The annual week-long RSA security conference in San Francisco that ended Friday attracted experts from around the world who talked about cyber trends. According to CIO Dive, officials from the SANS Institute, an IT security training company, detailed three threats to watch out for:
First, insecure data being held in the cloud is being targeted by criminals. A prime example, by coincidence, was revealed last week: A security researcher found 48 million records held on an insecure Amazon S3 storage bucket owned by a business data search service called LocalBlox. That company scrapes personal data from several web sites, including Facebook and LinkedIn. LocalBlox told ZD Net that most – but not all – of the names are fictional and used for testing. There have been other leaks of data that companies put on S3. To stop this, organizations must have policies forcing employees to completely secure corporate data they put in the cloud.
The second trend is something we’ve reported on several times: Criminals pushing malware that installs crypto-mining software on the computers and smart phones of unsuspecting users. Companies and individuals have to keep a better eye on outgoing traffic on their machines.
The final trend is cyber infiltration of infrastructure and industrial code. Again, by coincidence the United States and the U.K. last week accused Russia of supporting groups that exploit network infrastructure devices such as routers and switches.
Also during the conference, Kaspersky Lab cautioned that popular dating apps may be doing more than linking to possible partners. The security firm’s researchers found some apps are transmitting unencrypted personal data over the insecure HTTP protocol. That data can be intercepted by anyone online. What do to? Check your app permissions. Don’t grant access to something if you don’t understand why. Most apps do not need access to your location, so don’t grant it. And use an application called a Virtual Private Network, or VPN, that encrypts traffic.
Finally, a professional association called ISACA, which represents those who oversee Information Systems Audits and Controls, issued research about the ongoing cyber security skills shortage. Fifty-nine per cent of respondents said their organization has open infosec positions. More than half say it takes at least three months to fill those jobs. But there’s a dangerous gap in how men and women in cyber security see their career opportunities. Eighty-two per cent of men surveyed think women have equal career advancement in security. Only half of women agreed. That’s a 31 per cent gap in perception. It isn’t healthy.