Businesses worldwide face a sense of creeping dread and imminent disruption due to the threat of cybercrime. Nowadays, they are more prone than ever to terrors such as malware hijacking browsers to sniff or intercept application authentication credentials. Then there are the strains of malware that target financial logins to menace both browser and mobile clients.
There’s no way around it. Getting your cybersecurity posture right is the only way to stay safe. Get it wrong, however, and you’ll get the fright of your life in the shape of EU’s General Data Protection Regulation (GDPR) enforcement. There is definitively nowhere to hide this Halloween if you’re breached or fall short of tightening compliance expectations.
Read about the cybercrime threat and about the preventative measures you can take to improve your security posture and safeguard your employees’ applications and sensitive data on Information Security Buzz.
There is a broad spectrum of cybersecurity preparedness on the enterprise landscape, but even organizations that are relatively well-resourced and committed to cybersecurity stand to benefit from cybersecurity audits. Recent audit findings revealed gaps in the Washington Metropolitan Area Transit Authority’s cybersecurity posture, while deficiencies were similarly pinpointed in an audit of the Michigan Department of Technology, Management and Budget.
There is no question that, in many cases, earlier and expanded input from auditors would have helped organizations that have suffered high-profile cyberattacks from sifting through the financial and reputational damage that ensued.
Read more about the importance of cybersecurity audits on DarkReading.
In 2018, the average cost of a data breach is more than $3.75 million, and experts expect this number to rise in the coming years. This staggering—and potentially catastrophic—cost per incident is why implementing proper security practices is so important, so it is vital that enterprises both large and small understand how to secure their IT environments successfully.
So, what should you be measuring when it comes to your security program? As the old saying goes: If you can’t measure it, you can’t manage it.
Read about four Key Performance Indicators (KPIs) that can help enterprises navigate the murky waters of cybersecurity and reduce anxiety surrounding the possibility of cyber attacks, on Help Net Security.
The idea of using the internet to commit crimes isn’t new, but the problem continues to grow as people become more reliant on the internet for making purchases and storing personal information. Just as you’d take steps to defend yourself from crime in a major city, you should do so while using the internet. Sometimes, avoiding a questionable areas isn’t enough.
To help you out, Cloudwards has published a new guide to cybercrime that explores the most potent threats on the internet today.
Read the full overview of the common kinds of cybercrime, which includes real-world examples and suggest tools you can use to protect yourself, on Cloudwards.
This year we’ve seen massive malware attacks spanning from nation state campaigns originating in North Korea and Russia to popular restaurants and everything in between. Each new incident serves as a grim reminder to business leaders that hackers will not relent. Yet with cloud adoption growing rapidly in the enterprise, the odds of a malware infection spreading and leading to a potential breach are increasing.
According to a study conducted by the Ponemon Institute, almost 90 percent of businesses believe an increase in cloud usage will increase the probability of a data breach – and this trend isn’t going away anytime soon.
“Managing risk is one of the most, if not the most important, functions in an organization,” says Tony Martin-Vegue, enterprise security management strategist for LendingClub, a peer-to-peer lending company based in San Francisco. “It’s really important to have a structured, formalized process for measuring risk, managing risk, and the entire remediation process.”
Large organizations will have teams dedicated to assessing and re-assessing risk on a regular basis. Small organizations may lack the team, but they will not lack the need to understand what risks IT faces and how those risks are reflected in the rest of the business units.
Read about seven steps that apply to a variety of frameworks — and that are applicable no matter where the risk assessment process takes your organization, on DarkReading.
While the importance of keeping passwords secure is not a new idea, nearly half of companies are still struggling to get a handle on the issue, according to the LastPass 2018 Global Password Security Report. The report found that password sharing is common in the workplace, with employees sharing an average of six passwords with their coworkers.
Using anonymized data from more than 43,000 organizations, the report determined each company’s security score and password strength score. Even though publicity on the importance of password security has increased in the past year, the average password security score of organizations was found to be 52 out of 100.
Read more about the findings of the LastPass report on TechRepublic.
When Sir Tim Berners-Lee invented the web, he made it easy for everyone to use it and share information. Fast forward 28-years, and your personal information is controlled largely by major companies. Enough already. Berners-Lee wants to put our data back in our hands.
Organisations need to shift their strategies and adopt a more proactive approach to their cybersecurity, according to a new report by 451 Research.
The report highlighted the following hurdles that organizations need to overcome to successfully shift their strategies: a profusion of tools and data that complicates an effective strategy; an over-reliance on people to resolve security issues; a “one size fits all” mentality that leads to tools and processes insufficiently flexible to serve real-world people and processes; lopsided investments in reactive measures that too often result from these failures.
Chances are good there’s a phishing scam lurking amid your emails right now. If there isn’t, then perhaps there will be tomorrow, or the next day. The question is, will you fall for it?
Webroot has scanned thousands of phishing emails from the past 18 months to learn more about the trends around common subject lines designed to trick targets. Webroot CISO Gary Hayslip presented the findings to about 100 fellow CISOs around the country and learned “almost everybody’s seeing the same thing,” he says. Financially related messages and notions of urgency are commonly seen in phishing emails, albeit under different subject lines.
Learn what the most commonly used phishing subject lines are, what messages they include, and what they reveal about their attackers’ goals and tactics, on DarkReading.