Displaying items by tag: Cybersecurity

Insider threats are among the most dangerous cyberthreats out there. Yet, organizations of all sizes seem to be either reluctant or negligent when it comes to fighting them. Over 50 percent of organizations don’t have an Insider Risk Response Plan and 40 percent don’t assess how effectively their technologies mitigate insider threats.1 Even though 59 percent of IT security leaders expect insider risks to increase in the next two years, very little is being done to prevent them from causing serious security incidents.

Rapid technological advancement and rising global connectivity is reshaping the way the world is functioning. From higher productivity to improved customer satisfaction, technology has played a critical role in the growth of businesses across the world. However, the consequential bad news is that technological advancements have also made organizations increasingly vulnerable to digital risks. However, this does not mean that businesses must compromise on growth and advancement for the sake of security.

For the third year running, we’ve examined the year’s biggest cyber threats and ranked them to determine which ones are the absolute worst. Somewhat unsurprisingly, phishing and RDP-related breaches remain the top methods we’ve seen cybercriminals using to launch their attacks. Additionally, while new examples of malware and cybercriminal tactics crop up each day, plenty of the same old players, such as ransomware, continue to get upgrades and dominate the scene.

The speed, convenience and anonymity of the Internet are making cyber crime a fast-growing activity. One recent study found that one in every five Americans has had personal information stolen or an account compromised because of their online activities.Need a cyber crime definition or examples? In addition to online identity theft or financial fraud, types of cyber crimes can also include activities such as stalking, bullying, hacking, email spoofing, information piracy and forgery and intellectual property crime.

Every now and then, an email with a catchy subject line appears in your inbox and you end up clicking on it, either because you’re curious about the subject line or because you assume the sender is trustworthy. Unfortunately, this is how most cyberattacks tend to begin – with a single click. What unfolds next only puts your security and the security of your business in grave danger.

Zoom Video Communications has announced its enhanced Two-Factor Authentication (2FA), that makes it easier for admins and organizations to protect their users and prevent security breaches right from the platform. The Two-Factor Authentication identifies online users by requiring them to present two or more pieces of evidence, or credentials, that authenticate their ownership of the account, such as something the user knows (a password or pin), something the user owns (a smart card or mobile device), or something the user has (fingerprints, voice).

Ransomware attackers will attempt to locate your backups, steal the data from them, and then delete them. If you can prevent this, you can recover from an attack without giving in to blackmail.

A manufacturer of transit communication systems that pivoted to build ventilators during the COVID-19 pandemic is reportedly the latest victim of the DoppelPaymer ransomware gang. Boyce Technologies Inc., based in Long Island City, New York, was targeted by the ransomware gang, which has threatened to leak data stolen in the incident unless the company pays a ransom, according to the news site Cointelegraph.

LONDON (Reuters) - U.S. travel management firm CWT paid $4.5 million (3.4 million pounds) this week to hackers who stole reams of sensitive corporate files and said they had knocked 30,000 computers offline, according to a record of the ransom negotiations seen by Reuters.

Major antivirus companies, banks, insurance providers, government agencies, large hotels, wineries, restaurants, airlines. Think of almost any kind of company and there’s a good chance a prolific, financially-motivated hacker known as Fxmsp has broken into it, or attempted to, according to a report released Tuesday. Dubbed the “invisible god of networks,” he’s a suspected male from Kazakhstan who claimed to have broken into 135 companies since his first appearance in 2017, according to the report. Group-IB, a security company that recently shifted operations from Russia to Singapore, estimated he’s made $1.5 million along the way, working with an unidentified accomplice known as Lampeduza to sell access to victim networks.

Verizon’s 2019 Data Breach Investigations Report is a hefty read. To get you started, we sussed out six trends that have major security implications. Three of these are commonly accepted across the industry, but opinions are mixed on the other three. Here are some things to consider as you continue to improve on your own enterprise security.

Employees are now connecting from home. Here's a short, but important list of IT issues—from security to bandwidth—that you may encounter while keeping teams connected and productive in this uncharted territory. Working from home is not at all a new or radical idea. Having everyone work from home during the coronavirus crisis is new and radical. Even though we know, in theory, how to do it, pulling it off with no problems would be miraculous.

A data breach is almost inevitable because we continue to make the same security mistakes. Here are five of the big ones, according to experts, and why you simply have to fix them.

SANTA CLARA, Calif., February 24, 2020 - SANTA CLARA, Calif.--(BUSINESS WIRE)-- McAfee, the device-to-cloud cybersecurity company, today announced it has entered into a definitive agreement to acquire Light Point Security, LLC, an award-winning pioneer of browser isolation. Upon the close of the acquisition, the Light Point Security team will join McAfee.

On Tuesday of this week, one of the more popular underground stores peddling credit and debit card data stolen from hacked merchants announced a blockbuster new sale: More than 5.3 million new accounts belonging to cardholders from 35 U.S. states. Multiple sources now tell KrebsOnSecurity that the card data came from compromised gas pumps, coffee shops and restaurants operated by Hy-Vee, an Iowa-based company that operates a chain of more than 245 supermarkets throughout the Midwestern United States.

The online world seems to become more complex by the day. As more and more applications are moved to the cloud, the growing number and severity of data breaches makes it clear that attitudes about cybersecurity must change. It’s no longer possible to assume that “someone else” is going to be responsible. Instead, data protection and a strong cybersecurity defense must be a team effort. How have cybersecurity roles changed over the last decade? Ten years ago, cybersecurity was the responsibility of IT. Organizations were guarded by firewalls, antivirus companies were keeping up with basic malware and the world seemed to be (relatively) safe. The IT manager was responsible for cybersecurity, and in the event of a breach, wipe and restore from back-up was the preferred course of action. When breaches started happening more frequently, we were startled. Too bad we weren’t shocked enough to change our bad habits! Too many of us still clicked on every link, and opened every attachment. By 2015, as more and more vulnerabilities were unveiled, and as knowledge about how easy it is to orchestrate automated large-scale attacks spread, ransomware became a real issue. In response, cybersecurity vaulted to the top of the priority list at most organizations. The internet of things (IoT) has changed the way work gets done, and it has forced organizations to adapt and change the way they secure data. Now, in 2019, cybersecurity is everyone’s responsibility. Data is the most important resource on earth, and one mistake by a single employee can endanger an entire company. Employees have become targets for phishing and social engineering, with the C-suite heading up the priority list for cybercriminals.

There’s an epidemic of cybersecurity threats; no one’s data is safe. Cybersecurity awareness training is essential knowledge that enterprises can’t afford to overlook. Cybersecurity Awareness Training: Network Protection and Cybersecurity Threat Best Practices Your enterprise's data is at risk. Your own employees may be pawns in the next threat from a highly skilled hactivist, criminal or nation state. How are they equipped? For several years now, the majority of digital attacks attempt to exploit the human factor through phishing attempts and related efforts. According to our Secureworks® 2018 Incident Response Insights Report, 42% of attackers gain entry from successful phishing scams, reinforcing the need for ongoing employee education. Malicious hackers and attackers seek to trick users into granting them access to a digital resource, long before they will try to hack their way in. Simply put: People are the weakest link in any organization's cybersecurity defenses. And that's why people are usually the first targets of cyber attackers who use tactics and tools such as ransomware, spear phishing, malware and social engineering.

With the number and variety of information threats expanding for small businesses, more companies are adopting virtual private network (VPN) software to help protect their data. A VPN connection is safer than a typical Internet session because a VPN establishes a direct, end-to-end connection between two servers and encrypts the data traveling between those servers. In essence, the VPN acts like an anonymous middleman to escort your data back and forth safely. This contrasts with a typical connection, where your data remains unencrypted and hops along a series of servers before reaching its ultimate destination. The open nature of Internet traffic means your data is vulnerable to electronic eavesdropping and interception by hackers. This risk is especially acute if you’re using a public Wi-Fi connection in a coffee shop, airport, hotel lobby or other locations popular with business travelers. Because these networks typically offer open connections, hackers have created a cottage industry for tools designed to monitor traffic and to capture log-in credentials as unsuspecting patrons use the public Wi-Fi.

With cyber attacks increasingly targeting businesses of all sizes, a growing number of small businesses are protecting themselves with cyber liability insurance designed to help them deal with the aftermath of a data breach. By providing financial support and services to help small businesses deal with aspects such as customer notification, data restoration, business interruption and other effects, cyber liability insurance can play an important role in helping a company survive a data breach or online attack. Many small businesses tend to underestimate their cyber-related risk exposure as well as the associated expenses, but smaller companies are increasingly targeted by hackers because their defenses may not be as sophisticated. In addition, smaller companies are often attacked by hackers looking to breach the larger companies that include small businesses as suppliers and service providers.

ANNAPOLIS, Md. (AP) — Gov. Larry Hogan is taking steps to strengthen cybersecurity in Maryland. Hogan signed an executive order on Tuesday to create a new position called the Maryland Chief Information Security Officer. The Republican governor also said he is forming the Office of Security Management and the Maryland Cybersecurity Coordinating Council. The three will work to improve Maryland’s cybersecurity to improve the state’s ability to address a cybersecurity incident.   For example, the council will help create recommendations for the state to identify and respond to cybersecurity risks and recover from them. It will include state officials from agencies and departments throughout the state. Last month, a cyberattack hit the city of Baltimore’s computer network, affecting functions of local government in Maryland’s largest city.