Articles tagged with: cybersecurity

Breaches and Leaks Soared 424% in 2018

Breaches and Leaks Soared 424% in 2018

Nearly 15 billion identity records circulated in underground communities in 2018, a 71% increase over the year as hackers targeted smaller organizations more widely, according to a new report (…).

breaches and Leaks, breaches, leaks, hackers, cybercrime, cybersecurity, cyber-criminals

5 Key Skills Every Incoming CISO Should Have

5 Key Skills Every Incoming CISO Should Have

CISO roles – both full-time and fractional – are on the rise. Their skills can help a growing organization enhance its security program, keep it on track, and guide in times of crisis and change. However, finding the right CISO can be tricky business, especially if this role is new to your organization. Here are the skills to look for when hiring your CISO.

CISO, cybersecurity, security

The Importance of Cybersecurity in Modern Video Surveillance Environments

The Importance of Cybersecurity in Modern Video Surveillance Environments

For organizations to identify security threats and vulnerabilities, mitigate risk, ensure operational compliance and combat fraud, a comprehensive and innovative security approach is necessary. With today’s evolving risk landscape and the increasing complexity and severity of cyber threats, we must take advantage of emerging technologies, strong internal operator and process policies, and advanced analytics must be used to protect customers, staff and assets.
Cybersecurity in Video Surveillance, cybersecurity, vulnerabilities, video surveillance

Which phishing messages have a near 100% click rate ?

Which phishing messages have a near 100% click rate ?

phishing messages, cybersecurity

Training employees to spot phishing emails, messages and phone calls can’t be done just once or once a year if the organization wants to see click rates decrease.

For one thing, employees come and go (and change roles) with regularity. Secondly, threats change over time. Thirdly, knowledge and practices that aren’t regularly reinforced will be lost. And, finally, awareness isn’t the same as knowledge

Monitoring logons the most effective way to detect a data breach

Monitoring logons the most effective way to detect a data breach

Monitoring logons, detect a data breach, Cyberattack, cybersecurity
Monitoring corporate logins is the most effective way to detect a data breach within an organisation, according to a new report on the ‘key indicators of compromise’ by IS Decisions.

Mismatched port and application traffic, increases in data reads or outbound traffic, geographical irregularities regarding the perimeter of the organisation, and data access at irregular times and locations are other key indicators identified. But the one common activity across nearly all attack patterns, necessary to perform basic hacks on network perimeters and endpoint devices, and move laterally across devices to access data unlawfully, is use of corporate logins.

SIEM challenges: Why your security team isn’t receiving valuable insights

SIEM challenges

SIEM challenges, information security, cybersecurity
Today, many enterprises use security information and event management (SIEM) software to help detect suspicious activity on their networks. However, to be effective organizations need to surround a SIEM with security experts, advanced use cases, threat intelligence, and proven processes to investigate and respond to threats.

Here we go again: DDoS attacks on the rise!

DDoS attacks

DDoS attacks, Cyberattack, cybersecurity
Newly released data shows that DDoS and web application attacks are on the rise once again, according to Akamai’s Second Quarter, 2017 State of the Internet / Security Report. Contributing to this rise was the PBot DDoS malware which re-emerged as the foundation for the strongest DDoS attacks seen by Akamai this quarter.

The 3 Main Ways Ransomware Spreads in 2017

The 3 Main Ways Ransomware Spreads in 2017

Ransomware, Cyberattack, cybersecurity, information security, cyber risk, cyber security
Email is still the primary distribution mechanism for ransomware attacks, but “malvertising” is also a growing threat.

Ransomware is now on everyone’s mind, thanks to the recent “Petya” or ”Nyetya” global malware attack and the earlier WannaCry attack. Ransomware — malware designed to encrypt files and only decrypt them if the victim pays a ransom, usually in the digital currency bitcoin — is being spread in numerous ways, some of which are hard to defend against.

How to Change Behavior for Stronger Security System Cybersecurity

How to Change Behavior for Stronger Security System Cybersecurity

Security System Cybersecurity, Cyberattack, cybersecurity, information security, cyber risk, cyber security
How Healthy Are Your Cybersecurity Habits?

There is a world of difference between knowing the right thing to do and actually following through and doing it. Think about doctors who repeatedly remind their patients to quit smoking, or to be careful with their cholesterol, to get regular exercise and adopt healthier eating habits instead of eating bacon with every meal. We know what we should do. Quite often, though, that knowledge is not enough to actually change our behavior.

You were probably aware of some fundamental cybersecurity best practices before you started to read this article. But let’s focus on two: passwords and firmware.

Global Cyberattack Could Cost $121 Billion

Global Cyberattack Could Cost $121 Billion

Cyberattack, cybersecurity, information security, cyber risk, cyber security
Lloyd’s of London has warned that a serious cyberattack could cost the global economy more than $120 billion – as much as catastrophic natural disasters such as Hurricanes Katrina and Sandy.

The report from Lloyd’s said the threat posed by such global attacks has spiraled and poses a huge risk to business and governments over the next decade.

