Virtualization-based security software vendor Bromium surveyed security professionals about their behavior toward ransomware. The results were surprising. For example, 10 percent of them admitted to paying a ransom or hiding a breach. More alarming, 35 percent admitted to ignoring their own security protocols.To read this article in full or to leave a comment, please click here(Insider Story)
Virtualization-based security software vendor Bromium surveyed security professionals about their behavior toward ransomware. The results were surprising. For example, 10 percent of them admitted to paying a ransom or hiding a breach. More alarming, 35 percent admitted to ignoring their own security protocols.After last week’s WannaCry event, these numbers may start to go down as pressure mounts to prevent future attacks. However, Bromium’s data underscores an important point: The security professionals at the front line of defenses against ransomware and other threats need to set a strong example for following proper protocols.To read this article in full or to leave a comment, please click here(Insider Story)
The Internet of Things – the connecting of billions of everyday and industrial devices using tiny sensors that transmit data and share information in the cloud – is revolutionizing the way we live and do business.To read this article in full or to leave a comment, please click here(Insider Story)
The Internet of Things – the connecting of billions of everyday and industrial devices using tiny sensors that transmit data and share information in the cloud – is revolutionizing the way we live and do business.IoT platforms are expected to save organizations money, improve decision-making, increase staff productivity, provide better visibility into the organization and improve the customer experience. Six in ten U.S. companies now have some type of IoT initiative underway – either formal or experimental, according to IT trade association CompTIA.All this potential comes with some big security risks – mainly with the unsecured devices themselves, but also with their ability to join forces to bring down systems. This can leave corporate networks vulnerable.To read this article in full or to leave a comment, please click here(Insider Story)
April may not have been the busiest month for security breaches, but what it lacks in volume it made up for in variety. The month began loudly when a hacker set off all of Dallas’s 156 emergency tornado alarms for 90 minutes in the wee hours of the morning on the seventh.Then on April 10, London-based Wonga Group revealed that as many as a quarter-million bank accounts may have been compromised. They weren’t alone. On the seventeenth, InterContinental reported that customer data may have been taken at more than 1,000 of its hotels.To read this article in full or to leave a comment, please click here(Insider Story)
April may not have been the busiest month for security breaches, but what it lacks in volume it made up for in variety. The month began loudly when a hacker set off all of Dallas’s 156 emergency tornado alarms for 90 minutes in the wee hours of the morning on the seventh.To read this article in full or to leave a comment, please click here(Insider Story)
Almost every company has data stored in its systems that is overexposed and at risk. That’s the finding of the recently released 2017 Varonis Data Risk Report. The report is based on assessments that Varonis conducts for its customers and prospects to determine which data is at risk. The report data is aggregated and anonymized.To read this article in full or to leave a comment, please click here(Insider Story)
Almost every company has data stored in its systems that is overexposed and at risk. That’s the finding of the recently released 2017 Varonis Data Risk Report. The report is based on assessments that Varonis conducts for its customers and prospects to determine which data is at risk. The report data is aggregated and anonymized. download
2017 Varonis Data Risk Report Highlights
Varonis
What this year’s report revealed is that much of the risk is due to bad policy or failure to follow an established policy. For example, files were accessible to people who should not have access, complex permissions rules negatively impacted enforceability, and some companies fail to properly audit data for risk. The report also found that these risks were consistent across geographies and industries.To read this article in full or to leave a comment, please click here(Insider Story)
The infographic below provides good, entertaining definitions of the terms white hat, grey hat and black hat hackers courtesy of Exigent Networks. As the infographic explains, there are some, well, grey areas between categories—for example, there is sometimes a fine line between grey hats and black hats.To read this article in full or to leave a comment, please click here(Insider Story)
The infographic below provides good, entertaining definitions of the terms white hat, grey hat and black hat hackers courtesy of Exigent Networks. As the infographic explains, there are some, well, grey areas between categories—for example, there is sometimes a fine line between grey hats and black hats.Some might also disagree with the choices of white hat hacker examples. The telecom industry, for example, might consider Steve Wozniak’s early hacking exploits theft of services rather than hacking for the greater good. And Julian Assange’s qualifications will be tinted by whatever political lens through which an individual judges his actions.To read this article in full or to leave a comment, please click here(Insider Story)
March came in like a lion with news breaking on March 6 that spamming operation River City Media exposed 1.34 billion email accounts, some of which included personal information including full names and addresses. How did this happen? The company failed to properly configure their Rsync backups, wrote CSO’s Steve Ragan.Later that week, WikiLeaks released a trove of information on the CIA’s hacking tools, including descriptions of how the agency targeted iPhones, Android phones, Samsung smart TVs, and routers.To read this article in full or to leave a comment, please click here(Insider Story)
March came in like a lion with news breaking on March 6 that spamming operation River City Media exposed 1.34 billion email accounts, some of which included personal information including full names and addresses. How did this happen? The company failed to properly configure their Rsync backups, wrote CSO’s Steve Ragan.To read this article in full or to leave a comment, please click here(Insider Story)
On February 5, an anonymous hacker kicked off February’s breaches, taking down a dark web hosting service that the hacker claimed was hosting child pornography sites. In the process, the hacker showed just how easily the dark web can be compromised.Then, on February 10, as many as 20 hackers (or groups of hackers) exploited a recently patched REST API vulnerability to deface over 1.5 million web pages across about 40,000 WordPress websites. “The flaw was fixed in WordPress 4.7.2, released on Jan. 26, but the WordPress team did not publicly disclose the vulnerability's existence until a week later,” Lucian Constantin reported.To read this article in full or to leave a comment, please click here(Insider Story)
On February 5, an anonymous hacker kicked off February’s breaches, taking down a dark web hosting service that the hacker claimed was hosting child pornography sites. In the process, the hacker showed just how easily the dark web can be compromised.To read this article in full or to leave a comment, please click here(Insider Story)
Bad press following a security breach hits companies hard. In fact, it can be so damaging that “two-thirds of companies would pay an average of $124k to avoid public shaming scandals,” according to a recent Bitdefender survey of 250 IT security professionals. What’s more, “some 14 percent would pay more than $500k.”
If you think that’s a high price to pay, consider this: 34 percent of companies were breached in the past 12 months, according to the report, and “74 percent of IT decision makers don’t know how the company was breached.”
Among the survey’s other notable findings is that while 64 percent of respondents said they think their current security budget is sufficient, they also admitted that “only 64 percent of cyberattacks can be stopped, detected or prevented with the current resources.”To read this article in full or to leave a comment, please click here(Insider Story)
Bad press following a security breach hits companies hard. In fact, it can be so damaging that “two-thirds of companies would pay an average of $124k to avoid public shaming scandals,” according to a recent Bitdefender survey of 250 IT security professionals. What’s more, “some 14 percent would pay more than $500k.”To read this article in full or to leave a comment, please click here(Insider Story)
A new report from IANS Research shines a light on the current state of CISOs and their role in building in influence in leadership across an organization.To read this article in full or to leave a comment, please click here(Insider Story)
For the 5th straight year, impersonator bots were the most active bad bots, making up 24.3 percent of all bot activity. Both cheap and effective, impersonator bots are most commonly used to launch DDoS attacks, including October’s attack against DNS provider Dyn.To read this article in full or to leave a comment, please click here(Insider Story)
For the 5th straight year, impersonator bots were the most active bad bots, making up 24.3 percent of all bot activity. Both cheap and effective, impersonator bots are most commonly used to launch DDoS attacks, including October’s attack against DNS provider Dyn.That’s among the key findings of Imperva’s Bot Traffic Report 2016, which is based on analysis of over 16.7 billion visits to 100,000 randomly-selected domains on the Imperva content delivery network from August 9, 2016 to November 6, 2016.To read this article in full or to leave a comment, please click here(Insider Story)
History has yet to judge the 2016 presidential election, but from where we sit in the early days of 2017, it’s hard to imagine that it will ever be relegated to a footnote.
From how spectacularly polling failed to predict the election’s outcome to how the election was effectively decided by just “77,759 votes in three states,” not to mention that the loser walked away with 2.8 million more votes than the winner, the 2016 election season produced one big story after another.
But what may prove to be the biggest story of the 2016 election is the series of hacks that undermined both the democratic process and the Democratic candidate — and the the role of the Russian government in those hacks.To read this article in full or to leave a comment, please click here(Insider Story)
CSO staff