Second annual Human Factor Report details cybercriminals’ shifting social engineering tactics to focus on corporate targets Proofpoint, Inc., (NASDAQ: PFPT), a leading next-generation security and compliance company, released the results of its annual study that details the ways attackers exploit end-users’ psychology to circumvent IT security. The Human Factor Report 2015 reveals that last year was the year attackers “went corporate” by changing their tactics to focus on businesses rather than consumers, exploiting middle management overload of information sharing, and trading off attack volume for sophistication. The Proofpoint findings reiterate how human behavior, not simply system or software vulnerabilities, has…
ISBuzz Team
Netwrix 2015 State of IT Changes Survey reveals that nearly 70% of organisations continue to make undocumented changes and only 50% audit their IT infrastructures The Netwrix 2015 State of IT Changes Survey of more than 700 IT professionals across 40 industries found that 70% of companies forget about documenting changes, up from 57% last year. Most surprisingly, the number of large enterprises that make undocumented changes has increased by 20% to 66%. Undocumented changes pose a threat to business continuity and the integrity of sensitive data. The survey shows that 67% of companies suffer from service downtime due to…
As much as technology and the internet have benefited us, they’ve also created some really bad habits. Source:
Research Conducted on 50% of US Mobile Traffic Finds You are 1.3 Times More Likely To Get Struck By Lightning Than Have Mobile Malware Communicating on Your Device Damballa, a leader in advanced threat detection and containment, will be unveiling research on Wednesday, April 22nd at the RSA Conference, which details the overblown nature of the mobile malware problem. Damballa monitors nearly 50% of US mobile traffic. Based on this Big Data set, the research team set out to determine actual malware infection rates – not just samples found, or vulnerabilities/theoretical attacks. In his talk at RSA, senior scientific researcher…
Given the current hype around the rise of wearable technology, it would seem that in the very near future we could be adding them to the long list of non-company devices people are bringing into their organisations. Increasingly we are seeing that employees want to use their own mobiles, tablets, PCs and applications in their work life. As this phenomenon clearly goes way beyond devices alone, it is evident that the acronym BYOD is no longer sufficient to cover all things brought into the office. Perhaps, then, we should change this acronym to BYO* – bring your own anything and…
In an ever-changing digital world, SMBs are constantly confronted with the challenge of keeping data secure against new, dynamic network threats. And, as BYOD continues to take over the workforce, potential vulnerabilities stem from personal mobile devices, which employees often use to connect to corporate networks. Enterprises must think fast, and those that invest in the most reliable remote access security software will keep their data safe. Security veteran NCP engineering is making that possible via thousands of resellers this week. On Wednesday*, the company will unveil its new agreement with Tech Data, one of the world’s largest wholesale distributors…
With the World Day for Safety and Health at Work approaching the British Safety Council has re-affirmed its position as an organisation working alongside its corporate members and other stakeholders to promote awareness and greater understanding that good health and safety management is good for business. The British Safety Council has now released a series of short videos on the benefits of good health and safety filmed with experts from the European Agency on Safety and Health at Work (EU-OSHA). This provides a supplement to a literature report that compiled research and evidence on the business benefits of good health…
Retail/payment security experts from HP Security Voltage and Lancope commented on the new 3.1 release of the Payment Card Industry Data Security Standard (PCI DSS) News release SearchSecurity “PCI DSS 3.1 debuts, requires detailed new SSL security management plan” Brendan Rizzo, technical director, HP Security Voltage (www.voltage.com): “The fact that the PCI Council saw fit to release an out-of-band update underscores the real threat that the recent SSL and TLS vulnerabilities pose to payment security. Despite the real and immediate threat, many businesses have annual budgets and resource constraints to contend with which will preclude an immediate response. The fourteen month transition…
Reaction from Richard Blech, CEO of Secure Channels to the new PCI DSS 3.1 standard We applaud PCI counsel for recognizing that SSL is broken. There’s a dichotomy to the term ‘Best Practices’ – by definition, ‘Best Practices’ does not mean using the broken standard. Upgrading the standards to allow merchants and business partners to protect payment data still leaves companies vulnerable. The vast array of tools that hackers use to get payment data such as RAM scraping needs to be stopped in its tracks by addressing the core problem. The credit card info is being stolen, if it were…
More than 23,000 mobile devices issued to staff last year, a 48% increase in last five years Transport for London (TfL) has ramped up the number of mobile tablet devices it issues to staff, nearly doubling tablet use for work in the last two years, new research has revealed. The figures, obtained by Veracode, a leader in protecting enterprises from today’s pervasive web and mobile application threats, were released under Freedom of Information legislation (FoI), and examine TfL’s mobile device usage since 2010. The transport provider issued 3,500 tablet devices last year, nearly twice the number supplied in 2012 (1,766).…