Largest Cryptocurrency Exchange Hacked! Over $1 Million Worth Bitcoin and Ether Stolen

Cryptocurrency Exchange Hacked

Cryptocurrency Exchange Hacked, Cyberattack, cybersecurity, information security, NIST cyber security framework
One of the world’s largest Bitcoin and Ether cryptocurrencies exchanges Bithumb has recently been hacked, resulting in loss of more than $1 Million in cryptocurrencies after a number of its user accounts compromised.

Bithumb is South Korea’s largest cryptocurrency exchange with 20% of global ether trades, and roughly 10% of the global bitcoin trade is exchanged for South Korea’s currency, the Won.

Bithumb is currently the fourth largest Bitcoin exchange and the biggest Ethereum exchange in the world.

Last week, a cyber attack on the cryptocurrency exchange giant resulted in a number of user accounts being compromised, and billions of South Korean Won were stolen from customers accounts.

3 Questions to Improve Cyber Incident Recovery

Cyber Incident Recovery

Cyber Incident Recovery, Cyberattacks, cybersecurity, information security, NIST cyber security framework
The NIST Cybersecurity Frame-work focuses twice on the concept of improvement, doing so within both the Respond and the Recover functions. For improved response, NIST recommends that organizations incorporate lessons learned into their response plans and update their response strategies. When it comes to improved recovery, NIST echoes that guidance: Companies should incorporate lessons learned into their recovery plans and update their recovery strategies. Because of these similarities, it is helpful to consider this article in the context of our May 2017 Cyber Tactics column, “Been Hacked? Let That Be a Lesson to You.”

The Internet of Things Invades Physical Security

The Internets of Things Invades Physical Security

Physical Security, information security, cybersecurity, privacy

The physical security space is changing, with emerging threats, new criminal techniques, terrorism and hostile activism just of few of the drivers of change.

The implications are profound. The world of physical security systems is being invaded by multiple new and emerging technologies. Arguably, the technology currently showing the greatest potential implications have a wireless Internet connection to pass their status (data) via digital communications to other components, devices or systems. Given the growing capabilities of these emerging IoT devices, they are likely to transform electronic security systems that protect physical assets. Corporate security staff that operate, manage and monitor the electronic security systems used in the facilities they are assigned, in most cases, have not been trained on how to use the security systems equipment.

Consumer Reports to Include Cybersecurity and Privacy in Product Reviews

Consumer Reports to Include Cybersecurity and Privacy in Product Reviews

Include Cybersecurity and Privacy in Product Reviews, cybersecurity, privacy, cybersecurity standards, data security, password

Consumer publication Consumer Reports will soon begin considering cybersecurity and privacy safeguards when scoring products.

The group, which issues scores that rank products it reviews, said it had collaborated with several outside organizations to develop methodologies for studying how easily a product can be hacked and how well customer data is secured.

Why the Security of Confidential Documents is a Problem for Enterprises

Why the Security of Confidential Documents is a Problem for Enterprises

Confidential documents, Cybersecurity, security education, Security of Confidential Documents

There is a widespread and growing need to improve security practices surrounding confidential documents in most organizations today, according to a new study by the Business Performance Innovation (BPI) Network.  In a global survey of managers and information workers, 6 out of every 10 respondents said they or someone they know have accidently sent out a document they shouldn’t have.

Cybersecurity Skills Gap Leaves 1 in 4 Organizations Exposed for Six Months or Longer

Cybersecurity Skills Gap Leaves 1 in 4 Organizations Exposed for Six Months or Longer

Sophisticated cybersecurity defenses are increasingly in high demand as a cybersecurity attack is now viewed as an inevitability. However, a majority of surveyed organizational leaders fear they are ill-equipped to address these threats head-on.
cyber security, Cybersecurity Skills, cybersecurity, security training, security gap

According to a new cybersecurity workforce study by ISACA’s Cybersecurity Nexus (CSX), only 59 percent of surveyed organizations say they receive at least five applications for each cybersecurity opening, and only 13 percent receive 20 or more. In contrast, studies show most corporate job openings result in 60 to 250 applicants. Compounding the problem, ISACA’s State of Cyber Security 2017 found that 37 percent of respondents say fewer than 1 in 4 candidates have the qualifications employers need to keep companies secure.

43% of Organizations Grade Their Cybersecurity “C” or Worse

43% of Organizations Grade Their Cybersecurity “C” or Worse

More than one in four organizations have been breached in the past 12 months, while 23 percent aren’t sure if they have been breached or not.
cyber security, cybersecurity, IT security, security training

When asked to grade their organization’s cybersecurity program, 43 percent of survey respondents gave themselves a “C”, “D”, “F”, or “non-existent”, and only 15 percent gave themselves an “A”. While there isn’t a one-size-fits-all solution to network security, the “A” grade companies have several attributes in common, including a high level of automation, a threat intelligence framework, and a robust training program for security staff.

That’s according to the 2017 Cybersecurity Report Card by DomainTools, which also found that one-third of security pros are savvy enough to detect daily attacks, but the looming majority (66 percent) are unaware of the daily onslaught of malicious activity. While malware (76 percent) and spearphishing (56 percent) are the most common types of threat vectors, business email compromise (25 percent) and DDoS attacks (24 percent) are on the rise. Finally, nearly one-third of respondents were the recipients of attempted cyberextortion, also known as ransomware, which cost businesses more than $1 billion in 2016.

After a terrible year for cybersecurity, will 2017 be any better?

After a terrible year for cybersecurity, will 2017 be any better?By Help NET Security on 9 January 2017
cyber security, cybersecurity

From a cybersecurity perspective, 2016 was a very devastating year for companies, schools, government agencies, organizations and even presidential campaigns. What we’ve learned from a record year for breaches, hacks, phishing, malware, and ransomware is what we’ve known all along: cyber criminals are clever and they are not bound by any rules or real strategy.

We also learned that no company, government agency, or organization is safe if they are in the bullseye of those determined to breach their networks. Hackers really have a single goal: to steal data or financial assets, crippling organizations in the process. Stolen data, such as passwords, social security numbers, personal information and possibly bank account credentials, is generally sold on the black market. This was the case in the first big U.S. hack of 2016.

CSOs and CISO are under pressure

CSOs and CISO are under pressureBy Security Magazine on 7 January 2017
CISO, CSO, cyber security, cybersecurity

Under pressure!  No, not the 1982 hit song by Queen that was used in the 1997 American comedy crime film Grosse Pointe Blank. I am describing the likely 2017 work environment for CSOs and CISO. If CSOs and CISOs thought they were under pressure in 2016, it is about to increase and go beyond the usual. Traditional increases in pressure were due to the growing rate of data breaches and the number, complexity and success rates of cyberattacks. All of those pressures will increase from 2016 to 2017, but wait there’s more!  There will be multiple new reasons for the increase and the impact they will have will be different. The pressure will come from as high as you can go within your organizations as well as being driven by business management. Here are just a few drivers of the increased pressure.

Cybersecurity Tips for the Break Room and Boardroom

Cybersecurity Tips for the Break Room and BoardroomBy Security Magazine on 5 January 2017
c-suite security metrics, cyber security education, cybersecurity awareness, cybersecurity leadership, security training, cybersecurity

Every day we are updated about the latest cybersecurity breaches – whether it’s Yahoo, Dropbox or LinkedIn, how many records have been stolen, or how much companies have paid in result from ransomware or financial fraud.

However, are employees and executives aligned with cybersecurity awareness? Are the risks and top discussions that happen in the break room similar to those that happen in the boardroom? The topics and concerns are farther apart than you could ever imagine.

Vermont Electric Company Finds Russian Malware on Computer

Vermont Electric Company Finds Russian Malware on ComputerBy Security Magazine on 2 January 2017
cybersecurity, grid security, malware, utility security
Burlington Electric, which serves 19,600 customers in Vermont, said it found malicious software on company laptop, and it’s blaming the Russians.

Burlington Electric noted that the malicious software on a computer was not connected to its grid control systems.

Both the Department of Homeland Security and the utility said there are no indications that the electric grid was breached, reported CNN.

Burlington Electric General Manager Neale Lunderville told CNN that the utility found an Internet address that was associated with recent malicious cyber activity, and that IP address was communicating with a company computer.

The High Cost of Not Doing Enough to Prevent Cyber Attacks

The High Cost of Not Doing Enough to Prevent Cyber AttacksBy Security Magazine on 13 December 2016

cyber attacks, cyber security, cybersecurity

Organizations are in a difficult place when it comes to protecting themselves against the current cybersecurity threat environment. Many companies believe that they’re too small to be a hacker’s target. However, given the wide range of businesses and organizations being hit on a daily basis, this couldn’t be farther from the truth. If your organization has data, and every business does, you are a worthy and potentially lucrative target for cyber criminals.

Never stop learning – the need for a risk-based approach to cyber-security

Never stop learning - the need for a risk-based approach to cyber-securityBy Security Magazine on 1 December 2016

cyber-security

It probably comes as no surprise to IT security professionals that cyber-attacks are now becoming more sophisticated and more commonplace. For years, cyber-experts have been warning that we are entering the “age of the cyber-attack,” predicting that a digital attack will now bring about the end of civilisation rather than a nuclear war. While this is clearly an extreme example, what is surprising is how ubiquitous and effective cyber-attacks have become, despite vendors and experts warning about their risks for over a decade. However, even if an organisation has a robust cyber-security policy in place, this alone is not enough to protect it from cyber-attacks. Trust us, we know because we’ve been there.

Hackers are holding San Francisco’s light-rail system for ransom

Hackers are holding light-rail systemBy The Verge on 27 November 2016

Hackers

San Francisco Municipal Railway riders got an unexpected surprise this weekend after the system’s computerized fare systems were apparently hacked. According to the San Francisco Examiner, the MUNI system had been attacked on Friday afternoon.

MUNI riders were greeted with printed “Out of Service” and “Metro Free” signs on ticket machines on late on Friday and Saturday. MUNI first became aware of the intrusion on Friday, according to the Examiner.