The week in security: Adjusting to WannaCry’s “new normal” as authorities float IoT security baseline

The uncertain security climate created in the wake of the WannaCry ransomware outbreak is becoming the “new normal”, experts warned as the security world pivoted away from the immediate implications of the attack. Analyses flew thick and fast; survival stories were traded; and scammers targeted victims and buried malware in purported fixes for the problem.

Indeed, it’s times like these that cybersecurity response plans are tested – and those that know what to do first may be the ones that survive the best. The WannaCry outbreak also gives security executives more ammunition in their fight for official recognition in a time when cybersecurity ROI is still a tough sell.

Official sanction may help in many cases, which is why TechnologyOne believes the government-level IRAP security certification for its SaaS offering will open doors to many government agencies that have been previously concerned about the security of such offerings. This is important in a time where security assessments face a dramatic shakeup while deciding what to do about mandatory data breach legislation, and can be compromised by questions around third-party security awareness that may never have come onto the radar before.

A former head of the NSA weighed in on cybersecurity and cyberespionage trends and the APT3 hacker group was linked to the Chinese Ministry of State Security.

Even as Synology SANs were exposed to a WannaCry-like attack, European chipmakers were proposing a new baseline for Internet of Things (IoT) cybersecurity – which, one observer has warned, is causing “scary things” to happen because businesses are more interested in the potential of IoT than its security.

The sheer volume of IoT data – which, one executive warned, is multiplying 277 times as fast due to machines as it is due to people – means that the opportunities for compromise are growing commensurately.

This has created opportunities for trouble, with free font platform DaFont the latest to be hacked. Media players were also under the gun, with revelations of a compromise that uses malicious subtitles to hijack systems running popular media players.

Copyright © 2017 IDG Communications, Inc.

The 10 most powerful cybersecurity companies