#CyberFLASH: BlackBerry launches cheaper Android smartphone

blackberry-dtek502.jpg.size.custom.crop.650x650Blackberry is a launching a new smartphone, the DTEK50, which it is billing as the world’s most secure Android phone.

A full touchscreen device, the DTEK50 runs Android Marshmallow 6.0 and promises to use BlackBerry’s expertise to allow users more control over security and privacy of their phones.

“We take our customers’ privacy seriously,” said Ralph Pini, BlackBerry’s chief operating officer, in a statement. “DTEK50 merges the unique security and connectivity features BlackBerry is known for with the rich Android ecosystem.”

The DTEK50, which is priced at $429, comes with a 5.2-inch full HD display, a micro-SD card slot that supports up to 2TB of added storage, a 13 MP rear camera and 8 MP on the front.

The name DTEK comes from an app that made it debut on the Priv, which allows users more control over what happens with the phone’s apps, with a security and privacy focus. There is a programmable key, a physical button on the device — a throwback to older products — which users can assign a function to, (for example, turning on the phone’s flash to use as a flashlight).

In terms of security, BlackBerry is pitching a full service ecosystem that starts with the company hardening the Android kernel (the basis of the phone’s software), rapid security patches for new malicious threats and a secure boot process that ensures your phone has not been tampered with since the last restart.

Read more here

#CyberFLASH: Cyber security among issues Canadian CEOs are most worried about

ceo-office-boardroom-window-550215701-ezra-bailey-getty-compressorThe chief executives of Canadian companies aren’t yet in panic mode, but the stresses of a terrible dollar, tanking oil and a tepid economy are making them more pessimistic than normal. According to a recent survey of 49 Canadian CEOs by professional services firm PricewaterhouseCoopers, 31% believe the global economy will become weaker in 2016. When asked the same question last year, only 9% of respondents agreed.

Their growing pessimism squares with the experience of CEOs everywhere; only 27% of the 1,409 chief executives around the world interviewed by PwC said they were confident that global economic conditions would improve. The survey—officially titled the 19th Annual Global CEO Survey—was completed during the fourth quarter of 2015.

While the sample of Canadian CEOs surveyed by PwC is small, their responses shed some light on what else is on the mind of our country’s top executives. Among the findings:

  • 76% of Canadian respondents say they will implement “cost-cutting measures” this year; that’s 68% higher than their international peers.
  • 80% are concerned about their tax burden, up from 68% in the 2015 survey. Many are also concerned about Canada’s looming debt burden, and the implications of a sluggish economy paired with falling tax revenues.
  • A whopping 92% of Canadian respondents agree that “business success in the 21st century will be defined by more than financial profit.” They’ve observed that more of their clients expect them to be good corporate citizens and do more to tackle important issues—yet those clients are reticent to absorb extra costs for it.
  • Perhaps in response to the above point, 80% of respondents are using new, non-financial metrics to report the value they’ve generated to their stakeholders.
  • The overwhelming majority of respondents (90%) said they made significant changes to their branding and marketing strategies in 2015.
  • Recruitment and talent retention are becoming more dynamic. Some 65% of respondents understand that top talent prefers to work for organizations with social values which are aligned to their own. (A related challenge they’re met with is accommodating “a new generation of digital natives” who are getting ready to move into positions of power.)
  • 61% of respondents say that cyber security is the biggest potential business threat to their organization’s growth prospects, topping availability of key skills (cited by 49% of respondents), volatile commodity prices (43%) and consumer spending behaviours (43%).

Read more here

#CyberFLASH: Security predictions 2016: More ransomware, tougher cyber insurance

image-2Twelve months ago when I became ITWorldCanada.com’s contributing writer on cybersecurity the state of things was pretty bleak: 2014 marked another record year of data breaches, there was no miracle technology that would seal the cracks in an enterprise and every expert was predicting attackers would find new ways to get around defences.

As I look ahead to 2016 every expert I talk to says attacks will continue to find new ways of getting around defences, there’s no miracle technology coming that will seal the cracks in an enterprise and it will probably be another record year of data breaches.

In the face of that what’s a CISO to do?

For one thing, continue sealing the cracks in the enterprise the old-fashioned way: Security awareness training, using two-factor authentication wherever possible, network segmentation, limiting the number of people with administration privileges and access to sensitive data, patching, increase spending on intrusion detection and prevention (including analytics), be part of a threat intelligence (either formally by buying a service, or informally with colleagues) and solid backup and restore. On top of that, have a tested disaster recovery plan.

In addition, be aware of certain trends experts say will mark 2016 as different from the year before. Here’s some of them:

–The evolution of technology means IT departments more than ever have to understand what business units want, and then propose secure ways of doing it, says Bob Hansmann, director of security analysis and strategy Ratheon Websense security labs.

Read more here

#CyberFLASH: Four steps to improving confidence in IT security

139786349-620x250am often struck by surveys — some of them vendor-funded — that purport to show that C-level executives, including CISOs, don’t have faith their enterprise can have any effect on cyber threats.

For example, earlier this year in a global survey of security pros three-quarters of respondents said they believe their organization has a significant cyber risk exposure. Almost two thirds of respondents rated their enterprise as inadequate in ability to identify,
detect, respond, and recover from threats.

Are these real fears or worries exacerbated by the daily reports of breaches around the world? Probably both. But in a blog Alan Cohen, chief commercial officer for security vendor Illumino warns that fear can lead to a sense of insecurity which can lead to paralysis in infosec leaders — which could trickle down to the rest of the IT staff.

