Break out of malware myopia by focusing on the fundamentals

Organizations today suffer from malware myopia, a condition characterized by threat-centric security programs caused by the ease of imagining a takedown by malicious code. Malware myopia is a mental bug; a defect in reasoning that scrambles people’s ju… Continue reading Break out of malware myopia by focusing on the fundamentals

Cyber hygiene training is infrequent and inconsistent

Finn Partners Research released findings from its Cybersecurity at Work study that examined the level of cyber risk that employees pose to their organizations. The in-depth study, which surveyed 500 full-time office employees across the US, found that … Continue reading Cyber hygiene training is infrequent and inconsistent

DNC pushes employees, campaigns to embrace email security habits ahead of midterms

Staffers at the Democratic National Committee are getting better at spotting phishing emails, a skill that became a top priority after Russian-linked hackers breached the DNC during the 2016 U.S. presidential campaign, according to Chief Technology Officer Raffi Krikorian. Krikorian and his team have been challenging their colleagues to spot fake malicious emails. Since September of last year — primarily through a phishing simulation platform named Wombat — the DNC’s tech team has been targeting co-workers as part of a broad effort to evaluate internal cybersecurity risks. Staffers are graded on their ability to spot, report and avoid emails that in a real-world scenario might carry malware. The ongoing exercise is helping Krikorian and DNC Chief Information Security Officer Bob Lord learn how often any person in the organization is likely to click a suspicious email attachment. “People have such PTSD about what happened in 2016 that there’s a real desire to improve [security] here,” Krikorian […]

The post DNC pushes employees, campaigns to embrace email security habits ahead of midterms appeared first on Cyberscoop.

Continue reading DNC pushes employees, campaigns to embrace email security habits ahead of midterms

Clean IT Up: Cyber Hygiene Controls Tips

October is national cybersecurity awareness month, and with the recent hacks at Door Dash, the discovery of a large-scale iOS hacking campaign, and a database containing 419 million phone numbers associated with Facebook accounts, we’re all … Continue reading Clean IT Up: Cyber Hygiene Controls Tips

Critics slam cyber hygiene bill as redundant, confusing

A new bill that would direct federal scientists to come up with a short list of cybersecurity best practices for consumers, businesses and federal agencies is sparking concern from some observers, who fret it will reinvent the wheel, create confusion, and fail to be effective because best practices are widely ignored. The bill, which has bicameral and bipartisan support, would mandate scientists at the National Institute for Standards and Technology to partner with the Department of Homeland Security and the Federal Trade Commission in order to create concise, voluntary guidelines for basic online security measures, dubbed “cyber-hygiene.” Critics say they are already several existing lists of best practices, including the Top 20 and Top 5 Security Controls list maintained by the non-profit Center for Internet Security. “I am all for improving hygiene, but this bill will have no positive impact and because it will create another set of  ‘best practices’ [and] it […]

The post Critics slam cyber hygiene bill as redundant, confusing appeared first on Cyberscoop.

Continue reading Critics slam cyber hygiene bill as redundant, confusing

Bipartisan bill tells NIST to develop ‘cyber-hygiene’ guide for public, businesses

Federal scientists at the National Institute for Standards and Technology would be tasked — in consultation with the Department of Homeland Security and the Federal Trade Commission — to develop concise voluntary guidelines for basic online security measures, called cyber-hygiene, under a new bipartisan bill introduced in both chambers of Congress. The bill would also mandate DHS to investigate the cybersecurity risks posed by the burgeoning number of small, cheap devices connected to the web as part of the mushrooming internet of things or IoT. In the Senate, S.1475 — “A bill to provide for the identification and documentation of best practices for cyber hygiene by the National Institute of Standards and Technology, and for other purposes” — was introduced Thursday by Republican Orin Hatch of Utah, chairman of the powerful Finance Committee, and Democrat Ed Markey of Massachusetts, a veteran of tech-policy debates. The House version, HR.3010, the Promoting Good Cyber Hygiene Act […]

The post Bipartisan bill tells NIST to develop ‘cyber-hygiene’ guide for public, businesses appeared first on Cyberscoop.

Continue reading Bipartisan bill tells NIST to develop ‘cyber-hygiene’ guide for public, businesses