Ransomware has been a growing threat for a couple of years now. More than 4,000 ransomware attacks have occurred every day since the beginning of 2016, according to an FBI report. So, it was no surprise to find it in the headlines again recently. The WannaCry ransomware attack proved to be one of the most successful and widespread to date -- it took a single day to infect more than 230,000 computers across more than 150 countries.WannaCry was able to spread so effectively because of a known vulnerability that Microsoft patched back in March. Organizations that fell victim had failed to patch, and many lacked basic security protections and working backups. Analyzing in the aftermath it’s clear that we have a problem. We already know exactly how to guard against ransomware, the problem is that many organizations aren’t doing it.To read this article in full or to leave a comment, please click here
The meteoric rise of cybercrime has caught many organizations unawares. Malware has spread from PCs to smartphones, phishing scams have grown more sophisticated, and ransomware is running rampant.You can hire hackers and botnets, or buy cybercrime software, complete with technical support, all too easily. The rapidly expanding Internet of Things is woefully insecure, creating many more access points that can be exploited by hackers.To read this article in full or to leave a comment, please click here
The meteoric rise of cybercrime has caught many organizations unawares. Malware has spread from PCs to smartphones, phishing scams have grown more sophisticated, and ransomware is running rampant.You can hire hackers and botnets, or buy cybercrime software, complete with technical support, all too easily. The rapidly expanding Internet of Things is woefully insecure, creating many more access points that can be exploited by hackers.To read this article in full or to leave a comment, please click here
Modern businesses must be agile, flexible and innovative. Business leaders are always looking for the next opportunity and speed is of the essence. Whether they’re looking to scale up quickly for a new project, or seeking to harness the benefits of the latest and greatest technology, it’s often necessary to go beyond company walls and sign up with a vendor for new software or services.You may have spent considerable resources to ensure that your security is strong, but what about your third-party vendors? We’ve discussed how cybersecurity is only as strong the weakest link before, but sometimes that weak link is a partner.To read this article in full or to leave a comment, please click here
Modern businesses must be agile, flexible and innovative. Business leaders are always looking for the next opportunity and speed is of the essence. Whether they’re looking to scale up quickly for a new project, or seeking to harness the benefits of the latest and greatest technology, it’s often necessary to go beyond company walls and sign up with a vendor for new software or services.You may have spent considerable resources to ensure that your security is strong, but what about your third-party vendors? We’ve discussed how cybersecurity is only as strong the weakest link before, but sometimes that weak link is a partner.To read this article in full or to leave a comment, please click here
There are two times you might have to talk to your organization’s board of directors about security: before a breach and after. Be sure you’ve had the former before you need to have the latter.The board of directors, whose duty it is to run the company in the long-term interest of the owners, needs to know you’ve taken prudent steps to protect the organization’s digital assets. That should mean the board wants to talk with you, the CISO, to learn firsthand what your department is doing to mitigate information security threats.+ Also on Network World: How to survive in the CISO hot seat +
Board members want a high-level picture of the threat landscape and a checklist of the measures you’ve taken and policies you’ve adopted to protect the organization. Your job is to provide the board with perspective and not necessarily details. A scorecard or checklist can be an effective visual and a good starting point for a discussion of the organization’s security measures. It lets you provide a high-level overview, and it gives you a road map for diving into details if the board asks for more information.To read this article in full or to Continue reading
There are two times you might have to talk to your organization’s board of directors about security: before a breach and after. Be sure you’ve had the former before you need to have the latter.The board of directors, whose duty it is to run the company in the long-term interest of the owners, needs to know you’ve taken prudent steps to protect the organization’s digital assets. That should mean the board wants to talk with you, the CISO, to learn firsthand what your department is doing to mitigate information security threats.+ Also on Network World: How to survive in the CISO hot seat +
Board members want a high-level picture of the threat landscape and a checklist of the measures you’ve taken and policies you’ve adopted to protect the organization. Your job is to provide the board with perspective and not necessarily details. A scorecard or checklist can be an effective visual and a good starting point for a discussion of the organization’s security measures. It lets you provide a high-level overview, and it gives you a road map for diving into details if the board asks for more information.To read this article in full or to Continue reading
High-profile hacking attacks might dominate the headlines, but one of the biggest risks to your security isn’t software vulnerabilities or malware—it’s phishing attacks. There were more than 1.2 million phishing attacks last year alone, up 65 percent over 2015, according to the Anti-Phishing Working Group (APWG).+ Also on Network World: 25% to 30% of users struggle with identifying phishing threats, study says +
Phishing attacks usually come in the form of a fake email that appears to be from a legitimate source, such as your bank, employer or a website you use frequently. The idea is to get you to hand over the keys to your accounts by prompting you to type your login details and password into a fake website front. Victims click the link in an email and get taken to a website that looks just like the real thing, but in reality, it has been created to steal information.To read this article in full or to leave a comment, please click here
High-profile hacking attacks might dominate the headlines, but one of the biggest risks to your security isn’t software vulnerabilities or malware—it’s phishing attacks. There were more than 1.2 million phishing attacks last year alone, up 65 percent over 2015, according to the Anti-Phishing Working Group (APWG).+ Also on Network World: 25% to 30% of users struggle with identifying phishing threats, study says +
Phishing attacks usually come in the form of a fake email that appears to be from a legitimate source, such as your bank, employer or a website you use frequently. The idea is to get you to hand over the keys to your accounts by prompting you to type your login details and password into a fake website front. Victims click the link in an email and get taken to a website that looks just like the real thing, but in reality, it has been created to steal information.To read this article in full or to leave a comment, please click here
The theft of unstructured data is extremely common. It can be very difficult to safeguard emails and files when a lot of people have access. Even the CIA is not immune, judging by the recent exposure of its hacking tools via WikiLeaks. It’s ironic that the CIA’s hacking guides have been hacked, but it just goes to show how difficult it can be to prevent.Carelessly handled unstructured data is an easy target, and it can prove very valuable for hackers. Since unstructured data may not be monitored, attacks and successful exfiltrations often go unnoticed for long periods.To read this article in full or to leave a comment, please click here
The theft of unstructured data is extremely common. It can be very difficult to safeguard emails and files when a lot of people have access. Even the CIA is not immune, judging by the recent exposure of its hacking tools via WikiLeaks. It’s ironic that the CIA’s hacking guides have been hacked, but it just goes to show how difficult it can be to prevent.Carelessly handled unstructured data is an easy target, and it can prove very valuable for hackers. Since unstructured data may not be monitored, attacks and successful exfiltrations often go unnoticed for long periods.To read this article in full or to leave a comment, please click here
The tech world moves at a tremendous pace, unleashing wave after wave of innovation intended to improve our everyday lives. Many new devices, from security cameras to fridges, or TVs to baby monitors, are now internet connected. This affords us remote access and facilitates the collection of data, which is ostensibly used to make our systems “smarter.”However, it also opens new doors into our offices and homes through which hackers can come uninvited.There were around 6.4 billion connected things in use worldwide in 2016, and that’s set to grow to 8.4 billion this year, according to Gartner. There’s no doubt that the Internet of Things (IoT) will bring many benefits, but it also brings greater risk.To read this article in full or to leave a comment, please click here
The tech world moves at a tremendous pace, unleashing wave after wave of innovation intended to improve our everyday lives. Many new devices, from security cameras to fridges, or TVs to baby monitors, are now internet connected. This affords us remote access and facilitates the collection of data, which is ostensibly used to make our systems “smarter.”However, it also opens new doors into our offices and homes through which hackers can come uninvited.There were around 6.4 billion connected things in use worldwide in 2016, and that’s set to grow to 8.4 billion this year, according to Gartner. There’s no doubt that the Internet of Things (IoT) will bring many benefits, but it also brings greater risk.To read this article in full or to leave a comment, please click here
Modern software development is firmly focused on speed. The race to be first in the market is extremely competitive. To innovate, companies develop at breakneck pace, quickly establishing feedback loops that allow them to hone their software. Security, however, is often an afterthought for stressed developers and the business people pushing them to deliver faster.The importance of application security (AppSec) is widely understood, with 97 percent of respondents to the SANS Institute’s 2016 State of Application Security report revealing they have an AppSec program in place.To read this article in full or to leave a comment, please click here
