now browsing by tag


5 ways to be a bit safer this Data Privacy Day – Naked Security

Source: National Cyber Security – Produced By Gregory Evans Today is Data Privacy Day. As we say every year, Data Privacy Day is more than just a 24-hour period when you try to keep safe online. It’s a day to think about changes you can make in your digital life that will keep you safer […] View full post on

#cybersecurity | #hackerspace | 5 Security Trends and Predictions to Watch in 2020

Source: National Cyber Security – Produced By Gregory Evans

The 2019 cybersecurity landscape was once again littered with attacks. From the resurgence of ransomware to mega data breaches, cybercriminals continue to target organizations and individuals around the world. In addition to the sheer volume of attacks in 2019, the industry also witnessed a mix of old and new threats with hackers using their standard playbook of phishing, botnets, malware, and DDoS to launch more sophisticated attacks with artificial intelligence (AI) and machine learning (ML).

But threats were not the only things that evolved in 2019. The technology being developed and used to counter these attacks – as well as the corporate “value” assigned to security – also continued to evolve. Organizations are investing more in security research teams and bug bounty programs, and new training resources are helping companies reduce insider threats.

As we move into 2020 and the new decade, there have been a lot of cybersecurity predictions and trends grabbing headlines. Here are five that caught our attention:

1) The Shortage of Qualified Cybersecurity Professionals Worsens

The lack of skilled cybersecurity professionals continues to be a paramount issue for the industry as it moves into 2020. According to the 2019 Workforce Report from (ISC)2 there are currently approximately 1.3 million open cybersecurity positions worldwide. In the U.S. alone, CyberSeek currently shows more than 500k job openings (with an average base salary of approximately $96,000 USD). To help change this trend, the industry must continue to take a multipronged approach that not only focuses on creating technology that empowers professionals, but also building on formal education and development programs, and expanding the talent pool. Interested in understanding the job satisfaction level of current security professionals? This recent Help Net Security article explores that dynamic in more detail.

2) Will You Be Cloud Smart?

Cloud everything continues to rise, including concerns with cloud data loss, unauthorized access, misconfiguration, encryption and more. As a matter of fact, 93% of organizations are moderately to extremely concerned about cloud security. But how organizations adapt to these cloud security challenges will be interesting in 2020. There’s no shortage of predictions around this topic as some experts predict a rise in misconfiguration leading to more breaches, while others look to new SaaS SIEM solutions and alliances to move the market forward. Check out these articles from Solutions Review and Forbes to learn more.

3) Artificial Intelligence and Machine Learning as a Tool for Us and Them

When it comes to cybersecurity, metaphorically speaking, humans are the tortoise and threats are the hare. While we might not be able to keep up with the sheer volume of attacks hitting networks, innovation around AI and ML are helping to accelerate early identification of and response to these threats, especially new ones. Unfortunately, hackers are already using this technology to acquire knowledge for AI models, to better conceal malicious code in applications, and much more. As we move into 2020, we could see new AI-modeled malware that evades sandboxing or AI-enabled spear phishing that further increases attacks at scale. Read more about the impact of AI and ML in cybersecurity with these articles from CISO, CIO, and Security Magazine.

4) Cybersecurity and Risk Management Tops Priority List for CIOs

According to the National Association of State Chief Information Officers (NASCIO), cybersecurity is the number one priority when it comes to 2020 strategies, policies and management processes. Security Enhancement Tools claimed the fourth spot on their list of Top 10 Technologies (with Cloud Solutions, Legacy App Modernization and Data Analytics rounding out the top three). Interestingly enough, Forrester Research’s 2020 predictions focused on a different set of challenges that includes talent acquisition and retention, data strategies, and automation. Can you guess what tops the list for CFOs? Check out this Crain’s New York Business article to find out.

5) The IoT Security Problem Grows

The rise in IoT devices continues to present challenges for security teams tasked with securing corporate networks. With IoT attacks up significantly in 2019 (Kaspersky reported an increase from 12 million in the first half of 2018 to 105 million in the first half of 2019), it’s no surprise that many in the industry predict major growth around this attack vector, as hackers enlist compromised devices to launch large scale attacks. Combating this threat means organizations must increase the attack surfaces they monitor, utilize new solutions that simplify management, and reduce the false-positive security alerts that often plague IoT solutions. A recent article from CISO Magazine outlines some of the more unique attacks, which include an Internet-connected gas station and connected coffee machine attacks.

This list easily could have included 10-20 more fascinating trends, predictions, and challenges. We’ll be sure to keep a keen eye out to see what hits and what misses in 2020.

* * *

If you enjoyed this post, you might also like:
18 Cybersecurity Statistics and Research Figures Summarizing 2019

5 Network Security Takeaways from the 2019 Threatscape Report

3 Ways Cloud Adoption is Changing the Role of the CISO

*** This is a Security Bloggers Network syndicated blog from Bricata authored by Bricata. Read the original post at:

Source link

The post #cybersecurity | #hackerspace |<p> 5 Security Trends and Predictions to Watch in 2020 <p> appeared first on National Cyber Security.

View full post on National Cyber Security

How to Get the Most Out of Your Security Metrics

Source: National Cyber Security – Produced By Gregory Evans There’s an art to reporting security metrics so that they speak the language of leadership and connect the data from tools to business objectives. Much is at stake when reporting security metrics. This data is critical for management to evaluate security programs and justify further investment […] View full post on

#hacking | Russian Cybercrime Boss Burkov Pleads Guilty — Krebs on Security

Source: National Cyber Security – Produced By Gregory Evans Aleksei Burkov, an ultra-connected Russian hacker once described as “an asset of supreme importance” to Moscow, has pleaded guilty in a U.S. court to running a site that sold stolen payment card data and to administering a highly secretive crime forum that counted among its members […] View full post on

#cybersecurity | #hackerspace | Smaller Companies Need to Step Up Their Cyber Security Efforts

Source: National Cyber Security – Produced By Gregory Evans

Whenever we hear about major cyber security attacks such as data breaches, it’s typically larger enterprises that are the victims. That makes sense, considering those events can potentially impact a lot of people and therefore are more likely to grab headlines and garner attention.

But that doesn’t mean small and mid-sized companies (SMBs) are immune to such attacks. In fact, smaller organizations are frequent targets of cyber incidents, and they generally have far fewer resources with which to defend themselves.

A recent study by the Ponemon Institute, which conducts research on a variety of security-related topics, presents a clear picture of the cyber security challenges SMBs are facing. The report, “The 2019 Global State of Cybersecurity in SMBs,” states that for the third consecutive year small and medium-sized companies reported a significant increase in targeted cyber security breaches.

For its report, Ponemon conducted an online survey of 2,391 IT and IT security practitioners worldwide in August and September 2019, and found that attacks against U.S., U.K., and European businesses are growing in both frequency and sophistication.

Nearly half of the respondents (45%) described their organization’s IT posture as ineffective, with 39% reporting that they have no incident response plan in place.

Cyber criminals are continuing to evolve their attacks with more sophisticated tactics, and companies of all sizes are in their crosshairs, noted Larry Ponemon, chairman and founder of the Ponemon Institute. The report shows that cyber attacks are a global phenomenon, as is the lack of awareness and preparedness by businesses globally, he said.

Overall, cyber attacks are increasing dramatically, the report said. About three quarters of the U.S. companies surveyed (76%) were attacked within the previous 12 months, up from 55% in a 2016 survey. Globally, 66% of respondents reported attacks in the same timeframe.

Attacks that rely on user deception are on the rise, the study said. Overall, attacks are becoming more sophisticated, with phishing (57%), compromised or stolen devices (33%), and credential theft (30%) among the most common attacks waged against SMBs globally.

Data loss is among the most common impact of cyber security events. Worldwide, 63% of businesses reported an incident involving the loss of sensitive information about customers and employees in the previous year.

SMBs around the world increasingly are adopting emerging technologies such as mobile devices and apps, the Internet of Things (IoT), and biometrics, despite having a lack of confidence in their ability to protect their sensitive information.

Nearly half of the survey respondents (48%) access more than 50% of their business-critical applications from mobile devices, yet virtually the same portion of respondents said the use of mobile devices to access critical applications diminishes their organization’s security posture.

Furthermore, a large majority of respondents (80%) think it is likely that a security incident related to unsecured IoT devices could be catastrophic. Still, only 21% monitor the risk of IoT devices in the workplace.

The report also suggests that biometrics might finally be moving toward the mainstream. Three quarters of SMBs currently use biometrics to identify and authenticate users or have plans to do so soon.

Small and mid-sized companies can take several steps to bolster their cyber security programs. One is to educate users and managers throughout the organization about the importance of strong security and taking measures to keep data safe.

Because so many attacks begin with employees opening suspicious email attachments or clicking on links that lead to malware infestations or phishing, training users to identify these threats is vital. Companies can leverage a number of free training resources online to help spread the word about good security hygiene.

Smaller companies, particularly those will limited internal cyber security skills, can also consider hiring a managed security services provider (MSSP) to help build up a security program. Many of these firms are knowledgeable about in the latest threats, vulnerabilities, and tools, and can help SMBs quickly get up to speed from security standpoint.

And companies can deploy products and services that are specifically aimed at securing small businesses. Such tools provide protection for common IT environments such as Windows, macOS, Android, and iOS devices. They are designed to protects businesses against ransomware and other new and existing cyber threats, and prevent data breaches that can put personal and financial data at risk.

Some of these offerings can be installed in a matter of minutes with no cyber security or IT skills required, which is ideal for smaller companies with limited resources and a need to deploy stronger defenses quickly.

Source link

The post #cybersecurity | #hackerspace |<p> Smaller Companies Need to Step Up Their Cyber Security Efforts <p> appeared first on National Cyber Security.

View full post on National Cyber Security

Sonos’s tone-deaf legacy product policy angers customers – Naked Security

Source: National Cyber Security – Produced By Gregory Evans

When you buy a cloud-connected appliance, how long should the vendor support it for with software updates? That’s the question that home audio company Sonos raised this week when it dropped some unwelcome news on its customers.

The company has announced that it will discontinue software updates for older products in May this year (here’s a list of products that it marks as legacy). Stopping software updates for legacy kit is nothing new, but it’s the way the company has done it that has Sonos customers’ hackles up.

Sonos points out that it supports software updates on products for at least five years after it stops selling them. However, the issue here is that all products in a Sonos network must run on the same software, meaning that any newer (‘non-legacy’) equipment connected to the speakers will also stop downloading new software updates. The only way around this for Sonos users is to disconnect their new equipment from their legacy kit and run them independently of each other.

From Sonos’s email to customers:

Please note that because Sonos is a system, all products operate on the same software. If modern products remain connected to legacy products after May, they also will not receive software updates and new features.

This carries service implications for users, because while products will continue working without software updates, it doesn’t mean that they will work as well. Sonos explains that as third-party connected cloud partners change their own services, they may become incompatible with the legacy software.

This isn’t just a product service issue; it’s a cybersecurity problem. Any cloud-connected equipment is potentially vulnerable to attack, and researchers frequently discover new exploits. Ugo Vallauri is co-founder and policy lead of the Restart Project, a European organisation that promotes user repairs of consumer electronics in a bid to cut down on e-waste. He told us:

A big issue is the lack of separation between security updates and software updates. While we can’t expect a product’s software to be improved indefinitely, security updates should be ensured for as long as possible. In this case, Sonos is not even mentioning security updates when suggesting that “legacy” products could continue to be used.

When we asked Sonos about this, it replied:

We take our customer’s security seriously and will work to maintain the existing experience and conduct critical bug fixes where the computing hardware will allow.

So perhaps there’s hope, but there’s no official policy that tells you exactly what to expect in terms of cybersecurity fixes.

Contrast that with computer software companies like Microsoft. It also ceases support for its products (a concept known as end of life, or EOL). However, it lets customers know about it years in advance, rather than giving them four months’ notice, as Sonos has done. It offers cybersecurity updates for an extended period and allows customers to buy extended support after that. And EOL Microsoft software connected to the network doesn’t affect software support for non-EOL software.