He suggests taking four steps to restore business and IT confidence in security

1. Security teams need to involve and get the support of other IT functions;

2. Security has to be a catalyst, not an obstacle, to business units;

3. Breaches must be found rapidly through actionable intelligence;

4. If you can’t prevent all beaches, at least contain them.

Read more here 

#CyberFLASH: Why aren’t we talking about data security?

computer-laptop-keyboard-852With Canada’s federal election proceeding apace, and so many issues left uncovered within the scope of recent and upcoming debates, this column is focusing on tech policy issues that I think deserve further attention.

I draw the candidates’ attention to the issue of information security and data privacy.

It’s no secret that scads of data from ­infidelity-themed website Ashley Madison were released recently by a hacker group called Impact Team. Now this information is out in the wild, causing widespread panic.

As data security expert Troy Hunt said, “This incident needs to be approached with the understanding that for many people, this is the worst time of their life and for some, it feels like the end of it.”

That personal havoc would certainly go a long way toward explaining the suicides possibly linked to the hack.

But the Ashley Madison hack is only one episode in an ongoing story about how the Internet is broken, in large part because everything is broken.

As Quinn Norton, a journalist who covers the hacker culture, points out, “It’s hard to explain to regular people how much technology barely works, how much the infrastructure of our lives is held together by the IT equivalent of baling wire.”

The Ashley Madison hack, and other high-profile hacks, are just symptoms of an ongoing disease that poses a real threat to the quality of life for everyday people online.

Systematic attacks on personal information are nothing new, online. But they are becoming more popular, in part because news media are covering them more. Stories like the Ashley Madison story, or the Sony hack, or the Jennifer Lawrence and other Hollywood nudes, are almost impossible to resist. They’re the stuff that a gossip columnist’s dreams are made of. They also carry the promise of the illicit, of seeing the unseen and knowing the unknown, the seductive pull that makes all hacking attractive.

Read more here

#CyberTRAX: Ten ways to prevent a data breach and protect your small business

Apple Hosts Event At Company's Town HallToday, virtually all businesses collect personal information about customers, employees and others. This information is valuable to hackers – evidenced by the increasing frequency and severity of data breaches across the globe.

Big businesses are not the only ones who are vulnerable. Small and medium-sized businesses with fewer data security resources are often targets for cybercriminals. In fact, research we’ve conducted with the Ponemon Institute shows that more than half have experienced a data breach and nearly three out of four report they can’t restore all their data.

The good news is that businesses can take steps to protect themselves from destructive cyber intrusions. To preempt hacking activity, you must think like a hacker. Here are a few tips to get you started.

1. Think beyond passwords. Never reuse them and don’t trust any website to store them securely. To increase the level of security, set up a two-factor authentication for all your online business accounts. This authentication relies on something only you should know (your password) and authenticates something only you should have (typically your phone) to verify your identity.

2. Stop transmission of data that is not encrypted. Mandate encryption of all data. This includes data at “rest” and “in motion.” Consider encrypting email within your company if personal information is transmitted. Avoid using WiFi networks, as they may permit interception of data.

3. Outsource payment processing. Avoid handling credit card data on your own. Reputable vendors, whether it’s for point-of-sale or web payments, have dedicated security staff that can protect data better than you can.

Read more here

#CyberFLASH: Beware the privacy and security risks of the Internet of Things

100041799-620x250The Internet of Things (IoT) may offer vast improvements in convenience and efficiency, but how secure is it, and do we need to protect ourselves from it?

The US Federal Trade Commission (FTC) released a report last week exploring these issues, as they relate to consumers. Based on a workshop in November 2013, the report, Internet of Things: Privacy & Security in a Connected World, highlights several risks, and makes some recommendations, which should be of interest to Canadian businesses and legislators as well.

For instance, consumers may have to contend with unauthorized access and misuse of personal information via the IOT, the report warned, adding that devices could also create safety risks (sensitive financial information transmitted via a smart TV could be compromised, for example). Devices can also be used to mount attacks on other systems (what about if that Smart TV was joined to a botnet?).

The level of information gathered by IoT devices also presents privacy risks, not least because of the inference capabilities in modern analytics systems. Smart phone sensors can already be used to infer a user’s mood, stress levels, personality type, and even demographics, the report warned.

One clear example given here are fitness trackers, which could conceivably be used by life insurance companies to infer the user’s suitability for a policy, for example. But other risks outlined include eavesdropping remotely into an otherwise private space.

Read more here

#CyberFLASH: It’s time for Canadians to fight for their privacy

1297236821813_ORIGINALWay back in 1996, a Reform Party MP questioned the privacy implications of an electronic voter registry, saying:

“The first and main concern is the privacy issue … since the information is to be shared by different levels of government and different governmental bodies. There is a risk that privacy can be compromised. The more information is transferred and shared, the greater the risk of security of the information.”

That MP was Stephen Harper.

Needless to say, times have changed.

Today, Prime Minister Harper and his Conservative government are trying to steamroll Bill C-51, its anti-terrorism bill, through Parliament.

Bill C-51 raises some serious privacy-related concerns.

The Security of Canada Information Sharing Act, a bill within the bill, is particularly troubling. The bill permits information sharing for an incredibly broad range of reasons, most of them unrelated to terrorism. This information would be shared across 17 government institutions.

The bill also allows the prospect of cabinet expansion to other departments as well as further disclosure “to any person, for any purpose.” It basically gives the government carte blanche to share your information with whoever they choose.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.