now browsing by tag


PTA bans Tinder and five other dating apps citing ‘immoral content’ | #tinder | #pof | romancescams | #scams

The Pakistan Telecommunication Authority (PTA) has blocked five dating and live streaming applications including the popular Tinder app citing “immoral content”, it said in a statement on Tuesday. The four […] View full post on National Cyber Security

Governor Beshear reports 21 children under the age of five tested positive for COVID-19 Friday | #covid19 | #kids | #childern | #parenting | #parenting | #kids

FRANKFORT, Ky. (WYMT) – Governor Andy Beshear released Friday’s COVID-19 numbers. The governor announced 573 new cases and four new deaths in Kentucky. At least 33,796 Kentuckians have contracted the […] View full post on National Cyber Security

#cybersecurity | #hackerspace | Five ways cyberattacks put manufacturing systems at risk

Source: National Cyber Security – Produced By Gregory Evans

Some industries, like financial services and healthcare, have been targets of cyberattacks since day one. For years, manufacturing seemed far less interesting to hackers, and even C-suite executives at these companies weren’t particularly worried about the risk of attack. However, all that’s changed now that the Internet of Things (IoT) dominates production systems across the manufacturing industry. Although these devices have helped to usher in the era of “smart” manufacturing, they’ve also dramatically expanded the attack surface across global manufacturing systems. One study revealed an average of 5,200 attacks per month on IoT devices in 2018 alone. 

Cyberthreats like NotPetya, WannaCry, Stuxnet, and EKANS are constantly evolving and targeting companies in every industry around the world. But the biggest risk to manufacturing companies is that few of these organizations are truly prepared to counter these types of threats. Here are some of the top risks manufacturers face today:

  1. Extended downtime: While intellectual property theft and ransomware are big threats to any company, the consequences of a major attack are often unique and can be devastating. For instance, a single attack could shut down a plant’s operations or even reconfigure machinery to produce faulty products without anyone realizing it until the human and business costs have skyrocketed. Although the true cost of downtime is hard to quantify, many factories lose an average of 5% to 20% of their productivity due to downtime.
  2. Longer recovery time: Consider that many manufacturers are actually smaller companies that produce parts for larger global enterprises. These smaller manufacturers often lack mature IT security practices to prevent a cyberattack, which not only makes it easier for hackers to infiltrate their systems, it may also make it much harder for these companies to restore operations impacted by a cyberattack.
  3. Loss of trade secrets: A manufacturing company’s systems and processes are often closely kept trade secrets. Guarding this information is not only critical for safety but also necessary to protect the company’s competitive advantage. However, the widespread use of always-on IoT devices offers bad actors countless ways to access devices and systems. Once hackers have gained access, they can potentially hack into the cameras in computers and mobile devices to surveil a physical location. They may also be able to gain access by stealing a third-party vendor’s credentials, which is why manufacturers must gain tighter control over their vendor privileged access management.
  4. Breach of customer confidentiality: For many hackers, customer data is a goldmine, which is why these systems are so frequently attacked. In one instance, cybercriminals breached a manufacturing company’s customer information system and installed malware that remained active for an entire year. The hackers were able to extract volumes of highly confidential customer data such as name, billing address, telephone number, payment card number, expiration date, and verification code. The malware was specifically designed to access victims’ shopping carts to access these details.
  5. Loss of reputation: Once a company’s data has been breached and customers have been impacted (either through production delays or loss of personal information), it’s extremely hard for a company to rebuild those relationships. The larger the deal, the larger the impact outages and delays can have on delivery dates across the supply chain. For manufacturers working with larger customers, a cyberattack that shuts down production can destroy not just the revenue from the deal, but also cause more financial damage from missing contractual agreements. While a company or customer may be entitled to compensation from a manufacturer, it’s much harder to repair the damage to a brand in a highly competitive and high-demand industry.

The good news is, there are solutions to help reduce the threat of malicious attacks through outside or third-party entities such as manufacturing partners and vendors. Stay tuned for our next blog, “Improve security in manufacturing with vendor privileged access management to find out how! 

In the meantime, to learn more about the risk of cyberattacks on manufacturing systems, download our infographic “The Top Remote Access Threats in Manufacturing. 

The post Five ways cyberattacks put manufacturing systems at risk appeared first on SecureLink.

*** This is a Security Bloggers Network syndicated blog from SecureLink authored by Ellen Neveux. Read the original post at:

Source link

The post #cybersecurity | #hackerspace |<p> Five ways cyberattacks put manufacturing systems at risk <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | Ashley Madison users face extortion scam, five years on

Source: National Cyber Security – Produced By Gregory Evans Victims of the Ashley Madison data breach are again under attack, this time, via email. In 2015, ‘Impact Team’ dumped 32 million Ashley Madison users’ personal information, credit card and payment details, passwords, security question answers and ‘preferences’ on the dark web, after Avid Life Media […] View full post on

#cyberfraud | #cybercriminals | What’s next for cybersecurity: five predictions for 2020

Source: National Cyber Security – Produced By Gregory Evans

Cybersecurity has been a hot topic for large and small businesses alike throughout 2019.

Big household names such as British Airways and Marriott have faced record fines from the Information Commissioner’s Office (ICO) for data breaches, and headlines warn of the increasing threat posed by the use connected devices, potentially allowing hackers easier access to our data.

Although many businesses are taking steps to protect themselves against cyber-attacks, there are still many more that are not sufficiently motivated to protect themselves against such threats, or even feel that the threat level doesn’t warrant the investment required to implement adequate cybersecurity protocols.

We expect 2020 will be another eventful year for the ever-evolving cybersecurity industry, and have listed below our top 5 predictions for the year ahead:

1. Tighter integration between DPOs and CISO In the rush to respond to a growing cyber threat, organisations of all sizes have been equipping themselves with the resources and expertise necessary to address privacy and cyber risks. However, this haste has often seen businesses implementing cybersecurity protocols in uncoordinated and therefore more expensive ways, leaving them open to vulnerability from this fragmented approach.

We expect to see senior leadership calling for a coherent, business-wide approach, which could include the application of a single cyber security and data privacy leader to lead and coordinate resources from stakeholders across the business, such as legal, finance and IT. A coordinated strategy with an accountable cybersecurity leader in place will deliver greater resilience against attacks and data loss, and provide a much better response should an incident occur. It will also allow for detailed reporting explaining the specific threats to the business, and a demonstration that these risks are understood and being mitigated against.

2. In-depth incident response rehearsalsCyber incident preparedness training will likely become more sophisticated in 2020, as senior leadership teams start to prioritise the rehearsal of a customised major data breach and evaluate the resulting incident response.

There is a strong business case for rehearsing cyber-attacks, as it can help an organisation identify gaps in policy, reporting, decision authority, supplier services, and technical operations. Any issues identified in a rehearsal can be mitigated against, allowing a more effective response in the event of a real life situation.

3. Increase in attacks on SMEs

With bigger companies investing heavily in cyber defence in recent years, cybercriminals are turning their attention to small and medium sized enterprises (SMEs). Smaller scale ransomware attacks are continuing to pay off for cyber-bandits, and despite small businesses becoming the cyber-attackers’ new easy target of choice, many are unprepared and unaware of the risk.

The security resilience in smaller organisations is still developing, and employing expert help is often seen as unaffordable, making these organisations easier targets. Human error and weaknesses in the supply chain are still areas for concern, however, we expect to see training and technology solutions that will drive down the cost of building cybersecurity resilience. For example, inexpensive training programs will help eliminate the weakest security link in these businesses – people.

The National Cyber Security Centre is the UK’s independent authority on cyber security and publishes a broad range of advice and guidance that can help SMEs. Growing adoption of basic security standards such as Cyber Essentials standard will also help. NCSC oversees the “cyber essentials” certification scheme – a government-backed and industry supported scheme that provides self-assessment certification to help organisations protect themselves against common cyber-attacks and aids compliance with the NIS Regulations.

4. Use of AI to defend against phishing attacks

A business can also face risk from inside the organisation. Phishing scams have become increasingly more sophisticated and are harder to detect. Spear phishing – where cyber criminals have taken their time researching their victim and crafted a bespoke email – is becoming a really big problem, as it’s even harder for the recipient to identify the scam.

In a typical working environment, where employees are busy or distracted, the risk is likely to be higher. However, AI, and machine learning in particular, could be the answer.AI can be put to work analysing emails and noticing patterns of behaviour, suspicious language or metadata, and would intelligently detect and autonomously neutralise phishing emails. We’ve seen a movement towards the use of automation in an effort to reduce the burden on understaffed cyber security teams and increase efficiency.

However, it’s important to remember that AI can also be used against a business, with cyber-criminals making use of it to make their attacks even smarter. Employee training and regular engagement to increase staff awareness, and company-wide response rehearsals, will still be required to combat these attacks and reduce the risk from careless or uninformed staff.

5. Regulatory response to drive up standards

Cybersecurity is not just an IT issue, but a regulatory issue too. Indeed, the financial sector is sitting up and taking notice – the Financial Conduct Authority has seen increasing reports of cyber-attacks that are growing in scale and complexity and has stated: “Firms of all sizes need to develop a ‘security culture’, from the board down to every employee.”

A UK government consultation in 2019 saw the government request industry views to help it understand what barriers were preventing organisations from adopting cybersecurity standards. Home-grown security standards may not be credible if they are not widely adopted internationally and easily auditable.

Although significant changes have been brought about by the implementation of the GDPR (concerned with the security of personal data) and the Network and Information Systems Regulations (concerned with the security of information systems) which both took effect in May 2018, there remains a gap for a cohesive cybersecurity legal and regulatory framework in England and Wales.

The implications of Brexit also provide an icing of uncertainty, and it will important to consider how the UK might chose to adhere to any existing EU security regulations.

Next Steps

Regardless of regulatory attention, or the size of an organisation, businesses must take an increasingly joined-up approach and continue to take steps to improve their defences, or risk severe financial and reputational damage.

The importance of cybersecurity must be promoted at all levels, with a strong senior leadership team ensuring a centrally-managed strategy is in place, and implementing the necessary policies, procedures and training to minimise risk and strengthen incident response.

This article was first published by Data Protection Magazine. 

Source link

The post #cyberfraud | #cybercriminals | What’s next for cybersecurity: five predictions for 2020 appeared first on National Cyber Security.

View full post on National Cyber Security

From #denial to #opportunity – The five #stage #cyber security #journey

From #denial to #opportunity – The five #stage #cyber security #journey

The digital economy is brimming with commercial opportunity for those that embrace new technologies and innovative business models.

Regrettably, one sector which has been quick off the mark to grasp the opportunity is the criminal community.

Cybercrime is already more common than traditional criminal offences. The global outbreaks of WannaCry and Petya earlier this year showed the astonishing speed and scale at which even unsophisticated attacks can spread and underlined how ill-prepared even some big organisations are to protect themselves from criminal cyber activity.

Progress lies in accepting that cyber security is not a single destination but a complex journey. Broadly speaking, there are five stages along the way.

Stage One: Denial – ‘there is no threat’. The hard truth is that all organisations face low-level cyber threats every day, even if they don’t realise it. Criminals don’t only target big business but increasingly go after SMEs and individuals, soft targets that can provide a pathway into more valuable hunting ground.

Every business is a target and must put in place the basics – after all, standard software updates would have defeated WannaCry at first contact.

Stage Two: Worry – ‘let’s spend on the latest security systems and solutions’. The immediate reaction from the board is to throw money at the problem, along with the appointment of a Chief Information Security Officer (CISO).

However, technology isn’t necessarily the priority. Because the weakest link is often human, education is a priority. Once people understand how they fit into the big picture, they can protect themselves and the company, and become a major line of defence.

Stage three: False confidence – ‘we’re sorted, bring it on’ There is no 100 per cent protection against cybercrime. For example, criminals are now turning their attention to the supply chain, where contractors could unwittingly unlock access to their client organisations. Then there is ‘whaling’, a highly targeted form of phishing aimed at impersonating senior people and use their identity to undertake fraudulent financial transactions.

The way to combat false confidence is to relook at policies, question assumptions and investments, and identify emerging risks and issues. Consider all possible scenarios – ransomware (would you pay a ransom, and how?), data breaches, distributed denial of service attacks, sabotage and fraud. Now is the time to plan and prepare for incidents and practise your responses.

Stage Four: Hard lessons – ‘there’s no such thing as absolute security’. Even the best prepared and protected will still experience a security breach. Perhaps new security solutions are a poor fit with the existing IT infrastructure, leaving vulnerable gaps. On balance, it’s better to go with a security product that’s only 80 per cent right, but works with what you already have and employees can use easily.

This is a good point to consider cyber security insurance. The act of choosing/buying a policy will prompt you to think through potential weaknesses and, if the worst happens, you’ll have access to expert help and the resources you need to get the business back on track.

Stage Five: True leadership – ‘we can’t do this alone’. True leaders will accept that this is how the digital world is, and set out to share information and collaborate with their peers to make it ever harder for criminals to succeed.

The cold reality is that every organisation is a target. The best defence is not what you buy but how you behave. And businesses which treat cyber security not a destination but as a journey will be strongly positioned to protect themselves in the evolving digital economy.

View full post on National Cyber Security Ventures

Five #Fundamental #Strategies for #Cybersecurity

more information on sonyhack from leading cyber security expertsSource: National Cyber Security – Produced By Gregory Evans Agencies should focus on the basics to protect against attacks. The government’s effort to balance cybersecurity with continued innovation was underscored last year with the publication of the Commission on Enhancing National Cybersecurity’s Report on Securing and Growing the Digital Economy. The report included key recommendations for […] View full post on | Can You Be Hacked?

Three out of five #Americans concerned #hackers could #spy on them via their #webcam

Source: National Cyber Security – Produced By Gregory Evans

Three out of five Americans concerned hackers could spy on them via their webcam

Avast solutions help users control who can access their webcam to prevent unwanted spying.

In October, we conducted an online survey around webcam security awareness and found that 61% of Americans are concerned hackers could spy on them through their computer’s camera.

They have every reason to be concerned.

Tools that can hack a computer’s webcam are available on the regular web, as well as the darknet, in some cases even for free. Although many computers come with a light that indicates the webcam has been activated, tools can circumvent the light from being triggered.

The survey reveals that Americans are more aware that hackers can spy on them without activating their webcam’s indicator light compared to the global results. Globally, two in every five (40%) respondents are unaware of the threat, while two-thirds of Americans claim they know of the possibility.

Many people, like former FBI Director, James Comey, and Facebook CEO, Mark Zuckerburg, cover their webcam to prevent unwanted spies from watching them. However, despite concerns being high, only 52 percent of Americans have physically covered up their computer’s webcam.

Covering webcams is a good start, but can be an inconvenience if you frequently need to use your webcam. We at Avast understand this inconvenience, which is why we give our users complete control over who can use their camera, without having to physically cover it up. – Ondrej Vlcek, CTO of Avast

Avast’s new feature, Avast Webcam Shield, which comes with Avast Premier, ends webcam spying for good by blocking malware and untrusted apps from hijacking webcams. Furthermore, users have the option of forcing all apps to ask their permission before they can access the computer’s webcam. The same feature is offered in AVG Internet Security, under a different name, Webcam Protection.


The post Three out of five #Americans concerned #hackers could #spy on them via their #webcam appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Five arrested by cybercrime officers investigating Tunbridge Wells hacking

Source: National Cyber Security – Produced By Gregory Evans

A cybercrime investigation by specialist officers has led to five arrests. The Kent and Essex Serious Crime Directorate has been investigating the alleged hacking of a Tunbridge Wells company in April. The hacking resulted in one of its clients paying £25,000 to a third party after receiving a fraudulent email….

The post Five arrested by cybercrime officers investigating Tunbridge Wells hacking appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Five cool things happening for National Cyber Security Awareness Month

Source: National Cyber Security – Produced By Gregory Evans

National Cyber Security Awareness Month (NCSAM) is in full swing. The month and its events have become top of mind for people and businesses in recent years, given the staggering number of recent data breaches and global ransomware attacks. The Equifax data breach, WannaCry ransomware and Petya/NotPetya attacks have dominated the news headlines. So, where…

The post Five cool things happening for National Cyber Security Awareness Month appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures