Companies were least prepared to assess the security risks of cloud and mobile technologies, according to a survey of cybersecurity professionals released this morning.Around 60 percent of companies were able to assess security risks in cloud environments, down 7 points compared to last year. Mobile devices scored at 57 percent, down by 8 percentage points compared to last year.Overall, the confidence levels of security professionals that their cyber defenses were meeting expectations dropped from 76 percent last year to 70 percent in this year's survey, according to the report, which was produced by Annapolis, M.D.-based CyberEdge Group, and sponsored by Tenable.To read this article in full or to leave a comment, please click here
Companies were least prepared to assess the security risks of cloud and mobile technologies, according to a survey of cybersecurity professionals released this morning.Around 60 percent of companies were able to assess security risks in cloud environments, down 7 points compared to last year. Mobile devices scored at 57 percent, down by 8 percentage points compared to last year.Overall, the confidence levels of security professionals that their cyber defenses were meeting expectations dropped from 76 percent last year to 70 percent in this year's survey, according to the report, which was produced by Annapolis, M.D.-based CyberEdge Group, and sponsored by Tenable.To read this article in full or to leave a comment, please click here
The capabilities of artificial intelligence and machine learning are accelerating, and many cybersecurity tasks currently performed by humans will be automated. There will still be plenty of work to go around so job prospects should remain good, especially for those who keep up with technology, broaden their skill sets, and get a better understanding of their company's business needs.Cybersecurity jobs won't go the way of telephone operators. Take, for example, Spain-based antivirus company Panda Security. When the company first started, there were a number of people reverse-engineering malicious code and writing signatures.To read this article in full or to leave a comment, please click here
In the wake of reports about Russian involvement in fake news and hacks against political targets leading up to the recent presidential election, scholars and security experts are calling for federal action.As of Sunday, 158 scholars have signed an open letter calling for a congressional investigation."Our country needs a thorough, public Congressional investigation into the role that foreign powers played in the months leading up to November," the letter said.Democrats in Congress have also called for an investigation, and were recently joined by Republican Sen. Lindsey Graham.To read this article in full or to leave a comment, please click here
In the wake of reports about Russian involvement in fake news and hacks against political targets leading up to the recent presidential election, scholars and security experts are calling for federal action.As of Sunday, 158 scholars have signed an open letter calling for a congressional investigation."Our country needs a thorough, public Congressional investigation into the role that foreign powers played in the months leading up to November," the letter said.Democrats in Congress have also called for an investigation, and were recently joined by Republican Sen. Lindsey Graham.To read this article in full or to leave a comment, please click here
Most cybercriminals make between $1,000 and $3,000 a month, but 20 percent earn $20,000 a month or more, according to a recent report.The data is based on a survey conducted by a closed underground community, said report author Andrei Barysevich, director of advanced collection at cybersecurity firm Recorded Future."We actually saw criminals who made way more than that, $50,000 to $200,000 a month," he said. "This is what they keep, this is not revenues, but pure profit. This is what they can spend on loose women, fast cars and nice clothes."To read this article in full or to leave a comment, please click here
Most cybercriminals make between $1,000 and $3,000 a month, but 20 percent earn $20,000 a month or more, according to a recent report.The data is based on a survey conducted by a closed underground community, said report author Andrei Barysevich, director of advanced collection at cybersecurity firm Recorded Future."We actually saw criminals who made way more than that, $50,000 to $200,000 a month," he said. "This is what they keep, this is not revenues, but pure profit. This is what they can spend on loose women, fast cars and nice clothes."To read this article in full or to leave a comment, please click here
The city of Lewiston, in north central Idaho, has a population of around 32,000 and an information systems budget of around $800,000 a year.But it wasn't too small for attackers. For example, the city council meetings, streamed online, were being watched by people in Russia."Why are they watching this?" said Danny Santiago, the city's information systems administrator.Then there were the phishing attempts."We are negotiating a $2 million contract for road work, and we had spearphishing attacks," he said. "Luckily it's a small town, and everyone knows everyone, so people called us."To read this article in full or to leave a comment, please click here
The city of Lewiston, in north central Idaho, has a population of around 32,000 and an information systems budget of around $800,000 a year.But it wasn't too small for attackers. For example, the city council meetings, streamed online, were being watched by people in Russia."Why are they watching this?" said Danny Santiago, the city's information systems administrator.Then there were the phishing attempts."We are negotiating a $2 million contract for road work, and we had spearphishing attacks," he said. "Luckily it's a small town, and everyone knows everyone, so people called us."To read this article in full or to leave a comment, please click here
Networked security cameras are the most likely to have vulnerabilities when it comes to securing Internet of Things devices in the enterprise, according to a new report by Zscaler."I would consider the entire video camera category as particularly dangerous," said Deepen Desai, director of security research at Zscaler.Take, for example, the Flir FX wireless HD monitoring camera.Researchers found that the camera communicated with the parent company in plain text and without authentication tokens.To read this article in full or to leave a comment, please click here