Modern software development is firmly focused on speed. The race to be first in the market is extremely competitive. To innovate, companies develop at breakneck pace, quickly establishing feedback loops that allow them to hone their software. Security, however, is often an afterthought for stressed developers and the business people pushing them to deliver faster.The importance of application security (AppSec) is widely understood, with 97 percent of respondents to the SANS Institute’s 2016 State of Application Security report revealing they have an AppSec program in place.To read this article in full or to leave a comment, please click here
Back when Apple was the plucky young upstart that dared to be different, the Mac was the machine for creative types and there was a perception that it wasn’t a target for hackers because of its cultural cool factor.You would expect the same rules to apply to the legalized marijuana market, but a major hack attack on a pot dispensary last month set that notion up in smoke.MJ Freeway, providers of popular medical marijuana tracking software, suffered a point-of-sale system hack that left over 1,000 marijuana dispensaries across 23 states unable to track their sales and inventories. Because of the state regulations regarding the sale of marijuana, some dispensaries were forced to close early or shut their doors completely. The disruption lasted weeks and caused patients to suffer long delays with obtaining access to their medicine.To read this article in full or to leave a comment, please click here
Back when Apple was the plucky young upstart that dared to be different, the Mac was the machine for creative types and there was a perception that it wasn’t a target for hackers because of its cultural cool factor.You would expect the same rules to apply to the legalized marijuana market, but a major hack attack on a pot dispensary last month set that notion up in smoke.MJ Freeway, providers of popular medical marijuana tracking software, suffered a point-of-sale system hack that left over 1,000 marijuana dispensaries across 23 states unable to track their sales and inventories. Because of the state regulations regarding the sale of marijuana, some dispensaries were forced to close early or shut their doors completely. The disruption lasted weeks and caused patients to suffer long delays with obtaining access to their medicine.To read this article in full or to leave a comment, please click here
The threat of a targeted attack for any business is real and substantial. It's vital to ensure that your organization can identify constantly evolving threats, find abnormal and suspicious activity, and take effective action to keep your data safe.
Consider that, on average, attackers are in a network for more than 140 days before they're detected, and 60% of network intrusions are eventually traced back to credentials, according to according to Microsoft.
Most successful targeted attacks follow six steps or stages, though it's important to remember that these steps often run in parallel. Multifaceted attacks are common, so a robust threat response plan should address all six steps and avoid jumping to conclusions.To read this article in full or to leave a comment, please click here
Last November, detectives investigating a murder case in Bentonville, Arkansas, accessed utility data from a smart meter to determine that 140 gallons of water had been used at the victim’s home between 1 a.m. and 3 a.m. It was more water than had been used at the home before, and it was used at a suspicious time—evidence that the patio area had been sprayed down to conceal the murder scene.As technology advances, we have more detailed data and analytics at our fingertips than ever before. It can potentially offer new insights for crime investigators.One area crying out for more insight is cybersecurity.By 2020, 60 percent of digital businesses will suffer a major service failure due to the inability of IT security teams to manage digital risk, according to Gartner. If we pair all this new Internet of Things (IoT) data with artificial intelligence (AI) and machine learning, there’s scope to turn the tide in the fight against cybercriminals.To read this article in full or to leave a comment, please click here
Last November, detectives investigating a murder case in Bentonville, Arkansas, accessed utility data from a smart meter to determine that 140 gallons of water had been used at the victim’s home between 1 a.m. and 3 a.m. It was more water than had been used at the home before, and it was used at a suspicious time—evidence that the patio area had been sprayed down to conceal the murder scene.As technology advances, we have more detailed data and analytics at our fingertips than ever before. It can potentially offer new insights for crime investigators.One area crying out for more insight is cybersecurity.By 2020, 60 percent of digital businesses will suffer a major service failure due to the inability of IT security teams to manage digital risk, according to Gartner. If we pair all this new Internet of Things (IoT) data with artificial intelligence (AI) and machine learning, there’s scope to turn the tide in the fight against cybercriminals.To read this article in full or to leave a comment, please click here
Michelle Drolet