Keep

now browsing by tag

 
 

#cyberfraud | #cybercriminals | FBI gives tips on how to keep your information secure

Source: National Cyber Security – Produced By Gregory Evans

JACKSON, Tenn.– Internet-enabled theft, fraud and exploitation were responsible for $2.7 billion in losses in 2018. The victim could be anyone who uses a connected device, including you.

The Federal Bureau of Investigation says its Internet Crime Complaint Center took in a an average of 900 complaints every day last year, ranging from non-payment scams to pyramid schemes.

Jeremy Baker is one of the people investigating these crimes. To prevent them, he has some tips you can do right at home.

“Just like your personal hygiene, you want to shower every day, you want to bathe, want to smell good, your cyber hygiene is the same thing. Just be in good shape,” Assistant Special Agent-in-Charge Jeremy Baker told WBBJ 7 Eyewitness News.

The first thing he said was to have multi-layer authentication.

“If you log into your email and give your username and password, it won’t let you in just yet. It’ll do at least one other step like text you a code or email a different account a code and you put that in and go in,” he said.

To set that up, go to your email account, click security, and turn on the two-step verification.

Also, check your passwords.

“Think about somebody sitting in their mother’s basement all day trying to guess what your password is. Make it hard for that person to do it,” Baker said.

He said the passwords should be long and unpredictable.

“So, if I’m a Green Bay Packers fan, I shouldn’t make it ‘Green Bay Packers Fan,’” Baker said.

And if you post about the Packers all over social media, hackers might be able to use that.

“I’ve actually seen some huge cases where some industrious and creative criminals tracked executives on social media,” he said. “That is exactly how they got millions of dollars out of these large companies. Because they knew exactly what to say and when to say it and when to hit, based on the executive’s availability or lack-of availability.”

Keeping that safe is as easy as changing the privacy setting on social media from public to private.

But, most importantly, trust your gut. If you see a website or email that doesn’t look secure, don’t click or open it.

“Because those are actually the two biggest things we still see, even as complicated as technology gets, it’s usually caused by people opening or clicking things they shouldn’t,” Baker said.

And, the FBI says give the computer a break and turn it off. If the computer isn’t on, hackers can’t get into it.

“Make it hard for the bad guys to make you a victim,” he said.

Baker also offers a few other tips:

Use different computers for internet use and private use.

Install and keep up with anti-virus protection and software.

Keep your computer, tablet and phones up-to-date with the latest software, as the makers are constantly researching and updating.

And, back up your data.

Source link

The post #cyberfraud | #cybercriminals | FBI gives tips on how to keep your information secure appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | How healthcare organizations can keep security front and center

Source: National Cyber Security – Produced By Gregory Evans

As National Cybersecurity Month came to an end on October 31, it should be stated that security and cybersecurity need care and attention all year long. To effectively protect data in an organization’s trust, security demands constant vigilance and an evolving approach to recognize the shifting nature of threats.

For organizations in healthcare, HIPAA sets the baseline from which to construct a solid security platform.

The first step in that process is a risk analysis. The risk analysis is designed to provide a comprehensive overview of where all data reside, the risks to the data, the likelihood of an event occurring, and then to assign a threat level to every element. A detailed explanation of what goes into a risk analysis has been covered before, so please read the earlier post for a refresher.

young engeneer business man with thin modern aluminium laptop in network server room

WWW.SHOCK.CO.BA/.shock – stock.adobe.com

Finding resources to help an organization conduct the risk analysis are always welcome. The Office for the National Coordinator of Health IT came out with an initial version of a self-conducted risk analysis a number of years ago at this point. Timing with the end of Cybersecurity Month, updates have been made to the tool to further increase usability.

While the tool is a good start, use must be serious and cannot take issues too lightly. It could be tempting to overstate the protective capabilities of an organization or the likelihood of threats. Reviewing a report that does not fully consider all threats or vulnerabilities should result in a funny gut feeling. The reason for that feeling is the unfortunate reality that no system can ever be fully secure these days.

On top of the risk analysis and taking steps to implement effective security measures, there should also be time for reflection on what improvements can be pursued to aid the security posture of organizations. Do sufficient resources, whether monetary or personnel, exist to adequately implement security measures? From that perspective, there are opportunities to pursue new goals and support.

The Do No Harm 2.0 report authored by Robert Lord or Protenus and Dillon Roseen for New America focuses on culture, technology, and workforce concepts to propose an assortment of means to drive the security ball forward (full disclosure, I was honored by Robert Lord to provide feedback throughout the drafting process). Suggestions range from instilling a culture focused on security to government support of education and training on cybersecurity to revising regulations to encourage funding of and collaboration around cybersecurity. The report attempts to establish certain ideals to work towards. While the ideals may not be fulfilled, driving a discussion is an important part of the process as discussion can lead to necessary attention and action.

As initially suggested, security should not receive attention solely in one month of the year. While it is good to have the focus on security at this time and for new reports, tools, and other materials to be published, the need for continued focus also cannot be overlooked. Optimistically, the efforts established annually during cybersecurity month can provide new bursts of energy around year-round activities. When security does not need special focus because it is an ongoing, constant part of daily operations, then some measure of success can be appreciated. Even at that point, there will be no time to rest.

Source link

The post #nationalcybersecuritymonth | How healthcare organizations can keep security front and center appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Ransomware Attacks Keep Growing – Security Boulevard

Source: National Cyber Security – Produced By Gregory Evans

Though ransomware attacks aren’t a recent phenomenon, they do seem to be increasing in frequency and intensity. If society has grown used to these kinds of cyberattacks, that’s about to change—with the reports of 20+ Texas governmental entities recently being simultaneously hit in a coordinated attack, there may be a new and even scarier method of extorting entities for their data.

By definition, ransomware is a type of malware code that uses virtually unbreakable encryption to deny user access to a company’s systems. By the time of the actual attack, the perpetrator has already done reconnaissance to find weaknesses in the chosen system, which they then exploit that to find important data, manipulating the environment to where the affected entity cannot touch its own information. The victim then receives a message demanding some kind of payment—bitcoin being a preferred option—to unlock the files or systems. In short, ransomware operates exactly as a hostage situation seen in films and television shows: The hacker literally hoards the keys to the company’s kingdom, only relinquishing them when their demands are met.

The first known ransomware attack was in 1989 and was conducted using snail-mailed floppy disks. Technology has come a long way since then and today’s attacks are much easier to carry out; they’re more lucrative, as well. Typically, ransom requests generally average around $500 USD—a seemingly tiny sum for entities worth billions. No matter what the amount, these financial after-effects are obviously painful for the victims, and sometimes the companies attacked aren’t always the sole injured party. After the 2018 attack on the City of Atlanta, wherein the ransom was $50,000 USD in bitcoin, the additional remediations totaled more than $2.6 million taxpayer dollars. However, $50,000 is a drop in the bucket for these new attackers in Texas—after their government attack, they’ve demanded a collective $2.5 million, a serious upgrade in reward for their criminal risk.

So what else makes these recent attacks in Texas unique? For one thing, nearly two dozen entities were hit in one fell swoop, something that smacks of more sophisticated methods and patience on behalf of the attacker or attackers. The 2016 Verizon Data Breach Investigations Report said phishing is the No. 1 cause of data breaches, and spear-phishing could be how the Texas criminals gained access to inject their malware. Spear-phishing is the use of targeted emails that, when the recipient clicks on a link in that message, allows the cybercriminal to obtain sensitive information—i.e., credentials—or install that malware into the company’s systems. If this is indeed how the bad actor infected government entities in Texas one by one, it shows some patience to wait until they had an opening into a number of systems, then coordinating the lockup to happen all at once. Local governments are a prime target for these kinds of hacks, and the size of this one has prompted a huge, statewide response.

Though Texas is just the latest victim, what’s scarier is that these cybercriminals and their methods will only get better and more exotic. How long before bots start locking hundreds of systems at once? Already there are ransomware-as-a-service providers that enable even the most novice cybercriminals to hack in with tools such as CryptoWall, Locky and TeslaCrypt. For everyone with data to protect, the idea is terrifying, and society isn’t doing much to help themselves—there is definitely more that could be done.

In the analog world, companies and governments actually play a part in aiding the cybercriminals when they fail to report. Even if they don’t announce the attack publicly, sometimes it’s still obvious that it happened, such as when a local or county government suddenly cannot produce vital records or process things like permits and marriage licenses. Other private companies might be down for a short amount of time, failing over to backup systems, but still in danger of at least temporarily losing some data depending on their backup frequency. As the attacks continue to intensify and grow stronger, companies must take steps to protect themselves and not give the criminals any wiggle room.

So, what are these steps? What can be done to mitigate these attacks and lessen the risk of it happening?

  • Make sure to run the latest patches on systems, as well as the latest versions of applications—even middleware and those on the back end.
  • If there is no InfoSec team dedicated to overall, company-wide security, invest and put one together as soon as possible.
  • Leverage industry-standard (ex: NIST, SANS) and compliance guidelines such as PCI, ISO, HIPAA, etc. to make sure at least most security bases are covered.
  • Educate your employees on how to spot phishing and vishing attempts.

It’s that last point that is most critical. Unfortunately, humans will always be the biggest risk to an organization’s security, and therefore, employee education is key. In this spirit, prepare and execute a robust security awareness campaign and conduct regular training sessions. Then, after you’ve completed the training and education, do it again—keep at it until security isn’t a thought anymore because it’s part of everybody’s routine, daily processes. Ransomware attacks aren’t a new or recent development, but as they continue to develop in strength and the potential for bigger financial penalties continues to grow, it’s always better to be safe rather than sorry.

Source link

The post #cybersecurity | #hackerspace |<p> Ransomware Attacks Keep Growing – Security Boulevard <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#hacking | Ethical Hacking is Evolving – Here’s How Your Company Can Keep Up

Source: National Cyber Security – Produced By Gregory Evans

With the global cost of cybercrime expected to surpass $2 trillion by the end of 2019, it’s no surprise that organizations have sought out unconventional cybersecurity strategies. For years, businesses have encouraged — and even hired on — hackers to unearth their digital vulnerabilities.

To be clear, these hackers aren’t bad guys turned good. Ethical, or white hat, hackers use their computer security expertise to hack into organizations’ digital infrastructure and identify cybersecurity weaknesses, rather than exploit them. The profession isn’t necessarily new, but the ethics surrounding it have begun to evolve.

While 75% of white hat hackers say that no amount of money could turn them into black hat hackers, that leaves 1 in 4 ethical hackers who would switch their hats for the right price — or more recently, the right cause.

While that isn’t to say that all ethical hackers are easily swayed, the promise of a hefty payout or even “hacktivist” glory can be attractive. With this knowledge in mind and sensitive data on the line, businesses must reassess their ethical hacking practices. Before communicating with outside ethical hackers or bringing an ethical hacker onto your team, consider how you can best ensure this practice isn’t endangering your organizations’ data.

Before you continue reading, how about a follow on LinkedIn?

How to hire an ethical hacker

Companies have offered bug bounties to outside hackers for years, but it’s different to invite a white hat into the office — and behind your security perimeter. When hiring an ethical hacker, organizations should reinforce all of the precautions usually taken during the onboarding process to ensure their data and their customers’ is protected.

Remember, ethical hacking is an increasingly accepted and legitimate profession. Therefore, be careful not to treat an ethical hacker like a former (or current) criminal. While the nature of their duties is historically “bad,” that doesn’t warrant a set of guidelines separate from their coworkers. Doing so makes an already traditionally solitary role even more isolating and could make them feel like they are doing something wrong when they are actually helping your business.

Just as you would for any employee that handles or has access to sensitive company data, be sure to make it clear in the ethical hacker’s contract that legal action or other serious consequences are possible should they misuse company data and information. Be sure to thoroughly check their references and obtain a comprehensive history of their career to cover your bases.

Companies should indicate in ethical #hacker’s contract that legal action or other serious consequences are possible should they misuse company data. #respectdata Click to Tweet

It’s also critical that you make an effort to ensure that other employees do not perceive their new coworker as dangerous or untrustworthy because of the nature of their work. Encourage trust and familiarity with team-building exercises throughout the company and education initiatives that help everyone understand the projects the ethical hacker is working on. When there is visibility into what the ethical hacker actually does, the employee feels supported and accepted — and leadership has extra reassurance that the hacking remains ethical.

Approach outside ethical hackers with a set protocol

While you’re rethinking your organization’s policies toward hiring ethical hackers, it’s worth considering how you deal with outside white hats too. Some organizations offer “bug bounties” to those who can find previously unnoticed vulnerabilities in their digital infrastructure. It could be dangerous to overlook these independently operating hackers — over 70% of cyber attacks are financially motivated, so having some sort of compensation is a best practice.

Organizations must be open to all security opportunities

In an environment where cyberattacks are only set to increase, being open to the latest cybersecurity strategies is essential to protecting the digital infrastructure of your organization. While there are some risks that come with ethical hacking, having someone who thinks like and is equipped with the same skills as the bad guys might be the best way to keep your information safe from them.

 


Source link

The post #hacking | Ethical Hacking is Evolving – Here’s How Your Company Can Keep Up appeared first on National Cyber Security.

View full post on National Cyber Security

Cybersecurity #Pros Can’t Keep #Pace with #Threat #Landscape

Source: National Cyber Security – Produced By Gregory Evans

Cybersecurity #Pros Can’t Keep #Pace with #Threat #Landscape

Most (54%) cybersecurity professionals believe the threat landscape is evolving faster than they can respond, with a lack of preparation and strategic thinking endemic, according to RedSeal.

The network resilience vendor polled 600 IT and security decision makers in the UK and US to compile its RedSeal Resilience Report 2017.

It revealed that most respondents feel they are under-resourced (54%), can’t react quickly enough when an incident strikes (55%) and can’t access insight to prioritize incident response (79%).

Just 20% said they’re extremely confident their organization will be able to function as normal in the event of a breach or attack.

What’s more, there seems to be a dangerous disconnect between perceived strengths and reality.

Some 40% of respondents claimed ‘detection’ is their strongest capability, stating it takes an average of just six hours to spot an incident.

However, this flies in the face of many other industry reports, compiled by the likes of Mandiant (99 days) and Trustwave (49 days).

RedSeal also claimed that only a quarter of respondents test their cybersecurity incident response annually, with many saying it’s too resource intensive (29%), outside their budget (27%) or takes too long (26%).

“Their data networks are dynamic. This dynamic nature creates a risk,” RedSeal CEO Ray Rothrock told Infosecurity.

“Given that they report in our research that they last created a map of their entire network on average nine months ago, there’s no way to know precisely if their most valuable assets are accessible to bad actors at the present time. The lag in knowing what the network looks like and where data lives is a crucial factor in being ready for the inevitable.”

The report also revealed that compliance rather than strategy is driving IT security planning for the vast majority (97%) of organizations.

“On the cyber front, digital resilience — the ability to contain the bad guys when they’re inside your network, and protect high value assets like customer data and content from exfiltration — will protect your networks and your vital financial assets,” concluded Rothrock.

“So, it’s important to know your network inside out. Know what is important to your business and your customers, where it is, and make sure it’s secure. Operational resilience means not only being ready, but having a plan and procedures and then rehearsing that action plan.”

The post Cybersecurity #Pros Can’t Keep #Pace with #Threat #Landscape appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Best Practices for Cybersecurity Are Simple and Keep Users in Mind

Source: National Cyber Security – Produced By Gregory Evans

As students, faculty and staff settle into the routines of a new semester, it’s the perfect time for a refresher on cybersecurity. Perhaps this is why October is designated National Cybersecurity Awareness Month. CIOs and CISOs have an opportunity to educate users on the basics of good cyberhygiene before they…

The post Best Practices for Cybersecurity Are Simple and Keep Users in Mind appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

You can’t keep changing men, so ……….

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ You can’t keep changing men, so you settle for changing your lipstick. Heather Locklear The post You can’t keep changing men, so ………. appeared first on Dating Scams 101. View full post on Dating Scams 101

The post You can’t keep changing men, so ………. appeared first on Become007.com.

View full post on Become007.com

Elaborate computer passwords don’t keep hackers away; Guideline creator says

Source: National Cyber Security – Produced By Gregory Evans

Think your password is safe with all those special characters and symbols? You might want to think again. The man responsible for creating password security guidelines has gone back on his word. We do it all day every day; logging onto our computers, emails, apps, racking our brains to remember…

The post Elaborate computer passwords don’t keep hackers away; Guideline creator says appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

LOSD creates detailed plan to keep kids safe

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ Lake Oswego School District has worked with police, fire officials to forge a comprehensive strategy for emergency response. For many years, the Lake Oswego School District has had emergency plans and procedures in place for dealing…

The post LOSD creates detailed plan to keep kids safe appeared first on Become007.com.

View full post on Become007.com

Karamba Is Writing Software to Keep Your Connected Car from Getting Hacked

Source: National Cyber Security – Produced By Gregory Evans

With cars becoming more connected and autonomous, cybersecurity is a constant worry for automakers. They dread the likelihood of intrusions into the connected car from hackers, terrorists, extortionists, and thieves (see “Your Future Self-Driving Car Will Be Way More Hackable”)—not to mention the random 12-year-old with mischief in mind. Apprehensions…

The post Karamba Is Writing Software to Keep Your Connected Car from Getting Hacked appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures