Hackers are writing apps, setting up phony Wi-Fi networks and unleashing malware in attempts to turn legitimate Black Friday 2016 and Cyber Monday retailing into profits for themselves, according to security experts.Bad actors are stealing personal information like passwords and credit card numbers, compromising computers and phones, and blackmailing retailers with hopes of lining their pockets, researchers say.For example, researchers at RiskIQ found frequent cases of criminals linking the names of legitimate brands to sketchy applications and Web sites in order to lure unsuspecting shoppers.They looked at five popular e-commerce brands to see how often their names appeared along with the term Black Friday in the titles or descriptions of black-listed applications. The research didn’t reveal the names of the retailers, but found that they lined up with bogus apps from 8.4% to 16% of the time.To read this article in full or to leave a comment, please click here
Depending on the size of the organization, the person who has the most impact on driving security advancement could be a C-level or board member, but non-executive administrators, and sometimes the one man IT/security show is the person paving the path.Whoever it is, every business needs someone who makes security not only a line item on the budget but also a part of the overall culture. More often than not, though, organizations prioritize security for one of two reasons.Josh Feinblum, vice president of information security at Rapid7 said,"Companies that care about security have either a progressive leadership team that believes it is important, or it is a company that has gone through a major event."To read this article in full or to leave a comment, please click here
Black Friday and Cyber Monday holiday shoppers using smartphones should beware of fake commerce apps and fake Wi-Fi hot spots inside malls, two security firms have warned.Hackers use these fakes to grab account numbers and sensitive personal information."Cyber criminals are increasing our risk of using mobile devices while shopping, whether it is Black Friday or Cyber Monday," warned Brian Duckering, mobility strategist for Skycure, an enterprise security firm, in a blog. "Going to physical stores and connecting to risky Wi-Fi networks, or shopping online both pose increasing risks we should all be aware of."To read this article in full or to leave a comment, please click here
Looking for a change of scenery in 2017? Image by ThinkstockWhile cybersecurity positions are plentiful in most major cities, thousands of cyber positions at all levels are waiting to be filled in less populated and often more scenic locales – and most offer a lower cost of living.Although larger corporations usually post the most job openings, “you’re most likely to find that you’re working at a smaller company” in these smaller cities, says Tim Herbert, senior vice president of research and market intelligence at CompTIA, the Computing Technology Industry Association. But the tradeoff will be broader responsibilities and more experience, he adds. “In smaller companies you take on more responsibilities with less specialization than in a large enterprise where roles are very well-defined.”To read this article in full or to leave a comment, please click here
The field of computer security has been around since the 1960s, and since then, practitioners have developed "a good understanding of the threat and how to manage it," say the authors of Security in Computing, 5th edition.But over the years the field has also developed a language of its own, which can present a challenge to newcomers.In the preface to the updated edition of this classic text, the authors make plain their intent to demystify the language of computer security. One good place to start: understanding the three things a malicious attacker needs to be successful.To read this article in full or to leave a comment, please click here(Insider Story)
The Association for Computing Machinery has changed the name of its annual award recognizing computing professionals for early-to-mid-career innovations from the ACM-Infosys Foundation Award to the ACM Prize in Computing, and boosted the value of the prize by $75K.Good call on the name change, which the ACM figures will raise awareness of the award and be more recognizable. Though not to be confused: the group's more famous AM Turing Award, given annually for major contributions of lasting importance to computing, is known informally as the "Nobel Prize of Computing". (See also: "Crypto dream team of Diffiie & Hellman wins 2016 'Nobel Prize of Computing'")To read this article in full or to leave a comment, please click here
What separates a great Major League Baseball hitter like David Ortiz from some run-of-the mill player? Great eyesight and intelligence. Ortiz sees more than others and takes all of the rich information he sees to make an intelligent, actionable decision to swing a baseball or not. While lots of players claim to do this, only a few have the right combination of the two to separate themselves from the field. The same thing can be said for IT security. It takes visibility across the entire attack spectrum, plus analytics and real-world insight, to provide actionable threat intelligence. Many vendors claim to have threat intelligence, but they operate by looking for anomalies in the network to flag something that might be a breach. This can be valuable, but it addresses only part of the security continuum. To read this article in full or to leave a comment, please click here
The Society for Information Management has announced that is reworking its annual SIMposium conference, which took place last month in Connecticut, and will come back in the spring of 2018 with an event dubbed SIM Connect Live.This year's event attracted hundreds of CIOs and other IT decision makers and business strategists to exchange thoughts on everything from leadership to risk management to the workforce of the future (See also: "CIO Security Lessons -- Dark thinking on IoT & exploding enterprise networks").To read this article in full or to leave a comment, please click here
The Society for Information Management has announced that is reworking its annual SIMposium conference, which took place last month in Connecticut, and will come back in the spring of 2018 with an event dubbed SIM Connect Live.
