Author Archives: Help Net Security

Looking at the future of identity access management (IAM)

Here we are: at the beginning of a new year and the start of another decade. In many ways, technology is exceeding what we expected by 2020, and in other ways, well, it is lacking. Back to the Future made us think we would all be using hoverboards, wearing self-drying and fitting jackets, and getting to and from the grocery store in flying cars by Oct. 21, 2015. Hanna-Barbera promised us a cutting-edge, underwater research … More

The post Looking at the future of identity access management (IAM) appeared first on Help Net Security.

Cloud-enabled threats are on the rise, sensitive data is moving between cloud apps

44% of malicious threats are cloud enabled, meaning that cybercriminals see the cloud as an effective method for subverting detection, according to Netskope. “We are seeing increasingly complex threat techniques being used across cloud applications, spanning from cloud phishing and malware delivery, to cloud command and control and ultimately cloud data exfiltration,” said Ray Canzanese, Threat Research Director at Netskope. “Our research shows the sophistication and scale of the cloud enabled kill chain increasing, requiring … More

The post Cloud-enabled threats are on the rise, sensitive data is moving between cloud apps appeared first on Help Net Security.

High-risk vulnerabilities and public cloud-based attacks on the rise

A sharp increase (57%) in high-risk vulnerabilities drove the threat index score up 8% from December 2019 to January 2020, according to the Imperva Cyber Threat Index. Following the release of Oracle’s Critical Patch Update – which included 19 MySQL vulnerabilities—there was an unusual increase in the vulnerabilities risk component within the Index. Specifically, there was a 57% increase in vulnerabilities that can be accessed remotely with no authentication required, have a public exploit available, … More

The post High-risk vulnerabilities and public cloud-based attacks on the rise appeared first on Help Net Security.

Worldwide ICT spending forecast to reach $4.3 trillion in 2020

Worldwide spending on information and communications technology (ICT) is forecast to reach $4.3 trillion in 2020, an increase of 3.6% over 2019, according to IDC. Commercial and public sector spending on information technology (hardware, software and IT services), telecommunications services, and business services will account for nearly $2.7 trillion of the total in 2020 with consumer spending making up the remainder. “The slow economy, weak business investment, and uncertain production expectations combined with protectionist policies … More

The post Worldwide ICT spending forecast to reach $4.3 trillion in 2020 appeared first on Help Net Security.

Are CISOs ready for zero trust architectures?

Zero trust is a concept that is gaining an increasingly large and dedicated following, but it may mean different things to different audiences, so let’s start with a definition. I refer to an excellent post by my friend Lee Newcombe and I agree with his definition of zero trust: “Every request to access a resource starts from a position of zero trust. Access decisions are then made and enforced based on a set of trust … More

The post Are CISOs ready for zero trust architectures? appeared first on Help Net Security.

Most credential abuse attacks against the financial sector targeted APIs

From May 2019 and continuing on until the end of the year, there was a dramatic shift by criminals who started targeting APIs, in an effort to bypass security controls. According to data from Akamai, up to 75% of all credential abuse attacks against the financial services industry targeted APIs directly. According to the report’s findings, from December 2017 through November 2019, 85,422,079,109 credential abuse attacks were observed. Nearly 20 percent, or 16,557,875,875, were against … More

The post Most credential abuse attacks against the financial sector targeted APIs appeared first on Help Net Security.

Cloud misconfigurations surge, organizations need continuous controls

Nearly 33.4 billion records were exposed in breaches due to cloud misconfigurations in 2018 and 2019, amounting to nearly $5 trillion in costs to enterprises globally, according to DivvyCloud research. Companies failing to adopt a holistic approach to security Year over year from 2018 to 2019, the number of records exposed by cloud misconfigurations rose by 80%, as did the total cost to companies associated with those lost records. Unfortunately, experts expect this upward trend … More

The post Cloud misconfigurations surge, organizations need continuous controls appeared first on Help Net Security.

Number of records exposed in healthcare breaches doubled from 2018 to 2019

In 2019, healthcare data breaches collectively affected over 27 million individuals, according to Bitglass. Categories of breaches Hacking or IT incidents: Breaches related to malicious hackers and improper IT security Unauthorized access or disclosure: All unauthorized access and sharing of organizational data Loss or theft: Breaches enabled by the loss or theft of endpoint devices Other: Miscellaneous breaches and leaks related to items such as improper disposal of data Number of records exposed in healthcare … More

The post Number of records exposed in healthcare breaches doubled from 2018 to 2019 appeared first on Help Net Security.

Factbook: Healthcare IT practices and cyber preparedness

In 2019, at least 10 hospitals turned away patients due to a compromised ability to deliver care following cyber attacks. Less dramatically, in 2019 the industry suffered a record 40-plus million breached medical records. That’s close to 3X as many breached records as were tallied in 2018, which itself represented a 3X increase over 2017. As we enter the twenty-twenties, healthcare has separated from the pack and is, by a wide margin, the most cyber-targeted … More

The post Factbook: Healthcare IT practices and cyber preparedness appeared first on Help Net Security.

The top four Office 365 security pain points

Many novice Office 365 (O365) shops do not know where platform-specific security vulnerabilities lie, or even that they exist. The threats that you are unaware exist do not cause pain until they rise up and bite – then the agony is fierce. Companies get themselves into trouble when they do not fully understand the way data moves through O365 or they apply on-premise security practices to their cloud strategy. While the O365 platform comes with … More

The post The top four Office 365 security pain points appeared first on Help Net Security.

A third of all vulnerabilities in 2019 had a CVSS v2 score of 7.0 and above

Risk Based Security’s VulnDB team aggregated 22,316 newly-disclosed vulnerabilities during 2019, finding that 37.26% had available exploit code or a Proof of Concept and that 33.43% of all vulnerabilities in 2019 had a CVSS v2 score of 7.0 and above. 2019 Year End Vulnerability QuickView Report Risk Based Security also identified a total of 302 vulnerabilities impacting Electronic Voting Machines (EVMs), 289 of which have no known solution. “As with any device that relies on … More

The post A third of all vulnerabilities in 2019 had a CVSS v2 score of 7.0 and above appeared first on Help Net Security.

8.4 million: Number of DDoS attacks researchers saw last year alone

Netscout released the findings of its Threat Intelligence Report for the second half of 2019, which also incorporates insights from its 15th Annual Worldwide Infrastructure Security Report (WISR) survey. The report underscores the proliferation of risks faced by global enterprises and service providers. These organizations must now not only defend IT infrastructures, but also manage risks caused by increased DDoS attacks on customer-facing services and applications, mobile networks, and unsecured IoT devices. “We’ve uncovered some … More

The post 8.4 million: Number of DDoS attacks researchers saw last year alone appeared first on Help Net Security.

Researchers observed a 125% increase in malware targeting Windows 7

For the 2020 Webroot Threat Report, researchers analyzed samples from more than 37 billion URLs, 842 million domains, 4 billion IP addresses, 31 million active mobile apps, and 36 billion file behavior records. Phishing URLs encountered grew by 640% in 2019 1 in 4 malicious URLs is hosted on an otherwise non-malicious domain. 8.9 million URLs were found hosting a cryptojacking script. The top sites impersonated by phishing sites or cybercriminals are Facebook, Microsoft, Apple, … More

The post Researchers observed a 125% increase in malware targeting Windows 7 appeared first on Help Net Security.

