Phishing is an Endpoint Problem, Not a Credential Problem ANN ARBOR, MICH. Duo Security, a cloud-based trusted access provider protecting the world’s largest and fastest-growing companies, today published research that illustrates the risk phishing attacks present in the enterprise. Since its July 2016 launch, around 400 companies have begun using Duo Insight, a free tool that lets IT teams run internal phishing simulations. Of the 11,542 users who received a phishing email from their IT team, 31% of organizations are at risk of a data breach due to phishing attacks. Based on the data from Duo Insight, in a real-world scenario,…
Author: ISBuzz Team
Large businesses that struggle to attract sufficiently skilled IT security experts end up paying up to three times more to recover from a cybersecurity incident. This is one of the key findings of a recent report prepared by Kaspersky Lab, based on the experience of company experts and data from the 2016 Corporate IT Security Risks survey[1]. Besides the measurable budget impact, a significant share of businesses is observing a growth in wages, a general shortage in expert availability and the need for more specialists in the field. Technical expertise and beyond Citing complexity of IT infrastructure, compliance requirements and…
Following CyLab’s research into passwords, customer identity management firm Gigya commented below. Gigya works with brands such as Rolex, Coca-Cola and Red Bull to help them create mutually beneficial relationships with their customers. Richard Lack, Director of Sales EMEA at Gigya: “The news of CyLab’s research into passwords demonstrates the need for security awareness when it comes to authentication. In fact, 26 per cent of consumers tell us that they have had an online account compromised in the past 12 months, yet 56 per cent use passwords that they know are not secure, such as those that include their names or birthdates. At a time when…
Following the recent approval of the EU-US Privacy Shield, Gavin Siggers, Director of Professional Services at Iron Mountain commented below. He addresses the way in which the new policy will guide US and EU organisations in storing, sharing and protecting the personal data of EU citizens, whilst also highlighting the economic importance of this policy to the UK. In addition to this, Gavin’s comment also explores the potential impact that Brexit will present to the implementation of the policy, outlining the importance for businesses to train and educate both themselves and their employees on the principles of data protection. Gavin Siggers, Director…
A new Hidden-Tear ransomware impersonates a PokemonGo application for Windows and targets Arabic victims. These features include a backdoor Windows account, spreading the executable to other drives, and creating network shares. It also appears that the developer isn’t done yet as the source code contains many indications that this is a development version. IT security experts from ESET and Tripwire commented below. Mark James, Security Specialist at ESET: “As with most projects or events that generate so much interest in the IT world, it’s inevitable that malware will soon follow, often tailored to help, mimic or guide you. The whole PokemonGo phenomenon was of course going…
A lot can happen in two years. By 2018 we are expected to have witnessed the first human head transplant, Adobe Flash is predicted to be no more, the UK may or may not have left the EU and the flow of data into organisations will have increased by as much as five-fold, according to IDC. Another significant development due in 2018 is the deadline for meeting new regulations around the treatment of personally identifiable information (PII). When combined with expected volumes in data growth, this could have huge implications for any business which processes personal data. Earlier this year, the European Parliament passed…
In response to the news that Linux.Lady, a Go-based Linux Trojan that mines cryptocurrency, has been uncovered by researchers Ken Bechtel, Malware Research Analyst at Tenable Network Security commented below. Ken Bechtel, Malware Research Analyst at Tenable Network Security: “This is far from the first Linux malware; there have been Linux viruses, Trojans, backdoors and worms dating back to the ’80s. While these often are overlooked as annoying, they are out there and exist. The reason they are not more prevalent is that the Linux Operating System is not as common as Microsoft or Apple’s versions. In reality every operating system,…
A data breach at large UK software company Sage may have compromised personal information for employees at 280 UK businesses, it is understood. Police are investigating the breach and Sage is probing the “unauthorised access” of data by someone using an “internal” company computer login. IT security experts from ESET, Lieberman Software, AlienVault, MIRACL and Certes Networks commented below. Mark James, Security Specialist at ESET: “One of the weakest links in any organisation are the users, you can have as many security features as you like but most of the time someone somewhere needs access to it in one way…
Donald Trump’s golf resort in Scotland has admitted a breach of data protection law, having failed to register with the UK Privacy Watchdog, the ICO. In response, Richard Stiennon, Chief Strategy Officer at Blancco Technology Group commented below. Richard Stiennon, Chief Strategy Officer at Blancco Technology Group: “This is really worrying, not only because it supports the deepening concern that the US takes data privacy less seriously than Europe, but also because this time it’s at the hands of an organisation run by a man who is running to become the next President of the United States. If American-owned companies in…
For sure, every techie in the land lives by these words by heart: backup data—regardless if it’s active or archived data. It’s considered a sacrilege of sort not to have storage systems in place. However, this doesn’t mean it’s the end of the line for IT security. Back-up data can still be targeted as criminal hackers can now pose as network administrators to move within your system. Data Security Threats. The best way to protect your organization is to identify threats and reduce risks. As sophisticated as they may seem criminal hackers often adopt attack patterns, using the most effective…