This Week's Gurus

At the Trusted Digital Identity Symposium in Brussels, Steven Ackx spoke about privacy as a new currency. The director of PwC Advisory Services stated that we are already willing to give our contact details in exchange for access to certain websites and information. Would we give our email address to be able to read an interesting article? The audience nodded their heads in unison. But when Steven Ackx asked if we would be willing to...

Chris Stoneff is Director of Professional Services at Lieberman Software My experience in cyber security tells me that the retail sector probably represents the most fertile ground for cyber criminals. That's because professional hackers understand that retail has never focused on IT security to the extent seen in other industries (like banks or payment processors) that handle customer payment card data. For most retailers, IT security is seen as a reactionary spend to resolve point...

IT security auditing consists of creating quantifiable assessments of IT assets such as servers, client computers, hardware assets, applications running on them and the data stored within. Such assessments are important to ensure security of these assets in the light of threats prevalent in the modern technology. In the good old days when data was stored on tapes and floppy disks, ensuring security of such assets was pretty much simpler. But in recent years on...

What is your risk appetite and what are your critical systems, as if you don't know you need to work in a zero-trust model. Speaking with Raimund Genes, CTO of Trend Micro, who had spoken on a panel at a conference in London on the concept of users and actions, he recommended businesses invest in solutions like biometrics and two-factor authentication (2FA), but there was an issue that to log into a company externally you...

Back in January, the API flaw story in Moonpig was described as demonstrative of the poor state of API security.   Sometime later, I had the opportunity to meet Mark O’Neill, vice president of innovation at Axway, whose work focused around API development for mobiles, but with a keen eye on security.   He explained that as mobile apps communicate back with APIs, get data and pull back information that needs to be secured, the...

In September of 2014, Apple CEO Tim Cook promised that his company’s upcoming mobile payment offering would forever change the way we buy. They launched Apple Pay to bring more convenience to their customers. This announcement undeniably accelerated our collective migration towards mobile payments.   Early mobile wallet introductions from Google, Softcard (at the time ISIS), and others garnered significant industry media attention at the time of their announcements but never converted into more than...

Often the subject of heated debate in infosec circles, the rise of cryptocurrency is one of the most intriguing developments in the payments industry right now.   Free from any banking or state authority, and designed for the world of online payments, cryptocurrencies are arguably the next step in the evolution of money and have the potential to completely alter the payments industry as we know it. Already, many large merchants including Apple, Amazon, Microsoft...

A year on from the public disclosure of the Heartbleed flaw and its fixed version, I spoke with Chris Wysopal, CTO and co-founder of Veracode, on the impact of the bug and the wider perspective upon open source software. He acknowledged that it did have a quick fix once it was widely known, but really was there any impact? “If you look at the number of breaches that were attributed to it, there were some...

Tracking attackers and preventing their lateral movement across your network will help you better protect against persistent attacks.   Speaking with Donato Capitella, security consultant at MWR Infosecurity, he said that if an attack is successful it doesn’t mean game over, but if they compromise you they should not have access to everything in order to get to a target.   “We can try and make life harder or make it more painful by importing...

Today marks five years since the UK data protection regulator went from being the toothless tiger to having the power to issue a financial penalty against those responsible for data loss.   According to its guidance, the Commissioner may impose a monetary penalty notice if a data controller has seriously contravened the Data Protection Act, or if any person has seriously contravened the 2003 Regulations and if, in both cases, the contravention was of a...