now browsing by tag


UK #businesses face #growing #threat from #cyber-attacks

Criminal cyber-attacks on UK businesses increased last year, according to the annual report of the National Cyber Security Centre.

Firms face a growing threat from ransomware, data breaches and weaknesses in the supply chain, according to the report, published on Tuesday. Emerging threats include theft from cloud storage, which the NCSC argues too many businesses put their faith in.

“Criminals are launching more online attacks on UK businesses than ever before,” a summary accompanying the report said.

The NCSC, in effect the shop window for the government surveillance agency GCHQ, was set up in late 2016 amid alarm over potential attacks on UK institutions, infrastructure and businesses.

The report, Cyber Threat to UK Business Industry 2017-2018, is published to coincide with the opening of a organised by the NCSC, which is expected to attracted 1,800 cybersecurity experts from law enforcement, government and the private sector.

Ciaran Martin, head of the NCSC, said: “The last year has seen no deceleration in the tempo and volume of cyber incidents, as attackers devise new ways to harm businesses and citizens around the globe.

“The NCSC’s aim is to make the UK an unattractive target to cyber criminals and certain nation states by increasing their risk and reducing their return on investment.”

The report was written in collaboration with the National Crime Agency. Donald Toon, director of economic and cybercrime at the NCA, said: “UK business faces a cyber threat which is growing in scale and complexity. Organisations which don’t take cybersecurity extremely seriously in the next year are risking serious financial and reputational consequences.”

Under-reporting of cybercrime by businesses means crucial evidence and intelligence about threats and offenders can be lost. Toon called for full and early reporting of cybercrime.

by the NCSC show 34 significant cyber-attacks took place between October 2016, when the agency was launched, and the end of 2017. A further 762 attacks were less serious. “2018 will bring more of these attacks,” the report said.

It does not break down the figures to distinguish which attacks were purely criminal and which were state-sponsored. The report said that the distinction can be blurred, making attribution difficult.

Among the surveys cited was one by , which recorded a 91% increase in ransom attempts between the first and third quarters of last year.

Vulnerabilities highlighted in the NCSC report included the spread of the , which includes the interconnection of household appliances and other devices. “The internet of things and its associated threats will continue to grow and the race between hackers’ and defenders’ capabilities will increase in pace and intensity,” the report said.

“Many internet-connected devices sold to consumers lack basic cybersecurity provisions. With so many devices unsecured, vulnerabilities will continue to be exploited.”

The NCSC has also issued a warning over cloud security: “As more organisations decide to move data to the cloud (including confidential or sensitive information), it will become a tempting target for a range of cyber criminals.

“They will take advantage of the fact that many businesses put too much faith in the cloud providers and don’t stipulate how and where their data is stored. This could lead to high profile breaches involving UK citizen information.”

The report warns that no matter how good a company’s cybersecurity, it is at risk if this is not matched by the management of service providers and software, which can offer a potential stepping stone into the networks of thousands of clients.

“It is clear that even if an organisation has excellent cybersecurity, there can be no guarantee that the same standards are applied by contractors and third-party suppliers in the supply chain,” the report said. “Attackers will target the most vulnerable part of a supply chain to reach their intended victim.”


The post UK #businesses face #growing #threat from #cyber-attacks appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

CyberPolicy #Expands #Cybersecurity #Offerings for #Small #Businesses

CyberPolicy, a wholly-owned subsidiary of CoverHound Inc. that offers an online cyber insurance and security product for small businesses, has unveiled a new set of complimentary offerings to help small businesses protect against cyber threats.

The new “Plan. Prevent. Insure.” offerings provide guided options from advisors, educational security resources, and a CyberCheckup to assess a company’s cyber risk level.

CyberPolicy is targeted towards small businesses with knowledge and tools to better secure their data, operations, and reputation.

CyberPolicy’s free expanded offerings for small businesses include:

A CyberCheckup, which assesses cybersecurity needs
Expert guidance on best practices, including a personalized cyber plan
External web scans from cyber risk monitoring partners
Small business-centric educational resources
Tools that manage and provide guidance on how to bridge security gaps
Exclusive deals and promotions on cybersecurity products
Access to cyber insurance experts to help minimize business exposure
Online insurance quotes and online insurance purchasing that can be done within minutes
CyberPolicy launched its comparative site for cyber insurance in 2016, allowing small businesses to quote, compare and buy cyber insurance online in minutes. Since then, CyberPolicy has expanded its cyber insurance offerings to cover 98 percent of small businesses types with up to $250 million revenue.


The post CyberPolicy #Expands #Cybersecurity #Offerings for #Small #Businesses appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Four #Proactive #Tips to Improve #Cybersecurity for Small #Businesses

Source: National Cyber Security News

Although the media headlines often highlight major data breaches of large corporations and government agencies, the majority of businesses being hacked are small businesses. Why is this the case? Most small businesses do not have layers of security in place to protect them so attackers consider them low-hanging fruit. According to Verizon’s 2017 Data Breach Investigations Report, 61 percent of data breaches in 2016 affected small businesses. As many of you are aware, the title industry is in the attackers’ direct line of fire. The good news is that effective IT security is not beyond reach. Here are a few cybersecurity tips that can benefit your business.

Network Security

Implementing a network firewall with intrusion detection and prevention capabilities (IDS/IPS) is crucial. A firewall protects your network from malicious traffic and an IDS/IPS system properly monitored can stop a attackers in their tracks. Unmanaged systems do not provide adequate security.

Attackers are working around the clock and so should your security. Performing regular network vulnerability testing, internally and externally, can identify risks and give you the opportunity to remediate before being hacked. Many of the common vulnerabilities that this process could identify include legacy or otherwise unsupported operating systems, poor patch management and exposed systems.

Read More….


View full post on National Cyber Security Ventures

Cyber Security #breakfasts to help #businesses deal with #security #threats

Source: National Cyber Security – Produced By Gregory Evans

Cyber security is to come under the spotlight as police demonstrate a live hack to encourage businesses to protect themselves.

The safety of the online world is a hot topic with threats from hackers, criminals, activists, terrorists and even disgruntled employees who target vulnerable firms.

Now the North East Cyber Crime Unit (NERSOU) has teamed up with local police forces to host ‘cyber breakfasts’ in a bid to urge businesses to protect themselves against the growing menace of cyber-crime.

Detective Sergeant Martin Wilson from NERSOU, said: “North East businesses are underprepared when it comes to cyber threats, with many having no contingency plans in place for a crisis.

“Whilst it is easy enough to recognise an insecure window or an unlocked door, it is not always as easy to spot that your computer system has been compromised.

“The purpose of these breakfasts is simple, we want to show businesses how they can be vulnerable to a cyber-attack by demonstrating a live hack with the help of Waterstons, an IT consultancy based in Durham.

“This may all sound like doom and gloom but it is not, we can give you the support to defend against these hacks and are offering a free vulnerability assessment service, which can give you an overview of your ICT weaknesses so you can fix them before cyber criminals find them.”

The free events will take place across the region in Durham City, Darlington and Barnard Castle and it will be a chance for businesses to speak to experts in cyber-crime and enable organisations in the North East to come together to share their experiences and learn from best practice.

“Cyber-crime has been on people’s radars for a while now but it is still an evolving global threat and attacks are incredibly disruptive. It is a growing part of the workload of policing in UK,” said DS Wilson whose team has recently expanded to deal with these type of crimes.

“We are a dedicated team of detectives here to protect businesses and members of the public,” he added.

The post Cyber Security #breakfasts to help #businesses deal with #security #threats appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cybercrime #warning for #homes and #businesses

Source: National Cyber Security – Produced By Gregory Evans

BUSINESSES and households around the region have been warned about the growing danger of cybercrime.

The rise of the internet has led to the potential impact of cyber-theft, cyber-vandalism and even cyber-extortion increasing dramatically, with experts warning that the more we rely on the net, the more potentially vulnerable we become.

Mark Hughes, chief executive of BT Security, said it was “a daunting thought” that there are now about 27 billion devices connected to the internet, more than three times the human population of the world, and that this figure was expected to reach 125 billion by 2030.

Mr Hughes said: “If you think this issue doesn’t affect you and that it is a mainly a matter for governments and large organisations, then think again.

“There are growing indications that small and medium businesses, the bedrock of a regional economy such as the one in Yorkshire and the Humber, are increasingly in the firing line of the criminals, and research indicates that many are unprepared to meet this threat. Research by Accenture showed that 55 per cent of British workers can’t recall receiving cyber security training, whilst one in five weren’t sure they could identify a phishing email – a common method used by cyber criminals to raid personal bank accounts.”

Mr Hughes said BT security team detect 100,000 unique malware samples every day – more than one per second – and protect the BT network against more than 4,000 cyber-attacks daily.

He urged all homes and businesses to take steps to protect themselves from cyber attacks, including updating anti-virus software regularly, installing any patches recommended by the software, investing in regular cyber security training for staff, and reminding staff to be wary of opening suspicious emails or links.

The post Cybercrime #warning for #homes and #businesses appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cyber #security #war games helping #businesses find & #recruit untapped #talent

Source: National Cyber Security – Produced By Gregory Evans

With the cyber security skills gap widening amidst a rise in the overall threat landscape, business are now relying on cyber security war games to find and recruit new cyber warriors whose talents have remained untapped for years.

The Cyber Security Challenge UK Masterclass competition ended on a high earlier this week with 22-year old Mo Rahman emerging as the overall winner, ahead of 41 other talented finalists, some of whom came from abroad to test their skills.

The three-day competition, which involved a team of such finalists breaching a shipping company’s servers and another defending the breach and as well as pin-pointing an insider threat, not only measured their cyber security skills, but also their presentation and leadership skills.

In order to qualify for the event, these cyber warriors had to pass an initial online test conducted by Cyber Security Challenge U.K., followed by competitive one-against-one challenges in real time. All the finalists were then grouped into teams, with each of the teams assigned different purposes.

Even though the competition was held every year since 2010, the organisers made sure that the challenge presented to the finalists this year would be as realistic as possible. The finalists were made to perform forensic analysis, and then to use the results of such analysis to build a case against an insider who was responsible for a breach. They were also made to conduct a live presentation in order to convince fictitious board members.

The purpose of the competition is basically to help industries and businesses hire talented cyber security warriors whose talents would remain hidden but for such competitions. Observers from businesses would not only be able to witness their cyber skills in real time, but also their analytical, communication, and leadership skills, things that are now believed as basic skills that cyber security professionals must possess.

‘This event is designed to mirror challenges faced by leading industry experts, in order to identify the UK’s best talent. Traditional recruitment methods don’t work in the world of cyber-security – often the most talented individuals don’t stand out on paper and events like this allow us to put the best talent in the country in front of many of the leading organisations in the country that are seeking more cyber security skilled workers,’ said Nigel Harrison, acting CEO of Cyber Security Challenge UK.

‘We face a shortage of cyber security professionals, not just here in the UK but worldwide. To address this, we are doing more than ever before to inspire people to pursue a career in cyber security,’ said Caroline Noakes, Minister for Government Resilience and Efficiency.

‘We will continue to work in partnership with organisations like the Cyber Security Challenge UK to make Britain secure, confident and prosperous in the digital world,’ she added.

With the rising cyber threats landscape, the existing cyber security skills gap is not only hurting businesses, the legal community, the media, as well as major industries, but also the country’s critical resources like the police forces, the armed forces as well as the NHS, whose recent encounter with ransomware attacks is well-known.

Recently, an eye-opening research from independent think-tank Reform revealed that only 40 out of 13,500 volunteers working for the UK Police were cyber security experts, and that the force was in dire need of as many as 12,000 volunteers from the civil society to fight the growing menace of cyber crimes which accounted for nearly half of all crimes.

The research paper also recommended the setting up of a new digital academy by the Home Office to offer cyber security training to as many as 1,700 police officers and staff every year. It also urged the Home Office to use administrative savings from accelerating the Government’s automation agenda to set up a £450 million a year capital grant for the forces, and also to use the £175 million Police Transformation Fund to implement a transformational technology.


The post Cyber #security #war games helping #businesses find & #recruit untapped #talent appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Businesses #leaders need to take the #reins with #cyber security

Source: National Cyber Security – Produced By Gregory Evans

Businesses #leaders need to take the #reins with #cyber security

Recent high-profile incidents are yet again highlighting the damage that cyber-attacks can make to a company’s reputation, customer relationships and, of course, bottom line. It tells us one thing – businesses are still not doing enough to combat these threats.

Findings from our Advanced Trends Report 2017reinforces this worrying state of information security, with nearly one in five (18%) British businesses admitting to being unprepared for a cyber-attack. It’s not good enough – in the face of digital disruption, cyber security is critical.

This can’t be stressed enough. While digital innovation presents a huge opportunity for our economy, it also goes hand in hand with a need for greater emphasis on cyber security.

The growing infiltration of, and dependency on, the Internet, along with technology trends such as the Internet of Things (IoT) and Artificial Intelligence (AI), is changing how we do business and therefore widening the area of opportunity for attack. Now more than ever, it is vital that organisations fully appreciate the risks of cyber crime and take the necessary steps to mitigate them.

The consequences for firms that fail to implement robust cyber security measures are stark – ranging from severe operational disruption to financial losses, redundancies or even bankruptcy.

This is echoed by recent high profile attacks, which show that organisations are not detecting attacks quickly enough, are slow to respond to them and do not understand the impact of an attack on their business once it is underway.

What’s more, the ways in which cyber criminals attack are becoming more sophisticated. While the Government has greatly increased its cyber crime budget, it is down to organisations to take control and create a culture of security which needs to be led at all levels and backed up with robust policies created and maintained to reduce and detect risks early and regularly.

A good internal culture will also make the management of data easier, will carry on through to all interactions with external relationships and hopefully encourage clients and partners to be more security conscious too.

Britain’s success in the digital era – dubbed the fourth industrial revolution – therefore goes beyond simply investing in new technologies and techniques. It requires cultural shifts, new business models and the ability to adapt and innovate. But above all, it requires strong leadership.

Responsibility at board level

The increased threat of cyber attacks and impending General Data Protection Regulation (GDPR) place significant responsibilities on business leaders to ensure every employee understands how to protect corporate and personal data.

Unquestionably, the entire leadership team needs to be on board, driving this change. However, according to the same Advanced report, nearly one in three (31%) UK employees have no confidence in the leadership of their company to create and run a modern digital infrastructure. This is very troubling, given that a successful digital infrastructure is dependent on effective security and data protection measures.

Leaders urgently need to get a handle on the regulation and security challenges if they are to move forward in the digital era. They shouldn’t leave anything to chance and should ensure cyber security is high on their agenda, calling on third party experts if they need specialist support. Why? Because the consequences in today’s business landscape are frightening.

While we know a breach can affect a company’s reputation, customer relationships and bottom line, we have increasingly seen leaders lose their jobs as a result – most notably former CEO Dido Harding at TalkTalk. But the repercussions of a data breach or loss would be even more damaging if a company failed to safeguard its data under the GDPR.  Equifax, for example, could have been fined up to $124 million if the regulations had already come into effect.

The bottom line is that cyber resilience is critical for every organisation. No one is immune, which is why cyber security must be a top-level priority for organisations, from the boardroom down. Only then can then leaders (and their employees) confidently adopt innovations like IoT to AI and make the right investments for their digital future.

The post Businesses #leaders need to take the #reins with #cyber security appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Can Cybersecurity Overconfidence Lead To Extinction For Businesses?

Source: National Cyber Security – Produced By Gregory Evans

Can Cybersecurity Overconfidence Lead To Extinction For Businesses?

In the first half of 2017, we have seen plenty of cybersecurity headlines—from the recent WannaCry attack to hacks on Gmail and Chipotle, as well as hundreds of Twitter accounts like CNN, it seems that cyberattacks are increasingly becoming the “norm.” These cybersecurity breaches aren’t to be taken lightly either. Companies can suffer huge financial losses and as importantly, reputational damage that has lasting negative effects on businesses.

Despite high-profile hacks and attacks happening on a more frequent basis, enterprises and small to medium-sized businesses (SMBs) are surprisingly confident in their cybersecurity preparedness. Companies are maintaining that their cybersecurity defence is continually being ramped up, and more investment is being made each year to maintain that level of confidence. There also seems to be a common belief that “it won’t happen to us.” Unfortunately, this belief simply doesn’t hold true.

The Stark Reality

According to research conducted on 400 SMBs and enterprises in the UK and US, almost all businesses – 87 percent – have complete trust in their security techniques and technology. More than half even believe they are less vulnerable than they were 12 months ago. And given that 61 percent said they were about to receive a substantial boost to their cybersecurity budgets, it’s easy to see why businesses are confident in their preparedness.

It’s not just high-level assurance either. When asked, businesses were confident in their ability to tackle very specific threats. For instance, half were certain that if a mobile device was stolen, they would know exactly what data was on that device and the level of risk to the business. Fifty-seven percent were also sure of the measures they have in place to protect clients’ and employees’ personally identifiable information (PII).

For all the self-assuredness, 71 percent still admitted they had been breached in the last year. And with only 29 percent reporting a breach in 2016, businesses’ overconfidence in cybersecurity is somewhat alarming. It’s even more alarming when you consider that 77 percent reported a tangible loss, such as the loss of a customer or partner, monetary loss, or operational impact such as downtime.

The Cost Of Cyber Attacks

In hard commercial terms, what does a cyber-attack cost a typical SMB or enterprise? Beyond the readily identifiable impacts of a lost customer or downtime leading to lost opportunity, what are the wider implications?

When taking into consideration the average number of records held for SMBs (5,000) and enterprises (6,000), along with the standard cost of a stolen record calculated by IBM and Ponemon as £122/$157 (which factors direct and indirect costs, as well as brand damage, and the impact on future customer acquisition), the typical cost of a breach to an SMB is £59,000/$76,000. For a larger enterprise, the average cost is £724,000/$939,000.

No company can afford this degree of liability. So why does the vulnerability exist? And what can businesses do to prevent such attacks taking place?

The Seven Pitfalls Of Cybersecurity

It seems there are seven pitfalls that are opening UK and US businesses to cyberattacks and huge financial liabilities.

The first is inconsistency in enforcing security policies. A security policy is only helpful to businesses if it is enforced and its suitability is regularly checked, but businesses aren’t enforcing their security policies. Only a third can claim their security policies are reliably applied and regularly audited. The rest either only enforce them occasionally, fail to audit them, or have no policies in place at all!

The second pitfall is negligence in the approach to user security awareness training. Training plays a huge role in cybersecurity preparedness, but only 16 percent consider it a priority. A massive 71 percent pay lip service to security awareness as a one-off event at employee on-boarding, or at best are only reinforcing it once a year.

The third, is that businesses also appear to be short-sighted when it comes to the application of cybersecurity technologies. Six out of nine of the top cybersecurity technologies were deployed by fewer than a third of businesses. Web protection, email scanning, and anti-malware had each been rolled out by only 50-61 percent of businesses, but the remaining six (including firewall rules, and patch management) had been deployed by only 33 percent at the most (SIEM), or 25 percent at the lowest (intrusion systems).

The fourth is complacency when it comes to vulnerability reporting. Fewer than a third (29 percent) say their reporting is robust. Surprisingly, 19 percent have no reporting, and a further 11 percent have no plans to investigate the usefulness of vulnerability reporting.

But it’s not just a lack of reporting on vulnerabilities—the fifth pitfall is inflexibility when it comes to adapting processes and technologies after experiencing a breach. After a breach, only 44 percent implemented new technology, and only 41 percent changed their processes.

The sixth is that businesses are stagnant when it comes to applying key prevention techniques, with the majority of businesses failing to adopt the leading prevention techniques. While the most prevalent technique was full disk encryption on mobile and portable endpoints, this was only performed by 43 percent of businesses.

The seventh and final cybersecurity pitfall is lethargy around detection and response. In fact, detection, response, and resolution times have all increased compared to 2016.

Business Best Practice

While it is overwhelmingly clear that SMBs and enterprises are overconfident in their cybersecurity preparedness, this confidence does create an opportunity for managed service providers (MSPs). First, MSPs can offer cybersecurity training to customers. Training can make a huge difference in your clients’ security. Whether it’s offered as a service to build revenue, or it’s given for free to provide retention, training can cut down on the number of security incidents. That translates to fewer emergency calls and, ultimately, happier clients.

MSPs can also prepare their customers with disaster drills—just like marketing teams practice their responses to PR crises, financial services organisations stress test their portfolios, and logistics teams plan for transportation hubs closing down unexpectedly. MSPs can practice disaster events with clients, both in terms of technology and processes, to discover weak points and make improvements. Are the lines of communication and equipment sufficiently robust? Are expectations and metrics reasonable? MSPs are also likely to find a few upsell opportunities while doing so.

But the onus isn’t just on the customer. MSPs also need to make sure that their own security practices are up to scratch. MSPs should review practices and their security technology stack not only for current best practices, but with an eye to the future too. Does security meet the current and future needs of the typical SMB or enterprise? Does it work well across on-premises, cloud, and hybrid environments? Can clients in highly-regulated verticals be served?

Finally, MSPs should determine the partnerships or skills they will need to deal with cyber-attacks. Many security incidents require specialists to handle—so whether it’s warding off DDoS attacks, protecting IoT at an architectural level, or implementing digital forensics incident response, MSPs need to either hire expertise in-house, or partner with someone that can handle these. You never want to have to build new skills in the middle of a crisis.

Preparing For The Worst

Businesses need a stark reality check. While they are confident in the processes they have in place, the truth of the matter is that businesses are failing to implement the technology and techniques that could save them hundreds of thousands of pounds. And businesses are naïve to think that cybercriminals won’t capitalise on this overconfidence. But all is not lost. With the right approach, relationships and tools, businesses can help to ensure that they don’t fall victim, and aren’t yet another headline.

The post Can Cybersecurity Overconfidence Lead To Extinction For Businesses? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Third-party #cyber security failures cost #businesses the #most

Source: National Cyber Security – Produced By Gregory Evans

Third-party #cyber security failures cost #businesses the #most

Third-party cyber security failures are costing businesses the most – up to £1.5m – as security budgets shrink, a study by Kaspersky Lab and B2B International reveals

Companies suffer the greatest damage as a result of cyber security incidents relating to their partners, according to research.

This is the finding of a study examining whether cyber security is a cost centre or a strategic investment by Kaspersky Lab and B2B International.

Incidents affecting infrastructure hosted by a third party cost small businesses £106,000 on average, while large enterprises lost nearly £1.5m as a result of breaches affecting suppliers they share data with, and £1.2m because of insufficient levels of protection at providers of infrastructure as a service (IaaS).

These findings indicate that companies should not only invest in their own protection, but also pay attention to that of their business partners.

As soon as a business gives another organisation access to its data or infrastructure, the report said weaknesses in one may affect them both.

There is a growing list of examples of data breaches that can be traced to third-party suppliers, from the Target breach in 2013, to more recent cases such as insider trading by hacking newswire services and fraudulent tax claims by compromising a feature on the US Internal Revenue Service website that was hosted by a third party.

This issue is becoming increasingly important as governments worldwide introduce legislation requiring organisations to provide information about how they share and protect personal data.

“While cyber security incidents involving third parties prove to be harmful to businesses of all sizes, their financial impact on a company has the potential to result in twice as much damage,” said Alessio Aceti, head of the enterprise business division at Kaspersky Lab.

“This is because of a wider global challenge – with threats moving fast, but businesses and legislation changing slowly. When regulations like GDPR [General Data Protection Regulation] become enforceable and catch up with businesses before they manage to update their policies, the fines for non-compliance will further add to the bill,” he said.

According to the study, 63% of companies are investing in cyber security regardless of return on investment (ROI).

However, the study also shows that businesses around the world are starting to view cyber security as a strategic investment, and the share of IT budgets that is being spent on IT security is growing, reaching almost a quarter (23%) of IT budgets in large corporations.

This pattern is consistent across businesses of all sizes, including very small businesses where resources are usually in short supply. However, while security appears to be receiving a larger proportion of the IT budget, the overall budget is getting smaller. For example, the average IT security budget for enterprises in absolute terms dropped from £19.2m in 2016 to £10.3m in 2017.

As security budgets shrink, the cost of security breaches is going up. In 2017, small to medium-sized enterprises (SMEs) are paying an average of £66,800 per security incident, compared with £65,900 in 2016, while enterprises are facing costs of £756,000 in 2017, up from £655,000 in 2016.

To help businesses with their IT security strategies, based on the industry threat landscape and specific recommendations, Kaspersky Lab has introduced an IT Security Calculator.

The tool is aimed at providing a guide to the cost of IT security based on the average budgets being spent, security measures, the major threat vectors, money losses and tips on how to avoid a compromise.


The post Third-party #cyber security failures cost #businesses the #most appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Local small businesses may be at risk for hackers

Source: National Cyber Security – Produced By Gregory Evans

Local small businesses may be at risk for hackers

In the city of Rockford, small business are on every corner. Each one, a potential target for hackers.

“When you consider that 97 percent of all U.S businesses are small businesses the economic impact of hacking can be astronomical” said Director of Rockford Better Business Bureau, Dennis Horton.

The Better Business Bureau is working to bring awareness to the impact one unknown click can take on a small business.

“90 percent of them are through phishing e-mails. And through those phishing emails usually you will find ransom ware or other malicious software” said Horton.

The owners of Rockford Art Deli, say they’re keeping an eye out for these types of e-mails.

“You know you try to do as much as you can and it can still get through but if it did happen, as a cash based business, they can drain your accounts and you know you’re out until that comes back in” said Rockford Art Deli Owner, Jarrod Hennis.

Hennis says he recently got an e-mail from what seemed to be another local business, but after some digging that wasn’t the case.

“It was a random e-mail from a lender in town actually and it just had a link, everything looked legit when you went and clicked on it. But since I knew nothing was coming and I had nothing in the works, I didn’t click on it. So I kinda did some research on it before we opened it and you could tell it was fake” said Hennis.

Horton says one of most unknown facts is, the business owners are held responsible.

“Their business accounts, their bank accounts, were hacked and they suffered a loss that banks are not responsible for that loss” said Horton.

And being out of business, can be detrimental.

“50 percent of them said that after a month they would probably be out of business, if they were not able to recover that data” said Horton.


The post Local small businesses may be at risk for hackers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures