Tuesday, 17 October 2017

One Identity Research Exposes Major Problem with Employees Snooping on the Corporate Network

  • Global survey of over 900 IT security professionals indicates that employees are seeking out, and finding, information that is irrelevant to their jobs
  • Ninety-two percent of respondents report that employees attempt to access information they do not need for their day-to-day work
  • Nearly two in three (66 percent) IT security professionals admit they have specifically sought out or accessed company information they didn’t need

One Identity, a proven leader in helping organizations get identity and access management (IAM) right, today released new global research revealing that the overwhelming majority of employees are deliberately seeking out information they are not permitted to access, exposing a major “snooping” problem among today’s workforce. The survey, conducted by Dimensional Research, polled more than 900 IT security professionals on trends and challenges related to managing employee access to corporate data. Among key findings, a remarkable 92 percent of respondents report that employees at their organizations try to access information that is not necessary for their day-to-day work – with nearly one in four (23 percent) admitting this behavior happens frequently.

Most alarmingly, the report indicates that IT security professionals themselves are among the worst offenders of corporate data snooping. One in three respondents admit to having accessed sensitive information that is not necessary for their day-to-day work – indicating ongoing abuse of elevated rights attributed to the IT security role. Other findings related to IT security professionals’ shocking snooping behavior include:


  • Company performance information is a hot commodity: More than one in three (36 percent) of IT pros admit to looking for or accessing sensitive information about their company’s performance, apart from what is required to do for their job.
  • IT security executives are the guiltiest by level: Seventy-one percent of executives admit to seeking out extraneous information, compared to 56 percent of non-manager-level IT security team members. Additionally, 45 percent of executives admit to snooping for or accessing sensitive company performance information specifically, compared to just 17 percent of non-manager team members.
  • The smaller the company, the bigger the snoop: Thirty-eight percent of IT security professionals at companies with 500-2,000 employees admit to looking for or accessing sensitive performance data, versus 29 percent of professionals at companies with more than 5,000 employees.
  • Workers in technology companies most likely to go on a sensitive information hunt: Forty-four percent of respondents working for technology companies admit to searching for sensitive company performance information, compared to 36 percent in financial services, 31 percent in manufacturing, and just 21 percent in healthcare.

“While insider threats tend to be non-malicious in intent, our research depicts a widespread, intrusive meddling from employees when it comes to information that falls outside their responsibility – and it could be that meddling that ends up putting their employers in hot water,” said John Milburn, president and general manager of One Identity. “Without proper governance of access permissions and rights, organizations give employees free reign to move about the enterprise and access sensitive information like financial performance data, confidential customer documentation, or a CEO’s personal files. If that information winds up in the wrong hands, corporate data loss, customer data exposure or compliance violations are possible risks that could result in irreversible damage to the business’s reputation or financial standing.”


Managing Snooping & Other Access-based Threats

Results released today reinforce a general finding prevalent within One Identity’s Global State of IAM Study: Companies are not adhering to basic identity and access management (IAM) best practices. In the case of employee snooping, role-based access control and strict governance of rights and permissions can help prevent potential bad actors from accessing confidential or sensitive information. With regard to snooping done by IT security professionals specifically, organizations can leverage identity intelligence to identify who has elevated rights and help pinpoint exactly where abuse of those rights is occurring to address this behavior. Additionally, a separate report based on the global study recently found that best practices around removing inactive accounts, revoking access to ex-employees, and updating rights of employees whose roles have changed are also overwhelmingly poorly applied.

One Identity is committed to helping organizations eradicate these ongoing challenges, and offers a full suite of access management, identity governance, privileged management and identity as a service solutions and services that help businesses “Get IAM Right” while enabling business agility. Learn more by attending any of a series of One Identity hosted webinars on the topic (http://bit.ly/2eSI5wi).


About the One Identity Global State of IAM Study

The One Identity Global State of IAM Study consisted of an online survey conducted by Dimensional Research of IT professionals with responsibility for IT security as a major part of their job and were very knowledgeable about IAM. A wide variety of questions were asked about experiences and challenges with IAM. A total of 913 individuals from the U.S., Canada, U.K., Germany, France, Australia, Singapore and Hong Kong completed the survey.

This report is based on the global study, and One Identity offers a free online executive summary of the data in a Key Findings Report, as well as an illustrated look at the data in an infographic. These materials can be found here.


About One Identity

One Identity, a Quest Software business, helps organizations get identity and access management (IAM) right. With a unique combination of offerings including a portfolio of identity governance, access management and privileged management, and identity as a service that help organizations reach their full potential, unimpeded by security yet safeguarded against threats. One Identity has proven to be a company unequalled in its commitment to its customers’ long-term IAM success. More than 7,500 customers worldwide depend on One Identity solutions to manage more than 125 million identities, enhancing their agility and efficiency while securing access to their data — wherever it might reside. For more information, visit http://www.oneidentity.com.

The post One Identity Research Exposes Major Problem with Employees Snooping on the Corporate Network appeared first on IT SECURITY GURU.

from One Identity Research Exposes Major Problem with Employees Snooping on the Corporate Network

Despite the hype, AI adoption still in early stages per SAS survey

The hype surrounding artificial intelligence (AI) is intense. But for most European businesses surveyed in a recent study by SAS, the leader in analytics, AI adoption is still in the early or even planning stages. The good news is, the vast majority of organisations have begun to talk about AI, and a few have even begun to implement suitable projects. There is much optimism about the potential of AI, although fewer were confident that their organisation was ready to exploit that potential.

It isn’t so much a lack of available technology slowing AI adoption; most attest that there are many options available. More often, the challenges come from a shortage of data science skills to maximise value from emerging AI technology, and deeper organisational and societal obstacles to AI adoption.

These were some of the findings of the Enterprise AI Promise Study, a phone survey of executives from 100 organisations across Europe in banking, insurance, manufacturing, retail, government and other industries. The SAS study was conducted in August to measure how business leaders felt about AI’s potential, how they use it today and plan to use it in the future, and what challenges they face.


Societal challenges

Fifty-five per cent of respondents felt that the biggest challenge related to AI was the changing scope of human jobs in light of AI’s automation and autonomy. This potential effect of AI on jobs includes job losses but also the development of new jobs requiring new AI-related skills.

Ethical issues were cited as the second-biggest challenge, with 41 per cent of respondents raising questions about whether robots and AI systems should have to work “for the good of humanity” rather than simply for a single company, and how to look after those who lost jobs to AI systems.


Data science team and organisational readiness

Are organisations’ data scientists ready for the challenge of emerging AI? Only 20 per cent felt their data science teams were ready, while 19 per cent had no data science teams at all.

Recruiting data scientists to build organisational skills was the plan for 28 per cent of respondents, while 32 per cent said they would build AI skills in their existing analyst teams through training, conferences and workshops.

Additionally, trust emerged as a major challenge in many organisations. Almost half of respondents (49 per cent) mentioned cultural challenges due to a lack of trust in AI output and more broadly, a lack of trust in the results of so-called “black box” solutions.


Platform readiness

The study also sought to assess AI readiness in terms of infrastructure required. There was a contrast between those respondents who felt they had the right infrastructure in place for AI (24 per cent), and those who felt they needed to update and adapt their current platform for AI (24 per cent) or had no specific platform in place to address AI (29 per cent).

“While it is increasingly used as an industry buzzword, artificial intelligence has truly astounding potential. When implemented correctly algorithms will be able to perform human tasks automatically like never before,” said Peter Pugh-Jones, Head of Technology, SAS UK & Ireland. “While many organisations are still in the early or even planning stages of adopting AI, it will be those that harness the power of this technology that will not just survive but thrive in the future.”

For additional findings, download the complete survey report: https://www.sas.com/sas/offers/17/the-enterprise-ai-promise.html

The post Despite the hype, AI adoption still in early stages per SAS survey appeared first on IT SECURITY GURU.

from Despite the hype, AI adoption still in early stages per SAS survey

Tripwire Survey: 72 Percent of Security Professionals Say Soft Skills Need Has Increased

Tripwire, Inc., a leading global provider of security and compliance solutions for enterprises and industrial organizations, today announced the results of a survey conducted by Dimensional Research that looked at the need for soft skills in cybersecurity. The survey was conducted in July, and its respondents included 315 IT security professionals at companies with over 100 employees.

According to Tripwire’s survey, 100 percent of respondents believe soft skills are important when hiring for their security teams. The three most important soft skills cited were analytical thinker (selected by 65 percent), good communicator (60 percent) and troubleshooter (59 percent). Tied for fourth place, “strong integrity and ethical behaviour” and “ability to work under pressure” were selected by 58 percent of participants.

“The cybersecurity industry should not overlook the soft skills that are needed to build a strong security program,” said Tim Erlin, vice president of product management and strategy at Tripwire. “The reality is that today’s security pros need to go beyond technical expertise. Security practitioners need to be good communicators who can connect cybersecurity issues to business priorities, rally the rest of the organization to get involved, solve tough problems and handle sensitive issues with integrity.”

Respondents were also asked if the need for soft skills has changed over the last two years, with the following results:

  • Seventy-two percent said the need had increased.
  • Twenty-one percent said soft skills are actually more important than technical skills when hiring staff.
  • Seventeen percent expect to hire people without security-specific expertise over the next two years.

In addition, nearly all respondents (98 percent) believe non-security functions need to be more involved in cybersecurity in the future. Of those, 74 percent said IT operations needs to be more involved, 60 percent said risk management, 53 percent said compliance and 45 percent said legal needs to be brought into the fold. Other mentions included human resources (32 percent) and marketing (11 percent).

Erlin added: “With security-related regulations like GDPR on the rise, it’s unsurprising that respondents expect their legal and compliance teams to get more involved in cybersecurity. It’s become increasingly apparent that security is a shared responsibility, even for those without any technical cybersecurity experience. Employees from other functions can partner with their security teams to help them look at issues from different perspectives, help further the broader organization’s understanding of cybersecurity, and help enforce best security practices across the organization.”

For more information on Tripwire’s survey, please visit: https://www.tripwire.com/state-of-security/featured/survey-says-soft-skills-highly-valued-security-team

The post Tripwire Survey: 72 Percent of Security Professionals Say Soft Skills Need Has Increased appeared first on IT SECURITY GURU.

from Tripwire Survey: 72 Percent of Security Professionals Say Soft Skills Need Has Increased

Kaspersky Lab discovers Adobe Flash Zero Day – used in the wild by a threat actor to deliver spyware

Kaspersky Lab’s advanced exploit prevention system has identified a new Adobe Flash zero day exploit, used in an attack on 10 October by a threat actor known as BlackOasis. The exploit is delivered through a Microsoft Word document and deploys the FinSpy commercial malware. Kaspersky Lab has reported the vulnerability to Adobe, which has issued an advisory.

According to Kaspersky Lab researchers, the zero day, CVE-2017-11292, has been spotted in a live attack, and they advise businesses and government organisations to install the update from Adobe immediately.

The researchers believe that the group behind the attack was also responsible for CVE-2017-8759, another zero day, reported in September – and they are confident that the threat actor involved is BlackOasis, which Kaspersky Lab’s Global Research and Analysis Team began tracking in 2016.

Analysis reveals that, upon successful exploitation of the vulnerability, the FinSpy malware (also known as FinFisher) is installed on the target computer. FinSpy is a commercial malware, typically sold to nation states and law enforcement agencies to conduct surveillance. In the past, use of the malware was mostly domestic, with law enforcement agencies deploying it for surveillance on local targets. BlackOasis is a significant exception to this – using it against wide range of targets across the world. This appears to suggest that FinSpy is now fuelling global intelligence operations, with one country using it against another. Companies developing surveillance software such as FinSpy make this arms race possible.

The malware used in the attack is the most recent version of FinSpy, equipped with multiple anti-analysis techniques to make forensic analysis more difficult.

After installation, the malware establishes a foothold on the attacked computer and connects to its command and control servers located in Switzerland, Bulgaria and the Netherlands, to await further instructions and exfiltrate data.

Based on Kaspersky Lab’s assessment, the interests of BlackOasis span a whole gamut of figures involved in Middle Eastern politics, including prominent figures in the United Nations, opposition bloggers and activists, as well as regional news correspondents. They also appear to have an interest in verticals of particular relevance to the region. During 2016, the company’s researchers observed a heavy interest in Angola, exemplified by lure documents indicating targets with suspected ties to oil, money laundering and other activities. There is also an interest in international activists and think tanks.

So far, victims of BlackOasis have been observed in the following countries: Russia, Iraq, Afghanistan, Nigeria, Libya, Jordan, Tunisia, Saudi Arabia, Iran, the Netherlands, Bahrain, United Kingdom and Angola.

“The attack using the recently discovered zero-day exploit is the third time this year we have seen FinSpy distribution through exploits to zero-day vulnerabilities. Previously, actors deploying this malware abused critical issues in Microsoft Word and Adobe products. We believe the number of attacks relying on FinSpy software, supported by zero day exploits such as the one described here, will continue to grow,” said Anton Ivanov, the Lead Malware Analyst at Kaspersky Lab.

Kaspersky Lab security solutions successfully detect and block exploits utilising the newly discovered vulnerability.

Kaspersky Lab experts advise organisations to take the following action to protect their systems and data against this threat:

  • If not already implemented, use the killbit feature for Flash software and, wherever possible, disable it completely.
  • Implement an advanced, multi-layered security solution that covers all networks, systems and endpoints.
  • Educate and train personnel on social engineering tactics as this method is often used to make a victim open a malicious document or click on an infected link.
  • Conduct regular security assessments of the organisation’s IT infrastructure.
  • Use Kaspersky Lab’s Threat Intelligence that tracks cyberattacks, incident or threats and provides customers with up-to-date relevant information that they are unaware of. Find out more at intelreports@kaspersky.com.

For technical details, including indicators of compromise and YARA rules, please read the blogpost on Securelist.com.

The post Kaspersky Lab discovers Adobe Flash Zero Day – used in the wild by a threat actor to deliver spyware appeared first on IT SECURITY GURU.

from Kaspersky Lab discovers Adobe Flash Zero Day – used in the wild by a threat actor to deliver spyware

Google gives Chrome for Windows its own Antivirus

Google is rolling out several Chrome for Windows security improvements, including its own basic antivirus, in conjunction with ESET.

Read Full Story 


The post Google gives Chrome for Windows its own Antivirus appeared first on IT SECURITY GURU.

from Google gives Chrome for Windows its own Antivirus

SMEs more vulnerable to Cyberattacks

SMes are more vulnerable than ever to being the victim of a cyber attack; attacks tend to result from poor password management, according to a report from the Ponemon Institute.

Read Full Story 

ORIGINAL SOURCE: Computer Weekly

The post SMEs more vulnerable to Cyberattacks appeared first on IT SECURITY GURU.

from SMEs more vulnerable to Cyberattacks

Russia Fines Telegram

Russian officials have fined messaging app Telegram 800,000 roubles for refusing to adhere to Russia’s FSB’s demand that it decryps user messages.

Read Full Story 


The post Russia Fines Telegram appeared first on IT SECURITY GURU.

from Russia Fines Telegram

Iran Responsible for Parliament Cyber-Attack

It has emerged that Iran was behind the cyber attack on the UK Parliament in June this year; the attack attempted to break account holders’ passwords. It is unclear as to why, or what hackers where after.

Read Full Story 

ORIGINAL SOURCE: Information Security Magazine

The post Iran Responsible for Parliament Cyber-Attack appeared first on IT SECURITY GURU.

from Iran Responsible for Parliament Cyber-Attack

British television company hit by cyber attack

North Korean hackers have targeted a British Television company making a new drama about the Country- the series has now been shelved.

Read Full Story 

Original Source: BBC

The post British television company hit by cyber attack appeared first on IT SECURITY GURU.

from British television company hit by cyber attack

Monday, 16 October 2017

Dark Web Ransomware Economy Growing at an Annual Rate of 2,500%, Carbon Black Research Finds

Carbon Black, the leader in next-generation endpoint security, today announced the release of: “The Ransomware Economy: How and Why the Dark Web Marketplace for Ransomware Is Growing at a Rate of More Than 2,500% Per Year.”

Carbon Black released the report at the company’s largest event of the year, Cb Connect, a conference in San Francisco bringing together hundreds of security professionals from around the world to discuss the latest trends and threats in cybersecurity.

