finds

now browsing by tag

 
 

Companies #sacrifice #security for #mobile #convenience, survey #finds

Ninety-three percent of organizations recognize that mobile devices present a serious and growing security threat, yet many organizations are failing to take even the most basic precautions, according to a recent report by Verizon.

Almost a third of respondents even admitted to having sacrificed mobile security to improve expediency and/or business performance.

“I think they agree it’s a threat, however they’re probably not as comfortable with the precautions they need to be taking,” says Justin Blair, executive director of business wireless services for Basking Ridge, New Jersey-based Verizon. “There’s a level of awareness that needs to be raised about what are the best practices and how to easily implement them.”

Malware, ransomware and device theft or loss emerged as the top threats that companies are concerned about, and are most likely to cause incidents, according to Verizon’s 2018 Mobile Security Index.

Malware is suspicious software that can infect a device, says Gary Davis, whose title at Santa Clara, California-based cybersecurity company McAfee is chief consumer security evangelist. Ransomware is a type of malicious software that takes over a device until a ransom is paid.

McAfee Labs detected more than 16 million mobile malware infestations in the third quarter of 2017 alone, nearly double the number it saw a year earlier.

Many of these threats can be avoided with some simple education and precautions, Davis says.

First, have your employees download a virtual private network (VPN), which establishes an encrypted channel between your device and the internet, he says. Also encourage them to use unique passwords and pins on their device, he says, noting some people disable these functions.

Only one in seven companies surveyed had four basic security practices in place, including changing all default passwords and encrypting data sent over public networks, Blair says.

Only 49 percent of firms have a policy regarding the use of public Wi-Fi, and only 47 percent encrypt the transmission of sensitive data across open, public networks, according to the Verizon report.

Beyond transmitting data across secure networks, another best practice is to update your apps and encourage employees to do the same, says Adam Schwam, president of Farmingdale-based Sandwire Corp., an information technology firm.

“You’re supposed to update them regularly because there could be security holes in them,” he says.

Still, with so many companies allowing or requiring employees to use their own devices, it gets harder to control what employees do with their phones, he says.

It may pay to issue company-owned mobile devices because they give you greater control from an application standpoint, Schwam says.

“If companies do provide a phone, they have the ability to control everything,” he says.

William Collins, president of NST Inc., an East Northport IT services company, understands this, and that is why he issues his employees their mobile devices.

He also uses mobile device management software that allows him to wipe clean a potentially compromised device, stop emails, etc.

“It helps protect intellectual property on the phone if an employee leaves or it’s stolen,” Collins says.

Beyond that, it pays to have mobile device policies in place, says Shari Claire Lewis, a partner in privacy, data and cyber law at Uniondale-based Rivkin Radler LLP.

This policy should include a requirement that a device be protected by a “robust” password that is changed frequently and that the company has the right to wipe out the contents of the device under certain circumstances, she said.

In terms of best practices, it also pays when dealing with confidential or proprietary information that employees not sign into unprotected public Wi-Fi, Lewis says.

Policies, of course, may vary depending upon the firm.

“Your mobile standards require a reasonableness approach that takes into account the sensitivity of the data you’re accessing and the circumstances in which you access it,” she says.

advertisement:

The post Companies #sacrifice #security for #mobile #convenience, survey #finds appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Homeland #Security’s own #IT security is a #hot mess, watchdog #finds

Source: National Cyber Security News

A government watchdog found that Homeland Security, the federal department in charge of protecting the nation’s cybersecurity, had a litany of security problems of it own.

A newly released report by the department’s Office of Inspector General found many of the agency’s systems, including both unclassified and national security systems containing the highest “top secret” information, were running outdated, unsupported operating systems that in some cases hadn’t been patched with security updates for years.

Some of the vulnerabilities were so serious that they “expose DHS data to unnecessary risks,” said the investigators, and that the agency needed to protect its systems “more fully and effectively.”

According to the report, 64 vulnerable systems on the department’s network lacked the authority to operate — more than a dozen of which were national security systems storing highly sensitive classified information.

That fell short of the department’s target to maintain all of its high-value systems with the correct security updates, patches, and approved configurations to prevent data leaks or breaches.

That included three servers — one at Homeland Security headquarters, and two others run by the Coast Guard and the Secret Service — which were still running Windows Server 2003.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Cisco #report finds #AI & machine #learning still hot #topics in #cybersecurity

Source: National Cyber Security News

Artificial intelligence and machine learning in cybersecurity prove to be hot topics amongst security professionals and they’re looking to spend more on tools that can do those very tasks, according to the 11th Cisco 2018 Annual Cybersecurity Report.

According to the report, machine learning is able to help enhance network security and defences by learning how to detect unusual traffic patterns in cloud and IoT environments.

That technology is in hot demand, particularly as the volume of legitimate and malicious web traffic grows. According to Cisco statistics from October 2017, 50% of web traffic is encrypted. Over a 12-month period, Cisco researchers also spotted a threefold increase in malware samples that used encrypted network communication.

Network encryption is causing challengers for defenders who are trying to identify and monitor any potential threats – however security professionals are eager to adopt machine learning.

While machine learning comes with drawbacks such as false positives, security professionals realise that machine learning and AI technologies are still in their infancy.

The report also found that more than half of all cyber attacks result in financial damages of more than US$500,000 (AU$637,630) including lost revenue, customers, opportunities and out-of-pocket costs.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Department of #Homeland #Security Finds #Cybersecurity #Flaws in First #Responder Apps

Source: National Cyber Security – Produced By Gregory Evans

The Department of Homeland Security found critical cybersecurity flaws in mobile apps being used by public safety official during emergencies in pilot project.

Thanks to a pilot project run by the Department of Homeland Security (DHS) Science and Technology Directorate (S&T), numerous cybersecurity vulnerabilities discovered in mobile apps used by first responders have been patched.

In emergency and disaster situations, mobile devices and apps enable public-safety professionals to receive and share critical information in real-time. The department’s S&T Directorate established the pilot projectin order to test how vulnerable smartphone apps used in the public safety sector are to cyberattack, including ransomware and spyware, and whether certain apps have coding vulnerabilities that could compromise device security, expose sensitive data, or allow for spying.

The pilot-testing project discovered potential security and privacy concerns — such as access to the device camera, contacts or SMS messages — in 32 of 33 popular apps that were tested. In all, 18 apps were discovered to have critical flaws such as hard-coded credentials stored in binary, issues with handling Secure Sockets Layer certificates or susceptibility to “man-in-the-middle” attacks.

Pilot project leaders worked with each app developer to remediate identified vulnerabilities, according to a press release. So far, 10 developers successfully remediated their apps, and as a result of the pilot project, the security and privacy concerns of 14 mobile apps were addressed.
“This pilot project illustrates the efficacy, benefits and value an ongoing app-testing program will provide to the public-safety community and the nation,” says Vincent Sritapan, S&T’s program manager for mobile security research and development. “During the testing phase, numerous cyber vulnerabilities were identified and remediated. This model can be used to ensure all apps used by the public-safety professionals are secured against cyberattacks and other security and privacy weaknesses.”

The post Department of #Homeland #Security Finds #Cybersecurity #Flaws in First #Responder Apps appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Advanced #threats and #insider security #threats top #enterprises’ #cybersecurity #concerns, finds #Alert #Logic survey

Source: National Cyber Security – Produced By Gregory Evans

Alert Logic, a Security-as-a-Service provider for the cloud, has announced the results of a survey conducted with 400 UK cybersecurity professionals to better understand the evolving cyber threat landscape UK companies face.

The survey found that respondents’ confidence in their organisations’ overall cybersecurity posture is moderate to high, with only a fifth (21%) indicating they are not at all, or only slightly, confident in their organisation’s security posture.

When asked about the top challenges facing their cybersecurity teams, respondents cited detection of advanced threats (62%) and detection and/or mitigation of insider threats (48%) as the two top security challenges. Furthermore, 41% lacked advanced security staff to oversee cyber threat management and nearly a third (27%) lacked confidence in their automation tools catching all cyber threats.

“Advanced cyber threats present the most arduous task for cybersecurity professionals, and the survey results bear this out,” said Oliver Pinson-Roxburgh, EMEA director at Alert Logic. “Cyber attacks are increasingly difficult to detect, as the security threats presented by malicious actors become increasingly bold and sophisticated, particularly when attacking web applications.”

Lack of budget (51%), skilled personnel (49%) and lack of security awareness amongst employees (49%) weighed in as the most significant obstacles facing cybersecurity teams, inhibiting their organisations from adequately defending against cyber threats. In addition, when asked about the business impact of security incidents, system downtime was highlighted as having the biggest impact.

Interestingly, revenue impact was only cited as a relatively minor factor (16%), suggesting that either security teams have evolved their maturity to effectively manage risk or lack full visibility into the downstream business impact of security incidents.

Respondents were asked about the likelihood of their organisation being compromised by a successful cyber attack in the next 12 months, compared to last year. Here, the survey found a remarkably even distribution of expectations. Roughly one third (32%) expected that a compromise was likely, while a slightly smaller number (29%) felt that a compromise was less likely.

“Lack of cybersecurity awareness and budget create a strain on an organisation’s ability to combat advanced cyber threats,” said Pinson-Roxburgh. “Organisations must foster an inclusive security culture, and consider security service models if they don’t have the budget for in-house expert security staff; otherwise organisations will continue to expose their IT infrastructure and their sensitive data to risks.”

The post Advanced #threats and #insider security #threats top #enterprises’ #cybersecurity #concerns, finds #Alert #Logic survey appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cyber security majority flacks not involved planning hacks report finds

Cyber security majority flacks not involved planning hacks report findsSource: National Cyber Security – Produced By Gregory Evans The Cyber Aftershock report, created by insurance broker Lockton, surveyed 200 professionals earlier this year. It reveals that just 26 per cent of UK businesses involve their head of PR and communications when planning their response to hacks. This is despite 63 per cent saying reputational […] View full post on AmIHackerProof.com | Can You Be Hacked?

Microsoft finds critical wormable bug lurking in every version of Windows

Source: National Cyber Security – Produced By Gregory Evans

The vulnerability in Windows Search service could let a hacker take complete control over a server or workstation and leverage worm-like spreading capabilities like those found with WannaCry. Microsoft released its August 2017 patches on Tuesday, which fixed 48 security flaws in six of the company’s main products. While 25…

The post Microsoft finds critical wormable bug lurking in every version of Windows appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

American Men Most Attracted to Women With Israeli Accents, Study Finds

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ A recent survey by online dating site MissTravel found that American men were most attracted to women who spoke English with an Israeli accent. Women, on the other hand, were most attracted to men who spoke…

The post American Men Most Attracted to Women With Israeli Accents, Study Finds appeared first on Become007.com.

View full post on Become007.com

Software developers are easy targets for hackers study finds

Source: National Cyber Security – Produced By Gregory Evans

Netsparker Ltd., a company in the web applications security industry, has released survey results showing that most software developers make themselves easy targets for hackers, even when they are behind a corporate firewall. The primary reason is not that their web server software is out of date, however. Instead, it…

The post Software developers are easy targets for hackers study finds appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Study finds hackers could use brainwaves to steal passwords

Source: National Cyber Security – Produced By Gregory Evans

Researchers at the University of Alabama at Birmingham suggest that brainwave-sensing headsets, also known as EEG or electroencephalograph headsets, need better security after a study reveals hackers could guess a user’s passwords by monitoring their brainwaves. EEG headsets are advertised as allowing users to use only their brains to control…

The post Study finds hackers could use brainwaves to steal passwords appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures