Beginners looking to skill up, here's where to start
"Penetration testing, also known as pentesting or ethical hacking, is like in the movie Sneakers, where hacker-consultants break into your corporate networks to find weaknesses before attackers do. It's a simulated cyber attack where the pentester uses the tools and techniques available to malicious hackers.
Back in ye olde days of yore, hacking was hard and required a lot of manual bit fiddling. Today, though, a full suite of automated testing tools turn hackers into cyborgs, computer-enhanced humans who can test far more than ever before..."
Billions of pounds are spent globally on the clean-up required after successful cyber-attacks
"Cyber-crime has emerged as one of the most pressing issues in the 21st century. Often completely anonymous, cyber-criminals are exploiting the opportunity that the increasingly-digital world has presented them to maximum effect. Every minute of every day a business, charity or individual faces a cyber threat of some sort. Billions of pounds are spent globally on the clean-up required after successful cyber-attacks, and unquantifiable amounts of data are lost or damaged, software and systems corrupted, intellectual property stolen and reputations destroyed..."
Learn five steps to implement a risk-based security strategy that naturally delivers compliance as a consequence of an improved security posture
"Compliance with security standards such as ISO/IEC 27001 and PCI DSS doesn't necessarily make an enterprise's security controls effective and economical. Simply following long checklists and implementing basic controls to meet a standard's requirements won't automatically create a coherent strategy that builds a resilient operating environment that can handle current and future threats.
A risk-based security approach, on the other hand, identifies the true risks to an organization's most valuable assets and prioritizes spending to mitigate those risks to an acceptable level..."
xperts share the cybersecurity threats to watch for and advice to stay protected
"We look forward to summer's warm weather, travel plans, and maybe some added relaxation. Cybercriminals look forward to summer's new opportunities for scams and targeted attacks.
Seasonal threats aren't new; for example, the holiday season typically brings phishing attacks in the form of fake package deliveries and fraudulent gift cards. Similarly, summertime, which drives an increase in flights and hotel stays, should put people on high alert for a wave of related scams..."
It is possible to create a simple, bright-line means of triaging engagements to determine whether heightened security and privacy measures should be required
"So, maybe you've read my previous blog posts and have spent time developing strong information security and privacy protections to be included in your contracts with relevant business partners, vendors and suppliers.
The question is: when do I require those protections? Certainly not in every contract. That would greatly expand the cost and time of negotiating contracts that, potentially, present no security or privacy risks.
So how do you decide?..."
A new global survey from BeyondTrust explores the visibility, control, and management that IT organizations in the U.S., APAC, Europe and the Middle East have over employees, contractors, and third-party vendors with privileged access to their IT networks
"According to the report, 64% believe they've likely had either a direct or indirect breach due to misused or abused employee access in the last 12 months, and 62% believe they've had a breach due to compromised vendor access.
Poor security hygiene by employees continues to be a challenge for most organizations. Writing down passwords, for example, was cited as a problem by 60% of organizations, while colleagues telling each other passwords was also an issue for 58% of organizations in 2019, which is steadily on the rise from 2018's statistics..."
In the AI-fueled security wars, most of the arsenal is currently in the hands of the good guys, but the balance of power might soon change
"The war against cyber attackers isn't a fair battle. Companies have to defend against all attacks, while the attackers only have to get through once. And it's about to get much, much worse.
The same artificial intelligence technologies used to power speech recognition, self-driving cars, and "deep fake" videos have the potential to be turned to other uses, like creating viruses that morph faster than antivirus companies can keep up, phishing emails that are indistinguishable from real messages written by humans, and intelligently going after a data center's entire perimeter to find the smallest vulnerability and then use it to burrow in..."
Executives in the dark about the benefits of employee wellbeing on cybersecurity
"Less than half of IT professionals in the UK (44 per cent) are confident they could detect an insider threat. This is according to a new report from ObserveIT, which says decision makers are clueless on how employee wellbeing benefits the company's cybersecurity.
It also says that the employee onboarding and offboarding processes 'leave a lot to be desired'..."
Global organizations face particular cultural and linguistic challenges when it comes to awareness training
"If there's one lesson to be learned from the way authentication company Okta approaches international security training, it's that bad actors are everywhere.
Phishing emails, password sprays, man-in-the middle attacks - no matter what country the hacker is in, a threat is still a threat. "If you don't have a strong password that's coupled with a multifactor authentication and...policies in the background to protect the account," Okta CSO Yassir Abousselham says, "then there's increased risk to that account and really that's location agnostic"..."
See all Archived IT - Security articles
See all articles from this issue