Cybersecurity in 2021 – what can we expect?

As we changed the way we work, cybercriminals followed because the modern criminal is constantly evolving in line with shifts in online behavior and trends. As we prepare to welcome 2021, what trends can we expect from the cyber world?

from Cyber Security News https://ift.tt/3hxBx2E

A new crystal ball: A view of the trends that will shape 2021

Trends that emerged in 2020, along with some new predictions, will have a huge impact on 2021 as these technologies continue to evolve and deploy even more quickly. Adoption of emerging tech will be even faster next year and securing data in these environments must finally move to the top of the priority list because more depends on security than ever before.   

from Cyber Security News https://ift.tt/3pEOsme

Closing the cyber skills gap requires a culture of continuous learning

The ongoing cyber skills gap affects organizations worldwide and ultimately affects the entire digital economy. And cybersecurity changes and evolves at break-neck speed, which makes it harder to keep up with training and learning. On top of this, as remote work increasingly becomes the norm, and infrastructures become more distributed, the need for IT pros with up-to-date security skills and knowledge will continue to grow.

from Cyber Security News https://ift.tt/3o1MRGD

New cyber defense feed protects government systems in live trial across four states

A new automated data feed that helps defend state and local government computer systems from cyberattacks and rapidly blocks threats across state lines reduced cyber defense time from some three days to less than three minutes in a successful pilot program across four states.

from Cyber Security News https://ift.tt/3o0shq6

Boosting gender diversity in cybersecurity

The twentieth century saw huge progress in gender equality as increasing numbers of women embarked upon professional career paths. Certainly, in some sectors such as education, medicine and law, women are increasingly prominent in the general workforce and leadership roles, but other industries appear to be a long way off from achieving full equity. Unfortunately, cybersecurity is one such industry with much progress to be made in terms of diversity and gender parity. While cybersecurity is one of the most fast-paced, rapidly evolving modern industries, this evolution does not appear to apply to the number of women involved in the field. 

from Cyber Security News https://ift.tt/3pyVxo3

40% of small business employees worried they’ll be blamed for data breaches at work

Avast found that almost 40% of small business employees think that a staff member who unknowingly clicks a malicious link would be held personally responsible for a data breach, which could be encouraging employees to keep quiet rather than flagging a potential threat.

from Cyber Security News https://ift.tt/3hs9X6I

5 minutes with Brian Soby - Understanding Software as a Service (SaaS)

Meet Brian Soby - he has held security leadership roles at Salesforce and in the financial tech industry. Prior to founding AppOmni, Soby founded a cloud software security consultancy. He served as Director of Security at Taulia and managed all security functions, including product/application security, compliance, physical security, and corporate information security. Before that, he was the Director of Product Security at Salesforce and a Lead Security Engineer at MITRE. Here, we talk to Soby about how organizations can avoid today's biggest challenges with Software as a Service (SaaS). 

from Cyber Security News https://ift.tt/2M9jaoQ

5 reasons why scams survive, thrive, and succeed

Computer fraud, or cyber-scamming, is a multi-billion-dollar industry that affects people and organizations around the world. Since the pandemic started, cybersecurity experts have tracked a 400% rise in online scams. The world is evolving at a rapid pace and with everything getting connected and automated scammers are bound to adapt, thrive and succeed. Let’s understand the top five reasons:

from Cyber Security News https://ift.tt/3nWE8Fn

Five steps to secure your business – From the C-suite to the assembly line

In the years since, the need for uniform security policies and processes across the entire enterprise — from the boardroom to the home office, the assembly line to the warehouse — has become increasingly obvious. To get started, we have created a simple five step program for executives to ensure their organization is protected against the latest threat vectors and increasingly sophisticated cyberattacks.

from Cyber Security News https://ift.tt/3mW7dzx

CISA releases free detection tool for Azure/M365 environment

CISA has created a free tool for detecting unusual and potentially malicious activity that threatens users and applications in an Azure/Microsoft O365 environment. The tool is intended for use by incident responders and is narrowly focused on activity that is endemic to the recent identity- and authentication-based attacks seen in multiple sectors.

from Cyber Security News https://ift.tt/2L3EVWw

Vaccine rollout and remote working will make 2021 a prosperous year for cybercriminals

As society continues to navigate through the ongoing pandemic, hackers are honing in on new targets and new means to access sensitive data. To prepare for 2021, Experian is releasing its eighth annual Data Breach Industry Forecast, which predicts five major threats to watch.

from Cyber Security News https://ift.tt/2KGkkI0

Culture shift of IT security in agile world

While the transformation of software development has progressed, the management of information security and risk organization in such environment is not defined and adapted to support such an environment. Based on SAFe Agile Principles by Scaled Agile, this article will suggest 4 culture shift in IT Security organization may consider in order to adapt to the recent trend of Agile Software development.

from Cyber Security News https://ift.tt/2WSF5CM

Data privacy expectations in 2021: Trends to watch

Everyone is excited to give 2020 the boot. And while we don’t quite know what to expect in 2021, it can’t get any worse. Or can it? As businesses prepare for a new year, with a new set of challenges and new ways of working that may never change, one thing they need to be prioritizing is data privacy. Because if the dominoes fall and privacy is involved, the repercussions can result in a disaster.

from Cyber Security News https://ift.tt/37QsRRA

3 myths that can derail your machine learning program

It’s undeniable that Machine Learning (ML) is changing the game for securing cloud infrastructure.  Security vendors have rapidly adopted ML as part of their solutions, and for good reason:  By analyzing massive quantities of data, it can help identify threats, speed incident response, and ease the burden on over-taxed security operations teams.

from Cyber Security News https://ift.tt/34ROWgy

CISA releases new TIC and NCPS guidance for public comment

The Cybersecurity and Infrastructure Security Agency (CISA) released a draft of the Trusted Internet Connections (TIC) 3.0 Remote User Use Case and the draft National Cybersecurity Protection System (NCPS) Cloud Interface Reference Architecture (NCIRA): Volume 2.

from Cyber Security News https://ift.tt/34PvCRn

DHS warns American businesses about data services and equipment from firms linked to Chinese government

The Department of Homeland Security (DHS) issued a business advisory to American businesses warning of risks associated with the use of data services and equipment from firms linked to the People’s Republic of China (PRC).

from Cyber Security News https://ift.tt/34IeSLL

CISA releases CISA Insights and creates webpage on ongoing APT cyber activity

The Cybersecurity and Infrastructure Security Agency (CISA) is tracking a known compromise involving SolarWinds Orion products that are currently being exploited by a malicious actor. An advanced persistent threat (APT) actor is responsible for compromising the SolarWinds Orion software supply chain, as well as widespread abuse of commonly used authentication mechanisms. If left unchecked, this threat actor has the resources, patience, and expertise to resist eviction from compromised networks and continue to hold affected organizations at risk, says CISA. 

from Cyber Security News https://ift.tt/38uS6Ic

5 minutes with Ali Golshan - The benefits of DevOps

Meet Ali Golshan, CTO and co-founder at StackRox, a Mountain View, Calif.-based leader in security for containers and Kubernetes. Prior to StackRox, he was the Founder & CTO of Cyphort (acquired by Juniper Networks) and led the company's product strategy and research initiatives. Previously, he worked as a security researcher and engineer at Microsoft and PwC. His career started in government, conducting security and vulnerability research for the intelligence community. Here, we talk to Golshan about the benefits of DevOps. 

from Cyber Security News https://ift.tt/38qKbvw

DHS S&T publishes the Resilient PNT Conformance Framework

The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) published the Resilient Positioning, Navigation, and Timing (PNT) Conformance Framework today. PNT services, such as the Global Positioning System (GPS), is a national critical function that enables many applications within the critical infrastructure sectors. This framework will inform the design and adoption of resilient PNT systems and help critical infrastructure become more resilient to PNT disruptions, such as GPS jamming and spoofing.

from Cyber Security News https://ift.tt/2WG1vHs

Fraudsters bank on targeted, high-value attacks during 2020 holiday shopping season

Sift released its Q4 2020 Digital Trust & Safety Index: Holiday Fraud and the Shifting State of E-commerce, which revealed that fraudsters are executing larger and more targeted attacks this holiday season. Derived from Sift’s global network of over 34,000 sites and apps, the Index found the average attempted fraudulent purchase value rose to over $700 from October through November 2020, a 70% year-over-year increase during the same period in 2019.

from Cyber Security News https://ift.tt/37JEuJY

The rising challenge of consumer rights to request

The rise of high-profile data breaches and the implementation of data privacy laws have raised awareness that businesses and institutions rely on consumer information. While there is no single, comprehensive U.S. federal data privacy law, there are enough industry-specific compliance regulations in force in addition to HIPAA, the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, the Children's Online Privacy Protection Act, and a growing number of state privacy laws, that every organization needs to step up and recognize how subject rights requests fit into its data protection and cybersecurity policies.

from Cyber Security News https://ift.tt/34DEFEH

The Institute for Security and Technology launches multi-sector Ransomware Task Force

The Institute for Security and Technology (IST) — in partnership with a broad coalition of experts in industry, government, law enforcement, nonprofits, cybersecurity insurance, and international organizations — is launching a new Ransomware Task Force (RTF) to tackle this increasingly prevalent and destructive type of cybercrime.

from Cyber Security News https://ift.tt/3aBim6f

5 cybersecurity predictions for 2021

As companies think about how to navigate this new landscape of privacy laws and cybersecurity threats, here are a few major trends and predictions to consider:

from Cyber Security News https://ift.tt/3haRn2J

CISA updates emergency directive for SolarWinds Orion compromise

CISA has updated AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, originally released December 17. This update states that CISA has evidence of, and is currently investigating, initial access vectors in addition to those attributed to the SolarWinds Orion supply chain compromise. This update also provides new mitigation guidance and revises the indicators of compromise table; it also includes a downloadable STIX file of the IOCs.

from Cyber Security News https://ift.tt/2LRMDn6

5 minutes with Issak Davidovich – Creating vehicle cybersecurity standards

Meet Issak Davidovich, Vice President of Research and Development at C2A Security. According to Davidovich, the implementation of driver assistance technologies and cybersecurity goes hand-in-hand, and the auto industry is taking its first steps on creating in-vehicle security standards. Here, we talk to him about what this means for automotive cybersecurity.

from Cyber Security News https://ift.tt/3rguqjt

NSA warns hackers are forging cloud authentication information

In response to ongoing cybersecurity events, the National Security Agency (NSA) released a Cybersecurity Advisory “Detecting Abuse of Authentication Mechanisms.” The advisory provides guidance to National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) network administrators to detect and mitigate against malicious cyber actors who are manipulating trust in federated authentication environments to access protected data in the cloud.

from Cyber Security News https://ift.tt/3nDSZo5

When strength in numbers is on the wrong side

The talent war is real, the strength in numbers favors our opponent, we now have the original digital transformations we were planning pre-COVID, and now we have additional transformations that we have to take on to enable a distributed workforce that was previously never a consideration. There simply are not enough properly equipped resources to meet global demand, and even then, an organization is only as strong as its weakest analyst.  The adversary knows that and, leverages the vulnerabilities in human behavior to advance their position in the “infinite game” of cyber warfare.

from Cyber Security News https://ift.tt/2LOJ0yg

Shadow IT was a security crisis. Now Shadow IT 2.0 is looming. Let’s skip the crisis this time.

If you were in an IT-related field 10 years ago, the term “Shadow IT” might strike fear into your heart. In case you missed it – or blocked out the bad memory – that’s when business SaaS emerged, enabling lines-of-business (LOB) teams to buy their own turnkey software solutions for the first time. Why was it called “Shadow” IT? Because IT security teams typically weren’t involved in the analysis or deployment of these Saas applications. IT security often didn’t find out about the apps until something went wrong and they were called in to help – and by that point, data, apps and accounts had sprawled across the cloud.

from Cyber Security News https://ift.tt/2Jf6VWU

The kids are not alright: How some Millennials and Gen Zers are cybersecurity liabilities

Despite their preference for remote work, Millennials and Gen Zers experience more technological issues, struggle more with password management, and are far more reckless in their online activity than older demographics. Not only do these younger employees create more work for IT teams and service desk personnel, but they also pose as significant cybersecurity liabilities for corporations.

from Cyber Security News https://ift.tt/3nEyEip

A remote holiday season: Top tips to boost security as cyber hygiene diminishes

Nearly two-thirds of workers who have been working remotely during the pandemic would like to continue to do so. While working from home, the boundaries between work and life can decrease or disappear altogether, as employees are using their corporate devices for personal use more than ever before. As we enter the holiday season, IT teams can expect this work/life blend to translate into increased online shopping on corporate devices, which in turn exposes the network to additional cybersecurity threats.

from Cyber Security News https://ift.tt/2LIEgKt

CISA releases ICT supply chain risk management task force year 2 report

The Cybersecurity and Infrastructure Security Agency (CISA) and government and industry members of the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force released an annual report on its progress to advance meaningful partnerships and analysis around supply chain security and resilience.

from Cyber Security News https://ift.tt/34nwgFb

New report helps enterprises move beyond compliance

The World Economic Forum today launched a new report that outlines how organizational leaders can influence their companies and encourage the responsible use of technology and build ethical capacity. “Ethics by Design” – An Organizational Approach to Responsible Use of Technology integrates psychology and behavioral economics findings from interviews and surveys with international business leaders. It aims to shape decisions to prompt better and more ethical behaviors. The report promotes an approach that focuses less on individual “bad apples” and more on the “barrel”, the environments that can lead people to engage in behaviors contrary to their moral compass. The report outlines steps and makes recommendations that have proven more effective than conventional incentives such as compliance training, financial compensation or penalties.

from Cyber Security News https://ift.tt/2WqGfp1

Dutch police confirm hack of Donald Trump's Twitter account

Recently, Dutch media reported the alleged hacking of Donald Trump’s Twitter account after a Dutch researcher correctly guessed the president’s password: “maga2020!” Security researcher and ethical hacker Victor Gevers could access to Trump’s direct messages, post tweets in his name and change his profile, De Volkskrant newspaper reported. Now, BBC News reports Dutch prosecutors confirmed the hack and claim Gevers provided proof of the hack. 

from Cyber Security News https://ift.tt/3mvb6v5

Hackers accessed systems at the National Nuclear Security Administration

According to media reports, the U.S. Energy Department and National Nuclear Security Administration have evidence that hackers accessed their networks as part of a major cyber espionage operation that affected many U.S. federal agencies. 

from Cyber Security News https://ift.tt/3mviarI

Three key customer IAM trends for 2021

The future of business has changed drastically due to the rapid advancement of the remote work era from the pandemic. Here are three key CIAM market trends that security professionals should be aware of as they finalize their 2021 plans.

from Cyber Security News https://ift.tt/37qTr3p

Global account fraud decreased 23% in 2020

New data from Jumio reveals that new account fraud based on ID verification declined 23.2% worldwide YTD in 2020, compared to 2019 results. At the same time, selfie-based fraud rates were five times higher than ID-based fraud. This illustrates the growing number of stolen ID documents available on the dark web for purchase and, more importantly, the growing need to determine if an ID is authentic and belongs to the user.

from Cyber Security News https://ift.tt/2LKXRtJ

Attackers can exploit vulnerabilities in new 5G networks to steal subscriber data and impersonate users

Positive Technologies has published its “5G standalone core security assessment”. The report discusses vulnerabilities and threats for subscribers and mobile network operators, which stem from the use of new standalone 5G network cores. The vulnerabilities in protocols HTTP/2 and PFCP, used by standalone 5G networks, include the theft of subscriber profile data, impersonation attacks and faking subscriber authentication.

from Cyber Security News https://ift.tt/38aj7AG

The future of account security must be democratized

Today’s customers rarely bat an eye when they receive a security alert from a company with which they do business. That’s because large tech companies have baked identity confirmation and notifications of suspicious activities into their everyday user experiences.

from Cyber Security News https://ift.tt/3gTdzhG

Multi-factor authentication for HIPAA compliance: What it is, common objections, and why to insist on it

Though many healthcare organizations still consider it optional, two-factor authentication - also known as Multi-Factor Authentication (MFA) - is an indispensable part of a secure environment, and key to protecting your medical data.

from Cyber Security News https://ift.tt/3qYODu1

How cybercriminals are taking advantage of deals and discounts this holiday season

Digital Shadows released research on the most popular items for sale on the dark web this holiday season – this one is shaping up to be different than any before with many consumers turning to online shopping instead of brick and mortar.

from Cyber Security News https://ift.tt/3ai6gPm

COVID-19 has enlarged the digital footprint for American businesses: We’ve never been more at risk for cybercrime

The coronavirus pandemic has sparked a new round of digital transformation. But in many cases, the rapid pace of digital acceleration has enlarged the digital footprint of both businesses and consumers beyond the capacity of our cybersecurity infrastructure to keep up. The scary reality is that the business impact of COVID-19 may be creating the perfect storm for a cybercrime pandemic; digital citizens will have to act aggressively to secure their data before it’s too late.

from Cyber Security News https://ift.tt/37r1ygC

Managing security on mobile devices through mobile certificate management

Mobile devices are part and parcel of today’s increasingly distributed workforce. Laptops, smartphones, and tablets are provisioned by enterprises to increase employee productivity, while providing flexibility to work remotely. But when the pandemic struck, security teams across industries were challenged by the unprecedented speed and scale of the shift. This disruption created great strain for IT security teams. Pair that with the increase in employee BYOD devices, already-overworked IT teams raced to ensure only authorized devices could connect to corporate assets. 

from Cyber Security News https://ift.tt/2Lx56oP

New spyware used by sextortionists to blackmail iOS and Android users exposed by Lookout

Lookout, Inc. announced the discovery of Goontact, a new spyware targeting iOS and Android users in multiple Asian countries. Uncovered by the Lookout Threat Intelligence team, Goontact targets users of illicit sites and steals personal information stored on their mobile devices. Evidence shows these sextortion scams are affecting Chinese-, Japanese- and Korean-speaking people. Goontact may also be operating in Thailand and Vietnam. Lookout discovered evidence the campaign may have been active since 2018 and is still active today. 

from Cyber Security News https://ift.tt/3ad6gQR

Apple officially rolls out privacy labels

Apple has officially rolled out the new privacy labels on its App Store, which allows users to understand the type of data collected by each app.

from Cyber Security News https://ift.tt/3gPxYEx

5 minutes with Jake Kouns - K-12 cybersecurity challenges during the pandemic

COVID-19 has caused havoc on the schools across the U.S. In the spring, school districts did whatever they could to provide the tools to students to get through the end of the school year. As schools are starting up around the country this month and next month, the challenge school IT departments are having is how to secure all of the devices distributed to students. Here, we talk to Jake Kouns, CEO and CISO for Risk Based Security, where he leads the company’s technology strategy and is responsible for product vision and leadership in the security industry.

from Cyber Security News https://ift.tt/37mN1Ci

It’s time to modernize the voting process

We live in a digital age, yet voting remains woefully outdated. The nation’s recent experience holding a presidential election during a pandemic highlights how important it is to modernize the voting process. The benefits of transitioning to online voting are numerous, including easier access as voters would no longer be required to wait in long lines and greater efficiency as votes would be tabulated electronically. 

from Cyber Security News https://ift.tt/3adGax9

70% of U.S. employees believe it’s their company’s job to defend against workplace hacks

Dashlane announced the findings of its new Workplace Security Survey which looked at employee sentiment and habits around workplace security practices—and who the responsibilities should fall on. As many companies continue to grapple with a remote workforce, overall employee security measures become more critical, especially as many are relying on personal devices and networks for work. The online survey, conducted by The Harris Poll on behalf of Dashlane among over 1,200 employed U.S. Americans, sheds light on how employees view and manage company security—and reveals they aren’t necessarily taking the security of their work accounts as seriously as they should. 

from Cyber Security News https://ift.tt/3qXJZML

New research highlights challenges to adoption of zero trust framework

One Identity released global survey results that revealed that 37% of IT professionals rated rapid changes in their AD/AAD environment as the key impact of COVID-19 on their organization’s identity management team. Given the unique challenges of the sudden shift to remote work amidst COVID-19, businesses should look toward integrating AD/AAD with a strong privileged access management (PAM) solution in order to harness the full value of AD and AAD, dramatically increasing the security of their IT environments.

from Cyber Security News https://ift.tt/3acNOrB

9 best practices to achieve effective cloud security

While there are several security concerns that cloud users must address in the long run, here are three critical areas that must be given immediate attention, especially now as organizations are planning to scale their remote work setup, and nine best practices organizations must follow to ensure optimal safety of their cloud instances.

from Cyber Security News https://ift.tt/3qZZGTs

US Secret Service hosts cyber incident response simulation

The US Secret Service hosted a virtual Cyber Incident Response Simulation for financial services, real estate, retail and hospitality executives who trained on mitigation strategies for a simulated business email compromise (BEC) attack. Business Email Compromise is a sophisticated scam targeting both businesses and individuals performing a transfer of funds. The scam is frequently carried out when a subject compromises legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.

from Cyber Security News https://ift.tt/3oQsnR4

5 minutes with Paul Kohler – Security concerns with contact tracing apps

A recent survey conducted among consumers and IT professionals by SecureAge Technology suggests that a majority of these groups believe COVID-19 contact-tracing technologies put individuals' personally identifiable information (PII) at risk. Generally, however, both these groups believed that these types of tools could help mitigate the spread of the disease, and would support a nationwide rollout of the technology in spite of privacy concerns. So, are contact tracing apps a 'necessary evil'? If so, what can be done to make these apps safer to protect PII and the privacy of the public? Here, we talk to Paul Kohler, Chief Technology Officer (CTO) at S3 Consulting. 

from Cyber Security News https://ift.tt/2Ko9PbU

Email systems breached at the US Treasury and Commerce Departments

Hackers working on behalf a foreign government are believed to be behind a highly sophisticated attack into a range of key government networks, including in the Treasury and Commerce Departments, and other agencies. The hackers had free access to their email systems.

from Cyber Security News https://ift.tt/3gN3m6l

Combating insider threats in the age of remote work

Employees forced to work remotely during the COVID-19 pandemic altered their online habits, and to minimize hacking risk they needed cybersecurity tools to keep up. As a result, security administrators face a danger they may not have previously anticipated: attacks from insiders. 

from Cyber Security News https://ift.tt/37eCSYv

How to protect your ecommerce data from disaster in 2021

With the world transitioning to ecommerce, your online store is vital for ensuring your products are moving and sales are coming in. While you “can’t sell what you don’t have” in the retail world, you certainly can’t sell without a working online store in the ecommerce arena. Take the steps needed to ensure that all the goodwill and progress you made strengthening your online presence in 2020 is not wiped out in the coming year.   

from Cyber Security News https://ift.tt/3mmcgZQ

Carnegie Mellon’s updated IoT Privacy Assistant app allows users to maintain privacy

After a successful launch earlier this year, Carnegie Mellon researchers introduced the latest version of the IoT Privacy Assistant, an app and digital infrastructure that enables users to discover IoT devices nearby, learn about the data they collect and any controls they might possibly give, such as opting in or out of their data collection and use practices. 

from Cyber Security News https://ift.tt/37fJZjr

How can front-facing technology address cybercrime in the finance industry?

Over the last few months, the financial sector, as well as many other industries, has had to adjust and make the shift to remote set-ups almost overnight due to COVID-19 restrictions. The transition has accelerated digital transformation; the sector’s previous reliance on face-to-face, or, ‘high-touch’ customer interactions have yielded to a completely digitalized experience.

from Cyber Security News https://ift.tt/37VeHgL

Protecting patients and securing medical innovation, one device at a time

Without effective cybersecurity protection, any connected medical device – including infusion pumps, pacemakers, smart pens, vital signs monitors, and more – is at risk of attack, whether it is connected to a hospital network or is one of the millions of distributed devices not connected to any network. This jeopardizes the lives of the millions of patients who depend on them.

from Cyber Security News https://ift.tt/2WiGwKN

5 minutes with Jorge Rey - Top remote cybersecurity best practices

For businesses without access to top data/security experts, working remotely during the pandemic has made them a top target for hackers. To discuss cybersecurity best practices businesses can learn from this situation, we talked to Jorge Rey, Kaufman Rossin’s Chief Information Security Officer.

from Cyber Security News https://ift.tt/378WfCj

Employees are 85% more likely today to leak files than they were pre-COVID

Business and security leaders are allowing massive Insider Risk problems to fester in the aftermath of the significant shift to remote work in the past year according to Code42's newest Data Exposure Report on Insider Risk, conducted by Ponemon. During that same time, three-quarters (76%) of IT security leaders said that their organizations have experienced one or more data breaches involving the loss of sensitive files and 59% said insider threat will increase in the next two years primarily due to users having access to files they shouldn’t, employees’ preference to work the way they want regardless of security protocols and the continuation of remote work. 

from Cyber Security News https://ift.tt/3qL9wZk

Cybercriminals targeting K-12 distance learning education to cause disruptions and steal data

A new Joint Cybersecurity Advisory, coauthored by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC), assess malicious cyber actors are targeting kindergarten through twelfth grade (K-12) educational institutions, leading to ransomware attacks, the theft of data, and the disruption of distance learning services.

from Cyber Security News https://ift.tt/39YYslo

Top US states least likely to go bankrupt after a cyberattack

Verizon cybersecurity leaders evaluated which states’ businesses fare best after cyberattacks. To determine the odds of a business recovering from a cyberattack in any given state, they analyzed a host of factors, including internet privacy laws and the number of cyberattacks businesses within each state suffer each year.  Here’s what they found.

from Cyber Security News https://ift.tt/3n80N14

UWF re-designated as Cybersecurity Regional Hub for the Southeast US

The University of West Florida has been re-designated by the National Security Agency and Department of Homeland Security as the Southeast Centers of Academic Excellence in Cybersecurity (CAE-C) Regional Hub.

from Cyber Security News https://ift.tt/3m7CDTf

83% of top 30 US retailers have online vulnerabilities, posing cybersecurity threats

Cyberpion released research today showing that most (83%) of the top U.S. retailers have connections to a vulnerable third-party asset, and nearly half of them (43%) have vulnerabilities that pose an immediate cybersecurity risk.

from Cyber Security News https://ift.tt/2VYcueY

What your API visibility and monitoring solution must do to fully protect you

Despite the explosive growth in API usage worldwide, many security and development teams are unable to answer basic questions about their API programs – like how many do we have, who owns them, and what do they do. This poses a huge security risk for organizations – especially in today’s complicated threat landscape. To protect against security risks, it’s crucial that organizations understand all aspects of their API programs and their associated security challenges. This better positions leaders to improve their organization’s security posture through proper mitigation strategies.

from Cyber Security News https://ift.tt/33WsCSM

How to avoid becoming another Azure misconfiguration statistic

Today's complex computing environments are rife with vulnerabilities. Keeping your organizational data safe requires employing today's best data security practice: adopting the premise that identity and access management provide the new and true security perimeter. Powerful identity and access management (IAM) models of public cloud providers enable the deployment of applications and data with far greater protection than what is possible in traditional cloud security. However, these cloud provider IAM solutions are not without risk when misused.

from Cyber Security News https://ift.tt/372NI3R

Effectively evaluating identity governance solutions

Enterprises are grappling with increased complexity as cloud adoption increases, the perimeter expands, and digital transformation projects take hold. The accelerated shift to remote working has only added to the complexity. As more businesses leverage hybrid IT environments in their digital transformation journey, many confront challenges managing identities and access across multiple applications, clouds, networks and servers.

from Cyber Security News https://ift.tt/2VZqAga

How organizations can avoid today’s biggest SaaS data security issues

For years, just about every update of consumer cloud applications would include new features that the user could configure around their personal taste, convenience, and preferred uses. Over time, and with increasing features and capabilities, what had begun as an application’s simple settings, was replaced by a proliferation of tabs, cascading drop-down menus, banners, breadcrumbs, hyperlinks, bookmarks, and more, creating a world of choices and individual styles.

from Cyber Security News https://ift.tt/3qGL6QG

5 minutes with Kory Patrick - How COVID-19 challenged security practices

Not long ago, most business was conducted within the confines of office walls, that is, until 2020. This year, work as we know it evolved practically overnight, as employees went home with company cell phones, laptops and information, and many have yet to return. Unlike ever before, companies must rely on their people to secure any work-related technology and trust that corporate data and information are safe. But should they? And is their current security strategy adequate? To find out, we talk to Kory Patrick, Risk & Security Solution Executive at TEKsystems.

from Cyber Security News https://ift.tt/3n62SL6

Top global security threats organizations will face in 2021

The Information Security Forum (ISF) has announced the organization’s outlook for the top global security threats that businesses will face in 2021. Here are some of threats for the coming year.

from Cyber Security News https://ift.tt/2IxUi8Y

CERT/CC releases information on vulnerabilities affecting open-source TCP/IP stacks

The CERT Coordination Center (CERT/CC) has released information on 33 vulnerabilities, known as AMNESIA:33, affecting multiple embedded open-source Transmission Control Protocol/Internet Protocol (TCP/IP) stacks. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

from Cyber Security News https://ift.tt/36WCtK0

IoT Cybersecurity Improvement Act signed into law

The IoT Cybersecurity Improvement Act has been officially signed into law. The bipartisan legislation, sponsored by Reps. Robin Kelly, D-Ill., and Will Hurd, R-Texas, and Sens. Mark Warner, D-Va., and Cory Gardner, R-Colo., requires that any IoT device purchased with government money meet minimum security standards. 

from Cyber Security News https://ift.tt/3gtblWn

FireEye breached by nation-state hackers

Silicon Valley company FireEye, who is often on the front lines of defending companies and critical infrastructure from cyberattacks, has been breached by hackers. 

from Cyber Security News https://ift.tt/2L9Ap91

5 minutes with Robert O'Connor - Bringing government-grade security to community banks

The risk to the financial sector is extremely high, and due to the high value of financial data, cybercriminals are increasingly targeting customer banking credentials when carrying out attacks. Below, we speak to Robert O'Connor, Chief Information Security Officer (CISO) for Neocova Corporation, about the cybersecurity challenges within financial institutions and best practices to safeguard financial data and prevent attacks. 

from Cyber Security News https://ift.tt/3ow3Ro8

The election’s over, but threats to government and critical infrastructure don’t stop

When we hear the term “critical infrastructure,” we want to believe that the assets – whether they are physical or digital – are extremely secure. Our minds conjure images of the vaults of Fort Knox, which are protected from every angle. However, critical infrastructure of the digital variety is not necessarily any more secure than any other digital asset. It all comes down to how meticulous the organization is in looking for and quickly closing vulnerabilities and security gaps that expose an attack surface for a bad actor to exploit.

from Cyber Security News https://ift.tt/37PhZlT

Open source security top-of-mind but patching too slow

Synopsys, Inc. released the report, DevSecOps Practices and Open Source Management in 2020, exploring the strategies that organizations around the world are using to address open source vulnerability management as well as the growing problem of outdated or abandoned open source components in commercial code.

from Cyber Security News https://ift.tt/3gxH2xK

Russian state-sponsored cybercriminals exploiting VMware vulnerability

The National Security Agency (NSA) released a Cybersecurity Advisory on Russian state-sponsored actors exploiting CVE-2020-4006, a command-injection vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. The actors were found exploiting this vulnerability to access protected data on affected systems and abuse federated authentication.

from Cyber Security News https://ift.tt/3lWtPQ3

5 minutes with Michael Rezek - Ensuring holiday cyber-readiness

With more Americans expected to do their holiday shopping online during the COVID-19 pandemic, US agencies and cybersecurity leaders are urging all consumers to be on alert for holiday shopping scams and cyber threats, which historically spike during the holiday season. Here, we talk to Michael Rezek, Vice President of Business Development and Cybersecurity Strategy at Accedian, about the technologies retailers need to adopt to ensure a smooth holiday shopping season, how to see the warning signs for bad actors, how to proactively manage them and what to do to prevent them in the first place.

from Cyber Security News https://ift.tt/2Io8ktL

Center for Internet Security (CIS) releases remote desktop protocol guide

To combat commonly exploited protocols, the Center for Internet Security, Inc. (CIS®) has released guidance to help organizations mitigate these risks to protect and defend against the most pervasive cyber threats faced today that can be exploited through RDP.

from Cyber Security News https://ift.tt/3ot8AXG

May your digital payments be secure & your APIs be merry and bright

Both organizations and consumers are evolving, becoming more digital, and requiring features that align with the current environment. As businesses are transforming digitally, consumers are surrounded by a plethora of applications and are using apps more than ever in daily life. Unfortunately, companies and individuals are at greater risk than ever because applications are among the top targets for threat actors. 

from Cyber Security News https://ift.tt/33Rt2d7

Kmart suffers cyberattack by the Egregor ransomware operation

Department store chain Kmart has suffered a cyberattack by the Egregor ransomware operation, resulting in the encryption of devices and servers connected to the company’s networks. According to Bleeping Computer, online stores continue to operate, but the 'Transformco Human Resources Site,' 88sears.com, is currently offline, leading employees to believe the outage is caused by the recent ransomware attack.

from Cyber Security News https://ift.tt/3gh3sTP

Attack surface management is critical but few organizations do it well

CyCognito announced new research in partnership with Enterprise Strategy Group (ESG) that revealed most security professionals recognize that attack surface protection is important, but their operational practices and tools used aren’t up to the challenge.

from Cyber Security News https://ift.tt/2JIKFV8

New cybersecurity readiness assessment for healthcare organizations

A new partnership aims to help healthcare IT vendors and services firms improve their overall risk and security profile and provide greater transparency to thousands of healthcare providers. As part of the partnership, KLAS, which has conducted deep research and analysis on more than 900 healthcare IT products and services, will introduce a new Cybersecurity Readiness Assessment.

from Cyber Security News https://ift.tt/39IakYU

CISA releases alert on heightened awareness for Iranian cyber activity

Iranian cyber threat actors have been continuously improving their offensive cyber capabilities. They continue to engage in more conventional offensive cyber activities ranging from website defacement, distributed denial of service (DDoS) attacks, and theft of personally identifiable information (PII), to more advanced activities—including social media-driven influence operations, destructive malware, and, potentially, cyber-enabled kinetic attacks, warns the Cybersecurity and Infrastructure Security Agency (CISA).

from Cyber Security News https://ift.tt/36GtkVX

Protecting healthcare organizations from cyberattacks

Healthcare is a vitally important industry, especially today. Sadly, healthcare organizations are frequently the targets of cyberattacks. This is especially important today because many of these attacks impede the ability of the organizations to offer care to their patients. The most severe attacks can even cause life-threatening situations.

from Cyber Security News https://ift.tt/3qrQrLN

In 2020, coronavirus concerns are a cloud security catalyst

One lesson that is underscored by the disruption of COVID and the resulting transformation of business operations is the importance of IT modernization. Here, we know that business leaders understand its significance, but we also see evidence that failing to embed security into the strategies and plans for IT modernization may be a difference-maker.

from Cyber Security News https://ift.tt/33LPlAJ

End the vicious ransomware cycle

A cold reality in today’s enterprise is that ransomware is looming and threatening organizations constantly – like a lion behind the tall grass waiting patiently for its prey. It has unequivocally become the biggest threat to an enterprise alongside malware and phishing, even more so than a natural disaster or hardware failure, or a zero-day attack.

from Cyber Security News https://ift.tt/3gemiuz

The top 10 data breaches of 2020

Recent data from Risk Based Security revealed that the number of records exposed has increased to a staggering 36 billion in 2020. There were 2,935 publicly reported breaches in the first three quarters of 2020, with the three months of Q3 adding an additional 8.3 billion records to what was already the “worst year on record.” Here, we bring you our list of the top 10 data breaches of 2020.

 

from Cyber Security News https://ift.tt/37wTrhg

Best practices for protecting your data from ransomware

Ransomware penetrates an organization’s IT infrastructure through phishing emails or endpoint vulnerabilities and then encrypts files, holding data hostage until a fee is paid to decrypt them. The FBI has deemed ransomware the fastest growing malware threat, causing significant revenue loss, business downtime and reputational damage. It’s critical organizations protect their data by following the best practices.

from Cyber Security News https://ift.tt/36CcIyr

Mitigating DDoS attacks with network function virtualization

Distributed denial of service (DDoS) attacks are more than an inconvenience; they paralyze operations and cause significant direct and indirect costs to those affected. Over 23,000 DDoS attacks are recorded per day, leaving companies to deal with disrupted online services. Recently, New Zealand’s Stock Exchange (NZX) was hit by a large DDoS attack for four consecutive days which led to a stock market closure that barred many from trading.

from Cyber Security News https://ift.tt/39FCt32

Upcoming guidance from DHS S&T will improve critical infrastructure resilience

The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) will be releasing a document that provides a roadmap to threat mitigation of Position, Navigation, and Timing (PNT) services, a national critical function powering many of the critical infrastructure sectors that enable modern society. The conformance framework was developed with input from industry stakeholders and will help critical infrastructure owners and operators make risk-informed decisions when deciding what PNT equipment to deploy. It provides distinct levels of resilience so end users can choose equipment that’s appropriate for their needs, based on criticality and risk tolerance.

from Cyber Security News https://ift.tt/2JBVuIx

Global phishing campaign targeting the COVID-19 vaccine cold chain

IBM X-Force has released a report on malicious cyber actors targeting the COVID-19 cold chain—an integral part of delivering and storing a vaccine at safe temperatures. Impersonating a biomedical company, cyber actors are sending phishing and spearphishing emails to executives and global organizations involved in vaccine storage and transport to harvest account credentials. The emails have been posed as requests for quotations for participation in a vaccine program.

from Cyber Security News https://ift.tt/3lJGfuF

$10 credit cards, $2 PayPal accounts, and more on the dark web this holiday season

This holiday season, more consumers than ever will be shopping digitally - and cybercriminals are already capitalizing on the opportunity. Greg Foss, Senior Cybersecurity Strategist at VMware Carbon Black, looked through the dark web to find that: There’s a continued rise in e-skimming attacks in the retail sector, where attackers inject JavaScript into website payment processing pages in order to siphon credit cards and account credentials from customers. 

from Cyber Security News https://ift.tt/3qoR9t5

Tighter identity and asset management is essential to WFH security

There is a need to rethink enterprise security. User identity has become a critical cybersecurity concern as more remote WFH users have gained secure ID and access to corporate documents and data. A one-problem, one-tool approach to security is no longer sustainable.

from Cyber Security News https://ift.tt/2JD0tbW

CISA warns APT groups targeting US think tanks

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have observed persistent continued cyber intrusions by advanced persistent threat (APT) actors targeting U.S. think tanks. This malicious activity is often, but not exclusively, directed at individuals and organizations that focus on international affairs or national security policy. The following guidance may assist U.S. think tanks in developing network defense procedures to prevent or rapidly detect these attacks.

from Cyber Security News https://ift.tt/37p2PU4

Turla Crutch attacks Ministry of Foreign Affairs in an EU country, misuses Dropbox in cyber-espionage

ESET researchers discovered a previously undocumented backdoor and document stealer used for cyber-espionage. ESET has been able to attribute the program, dubbed Crutch by its developers, to the infamous Turla APT group. It was in use from 2015 until at least early 2020. ESET has seen Crutch on the network of a Ministry of Foreign Affairs in a country of the European Union, suggesting that this malware family is only used against very specific targets. These tools were designed to exfiltrate sensitive documents and other files to Dropbox accounts controlled by Turla operators.

from Cyber Security News https://ift.tt/39zqQug

5 minutes with David Bodnick - Is the California Privacy Rights Act (CPRA) effective?

On November 4, 2020, the YES on Prop 24 campaign announced the passage of the California Privacy Rights Act (CPRA), with a majority of Californians supporting the measure to strengthen consumer privacy rights. The new law aims to give Californians the strongest online privacy rights in the world. But, does the CPRA do enough to advance the data privacy of California consumers? Many security and privacy leaders argue that it does not. To find out more, we talk to David Bodnick, Chief Technology Officer and co-founder of Startpage, a private search engine. 

from Cyber Security News https://ift.tt/33BKPoo

Workforce risk reaches five year high reveals International SOS Risk Outlook 2021

The risk level to the global workforce has reached its highest since 2016 according to the findings of the International SOS Risk Outlook 2021. The outlook reveals findings from the Business Resilience Trends survey of over 1,400 risk professionals across 99 countries, carried out by Ipsos MORI. It also brings together insights from the Workforce Resilience Council and extensive International SOS proprietary data.

from Cyber Security News https://ift.tt/37rvFDp

FBI warns of BEC scammers using email forwarding

The U.S. Federal Bureau of Investigation (FBI) issued a Private Industry Notification alert, noting that cybercriminals are increasingly implementing auto-forwarding rules on victims' web-based email clients to conceal their activities. According to the FBI, cybercriminals then capitalize on this reduced visibility to increase the likelihood of a successful business email compromise (BEC).

from Cyber Security News https://ift.tt/3ol3Y61

14% rise in suspected 2020 holiday weekend e-commerce fraud

TransUnion released new findings around online retail trends during the start of the 2020 global holiday shopping season. The research shows a 1% decrease in suspected online retail fraud worldwide during the start of the 2020 holiday shopping season compared to the same period in 2019, a 59% increase from the same period in 2018 and a 14% increase from all of 2020 so far. The findings are based on the same-store sales analysis of TransUnion’s e-commerce customers during the traditional start of the global holiday shopping season, Thanksgiving to Cyber Monday.

from Cyber Security News https://ift.tt/2VEiDNr

MIT Technology Review hosts inaugural CyberSecure conference Dec 2-3, 2020

MIT Technology Review's December 2-3 virtual conference — called CyberSecure — will offer practical guidance on how your organization can respond to a cyber-breach, and how you can prevent such intrusions from happening in the first place.

from Cyber Security News https://ift.tt/33vmIry

NSA announces winner of 8th Annual Best Scientific Cybersecurity Research Paper Competition

The National Security Agency’s Research Directorate has announced it has selected “Spectre Attacks: Exploiting Speculative Execution” as the winner of its 8th Annual Best Cybersecurity Research Paper competition. Originally published at the 2019 IEEE Security & Privacy Symposium, the winning paper, in combination with Meltdown, another award-winning paper released earlier by the same researchers, launched a global effort to mitigate critical vulnerabilities in processors. 

from Cyber Security News https://ift.tt/3mxZBUM