IT - Security

How can you protect your precious corporate endpoints from the mysterious dangers that might await when you're not by their side?

"Empower home office users with these tips

According to data from Global Workplace Analytics, the population of work-at-home employees among those who work for organizations has grown by 159% since 2005. That's a growth rate 11 times faster than the workforce itself. This arrangement offers flexibility and productivity to organizations and their workers alike, but it also poses challenges for cybersecurity strategists..."

Expect unprecedented levels of online data theft this holiday season due to a lack of deployed client-side security measures

"Disturbing lack of security measures

Tala Security highlights the widespread vulnerability resulting from integrations that enable and enhance website functionality. These integrations, which exist on nearly every modern website operating today, allow attackers to target PII and payment information.

98% of the Alexa 1000 websites were found to be lacking security measures capable of preventing attacks. In related warnings, both the FBI and the PCI Council cautioned that hackers are targeting online credit card information..."

Give your organization's leadership an impactful, out-of-office experience so they know what's at stake with their budgeting decisions.

"Late in the summer of 2015, I orchestrated an off-site workshop with one of our biggest customers. I had two objectives: One was to create an unforgettable experience that demonstrated to executives how risk translated into strategy - and action - for the cybersecurity staff.

And by scheduling this in fourth quarter of our fiscal year, the second, less obvious agenda was to make sure these same decisionmakers knew precisely what was at stake when it came time to debate my proposed security budget for the coming fiscal year..."

Key Features In Building A Security Operations Center
SearchSecurity, November 25th, 2019
Building a security operations center means understanding the key features you need to ensure your network remains protected against threats

"Should you have a security operations center? Almost certainly, yes.

In a recent Nemertes' research study, we documented that successful cybersecurity operations are 52% more likely to have SOCs than their less successful counterparts. Nemertes measured success based on an organization's mean total time to contain security breaches; to be considered successful, organizations had to have an MTTC of less than 20 minutes, placing them in the 80th percentile of all companies..."

Social Engineering: The Insider Threat To Cybersecurity
Business 2 Community, November 26th, 2019
Social engineering, banal as it sounds, is an insidious way of getting "insider access" into an organization's network and data

"Once inside, social engineering enjoys both undetectability and sweeping access, which makes it a potent threat to an organization's cybersecurity. Let's examine the various flavors of social engineering and best practices to secure against it.

What are Social Engineering Attacks?

Social engineering attacks involve manipulating employees into performing actions or divulging confidential information that will be maliciously used to break into the organization's network..."

The Seven Types Of e-Commerce Fraud Explained
Information Age, November 25th, 2019
Karsten Witke, head of payment services risk at PPRO Group, discusses the different ways in which e-commerce fraud can be committed

"E-commerce fraud is constantly increasing, and alternative payment methods are attracting criminals.

While the increase itself is nothing new (there has been more e-commerce fraud every year since 1993), the rate is impressive. CNP fraud is predicted to increase by 14% by 2023 and could cost retailers $130 billion..."

Hackers have become relentless in targeting businesses these days

"The customer and financial data that you process and store in your computers are now a goldmine for hackers to steal. Personal records and payment information can be sold for profit over the black market. Hackers are even utilizing various methods to compromise networks and infrastructure infrastructures.

As such, organizations may have to go beyond conventional security tools like antiviruses and firewalls and implement security measures that can detect and combat advanced attacks. But before you go about adopting virtually every available solution that's being offered today, it's only practical to test your defenses and establish a baseline of what's really needed..."

Cyberthreats loom large in this modern IT environment. Explore the six most common roles of AI in cybersecurity and the products synthesizing them

"Companies are turning more to AI to aid in their security efforts in modern IT environments. The exponential growth of data, devices, processing power, algorithms and networked systems -- valuable assets for any business competing in the 21st century -- comes with newer risks and vulnerabilities. Citing data security, infrastructure protection and cloud security as the fastest-growing areas of security spending, Gartner estimated companies will spend some $137 billion on cybersecurity risk management in 2019, according to a December 2018 report..."

DDoS: An Underestimated Threat
Dark Reading, November 26th, 2019
Distributed denial-of-service (DDoS) attacks have become more common, more powerful, and more useful to attackers. Here's how to fight back

"On the flip side of the proliferation of Internet of Things (IoT) devices, the quest for increased connectivity and bandwidth (think 5G) and skyrocketing cloud adoption, IT is increasingly being weaponized to unleash cyberattacks in an unprecedented order of magnitude. Coupled with the emergence and anonymous nature of both the Dark Web and cryptocurrencies, illicit transactions have never been easier or more convenient. Distributed denial-of-service (DDoS) attacks have become more common, more powerful, and more useful to attackers. They have advanced from mere botnet-based approaches to artificial intelligence (AI) and data-driven models..."

Data Breached In Translation
CSO Online, November 27th, 2019
Online language translation software caused a data leak at Statoil. Use these best practices to keep translated information secure

"Before September, translation didn't matter - at least, from an infosec standpoint. Taking content written in one language and changing it to another wasn't at the top of most CSOs' lists of data risks. Then Norwegian news network NRK uncovered a breach at Statoil, one of the world's biggest oil and gas companies.

NRK reports that the $46 billion business used, a free online tool, to translate 'notices of dismissal, plans of workforce reductions and outsourcing, passwords, code information, and contracts.' Then, the story continued, Lise Lyngsnes Randeberg, a college professor, Googled Statoil: In her results were the company's translations..."

Practical Principles For Security Metrics
Dark Reading, November 27th, 2019
A proactive approach to cybersecurity requires the right tools, not more tools

"There are several key market forces affecting the cyber landscape that regularly make the headlines: a shortage of security personnel, a huge rise in the number of security tools, and a growing attack surface due to the move to bring-your-own-device policies and the cloud. However, another market force is changing the nature of the industry: increasing pressure to adhere to numerous regulations such as the General Data Protection Regulation, the SHIELD Act, the California Consumer Privacy Act, and the more-recent MAS cyber hygiene notices..."

See all Archived IT - Security articles See all articles from this issue