John Williams, Product Manager at Node4: “In April of this year, the UK’s National Crime Agency named DDoS attacks as the joint leading threat facing businesses, alongside ransomware. Because of this, security spending in this area will likely continue to be a big priority next year. However, for continued protection and overall resilience through 2019, a combination of initiatives will be necessary; working with a strategic IT partner can help organisations of any size conduct comprehensive testing and analysis of vulnerabilities to ensure the best levels of prevention against potential threats.” . Naaman Hart, Managed Services Security Engineer at Digital Guardian:…
ISBuzz Team
Following the news around the UK police forces offering 120,000 police officers cyber security training, Stephen Burke, founder & CEO at Cyber Risk Aware offers the following comment. Stephen Burke, Founder & CEO at Cyber Risk Aware: “This is a great move from the police force by making security awareness a priority. This emphasises the fact that any institution, no matter how big they are and no matter how sophisticated their technical defence are, still need to help staff and make them become aware of the cyber dangers they face as that’s how actors are going to breach defences. Cyber criminals target people not…
The industry is following Dell’s announcement of a security breach that took place earlier this month. How do you assess their response? Pravin Kothari, CEO at CipherCloud: “On November 9, Dell disclosed a security breach where potentially customer names, emails and hashed passwords. Dell noted that they found no conclusive evidence that any data was extracted. Dell detected the attack and shut it down within one day. In contrast, the average dwell time, or time from penetration to detection in the United States was 99 days in 2016 and 75 days in 2017. A typical skilled cyber attacker, as illustrated…
Dunkin’, the company behind the Dunkin’ Donuts franchise, has notified owners of DD Perks rewards accounts that a hacker might have accessed their profiles and personal data last month. The company said it didn’t suffer an actual breach of its backend systems but only fell victim to an automated attack known in the cyber-security field as a credential stuffing attack. IT security experts commented below. Michael Griffin, Director of Information Security at Janrain: “Credential stuffing is an automated attack that simply attempts to login to sites with user credentials that have been stolen elsewhere or by simply guessing. The tricky part is that there is…
News is breaking that a huge database with over 114 million records of US citizens and companies has been discovered sitting online unprotected. The number of individuals impacted by the exposure is estimated to almost 83 million. Researchers from HackenProof, a penetration testing company based in Estonia, found the massive cache of data via the Shodan search engine, in two Elasticsearch indices. One of the instances contained personal information of 56,934,021 US citizens, including sensitive details like full name, employer, job title, email and street address, ZIP code, phone number, and an IP address. “Another index of the same database contained…
Following a new report from the financial watchdog that suggests banks are putting customers at risk of cyberattacks due to old IT systems, I’m reaching out with comment and additional insight on this topic from my client VMware. Research VMware conducted earlier this year revealed the immense challenges frontline IT security teams in the financial services sector face and how this impacts their actions: 67 percent admitted to cyber security practices in their organisations ‘which would shock outsiders’ 90 percent of IT security professionals are forced to make compromises to protect their organisation against cyber threats 71 percent focus on…
Friday 30th November marks this year’s International Computer Security Day, an initiative designed to promote best practice in cybersecurity, but as reports of hacking attacks grow exponentially, what can businesses and regulators be doing to protect people from having their data stolen and their digital identities compromised? Yogesh Patel, Chief Data Scientist at Callsign, the authentication platform which uses deep learning technology to power adaptive access control for enterprises, argues that we should all take a leaf out of California’s book and make simple and easy to hack passwords a thing of the past. Yogesh Patel, Chief Data Scientist at Callsign: “The decision…
Following the news that the United States Department of Justice has announced that it has taken action to pull down two major ad fraud rings, unveiling a 13-count indictment to charge criminal violations. IT security experts commented below. Martin Jartelius, CSO at Outpost24: “It is estimated that ad fraud is costing organisations billions of dollars every year so it is good to see law enforcement dedicating such large amounts of time to taking down this ring. Anyone who believes their computers could have been impacted by the attack should try to isolate those machines from the network and take steps to harden…
Recorded Future have just released research which demonstrates that in the midst of the ongoing Yemeni civil war, local and international players are waging a secondary war through internet control and other cyber means. Recorded Future’s Insikt Group assesses that dynamics of the Yemeni civil war are manifesting themselves online through a struggle over Yemeni access, use, and control of the internet. Recorded Future identified both censorship controls and traffic attempting to subvert those controls within Yemen, as well as spyware activity. This report intends to establish a baseline of internet activity, use, and access in Yemen. Key judgements of…
It has been reported that Atrium Health, previously Carolinas HealthCare System, revealed that data of approximately 2.65 million patients including addresses, dates of birth and social security numbers may have been compromised in a breach at its third-party provider AccuDoc Solutions. IT security experts commented below. Sam Curry, Chief Security Officer at Cybereason: “The Atrium breach is further evidence that the healthcare industry continues to be a target, and patient data will continue to be at risk because of an increasingly complex and expanding attack surface. In the bigger picture, it would be premature to speculate on the overall damage to Atrium’s employees and patients…