Test CISSP knowledge with interactive flash cards

Study for the CISSP exam anytime, anywhere using Official (ISC)² CISSP flash cards. This free interactive self-study tool tests knowledge across all eight CISSP domains and gives you immediate feedback to reinforce learning. The vendor-neutral CISSP stands out as the industry’s most respected cybersecurity certification. It can differentiate you as a globally recognized security leader with everything it takes to design, develop and manage a first-rate cybersecurity program. If you’re ready to achieve more as … More

The post Test CISSP knowledge with interactive flash cards appeared first on Help Net Security.

IT and business process automation growing with cloud architectures

Many organizations are starting to realize the benefits of increased scale and velocity of application deployment in their businesses, according to F5 Networks. This value, however, can bring significant complexity as organizations maintain legacy infrastructure while increasingly relying on multiple public and private clouds, implement modern application architectures, and face an evolving and sophisticated threat landscape. At the same time, organizations are adopting more application services designed to accelerate deployment in public cloud and container-native … More

The post IT and business process automation growing with cloud architectures appeared first on Help Net Security.

Three API security risks in the wake of the Facebook breach

Facebook recently pledged to improve its security following a lawsuit that resulted from a 2018 data breach. The breach, which was left open for more than 20 months, resulted in the theft of 30 million authentication tokens and almost as much personally identifiable information. A “View As” feature that enabled developers to render user pages also let attackers obtain the user’s access token. The theft of access token represents a major API security risk moving … More

The post Three API security risks in the wake of the Facebook breach appeared first on Help Net Security.

Take your SOC to the next level of effectiveness

Enterprise security infrastructures average 80 security products, creating security sprawl and a big management challenge for SOC teams. With high volumes of data generated from security controls across the infrastructure, SOC teams often rely on Security Information and Event Management (SIEM) solutions to aggregate data and deliver insight into events and alerts. Similarly, Security Orchestration, Automation and Response (SOAR) platforms can take the results and automate them into action. However, the business needs to know … More

The post Take your SOC to the next level of effectiveness appeared first on Help Net Security.

SecOps teams face challenges in understanding how security tools work

Security professionals are overconfident in their tools with 50% reporting that they have experienced a security breach because one or more of their security products was not working as expected, according to Keysight. The value in security test solutions 57% of security professionals were confident their current security solutions are working as intended. Yet only 35% of survey respondents stated that they conduct testing to ensure their security products are configured and operating as they … More

The post SecOps teams face challenges in understanding how security tools work appeared first on Help Net Security.

Key technology trends that will redefine businesses over the next three years

To compete and succeed in a world where digital is everywhere, companies need a new focus on balancing “value” with “values,” aligning their drive to create business value with their customers’ and employees’ values and expectations, according to Accenture. A new mindset and approach is required Even though people are embedding technology into their lives more than ever before, organizations’ attempts to meet their needs and expectations can fall short. As companies enter the decade … More

The post Key technology trends that will redefine businesses over the next three years appeared first on Help Net Security.

Week in review: The future of DNS security, acquiring cyber talent in 2020, new issue of (IN)SECURE

Here’s an overview of some of last week’s most interesting news and articles: Shadow IT accounts with weak passwords endanger organizations 63% of enterprise professionals have created at least one account without their IT department being aware of it, and two-thirds of those have created two or more, the results of a recent 1Password survey have revealed. 12,000+ Jenkins servers can be exploited to launch, amplify DDoS attacks A vulnerability (CVE-2020-2100) in 12,000+ internet-facing Jenkins … More

The post Week in review: The future of DNS security, acquiring cyber talent in 2020, new issue of (IN)SECURE appeared first on Help Net Security.

Seven cybersecurity and privacy forecasts for 2020

The developments in the area of cybersecurity are alarming. As the number of smart devices in private households increases, so do the opportunities for cyber criminals to attack, TÜV Rheinland reveals.

The post Seven cybersecurity and privacy forecasts for 2020 appeared first on Help Net Security.

43% of IT professionals are still tracking assets in spreadsheets

43% of IT professionals report using spreadsheets as one of their resources for tracking assets, according to Ivanti. Further, 56% currently do not manage the entire asset lifecycle, risking redundant assets, potentially creating a risk, and causing unnecessary and costly purchases. Findings from the survey demonstrate the need for greater alignment between ITSM and ITAM processes, especially when looking at the time spent reconciling inventory/assets. Nearly a quarter of respondents reported spending hours per week … More

The post 43% of IT professionals are still tracking assets in spreadsheets appeared first on Help Net Security.

Digital certificates still cause unplanned downtime and application outages

51% of enterprises claim low ability to detect and respond to digital certificate and key misuse, according to Keyfactor and the Ponemon Institute. “Connectivity and the number of digital identities within the enterprise has grown exponentially thanks to continued cloud, mobile, DevOps and IoT adoption,” said Chris Hickman, CSO, Keyfactor. “The complexity of managing those identities while keeping them securely connected to the business has created a critical trust gap – in many cases the … More

The post Digital certificates still cause unplanned downtime and application outages appeared first on Help Net Security.

Global spending on smart cities initiatives to total nearly $124 billion in 2020

Global spending on smart cities initiatives is forecast to total nearly $124 billion this year, an increase of 18.9% over 2019, according to IDC. The top 100 cities investing in smart initiatives in 2019 represented around 29% of global spending, and while growth will be sustained among the top spenders in the short term, the market is quite dispersed across midsize and small cities investing in relatively small projects. Smart grids still attract the largest … More

The post Global spending on smart cities initiatives to total nearly $124 billion in 2020 appeared first on Help Net Security.

Security pros anticipate automation will reduce IT security headcount, but not replace human expertise

The majority of companies (77 percent) continue to use or plan to use automation in the next three years, according to a Ponemon Institute and DomainTools survey. The biggest takeaway in this year’s study is that 51 percent of respondents now believe that automation will decrease headcount in the IT security function, an increase from 30 percent in last year’s study. Further, concerns by employees losing their jobs because of automation have increased to 37 … More

The post Security pros anticipate automation will reduce IT security headcount, but not replace human expertise appeared first on Help Net Security.

A closer look at the global threat landscape

60% of initial entries into victims’ networks leveraged either previously stolen credentials or known software vulnerabilities, allowing attackers to rely less on deception to gain access, according to a new IBM report exploring the global threat landscape. The top three initial attack vectors Phishing was a successful initial infection vector in less than one-third of incidents (31%) observed, compared to half in 2018. Scanning and exploitation of vulnerabilities resulted in 30% of observed incidents, compared … More

The post A closer look at the global threat landscape appeared first on Help Net Security.

Cryptocurrency crime losses more than double to $4.5 billion in 2019

Cryptocurrency users, exchanges and investors suffered $4.5 billion in crypto-related losses resulting from thefts, hacks, and fraud, a CipherTrace report reveals. Cryptocurrency crime losses The lion’s share of those losses stem from the staggering growth of Ponzi schemes, exit scams, and misappropriation of funds crimes, the value of which rose 533 percent year over year. Also, traditional financial services have become increasingly infused with crypto assets. For instance, results of an extensive analysis of the … More

The post Cryptocurrency crime losses more than double to $4.5 billion in 2019 appeared first on Help Net Security.

Employees aware of privacy risks, but unsure of how they affect the workplace

62 percent of employees are unsure if their organization has to comply with the recently-enacted CCPA, which gives California residents enhanced consumer data privacy rights, according to a survey of more than 1,000 employees conducted by Osterman Research. Results reveal a similar lack of awareness regarding the GDPR, in effect since 2018. Employee cybersecurity and privacy engagement The findings reveal progress in cybersecurity awareness. However, many respondents continue to hold false impressions about malware, phishing, … More

The post Employees aware of privacy risks, but unsure of how they affect the workplace appeared first on Help Net Security.

Crucial trends shaping the managed services market

Managed services remain healthy and profitable, with great opportunities for growth, including advanced security, automation, and business operations, a SolarWinds report reveals. MSPs comfortable with security basics For solutions in North America, respondents were most comfortable offering and using antivirus (89%), firewalls (83%), data backup and recovery (81%), and endpoint security (75%). In Europe, respondents were most comfortable offering and using antivirus (93%), data backup and recovery (82%), firewalls (82%), and antispam (80%) as solutions. … More

The post Crucial trends shaping the managed services market appeared first on Help Net Security.

Download: The (ISC)2 Exam Action Plan for CISSP, SSCP, or CCSP certification

Make this year your year for (ISC)² certification. Prepping for an (ISC)² credential is a big commitment. Maybe you’ve started on the path to achieving CISSP, SSCP or CCSP certification, but life got in the way of your goal… We get it. Yet we need talented, skilled people like you working to ensure a safe and secure cyber world for all. The movement has started. It’s time for you to join! Download the (ISC)² Exam … More

The post Download: The (ISC)2 Exam Action Plan for CISSP, SSCP, or CCSP certification appeared first on Help Net Security.

Emotet: Crimeware you need to be aware of

According to the U.S. Department of Homeland Security, Emotet continues to be among the most costly and destructive malware threats affecting state, local, and territorial governments and its impact is felt across both the private and public sectors. First identified as a banking Trojan in 2014 by Trend Micro, Emotet is often downplayed by network defenders as “commodity malware” or “crimeware”. The evolution of both the malware and the criminal network behind it continue to … More

The post Emotet: Crimeware you need to be aware of appeared first on Help Net Security.

Mac threats are growing faster than their Windows counterparts

Mac threats growing faster than their Windows counterparts for the first time ever, with nearly twice as many Mac threats detected per endpoint as Windows threats, according to Malwarebytes. In addition, cybercriminals continue to focus on business targets with a diversification of threat types and attack strategies in 2019. Emotet and TrickBot were back in 2019 Trojan-turned-botnets Emotet and TrickBot made a return in 2019 to target organizations alongside new ransomware families, such as Ryuk, … More

The post Mac threats are growing faster than their Windows counterparts appeared first on Help Net Security.

The rise of human-driven fraud attacks

There has been a major spike in human-driven attacks – which rose 90% compared to six months previously, according to Arkose Labs. Changing attack patterns were felt across geographies and industries, at a time of the year when digital commerce was at its peak. In Q4 of 2019, advanced, multi-step attacks attempting to evade fraud defenses using a blend of automated and human-driven attacks have been detected. Automated fraud attacks, which grew by 25%, are … More

The post The rise of human-driven fraud attacks appeared first on Help Net Security.

Download: IR Management and Reporting PowerPoint template

While the IR process is mostly technical, reporting to the organization’s management should take place on a much higher-level in order for the non-security savvy executives to understand. To assist CISOs with these tasks, Cynet created the IR Management and Reporting PowerPoint template which apart from providing an actionable response framework, is also clear and intuitive for the executive level. To turn the security process more digestible for management the template focuses on two key … More

The post Download: IR Management and Reporting PowerPoint template appeared first on Help Net Security.

The 25 most impersonated brands in phishing attacks

PayPal remains the top brand impersonated in phishing attacks for the second quarter in a row, with Facebook taking the #2 spot and Microsoft coming in third, according to Vade Secure. Leveraging data from more than 600 million protected mailboxes worldwide, Vade’s machine learning algorithms identify the brands being impersonated as part of its real-time analysis of the URL and page content. PayPal reigns supreme, again For the second straight quarter, PayPal was the most … More

The post The 25 most impersonated brands in phishing attacks appeared first on Help Net Security.

Cybersecurity is a board level issue: 3 CISOs tell why

As a venture capital investor who was previously a Chief Information Security Officer, I have noticed an interesting phenomenon: although cybersecurity makes the news often and is top of mind for consumers and business customers, it doesn’t always get the attention it deserves by the board of directors. Misconceptions and knowledge gaps increase this distance between security and oversight. How can boards dive deeper into the world of security and overcome the entry barriers to … More

The post Cybersecurity is a board level issue: 3 CISOs tell why appeared first on Help Net Security.

In 2019, a total of 7,098 reported breaches exposed 15.1 billion records

In 2019 the total number of records exposed increased by 284% compared to 2018, according to Risk Based Security. 2019 saw an increase in reported breaches In total, there were over 15.1 billion records exposed shattering industry projections. There were 7,098 breaches reported in 2019, a 1% increase on 2018, though the gap is anticipated to grow throughout Q1 2020 as more 2019 incidents come to light. “2019 was a rough year for breach activity, … More

The post In 2019, a total of 7,098 reported breaches exposed 15.1 billion records appeared first on Help Net Security.

Organizations struggling to find skilled security staff, leaving 82% of security teams understaffed

83% of IT security professionals feel more overworked going into 2020 than they were at the beginning of 2019, and 82% said their teams were understaffed, according to a Tripwire survey. Hard to find skilled security staff The strain on cybersecurity teams is exacerbated by the inability to find experienced staff, and 85% acknowledged it has become more difficult over the past few years to hire skilled security professionals. “It’s getting harder and harder for … More

The post Organizations struggling to find skilled security staff, leaving 82% of security teams understaffed appeared first on Help Net Security.

eBook: 8 Real World Use Cases for SOAR

Download this 11-page e-book with eight real-world use cases to see how security orchestration, automation and response (SOAR) can improve your team’s productivity and efficiency by automating security operations workflows. The following use cases are described in the e-book, but SOAR can address an unlimited number of use cases and automate 80-90 percent of your security team’s typically manual tasks. Phishing attacks SIEM triage Threat hunting Insider threat detection Threat intelligence Identity verification/enforcement Endpoint protection … More

The post eBook: 8 Real World Use Cases for SOAR appeared first on Help Net Security.

The frequency of DDoS attacks depends on the day and time

Multivector and cloud computing attacks have been rising over the last twelve months, according to Link11. The share of multivector attacks – which target and misuse several protocols – grew significantly from 46% in the first quarter to 65% in the fourth quarter. DNS amplification most popular for DDoS attackers DNS amplification was the most used technique for DDoS attackers in 2019 having been found in one-third of all attacks. The attackers exploited insecure DNS … More

The post The frequency of DDoS attacks depends on the day and time appeared first on Help Net Security.

5 tips for acquiring cyber talent in 2020

Cybersecurity is facing a recruitment crisis. There are currently 2.8 million professionals working in the field – far from sufficient given the ever-expanding cyber threat landscape. To meet the market’s true needs, ISC2 believes the cybersecurity workforce will need to more than double. Companies have a number of options to overcome the cyber talent crunch, including integrating external providers who can provide specialist support. For those looking to boost recruitment in the new year, here … More

The post 5 tips for acquiring cyber talent in 2020 appeared first on Help Net Security.

What the government infosec landscape will look this year

The information security landscape seems to evolve at a faster clip each year. The deluge of ever-changing threats, attack techniques and new breaches making headlines can be challenging to track and assess. That’s why each year the WatchGuard Threat Lab takes a step back to assess the world of cyber security and develop a series of predictions for what emerging trends will have the biggest impact. Following the worldwide controversy over hacking that influenced the … More

The post What the government infosec landscape will look this year appeared first on Help Net Security.

