Cyber security vulnerabilities: What’s causing them?

Lack of cyber security staff

According to a recent study, based on the results of attendees at Black Hat USA 2018, infosec professionals cited cyber security staff shortages as a prominent challenge that occurs when dealing with potential cyber threats.

The findings within the study, which interviewed 315 infosec professionals, showed that the issue of staff shortages often goes hand-in-hand with the matter of an inadequate budget.

Furthermore, 66% of respondents identified a lack of skills among security staff as a big issue.

20 vulnerabilities found in Samsung’s SmartThings hub

Security intelligence firm Cisco Talos recently discovered 20 vulnerabilities within Samsung’s smart home platform SmartThings.

Principal security researcher Craig Young put these vulnerabilities down to the possibility of “cross-site request forgery or DNS rebinding to remotely install a backdoor into the SmartThings Hub”, in addition to smart home hubs being “an ideal point of attack” due to the possibility of login details being exposed if a hub is compromised.

Furthermore, Young referenced the capability of smart home hubs to reveal when users are and aren’t at home and what they are doing.

>Read more on the trouble with smart homes

10 million Dixons Carphone customers affected by data breach

Following an investigation into a data breach that occurred last year, London-based telecommunications retailer Dixons Carphone revealed that the breach had affected 10 million of their customers, 8.8 million more than the previous estimate.

This resulted in personal details of the affected customers, including email addresses and home addresses, to be leaked. The company insist, however, that no financial information was stolen.

>Read more on the true cost of a data breach on the enterprise

Russia and Obama to blame for election “meddling”, according to US VP

Since hacking allegations were made towards Russia arose following the US elections in 2016, it’s been difficult to discuss the matter of cyber security without thinking about the US government.

And during a speech regarding cyber security in Manhattan this week, US vice-president Mike Pence reiterated the stance of the Trump administration by directly accusing Russia of harming the country’s democracy.

Furthermore, the previous Obama administration was in the firing line, with Pence claiming that President Trump inherited a cyber crisis. A claim that former president Obama’s cybersecurity czar Michael Daniel quickly denied.

But what can be done?

Tech conferences such as Black Hat USA 2018 are treating cyber security as a vital talking point in terms of thinking of ways to improve the online security of businesses. This could suggest that an increase in cyber security education is required.

Aspects that students of cyber security should be educated more about include ensuring that anti-virus software is up-to-date, backing up data and encrypting if necessary and correct password etiquette.

>Read more on cyber security education  

According to Mark Adams, Regional VP, UK & Ireland at Veeam, a “strong incident response process will significantly reduce the pain associated with data breach issues.”

This includes immediately taking responsibility and aiming to fix cyber insecurities, creating a comprehensive security policy that senior management can buy into, and relay this information to the workforce. The cyber security department must also carefully analyse data involved in order to see what happened.

>Read more on incident response

Furthermore, specifically referring to the vulnerabilities discovered within Samsung’s SmartThings hub, principal security researcher Craig Young recommended the following: “In terms of securing IoT devices like this, I recommend segmenting networks and enabling DNS rebinding protection.”

“This means that you should not browse the web or use smartphone applications while on the same network segment as connected devices and that public domain names cannot point back to your private network devices.”

Nominations are now open for the Women in IT Awards Ireland and Women in IT Awards Silicon Valley. Nominate yourself, a colleague or someone in your network now! The Women in IT Awards Series – organised by Information Age – aims to tackle this issue and redress the gender imbalance, by showcasing the achievements of women in the sector and identifying new role models

Avatar photo

Aaron Hurst

Aaron Hurst is Information Age's senior reporter, providing news and features around the hottest trends across the tech industry.

Related Topics

Cybersecurity
Data Breach