Left to chance, unless you happen to bump into someone leaving the building with a box full of documents, you might never catch an insider red-handed. That is where an insider risk team comes in — group of employees from various departments who have created policies that create a system to notice if those confidential items have left the building.“Insider risk is a real cybersecurity challenge. When a security professional or executive gets that call that there’s suspicious activity — and it looks like it’s someone on the inside who turned rogue — the organization needs to have the right policies and playbooks, technologies, and right team ready to go,” said Rinki Sethi, senior director of information security at Palo Alto Networks.To read this article in full or to leave a comment, please click here
Left to chance, unless you happen to bump into someone leaving the building with a box full of documents, you might never catch an insider red-handed. That is where an insider risk team comes in — group of employees from various departments who have created policies that create a system to notice if those confidential items have left the building.“Insider risk is a real cybersecurity challenge. When a security professional or executive gets that call that there’s suspicious activity — and it looks like it’s someone on the inside who turned rogue — the organization needs to have the right policies and playbooks, technologies, and right team ready to go,” said Rinki Sethi, senior director of information security at Palo Alto Networks.To read this article in full or to leave a comment, please click here
Just before the holidays, a company was faced with cutting the pay of their contracted janitors. That didn’t sit well with those employees.Threat actors saw an opportunity and pounced, convincing the possibly vengeful employees to turn on their employer. According to Verizon’s recent breach report, the threat actors gave any agreeable janitor a USB drive to quietly stick into any networked computer at the company. It was later found, but the damage was done.What were the responsibilities of any employees who witnessed this act? A thorough insider risk policy would have spelled it out. Here, security experts provide their insights on what makes for a successful insider risk policy.To read this article in full or to leave a comment, please click here(Insider Story)
Just before the holidays, a company was faced with cutting the pay of their contracted janitors. That didn’t sit well with those employees.To read this article in full or to leave a comment, please click here(Insider Story)
New products of the weekImage by Transition NetworksOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.ONLYOFFICE app for ownCloudImage by ascensioTo read this article in full or to leave a comment, please click here
New products of the weekImage by Transition NetworksOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.ONLYOFFICE app for ownCloudImage by ascensioTo read this article in full or to leave a comment, please click here
Biometrics in useImage by ThinkstockBiometrics falls into the third category of security modalities: (1) what we have: e.g. key, RFID card or ID card; (2) what we know: e.g. password, PIN, challenge/response answers like mother’s maiden name or first pet; and (3) what we are: e.g. biometrics, such as our fingerprint, face, iris, etc.To read this article in full or to leave a comment, please click here(Insider Story)
Many prognosticators have pronounced privacy a pipe dream. With the mountains of personal information on social networks and the lack of security awareness by many users, cybercriminals have more than a snowball’s chance to grab anyone’s identity.However, there are new ideas for counteracting identity theft that would take into account a person’s physical attributes to add another layer of security. The idea of using a fingerprint reader to log on to a smartphone isn't new, but the latest wrinkle is to incorporate the pressure with which that finger types on the phone.More than 41 million Americans have had their identities stolen, and millions more have had their personally identifiable information (PII) placed at risk through a data breach, according to a Bankrate.com survey of 1,000 adults conducted last month.To read this article in full or to leave a comment, please click here
Many prognosticators have pronounced privacy a pipe dream. With the mountains of personal information on social networks and the lack of security awareness by many users, cybercriminals have more than a snowball’s chance to grab anyone’s identity.However, there are new ideas for counteracting identity theft that would take into account a person’s physical attributes to add another layer of security. The idea of using a fingerprint reader to log on to a smartphone isn't new, but the latest wrinkle is to incorporate the pressure with which that finger types on the phone.More than 41 million Americans have had their identities stolen, and millions more have had their personally identifiable information (PII) placed at risk through a data breach, according to a Bankrate.com survey of 1,000 adults conducted last month.To read this article in full or to leave a comment, please click here
Industrial IoT explodingImage by ThinkstockThe number of connected devices is growing exponentially. In fact, current estimates from IDC Research predict IoT spending will reach $1.29 trillion by 2020. Although many of these are consumer devices (such as Fitbits or smartphones), the presence of IoT devices in industrial settings is skyrocketing as well, with manufacturing forecasted to be the industry making the largest investment in IoT. With this increased connectivity, the Industrial Internet of Things (IIoT) offers exciting possibilities for transforming many different industries – from industrial automation and manufacturing, to oil & gas and building security. By utilizing the IIoT, industrial companies can leverage technologies like big data analytics to optimize operations, improve efficiency and generate insights that can increase profitability and competitive advantage.To read this article in full or to leave a comment, please click here
