Clearswift launches the 2015 Clearswift Insider Threat Index (CITI), an international annual study exploring the changing nature of the insider threat Research takes the views of both businesses and employees to provide a 360 degree view of the insider threat and how it is being managed 75% of workers think their company doesn’t do enough raise awareness of potential cyber threats 58% of workers lack any understanding for what might be seen as an insider threat As enterprises become larger, managing employee behaviour becomes harder and the risk of a breach occurring within an organisation intensifies. Companies are aware the…
ISBuzz Team
If you haven’t read “The Martian” or seen the movie, stop right now and go read it. It’s a great book, and this article will contain spoilers. You’ve been warned. As a security professional, there have been times when I felt like I was stranded on Mars. When attacks happen, time isn’t on your side and sometimes you have to do everything yourself, relying on your own wits to get the job done. While reading The Martian, I couldn’t help but consider what skills and thought processes would help a security professional handle an incident. In other words, what would…
Researchers from Proofpoint are announcing their discovery of Abaddon, a new Point of Sale malware which is being downloaded in the process of a Vawtrak infection. This use of additional payloads to enhance attack capabilities offers another example of efforts by threat actors to expand their target surfaces through the delivery of multiple payloads in a single campaign, in this case by including potential PoS terminals. Key findings are listed below : Spreading with the known banking Trojan Vawtrak, this new malware spreads by both email and web infections. It includes features designed to resist analysis and encode stolen credit…
By focusing on basic software IP cyber hygiene, organisations and consumers be better protected from the most common cyber threats The Federation Against Software Theft (FAST) has welcomed the inquiry being held by the UK Government’s Culture, Media and Sport Committee into cyber security. The Committee, chaired by Conservative MP, Jesse Norman, has launched the inquiry following the recent online data breach at TalkTalk and its scope covers the protection of personal data online. Julian Heathcote-Hobbins, General Counsel, FAST, stated: “We welcome this inquiry and have taken the opportunity to respond by written submission. Considering the widespread use of cloud…
Today, in the information age, the CIO reigns supreme in the world of corporate IT. From small businesses to multinational monopolies, regardless of their IT infrastructure, the CIO manages their IT empire as an insulated hierarchy with no opportunity to cooperate with other departments. However, as cloud computing technology develops, invaluable tools such as data analysis, seamless mobility and instantaneous social networking are transforming the third platform from a business-conscious convenience to an essential part of any businesses’ IT management structure. A force for information collaboration Even as you read this, third platform technologies continue to evolve. Individual departments are…
ESET®, a global pioneer in proactive protection for more than two decades, has commissioned a survey of online shopping trends in the UK which has revealed that just in time for Cyber Monday, Brits seems to finally be taking their online safety seriously, with 93 percent revealing they only buy goods online from websites they either know or trust personally, and 89 percent revealing they always use a security solution when shopping online. The study, which was conducted in quarter three of 2015, studied the attitudes of 1000 UK consumers, and also revealed that laptops and notebooks are favoured by…
Web application security firm High-Tech Bridge notified Zen Cart, one of the largest online store management systems, of a critical flaw that comes at a time when online retailers witness high sales with Black Friday and Christmas shopping. The detected vulnerability allows remote attackers to execute arbitrary code on the vulnerable web applications with privileges of the web server, compromise entire web application databases (including all customers’ data), and place malware on the vulnerable website. The vendor has been already notified about the issue. Zen Cart is being used on hundreds of thousands live e-commerce websites. Ilia Kolochenko, High-Tech Bridge’s CEO and Chief…
Ping Identity UK research reveals how IT decision makers face significant barriers to rolling out digital transformation projects, and getting rid of passwords for good Identity security company, Ping Identity UK, commissioned third party research with survey consultancy, Censuswide, surveying IT decision makers across UK, France and Germany to ascertain their attitudes to the ‘barriers to business security’. This research reveals how European IT decision makers face significant barriers in implementing new identity security technologies, and subsequently in undertaking digital transformation projects. Prioritising digital transformation and specifically putting new identity security software in place was considered either a top priority…
Guest Wi-Fi is a standard offering for growing numbers of organisations from hotels, cafes and sports centres offering free Wi-Fi to customers, to businesses providing Wi-Fi for partners, suppliers and customers visiting the office. But how many organisations have any idea about the way in which that Wi-Fi network is being used? Not only does the company have a clear liability if a customer is viewing inappropriate – or illegal – images or content, but an inadequately secured Wi-Fi network can be an open door to the rest of the business infrastructure. In an era of heightened security awareness, too many…
The twelve PCI DSS requirements are some of the most well-known compliance points for companies that interact with customer payment data during the course of normal business practices. Meeting compliance standards can often times be a time consuming and challenging task for organizations. Below, we detail four heavy-hitting wins that help set a PCI deployment for future success. Defining (or Redefining) the Scope The PCI scope encompasses any device or host on an enterprise network that comes into contact with cardholder data. Depending on the size of the organization’s network, the scoping of the PCI environment could be a relatively…