Cybersecurity is an increasing concern in the enterprise as the number of high-profile breaches reported only grow each year. In 2015, there were a reported 781 data breaches in the U.S., making it the second highest year for security threats, according to data from the ISACA. And 40 percent of those data breaches happened in the business sector.So it's no surprise that Business Insider Intelligence reports an estimated $655 billion will be invested in cybersecurity initiatives between 2015 and 2020. However, in 2015, worldwide cybersecurity spending reached only $75.4 billion, according to Gartner, jumping to an estimated $2.77 trillion in 2016. Those numbers suggest that businesses are only just catching on to the importance of cybersecurity in the workplace, but are they too late?To read this article in full or to leave a comment, please click here
The DDoS attack against Dyn on Oct. 21 may not have been anything new or sophisticated to those steeped in cybersecurity, but it should serve as a significant wake-up call to retailers this holiday season and beyond, say experts. The hack — which led to vast consumer trouble loading major websites such as Etsy, AirBnB, Netflix and Twitter — was particularly notable because it appears to have relied on infecting internet of things (IoT) devices such as cameras, monitors and routers with software meant to flood targets with overwhelming traffic.[ Related: DDoS attack shows dangers of IoT 'running rampant' ]To read this article in full or to leave a comment, please click here
I cannot use an ATM these days without wondering if I am getting ripped off by a stealthy skimming device that has been placed inside the machine’s card slot. One reason for my concern is that for years now I have been reading with great interest a series of articles on the subject by security expert Brian Krebs, who posted another one just yesterday.This piece includes a couple of videos showing exactly how scammers insert and remove the skimmers from an ATM, as well as practical advice you can use to thwart those efforts:To read this article in full or to leave a comment, please click here
CSO Editor-in-Chief Joan Goodchild sits down with Kevin O'Brien, founder and CEO of GreatHorn, to discuss ways that security leaders can fend off spear phishing attempts aimed at the executives at their companies.
Cybersecurity needs to be a top priority for the administration of Donald Trump. The first task should be shoring up government IT systems. As recent attacks have shown, adversaries aren’t afraid to go after political organizations. There’s no reason to suspect they won’t continue to target political entities such as the Democratic National Committee or step up attacks on government agencies.Emphasize that information security applies to all agencies
Ideally, a cabinet meeting for all new secretaries should be held within three months of the inauguration to underscore that information security is essential for all agencies to complete their missions. Even secretaries whose agencies are not typically associated with either information security or IT need to be included.To read this article in full or to leave a comment, please click here
In the late 1990s, I was responsible for technical operations for a large healthcare organization. We supported more than 5,000 users across 50 locations and supported three distinct lines of business. We were a very progressive organization at the leading edge of technology innovation in healthcare.
It was not a simple operation.
Well, at least not for 1997. When I compare that environment to what IT leaders face today, however, a shudder of relief washes over me.
There is no point in whitewashing this: Managing the function of IT in my day was child’s play compared to the incredible diversity of challenges facing the modern IT leader. Is it so complex, in fact, that it cannot truly be managed?To read this article in full or to leave a comment, please click here
Japanese government officials have denied reports that a secure network used by the country's defense forces was attacked earlier this year.An attacker was able to break into the Ground Self-Defense Force's computer systems, sources at the Japanese Ministry of Defense told Kyodo News on Sunday. The ministry and the Self-Defense Forces discovered the attack in September, said the report, which was also relayed by The Japan Times.Kyodo's sources said the hack was believed to be the work of a nation state, and that information may have been leaked in the attack.To read this article in full or to leave a comment, please click here
New products of the weekImage by CAOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.CSTAR for Google ChromeImage by UpGuard To read this article in full or to leave a comment, please click here
San Francisco’s Muni transit system was reportedly hit by ransomware since Friday, leading to the message “You Hacked, ALL Data Encrypted” being displayed on the computer screens at stations, according to newspaper reports.The message asked that cryptom27 at yandex.com should be contacted for the key to unlock the data.Fare payment machines at stations also displayed that they were “out of service,” and San Francisco's Municipal Railway, widely known as Muni, was allowing free rides on its light-rail vehicles as it was unable to charge customers, according to the Examiner.To read this article in full or to leave a comment, please click here
The world became a slightly better place when Fidel Castro died. Unlike President Obama who said, “History will record and judge the enormous impact of this singular figure on the people and world around him,” President-elect Donald Trump bluntly called Catro a “brutal dictator” whose “legacy is one of firing squads, theft, unimaginable suffering, poverty and the denial of fundamental human rights.”Some unknown person with an internet connection also attempted to be blunt, expressing his or her opinion of Donald Trump via Google Maps; the President-elect’s transition headquarters was renamed to the Dump Tower on Google Maps.To read this article in full or to leave a comment, please click here
Amazon has kicked off Cyber Monday 2016 with a slew of sales this coming week on its own products, such as the Echo and Fire tablets, as well as on items from others, ranging from Exploding Kittens card sets to Nest thermostats.(Black Friday & Cyber Monday watchers such as BFads and Best Black Friday have been a big help in keeping tabs on deals.)To read this article in full or to leave a comment, please click here
The Wisconsin Elections Commission has decided to recount the votes in the state in the last U.S. presidential elections, after concerns were raised that the voting systems can be hacked.The recount, which was requested by Jill Stein, candidate of the Green Party for the U.S. presidential election, and Rocky Roque De La Fuente, another candidate, is expected to begin late next week, the Elections Commission said.“The Commission is preparing to move forward with a statewide recount of votes for President of the United States, as requested by these candidates,” administrator Michael Haas said in a statement Friday.Citing the hack of the Democratic National Committee of the Democratic Party in the run-up to the election and reports of breaches of voter registration databases in at least two states, Stein in her petition for recount wrote that Wisconsin uses both the optical scan and direct-recording electronic types of electronic voting machines, which are both susceptible to compromise.To read this article in full or to leave a comment, please click here
It may take several years or even decades, but hackers won't necessarily always be human. Artificial intelligence -- a technology that also promises to revolutionize cybersecurity -- could one day become the go-to hacking tool.
Organizers of the Cyber Grand Challenge, a contest sponsored by the U.S. defense agency DARPA, gave a glimpse of the power of AI during their August event. Seven supercomputers battled each other to show that machines can indeed find and patch software vulnerabilities.
Theoretically, the technology can be used to perfect any coding, ridding it of exploitable flaws. But what if that power was used for malicious purposes? The future of cyberdefense might also pave the way for a new era of hacking.To read this article in full or to leave a comment, please click here
Gus Khawaja
Most people assume Linux is secure, and that’s a false assumption. Imagine your laptop is stolen without first being hardened. A thief would probably assume your username is “root” and your password is “toor” since that’s the default password on Kali and most people continue to use it. Do you? I hope not.The negative career implications of choosing not to harden your Kali Linux host are severe, so I’ll share the necessary steps to make your Linux host secure, including how I use penetration testing and Kali Linux to get the job done. It’s important to note that, while they are many distributions (AKA distros) of Linux and each one differs from the command line perspective, the logic is the same. Use the following tips to harden your own Linux box.To read this article in full or to leave a comment, please click here(Insider Story)
Plans are afoot to build the U.K.'s first National College of Cyber Security at Bletchley Park, the birthplace of the country's wartime codebreaking efforts.It was at Bletchley Park that Colossus, the world's first electronic computer, was built during World War II to crack the Lorenz code used by the German high command. Bletchley is also where Alan Turing developed some of his mathematical theories of computing while working on breaking the enigma code.After the war the site fell into disrepair, but parts of it have been restored and now house the U.K.'s National Museum of Computing.To read this article in full or to leave a comment, please click here
Hillary Clinton, the apparent loser in the recent U.S. presidential race, should ask for voting recounts in three states, a group of voting security experts and election lawyers have said, and new results could swing the outcome of the election.There are outstanding questions about voting results in Pennsylvania, Wisconsin, and Michigan, where the initial counts have Clinton losing by 1.2 percent or less, the group has told her campaign.The group has so far given no concrete evidence of voting irregularities but is planning to release a report. One news report suggested significant differences in the margins of victory for Trump in Wisconsin in counties using electronic voting machines, compared to counties using paper ballots, but the group has not confirmed those concerns.To read this article in full or to leave a comment, please click here
The U.S. government has released what it claims is myth-busting data about the shortage of cybersecurity professionals. The data points to its own hiring experience.In October 2015, the U.S. launched a plan to hire 6,500 people with cybersecurity skills by January 2017, according to White House officials. It had hired 3,000 by the first half of this year. As part the ongoing hiring effort, it held a job fair in July.At the Department of Homeland Security (DHS), "We set out to dispel certain myths regarding cybersecurity hiring," wrote Angela Bailey, chief human capital officer at DHS in a blog post Monday.To read this article in full or to leave a comment, please click here
Fake news, online banking thefts and data breaches: It's no wonder that trust in the internet is at an all-time low. But don't worry: The Internet Society has a five-step plan for restoring faith in the network of networks.The first step is to put users first, according to ISOC, which published its 2016 Global Internet Report on Thursday. That involves being more transparent (step two) about risk and the incidence of data breaches and prioritizing data security (step three) to ensure breaches don't happen.ISOC isn't just a talking shop, it is also the organizational home of the Internet Engineering Task Force (IETF), source of many of the protocols and standards on which the internet relies. That adds weight to the more detailed recommendations on how to prioritize security contained in the ISOC report.To read this article in full or to leave a comment, please click here
Sometimes the truth hurts but you just have to face it. The internet advisory group BITAG lays it on the line for the IoT industry in a new report: No, consumers aren’t going to update the software on their devices.“It is safe to assume that most end users will never take action on their own to update software,” the Broadband Internet Technology Advisory Group said. Its recommendation: Build in mechanisms for automatic, secure updates.That bit of human nature is just one of the harsh realities BITAG acknowledges in the report, which came out on Tuesday. It also points out that some consumer IoT devices ship with weak built-in usernames and passwords like “admin” and “password,” can’t do authentication or encryption, or can easily be taken over by malware that turns them into bots.To read this article in full or to leave a comment, please click here
During Black Friday and Cyber Monday 2016, consumers should watch out for scams that come through spam, insecure public networks and apps that might seem legitimate but could be taking over your phones and computers, experts say.+ RELATED: How to dodge Black Friday schemes +Here are a dozen steps you can take to avoid becoming a victim.
Only download or buy apps from legitimate app stores.
Suspect apps that ask for too many permissions.
Check out the reputation of apps and particularly the app publisher.
Only enter credit card info on secure shopping portals.
Avoid using simple passwords, and use two-factor authentication if you can.
Be alert for poisoned search results when using search engines to find products.
Don’t install software that sites require before you can shop.
Don’t use free pubic Wi-Fi to make purchases.
Be suspicious of great deals you learn about via social media or emails and don’t click the links.
Turn off location services while shopping to minimize the potential personal data that could be compromised.
Make sure the connection to e-commerce sites is secured (HTTPS).
Double check the validity of the SSL certificate for the site.
To read this article in full or Continue reading