NuData Security, an award-winning behavioural biometrics company, announced today that they had observed a 400 percent surge in automated online attacks over the 2016 holiday period. NuData data scientists discovered an increase in maliciously scripted botnet activity of over 400 percent against many large online retail client sites during the last quarter of 2016 compared to the previous year. Of the 5.6 million anomalous behaviours detected, over 1 million events were directly attributed to malicious automated activity from scripts and bots. Malicious scripted, bot and botnet activity accounted for 31% of all login activity for the month of December. Had they…
ISBuzz Team
Following the news that Verizon are negotiating a price cut of $250-$350 million in their acquisition of Yahoo following news of two economically damaging cyber-attacks, Nick Pointon, Head of M&A at SQS commented below. Nick Pointon, Head of M&A at SQS: “As we had predicted, today Verizon has announced it will be negotiating a reduced deal to acquire Yahoo, following the previously undisclosed cyberattack. This hardly comes as a surprise, as Yahoo wasn’t completely transparent about the breach when in initial discussions with Verizon. Yahoo is now left feeling further ramifications of neglecting their IT systems in anticipation of the acquisition.…
Mid-market companies are the engine room of our global economy. In the UK alone, the sector employs 50 per cent more people now than it did in 2010[1]. Despite this vital role, when it comes to managing and safeguarding one of its most key assets – information – the mid-market can often be found guilty of missing a few vital information management steps. The challenge of properly processing and managing data today is exacerbated by a complex information landscape. The associated compliancy regulations, including the imminent General Data Protection Regulation (GDPR)[2], is matched by other challenging factors such as the widespread digital transformation…
You have no firewalls. You have no encryption. There’s not a policy or procedure to be found. In fact, there’s very little in the way of “security” anywhere in the company. That’s ok! Because you’ve hired a highly-qualified security professional and stressed in the interview process that security is the new priority. That they will bring about a change in the enterprise and start a new era of a secure culture where everything is done with a security mindset. Sounds fantastic! The opportunity to mold a security program from the ground up with executive support. What security professional would pass…
Information kiosks used by Southern Rail in stations with fewer staff are wide-open to cyber-attacks, according to a security researcher. He says that there are significant issues with the certificate upload process of the machines, which could lead to uploading of a compromised certificate for criminal activities, adding that it highlights a relaxed use of escalated privileges. IT security experts from AlienVault, ESET and Positive Technologies commented below. Javvad Malik, Security Advocate at AlienVault: “Generally speaking, I’m reminded of the old Microsoft article regarding the 10 immutable laws of security https://technet.microsoft.com/library/cc722487.aspx . Laws 2 and 3 are most relevant in this scenario where a…
Last year was another one characterized by constant, confusing, and highly consequential data breaches. At this point, all organizations need to take this persistent threat seriously. Yet research by the Ponemon Institute reveals that just 35 percent of respondents who are familiar with their companies’ data protection and privacy training programs feel that executives prioritize their employees’ understanding of the causes and effects of data breaches. This statistic should concern every organization. Although attacks on data originate from external sources, the vulnerabilities exist internally. In fact, employees themselves are most often responsible for introducing a threat into an IT infrastructure.…
After testing seven Android apps from seven popular car makers, security experts from Kaspersky Lab concluded that many mobile applications contain basic security flaws that could facilitate the theft of modern, connected cars. Their research shows that despite cars being a very expensive product, car makers don’t value the security of their apps the same way banks put a primer on the safety for a customer’s bank account. This lack of attention from car makers has now led to a situation where car thieves can simply hire a coder with experience in developing Android applications, and ask him to analyze…
Only 29% of respondents say they have high levels of confidence in their organizations’ ability to secure and protect encrypted communication San Francisco, RSA Conference 2017 – Venafi®, the leading provider of protection for cryptographic keys and digital certificates, today announced the results of a survey of 918 security professionals attending the 2017 RSA Conference. The survey evaluates the impact of recent global geopolitical changes on data privacy concerns and encryption, the core technology used to ensure data privacy. “The tension between data privacy and national security is going to continue to escalate,” said Jeff Hudson, CEO of Venafi. “Encryption is the…
Trump, Brexit and the lingering after-shocks of the credit crisis – banking in Europe is under heavy scrutiny at the moment as it copes with all the pressure. Yet the wise heads concerned about the resilience of the banking system are also now focusing on cyber-security, with much discussion of how to use testing to prevent disasters. Hardly surprising after the central bank of Bangladesh lost $81 million to hackers last year. The EU is considering tests and the European Banking Authority (EBA) too is increasingly aware of the risks of cyber-attacks, moving it to urge member states to take…
Managing user access to systems and data is a critical element of information security and the foundation to protecting data from misuse or theft. As organisations add services such as cloud and mobile, and new regulations come into effect like GDPR, controlling access whilst improving the user experience becomes complicated. To address this, organisations are looking for more robust Identity and Access Management (IAM) solutions. However, prior to commencing an IAM programme, it’s crucial for an organisation to first understand what they need to achieve and how an IAM strategy can drive success. What is an IAM strategy? An IAM…