Recovering from a ransomware attack doesn’t have to take daysImage by Eric E CastroIt’s one thing for a user’s files to get infected with ransomware, it’s quite another to have a production database or mission-critical application infected. But, restoring these databases and apps from a traditional backup solution (appliance, cloud or tape) will take hours or even days which can cost a business tens or hundreds of thousands of dollars. Dean Nicolls, vice president of marketing at Infrascale, shares some tangible ways disaster recovery as a service (DRaaS) can pay big dividends and quickly restore systems in the wake of a ransomware attack.To read this article in full or to leave a comment, please click here
Recovering from a ransomware attack doesn’t have to take daysImage by Eric E CastroIt’s one thing for a user’s files to get infected with ransomware, it’s quite another to have a production database or mission-critical application infected. But, restoring these databases and apps from a traditional backup solution (appliance, cloud or tape) will take hours or even days which can cost a business tens or hundreds of thousands of dollars. Dean Nicolls, vice president of marketing at Infrascale, shares some tangible ways disaster recovery as a service (DRaaS) can pay big dividends and quickly restore systems in the wake of a ransomware attack.To read this article in full or to leave a comment, please click here
In 2013 Charlie Miller and Chris Valesek showed how easy it was to take over a connected car. It was a monumental moment that made the auto industry stand up and take notice of the vulnerability of the connected cars they manufactured.Miller and Valesek were not maliciously running cars off the road, but they did give demonstrations so that the auto industry would begin to take security seriously. As seen in this video, the two researchers had the capability through their laptops to shut down the vehicle's engine on the highway or spew window washing fluid onto the windshield, which could startle an unsuspecting driver to perhaps jerk the wheel and hit another car. They identified more than seven major categories of remote attack surfaces, based on their study of 20 models (2014 to 2015) from different car manufacturers.To read this article in full or to leave a comment, please click here
In 2013 Charlie Miller and Chris Valesek showed how easy it was to take over a connected car. It was a monumental moment that made the auto industry stand up and take notice of the vulnerability of the connected cars they manufactured.Miller and Valesek were not maliciously running cars off the road, but they did give demonstrations so that the auto industry would begin to take security seriously. As seen in this video, the two researchers had the capability through their laptops to shut down the vehicle's engine on the highway or spew window washing fluid onto the windshield, which could startle an unsuspecting driver to perhaps jerk the wheel and hit another car. They identified more than seven major categories of remote attack surfaces, based on their study of 20 models (2014 to 2015) from different car manufacturers.To read this article in full or to leave a comment, please click here
Ransomware is running rampant. The SonicWall GRID Threat Network detected an increase from 3.8 million ransomware attacks in 2015 to 638 million in 2016. According to a Radware report, 49 percent of businesses were hit by a ransomware attack in 2016. Quite often the attacker asks for some amount of cybercurrency – usually Bitcoin – in exchange for providing a decryption key.To read this article in full or to leave a comment, please click here(Insider Story)
Ransomware is running rampant. The SonicWall GRID Threat Network detected an increase from 3.8 million ransomware attacks in 2015 to 638 million in 2016. According to a Radware report, 49 percent of businesses were hit by a ransomware attack in 2016. Quite often the attacker asks for some amount of cybercurrency – usually Bitcoin – in exchange for providing a decryption key.One question this raises is whether ransomware attacks would decrease if Bitcoin ceased to exist? Security experts answer that question with a resounding “no”, indicating that cybercriminals would just move on to another anonymous payment method to continue their extortion."Getting rid of Bitcoin to stop ransomware would be like the U.S. Government getting rid of $100 bills to try to stop drug dealers from laundering their dirty money. It’s not the right solution. Would it momentarily create a bump in the road for cyber attackers who are making millions off of ransomware? Absolutely, but only for a fleeting moment,” said Richard Henderson, global security strategist at Absolute.To read this article in full or to leave a comment, please click here(Insider Story)
A dangerous practice on the riseImage by Pexels“Shadow IT” refers to the too-common practice whereby managers select and deploy cloud services without the consent or even the knowledge of the IT department. These services act as extensions of the corporation but are steered entirely by groups that lack the knowledge or process to ensure they follow necessary guidelines, introducing security, compliance, and brand risk throughout the enterprise. Gartner predicts that by 2020, one-third of security breaches will come in through shadow IT services.To read this article in full or to leave a comment, please click here
A dangerous practice on the riseImage by Pexels“Shadow IT” refers to the too-common practice whereby managers select and deploy cloud services without the consent or even the knowledge of the IT department. These services act as extensions of the corporation but are steered entirely by groups that lack the knowledge or process to ensure they follow necessary guidelines, introducing security, compliance, and brand risk throughout the enterprise. Gartner predicts that by 2020, one-third of security breaches will come in through shadow IT services.To read this article in full or to leave a comment, please click here
New products of the weekImage by RiverbedOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Ambra for DevelopersImage by ambraTo read this article in full or to leave a comment, please click here
Ryan Francis