Following the National Cyber Security Centre annual review, please find expert comment below from Johnny Mercer, MP for Plymouth Moor View, member of the Defence Select Committee and non-executive director at cyber security training experts Crucial Academy. Crucial Academy was set up by a former Royal Marine to offer free, accredited cyber security courses to UK armed forces veterans. Johnny Mercer, MP for Plymouth Moor View, member of the Defence Select Committee and non-executive director at cyber security training experts Crucial Academy. Johnny Mercer, MP at Plymouth Moor View: “The idea that the government is repelling these attacks on a daily basis…
ISBuzz Team
With multi-layer cybersecurity defenses improving, hackers are going to the human attack surface with social engineering and phishing attacks like never before. According to industry reports, over 90 percent of breaches start with phishing. And it shouldn’t be a surprise. With stronger defenses, direct network and machine exploits are less common. Hackers need an easier way in and that’s people, your organization’s employees. Today, hackers are preying on human fallibility with an expanding array of sophisticated phishing attacks both within email and beyond the inbox on the Web. And credential stealing remains one of their favored methods to gain entry…
As data silos continue to break down and digital commerce sales skyrocket, cybersecurity promises to take center stage. According to a report from PwC, half of all U.K. companies have fallen victim to fraud over the last two years. While the financial impact of fraud has been widely documented, there are plenty of other costs to consider as well. More than 75 percent of U.K. organizations that have experienced fraud believe it has negatively affected business relations as well as employee morale. To help combat cybercrime, companies within the U.K. are making every effort to comply with new regulations –…
In light of the news that the global cybersecurity skills gap has narrowed to three million and 63% of businesses lack the cybersecurity skills to keep threats at bay, please see below comment from David Emm, Principal Security Researcher at Kasperksy Lab. David Emm, Principal Security Researcher at Kasperksy Lab.: “We live in a connected world, where IT skills are becoming increasingly important, but we don’t have people in the roles needed to efficiently execute this; in some cases, businesses don’t know just how important these job roles are. Small and medium-sized businesses do not have the money to spend on in-house…
I have seen this story play out time and time again. A company doesn’t have a good crisis communication plan, or incident management process, and then a breach occurs or an incident happens, and everyone is running for cover. Senior management wants to know what happened, how it happened, and who is to blame. Unfortunately, it takes hours or days to determine the cause on many incidents, and unless there is a solid crisis communication plan, everyone is trying to cover for their areas, and chaos follows. Meanwhile, the media is calling, trying to find someone in the affected company…
It has been reported that iPhone users are being warned over a new scam that tries to steal your Apple login details. It works using a “phishing” email that claims to be from Apple and Spotify, but it’s completely fake. The scam was highlighted on Reddit by a user named /u/the101maham. Please see below for commentary from several cybersecurity experts. Steve Giguere, Lead EMEA Engineer at Synopsys: “With phishing scams like these, the first line of defence is careful observation. This particular message is almost an ideal lesson in the hallmarks of poorly (but not that poorly) crafted phishing emails. Spelling errors and/or poor grammar. Mixed identifiers (Is…
The ONS released end of year data for Crime in England and Wales this morning, a key finding of which was that cybercrime (classified as computer misuse) was down 30 percent. Mark Nicholls, Director of cybersecurity at UK-based cybersecurity services company, Redscan, has warned that these figures are inaccurate, since hackers have changed tactics to avoid detection, while many victims are too embarrassed to report cybercrime incidents – or simply unaware that they have been targeted. Mark Nicholls, Director of Cybersecurity at Redscan: “Does anyone really believe that cybercrime is on the decline? I don’t think so. A 30 percent decrease…
Privacy in the Age of the Algorithm Welcome to the brave new world of GDPR, which came into effect on May 25, 2018. For weeks now, in-boxes have been brimming with notices from companies that, liked a spurned lover, beg of people “please come back! We miss you!” News reporting of the great “privacy watershed moment” even varied its perspective based on country. Media outlets in the UK largely decried the “spamming by companies to get people to accept new terms and conditions”, whereas in France, companies were portrayed as simply sending e-mails with privacy policies had been updated with…
News broke today that newly discovered first-stage implant targeting Korean-speaking victims borrows code from another reconnaissance tool linked to Comment Crew, a Chinese nation-state threat actor that was exposed in 2013 following cyber espionage campaigns against the United States. Dubbed Oceansalt, the threat has been spotted on machines in South Korea, the United States, and Canada. The adversary used spear phishing to lure victims into opening Microsoft Excel and Word documents with content in Korean, specially crafted to download the malware. Ross Rustici, Senior Director for Intelligence Services at Cybereason: “The warning about attribution is the most important part of this report.…
In response to last night’s news Popular Lawfare Blog Hit by DDoS Attack — Here’s What We Know, a Corero Network Security expert offers perspective. Lawfareblog.com is focused on national security issues, is published by the Lawfare Institute in cooperation with the Brookings Institution, and attracts approximately half a million unique readers each month. Sean Newman, Director Product Management at Corero Network Security: “Recent attacks on the Lawfare blog hark back to the ‘good-old days’ of DDoS, where perpetrators were typically just aiming to bring a site down to make the point that they do not agree with the views of the authors. Now, this…