IT - Security

The Big E-Crime Pivot
Dark Reading, May 7th, 2019

"Criminals have begun to recognize that enterprise ransomware offers tremendous financial advantage over the more traditional tactics of wire fraud and account takeover.

The concept of 'the pivot' is well-understood by entrepreneurs, who often set out to build a business or technology and realize they need to shift their strategies. Visually, one foot remains firmly in place while the other turns to reorient the rest of the body. Typically, they don't throw everything out the window and start over. Rather, they reimagine the way they can use the tools at their disposal..."

5 Common Authentication Factors To Know
SearchSecurity, May 10th, 2019

"Multifactor authentication is a security system that requires two or more authentication steps to verify the user's identity. Discover the most important terms related to MFA...

Authentication is a process of confirming whether someone or something is actually who or what it claims to be. Demand for multifactor authentication in the United States has been galvanized by government regulations, such as the Federal Financial Institutions Examination Council directive that calls for MFA for online banking transactions..."

"New research indicates that things are not improving for filling the demand for cybersecurity skills. The ramifications are widespread...

I've been writing about the cybersecurity skills shortage for seven years and have become the 'Chicken Little' of this topic. Now, we've all read about the number of cybersecurity job openings out there, but what is the impact of the skills shortage on cybersecurity professionals who are gainfully employed?..."

"Research shows time to discovery and containment of breaches slowly shrinking, but attackers don't need a very big window to do a lot of damage.

It's breach report season and one of the prevailing trends uncovered by security researchers is that organizations are ever-so-slowly improving the window between when a compromise occurs and when it gets detected. In spite of this slight gain, the fact solidly remains that the typical breach timeline still completely favors attackers..."

"High-profile data breaches show no sign of slowing down. In the first quarter of 2019, there were 281 reported data breaches, exposing more than 4.53 billion records.

Companies have overlooked the fact that cybercriminals are becoming more sophisticated with automation, and these 4.5 billion exposed records will become 4.5 billion new opportunities for criminals to commit automated fraud online..."

"Technology is enabling companies to gather a high volume of data and making the analyzing process easier. However, as the adage goes 'There are two sides to every coin.' If you find potential opportunities in these technologies, don't overlook the challenges you'll come across while using many of these tools.

So, data security has become one of the biggest challenges organizations face while exploring the emerging technologies in the market. Data management automation is basically called 'DataOps' in the business world, which involves multiple technologies and processes to simplify the storage, access, collection and analysis of data..."

"Cybersecurity awareness training programs are sometimes perceived as an extraneous waste of time and energy, but are essential to building a strong security culture...

Cybersecurity professionals might have heard the following phrase in recent years: "If cybersecurity awareness training was going to work, it would have worked already." Usually, this saying is to disparage cybersecurity awareness training as an ineffective, pointless waste of time and money..."

"Three steps you can take, based on Department of Homeland Security priorities.

At the 2019 RSA Conference earlier this year, Chris Krebs, director of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), outlined several key priorities the agency is focused on for protecting US critical infrastructure. The US government is at the forefront when it comes to cybersecurity trends, so being aware of its focus can help private sector organizations improve cyber situational awareness and reduce risk..."

See all Archived IT - Security articles See all articles from this issue