The fraud rates for online ads are scary, with advertisers losing billions of dollars each year.Last week, Pixalate released a report showing that 35 percent of U.S. desktop ad impressions sold through programmatic advertising networks are fraudulent. Programmatic ads are those purchased through online networks, often through automatic bidding systems, instead of directly from individual publishers.U.S. advertisers spent more $25 billion on programmatic online ads last year, meaning that about $8 billion is lost to fraud.To read this article in full or to leave a comment, please click here
The fraud rates for online ads are scary, with advertisers losing billions of dollars each year.Last week, Pixalate released a report showing that 35 percent of U.S. desktop ad impressions sold through programmatic advertising networks are fraudulent. Programmatic ads are those purchased through online networks, often through automatic bidding systems, instead of directly from individual publishers.U.S. advertisers spent more $25 billion on programmatic online ads last year, meaning that about $8 billion is lost to fraud.To read this article in full or to leave a comment, please click here
Many companies have automated systems in place for preventing, detecting, and investigating security incidents, but automating the incident response and mitigation process for networks and endpoint devices has been a tougher nut to crack.That includes actions such as automatically re-imaging endpoint devices, isolating devices from corporate networks, or shutting down particular network processes in order to quickly and efficiently respond to attacks."I think there's a lot of potential," said Joseph Blankenship, analyst at Forrester Research. "We're definitely in a period of discovery, though, and that has to take place before we're going to see widespread, mainstream adoption."To read this article in full or to leave a comment, please click here
Many companies have automated systems in place for preventing, detecting, and investigating security incidents, but automating the incident response and mitigation process for networks and endpoint devices has been a tougher nut to crack.That includes actions such as automatically re-imaging endpoint devices, isolating devices from corporate networks, or shutting down particular network processes in order to quickly and efficiently respond to attacks."I think there's a lot of potential," said Joseph Blankenship, analyst at Forrester Research. "We're definitely in a period of discovery, though, and that has to take place before we're going to see widespread, mainstream adoption."To read this article in full or to leave a comment, please click here
The recent growth in the cyber insurance market is already improving cybersecurity in some industry segments, and has the potential to do more -- if the industry is able to address its data problem.One area where cyber insurance has already made an impact is in the retail space, said David White, founder and COO at Axio Global, a cyber risk company.After the 2013 Target breach, it became very difficult for retailers to get a decent price for cyber insurance unless they had completely switched over to end-to-end encryption, or had a definite plan in place for doing that.To read this article in full or to leave a comment, please click here
The recent growth in the cyber insurance market is already improving cybersecurity in some industry segments, and has the potential to do more -- if the industry is able to address its data problem.One area where cyber insurance has already made an impact is in the retail space, said David White, founder and COO at Axio Global, a cyber risk company.After the 2013 Target breach, it became very difficult for retailers to get a decent price for cyber insurance unless they had completely switched over to end-to-end encryption, or had a definite plan in place for doing that.To read this article in full or to leave a comment, please click here
Verizon released its tenth annual breach report this morning, and cyberespionage and ransomware were the big gainers in 2016.Cyberspionage accounted for 21 percent of cases analyzed, up from 13 percent last year, and was the most common type of attack in the manufacturing, public sector, and education.In fact, in the manufacturing sector, cyberespionage accounted for 94 percent of all breaches. External actors were responsible for 93 percent of breaches, and, 91 percent of the time, the target was trade secrets.Meanwhile, the number of ransomware attacks doubled compared to the previous year.To read this article in full or to leave a comment, please click here
Verizon released its tenth annual breach report this morning, and cyberespionage and ransomware were the big gainers in 2016.Cyberspionage accounted for 21 percent of cases analyzed, up from 13 percent last year, and was the most common type of attack in the manufacturing, public sector, and education.In fact, in the manufacturing sector, cyberespionage accounted for 94 percent of all breaches. External actors were responsible for 93 percent of breaches, and, 91 percent of the time, the target was trade secrets.Meanwhile, the number of ransomware attacks doubled compared to the previous year.To read this article in full or to leave a comment, please click here
The new release of the OWASP Top 10 list is out for public comment from the Open Web Application Security Project, and while most of it remains the same there are a couple of new additions, focusing on protections for web applications and APIs.To make room for the new items, a couple of older ones were either removed or merged into new items.The fact that the list hasn't changed much since its first release in 2003 is both good and bad, said Jeff Williams, CTO and co-founder at Contrast Security.To read this article in full or to leave a comment, please click here
The new release of the OWASP Top 10 list is out for public comment from the Open Web Application Security Project, and while most of it remains the same there are a couple of new additions, focusing on protections for web applications and APIs.To make room for the new items, a couple of older ones were either removed or merged into new items.The fact that the list hasn't changed much since its first release in 2003 is both good and bad, said Jeff Williams, CTO and co-founder at Contrast Security.To read this article in full or to leave a comment, please click here
By the time John Kronick became a data security strategist a few years ago, he'd already been in the security industry for 20 years. But he didn't come to security from IT.To read this article in full or to leave a comment, please click here(Insider Story)
download
What it takes to become a security systems administrator
CSO
To read this article in full or to leave a comment, please click here(Insider Story)
Ransomware grew into a $1 billion industry last year, and ransom payments now account for nearly 10 percent of the entire Bitcoin economy.Avoiding becoming part of that statistic requires good endpoint security and effective backups. But what if your defenses fail, your backups are inadequate, all attempts to restore the data fail, and you have to pay the ransom after all -- what do you do?First of all, get the ball rolling on improving your security. Second, if the ransomware includes a recommendation for where to buy the Bitcoins, take it with a grain of salt. These guys are, after all, criminals. They might steer you wrong.Instead, go to a reputable exchange.To read this article in full or to leave a comment, please click here
Ransomware grew into a $1 billion industry last year, and ransom payments now account for nearly 10 percent of the entire Bitcoin economy.Avoiding becoming part of that statistic requires good endpoint security and effective backups. But what if your defenses fail, your backups are inadequate, all attempts to restore the data fail, and you have to pay the ransom after all -- what do you do?First of all, get the ball rolling on improving your security. Second, if the ransomware includes a recommendation for where to buy the Bitcoins, take it with a grain of salt. These guys are, after all, criminals. They might steer you wrong.Instead, go to a reputable exchange.To read this article in full or to leave a comment, please click here
Financial services companies as popular targets of cybercriminals for the obvious reason -- they're where the money's at. And health care companies have medical records, which are very valuable on the black market since the information there can be abused in so many ways, and doesn't expire.HealthExpense, which provides health care payment services to banks and their enterprise customers, straddles both worlds."When we started, every new client asked us about security," said Marco Smit, CEO at Sunnyvale, Calif.-based Health Expense."It has to do with the data we're collecting," said company CSO Ken Lee. "We are definitely bound by HIPAA compliance, and we hold all the personal health information and financial information."To read this article in full or to leave a comment, please click here
Financial services companies as popular targets of cybercriminals for the obvious reason -- they're where the money's at. And health care companies have medical records, which are very valuable on the black market since the information there can be abused in so many ways, and doesn't expire.HealthExpense, which provides health care payment services to banks and their enterprise customers, straddles both worlds."When we started, every new client asked us about security," said Marco Smit, CEO at Sunnyvale, Calif.-based Health Expense."It has to do with the data we're collecting," said company CSO Ken Lee. "We are definitely bound by HIPAA compliance, and we hold all the personal health information and financial information."To read this article in full or to leave a comment, please click here
New York reported a record high number of breaches last year, just after a new set of cybersecurity regulations went into effect in the state."In 2016, New Yorkers were the victims of one of the highest data exposure rates in our state’s history," said Attorney General Eric Schneiderman in a statement released last week. "The total annual number of reported security breaches increased by 60% and the number of exposed personal records tripled."According to the report, the stolen data consisted overwhelmingly of Social Security numbers and financial account information, and hacking was the leading cause of the breaches. The 1,300 breaches involved the private data of 1.6 million state residents, and 81 percent of the breaches involved the loss of Social Security numbers or financial information.To read this article in full or to leave a comment, please click here
The price of a single Bitcoin passed that of an ounce of gold for the first time this month, and scammers were quick to get in on the action with Ponzi schemes and phishing sites spread via social media.Victims are lured in with fake Bitcoin wallets, fake Bitcoin search services, fake surveys about Bitcoin, too-good-to-be-true money making offers, and classic pyramid scams now dressed up with Bitcoins, according to a report released this week."The same characteristics that make Bitcoin attractive to people who want to make money distributing ransomware make it attractive to scammers," said Philip Tully, senior data scientist at security vendor ZeroFox, which published the report.To read this article in full or to leave a comment, please click here
The price of a single Bitcoin passed that of an ounce of gold for the first time this month, and scammers were quick to get in on the action with Ponzi schemes and phishing sites spread via social media.Victims are lured in with fake Bitcoin wallets, fake Bitcoin search services, fake surveys about Bitcoin, too-good-to-be-true money making offers, and classic pyramid scams now dressed up with Bitcoins, according to a report released this week."The same characteristics that make Bitcoin attractive to people who want to make money distributing ransomware make it attractive to scammers," said Philip Tully, senior data scientist at security vendor ZeroFox, which published the report.To read this article in full or to leave a comment, please click here
Last week, the Trump administration announced the appointment of a White House cybersecurity coordinator. That's a good first step, security experts say, but the government also needs to have a federal CISO."It's a big leadership vacancy," said Sanjay Beri, CEO and co-founder at cloud security vendor Netskope.The job of a federal CISO is very new -- it was only created last year and filled in September with the appointment of retired brigadier general Gregory Touhill. He was previously the deputy assistant secretary for cybersecurity and communications at the Department of Homeland Security.To read this article in full or to leave a comment, please click here
Maria Korolov