better

now browsing by tag

 
 

Scammers Preying On COVID-19 Fears Becoming More Sophisticated, Better Business Bureau Warns – CBS Chicago | #coronavirus | #scams | #covid19

CHICAGO (CBS) — Scammers preying on the public’s fears about COVID-19 are becoming more sophisticated, the Better Business Bureau warns in a new study. In the study,  (BBB) found scammers […] View full post on National Cyber Security

How COVID-19 is blocking the vision to help kids become better readers | #covid19 | #kids | #childern | #parenting | #parenting | #kids

If you happen to have the resources to pay for eye exams for your children, count your lucky stars. A lot of parents don’t. “It’s a big problem,” said Ken […] View full post on National Cyber Security

90% of CISOs Would Cut Pay for Better Work-Life Balance

Source: National Cyber Security – Produced By Gregory Evans

Businesses receive $30,000 of ‘free’ CISO time as security leaders report job-related stress taking a toll on their health and relationships.

CISOs are willing to sacrifice an average of $9,642, or 7.76% of their salaries, for better work-life balance – an elusive goal among those whose employers demand more of their time and effort.

In a study conducted by Vanson Bourne and commissioned by Nominet, researchers interviewed 400 CISOs and 400 C-suite executives to learn more about the toll of continued stress on the mental health and personal lives of security leaders, who have increasingly reported poor work-life balance and little board-level support. They discovered most (88%) CISOs they surveyed are moderately or tremendously stressed, slightly down from 91% in 2019.

Nearly half (48%) of CISOs say work stress has had a detrimental effect on their mental health, nearly double the 27% who said the same last year. Thirty-one percent report the stress has affected their physical health, 40% say it has affected relationships with partners and children, and almost one-third say it has affected their ability to do their jobs. Ninety percent of CISOs would take a pay cut if it meant they could have a more even work-life balance.

There is no single source to CISOs’ stress, but excessive hours are a major factor. Almost all CISO respondents (95%) work more hours than contracted, with an average of 10 extra hours per week. Eighty-seven percent say their employers expect them to work additional hours. Only 2% of CISOs say they can “switch off” when they leave the office, and 83% report they spend at least half of their evenings and weekends thinking about their jobs.

“At my level, at even more junior levels, there’s an expectation that we’re always on,” says Nominet vice president of cybersecurity Stuart Reed. “There is this notion of never really switching off for any long period of time.” All of these extra hours add up: Ten extra hours of work each week amounts to $30,319 in extra time CISOs give their organizations each year.

Security leaders are expected to wear many hats during those hours. “CISOs are very much expected to be experts not just from a technical perspective, but being able to translate those technical concepts into the business risk or business strategy concepts,” Reed says. “The very blended nature of their role means they are potentially taking on the responsibility of more than one person’s job.”

It’s impossible to decouple CISOs’ stress from the evolving threat landscape. Mainstream news coverage of major cyberattacks puts an ever-growing spotlight on the CISO, explains Gary Foote, CIO of the Haas Formula One racing team, who also handles security for his employer. As soon as an organization gets media attention for a data breach, it escalates to the board level.

“That gets their attention, and they’re going down to the CISO and saying, ‘You have to make sure this doesn’t happen to us,”https://www.darkreading.com/” Foote says. “A good amount of C-suite executives will see an attack as inevitable, but there will always be a significant portion that don’t.” Nominet’s study found 24% of CISOs report their boards don’t view security breaches as inevitable.

Bonding with the Board
Researchers discovered a telling gap between CISOs and the C-suite when it comes to CISO responsibilities and expectations. The board does take cybersecurity seriously – 47% say it’s a “great” concern – and 74% say their security teams are moderately or tremendously stressed.

The C-suite may recognize the importance of cybersecurity and appreciate CISOs’ stress, but it doesn’t translate into greater CISO support. Just about all (97%) of the C-suite say the security team could improve on delivering value for the amount of budget they receive. This indicates that despite their additional hours worked, the C-suite thinks they should still be doing more.

Demonstrating return on investment has long been a challenge for security teams. A low investment in cybersecurity could result in zero incidents; a high investment may still result in a breach. It’s difficult to prove return on investment when the measure of success is a breach that doesn’t happen. The challenge, says Foote, is trying to relay this to a corporate board.

Both CISOs (37%) and the C-suite (31%) say the CISO is ultimately responsible for responding to a data breach. Nearly 30% of CISOs say the executive team would fire the responsible party in the event of a breach; 31% of C-suite respondents confirmed this. Twenty percent of CISOs say they would be fired whether or not they were responsible for the incident.

