LADING

A look into the crystal ball: Cybersecurity predictions for 2018

“We expect more exploitation of information as a weapon for financial, political and other gains. As we’ve seen numerous times, including with Equifax this year, these breaches can have a huge reputational and financial impact. Cybersecurity professionals must be prepared to stay ahead of malicious actors to ensure they are not gaining entry to sensitive files and email communications,” concludes Ferrante.

FULL STORY

Anonymous no more: Reusing complex passwords gives your identity away

Anonymous no more: Reusing complex passwords gives your identity away A person trying to stay anonymous might think that if they were to reuse that password, there would be no way to unmask their identity. Yet that is not true, according to article posted on STS Cyber Research. In this case, the research showed, the rarer your password is, the more it “uniquely identifies the person who uses it. If a person uses the same unique password with multiple accounts, then that password can be used as a digital fingerprint to link those accounts.” Although this is not something previously unknown, there seems to be a lack of awareness about the practice.

FULL STORY

NIST develops draft update to cyber-security framework

Providing new details on managing cyber supply chain risks, clarifying key terms, and introducing measurement methods for cyber-security, the updated framework aims to further develop NIST’s voluntary guidance to organizations on reducing cyber-security risks. The Cyber-security Framework was published in February 2014 following a collaborative process involving industry, academia and government agencies, as directed by a presidential executive order.

FULL STORY

This Team Is a Lean, Mean Cyber Crime-Fighting Machine

The human factor is important in this equation. It is vital for defenders to know their enemies—especially how they think. Attackers know very well how to exploit the vulnerabilities of security technologies. Furthermore, they are aware of how unprepared many organizations are to react to an attack or even coordinate efforts. Hackers try to get in where they are least expected. If defenders do not know how a hacker thinks or acts, then they will only be in an onlooker’s position.

FULL STORY

Holiday IoT Gifts and Home Security – What You Need to Know

There are enough pros, cons, and security risks to each Internet of Things (IoT) toy to fill blog posts between now and next December, but today we’re going to give you some information to consider before you pair that new toy doll to your home wireless network or your phone, and it might encourage you to keep a gift receipt… So, in the spirit of the season, here’s to adding a little security and privacy into your new stash of connected devices!

FULL STORY

Approaching cybersecurity as a critical business function

SMBs sometimes lack skilled security staff which can lead to confusion on how to implement cybersecurity controls to meet compliance with their industry regulations. Keeping all of this in mind, SMBs can reduce risk exposure to their critical data and business operations without having to incur significant costs by following these security steps.

FULL STORY

2017 Year in Review: Cyber-Security Faces Challenges Old and New

A number of key cyber-security events took place in 2017—involving ransomware, including WannaCry and NotPetya; misconfigured Amazon cloud storage disclosures; new vulnerabilities such as KRACK; and mega-breaches such as the Equifax attack. Many of those big cyber-security incidents had a common root cause: the lack of patching.

FULL STORY

The Problem with Cybersecurity Regulations

Countries may be able to defend data in their own jurisdictions, but if companies in a specific country want to do business with the world, they have to take what they're given – even if it comes from companies in another jurisdiction that have less stringent security standards. Seeking to impose worldwide standards might entail developing an international protocol, similar to the agreements sponsored by groups like the World Trade Organization. In fact, at this year's RSA Conference, Microsoft Chief Legal Officer Brad Smith called for a Digital Geneva Convention.

FULL STORY

The Internet of Things Is Going to Change Everything About Cybersecurity

Removing the human risk means repositioning the way you think of the relationship between employees, connected devices, and overall corporate cyber defenses. You must accept that IoT and other security issues aren’t user interaction problems; they’re device and system interaction problems. The highly connected nature of IoT devices means that they’re constantly in communication, capable of spreading malware, and capable of leaping from system to system with no human interaction — all beyond the reach of current security solutions.

FULL STORY

3 Methods to Preserve Digital Evidence for Computer Forensics

Some clients who hire us to conduct forensic investigations have had their critical systems compromised and need to recover deleted files, images, logs, and emails. Others need legally admissible evidence to submit to the courts. [...] A successful outcome rests partially on my shoulders but it also depends on what you do prior to my arrival.