Conducted by the network of the Carbon Black Threat Analysis Unit (TAU), the research found:

  • There are currently more than 6,300 estimated dark web marketplaces selling ransomware, with more than 45,000 current product listings.
  • The prices for do-it-yourself (DIY) ransomware ranges from $0.50 to $3,000.  The median price is $10.50.
  • When comparing 2016 vs. 2017 YTD, ransomware sales on the dark web have grown from $249,287.05 to $6,237,248.90, a growth rate of 2,502%. According to the FBI, ransomware extorted about $1B in 2016.
  • Some ransomware sellers are making more than $100,000 per year simply retailing ransomware.
  • The most notable innovations contributing to the proliferation and success of the dark web ransomware economy have been the emergence of Bitcoin for ransom payment, and the anonymity network, The Onion Router, better known as TOR, to mask illicit activities.
  • Ransomware sellers are increasingly specialising in one specific area of the supply chain, further contributing to ransomware’s boom and economy development.


“Based on our research, ransomware can no longer be perceived as petty criminals performing stick ups and kidnappings,” said Rick McElroy, Carbon Black’s security strategist. “Instead, ransomware has become a rapidly growing, cloud-based black market economy focused on destruction and profit.  Today, legitimate enterprises avoid heavy investments in infrastructure and hackers are no different. In fact, with Ransomware, hackers have set a model for a cloud-based, high profit and effective turnkey service economy.”

The report, available for download here, outlines the various components of the ransomware supply chain, offers projections for the evolution of ransomware, and provides several tips on how businesses and consumers can protect themselves from ransomware attacks.

“With the ability for ransomware authors to make more than $100,000 per year, it comes as very little surprise that dark web underground economies are flourishing,” said McElroy. “The sad reality is that many businesses are on their own when it comes to staying protected. A lack of fundamental security controls such as backups, testing, restoration, patching, visibility, and out of date prevention strategies means business can expect the problem to get worse before it gets any better.”

The full report from the Carbon Black TAU can be downloaded here.


Report Methodology

During the months of August and September 2017, researchers monitored 21 of the largest dark web marketplaces for new virtual offerings related to ransomware. The description of the offering and sales price was recorded for each offering. To represent the complete dark web marketplace economy the sample of findings from 21 of the largest marketplaces was extrapolated to a population-wide value based on an assumption that approximately 25% (Wired, 2014) of the total dark web website population (per Tor unique .onion observations/day reported at on the Tor Metrics site (https://metrics.torproject.org/hidserv-dir-onions-seen.html) is comprised of similar marketplaces. All prices and values are reported in USD. In instances where prices were offered in BTC (Bitcoin) conversion to USD was made for the day the offer was identified.

Historical information about the dark web marketplace activity for 2016 was developed through analysis of dark web database dumps. The sample size of sites analysed for this historical perspective is approximately 10,000 .onion sites (20% of the dark web) as of February 2017.

The basic statistical model for generating point estimates based on samples collected. The number of observations in a period of time is multiplied by the total population and that product is divided by sample size (the population observed).


About Carbon Black

Carbon Black is the leading provider of next-generation endpoint security. With more than 13 million endpoints under management, Carbon Black has more than 3,000 customers, including 30 of the Fortune 100. These customers use Carbon Black to replace legacy antivirus, lock down critical systems, hunt threats, and protect their endpoints from the most advanced cyberattacks, including non-malware attacks.


The post Dark Web Ransomware Economy Growing at an Annual Rate of 2,500%, Carbon Black Research Finds appeared first on IT SECURITY GURU.

from Dark Web Ransomware Economy Growing at an Annual Rate of 2,500%, Carbon Black Research Finds

Can digitisation compromise security?

Every company is striving to be top of its particular market and to be considered a fast-growing and profitable organisation. In order to achieve this, digitisation must be front of mind. Digital technology can provide companies with a crucial edge over competitors in myriad ways such as cost savings, improved customer experience and greater employee satisfaction. But, every additional digital system an IT department introduces can offer another potential entry point for malicious actors looking to compromise digital security.

This means that many companies face a difficult balancing act between implementing digital processes to stay ahead of the competition, and securing their own and their customers’ data. These are both mammoth tasks in isolation, not to mention the high-stakes, given the severe financial and reputational consequences of a breach. So what can be done to strike the perfect balance?


Digitisation – moving forward at the speed of light

Businesses made significant steps towards digitisation in the early 90s – a time of consistent technological advancement and the World Wide Web boom. But whilst digitisation has been taking place for years, some contemporary companies are still struggling to effectively introduce new technology and secure their intellectual property.

For quick transactions and effective business, digitisation is a prerequisite for companies that wish to stay competitive – and this is where the challenge lies. The implementation of a truly effective digital strategy must have security at its heart. This has never been more important, considering the fact that the General Data Protection Regulation is drawing ever closer.


GDPR is fast approaching

Less than 8 months remain until the GDPR comes into force. Under the new legislation, companies that are not deemed to have taken reasonable steps to protect customer data in the event of a breach could face fines of €20m or 4% of global turnover, whichever is greater.

This means it is imperative that companies take particularly good care of any information that could be used to directly or indirectly identify customers, for instance; names, photographs, email addresses, bank details, posts on social networking websites, medical information, or computer IP addresses. It is also noteworthy that if a company has any European customers, the GDPR regulations will apply in the same manner as for the companies that are located within the European Union.


Do we still WannaCry?

For organisations that store particularly sensitive information on behalf of customers, such as legal, healthcare or higher education institutions, an effective security strategy is even more critical, because the consequences of a breach are particularly severe. For instance, in the event of a breach, information about suspects in high-level legal cases could be leaked, or university students could lose months or even years of work.

While these examples might seem like another doomsday scenario, it is only necessary to look back a couple of months to the WannaCry outbreak and its impact on healthcare services. For example, NHS Lanarkshire was affected particularly badly by WannaCry. A number of procedures and appointments were cancelled due to IT failures, and patients were even advised to avoid visiting emergency departments if possible. It would not be over dramatic, therefore, to suggest that in some instances, a data breach could even become a life-or-death matter.


An attainable solution

To avoid a potentially dangerous or business-destroying incident (and a hefty fine from GDPR regulators), companies must implement robust and adaptable security solutions as soon as possible, and certainly in advance of May 2018. Comprehensive cover against all eventualities can only be achieved by implementing a layered stack of complementary security solutions.

Preventative security tools such as antivirus and firewalls are still effective as a first line defence, but the advancement of more complex attacks, such as APTs (advanced persistent threats) and zero-day threats mean they no longer work as a stand-alone measure. A focus on recovery is also essential. If an organisation is hit with an advanced ransomware attack, for instance, the first priority must be to recover data, restore systems and resume operations as quickly as possible. Every second of downtime damages a business, so organisations should look for a tool that allows them to return to working order as quickly as possible (and preferably within minutes).

To summarise, digitisation is a crucial part of a company’s evolution and simply a fact of life for the modern business. The benefits of introducing digital technology cannot be overstated, but the development of secure foundations for building a digital empire is a ‘must’.

The post Can digitisation compromise security? appeared first on IT SECURITY GURU.

from Can digitisation compromise security?

Ransomware and Dark Web Demand on the Up

The demand for Ransomware attacks on the dark web has increased significantly, according to Carbon Black.

Read Full Story 


The post Ransomware and Dark Web Demand on the Up appeared first on IT SECURITY GURU.

from Ransomware and Dark Web Demand on the Up

Hilary Clinton says Cyber Cold War just Beginning

Hilary Clinton has warned that Vladamir Putin has been conducting a hige ‘cyber cold war’ against Western nations.

Read Full Story 


The post Hilary Clinton says Cyber Cold War just Beginning appeared first on IT SECURITY GURU.

from Hilary Clinton says Cyber Cold War just Beginning

US Banks to introduce New anti-fraud Measures

US Banks are stepping up and increasing anti fraud measures after the Equifax breach.

Read Full Story 


The post US Banks to introduce New anti-fraud Measures appeared first on IT SECURITY GURU.

from US Banks to introduce New anti-fraud Measures

Poland fends off Russian Cyberattack

Polish Defense Minister Antoni Macierewicz said that on Friday, a Russian cyber attack has been succesfull prevented in Poland.

Read Full Story

Original source: The News

The post Poland fends off Russian Cyberattack appeared first on IT SECURITY GURU.

from Poland fends off Russian Cyberattack

North Korea behind WannaCry says Microsoft head

President of Microsoft, Brad Smith, has said that “all observers in the know” believe North Korea were behind the WannaCry ransomware that temporarily bought the NHS to a standstill earlier this year.

