection Regulation (GDPR) came into force in May 2018, and by the letter of the law, virtually every business in the UK needs to comply with it. However, there are still some misconceptions surrounding the law and what it means to organisations. This can lead to difficult situations where mistakes can be made.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. While not as main stream as Skype, Matrix has certainly gained a good following (one I’ve been personally watching for a few years myself). The announcement of a major breach via vulnerabilities in it’s Jenkins CI system do highlight that any door in will be taken and used to pivot into where the jewels really are.