Networked security cameras are the most likely to have vulnerabilities when it comes to securing Internet of Things devices in the enterprise, according to a new report by Zscaler."I would consider the entire video camera category as particularly dangerous," said Deepen Desai, director of security research at Zscaler.Take, for example, the Flir FX wireless HD monitoring camera.Researchers found that the camera communicated with the parent company in plain text and without authentication tokens.To read this article in full or to leave a comment, please click here
Enterprises considering adopting public clouds are concerned about where their data is located and how it's protected, according to a new survey by IDG.Companies will have about 60 percent of their IT environment in public, private, or hybrid clouds, according to a survey of about 1,000 IT decision makers.Of those considering public cloud deployments, the top concerns were where data is stored, at 43 percent of respondents, and security, with 41 percent of respondents.And with all the high-profile hacks of well-known online brand names, it's no surprise.To read this article in full or to leave a comment, please click here
Advances in machine learning are making security systems easier to train and more flexible in dealing with changing conditions, but not all use cases are benefitting at the same rate.Machine learning, and artificial intelligence, has been getting a lot of attention lately and there's a lot of justified excitement about the technology.One of the side effects is that pretty much everything is now being relabeled as "machine learning," making the term extremely difficult to pin down. Just as the word "cloud" has come to mean pretty much anything that happens online, so "artificial intelligence" is rapidly moving to the point where almost anything involving a computer is getting that label slapped on it.To read this article in full or to leave a comment, please click here
Advances in machine learning are making security systems easier to train and more flexible in dealing with changing conditions, but not all use cases are benefitting at the same rate.Machine learning, and artificial intelligence, has been getting a lot of attention lately and there's a lot of justified excitement about the technology.One of the side effects is that pretty much everything is now being relabeled as "machine learning," making the term extremely difficult to pin down. Just as the word "cloud" has come to mean pretty much anything that happens online, so "artificial intelligence" is rapidly moving to the point where almost anything involving a computer is getting that label slapped on it.To read this article in full or to leave a comment, please click here
Three years after Target missed alerts warning them about a massive data breach, the amount of threat information coming in from security systems is still overwhelming for many companies, according to new reports, due to a lack of expertise and integration issues.Seventy percent of security pros said that their companies have problems taking actions based on threat intelligence because there is too much of it, or it is too complex, according to a report by Ponemon Research released on Monday. In particular, 69 percent said that their companies lacked staff expertise. As a result, only 46 percent said that incident responders used threat data when deciding how to respond to threats, and only 27 percent said that they were effective in using the data.To read this article in full or to leave a comment, please click here
Three years after Target missed alerts warning them about a massive data breach, the amount of threat information coming in from security systems is still overwhelming for many companies, according to new reports, due to a lack of expertise and integration issues.Seventy percent of security pros said that their companies have problems taking actions based on threat intelligence because there is too much of it, or it is too complex, according to a report by Ponemon Research released on Monday. In particular, 69 percent said that their companies lacked staff expertise. As a result, only 46 percent said that incident responders used threat data when deciding how to respond to threats, and only 27 percent said that they were effective in using the data.To read this article in full or to leave a comment, please click here
For most of us, pagers went out when cell phones came in, but some companies are still using them and when the messages are sent without encryption, attackers can listen in and even interfere with the communications.According to two new reports by Trend Micro, pagers are still in use in hospital settings and in industrial plants.Stephen Hilt, Trend Micro's lead researcher on the project, said they don’t have a concrete percentage on the number of encrypted messages.To read this article in full or to leave a comment, please click here
For most of us, pagers went out when cell phones came in, but some companies are still using them and when the messages are sent without encryption, attackers can listen in and even interfere with the communications.According to two new reports by Trend Micro, pagers are still in use in hospital settings and in industrial plants.Stephen Hilt, Trend Micro's lead researcher on the project, said they don’t have a concrete percentage on the number of encrypted messages.To read this article in full or to leave a comment, please click here
Despite all the news coverage about successful cyberattacks, developers are still writing code full of security vulnerabilities.Of course, nobody is perfect. We all make mistakes, and as software projects get more and more complex, it can be easy to mix potential problems.But that doesn't explain why so much software is full of the most basic errors.According to a report released this month by Veracode, 61 percent of all internally-developed applications failed a basic test of compliance with the OWASP Top 10 list on their first pass. And commercially developed software did even worse, with a 75 percent failure rate.These are basic, well-known problems, like SQL injections and cross-site scripting.To read this article in full or to leave a comment, please click here
Despite all the news coverage about successful cyberattacks, developers are still writing code full of security vulnerabilities.Of course, nobody is perfect. We all make mistakes, and as software projects get more and more complex, it can be easy to mix potential problems.But that doesn't explain why so much software is full of the most basic errors.According to a report released this month by Veracode, 61 percent of all internally-developed applications failed a basic test of compliance with the OWASP Top 10 list on their first pass. And commercially developed software did even worse, with a 75 percent failure rate.These are basic, well-known problems, like SQL injections and cross-site scripting.To read this article in full or to leave a comment, please click here
Maria Korolov