Read Full Story 

ORIGINAL SOURCE: The Independent

The post North Korea behind WannaCry says Microsoft head appeared first on IT SECURITY GURU.

from North Korea behind WannaCry says Microsoft head

Saturday, 14 October 2017

Immersive Labs introduces ‘The Digital Cyber Academy’

Immersive Labs, the highly accoladed UK cyber security startup that helps companies identify and develop talent through a unique cloud-based cyber training and assessment platform, will launch The Digital Cyber Academy (DCA) on October 19th, at Level 39, Canary Wharf, London. The DCA encourages full-time students around the world to develop cyber skills by immersing users in real-world exercises through online cyber labs and establishing a global leaderboard that can be used by employers and recruiters to fill the cyber security skills gap.


The Academy will be introduced by Robert Hannigan, Ex-Director of GCHQ, who said of Immersive Labs’ gamifiied method to cyber training: “Identifying, developing and measuring practical cyber security skills is the great challenge for all companies today. The Immersive Labs approach is the most exciting thing I’ve seen in this space: scalable, agile and appropriate to the way a new generation learns. It has the potential to disrupt and transform this crucial market.”


During the launch event, Immersive Labs CEO & Founder, James Hadley, will also demonstrate how The Digital Cyber Academy can help close the cyber skills gap by identifying and developing cyber skills in anyone who is willing to learn.


“We have acknowledged that academic background has little bearing on an individual’s ability to develop much sought-after cyber skills,” explained James Hadley, Immersive Labs CEO & founder. “The Digital Cyber Academy will enable millions of students to develop knowledge and hands-on skills, allowing them to be recognised as highly cyber skilled by potential employers. We’re looking forward to building a community of cyber security talent from around the world, on a single platform.”


About The Digital Cyber Academy

The Digital Cyber Academy is a global online cyber skills platform that streams real-world exercises on demand, through browser based labs. Users are immersed in real challenges and must continually develop their skills to complete the exercises. Gamification is at the heart of every lab, meaning users are rewarded for each one they complete. The more they complete, the higher up the leaderboard they rise.


Anyone in full-time study in the UK, US, Australia and Singapore can sign-up to The Digital Cyber Academy.

The academy will change the face of cyber skills training on a global scale. By abandoning the traditional classroom-based training model, it enables academics of any discipline to identify and develop the skills required to make the journey towards becoming a cyber ninja.


Unlike other training programmes, Digital Cyber Academy students never graduate. Cyber threats continually evolve, so students must keep pace and develop their skills in order to keep their place on what is a globally competitive leaderboard. Leaderboards mean users can benchmark their skills against others worldwide. It also means employers can identify real-world cyber talent, which isn’t determined simply by training certificates. It’s talent, contextualised.


Digital Shadows and borwell are two cyber security companies already seeing success with the early adoption of the Immersive Labs assessment and training platform.


To register to attend the launch of The Digital Cyber Academy, please visit: https://immersivelabs.co.uk/register/

The post Immersive Labs introduces ‘The Digital Cyber Academy’ appeared first on IT SECURITY GURU.

from Immersive Labs introduces ‘The Digital Cyber Academy’

Friday, 13 October 2017

Swedish Transport Agency hit by DDoS attack

Sweden’s Transport Agency has been hit by a series of DDoS attacks forcing the official website of Transportstyrelsen to go offline.

View Full Story


The post Swedish Transport Agency hit by DDoS attack appeared first on IT SECURITY GURU.

from Swedish Transport Agency hit by DDoS attack

Ransomware sale value in the millions!

$6million. That is the total estimated value of ransomware sales on the dark web market places. Crazy to think it used to cost $250,000 only a year ago.

View Full Story


The post Ransomware sale value in the millions! appeared first on IT SECURITY GURU.

from Ransomware sale value in the millions!

Hyatt Hotel Breached

The international resort giant Hyatt Hotels has suffered a data breach, exposing visitors payments card information from 41 hotels in 11 countries.

View Full Story


The post Hyatt Hotel Breached appeared first on IT SECURITY GURU.

from Hyatt Hotel Breached

Fob flaw allows clones to be made for Subaru Cars

A vulnerability in the key fob system used by various Subaru models could be used by hackers to hijack the vehicles.

View Full Story

ORIGINAL SOURCE: Bleeping Computer

The post Fob flaw allows clones to be made for Subaru Cars appeared first on IT SECURITY GURU.

from Fob flaw allows clones to be made for Subaru Cars

Equifax hacked again

Equifax has had its contract with the Internal Revenue Service (IRS) temporarily suspended after the credit reporting company had its website compromised again.

View Full Story


The post Equifax hacked again appeared first on IT SECURITY GURU.

from Equifax hacked again

Pay Attention to These 5 Security Tips When Buying Cryptocurrencies

There are many ongoing discussions about the use of blockchain across various industries and markets.


In short, it is the distributed ledger technology or underlying foundation of Bitcoin, one of the most high-profile cryptocurrencies.


There are both public and private blockchains, and each has its own set of strengths and weaknesses regarding security. But the system itself, which records transactions, is reasonably secure, which strengthens the belief that cryptocurrencies are secure. Sadly, that couldn’t be any farther from the truth.


Blockchains aren’t entirely safe for a number of reasons. The most important thing you need to understand is that the network used to facilitate the blockchain and transactions is vulnerable in many forms – thanks to decentralization.


But Bitcoin and related cryptocurrencies aren’t completely secure either. In 2016, hackers were able to steal nearly $70 million worth of the virtual currency, by tapping into a Bitcoin exchange. In early 2014, a similar attack resulted in the loss of an estimated $350 million in Bitcoins. Cyberattacks and thefts are not unheard of, even for a virtual currency such as Bitcoin.


This brings to light several security concerns regarding the ownership and transfer of modern cryptocurrencies. If you’re going to dabble in things like Bitcoin, what are the security risks you should remain aware of?


  1. Cryptocurrency Is Not Backed By Anything


In the real world, you have insurance to protect your belongings and yourself. If something unfortunate happens, the insurance policy will hopefully help you bounce back. If a hacker breaks into a bank system and steals virtual money, you don’t actually lose your money. There are ways to get it back, and plenty of ways to file grievances. There are various ways to fix the situation.


With cryptocurrency such as Bitcoin, that’s not the case.


You might as well be holding cash in your hand. If someone runs by, snatches that money and disappears into the crowd, it’s gone, for good. The same is true of cryptocurrencies, with few exceptions. In fact, a cryptocurrency called Aureus is the only cryptocurrency available that’s based on the real-world economy.


So, unless you use Aureus, your digital wallet could be as much of a liability as it is an opportunity.


If you lose the encryption access to your wallet, you lose everything contained within. If someone hacks your computer or system and gains access to it, they can transfer everything to a source of their choosing, and it’s gone.


If you invest everything in Bitcoin, and then you lose that money, it’s gone for good. Be smart about it. Manage the amount of Bitcoin you handle or invest in different kinds of cryptocurrencies. Keep multiple wallets and don’t store everything in one place. Furthermore, always back up your wallet encryption keys and data.


  1. You Need a Core Wallet


There are many types of wallets or “digital banks” where you can keep your cryptocurrencies. But if you’re going to store your money offline, often referred to as cold storage, it’s critical that you use a core wallet.


Wallets are constantly changing and receiving development and update solutions. Core wallets, however, are guaranteed to have keys and file formats that are compatible across all versions, old and new. You won’t ever lose access to your currency because the wallet or software was updated and can no longer interface with older versions.


Furthermore, these tools are not infallible. It’s entirely possible to lose your money or see it drop into limbo because of a coding mistake or an issue in the code. Bitcoin can also get stuck during exchanges. If you can fix the problem, great! It may take you a while, but at least you get your currency back. If you can’t, well, then you lose everything.


  1. It’s Inherently Data


Virtual, digital, invisible, whatever. Describe it how you want. Just know that cryptocurrencies are nothing more than sets of data. They are no different than a bank statement stored in your computer documents, a photo or image of your family or a risque video file tucked away in a hidden sub-folder. It’s data, plain and simple. That means, people can manipulate it, copy it and delete it, and it can even be corrupted.


Treat your cryptocurrency like sensitive data it is. Ensure that you encrypt your content, and then encrypt it again before dropping it into cold storage. Move it around between systems or portable drives, and then password protect the content. Keep backups, and keep those backups secure.


