now browsing by tag


#cybersecurity | #hackerspace | Podcast Episode 3: How the MITRE ATT&CK Framework Can Improve Your Defenses

Source: National Cyber Security – Produced By Gregory Evans

Listen and subscribe to our new podcast! Tripwire’s cybersecurity podcast features 20-minute conversations with the people who protect people from cyber threats. Hosted by Tripwire’s VP of Product Management and Strategy, Tim Erlin, each episode brings on a new guest to explore the evolving threat landscape, technology trends, and cybersecurity best practices. Spotify: Stitcher: RSS: […]… Read More

The post Podcast Episode 3: How the MITRE ATT&CK Framework Can Improve Your Defenses appeared first on The State of Security.

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Ray Lapena. Read the original post at:

Source link

The post #cybersecurity | #hackerspace |<p> Podcast Episode 3: How the MITRE ATT&CK Framework Can Improve Your Defenses <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | How This Barber Uses His Shop To Improve Black Men’s Mental Health

Source: National Cyber Security – Produced By Gregory Evans

The World Health Organization (WHO) reports that one in four people experience mental illness at some point in their life. For Black people around the world those stats are even more staggering. Research indicates that Black/African Americans are 20% more likely to suffer from psychological distress compared to their white counterparts. Within the Black community, mental health conversations and discussing experiences with conditions like anxiety and depression is still taboo, especially for Black men. The media often depicts Black men as aggressive and violent with few representations of them being vulnerable. These perceptions of how Black men should behave likely play a role in why the mental health stigma persists within the Black community. Black men are expected to be stoic and strong 24/7, which can lead to increased feelings of anger, resentment and isolation. Public figures like Charlamagne Tha God, who wrote a book on his experiences with anxiety, are outspoken advocates for Black mental wellbeing and are starting to open up more conversations about Black mental health. Eric “Kleankut” Dixon is a celebrity barber and mental health advocate who uses his barbershop as an outlet for Black men within the community. Eric sat down to discuss why he started his barbershop, his experiences contracting a rare condition, and the transformative power of therapy.

Janice Gassam: Could you share with the Forbes readers a little bit about you, your background and what made you decide to open up your own barbershop?

Eric “Kleankut” Dixon: Well, I was born and raised in Maryland—P.G. County, Maryland, by way of [Washington] D.C. I grew up here and…I’ve always been an artist…and then eventually I became a barber. Unfortunately, I got into barbering because of an infection I got from an inexperienced barber. It affected my scalp really bad. It caused dissecting cellulitis, it’s a rare germ from uncleaned tools…it was a bad experience so I learned to cut my own hair…which led to me becoming really good at it…it became a passion over time. I love working for myself and I love the art form of cutting hair…the best part of it is to be able to have the ability to make people feel good…and look good.

Gassam: How do you feel your barbershop creates a safe space for Black men to feel comfortable communicating?

Dixon: For someone to come to a barber and allow the barber to cut them, there’s a trust factor that you’re already building with your barber. Then, once you build that trust…it’s a place where men go where they can actually be free and take out their stress…whether it’s from a job, home, family…being able to go somewhere and really unwind…learn from others and even be the one to give knowledge to other people.

Gassam: The life of an entrepreneur is very stressful, so what are some forms of self-care that you utilize and what are some self-care practices that Black men should be taking advantage of more?

Dixon: Well…I go to a therapy myself. Just…to keep me focused. It’s always good to unpack. Some things you can’t just talk about with anybody. A therapist is able to dig deep into discovering who you are…so you can be better mentally…I definitely go to my therapist. Honestly, my job can be hard on the body a little bit. I go and I get great massages. I love it! It takes all the tension out of you…also for me, I’m an artist. I like to draw; I like to paint…I love music. I have different playlists for different moods. It relaxes me. I’m starting to read a lot more books as well.

Gassam: How do you use your platform to serve within your community?

Dixon: Now that I’ve realized that I can be a part of helping someone, what I’m doing currently is I am in class to become a Certified Advocate. So, I can be able to assist properly…I know a few therapists that are in the area…having conversations with therapists to have a better understanding of how I can help…being able to connect with other therapists so I can actually have an idea of where I can send Black men who are seeking help…I want to get the information on cost and how to seek the right therapist. Me being that person where, me being transparent about myself and being able to guide someone in the right direction.

Gassam: What are some resources you would recommend for someone reading this interview who wants to speak with a therapist but who has never had one before?

Dixon: I’m having a conversation and trying to figure out how can we help and make therapy more accessible and more affordable as well…there’s Therapy for Black Men…there’s [also] therapy via the web where you can talk to a Black therapist in other states. I know a few folks who do therapy sessions over the computer…what I want to do is get a group of therapists who are interested in creating something that is more accessible and affordable for people…when it comes to searching for a therapist, sometimes certain therapists…you’re not going to feel comfortable with…it’s important to feel like you can be comfortable…that’s the key. Being able to vibe well with that therapist. If you don’t, then it’s okay…that’s one of the main things you have to have with your therapist—being able to get a good vibe and be comfortable.

To learn more about Erik “Kleankut” Dixon, click here.

This interview has been lightly edited for brevity and clarity.

Source link

The post #deepweb | <p> How This Barber Uses His Shop To Improve Black Men’s Mental Health <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | Singapore government pledges to improve data security with new measures

Source: National Cyber Security – Produced By Gregory Evans The Singapore government has pledged to adopt new measures to bolster its cybersecurity posture and improve the way it safeguards public data. The move comes after a series of security breaches involving agencies from the public sector, including one just this week, that compromised personal data […] View full post on

Mimecast acquires Ataata to improve #cyber #security #training

Mimecast Limited today announced it has acquired cyber security training and awareness platform Ataata The acquisition aims to allow customers to measure cyber risk training effectiveness by converting behavior observations into actionable risk metrics for security professionals.

According to research Mimecast conducted with Vanson Bourne, 90 percent of organizations have seen phishing attacks increase over the last year, yet only 11 percent responded that they continuously train employees on how to spot cyberattacks.

The acquisition of Ataata will offer customers a single, cloud platform that is engineered to mitigate risk and reduce employee security mistakes by calculating employee security risk based on sentiment and behavior, while connecting them with relevant training that is content based on their score and recommended areas for improvement.

“Cybersecurity awareness training has traditionally been viewed as a check the box action for compliance purposes, boring videos with PhDs rambling about security or even less than effective gamification which just doesn’t work. As cyberattacks continue to find new ways to bypass traditional threat detection methods, it’s essential to educate your employees in a way that changes behavior,” said Peter Bauer, chief executive officer and founder of Mimecast.

“According to a 2017 report from Gartner, the security awareness computer-based training market will grow to more than $1.1 billion by year-end 2020.  The powerful combination of Mimecast’s cyber resilience for email capabilities paired with Ataata’s employee training and risk scoring will help customers enhance their cyber resilience efforts.”



The post Mimecast acquires Ataata to improve #cyber #security #training appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

How to #improve #cybersecurity with #machine #learning

Leveraging machine learning for cybersecurity
Data breaches and cyber attacks have become harder to deter over the last few years. According to Cisco’s 2018 Annual Cybersecurity Report, for example, the expanded volume of both legitimate and malicious encrypted traffic on the web has made it more difficult for security professionals to recognize and monitor potential threats. As a result, many security professionals are looking to leverage machine learning to advance cybersecurity.

What is machine learning?
Before exploring the ways machine learning can improve cybersecurity, it is important to first understand what machine learning actually is. To begin with, machine learning is not one in the same with artificial intelligence (A.I.), which is part of a broader initiative to enable computers to reason, solve problems, perceive and understand language. Rather, machine learning is a branch of A.I., and involves training an algorithm to learn and make predictions based upon data input. Netflix, for example, uses machine learning and algorithms to make show recommendations, while search engine giant Google uses the technology to collect signals for better search quality.

Monitoring and responding to suspicious traffic
One way machine learning can be used to improve cybersecurity is by monitoring network traffic and learning the norms of a system. A well-trained machine learning model will be able to spot atypical traffic within a network and quarantine an anomaly. Most machine algorithms typically send an alert to a human analyst to determine how to respond to a threat; however, some machine learning algorithms are able to act on their own accord, such as thwarting certain users from accessing a network.

Automating repetitive tasks
Another way machine learning can help propel cybersecurity is by automating several repetitive tasks. For example, during a data security breach, an analyst has to juggle multiple responsibilities, including determining what was exactly stolen, how it was taken and fixing the network to stop similar future attacks. With machine learning, many of these tasks can be automatically deployed, significantly reducing the amount of time it takes to fix the vulnerability in return.

Complementing human analysis
Machine learning can also be used to complement human analysis. For example, in a paper published in 2016, MIT and PatternEx researchers demonstrated an A.I. platform could predict cyber attacks significantly better than existing systems by continuously incorporating input from human experts. Specifically, the team illustrated the platform could detect 85% of attacks, which was approximately three times better than previous benchmarks. It also reduced the number of false positives by a factor of five. Generally speaking, machine learning technologies can be used to provide around the clock analysis, or assist junior analysts who have higher error rates in their ability to assess a threat.

Preventing zero-day exploits
Additionally, machine learning can be leveraged to combat zero-day exploits, which occur whenever a cyber criminal is able to seize upon a software vulnerability before a developer is able to release a patch for it. IoT devices are largely targeted by zero-day exploits since they often lack basic security features. Vendors are typically given a certain amount of time to patch the vulnerability before it is publicly disclosed, depending upon its severity. Machine learning could be used to narrow in on and prevent these sorts of exploits before they have a chance to take advantage of a network.

None of this is to stay machine learning will make cybersecurity perfect. Like any technology, machine learning is a double edge sword. Both cybersecurity professionals and criminals are in an arms race to outsmart each other with machine learning. Although machine learning is effective at preventing the same attack from occurring twice, the technology is challenged to predict new threats based upon previous data. Nor are all machine learning systems created equal. Different machine learning systems have different error rates in pinpointing and responding to threats. And while machine learning can be used as part of a company’s overall cybersecurity strategy, it shouldn’t be relied upon as a sole line of defense.


The post How to #improve #cybersecurity with #machine #learning appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

6 ways to #improve your #cybersecurity #practices

Source: National Cyber Security News

Whether your company is a mid-sized family-owned enterprise or a Fortune 500 entity, likely most of your board directors don’t have backgrounds in cybersecurity.

Most top corporate leaders, including many CIOs, don’t either.

Given that reality, how can a company proactively mitigate cybersecurity risks?

I recently sat down with David Ross, a principal with Baker Tilly specializing in cybersecurity, to talk about some of the steps and strategies companies can employ. Here are some of the thoughts he shared.

1) Educate your board
Boards need to understand the potential risks and how to establish proactive policies that will provide guidance and structure should a breach happen. Cyberattacks are a very real risk, and every board member must understand his or her fiduciary duty to provide oversight regarding risks.

Even if a board has a cybersecurity expert as a director, engaging with an outside consultant can be advantageous. The world of cybersecurity is changing all the time, making multiple perspectives vitally important to understanding and anticipating new threats.

2) Assess company needs and structure
The board, along with the CEO, chief risk officer, general counsel or chief information officer, should decide how to address and staff cybersecurity inside the company.

Read More….


View full post on National Cyber Security Ventures

Four #Proactive #Tips to Improve #Cybersecurity for Small #Businesses

Source: National Cyber Security News

Although the media headlines often highlight major data breaches of large corporations and government agencies, the majority of businesses being hacked are small businesses. Why is this the case? Most small businesses do not have layers of security in place to protect them so attackers consider them low-hanging fruit. According to Verizon’s 2017 Data Breach Investigations Report, 61 percent of data breaches in 2016 affected small businesses. As many of you are aware, the title industry is in the attackers’ direct line of fire. The good news is that effective IT security is not beyond reach. Here are a few cybersecurity tips that can benefit your business.

Network Security

Implementing a network firewall with intrusion detection and prevention capabilities (IDS/IPS) is crucial. A firewall protects your network from malicious traffic and an IDS/IPS system properly monitored can stop a attackers in their tracks. Unmanaged systems do not provide adequate security.

Attackers are working around the clock and so should your security. Performing regular network vulnerability testing, internally and externally, can identify risks and give you the opportunity to remediate before being hacked. Many of the common vulnerabilities that this process could identify include legacy or otherwise unsupported operating systems, poor patch management and exposed systems.

Read More….


View full post on National Cyber Security Ventures

Smart #behaviors that can #improve your #cybersecurity

Source: National Cyber Security – Produced By Gregory Evans

Some of the cybersecurity best practices for advisors are smart moves for consumers, too.

“Don’t make the mistake of thinking of [cybersecurity] as a technology thing. It’s not,” Adam Moseley, managing director of Schwab Business Consulting and Education at Charles Schwab, told advisors Tuesday at Schwab IMPACT 2017 in Chicago.

Much of protecting yourself is about behavior and education, he said. (See infographic below for tips.)

Advisors are right to be worried about cybersecurity. The broader financial services sector has been attacked more than any other industry, according to the 2017 IBM X-Force Intelligence Index.

“It is no longer a matter of if, but when, you’re going to be compromised.”-Adam Moseley, Charles Schwab

The number of attacks on financial services companies rose 29 percent in 2016, to a total 1,684, according to IBM. Over the same period, the number of records breached jumped 937 percent, to 200 million from roughly 20 million — ranking the financial services industry third in number of records compromised.

“It is no longer a matter of if, but when, you’re going to be compromised,” Moseley said.

Advisors and consumers can both benefit from improvement in these areas:

Email habits

“I don’t think there’s a single greater threat to your organizations outside of email,” Moseley said. “We don’t hesitate to click a link, to open an attachment.”

Ransomware, malicious links, social engineering and other common scams all come in via email, he explained.

One smart thing a financial advisor can do is hire an outside firm to send employees test spam, to see what they are opening or clicking when they shouldn’t, he said. It helps firms see how to focus their efforts educating employees.

Be suspicious of any links or attachments in an email, Moseley said. If the email seems to be from a legit source, call the sender to make sure it’s legit before clicking.

It also helps to rethink that information you’re sending in emails, he said. Try to keep personal and sensitive data out of email altogether; if you must send it, look for a more secure method. For example, if you’re reaching out to your financial advisor, many have secure client-access portals where you could submit that tax return or account statement.


Pick a password that’s long. Hackers will have an easier time brute-force cracking an eight-character password than one that has 12 or 15 characters, he said. (That length may mean you think about your password as a phrase rather than a word.)

Unique is key, too. Thieves often try login details captured in one breach at other sites, to see where they might gain access if you’ve reused that combo. Schwab has tracked nearly 1 billion of those so-called credential replay attempts, Moseley said.

Consumers and advisors should both look to implementing additional protections like two-factor authentication where available.

“If you’re not using multi-factor or two-factor authentication and it’s available to you…you’re behaving recklessly online,” Moseley said.

The post Smart #behaviors that can #improve your #cybersecurity appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

IBM’s #Schneier: It’s #Time to Regulate #IoT to Improve #Cyber-Security

Source: National Cyber Security – Produced By Gregory Evans

The time has come for the U.S. government and other governments around the world to start regulating internet of things (IoT) security, according to Bruce Schneier, CTO of IBM’s Resilient Systems.

Schneier delivered his message during a keynote address at the SecTor security conference here Nov. 15. Today everything is basically a computer, whether it’s a car, a watch, a phone or a television, he said. IoT has several parts, including sensors that collect data, computing power to figure out what to do with the collected data and actuators that affect the real world.

“Sensors are the eyes and ears of the internet, actuators are the hands and feet of the internet, and the stuff in the middle is the brain,” Schneier said. “We’re creating an internet that senses, thinks and acts—that’s the classical definition of a robot.

“We’re building a robot the size of the world, and most people don’t even realize it,” he said.

What that means is that internet security is now becoming “everything” security, according to Schneier. As such, he noted that computer security expertise is now needed in the auto industry because cars are now computers and all the lessons of the cyber-world are applicable everywhere.

“Availability and integrity threats are important as real risks to life and property now,” he said. “So now vulnerabilities have very different consequences. There is a difference between when a hacker crashes a computer and you lose your data and when a hacker hacks your car and then you lose your life.”

In Schneier’s view, many of the existing security paradigms fail in the new world of IoT. Whereas traditional software firms and big mobile vendors like Apple and Google have dedicated security teams, the same is not always true for IoT vendors. As such, Schneier said that IoT devices are often not patched quickly, if at all.

“A home DVR could have been part of the Mirai botnet, and likely most people just don’t care so long as the device works,” Schneier said. “Defending against Mirai is hard because it’s not just dropping a patch on Windows and making it go away.”

Time for Regulation

The challenge of cyber-security cannot be effectively solved by industry alone, according to Schneier. Instead, he advocated for government involvement to help regulate technology security. As internet connected devices move into regulated industries, Schneier expects that computer software that has largely been regulation-free will need to change. There are also historical precedents for new technology usage leading to new government agencies and regulations. For example, the emergence of cars, airplanes, radio and television have all led to government agencies and regulation.

“In the 20th century, new technology led to the formation of new agencies all the time,” he said.

There are a lot of problems that markets cannot solve on their own, since markets are typically short-term profit motivated and can’t solve collective action problems, he said. Additionally, Schneier said there is a need to have a counter-balancing force for corporate power.

“Government is how we solve problems like this,” he said.

Schneier expects that there will be a lot of issues that will need to debated and resolved about connected technology regulations, but in his view there really isn’t a better alternative to ensuring cyber-security safety than government regulations. That said, the reason why he was speaking at SecTor was to help raise awareness and get cyber-security professionals engaged in government policy conversations, he said.

“As technologists, we need to get involved in policy, since IoT brings enormous potential and enormous risks,” Schneier said. “As internet security becomes everything security, all security has strong technological components.

“We’ll never get policy right if policy makers get technology wrong,” he said.

The post IBM’s #Schneier: It’s #Time to Regulate #IoT to Improve #Cyber-Security appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures


Source: National Cyber Security – Produced By Gregory Evans

The Homeland Security Department wants to know how biometrics—fingerprints, iris scans, facial images, and other snapshots of a person’s biological characteristics—can be used to help citizens, instead of just surveilling them. DHS has awarded a sole-source contract to the University of Texas at Austin’s Center for Identity, a research unit…

The post DHS THINKS BIOMETRICS CAN ‘IMPROVE DAILY LIFE appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures