Collaborate Disseminate
In the last few years, the attack surface has changed from defending the perimeter to protecting applications in the cloud, leaving CISOs wondering how they can best allocate funds to stay ahead of attacks.To read this article in full or to leave a co… Continue reading Understanding the attack surface to better allocate funds
As-a-service offerings for things such as DDoS and malware — including ransomware — via exploit kits has seriously lowered the bar for entry into the criminal market. Hackers no longer need to have sophisticated skills in order to gain entry into the world of cybercrime.
According to Geoff Webb, vice president of strategy at Micro Focus, the industrialization of the processes and the availability of the tools has created this expanded forum that allows non-technical people, anyone really, to enter into the digital crime market.
To read this article in full or to leave a comment, please click here
Continue reading Rise of as-a-service lowers bar for cybercriminals
As-a-service offerings for things such as DDoS and malware — including ransomware — via exploit kits has seriously lowered the bar for entry into the criminal market. Hackers no longer need to have sophisticated skills in order to gain entry into the world of cybercrime.
According to Geoff Webb, vice president of strategy at Micro Focus, the industrialization of the processes and the availability of the tools has created this expanded forum that allows non-technical people, anyone really, to enter into the digital crime market.
To read this article in full or to leave a comment, please click here
Continue reading Rise of as-a-service lowers bar for cybercriminals
Like him or hate him, there’s no debating that President Trump loves to tweet. What is up for debate, though, is whether his tweet storms will complicate what is already stressful work for the Secret Service.
Enormous effort goes into protecting the President and his staff from hackers, and any tweets that could be deemed argumentative, hostile, or reactionary could elevate the risk of a targeted cyber attack on the White House.
In the same way, executives at major enterprises also need to be cautious in how they choose to represent the company through social media.
This type of security, said Larry Johnson, ex Secret Service agent and CSO of CyberSponse, is not just protecting the individual. Whether it’s the Secret Service or the security team, “They’re protecting the company, the country, the assets.”
To read this article in full or to leave a comment, please click here
Continue reading What company execs can learn from Trump’s tweeting
Like him or hate him, there’s no debating that President Trump loves to tweet. What is up for debate, though, is whether his tweet storms will complicate what is already stressful work for the Secret Service.
Enormous effort goes into protecting the President and his staff from hackers, and any tweets that could be deemed argumentative, hostile, or reactionary could elevate the risk of a targeted cyber attack on the White House.
In the same way, executives at major enterprises also need to be cautious in how they choose to represent the company through social media.
This type of security, said Larry Johnson, ex Secret Service agent and CSO of CyberSponse, is not just protecting the individual. Whether it’s the Secret Service or the security team, “They’re protecting the company, the country, the assets.”
To read this article in full or to leave a comment, please click here
Continue reading What company execs can learn from Trump’s tweeting
Macs are really no more secure than a PC, but for many years there just weren’t as many out there because of the expense of the hardware and other issues. They’ve historically been a much less popular choice among both consumers, enterprises, and hackers alike.
The PC attack surface is much wider; therefore, criminals develop malware that works on PCs because the payout is much higher. James Plouffe, lead solutions architect at mobile-security company MobileIron, said there are, however, a couple of oft-overlooked things that also protect Macs.
First, Plouffe said, “MacOS is actually BSD Unix derivative. Granted, it’s heavily customized but this meant that, unlike Windows (which had a long tail of viruses reaching back to the days of MS-DOS), bad actors had a lot more heavy lifting to do to be able to attack macOS.”
To read this article in full or to leave a comment, please click here
Machine learning has moved enterprise security forward, allowing for visibility inside the network in order to better understand user behavior. However, malicious actors are using what is done with machine learning on the inside in order to attack the perimeter.
Specifically, these types of attacks include DNS tunneling, attaching to Tor networks, and sending rogue authentication requests to directory services. Tom Gorup, security operations leader for Rook Security, said that in addition to these threats, “In general what we are seeing across the board is phishing, from wire fraud to distribution of malware. Generally we’re seeing scans they’re attempting to exploit.”
To read this article in full or to leave a comment, please click here
Continue reading Machine behaviors that threaten enterprise security
The exponential growth of cyber risk has impacted roles for the CISO and the CEO, among others, but it has also left board members a little in the dark when it comes to understanding the risks associated with cybersecurity.
The National Association of Corporate Directors, NACD, who represents 88 percent of the Fortune 1000, recently released a Cyber-Risk Oversight Handbook. In an effort to set standards for corporate board leadership, they surveyed corporate board members and found that only 11 percent of today’s directors have a high understanding of cyber risks.
To read this article in full or to leave a comment, please click here
The exponential growth of cyber risk has impacted roles for the CISO and the CEO, among others, but it has also left board members a little in the dark when it comes to understanding the risks associated with cybersecurity.
The National Association of Corporate Directors, NACD, who represents 88 percent of the Fortune 1000, recently released a Cyber-Risk Oversight Handbook. In an effort to set standards for corporate board leadership, they surveyed corporate board members and found that only 11 percent of today’s directors have a high understanding of cyber risks.
To read this article in full or to leave a comment, please click here
The adage about what happens when people make assumptions is one that many in security would be wise to recall. Worse than making a donkey of themselves, security practitioners that make assumptions put the enterprise at risk.
Andrey Pozhogin, cybersecurity expert at Kaspersky Lab, said thinking they’re protected from DDoS attacks is one of the most dangerous assumptions businesses make.
A recent Kaspersky Lab survey found that 40 percent of organizations fail to put preventative measures in place because they think their Internet service provider will protect them.
In addition to those that assume their ISPs are protecting them, the survey found an additional one-in-three (30 percent) think their data center or infrastructure partners will protect them.
To read this article in full or to leave a comment, please click here
Continue reading Dangerous assumptions that put enterprises at risk