The General Data Protection Regulation (GDPR) has been on the lips of security professionals for a long time now – but in just over a month, it will become a reality. While it is easy to get stuck with reviewing the potential fines or setting up efficient security procedures to ensure compliance, many are still overlooking what is at the heart of the regulation: transparency. Getting the bigger picture It goes without saying that transparency … More
Experts from SANS presented the five most dangerous new cyber attack techniques in their annual RSA Conference 2018 keynote session in San Francisco, and shared their views on how they work, how they can be stopped or at least slowed, and how businesses and consumers can prepare. The five threats outlined are: 1. Repositories and cloud storage data leakage 2. Big Data analytics, de-anonymization, and correlation 3. Attackers monetize compromised systems using crypto coin miners … More
The post Most dangerous attack techniques, and what’s coming next appeared first on Help Net Security.
45% of IT workers are feeling the pressure of strained technology operations and suffer regular stress in their jobs, according to Chess Cybersecurity. IT staff who said they were stressed out indicated the following: 59% work more than 45 hours a week, 20% more than the ONS’s stated national average of 37.1 hours, hinting at a chronic overworking problem in the sector Six out of 10 lack the resources to do their jobs well Almost … More
The post IT workforce increasingly overworked and stressed out appeared first on Help Net Security.
Here’s an overview of some of last week’s most interesting news and articles: RSA Conference 2018 coverage Check out what you missed at the infosec event of the year. Real-time detection of consumer IoT devices participating in DDoS attacks Could we detect compromised consumer IoT devices participating in a DDoS attack in real-time and do someting about it? A group of researchers Princeton University have presented some encouraging results showing that the first part of … More
The post Week in review: New Cybersecurity Framework, Android patching issues, RSA Conference 2018 appeared first on Help Net Security.
70 percent of energy security professionals are concerned that a successful cyberattack could cause a catastrophic failure, such as an explosion, a recent survey has shown. Of the 151 IT and operational technology (OT) security pros at energy and oil and gas companies that were polled, 97 percent are concerned that attacks could cause operational shutdowns, and 96 percent believe they could impact the safety of their employees. Respondents were also asked about their organizations’ … More
The post Energy security pros worry about catastrophic failure due to cyberattacks appeared first on Help Net Security.
The RSA Conference 2018 is winding down at the Moscone Center in San Francisco. Here are a few more photos from the Expo floor. Featured companies: RSA, Forcepoint, A10 Networks, Carbon Black, ThreatQuotient, SentinelOne, SAP.
CrowdStrike announced at RSA Conference 2018 that it has expanded the capabilities of the CrowdStrike Falcon platform by introducing a new threat analysis subscription module, CrowdStrike Falcon X. The output of this analysis is a combination of customized indicators of compromise (IOCs) and threat intelligence designed to help prevent against threats your organization faces now and in the future. Falcon X produces IOCs for both the threat that was actually encountered in your organization and … More
The post Customized IOCs, intelligence and SOC automation for orgs of every size appeared first on Help Net Security.
The RSA Conference 2018 is underway at the Moscone Center in San Francisco. Here are a few photos from the Expo floor. Featured companies: Qualys, Anomali, Cisco Security, ZScaler, Swimlane, FireMon, Avast, Lookout, Micro Focus.
OneLogin is showcasing enhancements to its Identity-as-a-Service (IDaaS) cloud platform, including the OneLogin Desktop experience, LDAP, and RADIUS capabilities, at RSA Conference 2018, in continued efforts to serve the sophisticated Access Management needs of modern enterprises. As customers digitally transform, OneLogin makes it simpler and safer for organizations to access the apps and data they need anytime, anywhere. OneLogin’s Unified Access Management Platform (UAM) is purpose-built for hybrid customer environments, allowing companies of any size … More
The post Identity-as-a-Service for hybrid customer environments appeared first on Help Net Security.
Accenture has polled 4,600 security decision makers at US$1B+ companies in 15 countries to understand the effectiveness of security efforts and the adequacy of existing investments. The survey has shown that, while the average number of focused cyberattacks per organization has more than doubled this year compared to the previous 12 months (232 vs 106), organizations are demonstrating far more success in detecting and blocking them. They are now preventing 87 percent of all focused … More
The post Organizations are becoming more resilient to focused cyber attacks appeared first on Help Net Security.
LookingGlass Cyber Solutions announced at RSA Conference 2018 the general availability of the LookingGlass IRD-100 (Intelligence Response and Deception) security appliance. This fully programmable, custom stealth hardware is invisible to adversaries’ view of corporate and government networks. Designed to run in-line with low latency, the appliance creates a new point of control by using real-time traffic analysis. Performing these actions invisibly at line speeds across enterprise networks is made possible by the IRD-100’s unique Titan … More
The post Stealth network traffic analysis appliance automates defense actions appeared first on Help Net Security.
IBM researchers have created the Adversarial Robustness Toolbox, an open-source library to help researchers improve the defenses of real-world AI systems. Attacks against neural networks have recently been flagged as one of the biggest dangers in our modern world where AI systems are increasingly getting embedded in many technologies we use and depend on daily. Adversaries can sometimes tamper with them even if they don’t know much about them, and “breaking” the system could result … More
The post Open-source library for improving security of AI systems appeared first on Help Net Security.
Signal Sciences announced the latest innovations for its Web Protection Platform. Its patented architecture provides security, operations and development teams with the visibility, security and scalability needed to protect against the full spectrum of threats their web applications now face, from OWASP Top 10 to account takeovers, API misuse and bots. Signal Sciences works across any architecture, providing the broadest coverage against real threats and attack scenarios as well as integrations into DevOps tools that … More
The post Infrastructure-agnostic web app protection with virtual patching option appeared first on Help Net Security.
During the first three months of 2018, cryptominers surged to the top of detected malware incidents, displacing ransomware as the number one threat, Comodo’s Global Malware Report Q1 2018 has found. Another surprising finding: Altcoin Monero became the leading target for cryptominers’ malware, replacing Bitcoin. The surge of cryptominers For years, Comodo Cybersecurity has tracked the rise of cryptominer attacks, malware that hijacks users’ computers to mine cryptocurrencies for the attacker’s profit while remaining hidden … More
The post Cryptominers displace ransomware as the number one threat appeared first on Help Net Security.
34 global technology and security companies have pledged not to aid governments launch cyberattacks and to protect all customers regardless of nationality, geography or attack motivation. The Cybersecurity Tech Accord The Cybersecurity Tech Accord is a watershed agreement among the largest-ever group of companies agreeing to defend all customers everywhere from malicious attacks by cybercriminal enterprises and nation-states. The 34 companies include ABB, Arm, Avast, Bitdefender, BT, CA Technologies, Cisco, Cloudflare, Datastax, Dell, DocuSign, Facebook, … More
The post Top tech firms pledge not to help governments launch cyberattacks appeared first on Help Net Security.
The RSA Conference 2018 is underway at the Moscone Center in San Francisco. Here are a few photos from the Innovation Sandbox, where the 10 finalists – Acalvio Technologies, Awake Security, BigID, BluVector, CyberGRX, Fortanix, Hysolate, ReFirm Labs, ShieldX Networks, and StackRox – demonstrated their technology to conference attendees as well as a judging panel. This year’s winner is BigID.
The post Photo gallery: RSA Conference 2018 Innovation Sandbox appeared first on Help Net Security.
Threat management solutions provider Anomali announced a collaboration with Microsoft to integrate threat intelligence from the Anomali ThreatStream platform with the security insights customers can obtain from the new Microsoft Graph security API. The collaboration provides Microsoft and Anomali customers with the ability to correlate cloud service and network activity with adversary threat information. As the work progresses, the integration will provide a complete view of asset and user information from Graph providers allowing for … More
The post Anomali collaborates with Microsoft to integrate threat data appeared first on Help Net Security.
CIO/CISO Interchange, a new non-profit, non-commercial organization co-founded by Philippe Courtot, Chairman & CEO, Qualys, and the Cloud Security Alliance (CSA) was launched during RSA Conference 2018. The CIO/CISO Interchange is a private, invitation-only forum for discussions, debates and exchanges between CIOs, CTOs, CISOs and security experts centered around securing the digital transformation. There are no product pitches and no sales personnel, just frank talk on important security issues to help CXOs secure the digital … More
The post Photo gallery: CIO/CISO Interchange inaugural event appeared first on Help Net Security.
Micro Focus announced ArcSight Enterprise Security Manager (ESM) 7.0, the latest release of its solution that prioritizes security threats and compliance violations with real-time threat intelligence to quickly identify and impede potential cyber-attacks. Micro Focus ArcSight ESM 7.0 enables security operations centers (SOCs) to become agile, expand their cyber security footprint and respond quickly to evolving threats. By collecting, correlating, and reporting security event information at a massive scale (up to 100,000 correlated events per … More
The post Distributed security event correlation solution helps SOCs combat cyber-attacks appeared first on Help Net Security.
To combat the rise of advanced threats targeting employees, Cisco is announcing new email security services at RSA Conference 2018, to protect users from fraudulent emails, as well as new capabilities to protect employees’ devices from ransomware, cryptomining, and fileless malware. Endpoint protection Nearly all endpoint security solutions on the market claim to block 99 percent of malware. But what about the one percent of threats that evade detection using sophisticated techniques? Cisco Advanced Malware … More
The post Cisco announces new endpoint and email security services appeared first on Help Net Security.
BigID was named “Most Innovative Startup” at the 2018 RSA Conference Innovation Sandbox Contest. A judging panel comprised of venture capitalists, entrepreneurs and industry veterans selected BigID from a group of 10 finalists and announced the winner at RSA Conference 2018. Based in New York and Tel Aviv, BigID uses advanced machine learning and identity intelligence to help enterprises better protect their customer and employee data at petabyte scale. Using BigID, enterprises can better safeguard … More
The post BigID is this year’s most innovative startup at RSA Conference appeared first on Help Net Security.
While a majority of the US public sees companies’ ability to keep data private as absolutely key, it has little trust in companies to do so. In fact, only 20 percent of them “completely trust” organizations they interact with to maintain the privacy of their data, the results of a recent survey have shown. They are also much more worried about hackers accessing their data than companies using it for purposes they have not agreed … More
The post Most US consumers don’t trust companies to keep their data private appeared first on Help Net Security.
Yubico announced that the new Security Key by Yubico supporting FIDO2 will be supported in Windows 10 devices and Microsoft Azure Active Directory (Azure AD). The feature is currently in limited preview for Microsoft Technology Adoption Program (TAP) customers. This means that organizations will soon have the option to enable employees and customers to sign in to an Azure AD joined device with no password, simply by using the Security Key by Yubico to get … More
The post Passwordless enterprise authentication on Windows 10 and Azure AD appeared first on Help Net Security.
Sonatype polled 2,076 IT professionals to discover practitioner perspectives on evolving DevSecOps practices, shifting investments, and changing perceptions, and the results of the survey showed that breaches related to open source components grew at a staggering 50% since 2017, and 121% since 2014. This follows on from Sonatype’s findings earlier in the year, which showed that 1 in 8 open source components downloaded by developers in the UK contained a known security vulnerability. Yet despite … More
The post Devs know application security is important, but have no time for it appeared first on Help Net Security.
To simplify how customers protect their organizations, FireEye is launching three core subscription solutions plus one comprehensive suite at RSA Conference 2018. FireEye Endpoint Security is designed to provide comprehensive defense on the endpoint, combining endpoint protection to stop common malware and endpoint detection and remediation to find, block and remove advanced targeted attacks. FireEye Network Security is designed to protect against all types of threats, from commodity breaches to the most advanced, targeted attacks, … More
The post Enterprise-grade security for midmarket organizations appeared first on Help Net Security.
Qualys announced new functionality in its web application security offerings that helps teams automate and operationalize global DevSecOps throughout the Software Development Lifecycle (SDLC), drastically reducing the cost of remediating application security flaws prior to production. Qualys Web Application Scanning (WAS) 6.0 now supports Swagger version 2.0, a new native plugin for Jenkins for automated vulnerability scanning of web applications, and the new Qualys Browser Recorder. New functionality Qualys WAS 6.0 and new capabilities include: … More
External threats are not the main concern for IT professionals, but rather breaches that are linked to vulnerabilities caused by staff or third-party vendors operating within an organization’s own network, Bomgar’s 2018 Privileged Access Threat Report reveals. In fact, 50% of organizations claimed to have suffered a serious information security breach or expect to do so in the next six months, due to third-party and insider threats – up from 42% in 2017. Additionally, 66% … More
The post Third-party and insider threats one of the biggest concerns to IT pros appeared first on Help Net Security.
Qualys announced two new free groundbreaking services: CertView and CloudView. Harnessing the power and scalability of the Qualys Cloud Platform, Qualys CertView and CloudView enable organizations of all sizes to gain such visibility by helping them create a continuous inventory and assessment of their digital certificates, cloud workloads and infrastructure that is integrated into a single-pane view of security and compliance. Qualys CertView CertView helps customers inventory and assess certificates and underlying SSL/TLS configurations and … More
The post Free Qualys services give orgs visibility of their digital certs and cloud assets appeared first on Help Net Security.
McAfee has polled 1,400 IT professionals across a broad set of countries (and continents), industries, and organization sizes and has concluded that lack of adequate visibility and control is the greatest challenge to cloud adoption in an organization. However, the business value of the cloud is so compelling that some organizations are plowing ahead. Cloud services nearly ubiquitous According to the survey, the results of which have been unveiled at RSA Conference 2018, 97 percent … More
The post 1-in-4 orgs using public cloud has had data stolen appeared first on Help Net Security.
MinerEye is launching MinerEye Data Tracker, an AI-powered governance and data protection solution that will enable companies to continuously identify, organize, track and protect vast information assets including undermanaged, unstructured and dark data for safe and compliant cloud migration. Most data tracking and classification technologies categorize data based on descriptive elements such as file size, type, name and location. MinerEye dives deeply into the basic data form to its essence – to uncover and categorize … More
Here’s an overview of some of last week’s most interesting news and articles: One in 10 C-level execs say GDPR will cost them over $1 million Companies are taking the new General Data Protection Regulation (GDPR) much more seriously than HIPAA and PCI: 99 percent are actively involved in the process to become GDPR-compliant, despite the cost and internal reorganization involved, a new survey that polled 300 C-level security executives has shown. Researchers use power … More
The post Week in review: Emergency alert systems easily hacked, the cost of GDPR compliance appeared first on Help Net Security.
Onapsis, the global experts in business-critical application cybersecurity and compliance, today announced a $31 million Series C minority funding round led by new investor LLR Partners, with participation from existing institutional investors .406 Ventures, Evolution Equity Partners and Arsenal Venture Partners. This marks the largest single round of funding in the company’s history, bringing the total investment in Onapsis to $62 million. David Stienes, Partner at LLR Partners, will join the company’s board of directors. … More
The post Onapsis raises $31 million Series C funding for ERP cybersecurity appeared first on Help Net Security.
RSA Conference is known among CTOs, CISOs and information security professionals as the place where the world talks security. What started as a small cryptography conference in the early 1990s now brings close to 45,000 attendees together in San Francisco each year. But as the conference expands, so does its influence among new audiences – spanning beyond the security C-Suite and reaching students, parents and educators and infosec professionals at all stages of their careers. … More
The post RSA Conference 2018 AdvancedU expands security education to new audiences appeared first on Help Net Security.
Positioning security as a value-add to the business rather than a necessary evil is a challenge for many organizations. Since the dawn of enterprise computing, information security has generally been seen as a purely technical function. Did the new two-factor authentication setting lock the sales team out of the system in the middle of a demo? Too bad. The “S” in “IS” is for security, not sales. Security teams often believe that their job is … More
The post What’s your security story? How to use security as a sales tool appeared first on Help Net Security.
Absolute announced new GDPR Data Risk and Endpoint Readiness Assessments to accelerate compliance with the impending General Data Protection Regulation (GDPR). These comprehensive assessments empower organizations to accelerate GDPR compliance programs by pinpointing vulnerable endpoints and at-risk data — on and off the corporate network. Absolute’s new assessments offer deep insights and actionable recommendations to better protect and manage endpoints, where sensitive data might be accessed, stored or shared. Increasingly sophisticated security incidents and escalating … More
Illumio announced new global vulnerability mapping capabilities on its Adaptive Security Platform. Vulnerability and threat data from the Qualys Cloud Platform is integrated with Illumio application dependency mapping to show potential attack paths in real time. Automated vulnerability-based policy recommendations: mitigate vulnerabilities without breaking your application. The integration between the Qualys Cloud Platform and Illumio delivers vulnerability maps, enabling organizations to see connections to vulnerabilities within and between applications. This new capability also includes an … More
The post Illumio and Qualys integrate to deliver vulnerability-based micro-segmentation appeared first on Help Net Security.
IANS released its latest findings on budget-related best practices for information security leaders to consistently command the budget and resources they need. “It’s part of the CISO’s job to transition from unsupported to being fully supported, but that can only be done when the stage has been properly set within an organization,” said Doug Graham, CSO at Nuance Communications. “This research report from IANS goes beyond the numbers and uncovers some of the underlying and … More
Gemalto released the latest findings of the Breach Level Index, revealing that 2.6 billion records were stolen, lost or exposed worldwide in 2017, an 88% increase from 2016. While data breach incidents decreased by 11%, 2017 was the first year publicly disclosed breaches surpassed more than two billion compromised data records since the Breach Level Index began tracking data breaches in 2013. Over the past five years, nearly 10 billion records have been lost, stolen … More
The post 2.6 billion records were stolen, lost or exposed worldwide in 2017 appeared first on Help Net Security.
IT decision makers across the U.S., UK, France, and Germany are still missing an opportunity to transform their business through a holistic data management approach that reduces risk and improves business efficiency. For nearly two years, most organizations have lagged in addressing their GDPR compliance, and in some cases are ignoring the issue completely. In doing so, they are ignoring the benefits to be gained from the compliance effort, including developing a data-centric approach to … More
Capsule8 announced the general availability of Capsule8 1.0, a real-time, zero-day attack detection platform capable of scaling to massive production deployments. As organizations modernize their production infrastructure with technologies like cloud, microservices and containers, they face a changing attack surface that conventional security solutions can’t address. And with vulnerabilities such as Meltdown and Spectre, legacy Linux environments such as bare metal and virtual infrastructures are also up against inadequate protection due to low visibility and … More
The post Capsule8 introduces Linux workload attack detection platform appeared first on Help Net Security.
There will be no lack of interesting content from Qualys at this year’s RSA Conference. Depending on you interests, you might want to make time for some of these talks and presentations. Visit Qualys at Booth N3815 to hear best practices presentations from industry leaders. Monday, April 16 5:10 – 5:35 PM Continuous Security and Visibility of Your Complete Public Cloud Infrastructure Hari Srinivasan, Director of Product Management, Qualys Learn how to extend continuous cloud … More
The post Qualys at RSA Conference 2018: Best practices presentations from industry leaders appeared first on Help Net Security.
Fortanix been selected to present in the session Protecting Containers from Host-Level Attacks at RSA Conference 2018 next week. CEO and Co-Founder Ambuj Kumar will join renowned cryptography expert Benjamin Jun, CEO of HVF Labs, and Docker Security Lead David Lawrence in the session that describes how Runtime Encryption and Intel SGX keep a container encrypted during runtime to protect data in use from host OS, root users and network intruders, even if the infrastructure … More
The post Fortanix presenting on protecting containerized apps with runtime encryption at RSAC 2018 appeared first on Help Net Security.
ThreatQuotient launched ThreatQ Investigations, a cybersecurity situation room designed for collaborative threat analysis, shared understanding and coordinated response. ThreatQ Investigations allows real-time visualization of an investigation as it unfolds within a shared environment, enabling teams to better understand and anticipate threats, as well as coordinate a response. The solution, built on top of the ThreatQ threat intelligence platform, brings order to the chaos of security operations that occurs when teams work in silos, acting independently, … More
The post ThreatQ Investigations: Cybersecurity situation room accelerates security operations appeared first on Help Net Security.
The FIDO Alliance and the World Wide Web Consortium (W3C) have achieved a standards milestone in the global effort to bring simpler yet stronger web authentication to users around the world. The W3C has advanced Web Authentication (WebAuthn), a collaborative effort based on Web API specifications submitted by FIDO to the W3C, to the Candidate Recommendation (CR) stage. The CR is the product of the Web Authentication Working Group, which is comprised of representatives from … More
The post FIDO2: Authenticate easily with phishing-resistant security appeared first on Help Net Security.
Less than half of all organizations were able to detect a major cybersecurity incident within one hour. Even more concerning, less than one-third said that even if they detected a major incident, they would be unable to contain it within an hour, according to LogRhythm. Average time to detect a major cybersecurity incident The study, conducted by Widmeyer, which surveyed 751 IT decision makers from the U.S., U.K. and Asia-Pacific, also revealed that a majority … More
The post How many can detect a major cybersecurity incident within an hour? appeared first on Help Net Security.
iboss has published the findings of its 2018 Enterprise Cloud Trends report. The survey of IT decision makers and office workers in U.S. enterprises found that 64% of IT decision makers believe the pace of software as a service (SaaS) application adoption is outpacing their cybersecurity capabilities. Combined with growing pressures from shadow IT and mobile employees, 91% of IT decision makers agree they need to update security policies to operate in a cloud-first environment. … More
The post Organizations want to leverage the cloud but are held back by security misconceptions appeared first on Help Net Security.
In a study of Lookout users, more than half clicked mobile phishing URLs that bypassed existing security controls. Since 2011, Lookout has observed this mobile phishing URL click rate increase 85 percent year-over-year. “Mobile devices have eroded the corporate perimeter, limiting the effectiveness of traditional network security solutions like firewalls and secure web gateways,” said Aaron Cockerill, chief strategy officer at Lookout. “Operating outside the perimeter and freely accessing not just enterprise apps and SaaS, … More
Cryptshare, a German-based maker of data security and privacy solutions for the exchange of business-critical information, today announced its expanded presence in the U.S. market and new QUICK technology used to simplify the exchange of passwords used to protect encrypted files. Cryptshare will demo a beta version of the patent-pending technology at the RSA Conference, April 16-20 in San Francisco, where the company is a co-exhibitor with TeleTrusT in the German Pavilion, booth 3927/20. The … More
The post Cryptshare brings its secure communication and privacy solution to U.S. market appeared first on Help Net Security.
More than 80 percent of organizations that have been impacted by a data breach have introduced a new security framework and 79 percent have reduced employee access to customer data, according to new benchmark data, “2018 Global Payments Insight Survey: Bill Pay Services,” from ACI Worldwide and Ovum. The benchmark, comprised of responses from executives at billing organizations such as consumer finance, healthcare and higher education, also revealed that over 70 percent of organizations that … More
The post Steps executives are taking to increase security while launching new ways to pay appeared first on Help Net Security.
Worldwide IT spending is projected to total $3.7 trillion in 2018, an increase of 6.2 percent from 2017, according to the latest forecast by Gartner. “Although global IT spending is forecast to grow 6.2 percent this year, the declining U.S. dollar has caused currency tailwinds, which are the main reason for this strong growth,” said John-David Lovelock, research vice president at Gartner. “This is the highest annual growth rate that Gartner has forecast since 2007 … More
There’s an old joke that a job in security is a safe place to be grumpy. From what I’ve seen over my career, that is often true. Security people seem to cherish their reputation for being pessimistic and untrusting. Some take it further and cast their disdain upon the users, who obviously need to be protected from themselves. (As a side note, my mom always hated when we computer folk referred to their customers as … More
Springtime is here! Although up here in Minnesota you wouldn’t believe it as we received snowfalls that rivaled anything in the past 34 years! As spring arrives you think of all the things you need to do. Start packing up the shovels and snow blowers (except here where we may get a little bit more snow yet). Tune up the lawn mower and break out the yard gear. Given some recent cyber threats you may … More
The post April Patch Tuesday forecast: Expect updates for Adobe Flash, others appeared first on Help Net Security.
Here’s an overview of some of last week’s most interesting news and articles: Establishing covert communication channels by abusing GSM AT commands Security research often starts as a hobby project, and Alfonso Muñoz’s and Jorge Cuadrado’s probe into mobile privacy is no exception. The duo, who’s scheduled to reveal the results of their research at the Hack in the Box Conference in Amsterdam, ended up finding a way to establishing covert communication channels over GSM … More
The post Week in review: Critical flaw in Cisco switches, Saks breach, closing the security update gap appeared first on Help Net Security.
A new report conducted by the Ponemon Institute uncovered security’s “patching paradox” – hiring more people does not equal better security. While security teams plan to hire more staffing resources for vulnerability response – and may need to do so – they won’t improve their security posture if they don’t fix broken patching processes. Firms struggle with patching because they use manual processes and can’t prioritize what needs to be patched first. The study found … More
The post Security teams are under resourced, overwhelmed by attackers appeared first on Help Net Security.
IT security and privacy, IT governance and risk management, regulatory compliance, emerging technology and cloud computing are the key issues impacting IT audit plans in 2018, according to a benchmarking study from Protiviti and ISACA. To whom within the organization does your IT audit director report? The seventh annual survey of more than 1,300 chief audit executives (CAE), internal audit professionals and IT audit vice presidents and directors worldwide found that most audit plans for … More
The post IT audit best practices: Technological changes give rise to new risks appeared first on Help Net Security.
Trustwave released the 2018 Trustwave Global Security Report which reveals the top security threats, breaches by industry, and cybercrime trends from 2017. The report is derived from the analysis of billions of logged security and compromise events worldwide, hundreds of hands-on data-beach investigations and internal research. Findings depict improvement in areas such as intrusion to detection however, also showed increased sophistication in malware obfuscation, social engineering tactics, and advanced persistent threats. North America and retail … More
The post Cyber attacks are becoming more organized and structured appeared first on Help Net Security.
The global trend of delivery data increased over the last eight quarters, with a growth of 4 percent inbox placement, according to 250ok. Missing emails saw a decrease of 5 percent, while spam folder placement remains rather stable with less than 1 percent change. Of the global seed accounts 250ok studied, Canada was the only country with a dip in email deliverability, as the 3-year transition period for Canada’s Anti-Spam Legislation (CASL) came to an … More
The post Inbox placement improving, spam placement remains the same appeared first on Help Net Security.
According to the 2018 IBM X-Force Threat Intelligence Index, the number of records breached dropped nearly 25 percent in 2017, as cybercriminals shifted their focus on launching ransomware and destructive attacks that lock or destruct data unless the victim pays a ransom. Last year, more than 2.9 billion records were reported breached, down from 4 billion disclosed in 2016. While the number of records breached was still significant, ransomware reigned in 2017 as attacks such … More
The post Fewer records breached: Cybercriminals focus on ransomware, destructive attacks appeared first on Help Net Security.
With the most significant global information security event just around the corner, we caught up with Sandra Toms, VP and Curator, RSA Conference, to find out what attendees can expect in San Francisco, April 16-20, 2018. What is new at RSA Conference this year that you’d like to highlight? One exciting thing we’re introducing this year is Broadcast Alley, which you could consider the “unofficial newsroom” of RSAC 2018. Publishers, sponsors, partners and exhibitors can … More
Indegy revealed that nearly 60 percent of executives at critical infrastructure operators polled in a recent survey said they lack appropriate controls to protect their environments from security threats. As expected, nearly half of all respondents indicated their organizations plan to increase spending for industrial control system (ICS) security measures in the next 12-24 months. “We have been tracking the escalation in cyber threat activity specifically targeting critical infrastructures for some time,” says Barak Perelman, … More
The post How critical infrastructure operators rate their security controls appeared first on Help Net Security.
Concerted efforts to increase job satisfaction, automation in the Security Operations Center (SOC) and gamification in the workplace are key to beating cybercriminals at their own game, according to McAfee. Which of the below areas of the cybersecurity process is your organization using automation in? The landscape for cyberthreats is growing, both in complexity and volume. According to the report, 46 percent of respondents believe that in the next year they will either struggle to … More
A new study from the Varonis Data Lab found that on average, 21% of a company’s folders were accessible to every employee, and 41% of companies had at least 1,000 sensitive files open to all employees. The report, based on analysis of data risk assessments conducted by Varonis in 2017 for customers and potential customers on their file systems, shines a spotlight on several issues that put organizations at risk from data breaches, insider threats … More
The post How companies continue to expose sensitive data to threats appeared first on Help Net Security.
Companies are struggling with the tug-of-war between advancing digital innovation and ensuring secure digital experiences that maintain user trust and mitigate risk. As part of a study of more than 350 global information technology leaders conducted by Forrester Consulting for Akamai, the results also show that the companies defined as being the most digitally mature – best balancing innovation and security – grow faster than their competitors. Digital innovation sits at the helm of today’s … More
The post Industry leaders struggle to balance digital innovation and security appeared first on Help Net Security.
Another day, another data breach. Recent news about cybercriminals obtaining more than 5 million credit card numbers from high-end U.S. retailers joined a series of major hacks and online data breaches. Unfortunately, the frequency of attacks on Americans’ personal information has fostered a feeling of inevitability. In fact, according to results released today from a telephone survey conducted by The Harris Poll for the American Institute of CPAs (AICPA) of 1,006 Americans adults in the … More
The information included in this report (Time to Fix, Vulnerability Types, Findings Criticality, Issues Fixed) is summary data from all of the penetration tests Cobalt performed in 2017. Additionally, they provide data (Portfolio Coverage, Pen Test Frequency) from 75 survey respondents in security, management, operations, DevOps, product, and developer roles. Industry thought-leaders Caroline Wong and Mike Shema offer guidance on pen testing metrics that adds functional value for infosec practitioners. Key takeaways: Proven methods to … More
The post Report: What two years of real pen testing findings will tell you appeared first on Help Net Security.
Telecommunications is a key infrastructure based on how our society works. It constitutes the main instrument that allows our democracy and our EU core values such as freedom, equality, rule of law and human rights to function properly. Common types of attacks There are currently over 5 billion unique mobile subscribers and over 2000 mobile operators worldwide. In Europe, we have 456 million unique mobile subscribers, which is equivalent to 84% of the population. Mobile … More
The post Are legacy technologies a threat to EU’s telecom infrastructure? appeared first on Help Net Security.
Most of the healthcare professionals polled remain confident regarding their own organization’s cyber security protocols despite apprehensions connected with their own healthcare information and general healthcare infrastructure, according to a Venafi survey querying 122 healthcare professionals at the HIMSS18 conference in Las Vegas. In fact, seventy-nine percent said they are concerned about the cyber security of their own healthcare information. At the same time, sixty-eight percent believe their organizations are doing enough to adequately protect … More
The post Most healthcare pros believe their organizations adequately protect patient data appeared first on Help Net Security.
SAFECode announced today the publication of the Fundamental Practices for Secure Software Development: Essential Elements of a Secure Development Life Cycle Program (Third Edition). The authoritative best practices guide was written by SAFECode members to help software developers, development organizations and technology users initiate or improve their software assurance programs and encourage the industry-wide adoption of fundamental secure development practices. The best practices in the guide apply to cloud-based and online services, shrink-wrapped software and … More
The post Secure software development practices for developers, organizations and technology users appeared first on Help Net Security.
RSA Conference announced the addition of RSAC onDemand to its RSAC AdvancedU education program. AdvancedU at RSA Conference is a series of programs that teaches cyber-awareness for children, provides outreach to college students to introduce and encourage a career in information security and supports education throughout the various stages of a career within the industry. The new RSAC onDemand program will provide participants the RSA Conference experience without leaving their home or office. Those who … More
The post RSAC onDemand: A new way to experience RSA Conference appeared first on Help Net Security.
Here’s an overview of some of last week’s most interesting news and articles: The current state of USB data protection The vast majority of employees rely on USB devices. In fact, nine out of 10 employees rely on USB devices today and 69 percent of respondents maintain that USB drives increase workplace productivity. Macro-less word document attacks on the rise Total malware attacks are up by 33 percent and cyber criminals are increasingly leveraging Microsoft … More
The post Week in review: Hacking intelligent buildings, trust in critical systems under attack appeared first on Help Net Security.
The most potent global threat in 2018 may not be armed conflict or civil unrest, but cybersecurity. While cybersecurity awareness has increased with high profile breaches in recent years, the core problem remains of how industries can protect themselves and their customers when so much of our interaction has gone digital. Here are some predictions for the challenges companies may face in 2018: There are too many security vendors, and many of them will go … More
The higher education sector exhibited a startling increase in potentially damaging cryptocurrency mining behaviors, according to Vectra. The Attacker Behavior Industry Report reveals cyberattack detections and trends from a sample of 246 opt-in enterprise customers using the Vectra Cognito platform, across 14 different industries. From September 2017 through January 2018, Vectra monitored traffic and collected metadata from more than 4.5 million devices and workloads from customer cloud, data center and enterprise environments. By analyzing this … More
The post Crypto mining runs rampant in higher education: Is it students? appeared first on Help Net Security.
WatchGuard released its Internet Security Report for Q4 2017. Among the report’s most notable findings, threat intelligence showed that total malware attacks are up by 33 percent, and that cyber criminals are increasingly leveraging Microsoft Office documents to deliver malicious payloads. “After a full year of collecting and analyzing Firebox Feed data, we can clearly see that cyber criminals are continuing to leverage sophisticated, evasive attacks and resourceful malware delivery schemes to steal valuable data,” … More
Data protection, whether related to personal customer or patient information, is critical across virtually all industries. So how can organizations best protect their most sensitive and confidential information? To answer this question, Apricorn surveyed more than 400 employees in September 2017, ranging in ages from 18 to 65 across numerous industries that included education, finance, government, healthcare, legal, retail and manufacturing. Among other things, the survey revealed that while USB drives are ubiquitous and widely … More
Worldwide spending on security-related hardware, software, and services is forecast to reach $91.4 billion in 2018, an increase of 10.2% over the amount spent in 2017. This pace of growth is expected to continue for the next several years as industries invest heavily in security solutions to meet a wide range of threats and requirements. According to IDC, worldwide spending on security solutions will achieve a compound annual growth rate (CAGR) of 10.0% over the … More
The post Worldwide spending on security solutions to reach $91 billion in 2018 appeared first on Help Net Security.
A two-year long cybercrime investigation between the Romanian National Police and the Italian National Police, with the support of Europol, its Joint Cybercrime Action Taskforce (J-CAT) and Eurojust, has led to the arrest of 20 suspects in a series of coordinated raids on 28 March. 9 individuals in Romania and 11 in Italy remain in custody over a banking fraud netted EUR 1 million from hundreds of customers of 2 major banking institutions. The Romanian … More
The post 20 hackers arrested in EUR 1 million banking phishing scam appeared first on Help Net Security.
More than half (57%) of organisations suspect their mobile workers have been hacked or caused a mobile security issue in the last 12 months, according to the iPass Mobile Security Report 2018. Overall, 81% of respondents said they had seen Wi-Fi related security incidents in the last 12 months, with cafés and coffee shops (62%) ranked as the venues where such incidents had occurred most. That was closely followed by airports (60%) and hotels (52%), … More
The post Businesses suspect their mobile workers are being hacked appeared first on Help Net Security.
A new report by The Economist Intelligence Unit (EIU) shows that consumers around the world perceive wide ranging risks in how their personal information is collected and shared with third parties. They want greater transparency and control, as well as commitments from government and industry to protect privacy. Large shares of the consumers surveyed indicate a host of concerns related to the collection and transmission of their personal information. These range from identity theft to … More
The post Consumers worry that small privacy invasions may lead to a loss of civil rights appeared first on Help Net Security.
Faced with growing threats of ‘industry shocks’ such as cyber fraud, cryptocurrency, quantum computing and open banking, financial institutions expect to increase their compliance investments over the next two years as they seek new approaches to strengthening compliance capabilities, according to a new report from Accenture. Compliance investments increase Based on a survey of 150 compliance executives at financial services institutions, Accenture’s fifth annual compliance risk report, “Comply and Demand,” found that 89 percent of … More
The post Compliance functions make a turn towards innovation-fueled strategies appeared first on Help Net Security.
More than half (53 percent) of U.S. organizations that were infected with ransomware blamed legacy antivirus protection for failing to prevent the attack, according to SentinelOne. Nearly 7 out of 10 of these companies have replaced legacy AV with next-gen endpoint protection to prevent future ransomware infections. AV fails to foil ransomware Behind employee carelessness as the primary cause (56 percent blamed this), failed legacy AV protection is viewed as the leading factor in successful … More
The post Organizations blame legacy antivirus protection for failed ransomware prevention appeared first on Help Net Security.
Every year, there are certain buzzwords and trends that rise to popularity within the technology community. In years prior, it’s been things like “cloud,” “bitcoin,” or “IoT,” that set the trend. So it’s no surprise when those words fill the agenda at major events like RSA Conference. Leaving us to wonder what the trending topics will be at RSAC 2018, taking place April 16-20 in San Francisco. But, lucky for us, that’s exactly what one … More
The post You can’t hide from this top trend at RSA Conference, no matter where you operate appeared first on Help Net Security.
The main lessons from attacks against Internet of Things (IoT) devices are to change default usernames and passwords, use longer passphrases to avoid brute force attacks, and make sure devices have enough memory for firmware and kernel updates to remove vulnerabilities or service backdoors, plus implement strong encryption for communications. Also, having IoT devices connected to standard PC platforms is not advised given endpoints are often the foothold in most attacks. Case in point with … More
The post Using deception to gain enterprise IoT attack visibility appeared first on Help Net Security.
Many entities face the same types of security incidents – some are viewed as handling the incident well, and for some it’s a disruptive and costly lesson. The ones that fare better have prepared for an incident and use lessons-learned from prior incidents. Recognizing that entities need a source of reliable information on what actually happens during an incident, the BakerHostetler Privacy and Data Protection team published the 2018 edition of its Data Security Incident … More
The post Analysis of 560 incidents demonstrates need for cyber resilience appeared first on Help Net Security.
Distil Networks analyzed hundreds of billions of bad bot requests at the application layer to provide insight and guidance on the nature and impact of automated threats in 2017. Bad bots are up from last year “This year bots took over public conversation, as the FBI continues its investigation into Russia’s involvement in the 2016 U.S. presidential election and new legislation made way for stricter regulations,” said Tiffany Olson Jones, CEO of Distil Networks. “Yet, … More
The post Bad bot traffic increases, gambling and airlines most targeted industries appeared first on Help Net Security.
Six global organizations have joined together to launch The Coalition to Reduce Cyber Risk (CR²). CR² members, including AT&T, Cisco, HSBC, JPMorgan Chase, Mastercard and Microsoft will partner with each other and governments to advance cyber risk management to strengthen the resilience of economies and infrastructure around the world. “In today’s global, interdependent economy, improving cybersecurity requires organizations to work not only within their enterprise but also with partners, customers, and governments,” said Tom Burt, … More
The post New coalition aims to advance cybersecurity across sectors, around the world appeared first on Help Net Security.
The global IoT device management market size is anticipated to reach USD 5.1 billion by 2025, according to a new report by Grand View Research, exhibiting a 28.3% CAGR during the forecast period. Growing demand for IoT services, need for digitalization, and increasing penetration of communication and networking technologies are expected to drive the market over the coming years. In the past few years, the industry has witnessed increasing investments in R&D activities for development … More
The post IoT device management market size worth $5.1 billion by 2025 appeared first on Help Net Security.
Just 6 months after its seed funding, Axonius today announced the general availability of its Cybersecurity Asset Management Platform to enable customers to see and secure all devices. With over 100,000 devices already managed at early customers worldwide, today’s announcement marks the official availability of the platform in advance of RSA Conference 2018 held in San Francisco. “We started this company to solve a very specific, acute problem – fragmentation,” said Dean Sysman, CEO and … More
With the proliferation of IoT devices used in organizations to support business, technology and operations innovation, respondents to an Ponemon Institute study were asked to evaluate their perception of IoT risks, the state of current third party risk management programs, and governance practices being employed to defend against IoT-related cyber attacks. Has your organization experienced a data breach or cyber attack caused by unsecured IoT devices or applications in the past 12 months? This year’s … More
43% of IT executives at European financial institutions reveal that fears of a cyber-attack keep them awake at night – two months before the GDPR comes into force, according to figures published by financial services IT consultancy and service provider Excelian, Luxoft Financial Services. The survey of over 200 IT executives working in capital markets, wealth management and corporate banking reveals that although 89% agree implementing a cybersecurity strategy is a top priority, budget cuts … More
The post Digital innovation held back as IT teams firefight security threats appeared first on Help Net Security.
Cofense released the 2018 Cofense Malware Review, detailing the trends that defined malware attacks in 2017 and the emerging trends for network defenders to prioritize in 2018. While a couple of high profile breaches stole the spotlight in 2017, Cofense’s global security team uncovered a number of less visible evolutions that dramatically changed the threat landscape and continue to pose threats. Malicious actors demonstrated how quickly they could exploit recently disclosed vulnerabilities, change how they … More
The post Like any threat, malware evolves: Discover new trends appeared first on Help Net Security.
RSA Conference, the world’s leading information security conferences and expositions, today announces its full line-up of keynote speakers for the 2018 Conference, which begins Monday, April 16th and runs through Friday, April 20th at the Moscone Center in San Francisco, CA. Keynote speakers at this year’s Conference will bring forward-thinking stories to the keynote stage on a wide variety of industry-relevant topics including artificial intelligence, cyber bullying, gamification, the history of technology and innovation, among … More
The headlines have been dominated by the recent news around Facebook, Cambridge Analytica and the misuse of customer data. The impact of these revelations has led to millions being wiped off Facebook’s share price and an ongoing investigation into the incident. With just two months left until the General Data Protection Regulation (GDPR) comes into effect, this scandal could not be timelier. The ongoing discussions around Facebook’s use of customer data are a clear reminder … More
The post How Facebook’s data issue is a lesson for everyone appeared first on Help Net Security.
Nearly four in five companies (79%) were hit by a breach in the last year, according to Balabit. Their research also revealed that 68% businesses expect to be impacted by further breaches this year, with more than a quarter anticipating a breach to occur within the next six months. The Unknown Network Survey, deployed in the UK, France, Germany and the US, reveals the attitudes of 400 IT and security professionals surrounding their IT security … More
The post Businesses know breaches are happening, but do they know how, why and when? appeared first on Help Net Security.
Attackers are constantly trying new ways to get around established defenses. The data, collected throughout 2017 by Webroot, illustrates that attacks such as ransomware are becoming a worldwide threat and are seamlessly bypassing legacy security solutions because organizations are neglecting to patch, update, or replace their current products. The findings showcase a dangerous, dynamic threat landscape that demands organizations deploy multi-layered defenses that leverage real-time threat intelligence. Cryptojacking is gaining traction as a profitable and … More
The post Phishing, malware, and cryptojacking continue to increase in sophistication appeared first on Help Net Security.
Dimensional research conducted a survey of IT professionals responsible for cloud environments. The survey, which is comprised of data collected from over 600 respondents from around the world, provides an overview of experiences and attitudes in regards to cloud security. In your opinion, how does the overall security posture for your company’s cloud services compare to your on-premises security? The cloud is redefining the role of the firewall An overwhelming 83 percent of respondents have … More
The post Experiences and attitudes towards cloud-specific security capabilities appeared first on Help Net Security.
Here’s an overview of some of last week’s most interesting news and articles: Top cybersecurity evasion and exfiltration techniques used by attackers SS8 released its 2018 Threat Rewind Report, which reveals the top cybersecurity evasion and exfiltration techniques used by attackers and malicious insiders. Malware leverages web injects to empty users’ cryptocurrency accounts Criminals trying to get their hands on victims’ cryptocurrency stashes are trying out various approaches. The latest one includes equipping malware with … More
The post Week in review: PKI and IoT, Facebook’s trust crisis, understanding email fraud appeared first on Help Net Security.
Cyber criminals are rapidly adding cryptojacking to their arsenal and creating a highly profitable new revenue stream, as the ransomware market becomes overpriced and overcrowded, according to Symantec’s Internet Security Threat Report (ISTR), Volume 23. “Cryptojacking is a rising threat to cyber and personal security,” said Mike Fey, president and COO, Symantec. “The massive profit incentive puts people, devices and organizations at risk of unauthorized coinminers siphoning resources from their systems, further motivating criminals to … More
The post 1 in 10 targeted attack groups use malware designed to disrupt appeared first on Help Net Security.
SS8 released its 2018 Threat Rewind Report, which reveals the top cybersecurity evasion and exfiltration techniques used by attackers and malicious insiders. During the past year, SS8 sensors and analytics deployed globally within live production networks have detected a variety of techniques used to compromise and steal data (intellectual property) from organizations in key industries spanning critical infrastructure, enterprises and telecommunications. The networks SS8 assesses exhibit the presence of the following evasion and exfiltration activity: … More
The post Top cybersecurity evasion and exfiltration techniques used by attackers appeared first on Help Net Security.
Malicious mobile apps were on the decline in Q4 of 2017 largely due to a decrease in the inventory of AndroidAPKDescargar, the most prolific dealer of blacklisted apps, according to RiskIQ in its Q4 mobile threat landscape report, which analyzed 120 mobile app stores and more than 2 billion daily scanned resources. Listing and analyzing the app stores hosting the most malicious mobile apps and the most prolific developers of potentially malicious apps, the report … More
A new study, conducted by 360Velocity and Dr. Chenxi Wang, found that excessive alerts, outdated metrics, and limited integration lead to over-taxed security operations centers (SOCs). SOCs are overwhelmed The study was conducted over the span of three months, interviewing security practitioners from enterprise companies in a cross-section of industries: Software-as-a-Service (SaaS), retail, financial services, healthcare, consumer services, and high tech. As the threat landscape changes and enterprises move to adopt additional layers of defensive … More
The post Excessive alerts, outdated metrics, lead to over-taxed security operations centers appeared first on Help Net Security.