Friday, 15 December 2017

Skills shortage or skills wastage? Is your business squandering IT talent?

Businesses are under constant pressure to improve operational efficiency. Overheads are continuously scrutinised, with departments tasked with reducing margins year-on-year, and it is the IT department that is under the most pressure to deliver these efficiencies. Digital transformation is hyped as the answer to deliver increased efficiencies, gain competitive advantage and change, for the better, how businesses interact and communicate with customers and employees. But taking a business on a digital transformation journey is a huge undertaking; an undertaking that requires a skilled IT department to be the chief architects, with lofty expectations placed on them by business leaders.


It has been widely reported in the media that Britain is facing a skill shortage in most science, technology, engineering and maths (STEM) job roles. The UK Commission for Employment & Skills research showed that 43 per cent of STEM vacancies are hard to fill due to a shortage of applicants with the required skills and experience.  But perhaps the issue is not only about the lack of a digitally-skilled workforce. A massive challenge for businesses is to not waste the skills of already-stretched IT teams on simple tasks.


The reality is that while IT talent is hard to come by, many IT departments are burdened with handling avoidable IT issues. At present, IT pros spend too much time handling unplanned activities which inhibits their ability to innovate. According to research from 1E, on average, IT workers spend 29 per cent of every day reacting to unplanned incidents. Based on a full-time work schedule of 1,700 hours per year, this equates to more than 14 weeks a year.


While IT staff may spend an unjustifiably long time reacting to unplanned activities, they are also stretched unnecessarily dealing with IT issues that can, in most cases, be foreseen. Issues such as provisioning and deprovisioning employees are becoming one of the most time-consuming tasks for IT professionals, despite the fact the process can be almost entirely automated.


Recent research from OneLogin, which surveyed more than 605 IT decision-makers with influence over their business’s IT security, revealed that this is certainly the case. OneLogin found half (50 per cent) admitted to not using automated provisioning technology to auto-enrol new employees to the plethora of corporate applications relevant to their position. Of course, businesses are using more apps than ever to enable employees to do their job efficiently and collaboratively. This means that enrolling each new member of staff manually can take valuable time away from an already overworked department.


Businesses are relying on the IT department to revoke access from employees who are leaving an organisation. Once again, this is often a manual practice that takes time and effort for IT teams to manually revoke employee access. Nearly all (92 per cent) of respondents to OneLogin’s study admitted to spending up to an hour on manually deprovisioning former employees from every corporate application. This deprovisioning difficulty may explain why more than a quarter (28 per cent) of ex-employee’s corporate accounts remain active for a month or more.


Allowing former employees’ access to the network opens organisations to the threat of these workers being able to access sensitive corporate data. Half (50 per cent) of respondents are not using automated deprovisioning technology to ensure an employee’s access to corporate applications stops the moment they leave. The reality is that the lack of automated tools utilised across businesses to automate simple admin tasks has impacted IT departments, and continues to have a significant impact on corporate security, and indeed the bottom line.


With the average wage of an IT professional in the UK being in excess of £50,000 a year, businesses must look into ways of avoiding skill wastage in the IT department. Investment into the use of automated tools can benefit corporate security, but can also free up IT teams to unlock organisational efficiencies that have the potential to make a company more profitable and more competitive. For instance, automated deprovisioning of employees from applications that have an application programming interface (API) for user management can improve IT efficiency. Most “birthright” applications that are widely used in companies, such as Office365 and G Suite, have these APIs and can make the deprovisioning process simple.


There is a skills gap in the UK which must be addressed by businesses and government alike. But while top IT talent is a rare commodity, retaining and allowing them to do the job they are trained for must be a priority. In order to do this, businesses must give opportunities to IT professionals to learn and innovate, rather than allocating their time to important, yet time-intensive tasks which could be automated. By utilising the full range of talents IT professionals possess, businesses will reap the rewards of improved efficiency, profitability and staff retention.

The post Skills shortage or skills wastage? Is your business squandering IT talent? appeared first on IT SECURITY GURU.

from Skills shortage or skills wastage? Is your business squandering IT talent?

Druva Reveals 2017 AWS Cloud Data Protection Survey

Druva, the global leader in cloud data protection and management, today announced the results of its Druva 2017 AWS Cloud Data Protection Survey, which reveals a disconnect between the perceptions of cloud data protection and its reality. The survey solicited insights from IT professionals across 20 industries, including technology, energy, financial and healthcare, regarding the state of Amazon Web Services (AWS) cloud adoption, enterprise secondary storage, data protection and archiving needs.


According to results, one of the biggest benefits seen from those who have already moved their data to the cloud is cost savings (59 per cent); yet 49 per cent of respondents who are considering a move cite cost as the number one barrier. This paradox is indicative of a larger misconception about the capabilities of cloud technology. Despite rising confidence in durability and availability of company data in AWS, concerns remain around storage and usage costs.


“Although cloud migration has increased significantly in recent years, we still see a disconnect between perceptions of the cloud and its reality,” said Dave Packer, vice president of product and alliance marketing at Druva. “The misconception persists that the cloud is too expensive for storing data, and IT professionals fear rising costs as data grows and duplicates across the enterprise. However, organisations that have already leaned into transitioning to the cloud have realised that by fully embracing vendors providing truly cloud-native technology, both costs and scale can be optimised – and they have greater security and control over their data, regardless of where it resides.”


Key findings of the Druva 2017 AWS Cloud Data Protection Survey include:


  • Heightened adoption of cloud-based data protection. A strong trend is emerging with the majority of respondents (54 per cent) indicating that their organisations are leveraging the cloud for data protection.
  • IT professionals bothered by egress costs. The majority of respondents have a negative stance on egress costs, with 43 per cent calling them a “necessary evil” and 29 per cent deeming them “annoying, unnecessary additional charges.”
  • Strong concern for compounding costs as data grows and expands across multiple sites. Results showed that 59 per cent of respondents were concerned about the growing cost attributed to duplicate and growing data. Additionally, about 62 per cent of respondents expressed concern about the compounding data protection costs that they may incur as a result of having multiple sites.
  • Cost savings as the primary expectation for moving to the cloud. Conversely, about 59 per cent of respondents listed cost savings as the most anticipated benefit of moving to AWS, with simplicity and improved security as the second and third primary drivers.
  • Confidence in ability of the cloud to recover data. Seventy-two per cent of respondents indicated a very strong level of cloud adoption interest based on their higher confidence levels in the ability to recover data from the cloud.


Druva conducted its Druva 2017 AWS Cloud Data Protection Survey in November 2017 to better understand how organisations are utilising the AWS service for secondary storage, data protection and archiving. This year’s survey was completed by over 140 IT professionals from multiple industries around the globe.


Download the Druva 2017 AWS Cloud Data Protection Survey Business Brief and accompanying infographic for the full results.


About Druva

Druva is the global leader in Cloud Data Protection and Management, delivering the industry’s first data management-as-a-service solution that aggregates data from endpoints, servers and cloud applications and leverages the public cloud to offer a single pane of glass to enable data protection, governance and intelligence–dramatically increasing the availability and visibility of business critical information, while reducing the risk, cost and complexity of managing and protecting it.


Druva’s award-winning solutions intelligently collect data, and unify backup, disaster recovery, archival and governance capabilities onto a single, optimised data set. As the industry’s fastest growing data protection provider, Druva is trusted by over 4,000 global organisations, and protects over 40 PB of data. Learn more at and join the conversation at


The post Druva Reveals 2017 AWS Cloud Data Protection Survey appeared first on IT SECURITY GURU.

from Druva Reveals 2017 AWS Cloud Data Protection Survey

Protecting data against attacks – cyber and otherwise.

Passwords are continuously being stolen and sold on the Internet for profit. This is leading to larger and more dangerous attacks, with a range of high-profile companies suffering from data breaches.

Experts have estimated that over 300 billion username and password combinations will be at risk of being hacked, stolen and sold on the dark web by 2020. LinkedIn, for example, have reported that over 117 million email and password combinations were stolen and sold on the dark web between 2012 and 2016. Similarly, Yahoo reported that over 1 billion passwords had been stolen since 2013. These companies are not alone, as data breaches have also been reported by other Internet giants, including Dailymotion, Tumblr and Dropbox.

The widespread recognition of the value and growth of Big Data has led to corporate data becoming more valuable to hackers as well as companies that hold it. IT administrators must continue to look for methods to protect their organisations from an increased threat to their data, particularly with a spotlight on how companies plan to secure their customers’ data long-term and increasing pressure from the fast-approaching GDPR set to come in next year.

The ‘CIA’ approach – Confidentiality, Integrity, Availability – is regarded as paramount in data security. Of these, perhaps the most important component is ‘Availability’. The key to ensuring data protection is the ability for the right people to have access to the right data at all times. Availability also means all hardware must be constantly maintained and updated as and when needed. Denial-of-service or Distributed-Denial-of-Service (DDoS) attacks are becoming more frequent, requiring a sufficient level of availability to counter them.

Unfortunately, these sorts of measures are becoming increasingly necessary because the sources of intrusions have multiplied. Antivirus software is created to detect and defend from older viruses, but is ineffective against new virus software. As a result, it is becoming more difficult to protect software from newer intrusions.

Because we can no longer rely solely on computers, businesses and individuals must become more proactive in defending from viruses to protect themselves from cyber-attacks. Faults and configuration errors in terminals or applications could result in a loss of confidential data, and a network administrator must be able to intervene before the firewall breaks down.

Individuals and businesses must become increasingly aware of the cyber-risks and security data in the growing trend of BYOD (Bring Your Own Device). 71% of employees use personal devices for professional purposes, according to the Observatory of HR and e-transformation. An increase in demand for employee and consumer mobility and availability has led to companies allowing access to personal devices in or for work.  Potential cyber security risks that have been allowed access to a larger IT network include laptops, smartphones, USBs and external hard drives. Users are often unaware of the dangers their personal devices could inflict on the network, and it is therefore essential to have solutions capable of automatically detecting the connection of any new device to the company network.

Nevertheless, there are also ‘physical’ risks to data. Data centres are at risk from fire, flooding and overheating, which an antivirus would not be able to detect or prevent. Therefore, to protect data there must also be sensors to detect movement, humidity and heat to alert people of potential dangers. Human surveillance must also be part of a company’s policy to protect data, as the effects could be just as devastating.

There are ways to continue to guard against these constant physical and cyber-threats, but we must remain vigilant. Administrators must have access to an overview of the network to effectively supervise it. An effective IT monitoring solution will require an amalgamation of multiple key indicators and security tools in one, simple, customised dashboard. The administrator will then have an overview of existing and newly connected devices on the network, which will help to detect abnormal activity or intrusion from outside influences, both cyber and physical.

Detection will include from peak of affluence, sudden loss of the entire memory and suspicious activity in email traffic. An administrator will be able to anticipate any other possible malicious intrusions, ensuring optimal data activity is upheld at all times. A network monitoring tool effectively provides a panoramic view of the IT infrastructure. An administrator will ultimately be prepared for an attack on the system, rather than trying to defend against a data breach.

The post Protecting data against attacks – cyber and otherwise. appeared first on IT SECURITY GURU.

from Protecting data against attacks – cyber and otherwise.

Thursday, 14 December 2017

Attackers turn sights on healthcare websites

Healthcare IT specialists take note: Websites in this critical market became the most highly attacked of all sectors in third-quarter 2017, registering 1,526 incidents per day on average. That’s nearly a third higher than the next favorite target, finance, which averaged 1,014 incidents per day, while technology takes the third spot with 660. Those are among the topline findings in the Q3 2017 web application attack report from Positive Technologies, a leading global provider of enterprise security solutions for vulnerability and compliance management, incident and threat analysis, and application protection.


Interestingly, Local File Inclusion accounted for a high percentage of attacks in this sector: 33.3%, far above the average seen across all sectors (10%). This technique is often used by hackers to hijack web applications and host malicious files on trusted websites with the specific goal of spreading malware. A similar attack was used in October to distribute Bad Rabbit ransomware through a fake Flash Player download from media sites.


Positive Technologies’ research analysts believe the attackers are determined to abuse the trusted status of healthcare websites, which has a domino effect—the types of vulnerabilities exploited often lead to malicious files being placed on visitors’ machines, which can then lead to data theft or worse. Analysts also found that it took three days on average to begin exploiting a vulnerability after publication, but there are certainly exceptions.  For example, after the details of the Optionsbleed vulnerability in Apache web servers were revealed, it took only three hours for first exploit attempts to begin.


The most widespread attack in Q3 was SQL Injection (25.5 percent), which allows a successful intruder to obtain unauthorized access to sensitive information or execute OS commands. Cross-Site Scripting came in second (22.7 percent) and these two methods accounted for almost half of all attacks against web applications monitored in this period. In addition to the focus on healthcare, the percentage of Local File Inclusion attempts increased across the board to 10 percent. Compared to the previous quarter, the number of high-severity attacks – such as Remote Code Execution and OS Commanding (8.2 percent) – also doubled. These tactics give an intruder the chance to obtain full control over a server with a web application.


The report also shows that web applications, on average, were hit by 500-700 attacks per day, and only rarely dipped below 200. The data also shows that hackers did their best to leverage opportunities that offered greater benefits. For example, they launched attacks not only on workdays but also on weekends. The maximum number of attacks per day reached a high of 4,321, with attack intensity rising in both daytime and evening hours.

The post Attackers turn sights on healthcare websites appeared first on IT SECURITY GURU.

from Attackers turn sights on healthcare websites

Increased cyber security investment will be needed to address a number of critical challenges in 2018, warns BOHH Labs

According to the latest research from Gartner, spending on information security services will reach $93 billion in 2018, an increase of eight per cent from 2017. Cybersecurity expert Simon Bain from BOHH Labs suggests that this increased investment will be required to address a number of critical challenges in the year ahead. This includes rising website attacks, chatbot technology threats and the need for greater cyber security awareness at board-level.


Bain discusses: “Addressing ongoing cyber security threats represents a challenge for any organization both practically and financially, and 2018 will unfortunately be no different. Looking ahead, there will be several notable issues that firms will need to strongly prepare for:


Company website attacks

“One of the type of attacks that we will see gain more traction in 2018 is the website attack. With the growing use of online services (checking accounts, merchant accounts and Point-of-Sale (POS) systems, etc. now going through the web) the risk of attacks is large and has the potential to affect any institution using these services, as it opens access to institutions’ backend databases, document stores and applications all within easy reach.


“This type of attack is very hard to find, but it is incredibly easy for attackers to undertake. Because an attacker can gain access to the website via high jacking a user’s request, and then by simply making a small change to the code to redirect payment information their way while not stopping the  correct path of the request, it makes it easy for attackers to get access to critical data without alerting any red flags.


“Critically, the website is no longer just a marketing tool. It has become a business tool, and as such, it now needs to be properly protected from attacks and placed inside a firewall, and preferably completely encrypted, so that attackers are unable to change, manipulate and delete code to their advantage.


Growth and adoption of chatbot technology

“The growth in the business use of chatbots will continue to increase based on their interactive nature and their capabilities to complement existing call centre activities by taking away mundane tasks. However, with their interactive capabilities and the ability to use location services to reserve a table in your proximity and even order an item such as a coffee, it is becomingly increasingly important that all chatbot transports are secure. Similar to website data breaches, should intrusion attacks penetrate the chatbots, user trust will be lost as well as the possible loss of confidential data.


Cyber security awareness at a senior level

“We all know security breaches are a big deal, so why aren’t more board of directors versed in the area? As the oversight of an organisation’s value and growth, it’s critical for security to become a business priority and an integral part of their organisations’ daily operations. This means a companies’ cybersecurity activities must hold as much weight in decision-making in the same way as they do in the financial ones. As such, in 2018, we will see NASDAQ advise more security experts to join companies’ boards, so they can help companies navigate to better long-term performance and success.”


Bain concludes: “In addition to those noted above, other points of interest to impact the security landscape in 2018 will be the continued rise of blockchain technology, particularly its influence amongst financial services, the proliferation of IoT attacks, as well as the impending arrival of GDPR. Much like 2017, the year ahead will be challenging and it’s imperative that organisations make the right preparations by investing their security budgets wisely, to protect their businesses.”

The post Increased cyber security investment will be needed to address a number of critical challenges in 2018, warns BOHH Labs appeared first on IT SECURITY GURU.

from Increased cyber security investment will be needed to address a number of critical challenges in 2018, warns BOHH Labs

Half of IT professionals question the safety of their personal data, Kaspersky Lab research finds

IT decision makers across Europe are worried about how many organisations can access their personal data and have low levels of trust in the IT security capabilities of their industry peers.. These are key findings from Kaspersky Lab’s study, “From overwhelmed to empowered, the IT department’s journey towards good data health”, which reveals that only half (55 per cent) of IT professionals have faith that other organisations are looking after their personal data properly. This shows an alarmingly low level of trust from a security savvy audience, at a time when personal data protection is coming under increased scrutiny.

With the General Data Protection Regulation (GDPR) becoming enforceable in around six months (in May 2018), Kaspersky Lab undertook the study to find out more about the pressures IT decision makers are under to get data protection right, and their abilities to do so.

The Europe-wide survey of technology professionals uncovered strong personal feelings about data protection that raise question marks over how organisations commonly deal with the personal data in their care. Despite a large majority of respondents (73 per cent) saying that the security of their private data is important, two-thirds (64 per cent) are worried about how many organisations have access to their personal information. Even more (67 per cent) are concerned about their personal information being hacked into.

IT decision makers are more likely to be aware of the dangers to personal data, because they see how it is being treated on a day-to-day basis – giving significant weight to any concerns they might have. The research found that one-in-three (32 per cent) are not confident that their own organisation can successfully demonstrate how, and from where, the personal data it holds is sourced – which could have severe consequences under the terms of the GDPR. This lack of faith in good data governance also makes IT decision makers worried about the fate of their own data, in the hands of other organisations, and harbours fears around loss or hacking.

Despite this, some parts of Europe show higher levels of trust and confidence among IT professionals than others. For example, three-quarters (76 per cent) of IT decision makers in France trust organisations to protect their data. This is compared to 56 per cent in the UK and just 48 per cent in Germany.

“Given they deal with the challenges of data security as part of their daily role, it is perhaps no surprise that IT professionals feel strongly about personal data protection. They see threats from all directions and are acutely aware of the repercussions of a security breach,” commented Adam Maskatiya, general manager at Kaspersky Lab UK.

“However, it is concerning to see that their experiences have led to them losing faith in organisations and their peers. This clearly indicates that there is a long way to go before businesses are actually treating the data in their care with the respect it deserves – and before the GDPR deadline hits.”

The study questioned over 2,000 IT decision makers in organisations with more than 50 employees. The research was conducted in the UK, France, Germany, Italy, Spain, Belgium, Netherlands, Portugal, Sweden, Denmark and Norway.

The post Half of IT professionals question the safety of their personal data, Kaspersky Lab research finds appeared first on IT SECURITY GURU.

from Half of IT professionals question the safety of their personal data, Kaspersky Lab research finds

Wednesday, 13 December 2017

Lastline Announces Threat Intelligence Team

Malware protection company Lastline has announced the creation of the Lastline Threat Intelligence Team, comprised of cybersecurity experts who will be focused on analyzing and reporting on cyberattacks. The team will deliver unprecedented and timely analysis of new malware-based attacks, and trend reports and insights based on the company’s expansive data on prior attacks and detailed malware behaviors.

“Cybercriminals continually reinvent their attacks, making timely detection and analysis essential to effective protection against network breaches,” commented Lastline CEO and Co-founder, Chris Kruegel. “By creating this new team, we will unlock the patterns, trends and insights in our compilation of every attack and piece of malware detected and analyzed by our customers and partners, and speed the dissemination of specific behaviors engineered into a new piece of malware so enterprises can quickly bolster defenses and protect their networks, intellectual property, employees, and customers.”

The team will consist of seasoned professionals with deep expertise in security and malware-based threats. While the team will grow over time, the initial members are:

Dr. Stefano Ortolani – Dr. Ortolani joined Lastline in January 2015 as a security researcher in the Data Analytics team, and is now director of threat intelligence. Prior to Lastline, he was at Kaspersky Lab, where he fostered operational engagements with CERTs, governments, universities, and law enforcement agencies, as well as conducted research of the global threat landscape and led the development of incident response for key enterprise accounts. Dr. Ortolani earned his Ph.D. in Computer Science from the VU University Amsterdam.

Andy Norton – For over 20 years prior to recently joining Lastline’s Threat Intelligence team, Mr. Norton helped to create emerging security technologies at Symantec, Cisco and FireEye. As part of his role, he researched cyberthreats and presented intelligence briefings for the Bush and Obama administrations, the UK Cabinet Office, the UK Foreign and Commonwealth Office, SWIFT, the Bank of England, The Hong Kong Monetary Authority, and NASA. He also has guided FTSE 250 companies’ strategies for measuring, managing and responding to cyber incidents.

Lastline Breach Defender™, the company’s flagship product, provides a dynamic blueprint of a breach as it unfolds across a network, informed by unprecedented understanding of malware behaviors captured in the Lastline Threat Intelligence Network. The new Threat Intelligence Team’s research and investigations will further inform the context of a breach, and their mining of the Threat Intelligence Network will yield previously unrecognized malware trends and threat insights.

The post Lastline Announces Threat Intelligence Team appeared first on IT SECURITY GURU.

from Lastline Announces Threat Intelligence Team

WatchGuard Uncovers Surge in Script-based Attacks Amid Spike in Overall Malware Volume

WatchGuard’s latest quarterly Internet Security Report, which explores the  computer and network security threats affecting small to midsize businesses (SMBs) and distributed enterprises, has revealed massive increases in scripting attacks and overall malware attempts against midsize companies throughout Q3 2017.

Scripting threats, includimg JavaScript and Visual Basic Script attacks, accounted for 68 percent of all malware during Q3, while total malware instances spiked by 81 percent this quarter over last, with more than 19 million variants blocked in Q3. The findings reinforce expectations of continued growth of new malware and various attack techniques in the coming months, further emphasising the importance of layered security and advanced threat prevention.

“Threat actors are constantly adjusting their techniques, always looking for new ways of exploiting vulnerabilities to steal valuable data,” said Corey Nachreiner, chief technology officer at WatchGuard Technologies. “This quarter, we found that script-based attacks – like the fake Python library packages discovered in September – appeared 20 times more than in Q2, while overall malware attacks shot through the roof. Staying vigilant regarding these developments is half the battle. Every business can better protect themselves and their stakeholders by employing multiple layers of protection, enabling advanced security services and monitoring network logs for traffic related to the top threats mentioned in this report.”


WatchGuard’s Internet Security Report examines the modern threat landscape and delivers key data, educational guidance and in-depth research to help readers understand the latest attack trends and update their defences. Other findings from the Q3 2017 report include:


  • Cross-site Scripting (XSS) attacks plague web browsers, spreading internationally. XSS attacks, which allow cyber criminals to inject malicious script into victims’ sites, continue to grow at a measured pace. Previous reports detailed XSS attacks against Spain alone, but in Q3, XSS attacks broadly affected every country.


  • Legacy antivirus (AV) only missed 24 percent of new malware. Over the past three quarters, signature-based AV has missed malware at increasing rates, peaking at almost 47 percent in Q2. But this quarter was a marked improvement with only 23.77 percent of new or zero day malware able to circumvent AV. While this data is encouraging, behavioral detection solutions are still the most effective way to block advance persistent threats.


  • Suspicious HTML iframes surface everywhere. Attackers are continuing to evolve how they leverage the HTML iframe tag to force unsuspecting victims to suspicious and often malicious sites. While potentially malicious iframes showed up everywhere, including the U.S. and Canada, their numbers jumped significantly in both the UK and Germany.


  • Authentication is still a big target. Though not as prevalent as in Q2, attacks targeting authentication and credentials such as Mimikatz, returned in a big way this quarter. Aside from Mimikatz, brute force web login attempts were also highly visible, proving that attackers are continuing to target the weakest link – credentials.


WatchGuard’s Internet Security Report is based on anonymised Firebox Feed data from nearly 30,000 active WatchGuard UTM appliances worldwide, which blocked more than 19 million malware variants and 1.6 million network attacks in Q3. The complete report includes defensive strategies for responding to the latest attack trends, based on analysis of the quarter’s top malware and network threats. The report also examines the growing trend of supply chain attacks by evaluating the most notable instances from Q3 – NetSarang, Ccleaner and fake Python packages.


WatchGuard Threat Lab’s latest research project – a detailed analysis on Q3 phishing trends – is highlighted in the report as well. This project features email spam and malware data captured by the team’s “Artemis” honeynet, which is now publicly available on GitHub for download and use.

The post WatchGuard Uncovers Surge in Script-based Attacks Amid Spike in Overall Malware Volume appeared first on IT SECURITY GURU.

from WatchGuard Uncovers Surge in Script-based Attacks Amid Spike in Overall Malware Volume

CyberArk Survey: 50 Percent of Organisations Did Not Disclose Data Breaches to Customers

According to a new CyberArk survey, half of organisations (50 percent) did not fully inform customers when their personal data was compromised in a cyber attack. With enforcement of the General Data Protection Regulation (GDPR) anticipated for May 2018, organisations that do not take action to improve transparency associated with breaches will face substantial consequences.


The findings are included in the second installment of the CyberArk Global Advanced Threat Landscape Report 2018.  This report, “The Business View of Security: Examining the Alignment Gap and Dangerous Disconnects,” reviews business leaders’ views of IT security and misalignment with IT security leaders that can put organisations, and their customers, at risk.

Additional key findings include:

  • Security concern does not translate into accountability 
    • 46 percent of security respondents say their organisation can’t stop every attempt to break into their internal network
    • 63 percent of business respondents are concerned that their organisation is susceptible to attacks, like phishing, targeting the executive team
    • Despite this high level of concern, 49 percent of business respondents report not having sufficient knowledge about security policies, and 52 percent do not understand their specific role in response to a cyber attack
    • Worryingly, 33 percent of security professionals surveyed also claimed not to have adequate knowledge of – presumably their own – security policies


  • Gaps in security best practices persist
    • 42 percent of line of business respondents say they store passwords in a document on a company PC or laptop
    • 21 percent of line of business respondents still record credentials in paper notebooks or store them in filing cabinets
    • 31 percent of security professionals surveyed still do not use a privileged account security solution to store and manage privileged and/or administrative passwords
  • Trust in security is at the core of commercial relationships
    • Similarly, 44 percent of business respondents say potential partners assess their organisation’s security before doing business with them
    • 51 percent of organisations provide third-party vendors remote access to their networks and, of this group, 23 percent fail to monitor remote vendor activity


“Unfortunately, it’s not uncommon for organisations to want to hide the extent of damage caused by cyber attacks. As we’ve seen in data breaches at Yahoo!, Uber and more, these organisations are either intentionally hiding initial details, or the attacks were more extensive than first thought,” said David Higgins, Director of Customer Development, EMEA at CyberArk. “This sort of behaviour will have massive consequences in the coming year with enforcement of GDPR fines for lack of compliance. What’s also surprising about this survey is the persistence of rampant poor security best practices and lack of consistency across line of business and IT security leaders – despite strong awareness of risks and continued headline-generating cyber attacks.”


The 11th Annual CyberArk Global Advanced Threat Landscape Report 2018 will be released in three parts. The first installment was a “Focus on DevOps.” These findings are from part two, focusing on business leaders’ view of IT security. The survey was conducted by Vanson Bourne in autumn 2017 amongst more than 1,300 IT security decision-makers, DevOps and app developer professionals and line of business owners, across seven countries worldwide.

The post CyberArk Survey: 50 Percent of Organisations Did Not Disclose Data Breaches to Customers appeared first on IT SECURITY GURU.

from CyberArk Survey: 50 Percent of Organisations Did Not Disclose Data Breaches to Customers

Threat Intelligence: Music or Noise?

During my college days, I played guitar in a band and it was rarely easy. Practicing in my bedroom so that I could learn how to play the song correctly was difficult, but with time I sounded pretty good. However, delivering that same song in a harmonious way when playing with the entire band was another story. We had to adjust a lot in order to create the perfect sound, and so we spent a lot of time disagreeing on details. Fortunately, we had a strong band leader who was able to make decisions and define a clear direction.


There are a lot of similarities between threat intelligence and the music world. Threat intelligence is made up of multiple, aggregated threat data points (music notes) turned into relevant intelligence for your organisation (your own music track). This music track should represent your own way of building and consuming threat intelligence in order to combat the threats that matter most to your organisation in a holistic and synchronised way. Each organisation should play its own music track and nobody can write it for you. It has to come from your own internal artists, even if they are inspired by others most of the time.


The main challenge today in creating this music track stems from the fact that your musicians are organised in silos (the CSIRT, SOC, Risk Management, Vulnerability Management, Endpoint, Perimeter team, etc.). Each of these teams plays a different instrument which is supposed to add beauty to your music, but they all gather their music sheets from their own sources in various formats and rhythms and start playing without considering the band.


At the end of the day, you get noise and inefficiency.


Threat Intelligence Platform is designed to aggregate the music notes coming from all available sources (external inspiration and internal touch), ingest all possible music sheets from any format and rhythm, and then turn these raw notes into one unique music track to be played by the entire band with your own arrangements. This music track evolves in real time as relevant threats are a moving target modified daily by your own threat detection and feedback. The Threat Intelligence Platform also ensures that all musicians receive in the real time the specific music sheet they need for their instrument (SIEM, IR Ticketing, Web Proxy, EDR, etc.). Much like our band leader did for our band back in college, with a threat intelligence platform your band can play harmonious music, efficiently.


The post Threat Intelligence: Music or Noise? appeared first on IT SECURITY GURU.

from Threat Intelligence: Music or Noise?

Tuesday, 12 December 2017

HP quick to issue updates following keylogger flaw

HP HAS has released updates for their products which removes a keylogger that was accidentally left in place within the driver for the touchpad.

View Full Story


The post HP quick to issue updates following keylogger flaw appeared first on IT SECURITY GURU.

from HP quick to issue updates following keylogger flaw

Impersonation attacks feared more than malware attacks

According to the latest stats from Mimecast’s recent Email Security Risk Assessment (ESRA) Report, many organisations fear impersonation attacks more than malware attacks.

View Full Story


The post Impersonation attacks feared more than malware attacks appeared first on IT SECURITY GURU.

from Impersonation attacks feared more than malware attacks

Russian cyber group linked to $10m robbery

MoneyTaker, a Russian-speaking hacking group has reportedly stolen $10m from global banking targets around the world during a two-year span.

View Full Story


The post Russian cyber group linked to $10m robbery appeared first on IT SECURITY GURU.

from Russian cyber group linked to $10m robbery

1.4 billion exposed after database of usernames and passwords found on Dark Web

It has been discovered by security researchers that a database containing 1.4 billion user names and passwords is floating on the Dark Web.

View Full Story


The post 1.4 billion exposed after database of usernames and passwords found on Dark Web appeared first on IT SECURITY GURU.

from 1.4 billion exposed after database of usernames and passwords found on Dark Web

Security Professionals say nothing has changed since WannaCry and NotPetya

Given the severe devastation WannaCry and NotPetya caused to organisations around the world, you would have thought investment and interest into beefing up defences would have increased? Well not according to the latest research by AlienVault.

Having surveyed 233 IT professionals globally about how their roles have changed following these high-profile attacks, just 16% of IT security professionals believe that their bosses and company boards have taken a greater interest in their roles as a result of the WannaCry and NotPetya cyber-attacks of 2017

It was also found that 14% have had their budgets for cyber security increased, and only a fifth (20%) have been able to implement changes or projects that were previously put on hold.

The findings follow a separate research report from PwC which found that UK businesses have cut their cyber security budgets by a third, compared to the same point last year.

Javvad Malik, security advocate at AlienVault, explained: “WannaCry and NotPetya are generally believed to have marked a turning point in cyber awareness, but the reality on the ground paints a different picture. Destructive malware poses existential threats to companies across all industries and can no longer be ignored. To improve our cyber resilience, corporate strategy needs to be developed that covers how to plan for, detect, mitigate and recover from such destructive attacks.”

Increased workloads

Worryingly, 13% of IT professionals whose organizations were affected by WannaCry or NotPetya felt that they were blamed for their organizations falling victim. As a result, many IT teams have worked hard to strengthen their organization’s cyber security in the wake of these attacks. Two-thirds (66%) are more up-to-date with patching than they were previously, and half (50%) say that they are now using threat intelligence more regularly, to stay ahead of emerging threats. In addition, 58% carried out a review of their organization’s cyber security posture following the attacks.

Javvad Malik continued, “Working life has become much more difficult for many IT professionals in the wake of these attacks. But the preventative measures that many are engaged in, such as patching and security reviews, points towards a panicked reaction from management tiers. Given the unpredictable nature of today’s security environment, organizations should focus their efforts on detection and response.”

Changing perceptions

The research also explored whether IT professionals have noticed any changes in the way others treat them, following the high volumes of media attention around WannaCry and NotPetya. Almost a quarter (23%) reported that their family and friends are more interested now in hearing about their work. In addition, 28% believe that most people in their organizations listen to their IT advice more than they did before.

However, despite the widely reported IT security skills shortage, just 10% of those surveyed have experienced an increase in job offers, or managed to negotiate a pay increase, following the attacks.

Javvad Malik continued, “The IT security profession remains a very tough place to work, where resilience is the key to success – particularly if you are blamed in the event of your company suffering a security incident.”

The post Security Professionals say nothing has changed since WannaCry and NotPetya appeared first on IT SECURITY GURU.

from Security Professionals say nothing has changed since WannaCry and NotPetya

New Report from CA Veracode Reveals Business Leaders Only Address Cybersecurity Under Duress

Veracode, Inc., a leader in securing the world’s software, and acquired by CA Technologies (NASDAQ:CA), today released new research revealing the widening gap between software creation and software security, with the rush to innovate outpacing the urgency to secure the process.

The “Securing the Digital Economy” report highlights how investment in software and digital transformation is rapidly accelerating, with around one in five business leaders indicating that their software budget had increased 50 percent or more over the past three years to support digital transformation projects. However, the increased software development investment has not translated to greater security budgets or awareness of the security risks insecure software introduces: only 50 percent of business leaders surveyed understand the risk that vulnerable software poses to their business.

The report indicates that 25 percent of all business leaders surveyed in Britain and US report that they do not understand any of these common cybersecurity threats:

  • Vulnerable software
  • Ransomware
  • Vulnerable open source components
  • Phishing attacks
  • Malicious employee activity
  • DDoS attacks


Business Leaders Not Aware of High-Profile Cyberattacks

The lack of understanding around cyber risk may be attributed in part to a lack of awareness of successful cyberattacks and their causes. Because business leaders are unaware of either the breaches themselves or the underlying causes, they are not compelled to learn about or defend against similar threats their company could face. For example:


  • Despite being highly publicised and causing several high-level executives to lose their jobs and the ex-CEO being forced to testify to Congress, only five percent of all business leaders surveyed indicated the Equifax breach prompted them to rethink their current business’s approach to cybersecurity security;


  • Only one-third of business leaders surveyed had heard of the global WannaCry ransomware attack, although awareness was greater among British business leaders at 40 percent. Just one in 10 reported it led them to rethink their approach to cybersecurity;


  • Fifteen percent of business leaders surveyed in Britain and 19 percent of German business leaders had not heard of any of the high-profile cyberattacks listed in the survey (full list can be found in this chart); while just under half of all US, GB and German respondents reported cyberattacks have not led their current business to rethink or update their cybersecurity approach.


We are seeing some shift in awareness, of the 33 percent who indicated that a cyberattack on another company had led their business to rethink its approach to cybersecurity, many have either taken steps to improve their software security or plan to over the next 12 months.

More than one-third (34 percent) have or will over the next 12 months start scanning or already more regularly scan for vulnerabilities in software; while one-fifth either have or will set security thresholds for software built by third-party providers and for all commercial out-of-the-box applications (22 percent and 20 percent, respectively).

While there may be some shift in awareness, not all business leaders have woken up to the risks of the evolving cyber threat landscape. One-third of business leaders surveyed revealed that they plan to take no new steps to improve their organisations’ overall cybersecurity in the next 12 months.

Chris Wysopal, CTO, CA Veracode commented: “Digital transformation presents both massive opportunity to innovate and significant security risks, with 77 percent of applications having at least one vulnerability when first scanned, which could be exploited to inject ransomware or steal data.

Many business leaders have yet to fully grasp the most common cyber threats to their business, nor are they keeping up with some of the most catastrophic cyber events of our time. We need to bridge this disconnect between business leaders and the cybersecurity threat: without greater awareness of the threats and what is needed to defend against them, their company could easily be the next headline.”

Executives Will Act When You Talk About the Personal Risk

While high profile breaches do not in themselves prompt great change in behaviour, when confronted with the possibility of personal accountability in the event of a breach, executives are more likely to take action. More than a third of the business leaders surveyed said the personal risk to executives outstripped compliance as a driver for board members.

Articulating the potential brand damage for senior executives from a data breach and the risk to their job security was recommended by 38 percent and 35 percent of business leaders surveyed, respectively, as a way to engage a board on cybersecurity, compared to just 29 percent who suggested that highlighting the potential fines of data protection regulations, like GDPR.

The post New Report from CA Veracode Reveals Business Leaders Only Address Cybersecurity Under Duress appeared first on IT SECURITY GURU.

from New Report from CA Veracode Reveals Business Leaders Only Address Cybersecurity Under Duress

Synopsys Completes Acquisition of Black Duck Software

Software development is undergoing sweeping and rapid change, including the increasing use of open source software (OSS), which makes up 60% or more of the code in today’s applications. While the use of open source code lowers development costs and speeds time to market, it has been accompanied by significant security and license-compliance challenges, because most organisations lack visibility into the OSS in use. Black Duck’s industry-leading products automate the process of identifying and inventorying the open source code, detecting known security vulnerabilities and license compliance issues. It also provides automated alerts for any newly discovered vulnerabilities affecting the open source code.

The value of the cash transaction was approximately $547 million net of cash acquired.

The post Synopsys Completes Acquisition of Black Duck Software appeared first on IT SECURITY GURU.

from Synopsys Completes Acquisition of Black Duck Software

Shinhan Bank secures and simplifies mobile banking service with Trustonic

Shinhan Bank has worked with Trustonic and ATsolutions to integrate and secure its one-time password (OTP) service into the domestic S-Bank mobile banking application and a global S-Bank solution for Vietnam, with more deployments to follow. This new solution delivers a simpler, faster and safer user experience.

“We are known for innovation and want to provide our customers with secure and convenient services.” comments Kil-Woo Kim, Team Manager of the Digital Channel Division at Shinhan Bank. “For many years, consumers have needed to carry separate tokens to authenticate money transfers. In today’s digital world, this impacts the user experience and is expensive for banks to implement. With Trustonic and ATsolutions, we have been able to integrate this functionality in a secure way, enabling our customers to manage their money whenever and wherever they need to.”

The Trustonic Application Protection (TAP) solution safeguards the app’s OTP engines on any smartphone, including its secret cryptographic keys. The OTP is generated by simply clicking a button in the application when authenticating a money transfer.

“This has been a special collaboration, as we have improved the user experience while maintaining security.” says Ben Cade, CEO at Trustonic. “Consumers expect to be able to manage their lives on their smartphones and it is up to us as technologists to make that happen in a secure, scalable and user-friendly way. TAP’s ability to achieve these goals is driving huge demand from financial institutions.”

Jong Seo Kim, CEO of ATsolutions, adds: “This contract was won because of our joint work with Trustonic. By securing our OTP platform with Trustonic’s technology, we delivered a unique solution to market. It is this dedication to meeting the needs of our customers that has realised Shinhan Bank’s vision of seamless user authentication. Delivering increased security to our partners while simultaneously enhancing the user experience is a significant and rare achievement and we look forward to working with Shinhan Bank and Trustonic on further projects soon.”

The post Shinhan Bank secures and simplifies mobile banking service with Trustonic appeared first on IT SECURITY GURU.

from Shinhan Bank secures and simplifies mobile banking service with Trustonic

Monday, 11 December 2017

Corporate Cyber Insurance Will Fuel Ransomware Growth in 2018 says WatchGuard

While the increasing number of publicly disclosed breaches and successful ransomware incidents are driving growth in cyber insurance, there is a risk that this will encourage criminals to target companies with extortion insurance to demand increased payments, believes researchers at WatchGuard Technologies.

In countries that require mandatory breach disclosure, cyber insurance helps cover the costs and sometimes the lawsuits that result from these breaches. But more recently, insurers have promoted optional extortion insurance packages that cover the costs of ransomware and other cyber extortion payments.

“We find it concerning that insurers sometimes pay ransoms to recover their customers’ data,” says Corey Nachreiner, CTO at WatchGuard Technologies. “While we understand the business decision, insurers currently have no long-term actuarial data for cyber incidents and ransomware. It is possible that paying ransoms will encourage this criminal business model and increase the number of incidents insurers have to handle or the cost of ransoms.”

As most studies show that at least one-third of ransomware victims already pay, smart ransomware authors will target insurers to identify organisations with extortion insurance, and then attack them directly.

“We expect SMBs to continue to adopt extortion insurance in 2018 but cyber insurance should not replace security controls and best practices,” says Nachreiner. “We predict that insurance providers will start to implement guidelines that require companies to have strong security controls in place as a prerequisite. When combined with other layers of security, cyber insurance is a great addition to your cyber security strategy.”

See the WatchGuard predictions videos at:

The post Corporate Cyber Insurance Will Fuel Ransomware Growth in 2018 says WatchGuard appeared first on IT SECURITY GURU.

from Corporate Cyber Insurance Will Fuel Ransomware Growth in 2018 says WatchGuard

India Tells Troops to Delete Chinese Apps Amidst Hacking Fear

The Indian defence ministry has advised troop stationed on the Chinese border to delete Chinese apps from their phone, amidst hacking fears.

Read Full Story 

ORIGINAL SOURCE: Bleeping Computer

The post India Tells Troops to Delete Chinese Apps Amidst Hacking Fear appeared first on IT SECURITY GURU.

from India Tells Troops to Delete Chinese Apps Amidst Hacking Fear

StrongPity2 Replaces FinFisher

A new spyware, dubbed StrongPity2, has replaced FinFisher, according to ESET researcher Tomas Kafka.

Read Full Story 


The post StrongPity2 Replaces FinFisher appeared first on IT SECURITY GURU.

from StrongPity2 Replaces FinFisher

GCHQ finds Critical Bugs in Microsoft

GCHQ have discovered 2 critical window’s bugs which could allow hackers to hack PCs running Windows 10.

View Full Story 


The post GCHQ finds Critical Bugs in Microsoft appeared first on IT SECURITY GURU.

from GCHQ finds Critical Bugs in Microsoft

Top Firms not Hiring Enough Women

There is a well known gender crisis in the cybersecurity industry- with men holding 87% of CISO jobs in Fortune 500 companies.

Read Full Story 


The post Top Firms not Hiring Enough Women appeared first on IT SECURITY GURU.

from Top Firms not Hiring Enough Women

Perth Airport Hacked

A hacker has managed to break into Perth International Airports computer system and has stolen a significant amount of valuable, sensitive data.

View Full Story 


The post Perth Airport Hacked appeared first on IT SECURITY GURU.

from Perth Airport Hacked

Friday, 8 December 2017

Get your license expiration date from the command line

This is from one of our customers that uses Nagios to track license expirations:

keytool -list -v -keystore /opt/WiKID/private/intCAKeys.p12 -storetype pkcs12 -storepass *******|grep "Valid from" |cut -d":" -f 5-7

Where your passphrase replaces the asterisks.  The first date returned is your expiration date.


from Get your license expiration date from the command line

Thursday, 7 December 2017

Millions of Brit’s Unaware their Details have been Hacked

Millions of British victims are unaware that their personal details have been stolen.

Read Full Story 


The post Millions of Brit’s Unaware their Details have been Hacked appeared first on IT SECURITY GURU.

from Millions of Brit’s Unaware their Details have been Hacked

Cybersecurity must Become International Effort

Chris Painter, former (and first) cyber coordinator  for the US State Department spoke at this week’s Black Hat Europe- “How many people think we’re better off today than seventeen years ago?”

Read Full Story 


The post Cybersecurity must Become International Effort appeared first on IT SECURITY GURU.

from Cybersecurity must Become International Effort

20,000 Patients Compromised by Henry Ford Data Breach

Henry Ford Health System has announced this week a data breach of systems has resulted in data from 20,000 patients being compromised.

Read Full Story 


The post 20,000 Patients Compromised by Henry Ford Data Breach appeared first on IT SECURITY GURU.

from 20,000 Patients Compromised by Henry Ford Data Breach

Mecklenburg County held to Ransom

Mecklenburg, North Carolina’s more populous metro areas, came to a halt as a cyberattack froze data on dozens of the countys servers. Attackers are asking for $23,000 payment.

Read Full Story 


The post Mecklenburg County held to Ransom appeared first on IT SECURITY GURU.

from Mecklenburg County held to Ransom

Study finds Majority of Retailers Lack Fully Tested Breach Response Plan

Ever wondered how prepared retailers are to deal with a cyber attack?

In an effort to answer that question, Tripwire surveyed IT security professionals working in retail organizations about their experiences and attitudes towards factors affecting IT security. The results found that a large majority are not fully prepared for data breaches. Worrying signs especially with the festive shopping period upon us.

Of the respondents, only 28 percent of respondents said they have a fully tested plan in place in the event of a security breach. Twenty-one percent said their organization doesn’t have a plan at all, and the same proportion of respondents said they didn’t have the means to notify customers of a data breach within 72 hours, a requirement specified by the General Data Protection Regulation (GDPR).

“Considering the amount of high-profile data breaches that have occurred recently, plus the continued discussion around GDPR, it is surprising and concerning that many retailers do not have a tested plan in the event of a security breach,” said Tim Erlin, vice president of product management and strategy at Tripwire. “It’s encouraging that most respondents think they can meet the 72-hour notification window as set out in the upcoming GDPR, but if they haven’t tested their plans, I don’t know how confident they should be in that assumption.”

Only a small minority of the retail industry felt fully secure in their incident response capabilities. Twenty-three percent of respondents said they were “fully prepared” to absorb potential financial penalties. Even fewer professionals (15 percent) said they were fully prepared to manage customer and press communications following an incident.

Not all the survey’s findings were discouraging, however. The results did provide some hope that the industry is moving in the right direction. More than half of respondents (57 percent) said that their organization’s ability to detect and respond to a security breach has improved in the past year and a half.

“It’s really critical that organizations have a good view of what’s on their network at all times, that they harden their systems with secure configuration and vulnerability management, and that they are able to continuously monitor for change and are alerted to any drift outside the established security and compliance policies,” said Erlin.

There are a number of effective and established security control frameworks available to guide organizations, such as the CIS Critical Security Controls. Implementing even the most basic security controls can go a long way in improving an organization’s security posture.

The post Study finds Majority of Retailers Lack Fully Tested Breach Response Plan appeared first on IT SECURITY GURU.

from Study finds Majority of Retailers Lack Fully Tested Breach Response Plan

Apple's treatment of 32-bit libraries requires a new WiKID token for iOS 11

Apple announced that it will no longer support 32-bit libraries or apps. We developed our iPhone WiKID token before there even was a 64-bit encryption library available. 

We couldn't just upgrade the iPhone token to 64-bit.  It would have invalidated all the existing keys for iOS tokens.  Instead, we created a new 64-bit compliant iPhone WiKID token.

With iOS 11, it appears that the iPhone token will launch fine (since most of the app is 64-bit), but you cannot successfully open the token because the encryption library won't open.  If you get this error, please have the user remove the app and install the new version

We apologize for the inconvenience. 

from Apple's treatment of 32-bit libraries requires a new WiKID token for iOS 11

Tuesday, 5 December 2017

IRONSCALES Secures $6.5 Million to Automate Email Phishing

Funding led by K1 Investment Management as global demand soars for its machine learning technologies to solve the complex technological, operational and human challenges of phishing attacks. 

IRONSCALES, the world’s first automated phishing prevention, detection and response provider, today announced that it has secured a $6.5 million Series A, led by K1 Investment Management, LLC, with participation from existing investor RDC. On the cusp of its third consecutive year of triple digit revenue growth, IRONSCALES will use the capital investment to accelerate its channel partner program, expand its global sales team and expedite research and development for its machine learning threat detection, incident response and intelligence sharing technologies. IRONSCALES, which was recently featured by Momentum Partners as one of the top 10 cybersecurity companies to watch in Q3 2017, has now raised more than $8 million since 2015.

IRONSCALES enables organizations to mitigate the risk associated with the technological, operational and human challenges inherent to phishing attacks. Its multi-layered and automated approach to prevent, detect and respond to phishing emails combines micro-learning phishing simulation and awareness training (IronSchool), with mailbox-level phishing detection (IronSights), automated incident response (IronTraps) and real-time automated actionable intelligence sharing (Federation) technologies. By providing protection at every stage of an email phishing attack, IRONSCALES’ customers reduce false positives and the time from email phishing attack discovery to enterprise-wide remediation from days, weeks or months to just seconds, with little to no security team involvement.

​​​​​ “IRONSCALES’ unique approach to phishing detection and remediation particularly resonated with the K1 team, and we looking forward to leveraging our previous experience in partnering with growing security companies as the company strengthens its position within a rapidly evolving market,” said Hasan Askari, Managing Partner of K1. “We are excited at the opportunity to be a long-term capital partner for Eyal and the IRONSCALES team.”



More than 90 percent of cybersecurity attacks begin with email phishing due to the escalation of technological, operational and human vulnerabilities. Today, traditional signature-based secure email gateways and filters are easily bypassed by sophisticated spear-phishing, spoofing and business email compromise (BEC) messages. In addition, the success of employee awareness and training programs have proven limited, as the majority of workers lack the time, skills, focus and tools to serve as full-time phishing defenders. And when suspicious emails are identified and reported, security teams and incident responders are frequently ill-equipped to respond as expeditiously as phishing mitigation requires.

With IRONSCALES, organizations reduce technological, operational and human risk through multi-layered anti-phishing machine learning technologies that provide:

  • Smart real-time email scanning with cloud native support (Multi AV, Sandbox, CDR)
  • User behavioral analysis & mailbox segmentation
  • Mailbox level detection & context based in-mail alerts
  • Automated forensics, remediation & orchestration
  • Automated threat intelligence sharing
  • Micro-learning employee awareness training with real-life phishing simulations
  • A report button and 911 mailbox in the Outlook or Google toolbar.

“The overwhelming majority of the world’s most devastating cyberattacks of recent years have begun with email phishing,” said Eyal Benishti, founder and CEO of IRONSCALES. “IRONSCALES multi-layered and automated approach to email phishing mitigation utilizes machine learning technology that continuously gets smarter, empowering organizations to reduce cybersecurity risk in the midst of the unprecedented frequency and complexity of attacks.”


IRONSCALES Continues Expansion Plans

Since entering the UK and European markets 18 months ago, IRONSCALES has established a strong customer-base and built solid relationships with MSSPs and IT Resellers. This capital investment will allow the company to further its aggressive expansion plans for this region, introducing additional partner incentives and ‘on the ground’ support. It recently announced the appointment of David Burnett as VP of Sales for UK & EMEA with further appointments and partnerships imminent.

IRONSCALES also announced today that it will open its North American headquarters in Q1 2018. Its VP of Sales will be based in Atlanta, while 10-15 new jobs in marketing, business development and HR will be hired at its new office location. R&D will remain in Israel. More information on new U.S. and EMEA employees and locations will be revealed in the coming months.

For more information on IRONSCALES, visit and follow @ironscales on Twitter and Linkedin.


The post IRONSCALES Secures $6.5 Million to Automate Email Phishing appeared first on IT SECURITY GURU.

from IRONSCALES Secures $6.5 Million to Automate Email Phishing

Hacked Medical Devices Could lead to Breaches

Hacked medical devices, such as IV Pumps, could lead to a widespread data breach, according to Spirent SecurityLabs.

Read Full Story 


The post Hacked Medical Devices Could lead to Breaches appeared first on IT SECURITY GURU.

from Hacked Medical Devices Could lead to Breaches

New Cybersecurity Watchdog Shuts Down $15 Mill Cryptocurrency Scam

The Securities and Exchange Commission announced it has stopped a fraudulent ICO, offering over 1000% returns.

Read Full Story 

ORIGINAL SOURCE: Business Insider

The post New Cybersecurity Watchdog Shuts Down $15 Mill Cryptocurrency Scam appeared first on IT SECURITY GURU.

from New Cybersecurity Watchdog Shuts Down $15 Mill Cryptocurrency Scam

LA Sues Uber

The City of LA has sued Uber, for failing to inform the public about a breach that occured 2 years ago.

Read Full Story 


The post LA Sues Uber appeared first on IT SECURITY GURU.

from LA Sues Uber

Employer is Liable for Data Breach caused by Employee

The High court has found an employer to be liable for actions by an employee, which resulted in data being leaked.

Read Full Story 


The post Employer is Liable for Data Breach caused by Employee appeared first on IT SECURITY GURU.

from Employer is Liable for Data Breach caused by Employee

Friday, 1 December 2017

Banks warned of increased digital attacks

Banks and Finacial institutions around the world need to remain vigilant of the increased threat today’s cyber attacks pose with SWIFT, the international bank transfer system, leading the warning call.

View Full Story


The post Banks warned of increased digital attacks appeared first on IT SECURITY GURU.

from Banks warned of increased digital attacks

Risk of Malware still high in 2018

2018 is predicted to be just as bad in terms of malware related cyber attacks according to the latest McAfee Labs 2018 Threats Predictions Report.

View Full Story


The post Risk of Malware still high in 2018 appeared first on IT SECURITY GURU.

from Risk of Malware still high in 2018

Attacks on Web Apps has increased

The third quarter 2017 State of the Internet Security Report by Akamai Technologies has revealed an increase in web application attacks by 30%.

View Full Story 


The post Attacks on Web Apps has increased appeared first on IT SECURITY GURU.

from Attacks on Web Apps has increased

Bitcoin Boom Attracts Hackers

The latest rise in Bitcoin popularity has and will attract unwanted attention from cyberattackers warns security industry.

View Full Story


The post Bitcoin Boom Attracts Hackers appeared first on IT SECURITY GURU.

from Bitcoin Boom Attracts Hackers

AI technology doesn’t make any assumptions about what ‘bad’ looks like

Discussions around AI cyber defense have traditionally focused on the ability of advanced machine learning to detect the earliest signs of an unfolding attack, including sophisticated, never-seen-before threats. This real-time threat detection overcomes the shortcomings of legacy tools and cuts through the noise in live, complex networks to accurately identify threatening anomalies, including ‘unknown unknowns’.


But while the capability to identify the entire spectrum of threats in their nascent stages before a problem becomes a crisis is incredibly powerful in its own right, it also serves as a fundamental enabler for autonomous response measures, which truly deliver on the promise of artificial intelligence in cyber defense.


Before the advent of AI cyber defense, the principal obstacle to achieving autonomous response was determining the exact action that is needed to stop an infection from spreading, while keeping the business operational. By their very nature and definition, traditional approaches to cyber security cannot make the jump from detection to response. While legacy rules- and signatures-based technology can offer the most basic protection by correctly identifying commonplace attacks, it cannot contain them. If your rule/signature correctly identifies that an attack is in progress, say by matching on a known bad IP address used by a malware family, then what do you do in response? There is nothing in the rule or signature that contains the remedy.


In the past, security teams could choose from two imperfect options: on the one hand, if a rule or signature for a ‘known bad’ matched, you could automatically block exactly the behavior that matched the rule, e.g. block connections to the bad IP address. The problem with this approach is that it is far too brittle and simplistic – the attack might involve far more than connections to that IP. It might involve connections to other IPs, or internal lateral movement. The connection to the bad IP is not the full extent of the threatening behavior of that malware, but is just one indicator.


At the other extreme, the autonomous response could be pre-programmed to completely isolate, or deactivate a compromised device at the earliest signs of an unfolding attack. However, while this action would probably halt the attack, it would also disrupt business activity, potentially even grinding operations to a halt: imagine if the affected device was the CEO’s laptop.


This is where artificial intelligence can augment humans with autonomous response acting as a force multiplier for security teams. The AI algorithms learn the normal ‘pattern of life’ for every user and device on the network and use that understanding to detect compromise and threats by their deviation from ‘normal’. The machine learning technology can then intuitively make the natural jump from detection to response by generating highly targeted remedial action, mitigating threats without overreacting.


Unlike traditional methods that rely on the false premise that chasing after yesterday’s attacks will help us defend against those of tomorrow, this new class of AI technology doesn’t make any assumptions about what ‘bad’ looks like. It doesn’t attempt to predict or anticipate future threats. It doesn’t classify threats in black and white, allowing for the shades of grey that exist in messy, live networks. The AI algorithms learn ‘on the fly’ about the normal ‘pattern of life’ in a network and can detect and remediate the entire spectrum of threat, from sophisticated ‘low and slow’ threats and lateral movement, to brute-force, automated attacks such as ransomware.


If a human security team is tasked with investigating the circumstances around an unfolding attack with a view of identifying the most appropriate action to take, they can devise a response that accurately targets the problem, while also minimizing any negative impact on the bottom line. Devising and executing such targeted action takes time and effort, and requires contextual understanding of the threat that human security teams often do not have.


Autonomous response is the future of AI cyber defense. It will take humans out of the weeds of the initial response to threats, enabling them to spend their time and effort on higher level issues that need human input.

The post AI technology doesn’t make any assumptions about what ‘bad’ looks like appeared first on IT SECURITY GURU.

from AI technology doesn’t make any assumptions about what ‘bad’ looks like

5 Cloud Computing Predictions for 2018

Just a few years ago, not many predicted cloud computing would reach the heights we’ve seen in 2017 – 79 percent of companies now run workloads in the cloud (split almost evenly between public and private clouds). With the cloud bar constantly being raised, where do we go from here? Here are five predictions for the future of Cloud Computing in 2018.


  1. True Hybrid Clouds Emerge

Hybrid cloud is all the buzz. The ability for enterprises to have applications run in different infrastructures – public and private clouds and on-premise with common orchestration and management tools – is enticing. Multi-cloud, with different workloads running in different clouds and being managed separately, will become the dominant mode in 2018, while true hybrid clouds will start to emerge.


There are already key technology developments and partnerships forming to make this a reality. For example, Azure and Azure Stack from Microsoft provide a uniform set of infrastructure and API capabilities across public and private clouds; the partnership between VMware and AWS; and the teaming up of Cisco and Google. These mashups will create hybrid clouds that truly blend environments and further improve operational agility, efficiency and scale.


  1. Kubernetes Dominates Container Orchestration

The fight for container orchestration dominance has been one of the cloud’s main events for roughly the past two years. The three-way battle between Docker Swarm, Kubernetes and Mesos has been fierce.


Come 2018, however, Kubernetes is poised to take the container orchestration title belt and also become increasingly mainstream with mission critical, scalable production deployments. Its rich set of contributors, rapid development of capabilities and support across many disparate platforms make it a clear victor.


And it has the help of some very powerful friends: Microsoft Azure and Google Cloud have launched a managed Kubernetes services. IBM has announced its private cloud will support Kubernetes in its Bluemix public cloud; AWS is lining up behind it as well and has joined the Cloud Native Computing Foundation (CNCF) as a platinum member


All this combined pushes Kubernetes into more mainstream deployments with continued growth in large production workloads next year.


  1. Analytics Get an AI Upgrade

AI is everywhere. It’s in our homes with Amazon Echo. And in 2018, it’ll be embedded more tightly in IT analytics systems making IT proactive versus reactive.


Through predictive analytics, IT and application owners will receive actionable information and recommendations. Add to that the ability to automate their response, and the power of AI becomes more relevant.


Analytics systems will have insight into the behaviour of the infrastructure, apps and clients. It will recognize anomalous performance or security behaviour and when an app or server is going to fail. Once that behaviour is noticed, automation can kick in to remediate the potential problem, i.e. firing up another server or load balancing the app. It’s like your infrastructure can say “Alexa, spin up another server.”


  1. Serverless Computing Adoption Spreads

One of the benefits of cloud is ease of use for spinning up additional resources and its pay by use consumption model. Nowhere is that more evident than in serverless computing. Previously, the unit for additional compute resource was an instance or VM. Now a “function” has become an even smaller unit of “use.” Putting the onus of managing and scaling up resources on demand on the cloud provider is cost-efficient and takes the heavy lifting off IT. And paying based on a consumption model makes it gentler on already strained budgets.


Currently available in the public cloud, next year will see serverless computing start to appear in private cloud deployments as well. While it won’t become mainstream, wider adoption will happen in the short term.


Serverless computing, coupled with the continue maturation of cloud, puts pressure on server and hardware vendors to transform their business models to maintain relevance in the new virtual, elastic and automated cloud-powered world.


  1. Custom Cloud Instances Proliferate

As cloud adoption grows, compute instance types will become further segmented and optimized for specific use cases; enabling improved performance and new use cases. Next year will see growth in the number of application-specific instance types within clouds – from big data and AI-optimized instances to high network performance and very large memory types. Custom optimized applications that take advantage of these capabilities will start appearing.



  1. Kiss Cloud Security Concerns Goodbye

Security is noticeably absent from our list of cloud predictions. Why? Simple. It’s time to move on.


Yes, security is always important, and even more so in the cloud. But it’s no longer the hindrance it was when cloud was early stages. Over the years, cloud and services available on the cloud have matured. There is more security built in. More tools are available from vendors. Compliance in the cloud has caught up. As with all IT, it’s imperative to think about security capabilities, policies and governance when deploying clouds or making a major change to your infrastructure, but in 2018 cloud will no longer be considered not secure by default.


In the cloud world, things move swiftly. That’s just a snapshot of what we think will be the major trends of 2018. There will certainly be more big headlines in cloud as more people find innovative ways to consume it.

The post 5 Cloud Computing Predictions for 2018 appeared first on IT SECURITY GURU.

from 5 Cloud Computing Predictions for 2018

Right to be Forgotten: 75% of employees likely to exercise rights under GDPR

New research by data security company, Clearswift, has shown that 75% of employees are likely to exercise their right to be forgotten (RTBF). The principle also known as ‘right to erasure’ dictates that an individual can request their data to be removed or deleted when there is no compelling reason for a business to continue processing that information.


The research, which surveyed 600 senior business decision makers and 1,200 employees across the UK, US, Germany and Australia, has revealed that the majority of employees will likely request that their data is deleted, something that 48% of business decision makers believe will have serious consequences for their business, slowing down productivity as resource is allocated to dealing with these requests. A small number of business decision makers (5%) even said that their organisation would grind to a halt.


Although businesses are anticipating a drain on resources, this may still be underestimated, with a mere 34% of businesses successfully conducting a RTBF request so far. The Marketing/PR sector are least confident in handling RTBF, with only 23% stating that they could handle requests without any impact, whereas 50% of those in HR were sure of their abilities to handle this without issue.


Despite the well-established rhetoric on the board historically distancing itself from security, board level staff were by far the most likely to request erasure, with 73% saying they would be extremely or very likely to request the service.


Dr Guy Bunker, SVP Products at Clearswift, said: “RTBF is an extremely challenging aspect of GDPR. Organisations need to balance an understanding of the data landscape in the organisation with a wider knowledge of the day-to-day practices within the business, including the possible pitfalls. For example, if businesses do not have a record of data duplication or are unaware of staff copying data, RTBF requests won’t be conducted correctly.”

“Working with various departments that hold and process critical data to map storage locations and data flows will create that understanding. Even when the information goes outside the organisation, this data is still your responsibility, so you need to know who you’ve shared it and through which communication channels so you can effectively execute a RTBF request. Deletion can then be carried out automatically leveraging technology, or manually.”

Interestingly, the desire for data erasure is far greater amongst those in the private sector (78%) when compared to those in the public sector (65%), a relaxed attitude towards data security that is evidenced further by public/private sector opinion on cyber security breaches, with more than a quarter of public sector employees (28%) not worried by recent global cyber attacks compared with 17% in the private sector.



Bunker added, “Businesses also have to be aware that the right to erasure does not provide an absolute ‘right to be forgotten’. Individuals have a right to have personal data erased and to prevent processing in specific circumstances, but there are exceptions for certain sectors.

“Not all data is created equally, and some cannot be ‘forgotten’ on request. For example, you could not contact your local GP and ask for the right to be forgotten, because the practice would not be permitted to delete your information. Similarly, if you have purchased goods you cannot expect the transaction data to be deleted in an arbitrary manner.”

The post Right to be Forgotten: 75% of employees likely to exercise rights under GDPR appeared first on IT SECURITY GURU.

from Right to be Forgotten: 75% of employees likely to exercise rights under GDPR