business

now browsing by tag

 
 

Coronavirus Raises New Business Continuity, …

Source: National Cyber Security – Produced By Gregory Evans

What happens when understaffed security teams at home and abroad are sequestered in physical quarantine zones?

(image by Romolo Tavani, via Adobe Stock)

(image by Romolo Tavani, via Adobe Stock)

Cyberattackers are barraging businesses with phishing lures touting fake info about the Coronavirus. And although the lures may be fake, the security and business continuity threats that some IT departments are preparing for are quite real. One big question: If workers are sequestered in physical quarantine zones, will IT and SecOps be able to continue? 

Initially, businesses may dismiss this risk until the virus reaches their regions. However, the risk is more prevalent as the IT supply chain becomes more global and organizations rely on overseas IT services — from help desks to 24/7 SOC-as-a-service. The concern is not just that workers themselves may get infected by the virus; the concern is that employees, contractors, and service providers’ workers who are not infected could nevertheless be quarantined for being in physical proximity to the infected individual. 

“If you’ve got 200 workers working in one place and one of them presents themselves with the illness, it’s pretty likely the government is going to quarantine everybody,” says Edward Minyard, senior consultant at IP Architects, who was an Accenture consultant working with Mexico City on pandemic prevention during the H1N1 virus spread in 2019. “And the current [quarantine] protocol is for 14 days. So that can have a material impact on folks’ planning.

“If you’ve got a large outsourced facility, for example, for your security management, or any facilty with a large number of people in it, you probably don’t want to bring 100 people together and put them in a small room unless you yourself have some evidence that they have not been affected. … And the second part of the challenge is they may not be able to get there. Or even want to go there.”

Minyard says his American clients are beginning to consider the secondary impact they may feel if the virus further expands in, for example, India, a source of so many IT services. (Although India shares its norther border with China, it has thus far experienced only three confirmed cases of the virus, according to the World Health Organization, all of which are in Kerala, a western coastal state that does not border China.)

Nevertheless, Indian businesses have reported disruptions because of the stoppages in shipments from China, where over 45,000 confirmed infections and over 1,000 deaths have been reported, and many millions are in quarantine. All the way over in Barcelona, Mobile World Congress — the world’s biggest trade show for the mobile phone industry — was canceled just one week before it was set to start. 

Ths same challenges also apply to telecoms, electric companies, “and all the others that maintain the networks that are supposed to be supporting the rest of us,” Minyard says.

“From the perspective of business continuity and continuity of operations, this is a real thing,” he says. “This is not speculation. This is going on, and we don’t know how bad it’s going to be. Should you have all your eggs in one basket … I’d be thinking of a different plan.” 

IT security departments, already short-staffed, could be stressed even further than most other teams. And that’s something about the coronavirus that cyberattackers will surely capitalize on — just as they have already.  

Phishing Extravaganza 
Cybersecurity companies have been spilling over with detections and reports of phishing messages that use coronavirus-related lures. The messages include malicious links and attachments and download a variety of malware, from Emotet to wipers to remote access Trojans (RATs).  

The World Health Organization issued a warning about such scams.

Trustwave reported an Office 365 credential-stealing attack, which used a lure appearing to be from the Centers for Disease Control and Prevention (complete with CDC logo and legitimate display address) and the subject header “New case confirmed in your city.”  

Proofpoint discovered a credential-stealer that capitalized on panic with a lure claiming that a secret cure existed and that the government was using the disease as a government bioweapon.

Proofpoint, as well as Cisco Talos, reported messages purporting to provide tips for virus protection; these appeared to be sent not only by official government organizations, but by businesses’ upper management. These messages were used to steal credentials, drop malware like Emotet and — in lures specifically targeting the manufacturing and shipping industries — the Nanocore RAT. 

Related Content:

 

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad … View Full Bio

More Insights

Click here for the Source link

The post Coronavirus Raises New Business Continuity, … appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Google’s New Messaging App To Unify Gmail, Drive, And Hangouts…And Other Small Business Tech News

Source: National Cyber Security – Produced By Gregory Evans KRAKOW, POLAND – 2019/01/23: In this photo illustration, the Google Hangouts logo is seen displayed … [+] on an Android mobile phone. (Photo Illustration by Omar Marques/SOPA Images/LightRocket via Getty Images) LightRocket via Getty Images Here are five things in technology that happened this past week […] View full post on AmIHackerProof.com

#nationalcybersecuritymonth | Why Cyber risk is the number one business risk in 2020

Source: National Cyber Security – Produced By Gregory Evans

In January the Information Commissioner’s Office (ICO) fined DSG Retail Limited (DSG) £500,000 after a ‘point of sale’ computer system was compromised as a result of a cyber-attack, affecting at least 14 million people.

An ICO investigation found that an attacker installed malware on 5,390 tills at DSG’s Currys PC World and Dixons Travel stores between July 2017 and April 2018, collecting personal data during the nine-month period before the attack was detected.

The company’s failure to secure the system allowed unauthorised access to 5.6 million payment card details used in transactions and the personal information of approximately 14 million people, including full names, postcodes, email addresses and failed credit checks from internal servers.

Because the data breach occurred before the General Data Protection Regulation (GDPR) came into effect, DSG were found to have breached the earlier Data Protection Act 1998.

The ICO cited poor security arrangements and a failure to take adequate steps to protect personal data. This included vulnerabilities such as inadequate software patching, absence of a local firewall, and lack of network segregation and routine security testing.

The ICO said that the contraventions in this case were so serious that they imposed the maximum penalty under the previous law, but the fine would inevitably have been much higher under the GDPR.

The ICO considered that the personal data involved would significantly affect individuals’ privacy, leaving affected customers vulnerable to financial theft and identity fraud. The ICO received 158 complaints between June 2018 and November 2018 from DSG’s customers. As of March 2019, the company reported that nearly 3,300 customers had contacted them directly in relation to this data breach.

The ICO stressed that while cyber-attacks are becoming more frequent, organisations still have responsibilities under the law to take serious security steps to protect systems, and most importantly, people’s personal data.

This incident will have cost DSG a great deal, both in direct costs to deal with the breach, and also in terms of its reputation.  DSG  may also face claims from its customers – especially given the ICO’s findings of poor security.

Given such incidents  it’s unsurprising that the threat of cyber attacks is keeping many business leaders up at night and sadly, if business leaders aren’t worried, then they aren’t paying attention. In fact, the latest Allianz Risk Barometer 2020 from insurers Allianz – which identifies the top corporate risks for 2020 – highlights cyber risk as the number one business risk for 2020.  Seven years ago cyber risk was ranked just 15th.

A top priority for all businesses in 2020 must be to take all reasonable and practicable steps to make their businesses as cyber risk proof and as resilient as possible.  There’s plenty of guidance and support available – the National Cyber Security Centre (NCSC) promotes cyber essentials which should be a first port of call for any SME (https://www.cyberessentials.ncsc.gov.uk/about).

Businesses should also consider whether they should take out cyber insurance.  It should not be assumed cyber risks are covered in your existing insurance policies.

A number of cyber policies are now available and a specialist insurance broker should be able to assist you and help explain what’s available and what is and what is not covered.   Such policies can help protect against financial losses (including for business interruption, privacy breach costs, cyber extortion, hacker damage, and media liability) but many also offer assistance at the time of an incident e.g. by providing cyber forensic support.

Such policies do pay out – last year the Association of British Insurers revealed that 99% of claims made (207) on ABI-member cyber insurance policies in 2018 were paid – this is one of the highest claims acceptance rates across all insurance products.

As the NCSC advise:

“Organisations that are considering cyber insurance should understand that it will not protect you from an attack, but it may provide you with additional resources during and after an incident. So cyber insurance can be considered as an additional risk management tool, but do take time to:

  • understand the scope and scale of the cover provided
  • ensure that you are able to meet any operational requirements placed on you by the insurer”

As always when buying insurance you need to read the fine print of the cover. Crucially you must also ensure you meet any security or other IT requirements placed on you by the insurer.  If you have pre-existing IT issues you knew or ought to have known about and these lead to a breach of security you are unlikely to be covered.

Insurance is not a panacea, of course. You need to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks your organisation faces.  This is required by the General Data Protection Regulation (GDPR) in any event where you process personal data.

Ensuring your business is protected against cyber security risks should be a recurring New Year’s resolution, no matter what type of business you run.


Simon Stokes

Simon Stokes is a Partner with law firm Blake Morgan . He leads the firm’s technology practice in London and specialises in information technology law.

Source link

The post #nationalcybersecuritymonth | Why Cyber risk is the number one business risk in 2020 appeared first on National Cyber Security.

View full post on National Cyber Security

#school | #ransomware | Cyberattack on Morial Convention Center has little immediate effect on events there, but problems may grow | Business News

Source: National Cyber Security – Produced By Gregory Evans The Ernest N. Morial Convention Center, one of the cornerstones of New Orleans’ multibillion-dollar tourism economy, is the latest victim in a string of cyberattacks against city and state computer systems that have had serious consequences for government officials and the public. New Orleanians were left […] View full post on AmIHackerProof.com

Cyber Threats Worry Small Business Executives

Source: National Cyber Security – Produced By Gregory Evans

Cyber threats are concerns for many small and medium-sized business executives entering 2020, AppRiver’s “Q4 Cyberthreat Index for Business Survey” revealed.

Cyber threats represent top concerns for many small and medium-sized business (SMB) executives entering 2020, according to the “Q4 Cyberthreat Index for Business Survey” from cybersecurity solutions provider AppRiver.

Key findings from AppRiver’s survey included:

  • 79 percent of SMB executives and IT decision-makers named potential cyber threats as “a top-of-mind concern.”
  • 72 percent noted a successful cyberattack likely would be harmful to their business.
  • 66 percent said they believe cyberattacks “are prevalent on a business such as their own.”
  • 45 percent said they believe their business is vulnerable to imminent cyberattacks.

Furthermore, AppRiver’s survey indicated that 62 percent of SMBs plan to increase their cybersecurity budgets in 2020. The survey also showed that most SMBs have cybersecurity strategies and areas in which they plan to invest next year.

Technology Improvement, Training Are Top Cybersecurity Priorities for SMBs in 2020

Technology improvement (58 percent) ranked first among the top areas in which SMBs plan to invest for cybersecurity improvement in 2020, AppRiver’s survey revealed. Meanwhile, training (57 percent) ranked second, followed by conducting regular reviews of security defenses (50 percent), adding in-house security talent (35 percent) and outsourcing security tasks or partnering with an MSP (30 percent).

Ultimately, SMBs — regardless of industry — are susceptible to cyberattacks. But with support from MSSPs, these businesses could bolster their security posture and combat cyberattacks both now and in the future.

Approximately 32 percent of SMB IT security operations are supported by MSSPs, according to the “2019 Global State of Cybersecurity in Small and Medium-Sized Businesses” study of roughly 2,200 SMBs conducted by password management software provider Keeper. This study also showed that 70 percent of SMBs leverage MSSPs for firewall monitoring or management or intrusion prevention systems.


Return Home

Source

The post Cyber Threats Worry Small Business Executives appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | Business Bulletin: 10 New Year’s resolutions to help you avoid scams

Source: National Cyber Security – Produced By Gregory Evans

Q: What advice and resolutions may BBB offer to consumers in 2020?

A: As the New Year begins, it’s an important time to think about simple changes we can make to ensure that this New Year is better than the last. The Better Business Bureau offers 10 New Year’s resolutions to help you avoid scams, and prevent identity theft and be a smarter consumer in 2020.

Remember, being a savvy consumer is ultimately about staying one step ahead of scammers. The way to do that is to take your time and do your research before making a decision. The scammers are counting on you to be too busy to take these simple steps to protect yourself. By taking a few minutes to implement these tips, you can outsmart scammers and fraudsters.

 

BBB’s Top Ten New Year’s Resolutions for a Consumer-Savvy 2020:

1. Implement a credit freeze. A credit freeze is the best way to protect yourself from financial identity theft because it restricts access to your credit file, making it impossible for identity thieves to apply for a new line of credit in your name. Best of all, it’s now free to freeze and thaw your credit when required.

2. Use technology to block robocalls and other telemarketing calls. Nomorobo, a call blocking feature, can disconnect known telemarketers or scammers from your VoIP landline after one ring. It’s free for landlines; a nominal fee for cell phones. Go to www.nomorobo.com to begin. Also, make sure you register your phones with www.donotcall.gov.

3. Review your permissions and privacy settings on social media. If you’ve signed into an app or website using your social media credentials or taken a fun quiz on social media, you may have unwittingly given permission to third-party apps to access your personal information and contacts. On Facebook, go to “settings” and “apps and websites” to review.

4. Warn others and stop fraudsters by reporting scams to the BBB Scamtracker webpage. www.BBB.org/Scamtracker is a crowd-sourced website where you can report if you’ve been contacted by a scammer. Since reports are plotted on a map, you can also use Scamtracker to find out what’s happening in your area. Please report new scam activity that is not posted. In turn, Scamtracker reports help BBB educate the public with more in-depth reports. You may view these studies at www.bbb.org/scamstudies.

5. Check out businesses and charities first. Conduct research before you buy or donate to make sure you’re working with a reputable company or charity. Check out companies at bbb.org and a full report on charities at give.org. BBB accredited businesses and charities have been evaluated by BBB, and meet and promise to maintain standards.

6. Use secure payment methods. A scammer’s favorite way to steal your money is by asking you to pay with either a gift card or a money wire transfer, such as Money Gram or Western Union. Why? Because these payment methods are irreversible. Credit card payments are more secure and recommended. If fraud is suspected, the charge can be disputed. If you receive a request from someone claiming to be from the IRS, Social Security or a debt collector, it is a scam. If anyone request that you pay with a gift card or a money wire transfer; it is a red flag of caution.

7. Use a unique and complex password for every online account. Consider a pass phrase, which is simply a long password made up of from a collection of multiple words, making them both easier to type and remember. Poor, easy-to-guess passwords are one of the most common ways cyber attackers can hack into your online accounts. If it’s too difficult to remember multiple passwords, consider a password manager. Then, you’ll only have to remember one unique and complex password instead of many.

8. Enable multi-factor authentication whenever it is available. Multi-factor authentication is when you are granted access to an online account only after you have successfully provided two or more pieces of evidence, such as your password and a unique code generated by your smartphone, emailed or texted to you. With multi-factor authentication, if hackers do steal your user name and password, they still can’t access your account.

9. Monitor your existing financial accounts. Gone are the days when you waited for your credit card statement to come in the mail for you to review. Sign up for online access so you can review your financial accounts periodically. Also, take advantage of free text message alerts to notify you of activity, remind you when payments are due, etc.

10. File your taxes early. One common fraud during tax season is identity theft. Scammers use stolen identity to file taxes and redirect refunds. Protect yourself and file early when possible. Visit bbb.org to find accredited tax preparers in your area.

Jim Winsett of the BBB.

Jim Winsett is president of the Better Business Bureau in Chattanooga

Source link

The post #cyberfraud | #cybercriminals | Business Bulletin: 10 New Year’s resolutions to help you avoid scams appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | Bank of England audio leak followed loss of key cybersecurity staff | Business

Source: National Cyber Security – Produced By Gregory Evans The Bank of England restructured its security department and lost multiple senior employees in charge of protecting some of Britain’s most critical financial infrastructure shortly before it suffered a major breach, the Observer can reveal. After the central bank admitted that hedge funds had gained early […] View full post on AmIHackerProof.com

#deepweb | Tech Q&A: TOR browser is secretive, slow and can be risky – Business – The Ledger

Source: National Cyber Security – Produced By Gregory Evans

Q. I read your column on private Web browsing (see tinyurl.com/vd6fwz3). What do you think about using the TOR browser for privacy?

Dave Woehning, Cottonwood, Ariz.

A. The free TOR browser allows you to be more anonymous on the internet than you would be with browsers such as Mozilla Firefox or Google Chrome. But TOR (which stands for The Onion Router) also runs slower than other browsers, and enables some potentially risky activity. Here are some details:

Anonymity: TOR (see tinyurl.com/3k65xdw) conceals your identity better than other browsers by hiding your IP address and routing your browsing through three network relay points called “nodes.” This can cause problems. A website that can’t see your IP address doesn’t know where you are. It may block you or display the wrong language. And TOR isn’t foolproof. There are ways it can be hacked to get your info.

Speed: TOR is inherently slower than other browsers because your requests pass through those three nodes. Those steps raise the time between when you request a website and when it appears on your screen.

Security: The TOR browser allows you to access both the “Surface Web” (the internet most people know) and the “Deep Web,” (the rest of the internet where information is not organized into websites and can’t easily be found.) The Deep Web provides legitimate ways to safeguard private data. But a portion of the Deep Web, called the Dark Web, conceals illegal activities, such as selling drugs, guns, child pornography and stolen credit card numbers. Even computer-security experts are wary of the Deep Web; the average computer user should avoid it.

Q. I bought a Windows 7 Gateway PC in 2014. It’s not on Gateway’s list of PCs that can be upgraded to Windows 10, so can I upgrade to Windows 8.1 instead (assuming I can find a copy)?

Steve Haller, Minneapolis

A. Windows 8 debuted two years before you bought your Windows 7 PC, so you can upgrade to Windows 8.1 (the version now available.) A Google search for “buy Windows 8.1” lists about a dozen offers to sell it. And Windows 8.1 will receive security updates until Jan. 10, 2023.

However, if you like Windows 7, which was designed to be used with a mouse, you may not like Windows 8.1, which was designed to be used with a touch screen, although it can also be used with a mouse. (For a comparison of the two operating systems, see tinyurl.com/ufevaa8).

Q. Is it possible to upgrade my HP Pavilion PC from Windows Vista to Windows 10?

John Mulhern, Coon Rapids, Minn.

A. Any PC running Windows Vista is at least 10 years old and is unlikely to be compatible with the latest version of Windows 10. Even if it is compatible with Windows 10, it may not work with future updates, so I recommend that you buy a new PC. But, if you are willing to pay for a Windows 10 upgrade that may fail, here are directions (see tinyurl.com/ycjsmwn3). In any event, you shouldn’t continue to use Windows Vista, which hasn’t received security updates since April 2017.

Steve Alexander covers technology for the Minneapolis Star Tribune. Readers may write to him at Tech Q&A, 425 Portland Ave. S., Minneapolis, Minn. 55488-0002; email: steve.j.alexander@gmail.com. Please include a full name, city and phone number.

Source link
——————————————————————————————————

The post #deepweb | <p> Tech Q&A: TOR browser is secretive, slow and can be risky – Business – The Ledger <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#school | #ransomware | Latest Louisiana news, sports, business and entertainment at 1:20 a.m. CST

Source: National Cyber Security – Produced By Gregory Evans

METAIRIE, La. (AP) — Authorities in Louisiana say a woman has been arrested for pretending to be an attorney and stealing $2 million from a client with special needs. Kristina Galjour was arrested Thursday and charged with bank fraud, computer fraud, theft valued over $25,000, exploitation of the infirm and illegally practicing law without a license. The 57-year-old victim has a developmental disability and inherited a trust fund after his parents died. Jefferson Parish Sheriff’s Capt. Jason Rivarde says Galijour coerced the man into thinking she was an attorney and over a three-year period she emptied his $2 million trust fund. The investigation is ongoing. It’s unclear whether Galijour has an attorney.

Source link

The post #school | #ransomware | Latest Louisiana news, sports, business and entertainment at 1:20 a.m. CST appeared first on National Cyber Security.

View full post on National Cyber Security

#hacking | Offering software for snooping to governments is a booming business

Source: National Cyber Security – Produced By Gregory Evans ON OCTOBER 2ND 2018 Jamal Khashoggi, a Saudi journalist and critic of the kingdom’s government, visited its consulate in Istanbul in order to secure documents needed for his upcoming marriage. He did not come out alive. After initially denying responsibility, the Saudi government admitted that Mr […] View full post on AmIHackerProof.com