Cyber criminals are increasingly targeting small and medium sized businesses (SMBs) in the belief that they have not invested in the security technology required to thwart attacks. In fact, 43% of cyberattacks are aimed at SMBs. Cybercriminals are rational, profit-driven and highly organised: they know that attacking easy targets can result in a bigger aggregate pay-day.
Modern customer demands and evolving technology capability mean smaller businesses are seeking digital transformation as eagerly as their enterprise counterparts.
In the UK, for example, a recent survey by the Federation of Small Business (FSB) suggests that in the past three years, 69% of companies have either brought an entirely new product to market (25%), improved existing products (38%) or improved or introduced new internal or customer-facing processes (25%).
The IT community of late has been freaking out about AI data poisoning. For some, it’s a sneaky mechanism that could act as a backdoor into enterprise systems by surreptitiously infecting the data large language models (LLMs) train on and then getting pulled into enterprise systems. For others, it’s a way to combat LLMs that try to do an end run around trademark and copyright protections.
Most online users have experienced it. You do an online search for healthcare purposes, travel information, or something to buy and soon you’re being bombarded with emails and targeted online ads for everything related to your search. That’s because browser cookies were tracking you as you performed your searches; they identified you and your activity.
Over the past few years, the online advertising industry has been undergoing a sea change as regulators restricted how cookies can be used and browser providers moved away from their use in response to consumer outcries over privacy.
“They often feel surveilled; some even find it ‘creepy’ that a website can show them ads related to their behavior elsewhere,” according to a recent study by the HEC Paris Business School.
The New York Attorney General’s decision to sue Citibank last week for failing to reimburse customers who'd been victimized by fraud raised some interesting issues for business that go beyond just Citibank. Specificially, when should a customer be reimbursed for fraud and at what point do the customer’s own actions come into play?
To be clear, financial institutions have been routinely refusing to reimburse customers who have done nothing wrong. The far trickier issue is when the customer does indeed do something wrong.
In the name of security, the UK government may well have put a cybersecurity target on the nation’s back, with Apple once again warning that proposed changes to the Investigatory Powers Act 2016 are a “serious and direct threat to data security and information privacy.
“We are deeply concerned about the amendments to the Investigatory Powers Bill currently before Parliament, which will put the privacy and security of users at risk," Apple said in a statement. “This is an unprecedented overreach by the government and, if implemented, the UK new user protections could be secretly vetoed globally, preventing us from ever delivering them to customers.”
Another day, another hack of Microsoft technology. Ho-hum, you might think, this has happened before and will happen again — as surely as the sun rises in the morning and sets at night.
This time is different. Because this time the targets weren’t Microsoft customers, but rather the top echelons of Microsoft itself. And the hacker group, called Midnight Blizzard, or sometimes Cozy Bear, the Dukes, or A.P.T. 29, is sponsored by Russia’s Foreign Intelligence Service (and has been since at least 2008).
I’ve been a digital nomad since 2006. Since then, I’ve spent more time abroad than in the United States, working all the while, no matter where. And I’ve learned a lot about safety, security and privacy in specific locations on the European, African, and American continents — often the hard way.
Lots of people travel for business or vacation. The difference with digital nomads abroad (and bleisure and workcation travelers) is that you’re more likely to be carrying your most expensive electronics, more likely to be staying at an Airbnb than a hotel, and more likely to have your work disrupted if you lose work computers and devices (not to mention passports and your wallet).
My goodness, there's a lot to be said about Samsung's newly announced Galaxy S24 family of flagship Android devices.
Aaaaand, spoiler alert: We won't be saying most of those things here, in this column, today.
Now, don't get me wrong: Samsung's latest and greatest Galaxy models have tons of good stuff going for 'em. From the eye-catching hardware to the specs to end all specs, Samsung rarely holds back with its top-of-the-line Android offerings. And this year's devices appear to be no exception.
In many ways, privacy has become a bit of a conceptual buzzword — something that, similar to the AI craze of the moment, is as much about marketing a broad idea to people as it is anything specific or practical.
But all opportunistic hype aside, privacy absolutely does matter — once you dig in past that silly outer layer and actually think about what, exactly, you want to achieve. And here in the land o' Android, you've got plenty o' potential-packed possibilities to ponder.
Today, I want to draw your attention to one area where a teensy bit of effort can give you an awful lot of added privacy advantages — and that's in the ever-evolving domain of web browsing on your favorite Android gadget.
OpenAI is hoping to alleviate concerns about its technology’s influence on elections, as more than a third of the world's population is gearing up for voting this year. Among the countries where elections are scheduled are the United States, Pakistan, India, South Africa, and the European Parliament.
“We want to make sure that our AI systems are built, deployed, and used safely. Like any new technology, these tools come with benefits and challenges,” OpenAI wrote Monday in a blog post. “They are also unprecedented, and we will keep evolving our approach as we learn more about how our tools are used.”
Anyone who's eveer tried to unsubscribe to an email list knows that "unsubscribe" button never seems to work — except to verify your email account is working. But what if that failure arises from something more problematic than an unethical person ignoring the request?
What if it is the latest symptom of the overly distributed data problem?
That's the same issue that undermines compliance and legal discovery rules such as GDPR’s Right To Be Forgotten rule. It’s also the same problem that makes it all-but-impossible for enterprises to have current and comprehensive datamaps.
Microsoft has eased us into the new new year with just 48 updates for the Windows, Office and .NET platforms. There were no zero-days for January, and no reports of publicly exposed vulnerabilities or exploited security issues.
Developers of complex, line-of-business applications might need to pay particular attention to how Microsoft has updated the Message Queue system. Printing has been patched and minor updates to bluetooth and Windows shell sub-systems (shortcuts and wallpaper) require some testing before deployment.
The team at Readiness has crafted a useful infographic that outlines the risks associated with each of the updates for this January release.
For Apple-using workers on the go, especially if you frequent shared co-working spaces or public places, don't assume you're as secure as you think you are.
Co-working spaces are particularly under threat, in part because criminals have already figured out that the people using them are good targets for data theft, ransomware, and more.
They’ve also realized that at least some of those working from such spaces might well be part of, or connected with, larger corporate entities — meaning a successful data heist could unlock the gates to greater and more profitable kingdoms. There are useful resources from government and industry aimed at helping workers lock down their devices and data. In the US, for instance, the National Institute of Standards and Technology has published a useful guide to explain some of the risks, while the US Office of Personnel Management offered up even more useful advice.
Enterprise IT for the last couple of years has grown disappointed in the economics — not to mention the cybersecurity and compliance impact — of corporate clouds. In general, with a few exceptions, enterprises have done little about it; most saw the scalability and efficiencies too seductive.
Might that change in 2024 and 2025?
Apple has begun talking about efforts to add higher-end compute capabilities to its chip, following similar efforts from Intel and NVIDIA. Although those new capabilities are aimed at enabling more large language model (LLM) capabilities on-device, anything that can deliver that level of data-crunching and analytics can also handle almost every other enterprise IT task.
Subscribe to Computer World Security feed
Tim Weil is a Security Architect/IT Security Manager with over twenty five years of IT management, consulting and engineering experience in the U.S. Government and Communications Industry. Mr. Weil's technical areas of expertise include IT Security Management, Enterprise Security Architecture, FISMA Compliance, Identity Management, and Network Engineering. Mr. Weil is a Senior Member of the IEEE and has served in several IEEE positions.