FULL STORY

The Pluses and Perils of Trump's Cyber Strategy

When it comes to basic management of the government’s cybersecurity responsibilities, they say, it might be difficult to distinguish Trump’s cybersecurity program from his predecessor’s. When it comes to shaping and enforcing international rules of the road in cyberspace, however, the Trump administration may be taking a step back from the U.S.’s historic role, a move experts worry could cede ground to an anti-Democratic model for the internet championed by U.S. adversaries such as Russia and China.

FULL STORY

Cybersecurity market slowdown? Not anytime soon

“IT analyst forecasts are unable to keep pace with the dramatic rise in cybercrime, the ransomware epidemic, the refocusing of malware from PCs and laptops to smartphones and mobile devices, the deployment of billions of under-protected Internet of Things (IoT) devices, the legions of hackers for hire, and the more sophisticated cyber attacks launching at businesses, governments, educational institutions, and consumers globally,” according to the report.

FULL STORY

Retailers facing a raft of cyber security threats

It’s often the case that attackers actually hit their target by compromising providers in the supply chain and then working their way into a retailer’s systems. To counter this, retailers need relationships with third parties that allow a certain degree of oversight to ensure that all the good security criteria such as audits, compliance requirements and security certifications are in place.

FULL STORY

New York is First State to Adopt Comprehensive Cybersecurity Regulations

Notable among the new requirements under the New York regulation is that all covered entities are responsible for retaining a “chief information security officer” (CISO) to implement and oversee the company’s cybersecurity program. This individual is responsible for maintaining compliance with the regulation for the company. The individual could be an employee or outside contractor.

FULL STORY

Companies must focus on managing cyber-attacks, not eliminating them

At a minimum, organizations should ensure that mechanisms are in place to minimize the damage caused by inevitable cyber-infiltrations so that if criminals are able to breach a system they won’t necessarily be able to exit with anything of value.

FULL STORY

Online Fraud Dropped 33 Percent Between Black Friday and Cyber Monday

The average online fraud rate in 2016 was 1.181 percent, dropping to 0.993 percent in 2017. During the Black Friday to Cyber Monday period in 2016, the online fraud rate was 1.373 percent -- it dropped to 0.921 percent during the same period in 2017. Similarly, fraud using U.S. IDs during the Black Friday to Cyber Monday period grew 182 percent from 2014 to 2016, then dropped 29 percent in 2017.

FULL STORY

Alleged Cyber Crime Kingpin Arrested in Belarus

Swedish-American cyber security firm Recorded Future said they have “a high degree of certainty” that the arrested Belarussian is “Ar3s”, a prominent hacker in the Russian speaking cybercrime underground since 2004, who the firm has identified as the creator of the Andromeda botnet, among other hacking tools.

FULL STORY

How cyber safe is your municipality?

IT security vulnerabilities need to be front-and-centre for municipal leaders and taxpayers. The failure to act or fund should be publicly reported. Citizens have a right to know just how cyber safe your community is. After all, it is a liability. It’s not severe weather, an old bridge or crumbling road. It’s mainly ones and zeros in a computer that too few municipal leaders show an active interest in.

FULL STORY

Cyber Pearl Harbor Versus The Real Pearl Harbor

“We are in the midst of a revolution in military affairs (RMA) unlike any seen since the Napoleonic Age, when France transformed warfare with the concept of levée en masse. Chief of Naval Operations Admiral Jay Johnson has called it ‘a fundamental shift from what we call platform-centric warfare to something we call network-centric warfare’, and it will prove to be the most important RMA in the past 200 years.”

FULL STORY

NATO Plots Cyber Warfare Rules

The move signals that NATO is preparing to develop the ability to respond military to state-sponsored computer hackers. This could mean that NATO doctrine shifts from a defensive stance, to a much more confrontational approach. The development comes after Western officials have pointed to the offensive cyber warfare capabilities of nation states such as Russia, China and North Korea.

FULL STORY