Study: The Blind Spots of Email Security

Malicious files and links regularly bypass email security products, leaving enterprises vulnerable to email-based attacks. Increased use of automation allows attackers to create many ‘mutations’ for each malware or malicious file, potentially inundating email security products with new unknown threats. Could this explain the shortcoming of email security products? To answer this question BitDam conducted a study to measure their ability to detect unknown threats at first encounter. The study entailed retrieving very fresh samples … More

The post Study: The Blind Spots of Email Security appeared first on Help Net Security.

Week in review: Most exploited vulns in 2019, Emotet sprads via Wi-Fi, Patch Tuesday forecast

Here’s an overview of some of last week’s most interesting news and articles: CDPwn vulnerabilities open millions of Cisco enterprise devices to attack If you have Cisco equipment in your enterprise network – and chances are good that you have – you should check immediately which feature the newly revealed CDPwn vulnerabilities in Cisco’ proprietary device discovery protocol and implement patches as soon as possible. Emotet can spread to poorly secured Wi-Fi networks and computers … More

The post Week in review: Most exploited vulns in 2019, Emotet sprads via Wi-Fi, Patch Tuesday forecast appeared first on Help Net Security.

February 2020 Patch Tuesday forecast: A lot of love coming our way

The January 2020 Patch Tuesday was a light one as predicted; everyone was still catching up from the end-of-year holidays. As we gain momentum into February and move towards Valentine’s Day, I anticipate Microsoft, and at least Mozilla, will give plenty of love and attention to their applications and operating systems. LDAP Microsoft had announced back in August with Advisory 190023 that they were planning several updates to their implementation of the Lightweight Directory Access … More

The post February 2020 Patch Tuesday forecast: A lot of love coming our way appeared first on Help Net Security.

Review: Cyber Minds

Humans are an essential part of any enterprise and should be considered the foundation of its cybersecurity. That’s probably easier said than done, but Shira Rubinoff has some useful tips for you. Aside from being a prominent cybersecurity executive, speaker, cybersecurity and blockchain advisor, and having built two cybersecurity companies, Rubinoff also has an educational background in psychology. That’s why Cyber Minds is very human-oriented, meaning she views cybersecurity through its interconnectivity with humans. Inside … More

The post Review: Cyber Minds appeared first on Help Net Security.

43% of cloud databases are currently unencrypted

Palo Alto Networks released research showing how vulnerabilities in the development of cloud infrastructure are creating significant security risks. Alerts and events for organizations operating in the cloud The Unit 42 Cloud Threat Report: Spring 2020 investigates why cloud misconfigurations happen so frequently. It finds that as organizations move to automate more of their cloud infrastructure build processes, they are adopting and creating new infrastructure as code (IaC) templates. Without the help of the right … More

The post 43% of cloud databases are currently unencrypted appeared first on Help Net Security.

The Goldilocks principle for zero trust fraud prevention

According to Wikipedia, “zero trust is an information security framework which states that organizations should not trust any entity inside or outside of their perimeter at any time.” In the Identity and Access Management (IAM) world, zero trust is all the buzz. If you are in enterprise security, you are being bombarded with the phrase at conferences and from marketing materials. It’s inescapable. Having recently received just such a bombardment at one of the larger … More

The post The Goldilocks principle for zero trust fraud prevention appeared first on Help Net Security.

How IoT devices open a portal for chaos across the network

Shadow IoT devices pose a significant threat to enterprise networks, according to a new report from Infoblox. The report surveyed 2,650 IT professionals across the US, UK, Germany, Spain, the Netherlands and UAE to understand the state of shadow IoT in modern enterprises. Number of shadow IoT devices growing exponentially Shadow IoT devices are defined as IoT devices or sensors in active use within an organization without IT’s knowledge. These devices can be any number … More

The post How IoT devices open a portal for chaos across the network appeared first on Help Net Security.

Malware and ransomware attack volume down due to more targeted attacks

Cybercriminals are leveraging more evasive methods to target businesses and consumers, a SonicWall report reveals. “Cybercriminals are honing their ability to design, author and deploy stealth-like attacks with increasing precision, while growing their capabilities to evade detection by sandbox technology,” said SonicWall President and CEO Bill Conner. “Now more than ever, it’s imperative that organizations detect and respond quickly, or run the risk of having to negotiate what’s being held at ransom from criminals so … More

The post Malware and ransomware attack volume down due to more targeted attacks appeared first on Help Net Security.

Lack of .GOV validation and HTTPS leaves states susceptible to voter disinformation campaigns

There’s a severe lack of U.S. government .GOV validation and HTTPS encryption among county election websites in 13 states projected to be critical in the 2020 U.S. Presidential Election, a McAfee survey reveals. Example of what a fraudulent email might look like Malicious actors could establish false government websites The survey found that as many as 83.3% of these county websites lacked .GOV validation across these states, and 88.9% and 90.0% of websites lacked such … More

The post Lack of .GOV validation and HTTPS leaves states susceptible to voter disinformation campaigns appeared first on Help Net Security.

Mobile data roaming traffic generated by consumer and IoT devices expected to surge

Mobile data roaming traffic generated by consumer and IoT devices reached 737 Petabytes in 2019, according to Kaleido Intelligence. This is forecast to reach 2,000 Petabytes in 2024, representing an average annual growth of 22% over the period. Leading vendors for Wholesale Roaming, split by service area Mobile data roaming traffic around the world Driven by the significant increase in roaming data traffic across key regions including Asia-Pacific, Middle East and Africa, Kaleido predicts that … More

The post Mobile data roaming traffic generated by consumer and IoT devices expected to surge appeared first on Help Net Security.

How CISOs can justify cybersecurity purchases

Sometimes a disaster strikes: ransomware encrypts critical files, adversaries steal sensitive data, a business application is compromised with a backdoor… This is the stuff that CISOs’ nightmares are made of. As devastating as such incidents can be, for the short time after they occur, the enterprise usually empowers the CISO to implement security measures that he or she didn’t get funding for earlier. Of course, waiting for disastrous events is a reckless and unproductive way … More

The post How CISOs can justify cybersecurity purchases appeared first on Help Net Security.

What makes some organizations more cyber resilient than others?

Despite higher levels of investment in advanced cybersecurity technologies over the past three years, less than one-fifth of organizations are effectively stopping cyberattacks and finding and fixing breaches fast enough to lower the impact, according to a report from Accenture. Based on a survey of more than 4,600 enterprise security practitioners around the globe, the study explores the extent to which organizations prioritize security, the effectiveness of current security efforts, and the impact of new … More

The post What makes some organizations more cyber resilient than others? appeared first on Help Net Security.

Scientists test forensic methods to acquire data from damaged mobile phones

Criminals sometimes damage their mobile phones in an attempt to destroy data. They might smash, shoot, submerge or cook their phones, but forensics experts can often retrieve the evidence anyway. Now, researchers at the National Institute of Standards and Technology (NIST) have tested how well these forensic methods work. NIST computer scientist Jenise Reyes-Rodriguez holds a mobile phone that has been damaged by gunfire Accessing the phone’s memory chips A damaged phone might not power … More

The post Scientists test forensic methods to acquire data from damaged mobile phones appeared first on Help Net Security.

Automation is advancing faster than the enterprise knowledge required to support it

Automation is transforming the enterprise around the globe, directly impacting the bottom line as a result of improved productivity and efficiency, according to UiPath. But automation’s impact on the workplace is not well understood and cannot be ignored: automation raises concerns about the impact on jobs, skills, wages, and the nature of work itself. Forrester surveyed 270 decision makers from operations groups, shared services, finance, and other lines of business across the United States, United … More

The post Automation is advancing faster than the enterprise knowledge required to support it appeared first on Help Net Security.

Three principles regarding encryption you need to keep in mind

Encryption is a popular topic among security professionals and occasionally a polarizing one. Plenty of misconceptions surround the process, and these often skew the way people perceive its complexity. For instance, we’ve encountered many IT and business leaders who assume that because they can’t encrypt one piece of important information (e.g., the birth date of a contact), it’s not worth encrypting any information at all. This is a ridiculous logical leap, but it’s not uncommon. … More

The post Three principles regarding encryption you need to keep in mind appeared first on Help Net Security.

The current landscape for supporting innovation in cybersecurity in the EU

Innovation in cybersecurity is a key enabler to facilitate progress in the NIS industry, boost employment in the cybersecurity sector and growth of EU GDP. ENISA published a report that analyses the current landscape for supporting innovation in cybersecurity in the EU. The study presents good practices and challenges from the Member States whilst trying to execute innovation as a strategic priority of their National Cyber Security Strategies (NCCS). “The CSA, the NIS Directive and … More

The post The current landscape for supporting innovation in cybersecurity in the EU appeared first on Help Net Security.

Interconnectivity and networking predictions for 2020 and beyond

Traditional networking and interconnectivity approaches are not handling the pressures being placed on traditional computer networking, according to Stateless. The challenges of on-demand compute and storage, the migration of enterprise workloads across multiple cloud services, the imminence of 5G and more, all require changes in the way networks are built, managed and how they grow. Encryption everywhere Security experts are discovering that there’s no such thing as a trusted network. Forty-one percent of organizations have … More

The post Interconnectivity and networking predictions for 2020 and beyond appeared first on Help Net Security.

Do your employees feel valued? 64% have one foot out the door

The estimated current cybersecurity workforce is 2.8 million professionals, while the amount of additional trained staff needed to close the skills gap is 4.07 million professionals, according to (ISC)2. This makes retaining employees a top priority, but how can companies be successful at this? Only one-third of employees surveyed plan to stay at their jobs this year, compared to 47% who said the same in 2019, according to a report conducted by Achievers. Risk of … More

The post Do your employees feel valued? 64% have one foot out the door appeared first on Help Net Security.

Now available: eSentire’s 2019 Annual Threat Intelligence Report

Recently released, eSentire’s 2019 Threat Intelligence Report: Perspectives from 2019 and Predictions for 2020 provides visuals, data and written analysis, as well as practical recommendations for readers seeking to understand and better respond to the cybersecurity threat landscape. By shining a light on cybercrime—including the players, their motivations, their tactics and their targets—we hope to bring data and insights to conversations often dominated by opinion and guesswork. Key findings Nation states: Most nationally sponsored cybersecurity … More

The post Now available: eSentire’s 2019 Annual Threat Intelligence Report appeared first on Help Net Security.

Week in review: UN hacked, new Kali Linux release, Win7 upgrade dilemma

Here’s an overview of some of last week’s most interesting news and articles: Kali Linux 2020.1 released: New tools, Kali NetHunter rootless, and more! Offensive Security have released Kali Linux 2020.1, which is available for immediate download. Most AV vendors will continue to support their products under Windows 7 Earlier this month, Windows 7 – the most beloved Windows version up to date – has reached end-of-support. Businesses of all sizes can still pay to … More

The post Week in review: UN hacked, new Kali Linux release, Win7 upgrade dilemma appeared first on Help Net Security.

80% of successful breaches are from zero-day exploits

Organizations are not making progress in reducing their endpoint security risk, especially against new and unknown threats, a Ponemon Institute study reveals. 68% IT security professionals say their company experienced one or more endpoint attacks that compromised data assets or IT infrastructure in 2019, an increase from 54% of respondents in 2017. Zero-day attacks continue to increase in frequency Of those incidents that were successful, 80% were new or unknown, zero-day attacks. These attacks either … More

The post 80% of successful breaches are from zero-day exploits appeared first on Help Net Security.

Secure 5G networks: EU toolbox of risk mitigating measures

EU Member States have identified risks and vulnerabilities at national level and published a joint EU risk assessment. Through the toolbox, the Member States are committing to move forward in a joint manner based on an objective assessment of identified risks and proportionate mitigating measures. Toolbox measures and supporting actions “Europe has everything it takes to lead the technology race. Be it developing or deploying 5G technology – our industry is already well off the … More

The post Secure 5G networks: EU toolbox of risk mitigating measures appeared first on Help Net Security.

Researchers develop new optical stealth encryption technology

The first all optical stealth encryption technology that will be significantly more secure and private for highly sensitive cloud-computing and data center network transmission, has been introduced by BGN Technologies. Time is running out on security and privacy “Today, information is still encrypted using digital techniques, although most data is transmitted over distance using light spectrum on fiber optic networks,” says Prof. Dan Sadot, Director of the Optical Communications Research Laboratory, who heads the team … More

The post Researchers develop new optical stealth encryption technology appeared first on Help Net Security.

Photos: Cybertech Global Tel Aviv 2020

Cybertech Global Tel Aviv is one of the largest B2B networking events in the cyber industry, outside of the United States. Every year, the event attracts thousands of attendees, mainly C-level executives, investors, professionals, and government officials from all over the world. Help Net Security is on-site this year, and here’s a look at the event. Cybertech Global Tel Aviv entrance Waterfall Security Solutions SecBI IBM Security Roee Laufer, Division Head, Cyber Security at Israel … More

The post Photos: Cybertech Global Tel Aviv 2020 appeared first on Help Net Security.

How to prioritize IT security projects

If you’re an IT security professional, you’re almost certainly familiar with that sinking feeling you experience when presented with an overwhelming number of security issues to remediate. It’s enough to make you throw your hands up and wonder where to even begin. This is the crux of the problem that develops in the absence of effective security prioritization. If you aren’t prioritizing cybersecurity risks effectively, you’re not only creating a lot of extra work for … More

The post How to prioritize IT security projects appeared first on Help Net Security.

Organizational culture defines a successful cloud strategy

61% of organizations in the U.S. and Canada are committed to moving enterprise applications to the cloud as quickly as possible, but many struggle with challenges related to company culture on the way to a successful cloud strategy, NTT DATA Services reveals. The report found that despite the importance of next-generation cloud adoption, cultural change management is a major obstacle for many businesses, with nearly two-thirds of respondents reporting technical challenges as easier to overcome … More

The post Organizational culture defines a successful cloud strategy appeared first on Help Net Security.

How industries are evolving their DevOps and security practices

There’s significant variation in DevOps maturation and security integration across the financial services, government, retail, telecom, and technology industries, according to Puppet’s report based on nearly 3,000 responses. “Integrating security into your DevOps practices can be challenging, but when done correctly is proven to pay off. Security should not be an afterthought; it must be a shared responsibility across teams during every stage of their software delivery lifecycle,” said Alanna Brown, Sr. Director Community and … More

The post How industries are evolving their DevOps and security practices appeared first on Help Net Security.

Privacy ROI: Benefits from data privacy averaging 2.7 times the investment

Customer demands for increased data protection and privacy, the ongoing threat of data breaches and misuse by both unauthorized and authorized users, and preparation for the GDPR and similar laws around the globe spurred many organizations to make considerable privacy investments – which are now delivering strong returns, Cisco reveals. The study is based on results from a double-blind survey of over 2,800 security professionals in organizations of various sizes across 13 countries. Privacy ROI: … More

The post Privacy ROI: Benefits from data privacy averaging 2.7 times the investment appeared first on Help Net Security.

Tech pros should consider modern APM tools to gain insight across the entire application stack

While application performance management (APM) has become mainstream with a majority of tech pros using APM tools regularly, there’s work to be done to move beyond troubleshooting, according to SolarWinds. The opportunity for tech pros lies in fully leveraging the benefits of APM across the entire application stack, so they can better communicate results to the organizations they serve. Nearly nine in 10 tech pros use APM tools in their environments, whether on-premises, hybrid, or … More

The post Tech pros should consider modern APM tools to gain insight across the entire application stack appeared first on Help Net Security.

Kali Linux 2020.1 released: New tools, Kali NetHunter rootless, and more!

Offensive Security have released Kali Linux 2020.1, which is available for immediate download. Kali Linux 2020.1 key new features The popular open source project, which is heavily relied upon in the pentest community, is introducing several new features, including new packages and tools. The key new features include: Changes in the default credentials – Kali is abandoning the default ‘root/toor’ credentials and moving to ‘kali/kali’. This is a very big change as root has been … More

The post Kali Linux 2020.1 released: New tools, Kali NetHunter rootless, and more! appeared first on Help Net Security.

2019 saw more data breaches, fewer sensitive records exposed

According to a new Identity Theft Resource Center report, the number of U.S. data breaches tracked in 2019 (1,473) increased 17 percent from the total number of breaches reported in 2018 (1,257). However, 2019 saw 164,683,455 sensitive records exposed, a 65 percent decrease from 2018 (471,225,862). The 2018 Marriott data breach exposed 383 million records alone, significantly skewing the data. “The increase in the number of data breaches during 2019, while not surprising, is a … More

The post 2019 saw more data breaches, fewer sensitive records exposed appeared first on Help Net Security.

2020: A year of deepfakes and deep deception

Over the past year, deepfakes, a machine learning model that is used to create realistic yet fake or manipulated audio and video, started making headlines as a major emerging cyber threat. The first examples of deepfakes seen by the general public were mainly amateur videos created using free deepfake tools, typically of celebrities’ faces superimposed into pornographic videos. Even though these videos were of fairly low quality and could be reasonably distinguished as illegitimate, people … More

The post 2020: A year of deepfakes and deep deception appeared first on Help Net Security.

Are businesses prepared for an extinction-level cyber event?

In an era of technological transformation and cyber everywhere, the attack surface is exponentially growing as cyber criminals attack operational systems and backup capabilities simultaneously in highly sophisticated ways leading to enterprise-wide destructive cyberattacks, a Deloitte survey reveals. Majority of C-suite and executive poll respondents (64.6%) report that the growing threat of destructive cyberattacks is one of the top cyber risks at their organization. It’s time for senior leadership to modernize risk management programs and … More

The post Are businesses prepared for an extinction-level cyber event? appeared first on Help Net Security.

50% of people would exercise at least one right under the CCPA

As state houses and Congress rush to consider new consumer privacy legislation in 2020, ​Americans expect more control over their personal information online, and are concerned with how businesses use the data collected about them, a DataGrail research reveals. In a OnePoll online survey of 2,000 people aged 18 and above, ​4 out of 5 ​Americans agreed there should be a law to protect their personal data, and ​83 percent ​of people​ ​expect to have … More

The post 50% of people would exercise at least one right under the CCPA appeared first on Help Net Security.

Data breach: Why it’s time to adopt a risk-based approach to cybersecurity

The recent high-profile ransomware attack on foreign currency exchange specialist Travelex highlights the devastating results of a targeted cyber-attack. In the weeks following the initial attack, Travelex struggled to bring its customer-facing systems back online. Worse still, despite Travelex’s assurances that no customer data had been compromised, hackers were demanding $6 million for 5GB of sensitive customer information they claim to have downloaded. Providing services to some of the world’s largest banking corporations including HSBC, … More

The post Data breach: Why it’s time to adopt a risk-based approach to cybersecurity appeared first on Help Net Security.

How to detect and prevent issues with vulnerable LoRaWAN networks

IOActive researchers found that the LoRaWAN protocol – which is used across the globe to transmit data to and from IoT devices in smart cities, Industrial IoT, smart homes, smart utilities, vehicle tracking and healthcare – has a host of cyber security issues that could put network users at risk of attack. Such attacks could cause widespread disruption or in extreme cases even put lives at risk. Session Keys and Functions in LoRaWAN v1.0.3 Vulnerable … More

The post How to detect and prevent issues with vulnerable LoRaWAN networks appeared first on Help Net Security.

52% of companies use cloud services that have experienced a breach

Seventy-nine percent of companies store sensitive data in the public cloud, according to a McAfee survey. Anonymized cloud event data showing percentage of files in the cloud with sensitive data While these companies approve an average of 41 cloud services each, up 33 percent from last year, thousands of other services are used ad-hoc without vetting. In addition, 52 percent of companies use cloud services that have had user data stolen in a breach. By … More

The post 52% of companies use cloud services that have experienced a breach appeared first on Help Net Security.

Benefits of blockchain pilot programs for risk management planning

Through 2022, 80% of supply chain blockchain initiatives will remain at a proof-of-concept (POC) or pilot stage, according to Gartner. One of the main reasons for this development is that early blockchain pilots for supply chain pursued technology-oriented models that have been successful in other sectors, such as banking and insurance. However, successful blockchain use cases for supply chain require a different approach. “Modern supply chains are very complex and require digital connectivity and agility … More

The post Benefits of blockchain pilot programs for risk management planning appeared first on Help Net Security.

You can upgrade Windows 7 for free! Why wouldn’t you?

“Doomsday is here! The sky is falling! Windows 7 is out of support and all hell will break loose!” – or, at least, that’s what some cybersecurity experts and press outlets want you to think. In this article, I will offer some advice to businesses of all sizes that may need to continue using Windows 7, while understanding the risk. This is my opinion and should be taken as advice only. Every company is different, … More

The post You can upgrade Windows 7 for free! Why wouldn’t you? appeared first on Help Net Security.

Patients believe stronger privacy protections are more important than easier health data access

Patients and consumers deserve better access to personalized, actionable health care information to empower them to make better, more informed decisions – but it should not drive up health care costs or compromise the privacy of their personal health data, according to a poll of patients and consumers from Morning Consult and America’s Health Insurance Plans (AHIP). Personal privacy outweighs increased transparency A strong majority (62%) of patients want their data and privacy protected more … More

The post Patients believe stronger privacy protections are more important than easier health data access appeared first on Help Net Security.

Top 10 policy trends to watch for globally in 2020

The 10 top trends that will drive the most significant technological upheavals this year have been identified by Access Partnership. “Shifts in tech policy will disrupt life for everyone. While some governments try to leverage the benefits of 5G, artificial intelligence, and IoT, others find reasons simply to confront Big Tech ranging from protectionism to climate urgency. “Techlash trends highlighted in our report lay bare the risks of regulatory overreach: stymied innovation and economic growth … More

The post Top 10 policy trends to watch for globally in 2020 appeared first on Help Net Security.

Week in review: Kubernetes security challenges, NIST Privacy Framework, Mitsubishi Electric breach

Here’s an overview of some of last week’s most interesting news and articles: Mitsubishi Electric discloses data breach, possible data leak Japanese multinational Mitsubishi Electric has admitted that it had suffered a data breach some six months ago, and that “personal information and corporate confidential information may have been leaked.” It’s time to patch your Cisco security solutions again Cisco has released another batch of security updates and patches for a variety of its offerings, … More

The post Week in review: Kubernetes security challenges, NIST Privacy Framework, Mitsubishi Electric breach appeared first on Help Net Security.

Lessons from Microsoft’s 250 million data record exposure

Microsoft has one of the best security teams and capabilities of any organization in the technology industry, yet it accidentally exposed 250 million customer records in December 2019. The data was accessible to anyone with a browser, who knew the server location, for about a month in total before an external researcher detected the problem. The database held records of customer support engagements dating back to 2005. Once alerted, Microsoft quickly closed the hole, investigated … More

The post Lessons from Microsoft’s 250 million data record exposure appeared first on Help Net Security.

CISOs: Make 2020 the year you focus on third-party cyber risk

While cybersecurity professionals are certainly aware of the growing threat posed by sharing data with third parties, many seem to lack the urgency required to address this challenge. If there is one work-related New Year’s resolution I’d like CISOs to make as we enter 2020, it’s to give the challenge of third-party cyber risk the attention it needs. In fact, I no longer see this as optional or as an extension of an enterprise risk … More

The post CISOs: Make 2020 the year you focus on third-party cyber risk appeared first on Help Net Security.

More authentication and identity tech needed with fraud expected to increase

The proliferation of real-time payments platforms, including person-to-person (P2P) transfers and mobile payment platforms across Asia Pacific, has increased fraud losses for the majority of banks. FICO recently conducted a survey with banks in the region and found that 4 out of 5 (78 percent) have seen their fraud losses increase. Further to this, almost a quarter (22 percent) say that fraud will rise significantly in the next 12 months, with an additional 58 percent … More

The post More authentication and identity tech needed with fraud expected to increase appeared first on Help Net Security.

Zero Trust: Beyond access controls

As the Zero Trust approach to cybersecurity gains traction in the enterprise world, many people have come to recognize the term without fully understanding its meaning. One common misconception: Zero Trust is all about access controls and additional authentication, such as multi-factor authentication. While these two things help organizations get to a level of Zero Trust, there is more to it: a Zero Trust approach is really an organization-wide architecture. Things aren’t always as they … More

The post Zero Trust: Beyond access controls appeared first on Help Net Security.

There is no easy fix to AI privacy problems

Artificial intelligence – more specifically, the machine learning (ML) subset of AI – has a number of privacy problems. Not only does ML require vast amounts of data for the training process, but the derived system is also provided with access to even greater volumes of data as part of the inference processing while in operation. These AI systems need to access and “consume” huge amounts of data in order to exist and, in many … More

The post There is no easy fix to AI privacy problems appeared first on Help Net Security.

CIOs using AI to bridge gap between IT resources and cloud complexity

There’s a widening gap between IT resources and the demands of managing the increasing scale and complexity of enterprise cloud ecosystems, a Dynatrace survey of 800 CIOs reveals. IT leaders around the world are concerned about their ability to support the business effectively, as traditional monitoring solutions and custom-built approaches drown their teams in data and alerts that offer more questions than answers. CIO responses in the research indicate that, on average, IT and cloud … More

The post CIOs using AI to bridge gap between IT resources and cloud complexity appeared first on Help Net Security.

Container security requires continuous security in new DevSecOps models

When Jordan Liggitt at Google posted details of a serious Kubernetes vulnerability in November 2018, it was a wake-up call for security teams ignoring the risks that came with adopting a cloud-native infrastructure without putting security at the heart of the whole endeavor. For such a significant milestone in Kubernetes history, the vulnerability didn’t have a suitably alarming name comparable to the likes of Spectre, Heartbleed or the Linux Kernel’s recent SACK Panic; it was … More

The post Container security requires continuous security in new DevSecOps models appeared first on Help Net Security.

Companies risk revenue growth due to innovation achievement gap

While a majority of CEOs express strong confidence in the effectiveness of their current IT systems, most are struggling to close the innovation achievement gap to drive growth and revenue, according to a global study by Accenture. The is based on Accenture’s largest enterprise IT study conducted to date, including survey data from more than 8,300 organizations across 20 countries and 885 CEOs. Innovation achievement gap: Adopting new technologies The research, which analyzed the adoption … More

The post Companies risk revenue growth due to innovation achievement gap appeared first on Help Net Security.

Email security industry miss rates when encountering threats are higher than 20%

Email security miss rates are definitely a huge issue. Malicious files regularly bypass all of today’s leading email security products, leaving enterprises vulnerable to email-based attacks including ransomware, phishing and data breaches, according to BitDam. BitDam conducted an empirical study to measure leading email security products’ ability to detect unknown threats at first encounter. Unknown threats are produced in the wild, sometimes hundreds in a day. The study employs the retrieval of fresh samples of … More

The post Email security industry miss rates when encountering threats are higher than 20% appeared first on Help Net Security.

State CIOs see innovation as critical priority, only 14% report extensive innovation

Most state CIOs see innovation as a major part of their job – 83% said innovation is an important or very important part of their day-to-day leadership responsibilities – while only 14% reported extensive innovation initiatives within their organizations, Accenture and the National Association of State Chief Information Officers (NASCIO) reveal. Previously, NASCIO had highlighted innovation as a top ten current issue facing state CIOs. “The pace of technological change keeps accelerating, bringing new challenges … More

The post State CIOs see innovation as critical priority, only 14% report extensive innovation appeared first on Help Net Security.

Download: State of Breach Protection 2020 survey results

What are the key considerations security decision makers should take into account when designing their 2020 breach protection? To answer this, Cynet polled 1,536 cybersecurity professionals to understand the common practices, prioritizations and preferences of organization today in protecting themselves from breaches. Security executives face significant challenges when confronting the evolving threat landscape. For example, what type of attacks pose the greatest risk and what security products would best address them? Is it better to … More

The post Download: State of Breach Protection 2020 survey results appeared first on Help Net Security.

Researchers create OT honeypot, attract exploits and fraud

Trend Micro announced the results of research featuring a honeypot imitating an industrial factory. The highly sophisticated Operational Technology (OT) honeypot attracted fraud and financially motivated exploits. Hardware equipment that ran the factory Complex investigation The six-month investigation revealed that unsecured industrial environments are primarily victims of common threats. The honeypot was compromised for cryptocurrency mining, targeted by two separate ransomware attacks, and used for consumer fraud. “Too often, discussion of cyber threats to industrial … More

The post Researchers create OT honeypot, attract exploits and fraud appeared first on Help Net Security.

Data-driven vehicles: The next security challenge

Companies are increasingly building smart products that are tailored to know the individual user. In the automotive world, the next generation passenger vehicle could behave like a personal chauffeur, sentry and bodyguard rolled into one. Over the next decade, every car manufacturer that offers any degree of autonomy in a vehicle will be forced to address the security of both the vehicle and your data, while also being capable of recognizing and defending against threats … More

The post Data-driven vehicles: The next security challenge appeared first on Help Net Security.

Review: Enzoic for Active Directory

Seemingly every day news drops that a popular site with millions of users had been breached and its user database leaked online. Almost without fail, attackers try to use those leaked user credentials on other sites, making password stuffing one of the most common attacks today. Users often use the same username/email and password combination for multiple accounts and, unfortunately, enterprise accounts are no exception. Attackers can, therefore, successfully use leaked credentials to access specific … More

The post Review: Enzoic for Active Directory appeared first on Help Net Security.

Techniques and strategies to overcome Kubernetes security challenges

Five security best practices for DevOps and development professionals managing Kubernetes deployments have been introduced by Portshift. Integrating these security measures into the early stages of the CI/CD pipeline will assist organizations in the detection of security issues earlier, allowing security teams to remediate issues quickly. Kubernetes as the market leader The use of containers continues to rise in popularity in test and production environments, increasing demand for a means to manage and orchestrate them. … More

The post Techniques and strategies to overcome Kubernetes security challenges appeared first on Help Net Security.

Revenue from cloud IT infrastructure products declines

Vendor revenue from sales of IT infrastructure products (server, enterprise storage, and Ethernet switch) for cloud environments, including public and private cloud, declined in the third quarter of 2019 (3Q19) as the overall IT infrastructure market continues to experience weakening sales following strong growth in 2018, IDC reveals. The decline of 1.8% year over year was much softer than in 2Q19 as the overall spend on IT infrastructure for cloud environments reached $16.8 billion. IDC … More

The post Revenue from cloud IT infrastructure products declines appeared first on Help Net Security.

NIST Privacy Framework 1.0: Manage privacy risk, demonstrate compliance

Our data-driven society has a tricky balancing act to perform: building innovative products and services that use personal data while still protecting people’s privacy. To help organizations keep this balance, the National Institute of Standards and Technology (NIST) is offering a new tool for managing privacy risk. Version 1.0 of the NIST Privacy Framework The agency has just released Version 1.0 of the NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management. … More

The post NIST Privacy Framework 1.0: Manage privacy risk, demonstrate compliance appeared first on Help Net Security.

Business units and IT teams can no longer function in silos

Over the next two years, 50% of organizations will experience increased collaboration between their business and IT teams, according to Gartner. The dispute between business and IT teams over the control of technology will lessen as both sides learn that joint participation is critical to the success of innovation in a digital workplace. “Business units and IT teams can no longer function in silos, as distant teams can cause chaos,” said Keith Mann, senior research … More

The post Business units and IT teams can no longer function in silos appeared first on Help Net Security.

Week in review: Windows crypto flaw, API security risks, exploits for Citrix security hole abound

Here’s an overview of some of last week’s most interesting news and articles: Cable Haunt: Unknown millions of Broadcom-based cable modems open to hijacking A vulnerability (CVE-2019-19494) in Broadcom‘s cable modem firmware can open unknown millions of broadband modems by various manufacturers to attackers, a group of Danish researchers has warned. High-risk Google account owners can now use their iPhone as a security key Google users who opt for the Advanced Protection Program (APP) to … More

The post Week in review: Windows crypto flaw, API security risks, exploits for Citrix security hole abound appeared first on Help Net Security.

IoT cybersecurity’s worst kept secret

By improving access to data and taking advantage of them in fundamentally different ways to drive profitability, IT security executives are rapidly changing perceptions of their office. Although making better sense of and use of data may be standard fare in other areas of the enterprise, who knew that modern IoT cybersecurity solutions would become network security’s newest professional lever? Actually, we should have seen it coming, because digital transformation always starts with visibility and … More

The post IoT cybersecurity’s worst kept secret appeared first on Help Net Security.

How to govern cybersecurity risk at the board level

Rapidly evolving cybersecurity threats are now commanding the attention of senior business leaders and boards of directors and are no longer only the concern of IT security professionals. A report from University of California, Berkeley’s Center for Long-Term Cybersecurity (CLTC) and Booz Allen Hamilton uses insights gleaned from board members with over 130 years of board service across nine industry sectors to offer guidance for boards of directors in managing cybersecurity within large global companies. … More

The post How to govern cybersecurity risk at the board level appeared first on Help Net Security.

Worldwide IT spending to total $3.9 trillion in 2020

Worldwide IT spending is projected to total $3.9 trillion in 2020, an increase of 3.4% from 2019, according to the latest forecast by Gartner. Global IT spending is expected to cross into $4 trillion territory next year. “Although political uncertainties pushed the global economy closer to recession, it did not occur in 2019 and is still not the most likely scenario for 2020 and beyond,” said John-David Lovelock, distinguished research vice president at Gartner. “With … More

The post Worldwide IT spending to total $3.9 trillion in 2020 appeared first on Help Net Security.

Embedding security, the right way

As organizations proceed to move their processes from the physical world into the digital, their risk profile changes, too – and this is not a time to take risks. By not including security into DevOps processes, organizations are exposing their business in new and surprising ways. DevOps DevOps has accelerated software development dramatically, but it has also created a great deal of pain for traditional security teams raised up on performing relatively slow testing. Moving … More

The post Embedding security, the right way appeared first on Help Net Security.

Emotet remains the dark market leader for delivery-as-a-service

The vast majority of nationally sponsored cybersecurity incidents take the form of espionage through data exfiltration, with frequent employment of remote access tool Plug-X, according to the annual threat report by eSentire. Emotet is the leader The report found that Emotet accounted for almost 20% of confirmed malware incidents, reinforcing its role in the black market as the preferred delivery tool. Emotet was the most observed threat both on networks and on endpoints, achieving this … More

The post Emotet remains the dark market leader for delivery-as-a-service appeared first on Help Net Security.

Six trends attracting the attention of enterprise technology leaders

Organizations around the world will accelerate enterprise technology investment in 2020, leveraging digital improvements to make them more competitive, improve connections with consumers, and keep up with the increasing demands of privacy regulation and security needs. Hyland has identified six technology trends that will drive these improvements and demand the attention of CIOs CTOs in the coming year and beyond. Prioritize cloud control Organizations will opt for managed cloud services to increase security and efficiency. … More

The post Six trends attracting the attention of enterprise technology leaders appeared first on Help Net Security.

Global security services industry to experience spend growth of more than $80 billion

The global security services industry is poised to experience spend growth of more than $80 billion between 2019-2024 at a CAGR of over 8% during the forecast period, according to SpendEdge. Factors such as the increase in the instances of IP infringement, the frequency of economic and sporting events are exposing masses to significant security risks. This is creating a pressing requirement to engage security services across the domestic and business sectors across the globe … More

The post Global security services industry to experience spend growth of more than $80 billion appeared first on Help Net Security.

Companies increasingly reporting attacks attributed to foreign governments

More than one in four security managers attribute attacks against their organization to cyberwarfare or nation-state activity, according to Radware. Nation-state intrusions soaring In 2018, 19% of organizations believed they were attacked by a nation-state. That figure increased to 27% in 2019. Companies in North America were more likely to report nation-state attribution, at 36%. “Nation-state intrusions are among the most difficult attacks to thwart because the agencies responsible often have significant resources, knowledge of … More

The post Companies increasingly reporting attacks attributed to foreign governments appeared first on Help Net Security.

Cyber attackers turn to business disruption as primary attack objective

Over the course of 2019, 36% of the incidents that CrowdStrike investigated were most often caused by ransomware, destructive malware or denial of service attacks, revealing that business disruption was often the main attack objective of cybercriminals. Another notable finding in the new CrowdStrike Services Report shows a large increase in dwell time to an average of 95 days in 2019 — up from 85 days in 2018 — meaning that adversaries were able to … More

The post Cyber attackers turn to business disruption as primary attack objective appeared first on Help Net Security.

Budgetary, policy, workforce issues influencing DOD and intelligence community IT priorities

Information Technology spending by Department of Defense (DOD) and Intelligence Community (IC) agencies will continue to grow as they work to keep pace with the evolution of both the threat landscape and technology development, according to Deltek. Intelligence community The increasing sophistication of adversaries, expanding threat landscape, rapid pace of technology advancement and data proliferation continue to fuel the IC’s demand for tools and resources to meet mission objectives. IT solutions such as cloud computing, … More

The post Budgetary, policy, workforce issues influencing DOD and intelligence community IT priorities appeared first on Help Net Security.