9 Must-Read IDM and Cybersecurity Articles, September 2016

September 28, 2016

ICIT on Healthcare and Hacking Elections, Continuous Authentication, Cyber Wars, Government Decryption, and more.

This week's curated digest includes ICIT on healthcare cybersecurity, hacking the election, the future of IAM, the prevalence of insider threats, and five additional Identity & Access Management and Cybersecurity articles worth your attention.

If you would prefer to receive a shorter digest delivered to your inbox, please subscribe to the Idenhaus Identity Management & Cybersecurity biweekly here.

Here are 9 Identity Management and Cybersecurity articles from September 2016.


ICIT Explains NIST Guide Impact on Healthcare Cybersecurity

A recent NIST design guide discussing integrating security measures into the development process could potentially affect healthcare cybersecurity. With healthcare cybersecurity issues continuing to evolve, it is especially important for covered entities and their business associates to review the guide and see how it may affect their health IT systems.


Continuous Authentication: The future of Identity and Access Management (IAM)

Usernames and passwords act as a gateway. Insert another authentication step on top of these credentials and this gateway becomes harder to infiltrate. But once access is gained, how can the device or Web application be certain that the authenticated user is, in fact, the same person throughout the entire session?


The Cold War is over. The Cyber War has begun.

Russian hackers appear to be pushing the limits. In recent weeks, the apparent targets have included the electronic files of the Democratic National Committee, the private emails of former secretary of state Colin Powell, and personal drug-testing information about top U.S. athletes. How should the United States combat Russian cyber-meddling before it gets truly dangerous?


Backdoor Government Decryption Hurts My Business and Yours

Enabling decryption through so-called backdoors will have detrimental effects if cybercriminals discover those backdoors. We’d be asking U.S. companies to reverse years of enhancements and innovations in secure online transactions and data storage that power the world’s largest retail e-commerce market, valued at $238 billion. It would be like building a home with state-of-the-art alarm systems, but then cutting off the power to them.


Swift CEO reveals three more failed attacks on banking network

Banks stopped three new attempts to abuse the Swift financial transfer network this summer, its CEO Gottfried Leibbrandt said Monday, as he announced Swift's plan to impose tighter security controls on its customers. Despite the risk to their businesses and reputations, though, banks have been slow to make the changes, so from next year, Swift is going to make many of them mandatory.


Over 6,000 vulnerabilities went unassigned by MITRE's CVE project in 2015

The CVE system is faced with bottlenecks and coverage gaps, as thousands of vulnerabilities go without CVE-ID assignments. These gaps are leaving business leaders and security teams exposed to vulnerabilities their security products, which rely on CVE-IDs to function and assess risk, don't even know exist in some cases.


1 in 50 employees a malicious insider?

A survey recently conducted by Imperva showed that 36 percent of surveyed companies have experienced security incidents involving malicious employees in the past 12 months. The survey studied the attitudes of 250 UK-based IT professionals into insider threats. One in fifty employees is believed to be a malicious insider.


Proactive Defense: Understanding the 4 Main Threat Actor Types

Most threat actors fall within four main groups, each with their own favorite tactics, techniques, and procedures (TTPs). By gaining a deeper understanding of threat actors, you’ll be able to assign your cyber security budget to fund the right activities.


ICIT Analysis: Hacking Elections is Easy! Part 2: Psst! Wanna Buy a National Voter Database? Hacking E-Voting Systems Was Just the Beginning

Despite the fact that researchers have spent the past decade demonstrating that Direct Recording Electronic (DRE) and optical scanning systems from every manufacturer are vulnerable along numerous attack vectors, our Nation is still plagued with a lack of transparency on the part of electronic voting system manufacturers and poorly trained election officials and staff.


If you enjoyed these articles, signup to get the Idenhaus Identity Management & Cybersecurity News delivered to your inbox.

Photo Credit: Flickr

More News