If and when a hard drive fails, you lose all data, media and content stored on the drive. In the back of our minds, we’re always worried about this happening. It’s why we back up our data. It’s why we keep multiple versions of important files. Do the same for your cryptocurrencies and wallet. Because once you lose access to them – whether you just forgot a password or someone accidentally deleted a file – they’re gone for good.


  1. Protect Your System


As Andreas Antonopoulos said, “nothing teaches [you] about [cyber]security faster than having Bitcoin on a Windows machine.”


The data you have is only as secure as the system or source where you have it stored. If you make a habit of opening questionable documents or attachments, you’re opening yourself up to a world of hurt. If the system where you have your wallet stored gets a virus, malware, spyware or ransomware, it may affect your access to your money. Lose control of your system, and you lose control of your money.


Security begins and ends with your computer. Keep your virus and malware software up-to-date. Install all necessary OS updates and security fixes. Don’t install questionable apps or download unknown media and files. Don’t ever trust strangers or unknown contacts and screen everything you’re not sure of. A file attachment from someone unfamiliar, for example, should be scanned by a virus or malware tool before you open it.


  1. Just Say No to Mobile Wallets


Mobile wallets have cropped up as a useful way to carry cryptocurrencies with you and even pay for goods and services in the real world. Best practice is not to use them at all unless you absolutely need to. Even then, don’t store a lot of cash in your mobile wallet.


Think about it. You would never put thousands of dollars in your real wallet or purse.


In the rare cases where you might have a lot of cash, you get nervous, real quick, for obvious reasons. It’s just not a smart thing to do, and it’s incredibly risky.


The same is true of mobile cryptocurrency wallets. If you’re going to use them, don’t carry more than you need.

The post Pay Attention to These 5 Security Tips When Buying Cryptocurrencies appeared first on IT SECURITY GURU.

from Pay Attention to These 5 Security Tips When Buying Cryptocurrencies

Security in the Internet of Things – an Inconvenient Truth

The current political events in Barcelona provide us with a barely-needed reminder that we live in changing times.  I was in the city as part of the Trustonic team exhibiting at IoT Solutions World Congress last week and took some time to speak with fellow vendors. I soon saw some fantastic product demonstrations that drew my attention – I wanted to learn more. Frequently though, the response to: “This looks great – how is it secured? How do we know the data is trustworthy?” was a puzzled look and a “It uses our cloud and we secure that” or “It runs on a secure OS”.  Sometimes the response was worse: “It’s a closed network. You couldn’t attack it”.


It didn’t fill me with confidence. Everyone has a secure solution, it seems. But how do we know that it’s secure? Who has validated it? The questions and the perplexed looks continued. I slept uneasily.


I don’t want to criticise the IoT solutions that I saw – they were interesting and point to an exciting future for us all. Unfortunately, securing these solutions isn’t exciting and probably won’t draw a crowd to your stand. It’s rare to see ground-breaking security solutions making the news – consumers just expect it these days. Of course, you can expect a media frenzy if you’re breached. There have been some horrifying examples already and we are still in the early days of this industry. IoT solutions need to be secure by design – or, to put it another way, the components of the solution must already be secure when they are deployed. With the headache (and tedium) of security taken care of, the industry would be free to innovate and dream up even more exciting products.


I was showing an IoT security demo built on a Samsung ARTIK board, which already has Trustonic TEE technology embedded. It showed an IoT device connecting to Amazon Web Services (AWS), cryptographically proving itself to be secure and having a trusted identity, thus enabling it to become automatically registered on the system. Perhaps not as exciting as an IoT boat or sports bike sharing data in real time, but it demonstrated that, by embedding a truly secure OS (one that’s Common Criteria certified and FIPS-140-2 approved) combined with a Root of Trust installed in the factory (think of this like a digital birthmark), an IoT device can be trusted pretty much automatically. Once you have an inherently trusted device, you can be confident that data from its sensors is also trustworthy.


Shakespeare wrote “Love all, trust a few”. So, love all the cool and exciting IoT products – but only trust the few which are truly secure.

By Rob Dyke, Field Application Engineering Manager, Trustonic

The post Security in the Internet of Things – an Inconvenient Truth appeared first on IT SECURITY GURU.

from Security in the Internet of Things – an Inconvenient Truth

Sophos Supports Preservation of History of Computing and Security by Becoming Foundation Sponsor for The National Museum of Computing

Sophos , a global leader in network and endpoint security, has become a Corporate Foundation Sponsor at The National Museum of Computing (TNMOC), where the history of computing and security can be seen in action with the world’s largest collection of functioning historical computers. Sophos has committed to sponsor the museum until 2020, and will provide expertise and counsel as well as support the museum’s ongoing development of exhibit space and visitor experience.


The museum at Bletchley Park in Buckinghamshire, conserves the history and development of computing for inspiration, education, learning and enjoyment. Block H of Bletchley Park, now the home of The National Museum of Computing, was built specifically to house the Colossus computers. These computers were instrumental in breaking the Lorenz messages of Hitler’s High Command, thus giving the Allies an unparalleled insight into the German war machine. Those achievements helped shorten and secure victory during the war, saving countless lives.


“The National Museum of Computing brings to life the massive evolution of computing that has occurred in living memory,” commented John Shaw, vice president of product management for Enduser Security at Sophos. “The very first computers were developed to break encrypted codes, and we now use encryption every day to secure our digital lives. Just as our ability to connect with people and services has expanded, so has our need to develop the next generation of security required to protect our computers from cyber criminals. Alan Turing, Tommy Flowers and their colleagues could never have imagined the sophisticated tools used to attack computers today and the advanced technology required to secure them. The UK plays a central role in both the history and the future of cybersecurity, which is why we are now proudly supporting the development of TNMOC.”

At the core of the museum is a highly successful education programme, aimed at school and college level students where they can learn the basics of computer coding. Sophos will be supporting the museum’s endeavour to continue this work through the renovation of the classroom-training suite. The classroom accommodates the Museum’s flagship educational programme, and the investment will involve upgrading the technology – allowing the students to work with state of the art equipment – along with increasing the capacity of the space.

“We are very excited to have Sophos now supporting us as a Foundation Sponsor.” said Andrew Herbert, chair of TNMOC, “Having Sophos on board will help us to continue to provide visitors with the opportunity to see and learn about historic computers and artefacts which were the result of pioneering British ingenuity. We look forward to working with Sophos to further develop the museum and inspire future generations of computer scientists, engineers and inventors.”

TNMOC also run a variety of programmes that aim to educate the public on an array of topics including computing, security and engineering. Sophos will be supporting the museums current activities through offering guidance at the girls in coding events, along with utilising in-house industry experts for the monthly guest speaker’s evenings. Simon Reed, vice president of SophosLabs, will begin the speaker series this October where he will be presenting on ‘State of the union on cyber-attacks from the frontline’.

The post Sophos Supports Preservation of History of Computing and Security by Becoming Foundation Sponsor for The National Museum of Computing appeared first on IT SECURITY GURU.

from Sophos Supports Preservation of History of Computing and Security by Becoming Foundation Sponsor for The National Museum of Computing

Thursday, 12 October 2017

Incapsula network to expand, in a bid to increase Performance and Speed Attack Mitigation

Imperva have announced this week that they are expanding their Incapsula network. Alongside this expansion of the Incapsula network, Imperva will also be engaging in a significant investment in second-generation DDoS attack mitigation technology. This investment will facilitate Imperva being able to perform faster, and will also mean the introduction of an industry-leading 10 second DDoS mitigation SLA (service level agreement) to minimize the disruption to business in the extremely unfortunate event of a DDoS attack.

This expansion is driven by a notable change in DDoS attack patterns. Research by the Imperva Incapsula security team shows that DDoS attack patterns are shifting, with a significant increase in high packet rate attacks, DDoS assaults in which the packet forwarding rate escalated to about 50 million packets per second (pps). In Q3, Imperva saw 197 high packet rate attacks among clients, more than half of which were greater than 100 million pps. Of these, 11 were more than 200 million pps with the largest hitting 238 million pps for more than 3.5 hours.

The following three areas constitute the bulk of the expansion programme:

New PoPs, Increased Transit Capacity and Peering

Imperva has expanded its Incapsula data center footprint into Delhi, Dubai, Moscow, Mumbai, and Vancouver. Seven more are planned to be online by the end of the year in Bangkok, Istanbul, Jakarta, Johannesburg, Mexico City, Seoul and Taipei. The addition of these new PoPs speeds up the internet experience for local users.

Network bandwidth has been expanded to 4.7 terabits per second through a relationship with Level 3 Communications that adds an additional 1.8 Tbps across 20 strategically located data centres. An additional 2 Tbps of transit capacity is expected to be added by the end of 2017.

Second-Generation Scrubbing Technology Deployed in Mesh Network

The Incapsula global network now includes the Behemoth 2,  Imperva’s second-generation DDoS mitigation device that provides DDoS scrubbing capability of 650 million packets per second and 440 gigabits per second per device. The Behemoth 2 devices are linked via the Incapsula mesh network to form a virtual DDoS scrubbing center that can mitigate large scale attacks now and in the future. With the addition of the new PoPs and Behemoth 2, the Incapsula global network has a total DDoS packet scrubbing capacity of 65 billion pps.

“There is a growing sophistication in DDoS attack techniques, and Incapsula’s advanced technology provides the headroom and capacity to handle larger attacks that will inevitably occur,” said Yoav Cohen, vice president of Incapsula research and development at Imperva. “Our unique approach of strategically located PoPs, increased bandwidth, and the Behemoth 2 allows Incapsula to detect and start mitigating a DDoS attack in seconds, effectively protecting against downtime.”

In today’s DDoS heavy cyberworld, any expansion designed to keep us safe is okay with us!

The post Incapsula network to expand, in a bid to increase Performance and Speed Attack Mitigation appeared first on IT SECURITY GURU.

from Incapsula network to expand, in a bid to increase Performance and Speed Attack Mitigation

The simplicity of equality with Brian Brackenborough, Unsung Hero Award Winner

When I was nominated for this award thingy they asked me if I’d like to write a blog, yes I said – why wouldn’t I? Millions of eyes reading my words and all that attention I’ll get, it’s a no brainer I thought. And what better a subject to talk about than that equality thing, that’s a real hot topic. And so I put my thinking cap on, and dusted down the thinking pipe. Then I had to reach for my bigger thinking cap, this was going to require bigger thinking, make it witty, Brian, you’ll lose them if it isn’t witty.

I even thought about using lyrics from various Tears for Fears songs, why? I don’t know, but I knew I was onto something.(Everybody wants to rule the world… but no one should have to). 4 drafts later, I gave up on that idea.

And whilst I pondered, and thought, and mused, about this complicated blog post, which of course needed to be highly articulate to do this subject any justice, my own company beat me to it, in one, simple, defining action.

They made the toilets Gender neutral.

That’s it, no drama, no hugely complicated project, no fanfare, they just decided to allow men and women to do tinkle and plop in the same cubicles (though not at the same time, we aren’t barbarian’s you know!)

And the Twitter world reacted! You can imagine the tweets (or go look them up) but they were what you would expect; some for, some against, some complaining about men’s hygiene, some complaining about ladies hygiene.  Somebody even defined this very moment as evidence of the world going mad! Even the press got hold of it (I’m not naming the papers, though.)

But here’s the thing, a simple change can make a big difference, yet sometimes we ignore these little things in search of the big ticket item.

I sincerely hope this is just the beginning and equality transcends to all areas of business, including cyber security – and not just where we tinkle.

Equality. Simple.

By Brian Brackenborough – CISO Supremo – Media Winner

The post The simplicity of equality with Brian Brackenborough, Unsung Hero Award Winner appeared first on IT SECURITY GURU.

from The simplicity of equality with Brian Brackenborough, Unsung Hero Award Winner

New BTCWare ransomware discovered

A variant of the BTCWare ransomware has been discovered and is targeting victims and appending the .[email-id-id.payday extension to encrypted files.

View Full Story

ORIGINAL SOURCE: Bleeping Computer

The post New BTCWare ransomware discovered appeared first on IT SECURITY GURU.

from New BTCWare ransomware discovered

Hackers steal top secret Australian Department of Defence Data

Top secret information about the Australian Department of Defence has been revealed to have been stolen in 2016..

View Full Story


The post Hackers steal top secret Australian Department of Defence Data appeared first on IT SECURITY GURU.

from Hackers steal top secret Australian Department of Defence Data

Republican phone polling firm hacked

The data of hundreds of thousands of Americans who submitted donations to political campaigns have been exposed after a Republican phone polling firm was hacked.

View Full Story


The post Republican phone polling firm hacked appeared first on IT SECURITY GURU.

from Republican phone polling firm hacked

Phishing campaign targets Netflix

A phishing scam is targeting the users of Netflix with cyber attackers trying to cypher users personal information such as email addresses.

View Full Story


The post Phishing campaign targets Netflix appeared first on IT SECURITY GURU.

from Phishing campaign targets Netflix

New research reveals worrying complacency in European DDoS mitigation

A new European report released today by CDNetworks, the global content delivery network (CDN) and cloud security provider, has revealed that spending on DDoS mitigation in the UK and DACH has increased sharply over the last twelve months. This has led to widespread confidence amongst IT heads in their DDoS resilience. But despite the greater investment, these same companies also confessed to a high proportion of DDoS attacks being successful in the last 12 months, turning their confidence into complacency.

The research, conducted by Sapio Research on behalf of CDNetworks, and looking at businesses in the UK, Germany, Austria and Switzerland, found that recent high-profile DDoS attacks have been effective in driving investment in DDoS mitigation.

  • 49% have invested in DDoS mitigation technologies for the first time in the last 24 months
  • Almost two-thirds (64%) are likely to invest more next year than in the last 12 months
  • 9% will be investing in DDoS mitigation for the first time in the next 12 months
  • The average annual spend is £24,200, with one-fifth of businesses investing more than £40,000.

This level of investment has led to a high level of confidence in repelling DDoS attacks, no matter the severity of attack. 83% of businesses described themselves as either “confident” or “very confident” in their current DDoS mitigation setup — despite 79% describing an attack as being likely or even certain. In fact, 86% of businesses had suffered a DDoS attack in the last year. While the average business had been attacked six times, one in every twelve had detected more than 50 attacks over the last year alone.

And despite increased investment, successful attacks are still very common: Over half (54%) of businesses have been the victim of a DDoS attack in the last 12 months that was able to take their website, network or online app offline.

This prevalence of successful attacks is possibly explained by the increase in frequency and size of individual DDoS attacks outstripping what the newly-invested-in DDoS technologies can repel. CDNetworks’ own network monitoring data showed that the largest detected attack in the first half of 2016 was nearly three times the size of the largest of 2015 – 58.8Gbps versus 21Gbps. And this was not a freak occurrence – 31% of attacks in the first half of 2016 were measured at 50Gbps or more, while none of the attacks of 2015 reached this size.

“The results are both comforting and worrying,” said Chris Townsley, EMEA Director, CDNetworks. “It may have taken high profile attacks on Dyn and the overpowering of the likes of Twitter and CNN to spur businesses into action, but we’re glad that DDoS is now seen as an issue that needs to be addressed. However, the size and number of DDoS attacks are also increasing every year, turning DDoS into an arms race. Businesses cannot afford to be complacent or regard DDoS mitigation as a one-off investment as the trend for larger attacks shows the cybercriminals are currently winning the arms race.”

The most common impacts of successful DDoS attacks were loss of commercial opportunity (81% could trace this impact directly to a DDoS attack), the cost of remedy and strain on the IT team itself (16% for both). The most intense impact was for the loss of commercial opportunity – 9% rated the impact as catastrophic.

The survey also revealed that nearly a third of businesses (31%) – and the largest proportion – believe that rivals are behind at least some of the DDoS attacks they are targeted by. The next most popular assumed reasons for being targeted were random targeting (23%), hate crime (22%) and blackmail (21%).

The full report from CDNetworks, “DDoS 2017 Report: Dangerous Overconfidence” is available for download here: https://www.cdnetworks.com/uk/en/ddos-protection

The post New research reveals worrying complacency in European DDoS mitigation appeared first on IT SECURITY GURU.

from New research reveals worrying complacency in European DDoS mitigation

EMEA Organisations continue to migrate to Office 365, with a security strategy at the forefront

Businesses in EMEA are increasingly turning to the Microsoft Office 365 productivity suite, yet with all the recent cyber attacks, security concerns remain one of the biggest barriers to cloud adoption. This was one of the findings from a global study of more than 1,100 organisations conducted by Barracuda Networks, Inc. (NYSE: CUDA), a leader in Cloud-enabled security and data protection solutions.


The 2017 study, titled “Office 365 Adoption: Drivers, Risks, and Opportunities” aimed to measure trends around the adoption and use of Microsoft Office 365, including contributing factors for decisions about migration versus remaining with an existing platform. Additional information was gathered about customers’ use of third-party security and data protection solutions with Office 365, and their engagement with VARs and MSPs. 


Commenting on the findings Chris Ross, Senior Sales VP, International, at Barracuda Networks said: “As year-on-year adoption of Office 365 continues to increase in EMEA it’s natural to assume that concerns over cyber threats will keep pace. What’s encouraging to see is that businesses are waking up to the importance of a layered approach, which suggests a better understanding of their liabilities when it comes to cloud adoption.”


“One area in which this trend still has some way to go to reach the levels seen in the US is when it comes to third-party solutions to add an extra layer of security against spear phishing, impersonation or social engineering attacks,” he added. “Just 14 percent of EMEA organisations had something in place, compared to 36 percent in the US. We’d expect this to change over the next year, and urge businesses in EMEA to be on alert. We’re seeing criminals change their tactics – moving from the C-suite to lower and mid-level employees, and from large organisations to smaller ones with fewer resources.”



Key findings in EMEA:

      Almost two thirds (62%) of businesses in EMEA are now using Office 365, an increase of 50 per cent from a similar Barracuda study from 2016.

      Of those not currently using Office 365, just under 40% claim that they plan to migrate in the future – this is less than in the US, where nearly 49% said they were planning to do so.

      The biggest security concern for over 90 per cent of EMEA businesses was ransomware. Nearly half (48%) admitted to having already been hit by an infection, although only 3% of organisations resorted to paying the ransom.

      Of those, email was by far the most popular attack vector for cybercriminals, with almost three quarters (70%) of ransomware attacks entering via email. Web traffic (18%) and network traffic (12%) accounted for a relatively small number of infections.

      The most common reason given for not migrating to Office 365 has changed since last year’s study, with businesses in EMEA joining those in the US in citing security concerns as the top reason (32%). Unlike the US, where this was largest by a distance, EMEA businesses still cite a “no cloud” policy as a significant reason they have not migrated (28%).

      Despite these concerns, over 85 per cent of EMEA respondents claimed not to be using Microsoft’s Office 365 Advanced Threat Protection (ATP) – instead relying on third party security to enhance protection of their Office 365 environments. More than two fifths (43%) are using third party security, archiving or backup solutions, with that number even higher (68%) among those planning to migrate.

      Alongside this, some 41 per cent expressed concern about phishing, spear phishing, impersonation or social engineering attacks. However, just 14 per cent of EMEA organisations claimed to have a third party solution in place to reinforce protection against these threats.

The post EMEA Organisations continue to migrate to Office 365, with a security strategy at the forefront appeared first on IT SECURITY GURU.

from EMEA Organisations continue to migrate to Office 365, with a security strategy at the forefront

Top Ways to Stop Hackers Gaining Access to Your Systems via Smart-Home Gadgets

Most people these days are aware of the prevalence of hackers and the fact that they’re continually finding new ways and techniques to get access to information and crash systems. However, lots of consumers don’t realize how much they are actually putting themselves at risk by not securing their smart-home devices.

With more and more connected gadgets becoming available and making their way into people’s homes, this is a booming market not just for retailers but also for cybercriminals. If you want to stop hackers from infecting your computers, holding your information for ransom, crashing your networks, and more, then, it’s important to make sure you increase security measures in your smart home. Read on for some top ways you can go about protecting your devices today.

Change the Default Settings on Your Gadgets

One of the first things you should do when you bring a smart-home gadget back from the store is change the default settings on it. This is because hackers often try to get access to networks and products using the passwords and usernames that come automatically set up on devices.

Manufacturers tend to use the same settings on all their products, and then make this information available to consumers (typically via installation guides, websites, forums, and the like) to use when they’re first setting up their devices. While brands suggest buyers update this information once they have purchased a product, most people either don’t follow the tip or don’t even read the instruction manual to see the recommendation to begin with. Hackers know this, and get easy access to systems via the standard usernames and passwords as a result. If you want to keep your smart-home products safe from prying eyes then, change the default settings straight away.

In addition to the username and password, the default ID name for the devices should also be changed. This is because, again, most manufacturers ship out their products with a standard identification that includes the brand name. As such, hackers performing scans to find ways into your network will see you have particular branded gadgets in your home. As soon as they have determined this, they will realize you haven’t bothered to change the ID from its original setting, and believe you’re lax on security. This, in turn, will likely have them working on breaking into your system faster.

Secure Your Home’s Wi-Fi

Another important step to take to keep hackers at bay is make sure your home’s Wi-Fi is secure. With smart-home devices always using the internet to perform their tasks, hackers know that they can often gain access to gadgets through an unsecured wireless network.

If you haven’t password-protected your home Wi-Fi, digital thieves nearby can use your wireless to break into your network router and various other access points, and then get access to your connected products. You must keep your network safe then, by setting up a comprehensive password that all users of internet in/near your home will have to input before they can use the Wi-Fi.

Passwords which are hard for people to hack are always a decent length (eight or more characters is best), and created using a mixture of letters (upper case and lower case), symbols, and numbers. As well, a good code won’t revolve around any information that can be found on you publicly. For example, steer clear of birthdays, family or pet names, email address, and the like.

Protect Your Computers With Security Software

Lastly, remember that hackers can also gain access to your connected devices through any computers, tablets, and related gadgets you use to control them. As a result, you need to protect these products from cybercriminals.

One of the best ways to go about this is by installing high-quality security software that will help stop spam, viruses, ransomware, spyware, and malware from giving hackers access to your data or keystrokes in any way. It pays to purchase a product that’s particularly suited to your computer, too, such as those labeled as antivirus for Mac or Windows computers. Adding firewalls to your gadgets is another good way to protect them, as this adds another level of defense.

Keep Systems Updated

Something a lot of consumers don’t think about when it comes to security is how up-to-date all the systems are on their devices. While it might not cross your mind when you buy and then use smart-home gadgets, the fact is that security holes arise in firmware, software and drivers over time, which makes products more open to attack from hackers. This is the case whether products have been sitting on the shelf for months in a store, or being used in your house.

To keep your gadgets protected, then, be vigilant about installing updates. Unfortunately, most connected products aren’t set up to update automatically, so you should either create a regular reminder for yourself in your calendar (monthly is fine), or use the reminder function that should be available on the same smartphone app you use to control your smart-home device(s) — most tech has this feature these days.


The post Top Ways to Stop Hackers Gaining Access to Your Systems via Smart-Home Gadgets appeared first on IT SECURITY GURU.

from Top Ways to Stop Hackers Gaining Access to Your Systems via Smart-Home Gadgets

Wednesday, 11 October 2017

Nozomi Networks Selected by FireEye for ICS Protocol Depth and Technical Excellence

Nozomi Networks, the pioneer in real-time cybersecurity and operational visibility for industrial control systems (ICS), today announced a new partnership with FireEye to provide next generation ICS security that extends visibility across IT and OT environments. “Adversaries are increasingly targeting critical infrastructure around the world and operators are
prioritizing cybersecurity for industrial control systems and other types of operational technology, said FireEye CTO Grady Summers. “After extensive review, we chose Nozomi Networks because their platform provides industry-leading capabilities which allow us to detect anomalies and proactively hunt for threats within industrial environments.”
Organizations in industries from energy to manufacturing are becoming increasingly reliant on the interconnection between information technology networks and industrial control systems. Connectivity between these systems introduces new risks and challenges for those looking to manage them with a single enterprise-wide security solution. FireEye’s solutions for critical infrastructure and industrial control systems offer an integrated suite of security services from initial assessment to outsourced management, leveraging unique expertise, intelligence and technology to help firms safely, quickly, and effectively extend visibility and protection to their operational networks. With FireEye, organizations can develop and manage enterprise-wide
security programs designed to ensure operational continuity of their most critical assets. With expanded visibility through the Nozomi technology integration, clients reduce costs, address skills shortages, and improve detection and response capabilities so they can focus on the risks that matter to their business. “This partnership brings together the leaders in IT and ICS cybersecurity,” said Nozomi Networks CEO Edgard Capdevielle. “We are thrilled to partner with FireEye to enable new solutions and services at a time when CISOs are demanding enterprise-grade security that encompass their OT environments.”

The post Nozomi Networks Selected by FireEye for ICS Protocol Depth and Technical Excellence appeared first on IT SECURITY GURU.

from Nozomi Networks Selected by FireEye for ICS Protocol Depth and Technical Excellence

Cloud giant Accenture left sensitive data left exposed on Servers

Accenture, the cloud and technology giant has admitted it left a massive store of private data across four unsecured cloud servers, potentially exposing passwords and decryption keys.

View Full Story


The post Cloud giant Accenture left sensitive data left exposed on Servers appeared first on IT SECURITY GURU.

from Cloud giant Accenture left sensitive data left exposed on Servers

700,000 Britons affected by Equifax breach

Equifax has revealed that almost 700,000 UK customers have had their data hacked following on from the major cyber-attack.

View Full Story


The post 700,000 Britons affected by Equifax breach appeared first on IT SECURITY GURU.

from 700,000 Britons affected by Equifax breach

46gb of medical data left exposed

The medical data of over 150,000 American was left exposed and unsecured on an Amazon server.

View Full Story


The post 46gb of medical data left exposed appeared first on IT SECURITY GURU.

from 46gb of medical data left exposed

Flaw uncovered in Windows DNS client

A major flaw found in Microsoft has been fixed. The bug affected DNS client’s included Windows 8, Windows 10, Windows Server 2012 and Windows Server 2016.

View Full Story

ORIGINAL SOURCE: Bleeping Computer

The post Flaw uncovered in Windows DNS client appeared first on IT SECURITY GURU.

from Flaw uncovered in Windows DNS client

SailPoint survey reveals cyber risks are leaving IT in the dark

According to SailPoint’s 9th annual Market Pulse Survey, senior IT decision makers say that more cyber risks are being created outside of the IT department’s visibility; yet it remains IT’s responsibility to mitigate these risks. The survey found that organisations need to better define and enforce corporate policies company-wide, addressing risks like shadow IT and bring your own device (BYOD) given today’s increasingly mobile, agile workforce.

Recent sprawling attacks like WannaCry that affected organisations worldwide, as well as direct attacks on organisations of all sizes and in all industries, have demonstrated the significant organisational damage they cause. In the wake of data breach pandemics at levels seen over the past year, most organisations should take stock of the security controls they currently have in place and work to understand where their exposure points exist, and how to remedy them.

This year’s Market Pulse Survey found the following:

  • More risks are being created by departments outside of IT’s purview, but it’s still IT’s problem: Over half of respondents (54 per cent) believe that one of the key reasons that non-IT departments introduce the most risk is that they often lack the understanding of what actions and behaviours lead to risk. Using unsecure mobile devices and adopting unmonitored SaaS applications are two examples of such risky behaviour. While the majority of these risks are being created outside of IT’s view, it is still IT’s responsibility to mitigate the risks associated with them. According to the survey, 7 out of 10 (72 per cent) organisations have embraced BYOD and SaaS application adoption, while only 53 per cent have formal policies in place to protect corporate data.
  • Organisations need to better outline and enforce corporate policies company-wide: While organisations may create policies to govern access that help secure the enterprise, there is often a disconnect between what is defined as policy and what is actually enforced. Of the companies that have policies in place, 3 in 10 (36 per cent) say that their users are not following them. With 74 per cent of respondents concerned about BYOD and shadow IT as organisational exposure points, it’s clear that enterprises need to better enforce corporate security policies company-wide.
  • Identity governance is key to managing risk: More than 6 in 10 (61 per cent) of respondents agree their organisation’s data would be less exposed if they were better equipped to manage it. Over 6 in 10 (64 per cent) of respondents whose organisation has introduced an identity governance solution believe it will result in a more automated and efficient organisation, while around over half (58 per cent) hope to improve business enablement.
  • Hybrid IT environments are a reality for today’s enterprise: With cloud adoption accelerating for most enterprises, control over exposure points is needed across the entire IT environment, both on-premises and in the cloud. Market Pulse Survey respondents confirmed this trend towards the cloud with 34 per cent reporting that they already have a “cloud first” strategy in place, with 45 per cent planning to at some point in the future. And, although many enterprises are moving to the cloud, they still have a variety of legacy applications that will remain on-premises, creating a complex, hybrid IT environment that still needs to be managed and governed holistically. This is why building a cybersecurity programme that puts identity at the centre of that strategy is more important than ever for today’s modern enterprise – it gives enterprises that single view into all users’ access to all data and applications, no matter where it resides.

“Our Market Pulse Survey uncovered an interesting ‘identity trilemma’ – multiple departments within an organisation are adopting their own SaaS solutions to appease business users through shadow IT, all while not properly adhering to company security policies,” said Juliette Rizkallah, CMO, SailPoint. “This is a dangerous combination that creates serious exposure points for companies today. Identity governance is still the key in protecting these points of exposure and mitigating the risks inherent in today’s hybrid IT environment. For enterprises to have full visibility into who has access to what, understanding the ‘who’ in that equation is more important than ever. This is why putting identity at the center of security strategies is the best approach for defending and protecting today’s modern enterprise.”

SailPoint’s 2017 Market Pulse Survey is a global survey focused on how senior IT decision makers are waging war against data breaches and insider threats. The company commissioned independent research firm Vanson Bourne to interview 600 senior IT decision makers at organisations with at least 1,000 employees across Australia, France, Germany, Italy, the United Kingdom and the United States. The results clearly articulate the importance of putting identity at the center of an organisations’ overall IT security strategy.

The post SailPoint survey reveals cyber risks are leaving IT in the dark appeared first on IT SECURITY GURU.

from SailPoint survey reveals cyber risks are leaving IT in the dark

Building better defences by establishing a deeper understanding of cyber security threats

The SWIFT Institute has published three new working papers, each aiming to contribute towards the establishment of better cyber defences for the financial industry. The research papers focus on enabling financial institutions to get ahead and stay ahead of their cyber adversaries by providing a better understanding of the actors involved, examining a means to effectively share threat information, and establishing common terminology to allow meaningful discussions between industry stakeholders.

As cybersecurity threats continue to grow, the financial services industry needs to understand the forces at work, identify patterns of behaviour, and create a common syntax around cybersecurity to facilitate better communication. In order to help organisations better equip themselves against cyber attacks, the SWIFT Institute issued three grants on cybersecurity; the resulting three research papers are now available:

“Forces Shaping the Cyber Threat Landscape for Financial Institutions” by William A. Carter, aims to provide an understanding of the forces that shape the threat landscape in the belief that this is essential for financial institutions to get ahead and stay ahead of their adversaries in cyberspace.

“The Cyber Security Ecosystem: Defining a Taxonomy of Existing, Emerging and Future Cyber Threats” , by Dr Jason Ferdinand with Richard Benham, attempts to establish a common language for cybersecurity to help all organisations deal with the cyber threats in their environment, and to enable meaningful discussion of these threats within and between organisations;

“Sharing Insider Threat Indicators: Examining the Potential Use of SWIFT’s Messaging Platform to Combat Cyber Fraud” , by Elizabeth M. Petrie and Casey D. Evans, focusses on identifying the patterns of behaviour typically indicative of efforts by criminals to use insiders to cash out on fraudulent activity. The objective of this research is to enable organisations to use an existing telecommunication platform, such as SWIFT, to communicate cyber fraud threat information by establishing indicators of cash-out behaviour, which could warn of cyber fraud activity;

“As cyber threats become increasingly prevalent within the financial services industry, firms are having to step up their cyber defences,” says Peter Ware, Director of the SWIFT Institute. “It is only by collaborating as an industry that we will be in a stronger position to mitigate these threats. It is our hope to eventually build on this published research to more effectively recognise forces at play, to establish a common language, and to build tools that will identify patterns of behaviour. All this will better enable the useful dissemination of threat activity reports to the wider financial community.”

The SWIFT Institute will be showcasing the results of these working papers at Sibos 2017 in Toronto.  These sessions will be held on Tuesday, 17th October in the dedicated SWIFT Institute Room (#703) at the following times:

Forces Shaping the Cyber Threat Landscape 09:00 – 09:45 (repeated Thursday 19 at 10:00)

Sharing Insider Threat Indicators: Examining the Potential Use of SWIFT’s Messaging Platform to Combat Cyber Fraud 10:00 – 10:45

The Cyber Security Ecosystem: Defining a Taxonomy of Existing, Emerging and Future Cyber Threats 15:30 – 16:15

The post Building better defences by establishing a deeper understanding of cyber security threats appeared first on IT SECURITY GURU.

from Building better defences by establishing a deeper understanding of cyber security threats