Author Archives: Help Net Security

Dealing with a system launch: It requires more than just testing

Rolling out new IT systems or software can be a challenge and fraught with issues from day one – and the recent IT crisis with TSB has shown how damaging these can be if managed poorly. A lack of pre-launch tests has been raised as a potential cause of immediate failures, but it would be simplistic to suggest that this would completely eliminate the problems that companies encounter following a system launch. A successful launch … More

The post Dealing with a system launch: It requires more than just testing appeared first on Help Net Security.

Cyber Chief Magazine: GDPR Winning Moves

This issue delivers a ready-to-use GDPR kit packed full of how-to’s and practical tips that companies need to implement so they don’t end up on the wrong side of an audit. You’ll get the actionable insights you need today, without unnecessary compliance theory. Content in this edition: GDPR Confusion: 7 Common Myths Busted How to Jump-Start GDPR Risk Assessment GDPR Fines: What Should You Expect? …and more!

The post Cyber Chief Magazine: GDPR Winning Moves appeared first on Help Net Security.

Cybersecurity no longer top risk for telecom industry

Telecommunications executives have relegated disruption from new technologies to third place in their risk top 5: the number one risk identified by 60 telecom companies surveyed right now is exchange rate volatility, according to phone companies and internet providers. This latest edition of the BDO 2018 Telecommunications Risk Factor Survey ranks the 5 most significant risks facing telecoms companies as follows: Exchange rate/foreign currency changes Increased competition The fast arrival of new technologies Access to … More

The post Cybersecurity no longer top risk for telecom industry appeared first on Help Net Security.

Capturing the conscience of the computing profession

After a two-year process that included extensive input from computing professionals around the world, ACM, the Association for Computing Machinery, has updated its Code of Ethics and Professional Conduct. The revised Code of Ethics addresses the significant advances in computing technology and the growing pervasiveness of computing in all aspects of society since it was last updated in 1992. ACM’s Code of Ethics is considered the standard for the computing profession, and has been adopted … More

The post Capturing the conscience of the computing profession appeared first on Help Net Security.

How hackers exploit critical infrastructure

The traditional focus of most hackers has been on software, but the historical focus of crime is on anything of value. It should come as no surprise, therefore, that as operational technology (OT) and industrial control system (ICS) infrastructure have become much more prominent components of national critical infrastructure, that malicious hacking activity would be increasingly targeted in this direction. It also stands to reason that the salient aspects of hacking – namely, remote access, … More

The post How hackers exploit critical infrastructure appeared first on Help Net Security.

Retail data breaches continue to reach new highs

Thales announced the results of its 2018 Thales Data Threat Report, Retail Edition. According to U.S. retail respondents, 75% of retailers have experienced a breach in the past compared to 52% last year, exceeding the global average. U.S retail is also more inclined to store sensitive data in the cloud as widespread digital transformation is underway, yet only 26% report implementing encryption – trailing the global average. Year-over-year breach rate takes a turn for the … More

The post Retail data breaches continue to reach new highs appeared first on Help Net Security.

Inside look at lifecycle of stolen credentials and extent of data breach damage

Shape Security released its Credential Spill Report, shedding light on the extent to which the consumer banking, retail, airline and hospitality industries are impacted by credential stuffing attacks and account takeover. The report analyzes attacks that took place in 2017 and reveals 2.3 billion account credentials were compromised as a result of 51 independent credential spill incidents. Credential stuffing collectively costs U.S. businesses over $5 billion a year. When usernames and passwords are exposed, or … More

The post Inside look at lifecycle of stolen credentials and extent of data breach damage appeared first on Help Net Security.

Attention all passengers: Airport networks are putting you at risk!

Coronet released a report identifying San Diego International Airport, John Wayne Airport-Orange County (CA) International Airport and Houston’s William P. Hobby International Airport as America’s most cyber insecure airports. The purpose of the report is to inform business travelers of how insecure airport Wi-Fi can inadvertently put the integrity and confidentiality of their essential cloud-based work apps (G-Suite, Dropbox, Office 365, etc.) at risk, and to educate all other flyers on the dangers of connecting … More

The post Attention all passengers: Airport networks are putting you at risk! appeared first on Help Net Security.

Video: Network Critical’s SmartNA-PortPlus Network Packet Broker

Network Critical’s innovative SmartNA-PortPlus Network Packet Broker bridges the gap between todays ultra high speed networks and existing management, monitoring and security tools. The SmartNA-PortPlus provides up to 48 ports of 10/25Gbps plus 6 ports of 40/100Gbps in a non-blocking single RU chassis, enabling users to interconnect different network protection and monitoring tools quickly and easily. Beyond server ready high speed connectivity for security and monitoring tools, the SmartNA-PortPlus is also a feature rich traffic … More

The post Video: Network Critical’s SmartNA-PortPlus Network Packet Broker appeared first on Help Net Security.

Free training courses on DDoS protection, from introduction to mitigation

The DDoS Protection Bootcamp is the first online portal to provide in-depth technical training in the field of DDoS protection. If you’re involved in IT security or network operations, you know that DDoS attacks are a problem that’s not going away. Recent studies indicate that almost 75% of organizations have suffered at least one attack over the past 12 months. What’s inside? This comprehensive quiz-based training course, available at both the Basic and Advanced levels, … More

The post Free training courses on DDoS protection, from introduction to mitigation appeared first on Help Net Security.

How to use the cloud to improve your technology training

Anyone who has tried to hire an IT expert knows that the shortage of qualified people is real. We’re not just talking about IT security jobs, either. Almost every area of tech faces a skills shortage that threatens to sap productivity and presents challenges to IT departments of all sizes. Informal on-the-job training has been the norm for most IT teams. However, the rise of cyberthreats and the pace at which they arise leaves companies … More

The post How to use the cloud to improve your technology training appeared first on Help Net Security.

Only 65% of organizations have a cybersecurity expert

Despite 95 percent of CIOs expecting cyberthreats to increase over the next three years, only 65 percent of their organizations currently have a cybersecurity expert, according to a survey from Gartner. The survey also reveals that skills challenges continue to plague organizations that undergo digitalization, with digital security staffing shortages considered a top inhibitor to innovation. Gartner’s 2018 CIO Agenda Survey gathered data from 3,160 CIO respondents in 98 countries and across major industries, representing … More

The post Only 65% of organizations have a cybersecurity expert appeared first on Help Net Security.

Digital transformation will help cloud service providers increase revenue

A new IDC survey found that cloud service providers have a high degree of confidence in their business outlook as a result of very strong customer demand for cloud services to enable digital transformation. “Cloud service providers around the world are rapidly changing their business models in response to unprecedented customer demand, offering a mix of new cloud infrastructure, application, and managed services as part of an agile investment strategy,” said Rory Duncan, research vice … More

The post Digital transformation will help cloud service providers increase revenue appeared first on Help Net Security.

World powers equip, train other countries for surveillance

Privacy International has released a report that looks at how powerful governments are financing, training and equipping countries with surveillance capabilities. Countries with powerful security agencies are spending literally billions to equip, finance, and train security and surveillance agencies around the world — including authoritarian regimes. This is resulting in entrenched authoritarianism, further facilitation of abuse against people, and diversion of resources from long-term development programmes. Global government surveillance Examples from the report include: In 2001, the US … More

The post World powers equip, train other countries for surveillance appeared first on Help Net Security.

Many infosec professionals reuse passwords across multiple accounts

Lastline announced the results of a survey conducted at Infosecurity Europe 2018, which suggests that 45 percent of infosec professionals reuse passwords across multiple user accounts – a basic piece of online hygiene that the infosec community has been attempting to educate the general public about for the best part of a decade. The research also suggested that 20 percent of security professionals surveyed had used unprotected public WiFi in the past, and 47 percent … More

The post Many infosec professionals reuse passwords across multiple accounts appeared first on Help Net Security.

Zero login: Fixing the flaws in authentication

Passwords, birth certificates, national insurance numbers and passports – as well as the various other means of authentication, that we have relied upon for the past century or more to prove who we are to others – can no longer be trusted in today’s digital age. That’s because the mishandling of these types of personally identifiable information (PII) documents from birth, along with a string of major digital data breaches that have taken place in … More

The post Zero login: Fixing the flaws in authentication appeared first on Help Net Security.

26,000 electronic devices are lost on London Transport in one year

Commuters lost over 26,000 electronic devices on London’s Transport for London (TFL) network last year, new research from the think tank Parliament Street has revealed. The findings reveal that 26,272 devices were reported lost on the network of tubes, trains and buses between April 2017 and April 2018. The report contains further security analysis on the risks lost devices pose for fraudulent activity, identity verification and data security for UK businesses. The data revealed that … More

The post 26,000 electronic devices are lost on London Transport in one year appeared first on Help Net Security.

Most executives trust cloud-based systems to keep account payables secure

WEX released the results of a third-party survey to gauge views of the payments-processing ecosystem from chief financial officers and senior financial executives across the globe. The survey of more than 900 CFOs and senior financial executives from the U.S., Europe and Asia/Oceana revealed that strong faith in the cloud prevails in this group. Large majorities of surveyed executives (the lowest is Asia, with 76 percent) trust cloud-based systems more than locally hosted ERP/AP systems … More

The post Most executives trust cloud-based systems to keep account payables secure appeared first on Help Net Security.

George Gerchow, CSO at Sumo Logic: Our DevSecOps strategy

Sumo Logic was founded in 2010 by experts in log management, scalable systems, big data, and security. Today, their purpose-built, cloud-native service analyzes more than 100 petabytes of data, more than 16 million searches, and delivers 10s of millions of insights daily – positioning Sumo among the most powerful machine data analytics services in the world. In this podcast, George Gerchow, CSO with Sumo Logic, talks about their DevSecOps strategy. Here’s a transcript of the … More

The post George Gerchow, CSO at Sumo Logic: Our DevSecOps strategy appeared first on Help Net Security.

Magecart presents an unprecedented threat: Here’s what you can do

Recently we learned that the previously disclosed Ticketmaster UK breach from a few weeks ago was not a one-off event but instead part of a widespread website digital credit card skimming operation that impacted over 800 ecommerce sites around the world. On the surface, even an attack of this size isn’t necessarily out of the norm in today’s threat landscape of highly sophisticated actors. However, if we consider the true impact of this event it … More

The post Magecart presents an unprecedented threat: Here’s what you can do appeared first on Help Net Security.

Only 20% of companies have fully completed their GDPR implementations

Key findings from a survey conducted by Dimensional Research highlight that only 20% of companies surveyed believe they are GDPR compliant, while 53% are in the implementation phase and 27% have not yet started their implementation. EU (excluding UK) companies are further along, with 27% reporting they are compliant, versus 12% in the U.S. and 21% in the UK. While many companies have significant work to do, 74% expect to be compliant by the end … More

The post Only 20% of companies have fully completed their GDPR implementations appeared first on Help Net Security.

86% of enterprises have adopted a multi-cloud strategy

Based on a global survey of 727 cloud technology decision makers at businesses with more than 1,000 employees, Forrester Consulting found how shifting business priorities are driving enterprises to adopt multi-cloud strategies. According to the study, a vast majority (86 percent) of respondents describe their current cloud strategy as multi-cloud, with performance and innovation rising above cost savings as the top measures of success. In addition, 60 percent of enterprises are now moving or have … More

The post 86% of enterprises have adopted a multi-cloud strategy appeared first on Help Net Security.

Week in review: The OT/ICS landscape for cyber professionals, putting the Sec into DevSecOps

Here’s an overview of some of last week’s most interesting news: How to allocate budget for a well-rounded cybersecurity portfolio What should a well-rounded cybersecurity portfolio look like? Android devices with pre-installed malware sold in developing markets New low-end Android smartphone devices being sold to consumers in developing markets, many of whom are coming online for the first time, contain pre-installed malware, according to Upstream. An overview of the OT/ICS landscape for cyber professionals Most … More

The post Week in review: The OT/ICS landscape for cyber professionals, putting the Sec into DevSecOps appeared first on Help Net Security.

An overview of the OT/ICS landscape for cyber professionals

Most cyber security professionals take for granted the information technology or IT nature of their work. That is, when designing cyber protections for some target infrastructure, it is generally presumed that protections are required for software running on computers and networks. The question of whether some system is digital or even computerized would seem to have been last relevant to ask in 1970. We all presume that everything is software on CPUs. The problem is … More

The post An overview of the OT/ICS landscape for cyber professionals appeared first on Help Net Security.

Want to avoid GDPR fines? Adjust your IT procurement methods

Gartner said many organizations are still not compliant with GDPR legislation even though it has been in force since May 2018. This is because they have not properly audited data handling within their supplier relationships. Sourcing and vendor management (SVM) leaders should, therefore, review all IT contracts to minimise potential financial and reputation risks. “SVM leaders are the first line of defense for organizations whose partners and suppliers process the data of EU residents on … More

The post Want to avoid GDPR fines? Adjust your IT procurement methods appeared first on Help Net Security.

IoT security spend to reach $6 billion by 2023

A new study from Juniper Research found that spending on IoT cybersecurity solutions is set to reach over $6 billion globally by 2023. It highlighted rapid growth, with spending by product and service providers (in consumer markets) and end-customers (in industrial and public services markets) to rise nearly 300% over the forecast period. Marked differences across markets Juniper claimed that there are major differences in the way in which IoT business risk is perceived and … More

The post IoT security spend to reach $6 billion by 2023 appeared first on Help Net Security.

42% of organizations globally hit by cryptomining attacks

Cybercriminals are aggressively targeting organizations using cryptomining malware to develop illegal revenue streams, according to Check Point. Meanwhile, cloud infrastructures appear to be the growing target among threat actors. Most prevalent malware globally Between January and June 2018, the number of organizations impacted by cryptomining malware doubled to 42%, compared to 20.5% in the second half of 2017. Cryptomining malware enables cybercriminals to hijack the victim’s CPU or GPU power and existing resources to mine … More

The post 42% of organizations globally hit by cryptomining attacks appeared first on Help Net Security.