This year's event attracted just under 800 CIOs and other IT decision makers and business strategists to exchange thoughts on everything from leadership to risk management to the workforce of the future (See also: "CIO Security Lessons -- Dark thinking on IoT & exploding enterprise networks").To read this article in full or to leave a comment, please click here
When it comes to cybersecurity jobs, it is truly a seller’s market. According to ESG research published early this year, 46% of organizations report a problematic shortage of cybersecurity skills (note: I am an ESG employee). Additionally, a more recent research report from ESG and the Information Systems Security Association (ISSA) indicates that 46% of cybersecurity professionals are solicited by recruiters to consider another job at least once each week!The data indicates that there aren’t enough cybersecurity professionals around and those that are employed are in high demand. This puts a lot of pressure on CISOs and human resources people to make sure to keep their existing cybersecurity staff happy so they don’t walk out the door when they are barraged by headhunters’ calls. To read this article in full or to leave a comment, please click here
When it comes to cybersecurity jobs, it is truly a seller’s market. According to ESG research published early this year, 46% of organizations report a problematic shortage of cybersecurity skills (note: I am an ESG employee). Additionally, a more recent research report from ESG and the Information Systems Security Association (ISSA) indicates that 46% of cybersecurity professionals are solicited by recruiters to consider another job at least once each week!
The data indicates that there aren’t enough cybersecurity professionals around and those that are employed are in high demand. This puts a lot of pressure on CISOs and human resources people to make sure to keep their existing cybersecurity staff happy so they don’t walk out the door when they are barraged by headhunters’ calls. To read this article in full or to leave a comment, please click here
There was sad news over the weekend in the venture capital community, as New Enterprise Associate General Partner Harry Weller died in his sleep at the age of 46. Weller, who was not known to have had any illness, is survived by his wife and two sons."A renowned technology investor, champion of innovation and true partner to entrepreneurs, many knew Harry to be bold, brilliant and passionate," NEA says on a tribute to Weller on its website." To those who knew him best, he was equally remarkable for his kind heart and generous spirit. Harry was a deeply devoted father, husband and friend."MORE: Notable deaths in 2016 in technology, science & inventionsTo read this article in full or to leave a comment, please click here
Scams to keep an eye out forImage by ThinkstockIt always happens this time of year, an influx of holiday related scams circulating the interwebs. Scams don't wait for the holidays, but scammers do take advantage of the increased shopping and distraction when things get busy to take your money and personal information. Jon French, security analyst at AppRiver, warns you of six holiday threats to watch out for.To read this article in full or to leave a comment, please click here
Let's go shopping!Image by Diariocritico de VenezuelaAs far as theft and fraud are concerned, consumers face (and willingly accept) a moderate amount of risk when they shop online or out in their local neighborhoods. This holiday season is no different, but the risk is elevated some, because criminals are looking for easy marks and low-hanging fruit.To read this article in full or to leave a comment, please click here
Whether you are looking for a steal of deal on the latest and greatest gadgets or shopping to fulfill a loved one’s wish list, have you considered if the gadget is one of the most hackable?If not, then Intel Security has considered it for you and released its second annual McAfee Most Hackable Holiday Gifts list.The company first surveyed people to find out what average consumers plans to purchase and what they know about securing their new devices; the findings included that the average consumer lacks “awareness about the potential risks associated with emerging connected devices, such as drones (20%), children’s toys (15%), virtual reality tech (15%), and pet gifts (11%).”To read this article in full or to leave a comment, please click here
Make sure it is a holly jolly time of the yearAs IT Ops teams begin preparation for the upcoming holiday season, which in retail is the busiest time of the year for web traffic, the team at BigPanda along with some other vendors have prepared a checklist of the key factors IT Ops teams need to consider to ensure their IT infrastructure is ready.To read this article in full or to leave a comment, please click here
New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.BetterWorks Program AutopilotKey features: BetterWorks Program Autopilot helps enterprise customers automate goal setting and performance management program administration. Automated program reminders, timely communications and usage dashboards all ensure engagement and adoption without administrative overhead. More info.To read this article in full or to leave a comment, please click here
Aiming to boost its consumer security business, Symantec is acquiring LifeLock, a vendor of identity protection services, for US$2.3 billion in enterprise value.
The deal will create what the two companies described as the world’s largest consumer security business with over $2.3 billion in annual revenue based on last fiscal year revenue for both companies.
The immediate opportunity for Symantec comes from the large number of consumers worldwide that have been victims of cybercrime, generating as a result greater user concern in digital safety. The companies estimate the market at $10 billion, and growing in the high single digits. In the U.S. alone, the total addressable market is estimated to be about 80 million people.To read this article in full or to leave a comment, please click here
One and a half minutes is all it took after plugging in an internet-connected security camera for the camera be infected with malware.Unlike the average Jane or Joe Doe who would not want their security camera to be immediately infected with malware, Rob Graham, CEO of Errata Security, called it “fun” to watch the infection happen. He tweet-documented his experience.Graham purchased an inexpensive device – this $55 IoT security camera made by JideTech.To read this article in full or to leave a comment, please click here
Michael Flynn, the man President-elect Donald Trump plans to name as U.S. national security advisor, believes the government is falling behind on cybersecurity.
Trump named Flynn to his cabinet on Friday after the former military intelligence leader acted as the top military advisor to Trump's presidential campaign. Flynn previously was director of the Defense Intelligence Agency and has served in U.S. intelligence operations in Afghanistan and Iraq.
Flynn holds strong views on cybersecurity. He’s called U.S. cyber capabilities “underwhelming.”
“We have competitors out there that are rapidly catching up with us,” he said in a speech posted online last year. In 2014, after retiring as a general, he started a consulting firm called Flynn Intel Group that specializes in preventing cyber threats for clients.To read this article in full or to leave a comment, please click here