How much email security worries infosec pros, Apple ups iOS security in a way police may not like and another processor bug found
Welcome to Cyber Security Today. It’s Friday June 15h. To hear the podcast, click on the arrow below:
By now most of you know that email is one of the most favoured ways criminals and countries compromise personal computers. A survey released this week by Barracuda Networks gives an idea how big. Eighty-seven per cent of IT security professionals questioned said their company faced an attempted email-based security threat in the past year. Three out of four said they are more concerned about email-based security now than they were five years ago. Eighty-one per cent said the frequency of email-borne attacks has increased in the past year: Twenty-five per cent of those said it increased dramatically.
You might expect IT people to think technology is the answer. Nope.
Only 16 per cent said the tools they have for shoring up email security are inadequate. Eighty-four per cent said they worry more about wrong things employees do when they get email. So for you corporate managers out there listening, training and more training is needed to cut down the risk your company falling for email attacks. As for you individuals, treat every email with suspicion. Slow down when you read each one. Be careful about clicking on links and documents.
Apple will toughen security on its iPhones and iPads by making it harder for someone to break into the phone through the Lightning connection. That’s the connector at the bottom of the phone users can plug into a computer’s UBS port for charging, as well as for transferring data. The upcoming version 12 of the operating system will make transferring data impossible after an hour if the phone is locked. The only way to transfer data is to know the code to unlock the device. Initial news reports say police and intelligence agencies won’t be pleased about this. There are several commercial solutions law enforcement can buy to get at data in a seized device by going through the connector. But it’s also a way criminals and countries can get in, too.
Finally, this week as part of its June Windows updates, Microsoft included a mitigation for one of the Intel, AMD and ARM processor memory bugs called Spectre variant 4. No sooner had that been done than Intel announced that another processor-related bug has been discovered in its chips. This one is dubbed Lazy FP State Restore, and Intel has a mitigation recommendation for software developers. Microsoft is already working on security updates, but they will not be released until the next Patch Tuesday in July. Other operating system vendors will be pushing out fixes, too.
Meanwhile, Windows users should make sure those other patches released earlier this week have been installed. You do that by going into Settings, Security and finding Windows Update, if the operating system isn’t already automatically updated.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, or add us to your Alexa Flash Briefing. Thanks for listening.
Sponsor: Micro Focus
How GDPR can be a strategic driver for your business