May 30, 2018
View our webinar on June 6 to learn why the traditional MSSP model isn’t working, why the modern MSSP is a better solution for today’s threats, and the steps you can take to hire or replace an MSSP.
Stephanie Ewing, deltarisk.com, May 17, 2018
Oftentimes, I find cyber security teams still operating in some dark back office, interacting with their non-technical colleagues as little as possible, and wondering why people just don’t get it when it comes to security. As security professionals, we frequently talk about the concept of “people, process, and tools,” but there may be a few opportunities when it comes to the people area in particular that we haven’t fully explored for whatever reason.
Alison DeNisco Rayome, techrepublic.com, May 7, 2018
Virtually all organizations are moving some workflows and assets to the cloud. But concerns over security controls and a talent shortage has many CISOs worried, with 40% of companies slowing migration due to these issues, according to a recent report. While 83% of IT professionals said they store sensitive data in the public cloud, only 69% said they trust the public cloud to keep their data secure, the report found. Cloud security issues are rampant: One in four organizations that use Infrastructure as a Service (IaaS) or Software as a Service (SaaS) have had their data stolen, according to the report. Meanwhile, one in five said they have experienced an advanced attack against their public cloud infrastructure.
Warwick Ashford, computerweekly.com, May 23, 2018
The proportion of information security professionals who feel organisations are getting worse at defending against major cyber security breaches has leapt from 9% to 18% in the past three years, a survey has revealed. However, in contrast, the number of businesses that feel better prepared to respond to and deal with incidents rose from 47% to 66% over the same period, according to the latest industry survey by not-for-profit industry body, the Institute of Information Security Professionals (IISP).
Atif Mushtaq, informationsecuritybuzz.com, May 29, 2018
Social engineering attacks are usually associated with deceptive phishing emails in which the victim is tempted to click on a malicious link or open a malicious attachment to help an attacker penetrate network systems. Yet most people are less aware of the large and growing variety of sophisticated phishing attacks that tempt employees outside of email. These phishing attacks are growing in their effectiveness and are carried out via browser pop-ups, ads, malicious search results, browser extensions, chat applications, social media, web “freeware” and deceptive apps in App Stores.
Tech Target Staff, searchcloudsecurity.techtargetcom, May 29, 2018
As cyberattacks continue to increase in their complexity and ferocity, it’s safe to say that there is no such thing as being over-prepared when it comes to preventing attacks and implementing data protection measures in the cloud. That’s the bad. The good news, however, is that information security professionals have a litany of tools at their disposal to thwart would-be attackers in public, private and hybrid cloud environments. But do you know which data protection measures are best suited for various cloud services and architectures?
Joe Panettieri, msspalert.com, May 22, 2018
A non-profit organization in Los Angeles County misconfigured an Amazon Web Services (AWS) S3 cloud bucket — leaving 3 million records and highly sensitive health information exposed, according to the UpGuard Cyber Risk Team. The UpGuard Cyber Risk team discovered the exposed AWS bucket on March 14, and then reached out to various contacts at the LA County 211 service. The security reacher finally connected with the appropriate contact on April 24. The misconfigured bucket was corrected within 24 hours of that communication, UpGuard says.
Simon Chandler, cointelegraph.com, May 25, 2018
Mining malware may now be painfully familiar to anyone with even a passing awareness of cryptocurrency, but so far businesses and consumers alike are failing to significantly curb its growing threat. On May 14, Israeli cybersecurity firm Check Point released its latest Global Threat Index, and for the fifth consecutive month it found that the Coinhive crypto-miner is the “most prevalent malware” in the world, affecting 16 percent of organizations globally. Meanwhile, Santa Clara-based Malwarebytes released its Cybercrime tactics and techniques: Q1 2018 report on April 9, finding that businesses had seen a 27 percent increase in mining malware in the first three months of the year compared to the previous three.
Fred Donovan, healthitsecurity.com, May 17, 2018
Nuance, a Burlington, Mass.-based provider of speech recognition software, said in a May 10 SEC filing that a healthcare data breach occurred when an unauthorized third party gained access to 45,000 patient records hosted on one of its medical transcription platforms. The company said it discovered the breach in December 2017. It notified those affected and migrated them to its eScription transcription platforms. Nuance also notified law enforcement, who identified the third party and recovered the records.
Tamlin Magee, cio.com, May 23, 2018
The FBI recently noted a decline in ransomware attacks reported to the agency in 2017, at 1,783 compared to 2,673 the previous year. But don’t necessarily read this as good news. The reality is ransomware, like many other cyber-attack types, goes largely under-reported. A Verizon report, based on its analysis of tens of thousands of real-world security incidents, found that ransomware incidents have doubled over the past year.