On a daily basis, the news is filled with stories about things that "should never have happened".  Last weekend’s headline, "Improvised Explosive Device Explodes in New York City’s Chelsea Neighborhood", is one tragic example. No one could have anticipated the attack, but through the use of cameras placed throughout the area, law enforcement was able to identify a suspect and track his movements within hours.

In the real world, no one can know every single threat that could exist in the future, or when it might happen. You can make educated guesses with the right intelligence and data, but you can’t predict with certainty. This is why New York, London, and other metropolitan areas have installed surveillance cameras. They’ve done this so that if a situation does unfold, they can quickly triage and provide authorities with immediate and accurate information to inform response and investigation.

Continue reading →

Data breaches have become the norm in recent years with 2014 earning the nickname the "year of the data breach" and 2015 being known as the "year of the breach". So far in 2016, even more data breaches have been made public, including LinkedIn, MySpace and Dropbox and we will likely see more before the year comes to a close.

For companies, being the victim of a breach is unnerving enough, but there also implications to their reputation, brand and finances. However, breaches also have an indirect impact on organizations and some end up facing the "collateral damage" of such an attack for some time after the initial breach.

Continue reading →

Breaches and attacks have run rampant through most major industries, and organizations are beginning to realize the importance of employee and stakeholder security awareness. Healthcare and retail have been in the brightest spotlights with the rise in ransomware and credit card data breaches in the last couple of years, but they are not the only ones facing this challenge. Wombat Security's Beyond the Phish report found that telecommunications and transportation industries also struggle with a wide range of security issues.

Ultimately, an organization can improve its defenses by elevating the level of security best practices across its employees and addressing the biggest offending categories of awareness.

Continue reading →

Data protection has historically been viewed as a function owned by a few individuals, or the domain of the IT department. However, it is vital that all employees share the responsibility of preventing and mitigating information security breaches.

When an organization creates a corporate culture dedicated to data protection, it provides more disciplined operations, increased customer and stakeholder trust, and minimized risk.

Continue reading →

Yahoo users who have not changed their passwords for a while are being advised to do so. The company has confirmed that it suffered a major security breach back in 2014 and information relating to 500 million accounts was stolen.

Yahoo says that the attack was carried out by a "state-sponsored actor" but does not elaborate on who it might be. The data accessed includes "names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers".

Continue reading →

Attacks on websites are a daily occurrence so to get any real attention an attack needs to be something special. Starting on Tuesday, Brian Krebs' security blog, KrebsOnSecurity.com, was hit with what is being described as "the largest DDoS the internet has ever seen".

Despite being clobbered with a colossal 665 Gbps of traffic, Krebs' site remained online thanks to the anti-DDoS efforts of security firm Akamai. It is thought that Krebs was targeted for his exposés of hackers, and the attack was delivered via a huge number of hacked IoT devices.

Continue reading →

A new study reveals that 53 percent of IT professionals use common, but ineffective, methods to erase data on corporate computers, external drives and servers.

The survey by Blancco Technology Group of over 400 professionals worldwide found that 31 percent report dragging individual files to the Recycle Bin and 22 percent reformat the entire drive.

Continue reading →

A majority of enterprises (79 percent) say they have taken action to improve their security in response to major cyber attacks. However, 40 percent of organizations still store privileged and admin passwords in a Word document or spreadsheet, while 28 percent use a shared server or USB stick.

This is among the findings of the 10th annual Global Advanced Threat Landscape Survey from cyber security company CyberArk which looks at whether organizations are learning lessons from cyber attacks.

Continue reading →

The number of breaches and their severity are both growing, a new report by digital security company Gemalto is saying.  Titled Breach Level Index, it says there has been 15 percent more data breaches in the first half of 2016, compared to the last six months of 2015.

A total of 974 data breaches were reported worldwide, amassing 554 million compromised data records, in the first half of 2016. It is also interesting that in more than half of cases (52 percent), the number of compromised records were not disclosed at the time of reporting. Looking specifically at the UK, there have been 61 breaches, most of which happened at the government sector (14). Finance and healthcare sectors were close second and third.

Continue reading →

In the first six months of 2016 users were twenty percent less likely to encounter malware than in the same period last year. But although attacks are decreasing they’re getting more sophisticated and often disappear within hours having achieved their aims.

These are the key findings of the latest Webroot Quarterly Threat Report, based on information collected from millions of endpoints, released today.

Continue reading →

The highest rates of ransomware are now found in the education and government sectors according to the findings of a new report from BitSight.

The report looks at how ransomware is impacting almost 20,000 companies in six major industries: finance, retail, healthcare, energy/utilities, government and education. The findings show that the rate of new ransomware strains, such as Locky and Cryptowall, has spiked over the last couple of years, and numerous industries are beginning to fall victim to these ransomware attacks.

Continue reading →

Oracle has announced that it will purchase the cloud access security broker (CASB) Palerra, making this the company's eight acquisition in 2016.

The deal was announced at the beginning of Oracle OpenWorld in San Francisco and the amount which the company is paying for Palerra has yet to be disclosed. Oracle made the decision to purchase the company for its Loric software product as it "protects and assures compliance of applications, workloads and sensitive data stored across cloud services".

Continue reading →

Traditional approaches to deploying security controls don't always provide appropriate or sufficient protection for mission-critical information assets.

Aiming to support enterprises in guarding this information, the Information Security Forum (ISF) is launching 'Protecting the Crown Jewels', a series of reports based on the ISF Protection Process, to help organizations formulate a structured, methodical process to deliver comprehensive, balanced protection.

Continue reading →

A company is rarely attacked by a DDoS (distributed denial of service) just once. If it happens once, it will probably happen again, which is why constant preventive measures are required, if a company wants to keep their online services operational.

These are the results of a new report by Kaspersky Lab. Entitled Corporate IT Security Risks 2016, it says that one in six companies were victims of DDoS attacks in the past 12 months. The majority of those attacks were aimed against construction, IT and telecommunications companies.

Continue reading →

The potential for data loss is there for all businesses, but smaller organizations often don’t have the resources to guard against it as effectively as larger ones.

Safetica, an established European data loss prevention company, is launching in North America and aiming its software at small and medium businesses. It's easy to use, helps businesses of all sizes comply with regulations, and Safetica provides support before and after deployment at no charge.

Continue reading →