Stat of the Week
By 2020 there will be roughly 200 billion connected devices. Where will all this data be stored and how will it be kept secure?
| Time to Be Smarter Than Your Smart Speaker
Privacy for smart home assistants still has a ways to go.
New Eavesdropping Hacks for Alexa and Google Home
Researchers this week disclosed new ways that attackers can exploit Alexa and Google Home smart speakers to spy on users. The hacks, which rely on the abuse of “skills,” or apps for voice assistants, allow bad actors to eavesdrop on users and trick them into telling them their passwords over the smart assistant devices.
No Silver Bullet for Protection
Unfortunately, when it comes to smart speakers, “there’s no silver bullet” for protecting the privacy and security of data. Consumers and the industry should be flagging this technology as a convenience-enhancing technology but, be aware that this is a technology that should not be trusted with credit card numbers, medical information, or any other information that goes beyond convenience and actually intrudes your privacy.
| Ring the Alarms! NordVPN was Hacked.
NordVPN, a virtual private network provider that promises to “protect your privacy online,” has confirmed it was hacked.
The admission comes following rumors that the company had been breached. It first emerged that NordVPN had an expired internal private key exposed, potentially allowing anyone to spin out their own servers imitating NordVPN.
A Physical Server Attack
NordVPN told TechCrunch that one of its data centers was accessed in March 2018. “One of the data centers in Finland we are renting our servers from was accessed with no authorization,” said NordVPN spokesperson Laura Tyrell.
The attacker gained access to the server — which had been active for about a month — by exploiting an insecure remote management system left by the data center provider; NordVPN said it was unaware that such a system existed.
...And Now we Wait.
Those who use or promote these services should be concerned. NordVPN is claiming that the hack has no impact on users and that they are 100% sure that each component within their infrastructure is secure, but we await further forensic evidence.
| Departing Employees Could Mean Departing Data
With so many malicious adversaries trying to penetrate companies’ networks, companies are forgetting to watch out for a dangerous threat from within their own ranks – insider threats.
The Top Types of Insider Threats
Departing employees have always been a huge insider threat for organizations. They have the necessary access, they have the knowledge of where sensitive data resides and at some point, they may even have a motive to move on from the company. A lot of times they don’t leave empty handed. When you combine all those elements, you end up with an organization that’s at a major disadvantage going up against this type of a threat.
Protecting What's Yours
With more than two-thirds of organizations experiencing data theft when employees depart, they need to protect their organization against insider threats. One of the most effective things that can be done is to monitor employee access to and activity within a network. This way, the organization will be able to quickly spot and stop suspicious behavior. Create a data security policy and make sure all employees know and adhere to it.