Smart Home devices are vulnerable to remote attacks

The number of connected devices in the average home is rising very rapidly. The Internet of Things (IoT), is likely to be the norm in the next couple of years. However the IoT can also contain many vulnerabilities and security issues.

Smart home devices may be vulnerable to attacks due to outdated software, or unpatched security flaws, or weak credentials according to a new report that was recently produced by Avast. This report can be accessed HERE.

16 million different home networks worldwide have been included in Avast’s study. The report focuses on 21 countries in North and South America, Europe, and the Asia Pacific region. 56 million devices were scanned as part of the study. Two out of five (40.8%) smart homes worldwide have at least one device that is vulnerable to attacks, out of which,69.2% are vulnerable due to weak credentials. The UK Government advocates that strong security should be built into internet-connected products by design.

In October 2018, the UK government published the Code of Practice for Consumer IoT Security to support all parties involved in the development, manufacturing and retail of consumer IoT. You can access this HERE.

Aditionally, the NCSC (National Cyber Security Centre) has called for the adoption of Secure by Default which covers the long-term technical effort to ensure that the right security primitivesare built in to software and hardware. Read that HERE.

Allocate your remaining 2019 Budget towards 2020 training

Working in the financial services field, the end of the calendar year can always be a bit stressful. There are a number of reasons for this, but one of the biggest is the “use it or lose it” paradigm that exists around budgets year-over-year. If you do not use the funds that have been budgeted, it is logically be assumed that you did not need them, and it will therefore not be allocated for the following year.

When this happens, one of the best ways to save your remaining budget is to allocate some of those left over funds by booking some of the next year’s training for your team before the current year-end. Whether it is a course, a conference, or something else, it is a great way to use the funds in a manner that supports the individual, the department, and the organization.

If you find yourself looking to book 2020 professional development opportunities with your 2019 budget, check out our course offerings at https://citadeladvantage.blogspot.com/p/public-course-schedule.html

If you are looking for online training check out our offerings at https://citadeladvantage.blogspot.com/2017/11/on-line-training-courses.html

Don’t forget to consider In-house training and the benefits that it brings. Get the low-down on In-house training at;

• Why training in-house makes sense - https://citadeladvantage.blogspot.com/p/in-house-training.html

• Benefits of In-house training - https://citadeladvantage.blogspot.com/p/blog-page_71.html

The New Realities of Cyber Risk Management: It’s Not Just an IT Issue

From CSA –

“Imagine you are the general counsel at a retailer involved in sensitive M&A discussions. You receive an email from one of the deal’s outside advisors. He says he needs some information about your company, the kind you’ve passed on before. You send it along — and later find that you were victimized in a sophisticated cyber-attack aimed at stealing sensitive information.

Or imagine you are the operations manager at a distribution center for an expanding restaurant chain. Shortly after a new contractor did some work in your facility to modify an automated system, you noticed a glitch in how your orders were processing. Turns out the contractor had poor cybersecurity controls, and their equipment infected your operation with malware.”

Read more>>

The Cultural Maturation of Cyber Risk Management

From GARP –

“Born from the perfect storm of 9/11, the Nimda worm, and Section 404 of the Sarbanes Oxley Act (SOX), the rise of the chief information security officer (CISO) has occurred at a lighting pace. Mega breaches have earned them a seat at the boardroom table, yet CISOs still struggle to articulate cybersecurity risk in a way that board members can understand.

To move past this, CISOs need to flex their leadership muscles and take a top-down approach to risk management – one that will likely require them to “unlearn” many of the best practices that got them to where they are.

It is a path with which the broader risk management profession is familiar: In the early 2000s, information security was mainly driven by compliance. Back then, CISOs were little more than glorified IT security admins.”

Read more>>