Cyber crime has been commercialized. Infecting computers with ransomware or using an advanced persistent threat to pilfer intellectual property no longer requires deep technical knowledge. Just use Google to learn how to access the Dark Web, and you can find hackers who, for a price, are more than happy to write malware, create highly effective spear phishing campaigns and develop bogus websites for harvesting login credentials.+ Also on Network World: DDoS-for-hire services thrive despite closure of major marketplace +
Major companies (think Fortune 500 organizations) understand that cyber crime as a service has changed how they handle defense. But for organizations still maturing their defensive measures, here’s what the transformation of cyber crime into an industry means for how you approach information security. To read this article in full or to leave a comment, please click here
So, you toss back a few drinks and decide now is the best time to “test” a 5-foot tall, 300-pound, egg-shaped security robot that is patrolling a Mountain View, California, parking lot. Although it might seem like a good idea when you are drunk, it might not be the best plan, considering it resulted in the arrest of 41-year-old man when he tried it.After Jason Sylvain assaulted Knightscope’s K5 Autonomous Data Machine in a parking lot, he was arrested and stands accused of “prowling and public intoxication.”Knightscope told ABC7, “It's a testament to the technology that police caught the aggressor and booked in him jail.”To read this article in full or to leave a comment, please click here
The Russian hacking group blamed for targeting U.S. and European elections has been breaking into email accounts, not only by tricking victims into giving up passwords, but by stealing access tokens too. It's sneaky hack that's particularly worrisome, because it can circumvent Google's 2-step verification, according to security firm Trend Micro. The group, known as Fancy Bear or Pawn Storm, has been carrying out the attack with its favored tactic of sending out phishing emails, Trend Micro said in a report Tuesday. To read this article in full or to leave a comment, please click here
If you're running a Windows Server 2003 machine, you have a problem. Your already-vulnerable computer is now at severe risk of being hacked.That's due to the internet release earlier this month of a batch of updates that paint a bulls-eye on computers running Windows Server 2003, according to security researchers.“I can teach my mom how to use some of these exploits,” said Jake Williams, founder of Rendition Infosec, a security provider. “They are not very complicated at all.”Experts are urging affected businesses to upgrade to the latest Windows OSes, which offer security patches that can address the threat.To read this article in full or to leave a comment, please click here
Security certificates are designed to authenticate hosts. Browsers have become pretty good about understanding chains of authorities, and making users accept the risk when websites can’t prove the chain of authorities needed to verify they are who they say they are.Sites masquerading as legitimate sites, however, employ sad little tricks, such as “punycode”—URL links embedded in otherwise official-looking phishing emails. These tricks are malicious. There are also sites that should be well-administrated but are not.Then there are sites, important sites, that botch their own security with certificates ostensibly granted by places such as the U.S. Department of Homeland Security (DHS).To read this article in full or to leave a comment, please click here
With workplace cyberattacks on the rise, industry experts are pressing businesses to train their workers to be more vigilant than ever to protect passwords and sensitive data and to recognize threats.“It is imperative for organizations of all sizes to instill among employees the critical role they play in keeping their workplace safe and secure,” said Michael Kaiser, executive director of the National Cyber Security Alliance, a group that promotes education on the safe and secure use of the internet. The group's members include such major technology companies as Cisco, Facebook, Google, Intel and Microsoft.To read this article in full or to leave a comment, please click here
Cisco this week took the wraps off three products aimed at increasing the speed of communications while controlling and analyzing the substantial data stream of the factory floor.The products build on Cisco’s Connected Factory portfolio which offers a variety of technologies from networking and security to analytics the company says will help customers quickly and more securely integrate industrial automation and control with business systems while improving industrial and manufacturing operational costs and efficiency.+More on Network World: Ethernet: Are there worlds left to conquer?+To read this article in full or to leave a comment, please click here
The global cybersecurity skills shortage continues to be a critical issue. For example, ESG research found 45% of organizations report a “problematic shortage” of cybersecurity skills today, more than any other area within IT.Want more? Here are a few tidbits from last year’s research project done in conjunction with the Information Systems Security Association (ISSA). In a survey of 437 cybersecurity professionals and ISSA members:
29% of cybersecurity professionals said the global cybersecurity skills shortage has had a significant impact on their organization. Another 40% said the global cybersecurity skills shortage has impacted their organization “somewhat.”
When asked to identify the impact of the cybersecurity skills shortage:
54% said it increased the cybersecurity staff’s workload
35% said their organization had to hire and train junior staff rather than hire people with the appropriate level of experience necessary
35% said the cybersecurity skills shortage has created a situation whereby the infosec team hasn’t had time to learn or use its security technologies to their full potential
While the cybersecurity skills shortage endures, the industry itself remains white hot. According to a recent Bloomberg business article, the cybersecurity industry is expected to grow about 7% a year through 2019 to Continue reading
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.Your help desk email and phones start lighting up. Your CIO is in your office looking stressed and staring at you. Quickly, you learn your company is the latest target of a ransomware attack.Logically, you shouldn’t be in this position. The latest detection software and data protection tactics are commonplace at your organization, intending to keep you out of this mess. Also, you have followed all best practices to ensure maximum data availability, so it’s likely your backups and disaster recovery sites were impacted as well. At this point, all that matters is that your data has been kidnapped, and you need to restore operations as soon as possible.To read this article in full or to leave a comment, please click here
Users of Webroot's endpoint security product, consumers and businesses alike, had a nasty surprise Monday when the program started flagging Windows files as malicious.The reports quickly popped up on Twitter and continued on the Webroot community forum -- 14 pages and counting. The company came up with a manual fix to address the issue, but many users still had problems recovering their affected systems.The problem is what's known in the antivirus industry as a "false positive" -- a case where a clean file is flagged as malicious and is blocked or deleted. False positive incidents can range in impact from merely annoying -- for example, when a program cannot run anymore -- to crippling, where the OS itself is affected and no longer boots.To read this article in full or to leave a comment, please click here
A Webroot antivirus signature update, which was supposedly live for only 13 minutes yesterday afternoon, flagged crucial Windows system files as malicious, causing chaos and 15 pages of customer complaints so far.The havoc began after Webroot flagged some Windows system files as the malware Win32.Trojan.Gen and moved key system files to quarantine. As legit files were shuffled around, thousands upon thousands of Webroot customers experienced OS errors or crashed Windows systems.To read this article in full or to leave a comment, please click here
The number of large-scale, highly damaging data breaches over the past few years has led some to believe the market is on its way to another systemic crisis, similar to the Great Recession.Corporate greed, lax risk management procedures and insufficient oversight by regulators contributed to the 2008 financial crisis. Likewise, the perception that cybersecurity is just another cost center coupled with organizations’ tendencies to implement bare minimum security measures could be paving the way for a systemic cybersecurity crisis. + Also on Network World: How CISOs should address their boards about security +
There is a widespread notion that cybersecurity is one more hurdle for executives to deal with that drains company resources. Cisco surveyed more than 1,000 executives, and 74 percent of participants said the main purpose of cybersecurity is to reduce risk rather than enable growth. This ideology that cybersecurity is costly, hinders productivity and is maintained based on a company decision maker’s level of paranoia is not just inaccurate, it is harmful. As a result, many organizations underinvest in their cybersecurity programs, implementing minimal security measures that may be obsolete in a few short years as cyber threats evolve and new attack vectors emerge. Continue reading
The open source Docker initiative has been nothing if not entertaining. Epic levels of intrigue, dastardly deeds and positioning seems to be the order of the day.Of particular interest is what the Docker ecosystem is doing, particularly how the third-party solution players deftly promise loyalty to Docker Inc. but also position themselves for survival in the increasingly likely eventuality that Docker (the company) will, in Silicon Valley parlance, eat their lunch.+ Also on Network World: Finding and protecting the crown jewels +
One interesting area is that of security as it relates to containerized applications. One vendor doing good work in the space is Twistlock. Twistlock describes itself as the industry’s first enterprise security suite for containers. Twistlock's technology addresses risks on the host and within the application of the container. In doing so, it gives enterprises the ability to consistently enforce security policies, monitor and audit activity, and identify and isolate threats in a container or cluster of containers. Twistlock's stated mission is to provide a full, enterprise-grade security stack for containers so organizations can confidently adopt and maximize the benefits of containers in their production environment.To read this article in full or to leave a Continue reading
There are two times you might have to talk to your organization’s board of directors about security: before a breach and after. Be sure you’ve had the former before you need to have the latter.The board of directors, whose duty it is to run the company in the long-term interest of the owners, needs to know you’ve taken prudent steps to protect the organization’s digital assets. That should mean the board wants to talk with you, the CISO, to learn firsthand what your department is doing to mitigate information security threats.+ Also on Network World: How to survive in the CISO hot seat +
Board members want a high-level picture of the threat landscape and a checklist of the measures you’ve taken and policies you’ve adopted to protect the organization. Your job is to provide the board with perspective and not necessarily details. A scorecard or checklist can be an effective visual and a good starting point for a discussion of the organization’s security measures. It lets you provide a high-level overview, and it gives you a road map for diving into details if the board asks for more information.To read this article in full or to Continue reading
Buying decisionsImage by ThinkstockThere are many factors to consider when making an application security purchasing decision, and the pressure is on organizations now more than ever to improve their security risk management preparedness. In fact, more than 80 percent of security attacks target software applications, with application vulnerabilities as the No.1 cyber-attack target. Organizations need a comprehensive application security toolkit to stay secure throughout the product lifecycle, and need to address key questions that can help them determine the right tools to address security risks.To read this article in full or to leave a comment, please click here
Buying decisionsImage by ThinkstockThere are many factors to consider when making an application security purchasing decision, and the pressure is on organizations now more than ever to improve their security risk management preparedness. In fact, more than 80 percent of security attacks target software applications, with application vulnerabilities as the No.1 cyber-attack target. Organizations need a comprehensive application security toolkit to stay secure throughout the product lifecycle, and need to address key questions that can help them determine the right tools to address security risks.To read this article in full or to leave a comment, please click here
It’s a good time to be a CISO. In a market where analysts say there are over 1 million unfilled job openings, and with demand expected to rise to 6 million globally by 2019 -- according to the Palo Alto Research Center, if you do a good job other opportunities are sure to follow.Indeed, such is the market, that - as we reported last year, even poor performing CISOs, dismissed from previous jobs, get handed new opportunities time and time again.To read this article in full or to leave a comment, please click here(Insider Story)
HipChat has reset all its users' passwords after what it called a security incident that may have exposed their names, email addresses and hashed password information.In some cases, attackers may have accessed messages and content in chat rooms, HipChat said in a Monday blog post. But this happened in no more than 0.05 percent of the cases, each of which involved a domain URL, such as company.hipchat.com.HipChat didn't say how many users may have been affected by the incident. The passwords that may have been exposed would also be difficult to crack, the company said. The data is hashed, or obscured, with the bcrypt algorithm, which transforms the passwords into a set of random-looking characters. For added security, HipChat "salted" each password with a random value before hashing it.To read this article in full or to leave a comment, please click here
When Microsoft asked customers last week for feedback on the portal that just replaced the decades-long practice of delivering detailed security bulletins, it got an earful from unhappy users."Hate hate hate the new security bulletin format. HATE," emphasized Janelle 322 in a support forum where Microsoft urged customers to post thoughts on the change. "I now have to manually transcribe this information to my spreadsheet to disseminate to my customers. You have just added 8 hours to my workload. Thanks for nothing."To read this article in full or to leave a comment, please click here
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.We’re in an era in which pre-packaged exploit services make it possible for the average Joe, with no technological experience or prowess, to launch intricate attacks on our environments. So, what can be done? Patching operating systems and applications is a surefire way to block some attacks. But you need to do more than blast out auto updates.Here are seven patch management best practices that take your organization’s cybersecurity to the next level:#1 Use a proper discovery service
You can’t secure what you don’t know about. The only way to know if a breach or vulnerability exists is to employ broad discovery capabilities. A proper discovery service entails a combination of active and passive discovery features and the ability to identify physical, virtual and on and off premise systems that access your network. Developing this current inventory of production systems, including everything from IP addresses, OS types and versions and physical locations, helps keep your patch management efforts up to date, and it’s important to inventory your network on a regular basis. If one computer Continue reading