Author Archives: Help Net Security

Why organizations must arm their SOCs for the future

Security Operations Centers (SOCs) around the globe represent the first line of defense between enterprises and cyber-threats. This mission requires that SOCs respond to security alerts around the clock, and jump into action as quickly as possible to minimize the damage done from events that are in progress while keeping the uptime of critical operations in accordance to the SLAs. The importance of SOCs are highlighted by the fact that 30% of CEOs rate cyber-threats … More

The post Why organizations must arm their SOCs for the future appeared first on Help Net Security.

Perceptions on the impact of data breaches and identity protection

4iQ recently completed research focusing on Americans’ attitudes about cybersecurity breaches and the efforts that organizations make to mitigate breaches’ effects on identity theft. Where’s the data? The findings indicate that a large proportion of Americans (44%) believe their personally identifiable information (PII) has been stolen as a result of a data breach. A strong majority (63%) are concerned that prior breaches could lead to future identity fraud, and a significant number (37%) believe they … More

The post Perceptions on the impact of data breaches and identity protection appeared first on Help Net Security.

How the under 30s expect new approaches to cybersecurity

In today’s multigenerational workforce, the over-30s are more likely to adopt cybersecurity good practice than their younger colleagues who have grown up with digital technology. This is according to a report on generational attitudes to cybersecurity from the security division of NTT. The report identified good and bad practice for organizations researched as part of its Risk:Value 2019 report, scored across 17 key criteria. This revealed that under-30s score 2.3 in terms of cybersecurity best … More

The post How the under 30s expect new approaches to cybersecurity appeared first on Help Net Security.

How much organizations are investing in analytics and why

Despite 94% of organizations believing data and analytics is important to their digital transformation and business growth, most are not enabling a data-driven culture, according to MicroStrategy. Data-deprived employees Compared to executives and management employees, front-line employees are data-deprived and have the least access to data and analytics. The contrast between the data-privileged and the data-deprived is most pronounced in the financial services industry, with just 11% of front-line employees getting access to analytics reports. … More

The post How much organizations are investing in analytics and why appeared first on Help Net Security.

Targeted online messaging dissuading young gamers from getting involved in cybercrime

Highly-targeted messaging campaigns from law enforcement can be surprisingly effective at dissuading young gamers from getting involved in cybercrime, a new study has suggested. Law enforcement interventions The study, by researchers from the University of Cambridge and University of Strathclyde, looked at four different types of law enforcement interventions, the first evaluation of the their effectiveness for this particular type of cybercrime. They found that while high-profile arrests and sentencing of cybercriminals only lead to … More

The post Targeted online messaging dissuading young gamers from getting involved in cybercrime appeared first on Help Net Security.

Whitepaper: Make smarter decisions by using orchestration with intelligence

Analysts in security teams make decisions all day in their investigations that impact the security of the entire organization: Where should I look next? What should I do about this alert? Is this even dangerous? The better we can arm analysts with additional information, context, and situational awareness, the more informed their decision-making will be. But due to the dizzying scales of alerts and associated data occurring in a typical enterprise, decision making needs to … More

The post Whitepaper: Make smarter decisions by using orchestration with intelligence appeared first on Help Net Security.

How cybersecurity accelerates business growth

It’s no secret that the cybersecurity industry has grown exponentially over more than a decade due to the proliferation of high-profile cybercrime. Viewing cybersecurity as simply a necessary step to mitigate cyber risk leaves much opportunity on the table. Organizational leaders need to see cybersecurity as a business enabler that can accelerate growth. Companies that view cybersecurity with the myopic lens of being a necessary overhead cost to protect data are losing out on opportunities … More

The post How cybersecurity accelerates business growth appeared first on Help Net Security.

Deepfakes and voice as the next data breach

Deepfake technology, which uses deep learning to create fake or altered video and audio content, continues to pose a major threat to businesses, consumers, and society as a whole. In the lead up to the 2020 U.S. presidential election, government officials have expressed concerns about potential deepfake attacks to spread misinformation, and evidence suggests that while this technology is advancing rapidly, governments and tech companies are still ill-prepared to detect and combat it. Deepfakes caught … More

The post Deepfakes and voice as the next data breach appeared first on Help Net Security.

AI and ML will become important for how organizations run their digital systems

Global organizations are making significant progress with digital transformation projects despite obstacles, however technology leaders are finding that running their digitally transformed organizations is challenging and they are under increased pressure to prove business value. New Relic and Vanson Bourne surveyed 750 global senior IT decision makers of enterprises with 500 to 5,000-plus employees in Australia, France, Germany, U.K., and the U.S. Key findings from the survey include: 1 in 2 tech leaders are challenged … More

The post AI and ML will become important for how organizations run their digital systems appeared first on Help Net Security.

Spending on security hardware, software, and services continues to increase

Worldwide spending on security products and services will enjoy solid growth over the next five years as organizations continue to invest in solutions to meet a wide range of security threats and requirements. According to an updated forecast from the IDC, worldwide spending on security-related hardware, software, and services will be $106.6 billion in 2019, an increase of 10.7% over 2018. This amount will reach $151.2 billion in 2023 with a compound annual growth rate … More

The post Spending on security hardware, software, and services continues to increase appeared first on Help Net Security.

Webinar: Application Protection and Performance Monitoring Using Datadog + Signal Sciences

For years, security, operations, and engineering have struggled to get one cohesive view of application performance and real-time attacks due to multiple streams of data from a variety of operations and security tools that don’t work well together. We are out to change that. In this webinar, learn how Signal Sciences and Datadog have teamed up to provide powerful monitoring, visualization, and alerting—all in one place. Learn how this integration: Provides developers immediate app performance … More

The post Webinar: Application Protection and Performance Monitoring Using Datadog + Signal Sciences appeared first on Help Net Security.

Week in review: Insider threat essentials, tracing IP hijackers, cyrptojacking worm hits Docker hosts

Here’s an overview of some of last week’s most interesting news, reviews and articles: “Smart city” governments should also be smart about security While the definition of “smart city” is still under debate, one thing is indisputable: the technologies used to make smart cities a reality are currently acquired and deployed after very little (or even no) security testing. Cryptojacking worm compromised over 2,000 Docker hosts Security researchers have discovered a cryptojacking worm that propagates … More

The post Week in review: Insider threat essentials, tracing IP hijackers, cyrptojacking worm hits Docker hosts appeared first on Help Net Security.

Six steps for implementing zero trust access

Modern organizations are no longer governed by fixed perimeters. In fact, the perimeter-based security model is disintegrating in a world where users work on their own devices from anywhere, and sensitive company data is stored in multiple cloud services. Organizations can no longer rely on binary security models that focus on letting good guys in and keeping bad guys out. Their big challenge is figuring out how to give users the access they need while … More

The post Six steps for implementing zero trust access appeared first on Help Net Security.

Security still top priority as more enterprises scale IoT solutions company-wide

A record 61 percent of enterprises worldwide are on the path to becoming “intelligent,” compared to only 49 percent in 2018. The Zebra Technologies Corporation global survey analyzes the extent to which companies connect the physical and digital worlds to drive innovation through real-time guidance, data-powered environments and collaborative mobile workflows. Their “Intelligent Enterprise” Index scores are calculated using 11 criteria that include Internet of Things (IoT) vision, adoption, data management, intelligent analysis and more. … More

The post Security still top priority as more enterprises scale IoT solutions company-wide appeared first on Help Net Security.

As car manufacturers focus on connectivity, hackers begin to exploit flaws

Car manufacturers offer more software features to consumers than ever before, and increasingly popular autonomous vehicles that require integrated software introduce security vulnerabilities. Widespread cloud connectivity and wireless technologies enhance vehicle functionality, safety, and reliability but expose cars to hacking exploits. In addition, the pressure to deliver products as fast as possible puts a big strain on the security capabilities of cars, manufacturing facilities, and automotive data, a IntSights report reveals. “The automotive manufacturing industry … More

The post As car manufacturers focus on connectivity, hackers begin to exploit flaws appeared first on Help Net Security.

Review: The Great Hack

Data is the most valuable asset/resource on Earth. Still, we have little or no control over who is exploiting ours without our consent. That is what the authors, Jehane Noujaim and Karim Amer, want to make us realize in their documentary film The Great Hack, released by Netflix on July 24, 2019. Jehane Noujaim, American documentary film director, and Karim Amer, Egyptian-American film producer and director, already worked together on The Square (2013), but it … More

The post Review: The Great Hack appeared first on Help Net Security.

Companies are shifting spending to support their critical IT initiatives

Increasing spend efficiency and cutting waste are challenging with respect to gaining visibility into costs and managing IT spend effectively, according to Flexera survey. Survey respondents are IT executives working in large enterprises with 2,000 or more employees, headquartered in North America and Europe, encompassing industries such as financial services, retail, e-commerce and industrial products. More than half are C-level executives. Managing IT spending The top challenge to managing spend effectively, cited by 86 percent … More

The post Companies are shifting spending to support their critical IT initiatives appeared first on Help Net Security.

Key challenges impacting IT audit pros navigating an evolving risk landscape

Protiviti and ISACA surveyed 2,252 chief audit executives (CAEs), internal audit professionals and IT audit vice presidents and directors worldwide. Asked to identify their biggest technology challenges, IT audit leaders and professionals noted the following as their top five: IT security and privacy/cybersecurity Data management and governance Emerging technology and infrastructure changes – transformation/innovation/disruption Staffing and skills challenges Third-party/vendor management “As much as organizations are focusing on cybersecurity and protecting their data, they’re still behind … More

The post Key challenges impacting IT audit pros navigating an evolving risk landscape appeared first on Help Net Security.

MSPs face increased risks and opportunities to rethink cybersecurity

Managed service providers (MSPs) and their small-and medium-sized business (SMB) customers lack the tools and resources needed to sufficiently defend against rising cyberattacks and threats, according to Continuum. Security shortcomings The report found significant shortcomings in how MSPs offer cybersecurity, emphasizing the need for both MSPs and their SMB customers to reevaluate their cybersecurity strategies and identify effective solutions to bridge the widening IT skills gap. Conducted by Vanson Bourne, the study surveyed 200 MSPs … More

The post MSPs face increased risks and opportunities to rethink cybersecurity appeared first on Help Net Security.

1 in 5 SMBs have fallen victim to a ransomware attack

Ransomware remains the most common cyber threat to SMBs, according to a Datto survey of more than 1,400 MSP decision makers that manage the IT systems for small-to-medium-sized businesses. SMBs are a prime target While it is used against businesses of all sizes, SMBs have become a prime target for attackers. The report uncovered a number of ransomware trends specifically impacting the SMB market: Ransomware attacks are pervasive. The number of ransomware attacks against SMBs … More

The post 1 in 5 SMBs have fallen victim to a ransomware attack appeared first on Help Net Security.

Executives are not actively engaged in ensuring the effectiveness of cybersecurity strategy

There’s a clear lack of accountability, especially on the board and among C-suite executives, and a lack of confidence in determining the efficacy of security technologies. AttackIQ and Ponemon Institute surveyed 577 IT and IT security practitioners in the United States who are knowledgeable about their organizations’ IT security strategy, tactics, and technology investments. “Enterprise culture is formed at the top. If enterprise leaders are not actively engaged in ensuring a strong cybersecurity posture, it … More

The post Executives are not actively engaged in ensuring the effectiveness of cybersecurity strategy appeared first on Help Net Security.

Do digital architects have the tools to make the most of transformative technologies?

Digital architects are struggling to satisfy their organizations’ digital transformation ambitions, research from Couchbase has found. In a survey of 450 heads of digital transformation responsible for managing data architecture at enterprises across the U.S., U.K., France and Germany, 85 percent of respondents were under pressure to deliver digital projects – with 41 percent experiencing “high” or “extremely high” pressure. This is not helped by the apparent scale of the challenge facing architects. Sixty eight … More

The post Do digital architects have the tools to make the most of transformative technologies? appeared first on Help Net Security.

Code dependency mapping’s role in securing enterprise software

Enterprise software is only as good as its security. Today, a data breach costs $3.92 million on average. Organizations are expected to spend $124 billion on security in 2019 and will probably invest even more given the alarming rate at which cyberattacks are growing. Despite these investments, newer and more sophisticated threats are emerging every day, making the security of an enterprise’s software environment challenging – even for the most well-prepared. Fortunately, new innovations have … More

The post Code dependency mapping’s role in securing enterprise software appeared first on Help Net Security.

Microsegmentation for refining safety systems

When the TRITON (aka TRISIS) attack struck three refining sites in the Middle East in November of 2017, it was the first known cyber incident to target safety instrumented systems (SIS), specifically Schneider Electric’s Triconex gear. The consequences of these attacks were plant-wide shutdowns. While such shutdowns are costly, the consequences could have been far worse. Refineries rely on correctly functioning SIS equipment to prevent worker casualties and environmental disasters in the face of both … More

The post Microsegmentation for refining safety systems appeared first on Help Net Security.

Fake mobile app fraud tripled in first half of 2019

In Q2 2019, RSA Security identified 57,406 total fraud attacks worldwide. Of these, phishing attacks were the most prevalent (37%), followed by fake mobile apps (usually apps posing as those of popular brands). But while phishing went up by just 6 percent when the numbers from 1H 2019 are compared to those from 2H 2018, attacks via financial malware and rogue mobile apps have increased significantly (80 and 191 percent, respectively). “The fact that fraud … More

The post Fake mobile app fraud tripled in first half of 2019 appeared first on Help Net Security.

When properly managed, shadow IT can benefit your organization

77 percent of IT professionals believe their organizations could earn an edge if company leaders were more collaborative with their businesses to find shadow IT solutions, according to a survey of 1000 US-based IT professionals by Entrust Datacard. As organizations adapt to changing technologies, employees are eager to use productivity solutions that help them function more efficiently — even if these solutions are outside the company’s IT rules and processes. This is the shadow IT … More

The post When properly managed, shadow IT can benefit your organization appeared first on Help Net Security.

How seriously are businesses taking their PKI security?

While most enterprises demonstrate a committed effort towards maintaining a well-rounded PKI setup, they still fall short in several key categories. The post-Black Hat survey report generated by AppViewX indicated that the primary reason for these shortfalls resided in the fact that most certificate- and PKI-processes were bound by silos, manual workflows, and a lack of synergy between systems. For instance, nearly 50% of the respondents admitted to still relying on passwords to safeguard private … More

The post How seriously are businesses taking their PKI security? appeared first on Help Net Security.

Consumer spending on technology forecast to reach $1.69 trillion in 2019

Consumer spending on technology is forecast to reach $1.69 trillion in 2019, an increase of 5.3% over 2018. Traditional technologies still dominate According to the latest Worldwide Semiannual Connected Consumer Spending Guide from International Data Corporation (IDC), consumer purchases of traditional and emerging technologies will remain strong over the 2019-2023 forecast period, reaching $2.06 trillion in 2023 with a five-year compound annual growth rate (CAGR) of 5.1%. Roughly three quarters of all consumer technology spending … More

The post Consumer spending on technology forecast to reach $1.69 trillion in 2019 appeared first on Help Net Security.

Download: IR Reporting for Management PPT template

Many security pros that are doing an excellent job in handling incidents find that effectively communicating the process to their management is a challenging task. Cynet addresses this gap with the IR Reporting for Management PPT template, providing an intuitive tool to report both the ongoing IR process and its conclusion. The IR for Management template enables CISOs and CIOs to communicate the key points that management cares about: assurance that the incident is under … More

The post Download: IR Reporting for Management PPT template appeared first on Help Net Security.

Viewing cybersecurity incidents as normal accidents

As we continue on through National Cybersecurity Awareness Month (NCSAM), a time to focus on how cybersecurity is a shared responsibility that affects all Americans, one of the themes that I’ve been pondering is that of personal accountability. Years ago, I read Charles Perrow’s book, “Normal Accidents: Living with High-Risk Technologies,” which analyzes the social side of technological risk. When the book was first written in 1984, Perrow analyzed complex systems like nuclear power, aviation … More

The post Viewing cybersecurity incidents as normal accidents appeared first on Help Net Security.

Product showcase: Alsid for AD

You are using Active Directory (AD) every day, every hour, every minute when you log into your device, open your emails, access an application, or share a file. But, guess what, it’s also used by hackers on a daily basis. Simply put, when attackers take control of your AD, they inherit godlike powers over your IT. Sweet. Analyzing attack vectors: How attack pathways are born Active Directory itself is a robust product that suffered few … More

The post Product showcase: Alsid for AD appeared first on Help Net Security.

AI development has major security, privacy and ethical blind spots

Security, privacy and ethics are low-priority issues for developers when modeling their machine learning solutions, according to O’Reilly. Major issues Security is the most serious blind spot. Nearly three-quarters (73 per cent) of respondents indicated they don’t check for security vulnerabilities during model building. More than half (59 per cent) of organizations also don’t consider fairness, bias or ethical issues during ML development. Privacy is similarly neglected, with only 35 per cent checking for issues … More

The post AI development has major security, privacy and ethical blind spots appeared first on Help Net Security.

Free SOAR Platforms eBook

A SOAR platform represents an evolution in security operations driven by the vast amounts of data that must be processed. Working off a single platform is critical to successful coordination of detection and response initiatives, as it keeps knowledge sharing across these teams fluid and instantaneous. Security orchestration and automation integrates different technologies and allows you to conduct defensive actions: it increases your effectiveness in stopping, containing, and preventing attacks. The great thing about SOAR … More

The post Free SOAR Platforms eBook appeared first on Help Net Security.

5 things security executives need to know about insider threat

Insider threat is, unfortunately, an issue that has not yet received sufficient priority. According to the 2018 Deloitte-NASCIO Cybersecurity Study, CISOs’ top challenges remain “budget, talent and increasing cyber threats,” and to some, insider threat doesn’t even make the list of top-ten priorities. Considering what’s at stake – and our 21st-century ability to see signs of, and ultimately prevent, insider threat – this is a phenomenon security executives can no longer afford to ignore. Specifically, … More

The post 5 things security executives need to know about insider threat appeared first on Help Net Security.

New data analysis approach could strengthen the security of IoT devices

A multi-pronged data analysis approach that can strengthen the security of IoT devices, such as smart TVs, home video cameras and baby monitors, against current risks and threats has been created by a team of Penn State World Campus students. Explosion of IoT devices A new forecast from IDC estimates that there will be 41.6 billion connected IoT devices, or “things,” generating 79.4 zettabytes (ZB) of data in 2025. “These devices can leave people vulnerable … More

The post New data analysis approach could strengthen the security of IoT devices appeared first on Help Net Security.

Researchers may have found a way to trace serial IP hijackers

Hijacking IP addresses is an increasingly popular form of cyberattack. This is done for a range of reasons, from sending spam and malware to stealing Bitcoin. It’s estimated that in 2017 alone, routing incidents such as IP hijacks affected more than 10 percent of all the world’s routing domains. Left to right: senior research scientist David Clark, graduate student Cecilia Testart, and postdoc Philipp Richter. Photo by Jason Dorfman, MIT CSAIL. There have been major … More

The post Researchers may have found a way to trace serial IP hijackers appeared first on Help Net Security.

70% of presidential campaigns fail to provide adequate online privacy and security protections

An alarming 70% of the campaign websites reviewed in the OTA 2020 U.S. Presidential Campaign Audit failed to meet OTA’s privacy and security standards – potentially exposing visitors to unnecessary risks. Only seven (30%) of the analyzed campaigns made the Honor Roll, a designation recognizing campaigns that displayed a commitment to using best practices to safeguard visitor information. To qualify for the Honor Roll, campaigns must have an overall score of 80% or higher, with … More

The post 70% of presidential campaigns fail to provide adequate online privacy and security protections appeared first on Help Net Security.

Consumers concerned about connected home privacy, still few implement safety practices

In order to understand what people are doing to protect themselves from the risk of compromised smart home devices, such as internet-connected TVs, smart thermostats, home assistants and more, ESET polled 4,000 consumers. Key findings include: Over a third of all respondents indicated they are concerned about unauthorized access of their home networks via connected home devices (smart TVs, smart thermostats etc.). 35% of Americans and 37% of Canadians indicated so in our survey. When … More

The post Consumers concerned about connected home privacy, still few implement safety practices appeared first on Help Net Security.

Webinar: Securing Web Layer Assets with Cloud WAF

Developers and operations teams are under constant pressure to release new features and capabilities that keep their organizations ahead of competitors. But when “Innovate!” is a constant rallying cry and velocity the measure of a development team’s worth, what happens to security at the application layer? There’s a solution: instrument and observe web requests using a Cloud Web Application Firewall (WAF) that provides detection and blocking to protect web layer assets without installing additional software. … More

The post Webinar: Securing Web Layer Assets with Cloud WAF appeared first on Help Net Security.

Week in review: Umasking cybercriminals, improving incident response, macOS Catalina security

Here’s an overview of some of last week’s most interesting news and articles: Winning the security fight: Tips for organizations and CISOs If you ask Matthew Rosenquist, a former Cybersecurity Strategist for Intel (now independent), overcoming denial of risk, employing the right cybersecurity leader, and defining clear goals are the three most critical objectives for avoiding a negative outcome. Imperva explains how their recent security incident happened In late August, Imperva suffered a security incident, … More

The post Week in review: Umasking cybercriminals, improving incident response, macOS Catalina security appeared first on Help Net Security.

DevSecOps role expansion has changed how companies address their security posture

While organizations shift their applications to microservices environments, the responsibility for securing these environments shifts as well, Radware reveals. The rapid expansion of the Development Security Operations (DevSecOps) role has changed how companies address their security posture with approximately 70% of survey respondents stating that the CISO was not the top influencer in deciding on security software policy, tools and or implementation. This shift has likely exposed companies to a broader range of security risks … More

The post DevSecOps role expansion has changed how companies address their security posture appeared first on Help Net Security.

11 steps organizations should take to improve their incident response strategy

As the year draws to a close, it is time for businesses across all industries and sectors to reflect and prepare for the upcoming new year. With this in mind, FIRST has produced 11 vital steps that organizations should take to improve their incident response strategy. It is highly likely that an organization will face a cybersecurity incident of some sort at some point in its lifetime, regardless of the level of cybersecurity defense in … More

The post 11 steps organizations should take to improve their incident response strategy appeared first on Help Net Security.

ICS cybersecurity investment should be a priority in protecting operations from disruption

93% of ICS security professionals are concerned about cyberattacks causing operational shutdown or customer-impacting downtime, according to a Tripwire survey. In an effort to prepare against such threats, 77% have made ICS cybersecurity investments over the past two years, but 50% still feel that current investments are not enough. The survey was conducted by Dimensional Research and its respondents included 263 ICS security professionals at energy, manufacturing, chemical, dam, nuclear, water, food, automotive and transportation … More

The post ICS cybersecurity investment should be a priority in protecting operations from disruption appeared first on Help Net Security.

New method validates the integrity of computer chips using x-rays

Guaranteeing that computer chips, that can consist of billions of interconnected transistors, are manufactured without defects is a challenge. But how to determine if a chip is compromised? Now a technique co-developed by researchers at the Paul Scherer Institut in Switzerland and researchers at the USC Viterbi School of Engineering would allow companies and other organizations to non-destructively scan chips to ensure that they haven’t been altered and that they are manufactured to design specifications … More

The post New method validates the integrity of computer chips using x-rays appeared first on Help Net Security.

5G is here, now what?

5G is being positioned as a “network of networks” that will encompass public and private components, licensed and unlicensed spectrum, and even expand beyond cellular, to satellite communications. But in reality, 5G will only be one component of the enterprise vertical technology stack, states ABI Research. “The telco industry has somewhat designed 5G as a technology that will complement, or even replace, several other competing communication technologies. This is, in fact, built into the standard: … More

The post 5G is here, now what? appeared first on Help Net Security.

Build or buy: What to consider when deploying on-premise or cloud-based PKI

Public Key Infrastructure (PKI), once considered an IT table stake, has transformed from a tool used to protect websites to a core digital identity management function within the cybersecurity framework. Today’s PKI establishes and manages digital identities across people, applications and devices within the enterprise. IT teams are deploying PKI to combat several growing cybersecurity threats too, from ransomware and phishing attacks to IoT device hijacking. PKI remains a core component within the larger IT … More

The post Build or buy: What to consider when deploying on-premise or cloud-based PKI appeared first on Help Net Security.

Cybercrime is maturing, shifting its focus to larger and more profitable targets

Cybercrime is continuing to mature and becoming more and more bold, shifting its focus to larger and more profitable targets as well as new technologies. Data is the key element in cybercrime, both from a crime and an investigate perspective. These key threats demonstrate the complexity of countering cybercrime and highlight that criminals only innovate their criminal behavior when existing modi operandi have become unsuccessful or more profitable opportunities emerge. In essence, new threats do … More

The post Cybercrime is maturing, shifting its focus to larger and more profitable targets appeared first on Help Net Security.

Only 32% of organizations employ a security-first approach to cloud data storage

Although nearly half (48%) of corporate data is stored in the cloud, only a third (32%) of organizations admit they employ a security-first approach to data storage in the cloud, according to a global study from Thales, with research from the Ponemon Institute. Surveying over 3,000 IT and IT security practitioners in Australia, Brazil, France, Germany, India Japan, the United Kingdom and the United States, the research found that only one in three (31%) organizations … More

The post Only 32% of organizations employ a security-first approach to cloud data storage appeared first on Help Net Security.

Does poor password hygiene still hamper your ability to achieve high security standards?

While more businesses are investing in security measures like multifactor authentication (MFA), employees still have poor password habits that weaken companies’ overall security posture, according to LastPass. Given that stolen and reused credentials are linked to 80 percent of hacking-related breaches, businesses must take more action to improve password and access security to make a big impact on risk reduction. “Securing employee access has never been more important and unfortunately, we see businesses ignore password … More

The post Does poor password hygiene still hamper your ability to achieve high security standards? appeared first on Help Net Security.

Impact and prevalence of cyberattacks that use stolen hashed administrator credentials

There’s a significant prevalence and impact of cyberattacks that use stolen hashed administrator credentials, also referred to as Pass the Hash (PtH) attacks, within businesses today, according to a survey from One Identity. Among the survey’s most noteworthy findings is that 95% of respondents say that PtH attacks have a direct business impact on their organizations. Conducted by Dimensional Research, the survey of more than 1,000 IT professionals reinforces the crucial need for organizations to … More

The post Impact and prevalence of cyberattacks that use stolen hashed administrator credentials appeared first on Help Net Security.

Free eBook: Threat intelligence platforms

Today’s threat environment is complex and dynamic. The internet was built for connectivity, not security, and approaches such as intrusion detection systems, anti-virus programs, and traditional incident response methodologies by themselves are no longer sufficient in the face of the widening gap between offensive and defensive capabilities. Organizations today face Advanced Persistent Threats (APTs) and organized, criminally motivated attacks launched by adversaries with the tools, training, and resources to breach most conventional network defense systems. … More

The post Free eBook: Threat intelligence platforms appeared first on Help Net Security.

Digital transformation requires an aggressive approach to security

Organizations agree, building security into digital transformation initiatives is a priority, yet the recommended path to progress is unclear, according to a survey conducted by ZeroNorth. Companies of all sizes and in all industries are experiencing the pains of digital transformation, with 79% of survey respondents indicating their organization already has related initiatives underway. All participants indicate the importance of digital transformation to the future of their organization, even those who have not yet embarked … More

The post Digital transformation requires an aggressive approach to security appeared first on Help Net Security.

Phishing attempts increase 400%, many malicious URLs found on trusted domains

1 in 50 URLs are malicious, nearly one-third of phishing sites use HTTPS and Windows 7 exploits have grown 75% since January. A new Webroot report also highlights the importance of user education, as phishing lures have become more personalized as hackers use stolen data for more than just account takeover. Hackers are using trusted domains and HTTPS to trick victims Nearly a quarter (24%) of malicious URLs were found to be hosted on trusted … More

The post Phishing attempts increase 400%, many malicious URLs found on trusted domains appeared first on Help Net Security.

Majority of IT departments leave major holes in their USB drive security

For the second year in a row, the majority of employers are failing to equip their employees with the appropriate technologies, procedures and policies to ensure data security across the organization, according to Apricorn. The survey report, which polled nearly 300 employees across industries including education, finance, government, healthcare, legal, retail, manufacturing, and power and energy, examined year-over-year trends of USB drive usage, policies and business drivers. The report indicated that even though 87% of … More

The post Majority of IT departments leave major holes in their USB drive security appeared first on Help Net Security.

BEC explodes as attackers exploit email’s identity crisis

850,000 domains worldwide now have DMARC records, a 5x increase since 2016, according to Valimail. However, less than 17% of global DMARC records are at enforcement — meaning fake emails that appear to come from those domains are still arriving in recipients’ inboxes. Among large companies, only one in five enterprise DMARC records is at enforcement, a significant factor in the wild success of business email compromise (BEC) attacks, which has produced more than $26 … More

The post BEC explodes as attackers exploit email’s identity crisis appeared first on Help Net Security.

Unmask cybercriminals through identity attribution

Organized crime has grown more complex since the turn of the century—coinciding with the rise of the digital world, cybercriminals have leveraged the proliferation of technology to broaden their reach with a more sophisticated network-structured model, effectively globalizing their operations in cyberspace and ultimately allowing cybercriminals to devastate companies and consumers alike. The faster you act, the quicker you will be able to disrupt the adversary and prevent future attacks, directly yielding greater financial savings … More

The post Unmask cybercriminals through identity attribution appeared first on Help Net Security.

