When it comes to security, many vendors consider certification of its products by an independent organization an option, not a requirement. However, third party testing is an important element when a company is deciding on technology solutions that are part of its security management program.
Security and privacy challenges are top of mind for everyone, as the Internet of Things and mobile device (and associated application) adoption continues to permeate every major industry. I sat down with our security experts at ICSA Labs to learn more about what major security technology trends they see impacting businesses and their customers in 2015. Here’s what they had to say:
This month marks the 11th anniversary of National Cyber Security Awareness Month (NCSAM) where raising awareness about cybersecurity is a top priority for both the public and private sector.
Mobile device manufacturers build an array of security features into smartphones and tablets. I suspect that the majority of us take for granted that these protections function and we assume that they will work properly when needed (e.g., remote wipe). But will they?
For several years, ICSA Labs has performed mobile device security testing on behalf of several mobile device manufacturers and mobile network carriers. Mobile devices are tested before they are available to users.
But are they safe?
When ICSA Labs first started testing and certifying Anti-Virus products more than 20 years ago, there were only “hundreds” of malware samples circulating monthly in the world. Since then, the malware landscape has changed dramatically and today there are over 100,000 new samples appearing every day.
Over the weekend, Microsoft announced that there was a new zero-day vulnerability, affecting all versions of the Internet Explorer Web browser. It’s not widespread yet, and is just now being used in targeted attacks, but we may be confident that the developers of exploit kits are sharpening their pencils as we speak, and therefore, it won’t be too long before the exploit is in widespread use.
Unless you have been off the grid for the last few days you have undoubtedly heard about the OpenSSL vulnerability known as the Heartbleed (http://heartbleed.com) bug. Heartbleed is a vulnerability that allows "anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software."
It’s been reported in the news that the Starbuck’s payment app saves usernames, passwords and location data in plain text right on consumer’s smartphones. Any devious person with a little know-how can get access to this information and use it to get one caffeine fix after another ad infinitum.
Of course this is not good news. But it is more than that. This should be a wake-up call – not just for those of us who like to pay for coffee with our smartphones.