Every large organization should assume that they have been breached. If there is a lesson from recent high profile attacks, it is this: in every case, from retail giants like Target to financial institutions like the Bangladesh Central Bank, the attacker had been present in the network long before the breach was discovered, looking for ways to move around, using higher and higher access credentials to get to the end goal. If companies do not buy into this way of thinking, they stand little chance of being able to prevent a targeted attack. It is by luck alone that they…
ISBuzz Team
Phone users’ call history may be automatically synced to their iCloud account without their knowledge or their consent. The call history data is stored within a user’s iCloud account and can be extracted by Apple, law enforcement, or a third-party using forensic tools, along with the user’s Apple ID and password. Tim Erlin, Senior Director of IT Security and Risk Strategy commented below. Tim Erlin, Senior Director of IT Security and Risk Strategy at Tripwire: “If you don’t know where your data is being stored, you can’t make choices about how to protect it. The users affected by this issue have…
Fraud and information theft present serious risks to businesses of all sizes, yet recent research suggests that U.S. business leaders may underestimate the significant damage that a data breach can cause. The 2016 Shred-it Security Tracker survey by Ipsos revealed that only 36 percent of U.S. C-Suite respondents recognize that lost or stolen data would have a serious impact on their organization. Equally concerning, over a third (34 percent) of Small Business Owners (SBO’s) believe a data breach would have no significant impact on their business. In contrast, the survey found that 52 percent of global respondents from six countries…
Following the news about the cyber attack at Three Mobile that potentially placing six million users’ information at risk, IT security experts from InfoArmor, Balabit and Duo Security commented below. Christian Lees, CTO and CSO and InfoArmor: “As organizations continue to bolster their security postures at the perimeter / public offering, it’s logical for threat actors to migrate to and even expand internal lateral movement campaigns often fueled by compromised credentials. Compromised credentials are widely available, low cost and offer a low likelihood of detection to the threat actor.” . .Istvan Molnár, Compliance Specialist at Balabit: “Information surfaced that the hackers used a…
Looking for the top names in cybersecurity? Look no further than the Cybersecurity 500 list of the world’s hottest and most innovative cybersecurity companies. http://www.cybersecurity500.com The Q4 2016 edition was just published by Cybersecurity Ventures. Going down the list, we take a look at the top five names from a branding and marketing perspective. Criteria for the top five: – The name is easy to say, easy to type, and easy to tell others – The name is memorable – The name is short, and relevant to what the company does (in this case, cybersecurity) – The name doubles as a…
Some of the key findings from an FoI request into NHS cybersecurity spending and breaches, including: The average annual spend for an NHS trust was £23,040, but six trusts spent at least £100,000. Forty-five NHS trusts were unable to specify their cybersecurity budget at all The investigation also revealed that trusts are suffering an increasing amount of personal data breaches, from 3,133 in 2014 to 4,177 last year, and that cyber incidents are accounting for more breaches, from eight in 2014 to 60 last year Tim Jarrett, Senior Director of Product Marketing at Veracode commented below on these findings. Tim Jarrett, Senior Director…
Two-year study shows decline in Cyber Resilience in 2016 Sixty-six percent not confident in their organisation’s ability to recover from cyberattacks Resilient, an IBM Company and the Ponemon Institute unveiled the results of the annual Cyber Resilient Organization study, which found that only 32 percent of IT and security professionals say their organisation has a high level of Cyber Resilience – down slightly from 35 percent in 2015. The 2016 study also found that that 66 percent of respondents say their organisation is not prepared to recover from cyberattacks. For the second straight year, the study showed that challenges with…
Hybrid cloud momentum builds as organisations balance benefits of public cloud with data governance priorities London, UK. The use of hybrid cloud storage will accelerate rapidly over the next 12 months, according to research published today by Cloudian, the leader in cloud-compatible object storage systems. Across 400 organisations surveyed in the UK and USA, 28% already use hybrid cloud storage, with a further 40% planning to implement within the next year. Only 19% have no plans to adopt. Organisations are looking to hybrid cloud storage to support a variety of workloads. Data backup is the most popular use case, with 64% of…
Following the news that BlackNurse DoS Attacks Can Bring Down Large Servers Using a Single Laptop, Sean Newman, Director at Corero Network Security commented below. Sean Newman, Director at Corero Network Security: “Networking devices, which are not dedicated to DDoS protection, are always likely to be vulnerable to new attack vectors themselves, sooner or later – in this case, it’s a new variant of an old vector! In fact, BlackNurse is more evolutionary than revolutionary, with the attackers reinventing an old attack vector to exploit this state-exhaustion vulnerability. The challenge is that most network devices have to participate in the protocols…
Recent watchdog report found that police forces across the UK are feeling ‘overwhelmed’ by digital evidence. Jeremy Nazarian, CMO at mobile forensics specialist Cellebrite, commented below. Jeremy Nazarian, CMO at Cellebrite: “It is perhaps not surprising that some police forces are feeling “overwhelmed” by the volume of digital evidence being collected, causing “unacceptable delays” in basic tasks like extracting data from a mobile phone. In the world that we now live, the sheer number of devices in question can cause backlogs. Add to this the huge volume of data that can be obtained and it’s simple to see how delays and constraints…