more

now browsing by tag

 
 

Online #game designed to #bring more #young women into #cybersecurity #field

Source: National Cyber Security – Produced By Gregory Evans

High school girls will soon have a chance to play as “cyber protection agents” in an online game designed to attract more women into the cybersecurity field.

Delaware is one of seven states to partner with the SANS Institute, a for-profit cybersecurity training company, on the pilot of CyberStart. The online game is designed to teach cybersecurity skills to young people through sets of interactive challenges. The first round of the program engaged 358 students in Delaware and 3,300 across all seven states — but just five percent were women.

The latest version, Girls Go CyberStart, is designed to draw more young women to the game and ultimately the fast-growing cybersecurity field.

“The importance of cybersecurity cannot be understated and I encourage young women in Delaware high schools to take advantage of this opportunity to explore career options in this vital field,” Gov. John Carney said. “Delaware needs a pipeline of talent and a strong workforce to remain competitive in the innovation economy.”

Girl Scouts of the Chesapeake Bay CEO Anne T. Hogan said the organization will encourage its members to play the game. “This program will allow girls to learn by doing, develop important problem solving and leadership skills, and take the lead on their futures,” she said.

The players must complete 10 levels of challenges based around protecting an “operational base” under threat of cyber attack. The game will provide an agent field manual to help overcome the basic technical challenges of cybersecurity.

Registration will open January 29 and run until February 16. The first 10,000 applicants can play the game from February 20-25. More information is available at GirlsGoCyberStart.com.

The post Online #game designed to #bring more #young women into #cybersecurity #field appeared first on National Cyber Security .

View full post on National Cyber Security

Cybersecurity #experts #agree — expect more #ransomware this #year

Ransomware is one of the easiest cyberattacks to detect because it comes with an actual ransom note. However, 2017 gave way to new propagation mechanisms, which automated worming and increased infection rates.

Employee-facing services and technologies are a top concern to cybersecurity professionals. About 40% of employees use personal devices to send work emails and share or access company data without the IT department’s oversight.

The bring your own device policy is challenging for IT departments to combat. Ultimately, the policy leads to unintended shadow IT, which is often the Achilles heel of solid security practices.

Negligent employee actions can cost a company about $280,000 per incident. If the cost were not enough, companies need to come to terms with the fact that 64% of security breaches are caused by ignorant employee actions.

To help companies better track the most high-risk employees​, in terms of their cybersecurity incompetencies, vendors like Microsoft are including simulated ransomware or phishing attacks in their services.

Hackers will always take advantage of human error and poor judgment, so it’s up to security teams to educate line of business employees.

advertisement:

The post Cybersecurity #experts #agree — expect more #ransomware this #year appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

More #countries are #learning from #Russia’s cyber #tactics

When British and US officials blamed Russian military hackers for last summer’s NotPetya ransomware attack, they were confirming long-held suspicions among western governments that Russia is stepping up its hostile cyber capabilities.

The announcement in February was consistent with the recent rhetoric of political and military leaders in the UK and the US as the two countries turn up the heat on Russia and other state adversaries they hold responsible for a string of aggressive cyber attacks. “I think we have been watching nation states grow steadily more aggressive in their use of cyber capabilities,” says John Hultquist, director of intelligence analysis at FireEye, a cyber security company.

February brought a second Russia-related cyber security controversy. On February 16 an indictment filed by Robert Mueller, the US special counsel who is investigating Russian meddling in the 2016 US Presidential elections, charged 13 individuals and three entities with conducting “information warfare” against America.

The work of the Internet Research Agency, a Saint Petersburg-based company accused of creating fake news and setting up phoney US social media accounts to attract online political audiences, may not be a cyber attack in the strictest sense. However, it fits a broader pattern of online warfare being waged by Russian president Vladimir Putin to disrupt the west and its institutions.

Read More….

advertisement:

The post More #countries are #learning from #Russia’s cyber #tactics appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Brace #Yourself For #More than 10 #Billion #Cyberattacks in #2018

Source: National Cyber Security News

The internet is a dangerous place. In 2017 alone, we experienced the Equifax hack, the WannaCry ransomware attack, and the rise of Logan Paul. And according to a new report released by cyber threat research firm SonicWall on Thursday, it’s probably only going to get worse.

SonicWall’s report outlines cybersecurity trends from the past year that are likely to continue into 2018. One of the main takeaways? Malware is back in a big way.

The previous high for yearly malware attacks was set in 2015, before slightly dipping in 2016. But SonicWall found that the incidence of malware attacks shot up again in 2017, setting a new record of 9.32 billion attacks. Last year’s jump was an 18 percent increase over 2017. If the incidence of malware attacks increases at the same rate this year, we could see nearly 11 billion malware attacks in 2018.

It’s not particularly surprising that people are launching cyber attacks with increasing regularity. As technology improves, the barriers to hacking are lessening, and rapid advances in artificial intelligence will make attacks more cost-effective and efficient.

Another key finding from the report is that while total malware attacks increased, ransomware attacks actually dropped by 71 percent.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Is our #smart home #growing more #vulnerable to #hacks?

Source: National Cyber Security – Produced By Gregory Evans

As more of our cameras, speakers, thermostats and locks connect online, they’re increasingly open to meeting up with hackers.

Hackers have come up with new ways to break into your data — sending attacks through our appliances, locks, blinds and anything that connects to the internet. These are part of the so-called Internet of Things (IoT), and hacking attacks sent through these devices “became the preferred weapon of choice,” for starting denial of service attacks last year, says a new report from Arbor Networks, a security software company.

Read More….

The post Is our #smart home #growing more #vulnerable to #hacks? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

More #CEOs to come from the #cyber security #space in #2018

Source: National Cyber Security – Produced By Gregory Evans

Oracle expects to see more chief executive officers to come from the cyber security space in 2018 as part of an effort to boost security.

Arun Khehar, senior vice-president of applications at Oracle Eastern Central Europe, Middle East, Africa, told Gulf News that enterprise security will be company’s top priority for 2018 and much of it will be automated.

With today’s ‘borderless enterprise as a result of cloud, mobile and edge technologies like IoT, he said that there is general consensus that there is no such thing as ‘total security’. As a result, business information can no longer be protected by the IT team trying to create digital castles and restrict access.

“We’ll see an increasing focus on security among companies, especially with new regulations such as General Data Protection Regulation (GDPR) [coming into effect from May 25, 2018] coming in with their associated penalties for failure,” he said.

He added that more companies are expected to turn to the cloud for security as researches show that more mature users recognise that cloud provides better security than on premises environments.

According to research firm Gartner’s latest forecast, worldwide security spending is expected to total $96.3 billion in 2018, an increase of eight per cent from 2017.

With skills continuing to be scarce, Khehar said that security will increasingly feature artificial intelligence/machine learning capabilities. By 2025, autonomous operations will become the catalyst to accelerate enterprise cloud adoption.

By 2025, he said that 80 per cent of cloud operations risk will vanish entirely — a higher degree of intelligent automation will permeate the cloud platform.

“Using machine learning and AI techniques, autonomous operations will anticipate outcomes, take remedial action, and be aware of real-time risks. The top concerns are infrastructure downtime, security threats and vulnerabilities and data protection,” he said.

It’s not just in security that humans can’t keep up, he said, right across the business and across industries; organisations are struggling to make sense of the rapid proliferation of data whether that is in finance, HR, sales or marketing systems or in operations around systems management and security.

Due to the growth in AI, he said that most of us will be chatting with chatbots by the end of 2018.

“We are going to see a new wave of more sophisticated conversational platforms that will be developed; creating chatbots that will feel completely natural to talk to replacing the currently, relatively unsophisticated interfaces,” he said.

Emirates NBD, Mashreqbank, DED, Aramex and Dewa are using chatbots to initiate and carry on conversations with their consumers in the UAE.

“Chatbots will be one of the key technologies that will be found on every organisation’s strategic customer experience road map. Those that get in and adopt them successfully early on will steal a march on the competition,” he said.

There will be a growing number of specialised ‘intelligent bots’ that will interact and learn from each other, he said.

For example, he said that CEOs, CFOs, or employees will be able to inquire about company data. Professionals such as doctors, pharmacists, lawyers, teachers, engineers, and service personnel can retrieve technical information. Citizens and consumers can interact with service organisations.

Oracle expects 2018 to be the year that hordes of smart devices begin to be tamed, as the focus moves away from the ‘things’ themselves to the integrated platforms that will turn IoT data into actionable insights and data-rich business models.

When it comes to IoT, he said that there are three core challenges — integration, analytics and security. “As smart devices share increases volumes of distributed data among themselves, and back into the enterprise, the challenges around these areas will become exponentially more complex,” he said.

The post More #CEOs to come from the #cyber security #space in #2018 appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Get #ready for more #hacks in #2018

Get #ready for more #hacks in #2018

After the year we’ve had, do you need any more convincing that your personal information is constantly being exposed to hackers?

It wasn’t just the Equifax hack, which leaked 145.5 million Social Security numbers, or the WannaCry ransomware attack that locked up our computers and demanded a ransom paid in bitcoins.

Even the security software on millions of our computers became suspect when, for example, the US government banned the widely popular Kaspersky Lab software over concerns about connections to the Russian government. And experts made us question whether we can trust the invisible systems that connect our devices to the internet, like Wi-Fi.

But as scary as all this news is, I don’t recommend putting your fingers in your ears and chanting “fa la la la” until the next hack (though sometimes I’m tempted to do that myself).

The good news is that even as things get worse, you can still do a lot to protect yourself from many types of cyberattacks. In fact, it’s because these trends aren’t likely to turn around in 2018 that you should do all of the following:

Start by backing up your photos, music and other important stuff. Also, update all your software. If you’re not doing these two things, the rest of this is useless.
Next, learn how to adopt some of the increasingly easy-to-use tools for locking down your accounts, like authentication apps, Yubikeys and services like Google Now that come with an authentication tool built in.
Finally, don’t give up on security software — you’ll still need it in 2018 with the way things are going.
Sound like too much work? You should really carve out some time for this stuff. If you’ll permit me to be Debbie Downer for a moment, our security situation is likely to get worse, not better in 2018. Here’s how.

Ransomware will get sneakier, so your backups will be even more important

It’s hard to imagine how ransomware could get much worse. In the WannaCry attack, hackers used NSA hacking tools that leaked into the criminal underworld, repurposing them to launch ransomware at regular computer users.

But the attacks will get stealthier, according to Dave Dufour, vice president of cybersecurity and engineering at Webroot. That’s because hackers are coming up with ransomware attacks that are harder for consumer security products to detect. Instead of running files on your computer that your antivirus software can flag as malicious, hackers will rely more on code that looks legitimate because it runs in programs like Microsoft Word.

Patch your phone, patch your Mac, patch your Windows machine.
Dave Dufour, VP, Webroot
Antivirus tools will have to catch up with that trend to protect consumers. But if you don’t want to wait for that to happen (and you shouldn’t), you can keep backups of your files on the cloud and on external devices, Dufour said.

“If you back it up, you don’t have to care about ransomware,” Dufour said.

There’s one more thing you should do to prevent the pain of ransomware. Consider the ransomware attacks of 2017: “Many of them could have been mitigated by patching your systems,” Dufour said. “Patch your phone, patch your Mac, patch your Windows machine.”

Data breaches will continue, so don’t just rely on passwords

The passwords you and I use daily are a terrible security tool that we only rely on because nothing better has come along.

I mean, really, if someone said they’d protect your bank account with a key that anyone can copy at any moment, you probably wouldn’t use it. But that’s what we do with passwords.

Fortunately, that’s beginning to change. More ways to log in and unlock devices came on the scene this year, and you can expect more in 2018.

Apple made the biggest splash here by introducing FaceID in the iPhone X — the first widely available device using facial recognition technology. FaceID raised privacy concerns and inspired attempts to fool the technology with masks. But if users find it as simple and intuitive to use as Apple’s Touch ID fingerprint system, it will add your face to the list of biometrics that can lock down your accounts.

Better security is getting easier

There’s another tool for keeping your accounts secure that’s getting safer and easier to use, though it’s not quite as futuristic and sexy as a 3D scan of your face.

It’s called two-factor authentication.

This system works by adding another step to your login process, so just having your password isn’t enough for malicious actors to get into your accounts. I know, that’s more work for you, and remembering your password is hard enough. But if you use it, you’ll get to feel smug instead of scared the next time there’s a data breach like the one that, as we learned in October, affected all 3 billion Yahoo accounts.

Popular services are adopting more convenient ways for you to use two-factor authentication. In 2017, Facebook started letting you use a piece of physical hardware called a Yubikey to verify your identity. You plug in the device to your computer’s USB drive and tap it to get into your account. Google introduced Google Prompt, which lets you tap a button on your phone to verify your identity when you log into your accounts.

That’s way easier — and safer — than the industry standard of years past, which was entering in a one-time code sent by SMS to your phone.

Security software is still your friend

Things got a little weird this year with security software like antivirus scanners and password managers. Kaspersky antivirus software was banned from US government computers and taken off the shelves by some retailers. Password manager LastPass patched a big security flaw, and OneLogin got hacked. And dozens of antivirus apps on the Google Play store turned out to be malicious.

Security software will continue to be a target for hackers, who would love to trick you into downloading a malicious tool with high-level access to your computer or phone. But that software is still the best (and sometimes only) way to stop some of the most prevalent hacking attacks.

Unless you’re some kind of memory savant, password managers are the only sensible way for you to use unique passwords on all your accounts. That helps keep one data breach at, say, Yahoo, from letting hackers access more of your accounts.

And despite concerns about compromised or outright malicious antivirus scanners, the software hasn’t outlived its usefulness yet. That’s according to Jerome Segura, a security researcher at Malwarebytes, a firm that focuses on catching malicious code that traditional antivirus software can’t catch.

“It’s important to have security software, especially if you’re running Windows,” Segura said.

All that being said, these steps only mitigate damage caused by hackers. As the companies that protect and store our data keep getting compromised, we’ll likely all receive another helping of apologies and free credit monitoring in 2018.

“You are kind of at the mercy of companies if they get hacked,” Segura said.

View full post on National Cyber Security Ventures

Expect more #hackers for #hire in 2018 – #researchers

Source: National Cyber Security – Produced By Gregory Evans

Washington – After a year marked by devastating cyber attacks and breaches, online attackers are expected to become even more destructive in 2018, security researchers said on Wednesday.

A report by the security firm McAfee said the ransomware outbreaks of 2017 offer just a taste of what’s to come as hackers develop new strategies and “business models”.

McAfee researchers said that as ransomware profitability fades in the face of new defences, hackers will turn to new kinds of attacks that could involve damage or disruption of computers and networks.

Attackers will also look to target wealthy individuals and aim at connected devices which offer less security than computers and smartphones.

“The evolution of ransomware in 2017 should remind us of how aggressively a threat can reinvent itself as attackers dramatically innovate and adjust to the successful efforts of defenders,” said Steve Grobman, McAfee’s chief technology officer.

McAfee also predicted wider use of cyber attacks “as a service”, allowing more hackers for hire to have an impact.

Commercialise hacking

Raj Samani, chief scientist at McAfee, said the events of 2017 showed how easy it is to commercialise hacking services.

“Such attacks could be sold to parties seeking to paralyse national, political and business rivals,” Samani said.

McAfee’s 2018 Threats Predictions Report also said privacy is likely to be eroded further as consumer data – including data involving children – is gathered and marketed by device makers.

“Connected home device manufacturers and service providers will seek to overcome thin profit margins by gathering more of our personal data – with or without our agreement – turning the home into a corporate store front,” the McAfee report said.

The report said parents “will become aware of notable corporate abuses of digital content generated by children”, as part of this effort to boost profitability.

McAfee said it expects some impact for the May 2018 implementation of the European Union’s General Data Protection Regulation, which limits how data is used and sold and which would affect companies with operations in the EU.

The GDPR regulation “makes 2018 a critical year for establishing how responsible businesses can pre-empt these issues, respecting users’ privacy, responsibly using consumer data and content to enhance services, and setting limits on how long they can hold the data”, said McAfee vice president Vincent Weafer.

The post Expect more #hackers for #hire in 2018 – #researchers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cybersecurity: The #Tech #Companies More #Important than the #FANGs.

Source: National Cyber Security – Produced By Gregory Evans

The products and services provided by the behemoths of the tech industry may seem indispensable, and the most fundamental features of the technological environment, however, there are a group of less glamorous firms that arguably are the necessary foundations of the whole industry: cybersecurity firms.

Cybersecurity is defined as the measures taken to ensure protection against unauthorised or criminal use of electronic data.

The world has become acutely aware in recent years that data is the new oil- and reserves are plentiful and exponentially growing. The amount of data in the digital world is growing so rapidly due to trends such as the ‘internet of things’ and ‘bring your own device’ (BYOD); the enormous amount of devices connected to the internet makes data abundant and cybersecurity a constant war ground.

The main antagonist in the cybersecurity realm is ransomware which is a pernicious software emanating from cryptovirology that poses the threat of making a victim’s data public, or permanently blocking access to it, unless a ransom is paid.

Therefore, as more data is created, more ransomware will inevitably be deployed. The ubiquity of ransomware is debilitating for anyone with data and internet access, but it represents a pot of gold for cybersecurity firms – the mercenaries of the technological age.

The Casualties

Everyone reading this will likely be aware of some large organisation that has been attacked by ransomware during 2017. Ransomware victims range from multinational companies such as Equifax and WPP to state institutions such as the NHS.

One of the most malicious attacks that has been seen was this year’s ‘WannaCry’ attack, which impacted 230,000 computers and 10,000 companies throughout 150 countries.

WannaCry infected 47 NHS hospitals, starkly highlighting the callous nature of these attacks. They are not just against multi-billion dollar institutes that are considered to line the pockets of the top 1%, but are also instigated much like actual warfare and terrorism, with no consideration for the innocence or relevance of its victims.

No sector is immune from cyber attacks and over 20% of institutions in financial services, education, entertainment, media, IT and telecoms have all been targeted recently.

One reason for the rapid increase in attacks is that it is becoming increasingly easy to launch a malware attack due to the ability to hire malware. By having the option to hire malware, criminals can launch attacks online with rented viruses which in turn opens up the battlefield to low-skilled, street criminals as well as highly-educated criminals.

The Figures

The opportunities available to cybersecurity firms are plentiful, providing they have the ability to innovate and stay ahead of the malware. The industry is so dynamic as attackers are constantly evolving and producing more vicious, efficient attacks and providing cybersecurity firms can produce the solutions to these attacks: they are indispensable to helpless victims.

The growth that has already been witnessed in this industry is evidence of the huge future potential for growth: the global cybersecurity market was worth $3.5bn in 2004, $64bn in 2011, $138bn in 2017, and is projected to be worth $232bn by 2022.

Furthermore, the US Bureau of Labor Statistics reports that by 2024 there will be an increase in the demand for cybersecurity staff by 36% – double the demand compared to digital workers in other fields.

The vast increase in demand for workers in cybersecurity corroborates the notion that this industry is on track to being one of the most important and lucrative sectors out there.

The Firms

Fortinet is arguably the market leader in cybersecurity and has a very large, diverse product base which enables it to trade with large and small firms. Its reports from 2017 Q1 showed a 20% increase in revenue and an increase in net income of 410% YTD, taking it to $10.7 million. Fortinet’s expected revenue for the entire year is estimated at $1.77bn.

CyberArk Software primarily focuses on protecting internal digital infrastructure, keeping privileged accounts safe, which includes the most sacred and hence potentially dangerous data.

In essence, if an attack manages to breach an initial firewall, CyberArk’s security will keep the crown jewels safe. CyberArk currently has flat earnings but is debt free and has amassed cash assets of $287m.

Furthermore, CyberArk is one of the pioneering companies in the industry and has an impressive client list of 3,200 and does business with 45% of Fortune 100 companies. Additionally, CyberArk acquired Conjur this year ($42m) which will allow it to expand into other areas of security.

Palo Alto Networks focuses on protecting data infrastructure and sells its products and services to 85 of the Fortune 100 companies. This year adjust EPS rose 32.6% to $0.61 and the 3Q revenue report showed a record of $432m, as well as gaining the second highest number of new customers since the business began.

Going Forward

It is clear that the growth potential for cybersecurity is enormous. In fact, some might even say that it is terrifying how dependent society will be on this industry in the near future. People must also not approach cybersecurity in a myopic sense and assume that it only has applications for large firms that have the capital to pay high-price ransoms.

The futuristic phrase of ‘cyberwarfare’ may seem reserved for the cinema screens, however, if hackers sitting in their bedrooms can wreak havoc on some of the biggest institutions in the world, imagine what a government-funded group of experienced, ruthless ‘cyber soldiers’ could do. Less than 10 countries have nuclear capabilities but any country with an internet connection could have access to cyber arms.

Conclusion

Finishing on a more positive note, cybersecurity is currently one of the most highly paid careers in technology with 39% of its employees earning more than £87,000 and 75% earning more than £47,000.

In the past, one would have to risk their lives for almost no remuneration to complete patriotic duty. Now, one can fulfil this moral craving whilst sitting at home, rather than in a dilapidated barracks.

The post Cybersecurity: The #Tech #Companies More #Important than the #FANGs. appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Ports to #spend more on #cybersecurity as #digital #investments rise

Source: National Cyber Security – Produced By Gregory Evans

If there was one positive effect of the string of cyberattacks the world witnessed in 2017, it was that a clear message was sent: cybersecurity is no longer an option for supply chain professionals. In fact, it may even be up to those professionals to ensure cyber resilience.

Cyber risk is unlike any other digital threat previously left to the IT department, because it requires participation from every person, and every link in the value chain. Most companies today rely on third-party SaaS providers for pivotal business functions, and these maintain valuable and proprietary data. If this indirect supplier, however, is not secure — neither is the buyer.

The most recent disruption from a cyberattack sheds valuable insight upon the importance of security to ports. A.P. Moller – Maersk’s systems were attacked in June, costing the company up to $300 million and completely shutting down the carrier’s fully automated port terminal in Rotterdam. That same attack also targeted FedEx, which suffered days of disruptions to its TNT Express network, impacting European supply chains.

Previously, carrier and port provider choices were made mainly on cost or lead time advantages. But, when considering various service providers, procurement professionals also consider risk. Labor disruptions have led shippers to reconsider their options in the past, will cyberattacks do the same?

The post Ports to #spend more on #cybersecurity as #digital #investments rise appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures