Most

now browsing by tag

 
 

#hacking | 2019′s most read Florida political stories in the Tampa Bay Times

Source: National Cyber Security – Produced By Gregory Evans

If 2019 was the calm before the storm, a welcome respite before things get really crazy, then we’re all in for a Cat 5 next year.

The Buzz’s most popular stories in 2019, as measured by the digital analytics firm Chartbeat, reveal a state wallowing in conflict, suffering and impending doom.

Stories related to white nationalism, federal investigators circling the former Democratic nominee for governor, elections hacking, the lingering despair from Hurricane Michael and the NRA’s opposition to a proposed assault weapons ban all resonated with readers.

U.S. Rep. Matt Gaetz, one of the most divisive members of Congress, nabbed two slots in the top 10, courtesy of his bad boy approach to politics. State Rep. Dennis Baxley’s penchant for sponsoring 1950s-style legislation made the list, as did what then appeared as a looming threat to President Donald Trump’s Florida home posed by Hurricane Dorian.

Of all the stories in the top 10, only a profile of Gov. Ron DeSantis could be described as remotely positive. It’s a revealing look at the state’s top politician finding a groove that has had him surging in the polls.

Behold the stories in 2019 that cast a spell on readers.

10. Florida bill would have students learn alternatives to climate change, evolution. (Published online Jan. 28)

Rep. Dennis Baxley, R-Ocala.

TALLAHASSEE — A bill that would allow school districts to teach Florida students alternatives to concepts deemed “controversial theories” — such as human-caused climate change and evolution — has been filed in the state Legislature.

The language of the bill sounds fairly unremarkable, requiring only that schools “shall” teach these “theories” in a “factual, objective, and balanced manner.” But the group that wrote the bill, the Florida Citizens Alliance, says the bill is needed because curriculum currently taught in Florida schools equates to “political and religious indoctrination,” according to their managing director, Keith Flaugh.

The bill’s sponsor, Sen. Dennis Baxley, R-Ocala, said that schools need to teach “different worldviews” on issues like evolution and climate change. He asserts that textbooks now skew toward “uniformity” of thought.

“Nothing is ever settled if it’s science, because people are always questioning science,” Baxley said. “If you look at the history of human learning, for a long time the official worldview was that the world was flat. Anything you now accept as fact comes from a perspective and you learn from examining different schools of thought.”

Both evolution and climate change are well-established fact in the scientific community.

9. A Florida Congresswoman is wondering why she can’t talk openly about Russian election hacking (Sept. 8)

U.S. Rep. Stephanie Murphy, D-Orlando.
[AP Photo | John Raoux] [JOHN RAOUX | AP]

Rep. Stephanie Murphy, the Democrat who represents parts of Seminole County and Orange County, has a bone to pick with the U.S. intelligence community.

In an op-ed column for the Washington Post published earlier this week, Murphy renewed her objection to the lack of public knowledge about Russian attempts to hack into Florida’s electoral system in 2016.

Security officials, Murphy argued, have been less than forthcoming about Russia’s interference efforts. It took Murphy ― and her Republican colleague, Michael Waltz, R-6 ― requesting a private briefing for officials to disclose that two counties had been penetrated by Russians, Murphy writes. And in fact, there may have been even more counties affected. Murphy herself is not sure, she wrote.

8. Hurricane Michael recovery has a big problem: People aren’t donating (Jan. 27)

Mexico Beach, one year anniversary of the landfall of Hurricane Michael. [DOUGLAS R. CLIFFORD | Tampa Bay Times]

PANAMA CITY — More than three months after Hurricane Michael bludgeoned the beachside communities in the Panhandle, dozens of people crammed into the Messiah Lutheran Church on Thursday.

They were there to address enormous questions that hang over their largely lower-income part of the state.

“Affordable Housing,” “Reach Less Fortunate,” were written at the top of a long list of goals for a startup recovery group. Some suggested auctioning off quilts, or holding a car show.

But the reality is they’re going to need millions.

Major donors simply aren’t coming through for Florida’s Forgotten Coast. According to a Times/Herald analysis of contributions to three prominent national charities, donations to Hurricane Michael recovery fall far below donations for recent landmark hurricanes to hit the South such as Florence, Irma and Harvey.

The Salvation Army has received $2.8 million for its Hurricane Michael response. It received a combined $125 million after Harvey, Irma and Maria in 2017.

United Way Worldwide received just under $750,000 for Hurricane Michael recovery. That’s more than $10 million less than it received for its combined fund for Hurricanes Irma and Maria. That’s about $100,000 less than it received for the 2017 Mexican earthquake.

“God, I give you praise and honor for bringing us together … I pray that you will continue to give us the strategic ideas and the resources so that our county shall be a better county than it was before October the 10th,” Pastor Lynva Masslieno said at Thursday’s meeting.

7. Federal subpoena demands records on Andrew Gillum and his campaign for governor (May 30)

Andrew Gillum.

Andrew Gillum is a focal point of a recently issued federal grand jury subpoena that demands information on the former Democratic candidate for governor, his campaign, his political committee, a wealthy donor, a charity he worked for and a former employer.

The subpoena, obtained by the Tampa Bay Times and previously unreported, could reflect a new level of federal inquiry into Gillum, the former mayor of Tallahassee who narrowly lost to Republican Ron DeSantis last year.

Throughout his campaign last year, Gillum insisted he was not a target of a sprawling FBI investigation of Tallahassee City Hall, which has taken at least three years and resulted in three arrests. Last year, he told the Tallahassee Democrat: “Twenty-plus subpoenas have been issued and not one of them has anything to do with me.”

But the recent one does. Previously, the investigation had centered on corruption inside Tallahassee government, including during Gillum’s time as mayor. The newer subpoena is more focused on Gillum’s 2018 campaign and people and organizations with clear ties to him, but with less obvious connections to Tallahassee City Hall.

Gillum, now a CNN contributor, declined to answer specific questions about the subpoena or say whether a subpoena was issued to him. In a statement to the Times, Gillum said: “We stand ready to assist any future review of our work, because I am confident we always did the right thing and complied fully with the law.”

6. Where did this Ron DeSantis come from? Florida’s governor surprises everyone but himself. (Feb. 10)

Casey DeSantis and Governor Ron DeSantis (right) arrive before the game at Camping World Stadium on August 24, 2019 in Orlando, Florida. [MONICA HERNDON | Tampa Bay Times]

TALLAHASSEE — It was a moment lost on Election Night.

As newly elected Gov. Ron DeSantis faced a blockade of TV cameras in Orlando, he told reporters that he had been misunderstood, or “unfairly demagogued,” by political rivals and the media.

At the end of a bitter campaign in which he cast himself as an uncompromising conservative who reveled in his support from President Donald Trump, DeSantis said he was eager to move on and work with those who had tried to defeat him.

Three months later, his short time in office has already shattered assumptions that he would govern exclusively from the right. He has drawn unexpected praise from Republicans and Democrats.

He released a budget proposal that broke the record for spending and contained no major cuts, placing him at odds with staunch fiscal conservatives in the Florida House. As he’s relentlessly traveled the state in a fixer-upper plane, he’s appointed Democrats to key posts, vowed to save the Everglades and urged lawmakers to allow patients to smoke medical marijuana.

“He’s taken a very pragmatic course,” said Tampa Mayor Bob Buckhorn. “I say this as a Democrat and as a mayor: I’ve been really pleased and pleasantly surprised by the course and the decisions he’s made.” He added that until DeSantis took office, he was “an unknown quantity.”

5. Here’s what the NRA’s Marion Hammer had to say about Florida’s proposed assault weapons ban (Aug. 16)

Marion Hammer is the National Rifle Association’s longtime Florida lobbyist.

TALLAHASSEE — Florida National Rifle Association lobbyist Marion Hammer warned state economists Friday that a proposed assault rifle ban would be devastating to gun manufacturers lured to the state over the last eight years.

“Gov. Rick Scott and Enterprise Florida solicited and offered significant financial incentives to gun manufacturers to come to Florida to bring more jobs,” she said.

Hammer, speaking for the first time since back-to-back gun-related massacres in El Paso and Dayton two weeks ago, denounced the controversial amendment meant to address gun violence in Florida.

The amendment would ban the future sale of assault rifles in the Sunshine State and force current owners to either register them with the state or give them up.

But Hammer said the proposed amendment doesn’t protect the more than 150 major gun manufacturers in the state, of which many produce weapons that would be outlawed by the ban. Those companies would be forced to move because they couldn’t possess any new assault weapons, she said.

“If I were the owner of one of these firearm manufacturing companies, I wouldn’t wait to see what voters do,” she said. “If this were allowed to go on the ballot, I’d say, ‘I’m outta here.’”

4. Matt Gaetz’s 2008 DUI arrest resurfaces after jab at Hunter Biden’s substance abuse. Here’s what happened. (Dec. 12)

Rep. Matt Gaetz, R-Fort Walton Beach, seen here when he was a state representative in 2014.

U.S. Rep. Matt Gaetz took a jab at Hunter Biden’s past substance abuse during Thursday’s House impeachment hearings, leading a Democratic colleague to call the Pensacola Republican a hypocrite.

The dust-up started when the Pensacola Republican sought to insert Biden’s name into the articles of impeachment — the latest attempt to redirect the investigation in President Donald Trump to Vice President Joe Biden and his son’s employment with Burisma, a Ukrainian natural gas company.

That’s when things took a strange turn.

“I don’t want to make light of anybody’s substance abuse issue,” Gaetz said. “But it’s a little hard to believe that Burisma hired Hunter Biden to resolve their international disputes when he could not resolve his own dispute with Hertz rental car leaving cocaine and a crack pipe in the car.”

Those watching the hearing online immediately drew parallels between Gaetz’s remark and his own run-in with law enforcement. Gaetz was arrested in 2008 for driving under the influence, though he was never convicted.

3. Further investigation into Matt Gaetz is needed for tweet at Michael Cohen, Florida Bar determines (Aug. 14)

Rep. Matt Gaetz, R-Fla. [ANDREW HARNIK | AP]

An investigation into U.S. Rep. Matt Gaetz will proceed, the Florida Bar said Wednesday, meaning the Panhandle Republican could face discipline for allegedly intimidating President Donald Trump’s former lawyer Michael Cohen.

A grand jury-like panel called the Grievance Committee will next decide whether there is probable cause that Gaetz’s tweet broke the state Supreme Court’s rules for lawyers. Gaetz, one of Trump’s top allies in Congress, is licensed to practice law in Florida.

If the Florida Bar had determined in its initial review that discipline was not warranted, then the case would have stopped. But it has not, meaning the Bar has decided that further investigation is needed.

(SPOILER ALERT: It later cleared Matt Gaetz.)

2. Trump’s Mar-a-Lago is in the projected path of Hurricane Dorian (Aug. 29)

President Donald Trump’s Mar-a-Lago resort is shown, Friday, Aug. 30, 2019, in Palm Beach, Fla. The resort is potentially sitting directly in the path of Hurricane Dorian, which is forecast to become an extremely destructive storm. (AP Photo/Lynne Sladky) [LYNNE SLADKY | AP]

Hurricane Dorian is threatening to strike Florida near Mar-a-Lago, President Donald Trump’s prized South Florida resort.

The storm is projected to make landfall as a Category 4 hurricane on Monday, with Melbourne as the most likely landing spot. That’s about 115 miles north of Palm Beach, where Trump’s ocean-front hotel is situated. Mar-a-Lago remains in the “cone of uncertainty” — the range of potential paths the hurricane could take as it strengthens in the Caribbean.

Previous hurricane models suggested Dorian could pass right through the so-called Winter White House, a frequent destination for Trump’s working vacations. As of Thursday morning, though, the storm’s path has shifted slightly north as it slows its forward motion and intensifies.

1. Memo reveals a House Republican strategy on shootings: downplay white nationalism, blame left (Aug. 16)

A Virgin Mary painting, flags and flowers adorn a makeshift memorial for the victims of Saturday’s mass shooting at a shopping complex in El Paso, Texas, Sunday, Aug. 4, 2019. [Associcated Press]

Congressional Republicans recently circulated talking points on gun violence that falsely described the El Paso massacre and other mass shootings as “violence from the left.”

A document obtained by the Tampa Bay Times and sent by House Republicans provides a framework for how to respond to anticipated questions like, “Why won’t you pass legislation to close the ‘gun show loophole’ in federal law?” and “Why shouldn’t we ban high-capacity magazines?” The answers are boilerplate Republican arguments against tougher gun restrictions.

But it also included this question: “Do you believe white nationalism is driving more mass shootings recently?” The suggested response is to steer the conversation away from white nationalism to an argument that implies both sides are to blame.

“White nationalism and racism are pure evil and cannot be tolerated in any form,” the document said. “We also can’t excuse violence from the left such as the El Paso shooter, the recent Colorado shooters, the Congressional baseball shooter, Congresswoman Giffords’ shooter and Antifa.”

Related: RELATED: Our most read political stories of 2018

Source link

The post #hacking | 2019′s most read Florida political stories in the Tampa Bay Times appeared first on National Cyber Security.

View full post on National Cyber Security

Most Organizations Have Incomplete Vulnerability …

Source: National Cyber Security – Produced By Gregory Evans Companies that rely solely on CVE/NVD are missing 33% of disclosed flaws, Risk Based Security says. A new report shows companies that rely solely on the Common Vulnerabilities and Exposures (CVE) system for their vulnerability information are leaving themselves exposed to a substantial number of security […] View full post on AmIHackerProof.com

#cyberfraud | #cybercriminals | Internet’s most dangerous celebrity searches include Alexis Bledel, James Corden, says computer security company McAfee

Source: National Cyber Security – Produced By Gregory Evans

When it comes to cyber-scams ‘Gilmore Girls’ actress Alexis Bledel is the internet’s most dangerous celebrity.

The computer security company McAfee said searches for Bledel lead to the most malicious and unreliable websites and links.

Late night talk-show host James Corden came in second.

Jimmy Fallon, Jackie Chan and Nicki Minaj also made the top ten.

McAfee has put the list out for 13 years now and cautions against clicking on suspicious websites, reported CNN.

Previous ‘most dangerous’ celebs included Emma Watson, Ruby Rose, Avril Lavigne and Amy Schumer.

Copyright © 2019 KABC-TV. All Rights Reserved.

Source link

The post #cyberfraud | #cybercriminals | Internet’s most dangerous celebrity searches include Alexis Bledel, James Corden, says computer security company McAfee appeared first on National Cyber Security.

View full post on National Cyber Security

The most #notorious #hacks in #history, and what they mean for the #future of #cybersecurity

Source: National Cyber Security News

Where has the time gone? February is almost over, and already we’ve seen several major vulnerabilities and hacks this year! As we head further into what’s sure to be another busy year for cybersecurity, it’s important to take a step back and examine how we got here.

For nearly four decades, cyber criminals have been exploiting the latest and greatest technology for fun, profit and power. In that time, the word “hacker” has taken on many meanings. At first, it referred to mischievous young techies looking to build a reputation on the internet, but it has since become a worldwide title for data thieves, malicious online “entrepreneurs” and geopolitical operatives. The threats and tactics that hackers use have evolved, too – from small-time scams to dangerous worms and earth-shaking breaches.

As a result, the security industry has been in game of “cyber cat and mouse” for the better part of a half-century, looking to evolve security technology to thwart the constant evolution in malware and techniques used by sophisticated threat actors.

Let’s take a look back at the past four decades to assess the most notorious hacks in each era, why they mattered, and how the security industry responded.

Read More….

advertisement:

View full post on National Cyber Security Ventures

PayThink #Users are #compromising #most #security #tech

Source: National Cyber Security – Produced By Gregory Evans

It took Bonnie and Clyde three years to rob about a dozen banks, but the scourge of bankers today is a quiet Russian hacking group called, appropriately enough, MoneyTaker, and they don’t need nearly as much drama to abscond with cash.

Using often tailor-made hack attacks that regularly rely on near-undetectable fileless malware, the MoneyTaker gang has, in barely a year and a half, robbed millions from 20 banks so far and counting. What’s worse is that the gang has stolen data that could let it hijack Swift transactions, leading Swift for the first time to issue a report on cyber-vulnerabilities with the banks it works with.

While hackers usually don’t discriminate, they’ve got no problem attacking servers at hospitals, schools and corporations with trade secrets and valuable intellectual property, banks hold a special place in their heart as that is where the money is, as yet another famous Depression-era bank robber once said.

Once a bank’s security is compromised, hackers can pay themselves from the funds on hand, transferring sums large and small to their accounts. However, with information about the global payment systems like Swift that’s also available only at the bank, hackers can do a lot more damage.

Hackers are getting better at “data mining” all the time. According to Kaspersky, Russian hackers operating just a couple of Darknet marketplaces in 2017 were offering this year an astounding 85,000 servers for sale (meaning, the authentication information that will let a hacker take control of the server), some for as little as $6! In 2016 there were “only” 70,000 such servers for sale, meaning that whatever we are doing to keep hackers at bay, it isn’t enough.

Included in those compromised servers are apparently some containing key Swift information, and it’s just a matter of time before the MoneyTaker gang will also use that information for fun and profit.

How are gangs like MoneyTaker getting away with this, especially with servers belonging to banks which are presumably protected by the latest cybersecurity systems? According to a study by the SANS Institute, it’s the “human factor” that is at work: As many as 95% of all attacks on enterprise networks begin with a spear phishing attack in which hackers dispatch their malware hidden inside email attachments. That attack could consist of trojans that pave the way for malware that allows hackers to take over servers, or the newer fileless malware attacks (where an agent installs itself in memory, hijacking servers for the use of hackers).

Cybersecurity systems, as sophisticated as they are, are clearly not doing the job — and maybe they never will, given that in the end the effectiveness of those systems can be overridden by workers inside the organization. The best systems then are the ones that take away from users and employees any opportunity to override security by responding to the phishing messages that get them, and their organizations, into trouble.

Systems like that need to be able to analyze messages and incoming files for malware or threats, and remove them before passing the file or message on to workers.

In addition, the system has to be robust and innovative enough to arrest malware that is passed on in innovative ways with traditional cybersecurity systems, like sandboxes that are perhaps not up to date on phenomena like fileless malware. With thousands of security systems out there, organizations are understandably confused about what systems are the most effective. But in our opinion, the systems that will perform best are the ones that limit opportunities for spearphishers to have their way with employees.

The post PayThink #Users are #compromising #most #security #tech appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cisco: Most #IoT projects are #failing due to lack of #experience and #security

Source: National Cyber Security – Produced By Gregory Evans

Three quarters of all Internet of Things (IoT) projects are “failing”, according to Cisco’s Australian CTO Kevin Bloch, primarily because they have been designed to solve individual problems, and have become siloed and unsupported as a result.

“The inaugural phase of IoT is characterised by numerous point solutions from a multitude of new — often startup — vendors. Typically, these solutions have been designed to solve a particular societal problem such as lighting or parking. In each case, a complete IT stack needs to be built in support of the solution,” Bloch explained.

“Eventually, customers find themselves with multiple siloes from multiple vendors that don’t interoperate, are not cybersecure, use different protocols, and generate more complexity at greater cost.”

According to Bloch, this is why Cisco is constructing an “IoT Phase 2” foundation, which consists of a platform that is able to cope with multiple different sensors, vendors, applications, and data interchanges.

The CTO added that IoT projects are also failing due to a lack of cybersecurity, qualified skills by those running them, project definition, governance, and support.

Released alongside nine other axioms on the IoT landscape, Bloch said Cisco hopes to aid other companies in launching successful connected solutions by discussing both pitfalls and successes.

The lack of cybersecurity made up a second of his axioms, with Bloch saying that if something is not secured, it should not be connected.

“Cybersecurity crime is already at an all-time high and negatively impacting global economies by upwards of 1 percent of GDP,” he said.

“We are becoming more mobile, we are using more cloud services, and we are expanding IoT deployment to tens of billions of connected things, thereby expanding exploitation and attack opportunities. Our situation will inevitably get worse if we don’t take the right precautions.

“If you don’t secure it, don’t connect it.”

Again, Bloch said that most of the new IoT solutions being brought to market are being developed by companies or startups without any experience — including experience in security.

As a result, he said Cisco is continuing to invest billions of dollars into cybersecurity solutions for IoT, mobility, and cloud. One such product was Cisco’s IoT Threat Defense solutionlaunched in June in an effort to mitigate and solve common security issues threatening the deployment and operation of connected devices, with the networking giant at the time saying many vendors and companies strip security mechanisms out of devices in order to keep them at low cost.

Cisco IoT CTO Shaun Cooley in June explained that as many devices also don’t have the power to protect themselves, network-side security must be emphasised, along with improving processors, enforcing the better labelling of devices, and requiring a notification and approval process prior to allowing connectivity.

The IoT Threat Defense suite is also enabled by Cisco’s network intuitive, which combines the technologies Cisco has been working towards for the past few years: Software-defined networking, software-defined access, network function virtualisation, APIs, and intelligent WAN capabilities.

A third axiom saw Bloch argue that IoT is about collecting data and about the data itself — not about connecting things, with Cisco predicting that connections will cost nothing within a decade.

Under this axiom, Bloch said there are two main components needed to be able to “measure” the physical world and enable automation: Sensing via a camera, sensor, or processor; and connectivity, or the transferring of data measurements to a computer.

“Sensing and connectivity provide data that enable a product to externalise its capabilities and provide a range of new opportunities and services,” he explained.

Another of Bloch’s IoT axioms argued that the key is having the right data, knowing what to ask of the data, and knowing how to find the answers — with the CTO correlating this to another assumption: That by 2025, 40 percent of all data will never make it to the cloud.

“While amassing data may seem important, the critical question to ask is ‘what do you need the data for?’” he said.

“Most organisations already have more data than they can manage, yet most often don’t have the right data. If they did, would they know what to ask of the data? If they are able to formulate the problem, how would they go about finding the answers needed within the data?”

The key for organisations is finding the answers to those three questions by utilising a combination of compute, artificial intelligence, and machine learning, he argued.

Cisco has been focused on providing IoT solutions globally, in June announcing its Kinetic IoT operations platform with a focus on managing connections, “fog” computing, and the delivery of data, which “streamlines the capability of companies bringing their IoT initiatives to market”.

“It’s really a platform for getting data off of your devices,” Cisco SVP and GM of IoT and Applications Rowan Trollope said at the time, adding that it will complement Cisco’s Jasper IoT platform.

“We’re extending from the edge all the way onto the device to provide an amazing platform to get way more data.”

According to Trollope, trillions of terabytes of data is “locked up” on unconnected devices across the world, which Cisco Kinetic could help extract. It will also speed up the time between proof of concept and implementation for customers.

The post Cisco: Most #IoT projects are #failing due to lack of #experience and #security appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Third-party #cyber security failures cost #businesses the #most

Source: National Cyber Security – Produced By Gregory Evans

Third-party #cyber security failures cost #businesses the #most

Third-party cyber security failures are costing businesses the most – up to £1.5m – as security budgets shrink, a study by Kaspersky Lab and B2B International reveals

Companies suffer the greatest damage as a result of cyber security incidents relating to their partners, according to research.

This is the finding of a study examining whether cyber security is a cost centre or a strategic investment by Kaspersky Lab and B2B International.

Incidents affecting infrastructure hosted by a third party cost small businesses £106,000 on average, while large enterprises lost nearly £1.5m as a result of breaches affecting suppliers they share data with, and £1.2m because of insufficient levels of protection at providers of infrastructure as a service (IaaS).

These findings indicate that companies should not only invest in their own protection, but also pay attention to that of their business partners.

As soon as a business gives another organisation access to its data or infrastructure, the report said weaknesses in one may affect them both.

There is a growing list of examples of data breaches that can be traced to third-party suppliers, from the Target breach in 2013, to more recent cases such as insider trading by hacking newswire services and fraudulent tax claims by compromising a feature on the US Internal Revenue Service website that was hosted by a third party.

This issue is becoming increasingly important as governments worldwide introduce legislation requiring organisations to provide information about how they share and protect personal data.

“While cyber security incidents involving third parties prove to be harmful to businesses of all sizes, their financial impact on a company has the potential to result in twice as much damage,” said Alessio Aceti, head of the enterprise business division at Kaspersky Lab.

“This is because of a wider global challenge – with threats moving fast, but businesses and legislation changing slowly. When regulations like GDPR [General Data Protection Regulation] become enforceable and catch up with businesses before they manage to update their policies, the fines for non-compliance will further add to the bill,” he said.

According to the study, 63% of companies are investing in cyber security regardless of return on investment (ROI).

However, the study also shows that businesses around the world are starting to view cyber security as a strategic investment, and the share of IT budgets that is being spent on IT security is growing, reaching almost a quarter (23%) of IT budgets in large corporations.

This pattern is consistent across businesses of all sizes, including very small businesses where resources are usually in short supply. However, while security appears to be receiving a larger proportion of the IT budget, the overall budget is getting smaller. For example, the average IT security budget for enterprises in absolute terms dropped from £19.2m in 2016 to £10.3m in 2017.

As security budgets shrink, the cost of security breaches is going up. In 2017, small to medium-sized enterprises (SMEs) are paying an average of £66,800 per security incident, compared with £65,900 in 2016, while enterprises are facing costs of £756,000 in 2017, up from £655,000 in 2016.

To help businesses with their IT security strategies, based on the industry threat landscape and specific recommendations, Kaspersky Lab has introduced an IT Security Calculator.

The tool is aimed at providing a guide to the cost of IT security based on the average budgets being spent, security measures, the major threat vectors, money losses and tips on how to avoid a compromise.

 

The post Third-party #cyber security failures cost #businesses the #most appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Michigan among #states most #vulnerable to #identity theft, fraud

Source: National Cyber Security – Produced By Gregory Evans

Michigan among #states most #vulnerable to #identity theft, fraud

Michigan ranks among the worst states for identity theft and fraud, a new analysis by a personal finance website shows.

The report by WalletHub put Michigan at No. 6, behind California, Rhode Island, Washington D.C., Florida and Georgia, and just ahead of Nevada, Texas, New York and Connecticut.

The Michigan attorney general’s office, which is charged with protecting consumers, suggested that identity theft and fraud is likely not as bad in the state as the report suggests.

“It could be underreported in other states,” Andrea Bitely, a spokeswoman for the attorney general’s office, said, challenging the report’s results. “The more people in a state, the more likely you are to be up at the top.”

“But,” she added, “the attorney general is not taking this lightly.”

October has been designated National Cyber Security Awareness Month by the U.S. Department of Homeland Security.

WalletHub, which is based in Washington D.C., compared all 50 states and the nation’s capital this week using a data that looked at identity theft, fraud and public policy aimed at keeping personal information out of the hands of thieves.

While Michigan ranked No. 6 overall, it was No. 8 specifically for identity theft, No. 12 for fraud, and No. 10 for public policy.

Michigan was No. 2 for the most identity theft complaints per capita, behind Washington D.C., and ahead of Florida, and No. 4 for the most fraud complaints per capita, behind, Washington D.C., Florida, and Georgia and ahead of Texas.

“Equifax has proven that absolutely no one is immune to cybercrime,” the report said. “In September 2017, the credit bureau announced that it had fallen victim to one of the biggest data breaches in recent history.”

Moreover, the WalletHub report said: “Even credit bureaus, government agencies, and financial institutions — the organizations consumers trust and expect to treat their confidential information with utmost care and security — cannot take enough precautions to prevent such attacks.”

Earlier this month, Equifax announced that 2.5 million more consumers were impacted by the breach than originally thought, bringing the total number of Michiganders with potentially compromised information to 4.6 million.

To raise awareness of identity theft, the state attorney general’s office is holding two free seminars:

  • From 12:05 to 12:50 p.m. Friday at 525 West Ottawa Street, Lansing, in the G. Mennen Williams Auditorium.
  • From 12:05 to 12:50 p.m. Wednesday at 3068 West Grand Blvd., Detroit, in Room L150.

Still, the WalletHub report warned:

“While the federal government and various businesses in recent years have taken more aggressive measures to build up our defenses, criminal strategies continue to evolve and grow in sophistication, keeping consumers vulnerable to identity theft and fraud.”

The post Michigan among #states most #vulnerable to #identity theft, fraud appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Toshiba #Hacking Drama #Enlivens Tech’s Most #Boring Sector

Source: National Cyber Security – Produced By Gregory Evans

Toshiba #Hacking Drama #Enlivens Tech’s Most #Boring Sector

One of the technology industry’s most humdrum sectors found itself some drama in the past few weeks amid a cyber attack and lost production.

NAND flash is important stuff — your holiday snaps and favorite apps depend on it. But amid the rush to sharper displays and high-resolution cameras, few stop to think about the chips inside the iPhone that store all that important (and useless) data.

These are the chips that attracted a bevy of international suitors to the door of Toshiba Corp. earlier this year. Western Digital Corp. and Apple Inc. rely on them, and Bain Capital Private Equity and Foxconn Technology Group wanted more control over them. Bain, teaming up with Apple, won the $18 billion battle for Toshiba’s chip business.

Then came the alleged hack attacks. Digitimes, a Taipei-based tech news site, reported Monday that ransomware forced Toshiba to halt production for a few weeks, cutting output by 100,000 wafers. That’s a big number, equal to around 20 percent of Toshiba’s monthly capacity, according to researcher TrendForce Corp.

In an email reply to Gadfly, Toshiba denied that it suspended production at Yokkaichi,  the site of its NAND factory, and said it wasn’t approached by Digitimes for comment.

Still, a person familiar with the matter told Gadfly that the company was struck by a virus — not ransomware —  in early September that affected some production facilities and prompted Toshiba to advise clients of minor delays in delivery. Since the virus remained within the company, it decided not to disclose which facilities were affected or the exact scale.

Even before the Digitimes report, TrendForce senior research manager Alan Chen had heard the rumors and jumped on the phone to check with his sources: yes, there was some incident at Toshiba; yes, production was affected; no, the scale wasn’t as vast as 100,000 wafers. It was less than half of that, he told Gadfly.

Such a blip highlights the importance of the sector and its lack of transparency. Toshiba is the second-largest supplier of NAND flash with a 17.5 percent share, behind Samsung Electronics Co. on 35.6 percent, TrendForce estimates. What’s more, supply this year is already forecast to fall 2.9 percent short of demand as growth outstrips capacity expansion. Heavy new investment, including 330 billion yen ($2.9 billion) from Toshiba, is expected to bring the industry back into balance next year.

That makes any potential supply constraint a big deal, especially amid concern that the iPhone X is facing production shortages and with numerous other smartphones being introduced from brands including Huawei, Google, Xiaomi and Samsung.
The drama also adds to the opacity of the flash market. Manufacturers have been shutting or slowing lines in order to convert their facilities to better equipment, while some are adding entirely new factories. This process crimps output in the short term, but once the upgrades are complete their capacity jumps, and it’s the scale and timing of these changes that’s made the global supply-demand picture unclear.

As industry stakeholders — including investors and global electronics brands — try to keep tabs, there’s every chance that more rumors and incidents will make the dullest of tech sectors just that little bit more interesting.

This column does not necessarily reflect the opinion of Bloomberg LP and its owners.
Tim Culpan is a technology columnist for Bloomberg Gadfly. He previously covered technology for Bloomberg News.

Source:

The post Toshiba #Hacking Drama #Enlivens Tech’s Most #Boring Sector appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Third party Cybersecurity Failures Cost Businesses the Most

Source: National Cyber Security – Produced By Gregory Evans

While more companies are investing in cybersecurity regardless of ROI (63% in 2017 compared to 56% in 2016), a new study from Kaspersky Lab and B2B International has found that the average cost of a cybersecurity incident is growing. According to the report ‘IT Security: cost-center or strategic investment?’, the…

The post Third party Cybersecurity Failures Cost Businesses the Most appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures