How Traditional Training Is Weakening Businesses’ Cybersecurity

Just a decade ago, cybersecurity was a relative myth to the public – something taken care of by any old antivirus and certainly nothing to worry about. But as the internet age gathered momentum, rolling like a freight train on an endless slope, things changed. Cyber attackers were not perceived as hoodie-wearing teens with abundant spare time anymore, but seen for what they are: organized, often well-funded groups – and a genuine menace to society.

The evolving threat landscape has changed the way cybersecurity is viewed by businesses, too. No longer should it be handled by a select few while other employees move irresponsibly through the digital world; instead, it is something of which every employee must be aware. But traditional training models, whereby swathes of employees travel to one-day events periodically, are expensive – and not very practical either.

Complete article on forbes.com

Hunt for Red Bugtober: US military’s weapon systems riddled with security holes

Computer security vulnerabilities are widespread in US military hardware, and the Pentagon is only beginning to understand how to fix them.

This is according to a October report on cybersecurity practices in Uncle Sam’s armed forces, drawn up by the Government Accountability Office (GAO).

Leading with the subtle title “DOD Just Beginning to Grapple with Scale of Vulnerabilities,” the dossier outlines how known exploitable flaws in components like micro-controllers, industrial control system boards, and management software, are being left un-patched with little in the way of plans to address them. That’s bad news as more and more stuff is hooked up to computer networks and the internet, from where holes can be potentially exploited.

Complete article on theregister.co.uk

The Biggest Email Security Challenge Facing Organizations Today

Email is the single most effective and commonplace way of reaching someone in the business world today. Even as other methods of digital communication have come and gone over its 40-year history, email remains the backbone of business communications with 3.7 billion users worldwide collectively sending 269 billion messages every day.

But email’s ubiquity and popularity comes at a price: vulnerability. With the growing prevalence and success of targeted social engineering attacks, email continues to be a shockingly easy entry point for cybercriminals. In fact, the FBI’s 2017 Internet Crime Report indicates that business email compromise and phishing drive 48 percent of ALL internet crime-driven financial loss – more than all other business-related internet crime combined. Depending on their form, these targeted attacks are called by a number of names – spear phishing, business email compromise, impersonation, credential theft, etc. – and have a disproportionately large impact on an organization as they gain access to confidential information, intellectual property and in many circumstances, east-west migration attacks that go from email into core backend systems that contain customer data or even financial access.

Complete article on securitymagazine.com

Google Outlines Incident Response Process for Cloud Customers

In its ongoing campaign to build trust through transparency, Google this week released a white paper describing the company’s process for responding to incidents impacting the confidentiality, integrity or availability of customer data.

The paper shows that Google has implemented a four-phased approach for responding to data incidents, which it describes as a breach of Google security that results in the disclosure, alteration or destruction of customer data in its care.

Complete article on eweek.com

How To Protect Yourself Against a SIM Swap Attack

A spate of hacked Instagram accounts. A $220 million lawsuit against AT&T. A bustling underground crime ring. They all have roots in an old problem that has lately found new urgency: SIM card swaps, a scam in which hackers steal your mobile identity—and use it to upend your life.

At its most basic level, a SIM swap is when someone convinces your carrier to switch your phone number over to a SIM card they own. They’re not doing it for prank call cover, or to rack up long-distance charges. By diverting your incoming messages, scammers can easily complete the text-based two-factor authentication checks that protect your most sensitive accounts. Or, if you don’t have two-factor set up in the first place, they can use your phone number to trick services into coughing up your passwords.

Complete article on wired.com

Cybersecurity pros are limiting their personal use of Facebook, survey says

About 65% of surveyed current and former attendees at the annual Black Hat USA security conference say they’re limiting their use of Facebook or not using it at all after the recent controversies over the company’s security practices, Black Hat reports.

The organization has surveyed its attendees on security matters annually since 2015, and the majority of those surveyed reported working in a computer security profession. This year’s survey generally found attendees pessimistic about the outlook for privacy and security.

Complete article on fastcompany.com

Report: 99.7% of web apps have at least one vulnerability

Nearly every web application has at least one vulnerability, according to the 2017 Trustwave Global Security Report, released Tuesday. Of the apps scanned by Trustwave for the report, 99.7% included at least one vulnerability, with the mean number of vulnerabilities in web apps being 11.

In addition to looking at application security, the Trustwave report also includes information on data breaches as well. The median number of days it took to detect an intrusion dropped to 49 in 2016 from 80.5 days in 2015. However, internally-detected breaches were typically found in about 16 days, a much shorter time period.

 

Complete article on techrepublic.com

Business Email Compromise Losses Top $12B, FBI Warns

The FBI has revised its figure for the total amount of financial losses from business email compromise attacks, as real estate-related scams grow.

Among the most impactful cyber-attacks is business email compromise (BEC), where criminals trick unsuspecting organizations into paying fraudulent invoices.

The FBI has calculated the estimated impact of BEC attacks that it is aware of and has determined that between October 2013 and May 2018, there has been $12.5 billion in global losses. During that period, the FBI has estimated that approximately $2.9 billion has been stolen from U.S victims.

Complete article on eweek.com

Crypto-Mining Malware Rising Fast, Hackers Increasingly Targeting Cloud

Check Point’s mid-year cyber-attack report reveals that 42 percent of organizations globally have been hit by crypto-mining intrusions and that sophisticated attacks on cloud infrastructures are growing.

During the last couple of years, cyber-security has been largely about the huge influx of malware flowing through the veins of the internet. The problem hasn’t gone away by any means, but now in 2018 there’s an even larger threat: crypto-mining-specific malware.

Complete article on eweek.com