now browsing by tag
‘Covid-19 has dissolved the line between our digital and physical lives’ | #tinder | #pof | romancescams | #scams
If there was a single word to describe 2020, it would be disruption. The massive disruption in our lives has changed the way we live and work. With most of […] View full post on National Cyber Security
#sextrafficking | Digital Citizenship Education Can Reduce the Rate of Sex Trafficking Among Youth | #tinder | #pof | #match | romancescams | #scams
Startup Fortune, August 20, 2020: Technology plays a key role in in the growth, and prevention, of sex trafficking. In a report by nonprofit We are Thorn, 75% of survivors […] View full post on National Cyber Security
Source: National Cyber Security – Produced By Gregory Evans David Warburton, Principal Threat Evangelist at the cyber threat intelligence product company F5 Labs, discusses how cybercriminals aim to disrupt elections. The UK general election is almost upon us, and it is already turning into one of the most divisive and analysed political events in the […] View full post on AmIHackerProof.com
Unlike the 16-game NFL season, for the eight in 10 companies in the US undergoing digital transformation (DX), there’s no off-season. The journey is an ongoing one that, for IT leaders, can feel like an endurance challenge, not to mention a massive expense, with DX spending predicted to reach nearly $2 trillion in 2022, according to IDC.
Application-centric visibility is key to accelerating DX. By better visualizing, isolating, and understanding application interaction and usage patterns, organizations can accelerate secure deployment of their digital applications and prompt touchdown dances for DX victories both small and large along the way. I mean, who doesn’t want to see a SecOps team do the Ickey Shuffle?
But getting there requires adapting to the speed of the game, or transforming rapidly, which isn’t an easy feat when DX involves complexities like public, private, and hybrid cloud infrastructure and a new breed of multitier applications need to be managed and secured. Much like a wide receiver making plays in double coverage, networking pros have to be able to run fast networks during DX while navigating everything from changing IT environments to regulatory challenges like the General Data Protection Regulation and security demands in the context of escalating cybercrime.
Here are four gridiron-inspired tips that can help see your way to DX success with data, guaranteeing a SecOps Gronk spike:
1. Create a championship culture from top to bottom.
Organizations can take a cue from great sports franchises that develop and maintain a winning culture. Digital transformation is a business imperative and, much like winning, is built on strong technology underpinnings, ultimately focused on driving the culture of the organization. It starts at the board and C-level team with a vision of what you want the company to be in five years and then determining whether or not you have the culture, people, and resources to get there. You have to deliberately become a data-driven culture in every aspect from top to bottom, and treat cybersecurity as a strategic business enabler rather than an obstacle, in order to win at DX.
2. See everything, all the time.
Whether we’re talking turf or network, clear visibility of the traffic is just as important as any other technical skills. Like a pass rusher on the quarterback’s blind side, malware moves and data exfiltration happens across the network in stealth mode — not to mention the complexity of applications operating on-premises, in the cloud, or both. Having a clear line of sight into the organization’s network and application layers lets you visualize your infrastructure, what’s running on it, and how applications are performing and interacting with each other — and from there, extract kernels of insight to guide your DX efforts.
3. Handle complex schemes at top speeds.
Getting 53 professional athletes to master an NFL playbook comes with its challenges, not unlike wrangling the new breed of digital applications. Both require turning complexity into cohesion — and doing so fast. I’m referring to applications with multiple tiers (where each tier is scaled out and there’s a set of microservices), some of which are built in-house, others are built externally, and some come from open source. When the components are sandwiched together, complexity escalates rapidly, which ultimately manifests itself as challenges around securing the applications, as well as ensuring consistent performance and experience. The key to keeping things under control is having the right kind of data to help you understand the interaction, performance, and security characteristics of these applications.
4. Be a good halftime coach.
Good coaches make quick adjustments to position the team for second-half success. NetOps and SecOps teams can relate when it comes to troubleshooting, managing, and securing applications. Whatever the application architecture, once in deployment something at some point is bound to go awry. You need to figure out what’s happening and quickly course correct, but when you’re scaling microservices, it’s hard to troubleshoot just through application instrumentation. By analyzing the network traffic pertaining to these applications, you get immediate actionable data points that can be used to address trouble spots and understand security implications as well. The ability to isolate specific applications or microservices communication streams for deeper inspection would allow the security operations to easily understand access patterns and put in place effective micro segmentation strategies.
The NFL game is faster than ever, and the same can be said for the pace of digital business and the proliferation of cyber threats. The ability to the handle day-to-day challenges while positioning the organization for future success is only possible with the appropriate infrastructure in place. NetOps and SecOps teams are tasked with the development, implementation, maintenance, and security of very complex enterprise infrastructures that prepare their organization for tomorrow, much like NFL teams must draft and develop players for future success. Both must do so while reducing risks, costs, and security threats along the way. With the above-mentioned tips as the foundation of your journey, you can position your organization for success for seasons to come.
Shane Buckley is President and Chief Operating Officer of Gigamon with responsibility for expanding the company’s business and markets worldwide. He brings more than 20 years of executive management experience to the team and joins Gigamon from Xirrus where he was CEO prior … View Full Bio
View full post on National Cyber Security
Source: National Cyber Security – Produced By Gregory Evans The end of November is a busy time in the United States. On Thanksgiving, friends and family gather together to give thanks for good food and good company. Once they’ve put away the leftovers, many Americans don their coats and head to the malls for Black […] View full post on AmIHackerProof.com
#cybersecurity | #hackerspace | Just 12% of ICS Security Pros Very Sure of Orgs’ Ability to Respond to Digital Attacks
Malicious actors are increasingly launching digital attacks against industrial organizations. Many of these campaigns have been successful, particularly those that have targeted energy utilities and manufacturing plants. In late spring 2019, for instance, aircraft parts manufacturer ASCO temporarily suspended operations worldwide after falling victim to a ransomware attack. It was about a month later when […]… Read More
The post Just 12% of ICS Security Pros Very Sure of Orgs’ Ability to Respond to Digital Attacks appeared first on The State of Security.
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/ics-security/ics-security-respond-digital-attacks/
View full post on National Cyber Security
#cyberfraud | #cybercriminals | Cottage Grove Sentinel | Building a Digital Defense Against Medicare Scams
More and more companies are offering services to test your DNA, allowing you to explore your genetic heritage. Eastern European? Chilean? Something super exotic that you never even considered as part of your ancestry? These tests can be spendy, though, so when someone offers you a special deal to do the testing for free, it sounds like a good deal. Scammers know this and have concocted a new scheme to steal your personal information.
Our friends at the Federal Trade Commission (FTC) are receiving reports that callers, claiming to be from Medicare, are asking for personal information, such as Social Security or Medicare numbers, in exchange for a “free” DNA testing kit. The fraudster may make a convincing argument by claiming that the test is a “free way” to get an early diagnosis for diseases like cancer. However, the truth of the matter is that Medicare does not market DNA testing kits to the general public.
Here are some tips on what you can do to avoid being a victim:
If an alleged “government agency” demands personal information or payment, you can be sure it is a scam.
Don’t rely on caller ID. Scammers can make it appear as if they were calling from a government-affiliated number.
Never give anyone who randomly calls you information such as your bank account, credit card, Medicare or Social Security number. Scammers can use this information to either steal your identity and your money.
You can report Medicare imposters at 1-800-MEDICARE and ftc.gov/complaint.
As always, if you have been the victim of this online scam or any other cyber fraud, can also report it to the FBI’s Internet Crime Complaint Center at www.ic3.gov or call your local FBI office.
View full post on National Cyber Security
Tips and recommendations for ways organizations can engage their people and help accomplish all of these goals are available in the NCSAM 2019 Tool Kit. Take advantage of the 2019 Tool Kit and the other resources NCSAM makes available.
The bottom line is that the internet is a great place to learn, to connect, and to have fun through technology. At the same time, we are each responsible for our own safety, privacy, and security online. Cyber security is truly everyone’s business – let’s “Own IT. Secure IT. Protect IT” and become smart digital citizens together.
To learn more, Symantec invites you to join us and partners, The Identity Theft Resource Center and Infolock for a discussion on how to protect your systems and help keep data safe for others. Panelists include Kevin Haley, Senior Director, Symantec Security Technology & Response, Eva Velasquez, President and CEO, Identity Theft Resource Center, and Ryan Lawless, Senior Consultant, Infolock Advisory Services
Register for free here: https://www.brighttalk.com/webcast/13361/371826
For additional information on how you can better protect your personal information and safety online, we invite you to visit the NCSAM 2019 website: https://staysafeonline.org/ncsam/
The post #hacking | Protect IT: Maintaining Your Digital Profile appeared first on National Cyber Security.
View full post on National Cyber Security
Across the energy industries, it’s now commonly recognized that if you have critical infrastructure, you are not only at risk, but will likely experience a cyber incident at some point. So, what can you do to mitigate this risk, and what cyber security myths still exist in the industrial digital journey?
Myth 1 Cyber security is cumbersome
A common perception is that cyber security is too challenging and difficult to implement in a plant or across a fleet. This doesn’t have to be the case. In reality, we just need to acknowledge that the implementation of cyber security practices requires a multi-year strategy. Having a standard baseline and following a reference architecture can provide standardization to help you think through your approach strategically, with standards aligned to your business strategy.
Myth 2 Cyber security is out of grasp
Everyone in the industry is on a digital journey, but not everyone is doing the basics. The tools exist, but often their application is in the IT space, rather than the OT space. When IT and OT are integrated, the benefits of information technology systems used for data-centric computing working alongside operational technology systems used to monitor events, processes and devices can be realized.
Myth 3 Cyber security has a negative impact on operations
Cyber security tools are not just IT tools anymore – they are just as effective in reducing manual maintenance activities to free up resources and time to concentrate on operations. The myth makes us believe the impact will be increased downtime, yet a modern cyber security system should protect industrial vulnerabilities across plants, simplify secure day-to-day operations and support compliance activities, allowing people to focus on revenue-generating operations, not routine security.
Myth 4 Cyber security risks can’t be planned for
It’s ‘not if but when’ when it comes to the real threat of an industrial cyber-attack. While cyber-attacks are impossible to completely prevent against, they can still be controlled and minimized with proper security measures. It’s imperative to have these measures in place before, as well as during and after: whether that’s for a breach of perimeter security or from people or phishing. Implement baseline controls upfront, so that when something happens the organization is ready to deal with it. Then, afterwards, there are ways to minimize the impact and understand which assets and software require immediate focus to minimize the impact. A cyber security life cycle is required to identify what needs to be protected, how this will be implemented, detected, responded to, and how recovery will take place, as well as to ensure ongoing compliance.
It is highly likely that all organizations will eventually experience a security incident. The impact of such events is largely determined by the strength of corporate incident response programs.
Cyber-attacks are real. Across the energy industries, customers are looking for ongoing support and expertise in cyber security. Energy industry professionals know they need to manage risk and threats, but they face several challenges in doing this effectively. Greater knowledge of what is a myth and what is a reality is a something our expertise in this sector can assist with, by increasing awareness and understanding, promoting resilience and optimizing performance.
The reality is that 100% – or absolute security – is not possible. Cyber security is a journey and a process, not a product and an end destination.
Dee Kimata, Global Product Manager – Cyber Security (Energy Industries), ABB
The post Myths and realities of the industrial digital journey appeared first on National Cyber Security.
View full post on National Cyber Security
US cybersecurity software-maker McAfee is now turning its attention to digital wallets as a new revenue stream, against the backdrop of more and more people signing up for these services, The Economic Times reported.
According to the report, McAfee, which has over 25% of its global workforce based in its Bengaluru office, is targeting the space as the number of digital wallet users spiked after the government’s demonetisation initiative.
“India has a large number of digital wallets compared to other countries. While these wallets are expanding to the nether regions of the country, the number of scams is also increasing by the day,” Anand Ramamoorthy, managing director, South Asia, McAfee, was quoted as saying.
“The scale is quite large and so building security features becomes difficult,” he said. “There are various issues a user faces starting from fake apps, fake transactions and a lot more, which are unique cases in India. Looking at all these cases, we are trying to build security that solves it all levels,” he added.
The Economic Times had earlier reported that several scammers were committing fraud by sending false payment confirmation messages to merchants.
Explaining digital wallet security, Ramamoorthy said that the company first tracks how apps are reading into personal data of users on the phone such as address book and photos and then secures that data. He said that in order to add another layer of security, McAfee tries to find the device on a map faster than usual and then backs up the data, locks the device and wipes out the data from the device.
The company is already working with mobile wallet companies but is now sharpening focus to secure the back-end as well as the front-end for consumers.
In another strategic move in March, the company had said that it was extending its cloud security platform to protect Microsoft’s Azure platform that provides cloud services.
Interestingly, this was McAfee’s first joint solution following its acquisition of Skyhigh Networks, a specialist in the cloud security, in November 2017. According to McAfee’s 2017 cloud adoption and security report, nearly 93% of organisations use some form of cloud services.
View full post on National Cyber Security Ventures