CSO staff

Author Archives: CSO staff

17 tools to protect your online security

Last month's news about the massive data breach at Yahoo, which affected at least 500 million user records, making it the largest data breach on record, might finally be what it takes to get the average internet user to take online security into their own hands — if only they knew how.In his new book "The Hackers Are Coming," online security expert Ronald Nutter shares tips on how to boost security for every online account you have, starting with choosing the best password management and two-factor authentication tools for you.To read this article in full or to leave a comment, please click here(Insider Story)

Crisis planning: 6 ways to put people first

If your business is located in the southeastern U.S., you're probably bracing for hurricane Matthew, which as of this writing is headed for Florida after making landfall in Cuba. All-too-familiar with the havoc a hurricane can wreak, you likely have a battle-tested plan for dealing with such storms and their aftermath.To read this article in full or to leave a comment, please click here(Insider Story)

Investigating Cybersecurity Incidents — a free course

One of the biggest mistakes companies make when responding to a cybersecurity incident is taking well-meaning steps to “clean up the mess” that actually ruin the digital evidence needed to investigate and prosecute the case.Learning to securely preserve that forensic evidence is key to a successful legal case. In partnership with IDG Enterprise, training company Logical Operations Inc. presents a free online course on this timely topic: Investigating Cybersecurity Incidents.In three video sessions, you’ll learn skills such as how to plan the forensic investigation; collect, protect and analyze the evidence; write an investigation report; work with law enforcement; comply with relevant laws; and prepare for case for court.To read this article in full or to leave a comment, please click here(Insider Story)

The speed of ransomware: 3 seconds to encryption [Infographic]

Ransomware has reached epidemic proportions, especially among small and midsize businesses (SMBs). A 2015 Securities and Exchange Commission statement noted that SMBs are at "greater risk" of cybercrime, including ransomware, compared to larger enterprises, and they "are far more vulnerable once they are victimized."To read this article in full or to leave a comment, please click here(Insider Story)

The speed of ransomware: 3 seconds to encryption [Infographic]

Ransomware has reached epidemic proportions, especially among small and midsize businesses (SMBs). A 2015 Securities and Exchange Commission statement noted that SMBs are at "greater risk" of cybercrime, including ransomware, compared to larger enterprises, and they "are far more vulnerable once they are victimized."Security service provider Arctic Wolf Networks reports that it has seen a "433 percent increase in ransomware attacks this year among our SMB customers."To read this article in full or to leave a comment, please click here(Insider Story)

Election exploits: What you need to know [infographic]

In late August, an FBI alert warning state election officials about an attack on voter registration databases from Illinois and Arizona was leaked and posted in a report on Yahoo News.'According to the FBI’s alert, 'an unknown actor' attacked a state election database by using widely available penetrating testing tools, including Acunetix, SQLMap, and DirBuster,' wrote Michael Kan. 'The hackers then found an SQL injection vulnerability -- a common attack point in websites -- and exploited it to steal the data. The FBI has traced the attacks to eight IP addresses, which appear to be hosted from companies based in Bulgaria, the Netherlands, and Russia.'To read this article in full or to leave a comment, please click here(Insider Story)

Free course: Responding to Cybersecurity Incidents

Let's face it, a data breach at your organization seems inevitable. And the response should be managed "in such a way as to limit damage, increase the confidence of external stakeholders, and reduce recovery time and costs," according to a Harvard Business Review article.In partnership with IDG Enterprise, training company Logical Operations Inc. presents a free online course on this timely topic, "Responding to Cybersecurity Incidents." It's a key part of the company’s full "CyberSec First Responder" certification course.In three one-hour sessions, you'll learn skills such as how to set up an incident-handling team, secure data systems at the "crime scene," assess the damage, and prepare for the forensic investigation.To read this article in full or to leave a comment, please click here(Insider Story)

Free course: Responding to Cybersecurity Incidents

Let's face it, a data breach at your organization seems inevitable. And the response should be managed "in such a way as to limit damage, increase the confidence of external stakeholders, and reduce recovery time and costs," according to a Harvard Business Review article.To read this article in full or to leave a comment, please click here(Insider Story)

Study: More than 50% of SMBs were breached in the past year

A new study conducted by the Ponemon Institute and sponsored by password management provider Keeper Security analyzed the state of cybersecurity in small and medium-sized businesses (SMBs) and found that confidence in SMB security is shockingly low (just 14% of the companies surveyed rated their ability to mitigate cyber attacks as highly effective).To read this article in full or to leave a comment, please click here(Insider Story)

Study: More than 50% of SMBs were breached in the past year

A new study conducted by the Ponemon Institute and sponsored by password management provider Keeper Security analyzed the state of cybersecurity in small and medium-sized businesses (SMBs) and found that confidence in SMB security is shockingly low (just 14% of the companies surveyed rated their ability to mitigate cyber attacks as highly effective)."We've conducted many surveys on enterprise cybersecurity in the past but this unique report on SMBs sheds light on the specific challenges this group faces," said Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute. "Considering the size of the SMB market in the United States alone, this information can be useful to diminish the risk of breach to millions of businesses."To read this article in full or to leave a comment, please click here(Insider Story)

Study reveals security gap in big data projects

Ideally, the ultimate output of big-data analysis can provide a company with a valuable competitive advantage. But those results aren’t getting much additional security, according to an IDG Enterprise study of big-data initiatives.To read this article in full or to leave a comment, please click here(Insider Story)

Your open source security problem is worse than you think

The 200 applications reviewed by Black Duck Software for its "State of Open Source Security in Commercial Applications" report used an average of 105 open source components, comprising 35% of the code. That's twice as much open source as the companies participating in Black Duck's audits were aware they used, according to the report.To read this article in full or to leave a comment, please click here(Insider Story)

Shadow IT 101: Beyond convenience vs. security

Shadow IT, a term that loosely refers to any technology that is used in a company without the oversight of the IT department, isn't a new concept. But companies don't seem to have a better handle on it now than they did when we first started writing about it.Today, about a third of a company's tech purchases take place outside of IT. And a survey by Cisco found that while IT departments assumed their companies used 51 cloud service, employees in fact used 730 cloud services. Now consider that the average organization has 19.6 cloud-related security incidents each month. Suddenly, you've got a big problem on your hands.[ Also on CSO: How to prevent shadow IT ] This infographic from cloud file management and storage provider SmartFile offers insight into the Shadow IT phenomenon, the hidden costs to your organization, and why it isn't likely to go away anytime soon.To read this article in full or to leave a comment, please click here(Insider Story)

Shadow IT 101: Beyond convenience vs. security

Shadow IT, a term that loosely refers to any technology that is used in a company without the oversight of the IT department, isn't a new concept. But companies don't seem to have a better handle on it now than they did when we first started writing about it.To read this article in full or to leave a comment, please click here(Insider Story)

By the numbers: Cyber attack costs compared

Data breaches caused by malicious insiders and malicious code can take as long 50 days or more to fix, according to Ponemon Institute's 2015 Cost of Cyber Crime Study. While malware, viruses, worms, trojans, and botnets take only an estimated 2-5 days to fix.To read this article in full or to leave a comment, please click here(Insider Story)

By the numbers: Cyber attack costs compared

Data breaches caused by malicious insiders and malicious code can take as long 50 days or more to fix, according to Ponemon Institute's 2015 Cost of Cyber Crime Study. While malware, viruses, worms, trojans, and botnets take only an estimated 2-5 days to fix.Unsurprisingly, attacks by malicious insiders are also the costliest to fix ($145,000 according to the Ponemon study), followed by denial of service ($127,000) and Web-based attacks ($96,000).The consequences and cost of cyber attacks are also unevenly distributed, with business disruption and information loss taking the biggest share, followed by revenue loss and equipment damages, according to Ponemon. But the cost of remediation in person-days can also be substantial. Involvement of a programmer, a QA person, project manger, product manager and corporate lawyer will cost you more than $300 per employee per day, according to data from payscale.com — and that's before you consider the cost of the CEO, CISO and CFO's time.To read this article in full or to leave a comment, please click here(Insider Story)

State of EMV report: Fraud rises before a fall

The switchover to EMV (Europay, MasterCard, and Visa) chipped credit cards is well underway. According to a new report from research and advisory firm Aite Group, sponsored by device intelligence and fraud prevention company iovation, 81% of credit cards in the U.S. will be EMV capable by the end of 2016. And the increased adoption of the more secure cards is fueling an increase in counterfeit fraud.Wait. What?You read it right. “As the U.S. migration to EMV progresses, the combination of continued strong growth in e-commerce, ready availability of consumer data and credentials in the underweb, and disappearing counterfeit fraud opportunity will create a perfect storm that will result in a sharp rise in CNP (card-not-present) fraud,” said Julie Conroy, research director at Aite Group. Conroy went on to say, “CNP fraud is already on the rise, and the problem will get worse before it gets better."To read this article in full or to leave a comment, please click here(Insider Story)

1 2 3 4