Product showcase: Awake Security Network Traffic Analysis Platform

Security experts profess that enterprise organizations must assume their network is already compromised. Cyber-attacks use network communications for malware distribution, command and control, and data exfiltration. With the right tools, security professionals should be able to uncover malicious activity and take prompt action to mitigate it. Network traffic analysis (NTA) tools were designed to help security personnel to detect attackers that had managed to evade traditional defenses, especially those that are already inside the perimeter. … More

The post Product showcase: Awake Security Network Traffic Analysis Platform appeared first on Help Net Security.

Organizations need tools that support DevOps security

Organizational silos create unnecessary security risk for global businesses. The lack of security involvement in DevOps projects was reportedly creating cyber risk for 72% of IT leaders, according to Trend Micro. In an effort to better understand the DevOps culture, Trend Micro commissioned Vanson Bourne to poll 1,310 IT decision makers in SMB and enterprise organizations across the globe about their organizational culture. “It’s no secret that developers and security teams have a history of … More

The post Organizations need tools that support DevOps security appeared first on Help Net Security.

Internal user mistakes create large percentage of cybersecurity incidents

Internal user mistakes created the largest percentage of cybersecurity incidents over the past twelve months (80%), followed by exposures caused by poor network system or application security (36%), and external threat actors infiltrating the organization’s network or systems (31%), SolarWinds research reveals. Poor password management ranked as the leading cause of concern for German IT professionals regarding insider threats. Forty-five percent of tech pros surveyed indicated poor password management or weak passwords as the most … More

The post Internal user mistakes create large percentage of cybersecurity incidents appeared first on Help Net Security.

Report: 2019 eSentire Threat Intelligence Spotlight

This new report, Threat Intelligence Spotlight: The Shifting Framework of Modern Malware, draws on data gathered from the 650-plus organizations that eSentire protects and Carbon Black’s extensive endpoint protection install base. Key insights of the report include: An approximate median of 10 variants within a malware family, which begins to highlight the challenges faced by traditional endpoint solutions The largest number of variants within a malware family is more than 200 It takes nearly 40 … More

The post Report: 2019 eSentire Threat Intelligence Spotlight appeared first on Help Net Security.

Cloud-native applications need a unified continuous security approach

Cloud-native has arrived and now, it’s taking over. By 2021, 92% of companies will go cloud-native. It’s faster, it’s more efficient, more scalable, and more flexible. But is it more secure? As businesses integrate cloud-native technologies, such as Kubernetes, across their clouds, the complexity and distributed nature of these platforms increasingly require companies to rethink their approach not only to Dev and Ops, but also, security. The primary cloud platforms – AWS, Azure and Google … More

The post Cloud-native applications need a unified continuous security approach appeared first on Help Net Security.

Insider threats are security’s new reality: Prevention solutions aren’t working

Insider threats expose companies to breaches and put corporate data at risk. New research from Code42 questions whether the right data security solutions are being funded and deployed to stop insider threats and asserts that legacy data loss prevention solutions fall short in getting the job done. Today, 79% of information security leaders believe that employees are an effective frontline of defense against data breaches. However, this year’s report disputes that notion. Wake-up call: Insider … More

The post Insider threats are security’s new reality: Prevention solutions aren’t working appeared first on Help Net Security.

Consumers have concerns about cybersecurity, value education on best practices

Nearly three-quarters of consumers (74%) would be likely to participate in a cybersecurity awareness or education program from their financial institution if they offered it. The survey conducted by The Harris Poll on behalf of Computer Services also found that an overwhelming majority of consumers (92%) have concerns about the security of their personal confidential data online. The poll ran online July 1-3, 2019, and it represents feedback from more than 2,000 U.S. adults ages … More

The post Consumers have concerns about cybersecurity, value education on best practices appeared first on Help Net Security.

The top 10 strategic government technology trends CIOs should plan for

The top 10 government technology trends for 2019-2020 that have the potential to optimize or transform public services have been identified by Gartner. Government CIOs should include these trends in their strategic planning over the next 12 to 18 months. The top 10 strategic technology trends for government were selected in response to pressing public policy goals and business needs of government organizations in jurisdictions around the globe. They fit into a broader set of … More

The post The top 10 strategic government technology trends CIOs should plan for appeared first on Help Net Security.

64% of IT decision makers have reported a breach in their ERP systems in the past 24 months

ERP applications are ‘critical’ to business operations, according to the IDC survey of 430 IT decision makers. ERP-related breach Sixty-four percent of the 191 decision makers surveyed whose organizations rely on SAP or Oracle E-Business Suite confirmed that their deployments have had an ERP-related breach in the last 24 months. “Enterprise Resource Planning (ERP) applications such as Oracle E-Business Suite and SAP (ECC) can be foundational for businesses. A breach of such critical ERP applications … More

The post 64% of IT decision makers have reported a breach in their ERP systems in the past 24 months appeared first on Help Net Security.

Whitepaper: Identifying Web Attack Indicators

Attackers are always looking for ways into web and mobile applications. The 2019 Verizon Data Breach Investigation Report listed web applications the number ONE vector attackers use when breaching organizations. In this paper, Signal Sciences examine malicious web request patterns for four of the most common web attack methods and show how to gain the context and visibility that is key to stopping these attacks. Key learnings: Four common web layer attack types: account takeover, … More

The post Whitepaper: Identifying Web Attack Indicators appeared first on Help Net Security.

Week in review: MFA effectiveness, SMBs and Win7 security, the quantum computing threat

Here’s an overview of some of last week’s most interesting news, interviews and articles: Unpatched Android flaw exploited by attackers, impacts Pixel, Samsung, Xiaomi devices A privilege escalation vulnerability affecting phones running Android 8.x and later is being leveraged by attackers in the wild, Google has revealed. Sophos Managed Threat Response: An evolved approach to proactive security protection In its 2019 market guide for managed detection and response (MDR) services, Gartner forecasted that by 2024, … More

The post Week in review: MFA effectiveness, SMBs and Win7 security, the quantum computing threat appeared first on Help Net Security.

October 2019 Patch Tuesday forecast: Be sure to apply service stack updates

School is back in session across most of the world, and here in the United States most students look forward to a school holiday called ‘fall break.’ While we never have a Patch Tuesday off, this may actually be a bit of fall break for most us because I don’t anticipate many updates this month. Before we get into the forecast details, I’d like to provide some information around service stack updates (SSUs) and how … More

The post October 2019 Patch Tuesday forecast: Be sure to apply service stack updates appeared first on Help Net Security.

Enterprises leaving themselves vulnerable to cyberattacks by failing to prioritize PKI security

IoT is one of the fastest growing trends in technology today, yet enterprises are leaving themselves vulnerable to dangerous cyberattacks by failing to prioritize PKI security, according to new research from nCipher Security. The 2019 Global PKI and IoT Trends Study, conducted by research firm the Ponemon Institute and sponsored by nCipher Security, is based on feedback from more than 1,800 IT security practitioners in 14 countries/regions. The study found that IoT is the fastest-growing … More

The post Enterprises leaving themselves vulnerable to cyberattacks by failing to prioritize PKI security appeared first on Help Net Security.

Educational organizations massively vulnerable to cyber attacks

The education sector is facing a crisis as schools grapple with high levels of risk exposure – driven in large part by complex IT environments and digitally savvy student populations – that have made them a prime target for cybercriminals and ransomware attackers, according to Absolute. The summer months of 2019 saw the number of publicly-disclosed security incidents in K-12 school districts in the U.S. reach 160, exceeding the total number incidents reported in 2018 … More

The post Educational organizations massively vulnerable to cyber attacks appeared first on Help Net Security.

How security programs and breach history influence company valuations

96% of cybersecurity professionals indicated that cybersecurity readiness factors into the calculation when they are assessing the overall monetary value of a potential acquisition target, a (ISC)2 survey reveals. (ISC)2 surveyed 250 U.S.-based professionals with mergers and acquisitions (M&A) expertise. Survey respondents unanimously agreed that cybersecurity audits are not only commonplace but are actually standard practice during M&A transaction preparation. The research also found that the results of such due diligence can have a tangible … More

The post How security programs and breach history influence company valuations appeared first on Help Net Security.

Executives have to make cybersecurity a priority in order to secure their business

Businesses and organizations of all sizes have steadily begun to recognize the importance of cybersecurity to their success. As spending and awareness of the importance of cybersecurity increases, so does the demand for intelligence about how best to spend those funds and what security leaders can expect in today’s constantly evolving attack surfaces. To help give business leaders insight into the threat landscape to better mitigate risk, Optiv Security has published its 2019 Cyber Threat … More

The post Executives have to make cybersecurity a priority in order to secure their business appeared first on Help Net Security.

Security and compliance gaps of ineffective employee onboarding and offboarding

There are significant gaps in the compliant management of employee resources throughout the employment lifecycle. Just 15% of employees have all the resources they require to be productive on day one, further, more than half (52%) of IT professionals know someone who still has access to a former employer’s applications and data, according to Ivanti. When it comes to employee onboarding, 38% of IT professionals report it takes between two and four days to get … More

The post Security and compliance gaps of ineffective employee onboarding and offboarding appeared first on Help Net Security.

The 5 biggest examples of executive threats and how to prevent them

Many executives focus their security efforts and budgets solely on physical threats, but attacks targeting an executive’s digital presence can be just as dangerous. Criminals are looking to exploit the wealth of high-profile and high net-worth individuals—or cause them embarrassment or personal harm—at an unprecedented rate. And, as the most abundant source of company secrets and IP, they’re a primary attack vector of their businesses too. Attacks on VIPs involve attempts at accessing their sensitive … More

The post The 5 biggest examples of executive threats and how to prevent them appeared first on Help Net Security.

49% of infosec pros are awake at night worrying about their organization’s cybersecurity

Six in every ten businesses have experienced a breach in either in the last three years. At least a third of infosec professionals (36%) whose employers had not recently been a victim of a cyber attack also believe that it is likely that they are currently facing one without knowing about it. This may be an indicator of a bumper year for breaches, as the total number of organizations reporting breaches in 2018 only came … More

The post 49% of infosec pros are awake at night worrying about their organization’s cybersecurity appeared first on Help Net Security.

Massive uptick in eCrime campaigns, retail among top targeted industries

There has been a massive uptick in eCrime cyber activity, a CrowdStrike report reveals. As Gartner states in the 2019 Magic Quadrant for Endpoint Protection Platform, “The skills requirement of EDR solutions compounded by the skills gap in most organizations is an impediment to the adoption of EDR in the mainstream market. “As a result, product vendors are increasingly offering a fusion of products and services ranging from light incident response and monitoring through full … More

The post Massive uptick in eCrime campaigns, retail among top targeted industries appeared first on Help Net Security.

Cyber risks are the top concern among businesses of all sizes

Cyber risks are the top concern among businesses of all sizes for the first time since the Travelers Companies’ survey began in 2014. Of the 1,200 business leaders who participated in the survey, 55% said they worry some or a great deal about cyber risks, ahead of medical cost inflation (54%), employee benefit costs (53%), the ability to attract and retain talent (46%) and legal liability (44%). As concerns about cyber threats have grown, a … More

The post Cyber risks are the top concern among businesses of all sizes appeared first on Help Net Security.

What’s next for 5G?

The future of 5G lies in the enterprise, states ABI Research. Use cases across different vertical markets, such as industrial automation, cloud gaming, private Long-Term Evolution (LTE), and smart transport systems, will become pervasive, and will unlock new opportunities for Mobile Service Providers (MSPs) along the way. This bright and lucrative future may be hampered by 5G’s past. That’s because early 5G implementations were designed to fit the needs of the consumer market first. “The … More

The post What’s next for 5G? appeared first on Help Net Security.

Vulnerability in Cisco Webex and Zoom may expose online meetings to snooping

Cequence Security’s CQ Prime Threat Research Team discovered of a vulnerability in Cisco Webex and Zoom video conferencing platforms that potentially allows an attacker to enumerate or list and view active meetings that are not protected. The web conferencing market includes nearly three dozen vendors, some of whom may use similar meeting identification techniques. Although the CQ Prime team did not test each of these products, it is possible they could be susceptible as well. … More

The post Vulnerability in Cisco Webex and Zoom may expose online meetings to snooping appeared first on Help Net Security.

Assessing risk: Measuring the health of your infosec environment

There is an uncomfortable truth that many organizations are not conducting comprehensive assessments of their information security risk; or those that do aren’t getting much value out of assessment exercises — because they simply don’t know how. Given the massive amounts of data organizations hold, accurately assessing these risks is difficult. So is determining how to best control them once they are identified. That’s especially needed for businesses in highly regulated industries that can face … More

The post Assessing risk: Measuring the health of your infosec environment appeared first on Help Net Security.

Managing and monitoring privileged access to cloud ecosystems

Cloud data breaches are on the rise, demonstrating time and again the need for a different approach and strategy when it comes to managing and monitoring privileged access to cloud ecosystems. Privilege access management (PAM) should: Be risk-aware and intelligent Reduce sprawl of infrastructure, accounts, access and credentials Use continuous identity analytics. Just-in-time management of privileged accounts According to Gartner’s 2018 Magic Quadrant for PAM report, by 2022 more than 50% of organizations with PAM … More

The post Managing and monitoring privileged access to cloud ecosystems appeared first on Help Net Security.

38% of the Fortune 500 do not have a CISO

To uncover whether the world’s leading companies are committed to enhancing their cybersecurity initiatives, Bitglass researched the members of the 2019 Fortune 500 and analyzed public-facing information such as what is available on their websites. 77% of the Fortune 500 make no indication on their websites about who is responsible for their security strategy. Additionally, 52% do not have any language on their websites about how they protect the data of customers and partners (beyond … More

The post 38% of the Fortune 500 do not have a CISO appeared first on Help Net Security.

Email is an open door for malicious actors looking to exploit businesses

There’s an alarming scale of risks businesses are up against in a time when email is proving an open door for cybercriminals and malicious actors looking to disrupt, exploit and destroy businesses, according to Wire. The report is developed in collaboration with global poker champion and astrophysicist, Liv Boeree. P​oker is a game of making calculated, strategic decisions in high-stakes situations. As such, Liv is able to draw parallels between the poker table and the … More

The post Email is an open door for malicious actors looking to exploit businesses appeared first on Help Net Security.

Employee negligence can be a leading contributor to data breaches

Two thirds (68%) of businesses reported their organization has experienced at least one data breach in the past 12 months, and nearly three in four (69%) of those data breaches involved the loss or theft of paper documents or electronic devices containing sensitive information, according to the Shred-it report conducted by the Ponemon Institute. According to the report, typical workplace occurrences may be at the root of the problem as 65% of managers are concerned … More

The post Employee negligence can be a leading contributor to data breaches appeared first on Help Net Security.

Tolly report: Evaluating the evolution of network traffic analysis technology

Network Traffic Analysis has been rapidly evolving to counter the increased sophistication of threats experienced by organizations worldwide. Test methodologies and tools are not yet available which provide security professionals with the ability to test how well the products currently on the market perform. Awake Security has partnered with the Tolly Group and a current Darktrace customer to develop and execute just such a test and has published a report detailing the methodology and the … More

The post Tolly report: Evaluating the evolution of network traffic analysis technology appeared first on Help Net Security.

Ransomware attacks against small towns require collective defense

There is a war hitting small-town America. Hackers are not only on our shores, but they’re in our water districts, in our regional hospitals, and in our 911 emergency systems. The target du jour of ransomware hackers is small towns and they have gone after them with a vengeance. Last month, the governor of Texas, Greg Abbott, declared a “Level 2 Escalated Response” as 22 of Texas’s cities were hit simultaneously with ransomware attacks, crippling … More

The post Ransomware attacks against small towns require collective defense appeared first on Help Net Security.

How long before quantum computers break encryption?

The verdict is in: quantum computing poses an existential threat to asymmetric cryptography algorithms like RSA and ECC that underpin practically all current Internet security. This comes straight from the National Academy of Science’s Committee on Technical Assessment of the Feasibility and Implications of Quantum Computing. The inevitable follow-up: OK, so how much time do we have before we’re living in a post-quantum world? The short answer is, nobody knows. That’s not for lack of … More

The post How long before quantum computers break encryption? appeared first on Help Net Security.

A proactive approach to cybersecurity requires the right tools, not more tools

The key challenge facing security leaders and putting their organizations at risk of breach is misplaced confidence that the abundance of technology investments they have made has strengthened their security posture, according to a study conducted by Forrester Consulting. The study surveyed over 250 senior security decision-makers in North America and Europe. Participants included CISO, CIO, IT and security VPs from organizations ranging from 3,000 to over 25,000 employees. Currently, security leaders employ a variety … More

The post A proactive approach to cybersecurity requires the right tools, not more tools appeared first on Help Net Security.

Companies vastly overestimating their GDPR readiness, only 28% achieving compliance

Over a year on from the introduction of the General Data Protection Regulation (GDPR), the Capgemini Research Institute has found that companies vastly overestimated their readiness for the new regulation with just 28% having successfully achieved compliance. This is compared to a GDPR readiness survey last year which found that 78% expected to be prepared by the time the regulation came into effect in May 2018. However, organizations are realizing the benefits of being compliant: … More

The post Companies vastly overestimating their GDPR readiness, only 28% achieving compliance appeared first on Help Net Security.

DevSecOps is emerging as the main methodology for securing cloud-native applications

Only 8 percent of companies are securing 75 percent or more of their cloud-native applications with DevSecOps practices today, with that number jumping to 68 percent of companies securing 75 percent or more of their cloud-native applications with DevSecOps practices in two years, according to ESG. The study results also revealed that API-related vulnerabilities are the top threat concern (63 percent of respondents) when it comes to organizations use of serverless. Overall, the study analyzed … More

The post DevSecOps is emerging as the main methodology for securing cloud-native applications appeared first on Help Net Security.

ThreatConnect Platform: Security insight for sound decision-making

In this interview, Jason Spies, VP of Engineering & Chief Architect, ThreatConnect, talks about the powerful features of the ThreatConnect Platform. Oftentimes, the ability for a product to support growth (scale effectively) is forgotten in lieu of a customer being dazzled by individual features or capabilities. Can you talk about the importance of technical considerations when it comes to a Platform scaling to support multiple teams and growing demands overtime? Bottom line, it’s a balance … More

The post ThreatConnect Platform: Security insight for sound decision-making appeared first on Help Net Security.

eBook: The DevOps Roadmap for Security

DevOps is concerned with uniting two particular tribes: development and operations. These tribes have seemingly competing priorities: developers value features while operations value stability. These contradictions are largely mitigated by DevOps. A strong argument could be made that the values of the security tribe – defensibility – could just as easily be brought into the fold, forming a triumvirate under the DevSecOps umbrella. The security tribe’s way forward is to find ways to unify with … More

The post eBook: The DevOps Roadmap for Security appeared first on Help Net Security.

Week in review: IE zero-day, S3 bucket security, rise of RDP as a target vector

Here’s an overview of some of last week’s most interesting news, articles and podcasts: Cybersecurity automation? Yes, wherever possible Automated systems are invaluable when it comes to performing asset discovery, evaluation and vulnerability remediation, sifting through mountains of data, detecting anomalous activity and, consequently, alleviating the everyday burdens of security teams. How can we thwart email-based social engineering attacks? More than 99 percent of cyberattacks rely on human interaction to work, Proofpoint recently shared. More … More

The post Week in review: IE zero-day, S3 bucket security, rise of RDP as a target vector appeared first on Help Net Security.

How to start achieving visibility in the cloud

As a security executive, you have a curious gig. On one hand, you’re responsible for securing your organization across multiple systems, networks, clouds, and geographies. On the other, your team owns none of those things. Organizing resources in a way that makes visibility possible beyond the data center (assuming you have that to begin with) is hard. That’s because the way you achieve visibility in the cloud, or at the edge, is fundamentally different than … More

The post How to start achieving visibility in the cloud appeared first on Help Net Security.

Should the National Security Council restore the cybersecurity coordinator role?

Former national security advisor John Bolton’s elimination of the cybersecurity coordinator role in May 2018 came as a surprise to many in the cybersecurity industry, especially security professionals that are tasked with securing federal networks, protecting critical infrastructure and providing cybersecurity governance. The role was created to help orchestrate and integrate the government’s cyber policies, make sure federal agencies have adequate cybersecurity funding and coordinate responses to major cybersecurity incidents. Many believe that the abolishment … More

The post Should the National Security Council restore the cybersecurity coordinator role? appeared first on Help Net Security.

Year-over-year malware volume increased by 64%

The most common domains attackers use to host malware and launch phishing attacks include several subdomains of legitimate sites and Content Delivery Networks (CDNs) such as CloudFlare.net, CloudFront.net (which belongs to Amazon), SharePoint and Amazonaws.com, along with legitimate file-sharing websites like my[.]mixtape[.]moe, according to WatchGuard. The report for Q2 2019 also highlights that modules from the popular Kali Linux penetration testing tool made the top ten malware list for the first time. Trojan.GenericKD, which covers … More

The post Year-over-year malware volume increased by 64% appeared first on Help Net Security.

Podcast: Potential problems with the software supply chain for industrial sites

Industrial security pioneer Eric Byres, CEO of aDolus, speaks to software supply chain trust issues and some of the technology his new venture aDolus Inc. is developing to help. In this podcast Andrew Ginter talks to Eric Byres, about potential problems with the software supply chain for industrial sites. They ask how users can trust the firmware and software that they load into their industrial control systems.

The post Podcast: Potential problems with the software supply chain for industrial sites appeared first on Help Net Security.

Tackling biometric breaches, the decentralized dilemma

A recent discovery by vpnMentor revealed a worst case scenario for biometrics: a large cache of biometric data being exposed to the rest of the world. In this case web-based biometric security smart lock platform, BioStar 2, was breached. This breach surfaces a common flaw that many of the established providers of biometric authentication have built into their system. Many biometric providers store biometrics in a large centralized database. To avoid a biometric dystopia, adoption … More

The post Tackling biometric breaches, the decentralized dilemma appeared first on Help Net Security.

Cybersecurity breach experience strengthens CVs

It is in businesses’ best interest to hire cybersecurity leaders who have suffered an avoidable breach, because of the way it changes how security professionals think, feel and behave, according to Symantec. The findings reveal that suffering a breach – and coming out the other side – significantly reduces security leaders’ future workplace stress levels, while improving their likelihood to share knowledge. “It might sound counter intuitive at first,” comments Darren Thomson, CTO, Symantec EMEA, … More

The post Cybersecurity breach experience strengthens CVs appeared first on Help Net Security.

Adopting DevOps practices leads to improved security posture

A strong DevOps culture based on collaboration and sharing across teams, leads to an improved security posture, according to Puppet. Twenty-two percent of the firms at the highest level of security integration having reached an advanced stage of DevOps maturity compared to only six percent of the firms with no security integration. Additionally, the report found that Europe is pulling ahead of the US and the Asia Pacific regions when it comes to firms with … More

The post Adopting DevOps practices leads to improved security posture appeared first on Help Net Security.

Enterprises report IT teams’ cloud skill gaps have nearly doubled

Nearly two-thirds of organizations that currently use cloud also leverage some level of managed services; with 71% of large enterprise IT pros revealing that managed services will be a better use of their money in the future, and a strong majority saying it allows their teams to focus on more strategic and productive IT projects, according to 451 Research. The report examined the significance of managed services for cloud, driven by the increasing complexity of … More

The post Enterprises report IT teams’ cloud skill gaps have nearly doubled appeared first on Help Net Security.

Rise of RDP as a target vector

Recent reports of targeted attacks using RDP as an initial entry vector have certainly caused significant headlines in lieu of the impact they have caused. In the midst of city wide impacts, or even million dollar (plus) demands it is easy to overlook the initial entry vector. What began as ‘targeted’ emails focusing on predominantly consumers, the evolution of ransomware has widened to incorporate pseudo attacks intended purely for destruction (e.g. no viable decryption capability, … More

The post Rise of RDP as a target vector appeared first on Help Net Security.

99% of misconfiguration incidents in the cloud go unnoticed

IaaS is now the fastest growing area of the cloud due to the speed, cost and reliability with which organizations can create and deploy applications, according to McAfee. Cloud-Native Breach (CNB) attack chain The results of the survey demonstrate that 99 percent of IaaS misconfigurations go unnoticed—indicating awareness around the most common entry point to new “Cloud-Native Breaches” (CNB) is extremely low. “In the rush toward IaaS adoption, many organizations overlook the shared responsibility model … More

The post 99% of misconfiguration incidents in the cloud go unnoticed appeared first on Help Net Security.

Older vulnerabilities and those with lower severity scores still being exploited by ransomware

Almost 65% of top vulnerabilities used in enterprise ransomware attacks targeted high-value assets like servers, close to 55% had CVSS v2 scores lower than 8, nearly 35% were old (from 2015 or earlier), and the vulnerabilities used in WannaCry are still being used today, according to RiskSense. The data was gathered from a variety of sources including RiskSense proprietary data, publicly available threat databases, as well as findings from RiskSense threat researchers and penetration testers. … More

The post Older vulnerabilities and those with lower severity scores still being exploited by ransomware appeared first on Help Net Security.

Security capabilities are lagging behind cloud adoption

Security professionals regard their existing tools inadequate for securing critical cloud data, even as their organizations invest heavily, with increasing speed, in cloud applications, according to ESG. The report, based on surveys with responses ranging from approximately 392-600 senior IT decision makers and cyber security professionals, reveals that cloud-first strategies are becoming more common, with 39 percent of respondents from cloud-first organizations saying that they only consider on-premises if someone makes a compelling business case … More

The post Security capabilities are lagging behind cloud adoption appeared first on Help Net Security.

Whitepaper: The self-fulfilling prophecy of the cybersecurity skills shortage

The tale of two sides: how would cybersecurity pros and organizations solve the cybersecurity skills gap shortage? eSentire asked cybersecurity experts to weigh in on the widening cybersecurity skills shortage by surveying hundreds of cybersecurity professionals and organizations. The results reflect how a self-fulfilling prophecy has compounded the problem, and what can be done to address the challenges in the future. Read The Self-Fulfilling Prophecy of the Cybersecurity Skills Shortage to get perspectives on the … More

The post Whitepaper: The self-fulfilling prophecy of the cybersecurity skills shortage appeared first on Help Net Security.

Could audio warnings augment your ability to fight off cyber attacks?

The security of your environment shouldn’t depend on whether you’re looking in the right place at the right time. While active visual means such as dashboards, emails, tickets, and chat messages are a vital part of security event monitoring, they might not get your attention if your eyes are elsewhere. Even when you’re focused on the right screen, important events can easily get buried in an overload of information, delaying their processing – or allowing … More

The post Could audio warnings augment your ability to fight off cyber attacks? appeared first on Help Net Security.

CISO role grows in stature, but challenges remain

In order to find out how CISOs perceive the state of their profession, Optiv Security interviewed 200 CISOs or senior security personnel with equivalent responsibilities in both the US and the UK. Perceiving cybersecurity Survey respondents indicated a fundamental change in how senior executives and board members perceive cybersecurity. Perhaps most surprising was the fact that 58% said experiencing a data breach makes them more attractive to potential employers. This stands in stark contrast to … More

The post CISO role grows in stature, but challenges remain appeared first on Help Net Security.

Passwordless authentication is here ​now​, and it is vastly superior to using a password

Mirko Zorz, Help Net Security’s Editor in Chief, recently published ​an article about the state of passwordless authentication​ that predicted a long journey before this technology is viable. We would like to share that passwordless multi-factor authentication is a reality today. Large and respected organizations, including a significant healthcare software provider, are already using this technology with great success. Here is how TraitWare has completed the journey to deliver passwordless authentication. Passwordless authentication doesn’t have … More

The post Passwordless authentication is here ​now​, and it is vastly superior to using a password appeared first on Help Net Security.

$5 trillion threat of cyber attacks spur investments in solutions, talent and tech

IT & Business Services M&A Market’s disclosed deal value reached a whopping $97 billion in 1H 2019 – the highest total on record for a six-month period, according to Hampleton Partners. There has also been a significant rise in valuations, with overall median disclosed deal amount reaching $43 million in 1H 2019, up from $23 million in 2H 2018. Deal volume lessened, with 370 transactions inked compared to 432 in 2H 2018. However, trailing 30-month … More

The post $5 trillion threat of cyber attacks spur investments in solutions, talent and tech appeared first on Help Net Security.

From science to business: High-end quantum computer market will almost double by 2025

Quantum computers are able to reduce computing processes, from years to hours or minutes, and solve problems where even the most advanced conventional computers reach their limits. Quantum computing promises enormous progress, especially in the areas of machine learning, artificial intelligence and big data, according to Reply’s study. The articles analysed by the SONAR trend platform, as well as the increase in patent applications in this area, highlight how the disruptive solutions powered by quantum … More

The post From science to business: High-end quantum computer market will almost double by 2025 appeared first on Help Net Security.

IT vs OT: Challenges and opportunities – podcast

The Industrial Security Podcast featuring Andrew Ginter: The differences between IT and OT teams and approaches both make life difficult and represent opportunities to improve industrial operations. Guest: Dr. Art Conklin, Director of the Center for Information Security and Education at the University of Houston.

The post IT vs OT: Challenges and opportunities – podcast appeared first on Help Net Security.

How data breaches forced Amazon to update S3 bucket security

Amazon launched its Simple Storage Service (better known as S3) back in 2006 as a platform for storing just about any type of data under the sun. Since then, S3 buckets have become one of the most commonly used cloud storage tools for everything from server logs to customer data, with prominent users including Netflix, Reddit, and GE Healthcare. While S3 rolled out of the gate with good security principals in mind, it hasn’t all … More

The post How data breaches forced Amazon to update S3 bucket security appeared first on Help Net Security.

Disclosing vulnerabilities to improve software security is good for everyone

Today, software companies and security researchers are near universal in their belief that disclosing vulnerabilities to improve software security is good for everyone, according to a Veracode report. 451 Research conducted survey from December 2018 to January 2019 using a representative sample of 1,000 respondents across a range of industries and organization sizes in the US, Germany, France, Italy and the UK. Survey respondents reported enterprise roles such as application development, infrastructure and information security, … More

The post Disclosing vulnerabilities to improve software security is good for everyone appeared first on Help Net Security.

How SMBs can bring their security testing on par with larger enterprises

What are the challenges of securing small and medium-sized enterprises vs. larger ones? And how can automated, continuous security testing help shrink the gap? When studying the differences between cyber security for small and medium sized enterprises (SMEs) and larger enterprises, several components factor into how securing SMEs is different. Here’s a breakdown. Business hour coverage To monitor systems for suspicious activity, larger enterprises have security operations teams working in shifts 24×7. At best, SMEs … More

The post How SMBs can bring their security testing on par with larger enterprises appeared first on Help Net Security.

How important is packet capture for cyber defense?

Organizations using full packet capture are better prepared to battle cyber threats, according to an Enterprise Management Associates (EMA) report. Visibility and accuracy of packet capture The report highlights that the visibility and accuracy of packet capture data provides the best source of certainty for threat detection, and notes that the adoption of full packet capture has accelerated over the past 12 months. The report concludes that “…it is clear that those using packet capture … More

The post How important is packet capture for cyber defense? appeared first on Help Net Security.

Product showcase: NetLib Security Encryptionizer

NetLib Security has spent the past 20+ years developing a powerful, patented solution that starts by setting up a defense for any organization wherever your data resides: physical, virtual and cloud. Our platform is geared to simplify the process for you while ensuring unprecedented levels of security are in place. NetLib Security encryption solutions do not require specialized skill sets, programming changes, or administrative overhead; we simplify your data security needs with an affordable solution … More

The post Product showcase: NetLib Security Encryptionizer appeared first on Help Net Security.

Top challenges for CIOs in a multi-cloud world

Lost revenue (49%) and reputational damage (52%) are among the biggest concerns as businesses transform into software businesses and move to the cloud, according to Dynatrace. As CIOs struggle to prevent these concerns from becoming reality, IT teams now spend 33% of their time dealing with digital performance problems, costing businesses an average of $3.3 million annually, compared to $2.5 million in 2018; an increase of 34%. To combat this, 88% of CIOs say AI … More

The post Top challenges for CIOs in a multi-cloud world appeared first on Help Net Security.

Organizations continue to struggle with privacy regulations

Many organizations’ privacy statements fail to meet common privacy principles outlined in GDPR, CCPA, PIPEDA, including the user’s right to request information, to understand how their data is being shared with third parties and the ability of that information to be deleted upon request, according to the Internet Society’s Online Trust Alliance (OTA). Organizations also have a duty to notify users of their rights in an easily understandable matter. OTA analyzed 29 variables in 1,200 … More

The post Organizations continue to struggle with privacy regulations appeared first on Help Net Security.

Key threats and trends SMB IT teams deal with

MSPs are significantly more concerned with internal data breaches and rapidly evolving technology practices, whereas internal IT teams are more concerned with employee behavior/habits, according to a Central by LogMeIn report. The global survey, which polled 500 IT professionals across North America and Europe, also showed that top security concerns remain consistent year over year with 54 percent of IT professionals ranking malware as their number one security concern, followed by ransomware (46 percent) and … More

The post Key threats and trends SMB IT teams deal with appeared first on Help Net Security.

Old Magecart domains are finding new life in fresh threat campaigns

Magecart has so radically changed the threat landscape, victimizing hundreds of thousands of sites and millions of users, that other cybercriminals are building campaigns to monetize their handiwork, a RiskIQ research reveals. These secondary actors know that websites breached by Magecart are likely still making calls to domains once used for skimming and exfiltrating credit card data. Once registrars bring these campaigns back online after they were sinkholed or otherwise deactivated, these scavengers buy them … More

The post Old Magecart domains are finding new life in fresh threat campaigns appeared first on Help Net Security.

Researchers analyzed 16.4 billion requests to see how bots affect e-commerce

The sophistication level of bots attacking e-commerce sites is on the rise, with nearly four-fifths (79.2 percent) classified as moderate or sophisticated, up from 75.8 percent in 2018, according to the Imperva report. The report analyzed 16.4 billion requests from 231 domains during the month of July 2019. E-commerce companies suffer from a continual barrage of bad bots that criminals, competitors, resellers and investment companies use to carry out unauthorized price scraping, inventory checking, denial … More

The post Researchers analyzed 16.4 billion requests to see how bots affect e-commerce appeared first on Help Net Security.

Some IT teams move to the cloud without business oversight or direction

27% of IT teams in the financial industry migrated data to the cloud for no specific reason, and none of them received financial support from management for their cloud initiatives, according to Netwrix. Moreover, every third organization that received no additional cloud security budget in 2019 experienced a data breach. Other findings revealed by the research include: 56% of financial organizations that had at least one security incident in the cloud last year couldn’t determine … More

The post Some IT teams move to the cloud without business oversight or direction appeared first on Help Net Security.

How organizations view and manage cyber risk

Amid a wider range of issues to handle, a majority of board members and senior executives responsible for their organization’s cyber risk management had less than a day in the last year to spend focused on cyber risk issues, the 2019 Marsh Microsoft Global Cyber Risk Perception Survey results have revealed. This lack of time for senior leaders to focus on cyber risk comes as concern over cyber threats hits an all-time high, and as … More

The post How organizations view and manage cyber risk appeared first on Help Net Security.

(IN)SECURE Magazine issue 63 released

(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Issue 63 has been released today. It’s a free download, no registration required. Table of contents Identifying evasive threats hiding inside the network Inside the NIST team working to make cybersecurity more user-friendly Report: Black Hat USA 2019 Healthcare’s blind spot: Unmanaged IoT and medical devices What the education industry must do to protect itself from cyber attacks Solving … More

The post (IN)SECURE Magazine issue 63 released appeared first on Help Net Security.

SLAs: What your cybersecurity vendor isn’t telling you

Service Level Agreements (SLAs) have been used in the IT world for many years as a contractual mechanism for holding service providers accountable and extracting defined payments and penalties when they mess up. Likewise, vendors have used SLAs to put their “money where their mouth is” in terms of fulfilling value promises and establishing important metrics for their customers. In reality, SLAs have not kept up with either of these purposes. For most IT pros, … More

The post SLAs: What your cybersecurity vendor isn’t telling you appeared first on Help Net Security.

Businesses need to treat cybersecurity as something that crosses organizational boundaries

Companies are working to balance their desire for new innovations with their need for strong cyber-defenses, according to a new report from CompTIA. CompTIA’s “Cybersecurity for Digital Operations,” based on a survey of 500 U.S. businesses, also reveals that company executives, business staff and technology professionals have distinctly different views on where their organization stands when it comes to cyber-readiness. The stakes have never been higher for business operations, and public and private safety, according … More

The post Businesses need to treat cybersecurity as something that crosses organizational boundaries appeared first on Help Net Security.

The use of open source software in DevOps has become strategic for organizations of all sizes

A higher percentage of top performing teams in enterprise organizations are using open source software, according to a survey conducted by DevOps Research and Assessment (DORA) and Google Cloud. Additionally, the proportion of Elite performers (highest performing teams) nearly tripled from last year, showing that DevOps capabilities are driving performance. These findings reflect organizations’ increased willingness to embrace investments in technology to deliver value and the use of open source – even in highly regulated, … More

The post The use of open source software in DevOps has become strategic for organizations of all sizes appeared first on Help Net Security.

Improving the security, privacy and safety of future connected vehicles

The security, privacy and safety of connected autonomous vehicles (CAVs) has been improved thanks to testing at WMG, University of Warwick. CAVs can now connect to each other, roadside infrastructure, and roadside infrastructure to each other more securely. In the near future connected and autonomous vehicles are expected to become widely used across the UK. To ensure a smooth deployment, researchers from WMG, University of Warwick undertook real-world testing of four academic innovations in the … More

The post Improving the security, privacy and safety of future connected vehicles appeared first on Help Net Security.

World’s top 25 CTF teams to battle for $100,000 at HITB PRO CTF

In less than a month, Hack In The Box is launching its biggest global event: HITB+CyberWeek 2019. It is a week-long gathering (October 12-17, 2019, at Emirates Palace, Abu Dhabi) that will bring together the world’s top cyber security experts to share and discuss their latest knowledge, ideas and techniques with security professionals and students. Aside from offering the usual trainings and talks, HITB has been developing specific content and challenges for the wider student … More

The post World’s top 25 CTF teams to battle for $100,000 at HITB PRO CTF appeared first on Help Net Security.

DNSSEC fueling new wave of DNS amplification attacks

DNS amplification attacks swelled in the second quarter of this year, with the amplified attacks spiking more than 1,000% compared with Q2 2018, according to Nexusguard. Researchers attributed Domain Name System Security Extensions (DNSSEC) with fueling the new wave of DNS amplification attacks, which accounted for more than 65% of the attacks last quarter according to the team’s evaluation of thousands of worldwide DDoS attacks. DNSSEC was designed to protect applications from using forged or … More

The post DNSSEC fueling new wave of DNS amplification attacks appeared first on Help Net Security.

Confidential data of 24.3 million patients discovered online

Greenbone Networks has released details of new research in to the security of the servers used by health providers across the world to store images of X-rays as well as CT, MRI and other medical scans. Of the 2,300 medical image archive systems worldwide that Greenbone analyzed between mid-July and early September 2019, 590 of them were freely accessible on the internet, together containing 24.3 million data records from patients located in 52 different countries. … More

The post Confidential data of 24.3 million patients discovered online appeared first on Help Net Security.

Businesses facing post breach financial fallout by losing customer trust

44% of Americans, 38% of Brits, 33% of Australians, and 37% of Canadians have been the victim of a data breach, according to newly released research conducted by PCI Pal. The findings suggest that a combination of recent high-profile data breaches in each region, the development of assorted laws and regulations to protect consumer data privacy (e.g. the California Consumer Privacy Act, Europe’s General Data Protection Regulations, Canada’s Personal Information Protection and Electronic Documents Act, … More

The post Businesses facing post breach financial fallout by losing customer trust appeared first on Help Net Security.

What are the most connected countries around the world?

How connected a country is does not only mean how freely information can be reached or how many people have access to the internet or social media – it goes much further than that, influencing our lifestyle, how we do business and even the power and reputation of our respective countries. Carphone Warehouse has created The Connectivity Index listing the top 34 most connected countries in the world. The index takes into consideration data such … More

The post What are the most connected countries around the world? appeared first on Help Net Security.

Download: RFP templates for EDR/EPP and APT protection

Security decision makers need to address APT risks, but struggle with mapping APT attack vectors to a clear-cut set of security product capabilities, which impairs their ability to choose the products that would best protect them. Cynet is addressing this need with the definitive RFP templates for EDR/EPP and APT protection, an expert-made security requirement list, that enables stakeholders to accelerate and optimize the evaluation process of the products they evaluate. The RFP contains five … More

The post Download: RFP templates for EDR/EPP and APT protection appeared first on Help Net Security.

Five ways to manage authorization in the cloud

The public cloud is being rapidly incorporated by organizations, allowing them to store larger amounts of data and applications with higher uptime and reduced costs, while at the same time, introducing new security challenges. One of the more prominent challenges is identity management and authorization. Since the beginning of cloud computing, authorization techniques in the cloud have evolved into newer models, which acknowledge the many different services that now come together to form a company’s … More

The post Five ways to manage authorization in the cloud appeared first on Help Net Security.

Researchers uncover 125 vulnerabilities across 13 routers and NAS devices

In a cybersecurity study of network attached storage (NAS) systems and routers, Independent Security Evaluators (ISE) found 125 vulnerabilities in 13 IoT devices, reaffirming an industrywide problem of a lack of basic security diligence. The vulnerabilities discovered in the SOHOpelessly Broken 2.0 research likely affect millions of IoT devices. “Our results show that businesses and homes are still vulnerable to exploits that can result in significant damage,” says lead ISE researcher Rick Ramgattie. “These issues … More

The post Researchers uncover 125 vulnerabilities across 13 routers and NAS devices appeared first on Help Net Security.

BotSlayer tool can detect coordinated disinformation campaigns in real time

A new tool in the fight against online disinformation has been launched, called BotSlayer, developed by the Indiana University’s Observatory on Social Media. The software, which is free and open to the public, scans social media in real time to detect evidence of automated Twitter accounts – or bots – pushing messages in a coordinated manner, an increasingly common practice to manipulate public opinion by creating the false impression that many people are talking about … More

The post BotSlayer tool can detect coordinated disinformation campaigns in real time appeared first on Help Net Security.

Phishing attacks up, especially against SaaS and webmail services

Phishing attacks continued to rise into the summer of 2019 with cybercrime gangs’ focus on branded webmail and SaaS providers remaining very keen, according to the APWG report. The report also documents how criminals are increasingly perpetrating business email compromise (BEC) attacks by using gift card cash-out schemes. The number of phishing attacks observed in the second quarter of 2019 eclipsed the number seen in the three quarters before. The total number of phishing sites … More

The post Phishing attacks up, especially against SaaS and webmail services appeared first on Help Net Security.

Only 15% of organizations can recover from a severe data loss within an hour

There’s a global concern about the business impact and risk from rampant and unrestricted data growth, StorageCraft research reveals. It also shows that the IT infrastructures of many organizations are struggling, often failing, to deliver business continuity in the event of severe data outages. A total of 709 qualified individuals completed the research study. All participants had budget or technical decision-making responsibility for data management, data protection, and storage solutions at a company with 100-2,500 … More

The post Only 15% of organizations can recover from a severe data loss within an hour appeared first on Help Net Security.

Mini eBook: CCSP Practice Tests

The Certified Cloud Security Professional (CCSP) shows you have the advanced technical skills and knowledge to design, manage and secure data, applications and infrastructure in the cloud using best practices, policies and procedures. Download the Mini eBook for a sneak peek into the Official (ISC)² CCSP Practice Tests book. Inside you’ll find: 50 CCSP practice test items and answers to gauge your knowledge. Discount code to save on the full version which includes 1,000 items.

The post Mini eBook: CCSP Practice Tests appeared first on Help Net Security.

Threat visibility is imperative, but it’s even more essential to act

Cyberthreats are escalating faster than many organizations can identify, block and mitigate them. Visibility into the expanding threat landscape is imperative, but according to a new threat report released by CenturyLink, it is even more essential to act. “As companies focus on digital innovation, they are entering a world of unprecedented threat and risk,” said Mike Benjamin, head of CenturyLink’s threat research and operations division, Black Lotus Labs. “Threats continue to evolve, as do bad … More

The post Threat visibility is imperative, but it’s even more essential to act appeared first on Help Net Security.

Four in five businesses need ways to better secure data without slowing innovation

While data loss protection is critical to Zero Trust (ZT), fewer than one in five organizations report their data loss prevention solutions provide transformational benefits and more than 80 percent say they need a better way to secure data without slowing down innovation, according to Code42. ZT architectures are based on the principle of “trust no one, verify everything,” abolishing the idea of a trusted network within a data security perimeter and requiring companies to … More

The post Four in five businesses need ways to better secure data without slowing innovation appeared first on Help Net Security.

Exploitation of IoT devices and Windows SMB attacks continue to escalate

Cybercriminals upped the intensity of IoT and SMB-related attacks in the first half of 2019, according to a new F-Secure report. The report underscores the threats IoT devices face if not properly secured when online, as well as the continued popularity of Eternal Blue and related exploits two years after WannaCry. F-Secure’s honeypots – decoy servers that are set up to lure in attackers for the purpose of collecting information – measured a twelvefold increase … More

The post Exploitation of IoT devices and Windows SMB attacks continue to escalate appeared first on Help Net Security.

Only one quarter of retail banks have adopted an integrated approach to financial crime systems

Most banks plan to integrate their fraud and financial crime compliance systems and activities in response to new criminal threats and punishing fines, with the U.K. leading the pack, according to a survey by Ovum, on behalf of FICO. Responses show that U.S. systems are less integrated than Canada’s – only 25 percent of U.S. banks have a common reporting line for both fraud and compliance, versus 60 percent for Canada. The survey also found … More

The post Only one quarter of retail banks have adopted an integrated approach to financial crime systems appeared first on Help Net Security.

Cyber Battle of the Emirates: Training the next generation of cyber security pros

Held annually in Asia, Europe and the Middle East, Hack In The Box conferences bring together the world’s top cyber security experts to share and discuss their latest knowledge, ideas and techniques with security professionals and students. The next HITB event is HITB+ CyberWeek, which takes place October 12th – 17th at Emirates Palace, Abu Dhabi. As usual, it will offer security trainings, talks, and live challenges. Cyber Battle of the Emirates Among the live … More

The post Cyber Battle of the Emirates: Training the next generation of cyber security pros appeared first on Help Net Security.

Week in review: Simjacker attacks, critical Exim flaw, Sandboxie becomes freeware

Here’s an overview of some of last week’s most interesting news, interviews and articles: More than a year after GDPR implementation, half of UK businesses are not fully compliant 52% of UK businesses are not fully compliant with the regulation, more than a year after its implementation, according to a survey of UK GDPR decision-makers conducted on behalf of Egress. Simjacker vulnerability actively exploited to track, spy on mobile phone owners Following extensive research, AdaptiveMobile … More

The post Week in review: Simjacker attacks, critical Exim flaw, Sandboxie becomes freeware appeared first on Help Net Security.

The rise of modern applications, DevSecOps and the intelligence economy

There has been a significant year-over-year growth in enterprise usage trends around multi-cloud adoption, open source technologies such as Kubernetes, and AWS cloud-native services adoption, Sumo Logic report reveals. The research also shows the increasing need for cloud-based security solutions such as cloud SIEM to help enterprises address today’s increasingly complex security landscape. The intelligence economy The report also provides a summary of three major trends shaping digital business today: the rise of modern applications, … More

The post The rise of modern applications, DevSecOps and the intelligence economy appeared first on Help Net Security.

Security leaders lack confidence in the supply chain, fear third-party attacks

An overwhelming number of cybersecurity professionals (89%) have expressed concerns about the third-party managed service providers (MSPs) they partner with being hacked, according to new research from the Neustar International Security Council. Survey participants in July 2019 comprise 314 professionals from across six EMEA and US markets. While most organizations reported working with an average of two to three MSPs, less than a quarter (24%) admitted to feeling very confident in the safety barriers they … More

The post Security leaders lack confidence in the supply chain, fear third-party attacks appeared first on Help Net Security.

Interacting with governments in the digital age: What do citizens think?

Most U.S. citizens acknowledge and accept that state and local government agencies share their personal data, even when it comes to personal information such as criminal records and income data, according to a new survey conducted by YouGov and sponsored by Unisys. However, the survey found they remain concerned about the security of the data. The survey of nearly 2,000 (1,986) U.S. citizens living in eight states found that more than three-quarters (77%) accept that … More

The post Interacting with governments in the digital age: What do citizens think? appeared first on Help Net Security.

Cyber risk assessment of U.S. election commissions finds critical areas for improvement

Many election commissions are focused on quickly adapting and updating their cybersecurity; however, commissions still need to dedicate resources to updating outdated operating systems and protecting their email domains from being spoofed, according to NormShield. The report, which examined more than 100 items, focused on the broader picture — the internet facing infrastructure that supports state election processes. NormShield conducted two risk assessments (July and August) of 56 election commissions and Secretaries of State (SoS) … More

The post Cyber risk assessment of U.S. election commissions finds critical areas for improvement appeared first on Help Net Security.