Major data breaches make headlines too frequently, reinforcing the fact that even if organizations deploy top of the line security products, threat agents can still find a way to infiltrate. By bypassing common security solutions, there are four standard ways attackers can still “Infiltrate by Design”: Leveraging Design Vulnerabilities: An attacker can leverage an unexpected software’s functionality flow in order to compromise the underlying system. A perfect example is Sandworm, a design vulnerability found in a component of Windows which enabled a threat actor to abuse its functionality in order to download files and execute malicious code. Many major targets…
Author: ISBuzz Team
With 2015 coming to a close, it’s time for look at what we are expecting to see in 2016. As infrastructure and business models continue to evolve, so do the threats against them. The Top 5 trends that will have a significant impact on IT in 2016 are: Increased Network Dispersion The coming year will see increased network dispersion in all forms as organisations expand to more locations, leverage Cloud based services and embrace mobile working. This increased dispersion will change the traditional role of the firewall. Network architectures change as the use of Cloud applications like Office 365 grow.…
If your company shuts its data storage systems down during the holidays, be careful that it’s not the last shutdown before a data loss. The Problem with Planned Shutdowns Many companies close their doors for an extended time during the Christmas and/or New Year’s holidays, including some that routinely schedule the last week of the year for closure. Does your business run its systems 24/7 for most of the year? This constant running creates a lot of heat for those systems that incorporate spinning drives, causing expansion of components. During planned shutdowns, components cool, causing contraction. This expansion and contraction…
What does 2016 have in store for businesses and consumers with regards to cyber security threats? A specialist in malware detection, RedSocks’ malware intelligence team has formulated five predictions for the year ahead. These predictions conclude that in 2016, cyber security threats will become the new normal, yet security efforts and behaviours – of both businesses and consumers – will fail to catch up. Hybrid threats using cyber attacks as a battering ram will continue to rise. Cyber attacks are increasingly being used as part of a bigger plan. Concepts and techniques from the commercial hacker industry (aimed at gaining financial advantage)…
Board-Level Concerns Force Increased Security Spending to Manage Insider Threats Global security intelligence and information management technology company Nuix has released the findings from a new survey of corporate information security practitioners that indicates a move toward a stronger focus on insider threats and more understanding of cybersecurity issues at the board level. “We had in-depth conversations with chief information security officers and directors from Fortune 500 and Fortune 1000 companies about the dynamic nature of security and how their role is adapting,” said Ari Kaplan, the report’s author and principal researcher. “Security leaders now have a much more influential…
Nuix (security intelligence and Information management) release the findings from a study conducted with Ari Kaplan Associates of select Fortune 500 corporate security officials that looks to gain insight on current and future plans to reshape & reprioritize information security practices. The survey, which features of interesting slices of data, looks at topics such as data security policies, insider threat program practices, budgeting, employee training, data breach/potential response concerns and the outlook for 2016. In addition to increased regulatory oversight, % of the respondents attributed some of their spending increases to additional protections against internal hazards. This year, % of…
Once upon a time, cyber security was like a bank vault. We built thick walls and a big door and we put an armed guard out front. This was more than enough to keep valuable assets secure, because we didn’t have sensitive corporate data and credentials sitting on multiple servers and devices outside a business’s physical headquarters. As the digital domain grew, that vault became a fortress. Walls got higher and could accommodate doors and windows. We carved in lookout points for an army of figurative guards. But the fact is, the Middle Ages of cyber security are long gone. Nowadays, when we imagine the…
Helpdesks are overwhelmed, often inundated by mundane and repetitive manual tasks that kill their productively and keep them from achieving their organizational goals. By taking steps that are usually simple and financially efficient, much time can be saved for employees and organizations managing this process. Also, through the automation of processes that remain manual and out of date, technology leaders are able to take steps to help their teams and their departments, including the helpdesk, to focus on more pressing technology matters than resetting forgotten passwords or managing account access by allowing internal customers the ability to do so themselves.…
2015 was the year the tipping point was reached with regard to public awareness of hacking, data breaches and cybercrime. Hardly a week seemed to go by without another high-profile breach hitting our TV screens. At times it felt like a coming of age: CEO Dido Harding confessed on camera to not knowing whether or not stolen customer data was encrypted, and the Ashley Madison hack taught us that our ‘digital exhaust’ just got dirtier. Whether it’s as a consumer, end-user, or potential ‘insider-threat’, the human factor moved centre stage in 2015, with seven out of the top ten vulnerabilities…
2016 will be the year of encryption – there is a lot of mystery wrapped up in security, given the sophisticated attacks launched by nation states and cyber criminals; however, many times the solution is simple and involves fundamental security principles like good passwords and encryption for sensitive data. Arguably every year should be the year of encryption, but we have seen enough avoidable damage from a lack of encryption (see TalkTalk shares tank 11% on fears that customer compensation bill could wipe out profits and “I am surprised….no encryption has been used”) this year that those responsible will start…