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial … View Full Bio

More Insights

Click here for the Source link

The post 90% of CISOs Would Cut Pay for Better Work-Life Balance appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Better Onboarding & Offboarding for Organizations with G Suite

Source: National Cyber Security – Produced By Gregory Evans By Zach DeMeyer Posted January 25, 2020 Onboarding and offboarding are critical responsibilities for both HR and IT departments. Thankfully, from an IT perspective, both processes can be fairly straightforward with the proper tools. For example, organizations with G Suite can leverage a cloud directory service […] View full post on AmIHackerProof.com

#cybersecurity | hacker | Ring camera hacks show the need for better IoT security

Source: National Cyber Security – Produced By Gregory Evans

Ring camera doorbells gained fame for catching porch pirates steal packages but after several high-profile cases where hackers gained control of them they are being held up by the cybersecurity industry as a prime example why companies and homeowners need to take IoT security seriously.

The Ring
cases revolve around malicious actors hijacking these devices and using them to
communicate with people inside the home. In an incident in Mississippi a
malicious actor used an internal Ring camera to talk to a young girl using racial
slurs and back in October another hacker gained control of a Nest camera and
threatened to kidnap a baby.

It is believed in each case the malicious actors took advantage of the device’s poor security to gain access. In the case of the Ring camera, which his owned by Amazon, the company recommended to those buying or who already have a Ring to not reuse old passwords and to implement MFA to make it more difficult to hack.

Keeping home
devices up to date with secure logins and having the latest security patches is
now a must for anyone who has installed this or any type of IoT said Avast Vice
President Leena Elias.

“Ordinary
people now need to be able to assess the security of new tech devices that
could be used against them,” We need to use a wide variety of security measures
to ensure that devices connected to our home networks are secure,” she said,
adding to not forget about the home’s router which is frequently shipped with a
standard admin login that needs to be changed.

One of the reasons consumers don’t update is that they are simply unaware of the need and the benefits of doing so. Another factor is difficulty. Gaining access to the admin functions is not always a simple matter for the average person.

“Recent
studies in the financial industry have found consumers are willing to embrace
more engagement around fraud prevention if it means their information is
secured (think: multi-factor authentication.) However, if consumers aren’t
aware of the benefits associated with taking more control, they leave
themselves vulnerable to malicious attacks. Sherif Samy, senior vice president,
North America for Entersekt.

Original Source link

The post #cybersecurity | hacker | Ring camera hacks show the need for better IoT security appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | ATO gets $151m for better storage, security – Strategy – Software

Source: National Cyber Security – Produced By Gregory Evans

The federal government has handed the Australian Taxation Office almost $151 million to improve data storage and security system resilience.

The new funding, revealed in the 2019-20 mid-year economic and fiscal outlook (MYEFO) today, comes after the agency secured $70 million to move out of its data centre in the April budget.

The funding will be provided over three years from 2019-20, though just how much will be spent on each has not been laid out.

The Department of Finance will use $0.5 million of the total funding to perform assurance reviews on the project.

MYEFO documents also reveal a further $31.2 million for the Department of Home Affairs to improve the country’s visa and citizenship processing ICT system over the next three years.

The funding will be used enhance the systems “online service delivery and data management capabilities”, ahead of the department’s decision on an external provider for the new billion-dollar visa processing platform.

Last month, the department revealed that at least $80 million had been spent on the design and procurement of the platform, which is slightly more than it was provided in the 2018 MYEFO for the work.

“The measure will improve the Department of Home Affairs’ ability to verify the identity of individuals arriving in Australia,” MYEFO documents states.

“The measure will also allow continued engagement with the market for a strategic technology solution to ensure Australia’s visa systems remain competitive, relevant and safeguard national security.”

The government has also made good on its election pledge to invest in cyber security, with MYEFO documents revealing that $152.7 million to be spent on a range of projects over the next four years.

It follows an undisclosed amount of funding in the April budget to address cyber security concerns against some of the country’s most critical systems.

The government’s cyber security resilience and workforce package will be used to create “additional specialist cyber security positions … to monitor and respond to cyber security threats”.

The positions will be created in the Australian Signals Directorate and the Department of Defence.

The funding will also be used to offer cyber security scholarships and training opportunities, as well as provide assistance to small businesses, older Australians and families on how to conduct online activities securely.

It will also be used to secure voter information, though no detail was provided on how this would be done.

