The humble password. A pillar of society and a cybersecurity comfort blanket for end users (and IT teams) across different applications and programmes across the globe. Humanity has been using passwords in one form or another for centuries. However, the first computer passwords came about in the mid-1960s and are likely to have originated at the Massachusetts Institute of Technology in the US. But why exactly have they been so long-standing? Within an enterprise environment, passwords are easy to implement and a relatively low-cost security measure which previously provided a solid layer of protection against threats. However, as the sophistication of threats…
Author: Information Security Buzz Editorial Team
Historically, the financial services sector has been the most attacked by cybercriminals. Still, in 2021 there was a substantial shift, and a different industry ranked at the top for the first time – the manufacturing industry. For the second year in a row, manufacturing was the top-attacked industry according to IBM’s X-Force Threat Intelligence Index. Recent reports cite over half of all manufacturers in Britain succumbing to cybercrime in the last two years. While 39% of UK businesses reported suffering a cyber-attack in 2022, with data breaches costing companies an average of $4.35 million. So, it’s a case of not if, but…
It’s no secret that penetration testing is among the most effective methodologies for helping determine an organization’s risk posture. While it’s true that other standard processes like gap assessments, auditing, architecture reviews, and vulnerability management all offer significant value, there’s still no substitute for impactful penetration testing. When done correctly, it signifies where the rubber meets the road – serving as a situational barometer for aligning security defences with ever-evolving cyber threats and budgetary realities. At its core, penetration testing falls under the umbrella of ethical hacking, where simulated threat actors attempt to identify and exploit key vulnerabilities within an organization’s…
Today’s evolving interconnected digital world has created a diverse and intricate threat landscape for organizations. Within this landscape, insider and outsider threats have emerged as significant security risks organizations must address. While the debate regarding the severity of insider versus outsider threats persists, businesses increasingly recognize the potential dangers insiders pose to their data security. Historically, outsiders have been associated with high-profile data breaches attracting media attention. Consequently, organizations have focused on implementing conventional security measures to address outsider threats, given the substantial financial costs of such breaches, often reaching millions of dollars. However, relying solely on standardized security measures…
Inspired e-Learning’s new cybersecurity awareness training game, Phishin’ Impossible, takes a novel approach in teaching employees about cyber threats. Players assume the role of a white hat hacker tasked with crafting convincing scam emails to fool unsuspecting staff. Players learn how cybercriminals operate and how to protect themselves by spending time in a hacker’s shoes. After a brief introduction, players are tasked with crafting a phishing email to fool recipients into clicking a malicious link. If they succeed, they’ll be offered the opportunity of a lifetime; a job with the notorious white hat hacking group “Infamous Phun.” Once initiated, players…
Back in March, Microsoft released data suggesting that Russian hacker groups were appearing to be preparing for a renewed wave of cyber-attacks against Ukraine, including a ransomware-style threat to organisations serving Ukraine’s supply lines. At the time, Clint Watts, General Manager of its Digital Threat Analysis Centre said: “In 2023, Russia has stepped up its espionage attacks, targeting organisations in at least 17 European nations, mostly government agencies. Our analysis suggests that Russia will continue to conduct espionage attacks against Ukraine and Ukraine’s partners, and destructive attacks within, and potentially outside, Ukraine.” Our own ESET Threat Report, a quarterly report…
What does a “good” cyber-security programme look like? How can we, in our role as Chief Information Security Officer (CISO), work to improve the effectiveness of the policies and practices implemented in our organisations? Measuring activity does not necessarily have a tangible relationship to robust cyber-security practices, nor does that activity provide any measurable benchmark for executives to understand how you are managing organisational risk – which is ultimately what your job is to do. And the way to be effective is to improve the focus on outcomes which reduce organisational risk. The only Key Performance Indicator (KPI) that matters…
