Getting senior managers to take computer security seriously is a struggle within many organisations, despite the frequency of high-profile data breaches and hacking incidents. Now the UK government’s computer security agency, the National Cyber Security Centre (NCSC), has put together a list of five questions aimed at starting ‘constructive’ discussions between executives and their computer security teams.
According to the NCSC, two-thirds of boards have received no training to help them deal with a cyber incident, and 10 percent have no plan in place to respond to one. These conversation-starters aim to bridge the gap between executives who don’t know about security issues and the IT department that may struggle to make its voice heard.
Read about the five questions that you should be able to answer on ZDNet.
Security trends come and go, but the sale of Remote Desktop Protocol (RDP) ports continues to thrive on the Dark Web as malicious hackers seek easier means of gaining access to corporate networks.
RDP is a Microsoft protocol and client interface used on several platforms. Most of the time, RDP is used for legitimate remote administration: when companies outsource IT, or remote admins have to access a colleague’s machine, they most commonly use RDP to connect to it. Unfortunately, RDP can also give hackers the keys they need to break into, move around, and steal data from enterprise targets.
Read more about how RDP ports are being sold on the Dark Web and learn how this puts your organization at risk, on DarkReading.
A group of researchers have proposed a new approach for keeping important documents safe: creating so many believable fakes that attackers are forced either to exfiltrate them all or to try to find the real one from within the system. Of course, both actions carry an increased risk of detection.
They’ve also demonstrated that creating and maintaining many fakes can be relatively inexpensive for the defenders, that the real document can be tracked among the fakes using secret sharing, while the knowledge of its nature is kept from the potentially compromised system.
Personal device use for remote work poses the biggest security risk to organisations safeguarding their increasingly mobile and cloud-based IT environment, according to a new survey of 100 UK-based senior IT security professionals. The findings also reveal that phishing attacks targeting user credentials continue to dominate as the primary source of security breaches.
Conducted from March to May by Rant, the survey found 58 percent of respondents believe that network access from non-corporate and personally-owned devices such as laptops, desktops or mobile phones is the highest risk in managing remote users, among other findings.
The recent boom in cyber crime means it is no longer a problem reserved for IT departments. It’s now a responsibility for the entire organisation – from C-level executives to those in marketing and sales, everyone must work together to tackle the threat.
Traditionally we have seen the majority of attacks aimed at businesses that hold valuable data and information, such as those in insurance or financial services. But with hackers growing more sophisticated and looking to pick apart system vulnerabilities anywhere they can, no one is safe. This is why effective cyber security is vital.
According to Ankur Laroia, Leader Solutions Strategy at Alfresco, Artificial Intelligence (AI) could provide an extra level of support in the fight against data breaches. AI could not only help in the identification and alerting of breaches, but even assist in the prediction and post-event analysis of data breaches.
Artificial Intelligence can provide solutions that seek to replicate and automate some human behaviors and functions. Within an enterprise security context this could involve the automation of time-intensive processing work, decision making and, potentially, facial and speech recognition. AI could also have a significant in data processing.
Read about the potential deployments and benefits of AI in enterprise IT security according to Ankur Laroia, on Information Security Buzz.
IDG polled 200 network and cybersecurity professionals across the U.S. & Canada, and found almost inevitable consequences for organizations where network and cybersecurity teams have conflicting objectives, are managed in a siloed way, and have unequal or incomplete network visibility.
86% of respondents admitted to experiencing at least one of the following due to a lack of close collaboration: increase in security breaches and/or data loss; slow response to security events; finger pointing/blame game; loss of productivity; service downtime; inability to determine root cause of security events; cost increases.
The health of cybersecurity programs have grown stronger in the past year, according to a new DomainToolssurvey. In the Cybersecurity Report Card, more than 500 cybersecurity professionals were asked to grade the overall health of their programs, revealing a huge shift from the previous year’s results.
While cybersecurity incidents have increased in 2018, so have the measures companies are taking to thwart attacks. Some 21% of respondents graded their security programs an ‘A,’ 42% rated their efforts a ‘B,’ and the number of ‘C’ and below grades have declined, according to the press release.
Read more about the findings of the DomainTools survey on TechRepublic.
There is an important security lesson that nutrition can teach us. In the same way that food is fuel to our bodies, data (for example, various type of information and intelligence) is the fuel upon which our security programs run. A healthy data diet is the secret to a healthy security program.
While many security programs focus on what to do with the data they receive, far fewer spend enough time on the quality of the data they receive. As the saying goes, “garbage in, garbage out.” If the data feeding day-to-day security operations in your organization is of poor quality, it will bring down the entire security organization.
Read how security organizations can improve their data diets by putting 10 action items on their security menu, on DarkReading.
The distributed ledger of blockchain has found application in many fields, from cryptocurrency to supply chain. Much of the excitement about blockchain is due to its reputation as an inherently secure technology. But can that inherent security be applied to the field of security itself?
In a growing number of cases, the answer is “yes.” Security professionals are finding that the qualities blockchain brings to a solution are effective in securing data, networks, identities, critical infrastructure, and more. As with other emerging technologies, the biggest question is not whether blockchain can be used in security, but in which applications it is best used today.
Read about 7 ways blockchain is being used or considered as a security tool to see why your organization should consider adopting it, on DarkReading.