Other funded measures include:

  • $12 million in 2019-20 for the Civil Aviation Safety Authority to regulate commercial drone technologies in Australia.
  • $3 million over two years for the Department of Employment, Skills, Small and Family Business to “undertake additional design work, stakeholder engagement and use research to further inform the development of the VET Student Loans IT System”.
  • $2.1 million over two years to continue the Commonwealth’s contribution to the national coronial information system.
  • $1.8 million over two years for the Australian Road Safety Foundation to pilot a digital road safety passport that informs Year 9 school students about road safety.

Source link

The post #nationalcybersecuritymonth | ATO gets $151m for better storage, security – Strategy – Software appeared first on National Cyber Security.

View full post on National Cyber Security

#school | #ransomware | Ransomware Attacks on U.S. Have Reached “Crisis” Proportions, Governments “Must Do Better”

Source: National Cyber Security – Produced By Gregory Evans

An unprecedented number of ransomware attacks deployed against government, healthcare and school targets in the U.S., and new attacks that not only lock up but also steal sensitive data, have prompted cybersecurity firm Emsisoft to declare a “crisis.”

An recent attack in Pensacola that “may have resulted in a municipal government’s data falling into the hands of cybercrimals” has also prompted Emsisoft to issue its 2019 “State of Ransomware in the US” report early and hopefully induce an immediate response by governments:

“We believe this development elevates the ransomware threat to crisis level and that governments must act immediately to improve their security and mitigate risks. If they do not, it is likely that similar incidents will also result in the extremely sensitive information which governments hold being stolen and leaked.”

The report describes an, “unprecedented and unrelenting barrage of ransomware attacks that impacted at least 948 government agencies, educational establishments and healthcare providers at a potential cost in excess of $7.5 billion.”

Affected organizations include:

  • 103 federal, state and municipal governments and agencies.
  • 759 healthcare providers.
  • 86 universities, colleges and school districts, with operations at up to 1,224 individual schools potentially affected.

In a ransomware attack, hackers typically deploy malicious software via infected links embedded in “phishing” emails.

Sometimes these emails are spammed out randomly. In other cases, an employee working at a targeted organization is carefully profiled and sent a customized email designed to trick that individual into clicking an infected link.

In the case of one cryptocurrency exchange, hackers determined that someone working there was an extreme fan of a particular type of dog.

The hackers created fake digital materials claiming that a dog show featuring this breed would shortly be held in the employee’s region. The employee opened the email, clicked on a link it contained, and infected the entire exchange’s computer systems. The exchange was later robbed of cryptocurrencies.

In most cases, an organization’s systems are rendered unusable by ransomware and a ransom of cryptocurrencies is demanded in exchange for restoring systems or data.

In May, twenty-one civic agencies in Baltimore were disabled by a ransomware attack.

When Boston legal aid offices were disabled by Russian “Ryuk” ransomware earlier this year, trials had to be postponed, including a trial involving a child victim.

According to Emsisoft, the attacks it has lately witnessed, “put people’s health, safety and lives at risk”:

  • Emergency patients had to be redirected to other hospitals.
  • Medical records were inaccessible and, in some cases, permanently lost.
  • Surgical procedures were canceled, tests were postponed and admissions halted.
  • 911 services were interrupted.
  • Dispatch centres had to rely on printed maps and paper logs to keep track of emergency responders in the field.
  • Police were locked out of background check systems and unable to access details about criminal histories or active warrants.
  • Surveillance systems went offline.
  • Badge scanners and building access systems ceased to work.
  • Jail doors could not be remotely opened.
  • Schools could not access data about students’ medications or allergies.

Emsisoft further claims that the escalated success of ransomeware attacks in 2019 resulted from “a perfect storm…(involving) existing security weaknesses and the development of increasingly sophisticated attack mechanisms specifically designed to exploit those weaknesses.”

Fabian Wosar, CTO of Emsisoft, has issued a sober warning:

“The fact that there were no confirmed ransomware-related deaths in 2019 is simply due to good luck, and that luck may not continue into 2020. Governments and the health and education sectors must do better.”

Source link

The post #school | #ransomware | Ransomware Attacks on U.S. Have Reached “Crisis” Proportions, Governments “Must Do Better” appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | Facebook ‘Secret Sister Gift Exchange’ Is Illegal Scam, Better Business Bureau Warns

Source: National Cyber Security – Produced By Gregory Evans

A Facebook post that resurfaces around the holiday season has been declared as an illegal scam, according to the Better Business Bureau.

The post discusses the “Secret Sister Gift Exchange,” where participants are instructed to send one gift in order to receive up to 36 gifts in return. However, it’s easy to see that the math just doesn’t add up.

“These gift exchanges, while they look like innocent fun, are really pyramid schemes – and are considered illegal,” the BBB warns.

The gift exchange first became popular in 2015. Users were encouraged to invite others to participate in the exchange and were told that they would receive information on where to send the gifts.

Eventually, participants will be instructed to send an email or social media invitation to send a modest gift to a stranger along with their friends, family and contacts.

“The cycle continues and you’re left with buying and shipping gifts for unknown individuals, in hopes that the favor is reciprocated by receiving the promised number of gifts in return. Unfortunately, it doesn’t happen,” says the BBB.

In reality, the scam relies on recruitments to remain afloat. When people stop participating, the supply of gifts dwindles, letting down countless people who were expecting gifts.

But it doesn’t end there: the information you provide during the exchange can easily end up in the hands of cyber thieves.

“When signing up, the alleged campaign organizer is asking for personal information such as a mailing address or an email,” says the BBB. “With just a few pieces of information, cyber thieves could expose you to future scams or commit identity theft.”

The BBB recommends keeping the following tips in mind should you receive an invitation to participate in an online gift exchange with people you don’t know:

  • Ignore it. Pyramid schemes are illegal in the United States and Canada.
  • Report social media posts inviting users to participate in the gift exchange.
  • Avoid giving out personal identifying information to strangers.
  • Be aware of false claims. Even invitations that claim to be legal and endorsed by the government are false, as the government will never endorse illegal activity.

Click here to sign up for Daily Voice’s free daily emails and news alerts.

Source link

The post #cyberfraud | #cybercriminals | Facebook ‘Secret Sister Gift Exchange’ Is Illegal Scam, Better Business Bureau Warns appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | hacker | Application isolation and virtualization provide a false sense of cybersecurity – It’s time for a better solution

Source: National Cyber Security – Produced By Gregory Evans A recently discovered critical vulnerability presents yet another case study for the shortcomings of the isolation/virtual machine model for cybersecurity. The vulnerability, CVE-2019-14378, has a severity of 8.8, and was first published in the National Vulnerability Database on July 29th, 2019. The vulnerability affects QEMU, the […] View full post on AmIHackerProof.com

Cybersecurity #Awareness Doesn’t #Fuel Better #Preparation

New research from SolarWinds MSP has revealed that whilst awareness surrounding cyber-attacks is increasing it is not equating to better preparedness, with confusion about the risks posed and a lack of means to defend against them evident.

The 2017 Cyberattack Storm Aftermath study, commissioned with the Ponemon Institute, surveyed 200 senior-level execs in the US and US about emerging threats, specifically those propagated by the Vault 7 leaks and the WannaCry/NotPetya attacks fueled by the EternalBlue Shadow Brokers leak.

The results found that whilst the majority (69%) of respondents had a high awareness of both WannaCry and NotPetya threats, only 28% (WannaCry) and 29% (NotPetya) felt they would be able to prevent those attacks. What’s more, 44% of the respondents who were aware of the WannaCry patch failed to implement it, with that figure 55% for the NotPetya patch.

Speaking to Infosecurity Tim Brown, VP of security, said that the key to prevention is applying the appropriate patches, but too many businesses are failing to make that connection.

“That shows a lack of knowledge on what the action plan associated with a vulnerability should be,” he added. “People often don’t think of basic security hygiene as one of the most important things they need to do, but it really is – although it’s really not easy. Doing the basics well is not ‘sexy’ or ‘cool’, it’s a lot of hard work that needs to get done, but no technology is going to really save you from that hard work.”

Another significant finding from the report was that more than half of execs felt they did not have sufficient budget to prevent, detect and contain significant cybersecurity threats.

“Budget is always an issue, and basically your security budget always first goes towards meeting your regulatory requirements. How you move the needle towards more security is always a challenge. You have to be able to explain in more business terms the ‘what if’ scenarios.

To conclude Larry Ponemon, founder of the Ponemon Institute, said the lack of knowledge among senior-level security execs highlighted in the report is worrying.

“They know that attacks are on the increase, but many don’t know what they are and seem unable to effectively prevent them,” he added. “Better use needs to be made of the resources available, such as US CERT alerts, and the service providers that most businesses are using to outsource protection. Those providers also need to step up and provide education on where most attacks are coming from and how they can be prevented.”

advertisement:

The post Cybersecurity #Awareness Doesn’t #Fuel Better #Preparation appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures