With hundreds, if not thousands of security alerts per day pouring into Security Operations Centers (SOC), security professionals are fighting a losing battle. Fortunately, tried-and-true manufacturing techniques can turn the tide. Heather Hixon of DFLabs outlines two techniques that can help even the playing field between SOCs and their adversaries.
Local governments and small businesses are frequently being targeted by ransomware attacks. What makes these entities prime targets for malware and how can they avoid being an easy target? Cohesity CTO Steve Grewal suggests what government officials and business owners can do to avoid having their operations halted.
In the past, nation states such as North Korea and China had a very limited ability to respond to the U.S.’ military attacks or sanctions. But in today’s digital world, these countries use cyber-attacks to deter a sanction or get retribution. Wayne Lloyd, Federal CTO of RedSeal, provides a list of actions organizations can take to ensure good cyber hygiene and digital resilience to withstand a cyber event and/or recover quickly.
Last year Locky, NotPetya and WannaCry ransomware savaged Internet users, with billions of dollars lost, data destroyed, worldwide shipping disrupted, and reputations damaged. Even though they are the most hacked businesses on the Internet, many SMBs do not have proper cybersecurity protections in place. In part 2 of this two-part series, Dave Moore, founder of Internet Safety Group, walks the reader through a well-crafted response plan and reviews of the top backup programs.
Last year Locky, NotPetya and WannaCry ransomware savaged Internet users, with billions of dollars lost, data destroyed, worldwide shipping disrupted, and reputations damaged. Even though they are the most hacked businesses on the Internet, many SMBs do not have proper cybersecurity protections in place. In part 1 of this two-part series, Dave Moore, founder of Internet Safety Group, explains why and how SMBs need to make Internet safety training a top priority.
Criminal cryptomining has replaced ransomware as the leading type of cyber attack in 2018. While not all cryptomining is criminal in nature, this new type of cyber attack has gained momentum and popularity as a result of its success. Lastline’s director of threat intelligence, Andy Norton, explains the popular criminal techniques used to mine cryptocurrencies — and what lies ahead for cryptomining.
With data breaches on the rise and personal information ending up in the hands of cyber criminals, we are no longer questioning whether a breach will occur, but when the breach will occur. Marija Atanasova, Sr. Content Strategist for the IT Security community at BrightTALK, interviewed Karen Creasey of NCSAM to learn how to get the most out of National Cyber Security Awareness Month (October).
Every business falls victim to cyberattacks sooner or later. Are you prepared for when the inevitable breach happens? If not, your business and your career could be in jeopardy. This article highlights nine key criteria that should be part of every cyber-breach preparation plan.
As new players are welcomed into the sports betting ring with the recent law changes, fraudsters will attempt to take advantage. New entrants to the online sports betting world in the U.S. must come to terms with a core challenge facing nearly every digital business: how to ensure an exceptional user experience while also preventing fraudulent activity.
According to a new report from Kaspersky Lab, in only a year's time, the number of Internet users who have fallen victim to ransomware or malicious crypto miners has skyrocketed from 1.87 million (2016) to 2.7 million (2017). InfoSec and cybersecurity writer Kacy Zurkus gives us a brief journey of the rise and fall of ransomware and malicious miners.
How can companies be better at training employees to prevent phishing and improve security? Inky founder Dave Baggett provides a quick history of antivirus software, how antivirus worked then and now, and the flaws in security software.
What are the signs of a breach? Are you catching them all or do you have a false sense of security (yes, pun intended) when it comes to all things cyber within your organization? Sean Martin reaches out to the community of experts to help him identify some ways to spot the signs of a breach that might not be immediately evident.
Attackers have shown their cards and the mid-market represents an extremely valuable alternative to the well-defended enterprise. Coronet founder and CISO Dror Liwer reviews the threat landscape and explains why it’s time for the mid-market to take cybersecurity as seriously as the enterprise, even as financial and operational constraints remain.
The power of the digital workplace comes with an exponential increase in human interaction, as well as an inherent catalyst for risk creation. As collaboration platforms continue to gain traction, the concern for insider threats grows. Greg Moran, Chief Operating Officer at Wiretap, offers his perspective and insight on Wiretap’s just-released Human Behavior Risk Analysis Report.
Recently, the South Korean cryptocurrency exchange Coinrail announced a hacking attempt on its website; the exchange is now offline. Schellman principal Doug Barbin explores the question: “Why would the alleged hack of an exchange site that no one knows anything about indicate that there is any sort of fundamental problem with the currency?”
Athletes, fans and the media are getting ready for first kick-off at this year’s FIFA World Cup at Spartak Stadium in Russia. But they are not the only ones. So are cyber criminals looking to hack into the mobile phones of billions of FIFA fans.
With 281 billion emails sent every day, it’s no surprise that 91 percent of all cyberattacks and 98 percent of social engineering campaigns begin with email phishing scams. Vaporstream CEO Dr. Galina Datskovsky explains why EFAIL proves that it’s time to stop relying on email and instead embrace a more secure messaging solution.
Although phishing attacks have been around for many years, they have evolved to form the current fourth-generation threat landscape: phishing beyond email. The real question for security teams is how are untrained, non-security staff supposed to recognize these threats?
Botnets have facilitated different types of cybercrime for years – the most common use cases revolve around DDoS (Distributed Denial of Service) attacks and massive spam campaigns – but things are starting to change. A new segment of cybercrime is shifting toward a paradigm where botnets do not DDoS or spam – they mine cryptocurrencies.
The scariest attacks of 2017 don’t have a name. They are not featured in the headlines. They are the unreported and the under-reported. The cyber criminals are not undefeatable supernatural, evil entities.
From stolen emails to hacked credit reports to acts of industrial espionage we never hear about and now processor vulnerabilities, data breaches can cripple organizations, compromise customers, invite regulation and destroy systemic confidence. Will 2018 be the year when new approaches finally result in the number of breaches leveling off?
Cybercrime is on the rise. The number of data breaches in 2017 was staggering and things are likely to get worse. Employee error, employee manipulation, hacking-as-a-service, and the gap between development and test make things even more challenging. Says Dr. Rao Papolu, it's time to take some time to assess the main threats to your cyber defenses.
2017 brought some of the most damaging cyber-attacks and volume driven data breaches the world has ever seen. Detailed profiles have been built on nearly every individual in the United States posing a threat to each consumer and organization. A wave of cyber crime is coming our way in 2018 like never seen before. How will you respond?
KRACK, as acronyms go, seemed an appropriate handle for last month’s WiFi security disclosure. After a quarter stuffed with bad security news, a new flaw in one of our most beloved technologies might have a few security pros on the verge of cracking. The showiest security disasters make news, but breaches happen every day to organizations of every type around the world. The attacker perpetrating the next big cybersecurity incident is probably already behind someone’s firewall. And while you should definitely patch your vulnerabilities and maybe even turn off your WiFi (ok, just kidding, no one’s going to turn off the WiFi), that’s not going to be enough. We need to change how we think about cybersecurity.
It has been two years since we first heard about one of the largest data breaches in the history of the federal government, hitting the Office of Personnel Management (OPM) and exposing the sensitive personal information of more than 22 million current and former employees. What's happened since then?
Identity theft is on the rise and the latest data breach from Equifax could bring an “avalanche” of cyber crime with losses of billions of dollars. These are times when the individual response of each one of us could urge our government to stop the growing crisis, and to change flawed credit application processes that lie at the core of it. The five steps described in this article are useful to those affected and whose privacy might be breached. A personal story highlights that identity theft is more common than people expect.
As of writing this article on Thursday, September 7th, 2017, yet another corporate mega-breach has been revealed and this time it's the credit-reporting agency, Equifax. Negligence, terrible communications, bad crisis management … someone's head is gonna roll.
“I suppose it is tempting, if the only tool you have is a hammer, to treat everything as if it were a nail.” - Abraham Maslow, The Psychology of Science, 1966. But using firewalls to protect against DDoS attacks has its limitations.
The Mirai malware has become particularly notorious for recruiting IoT devices to form botnets that have launched some of the largest distributed denial of service (DDoS) attacks ever recorded. This new Experts Corner from Robert Hamilton tracks the evolution of the Mirai botnet.