June 14, 2017
Jason Hiner, Zdnet.com, June 11, 2017
Cybersecurity fears continue to grow as the digital revolution embeds itself in new parts of society every day. We discuss the topic in-depth in our ZDNet/TechRepublic special report “Cybersecurity in an IoT and Mobile World.” To sum it all up, here are the three things you need to know about cybersecurity in the world that is increasingly dominated by mobile technology and the Internet of Things.
Zackery Mahon, Deltarisk.com. June 8, 2017
March 1, 2017, marked the day that “23 NYCRR 500” (the New York Cyber Security Regulation) went into full effect for all New York Department of Financial Services (NYDFS) regulated individuals and organizations. These groups are required to adopt programs, policies, and procedures to protect their most sensitive information and assets from cyber security threats.
Marianne Kolbasuk, Govinfosecurity.com, June 9, 2017
Federal regulators have issued new materials to aid healthcare organizations and their vendors in their “quick response” to cyberattacks . The checklist and infographic from the Department of Health and Human Services’ Office for Civil Rights are part of HHS’ ongoing campaign to help improve awareness and especially readiness of healthcare sector entities in dealing with escalating cyberattacks .
Alex Blau, Hbr.org, June 7, 2017
Determining the ROI for any cybersecurity investment, from staff training to AI-enabled authentication managers, can best be described as an enigma shrouded in mystery. The digital threat landscape changes constantly, and it’s very difficult to know the probability of any given attack succeeding — or how big the potential losses might be. Even the known costs, such as penalties for data breaches in highly regulated industries like health care, are a small piece of the ROI calculation.
Michael Mimoso, Threatpost.com, June 5, 2017
Tens of thousands of illegally established subdomains used by criminals involved with the RIG Exploit Kit were recently taken down after an investigation revealed that hackers were phishing domain account credentials to set up these subdomains. Most of the subdomains used GoDaddy as the primary domain registrar.
Dark Reading Staff, Darkreading.com, June 5, 2017
DDoS attacks largely fall into the camp of short, low-volume sieges, but large-volume attacks are sharply on the rise, according to a study released today. Short, low-volume DDoS attacks still account for the majority of slam sessions against networks, but large-volume attacks posted a 55% spike in the first quarter over the previous quarter, according to a report released today by Corero Network Security.
Fahmida Y. Rashid, Csoonline.com, June 7, 2017
Monday may be our least favorite day of the week, but Thursday is when security professionals should watch out for cybercriminals, researchers say. Timing is everything. Attackers pay as close attention to when they send out their booby-trapped emails as they do in crafting how these emails look. Malicious email attachment message volumes spike more than 38 percent on Thursdays over the average weekday volume, Proofpoint said in its Human Factor Report, which analyzed malicious email traffic in 2016.
Kelly Sheridan, Darkreading.com, June 9, 2017
When it comes to scamming consumers and businesses, the most effective strategies aren’t necessarily the most complex. Hackers seeking funds, data, and access to corporate systems don’t need advanced techniques when tried-and-true tactics consistently work on their victims. There are two primary types of attacker motivations: opportunistic and targeted.
Help Net Security Staff, Helpnetsecurity.com, June 8, 2017
Employees who become distracted at work are more likely to be the cause of human error and a potential security risk, according to a snapshot poll conducted by Centrify at Infosec Europe in London this week.Of the 165 respondents, more than a third (35%) cite distraction and boredom as the main cause of human error.