• CybersecurityRussian Government Hackers Exploit Known Vulnerability in Virtual Workspaces

    The National Security Agency (NSA) released a Cybersecurity Advisory on Monday, detailing how Russian state-sponsored actors have been exploiting a vulnerability in VMware products to access protected data on affected systems.

  • CybersecurityPlenty More Phish: Why Employees Fall for Scams and What Companies Can Do about It

    Preventive countermeasures to phishing emails may actually increase the likelihood of employees falling for such scams, a new academic study reveals. Protective controls, such as email proxy, anti-malware and anti-phishing technologies, can give employees a false sense of security, causing them to drop their vigilance because they incorrectly assume such measures intercept all phishing emails before they reach their inbox.

  • PerspectiveAssessing Cyber Risk from External Information

    There is a vision for the future of assessing cybersecurity: The goal is a system of cyber metrics that are transparent, auditable, practical, scalable and widely agreed upon. To that end, it is useful—indeed, imperative—to evaluate various approaches to cyber risk quantification with the aim of informing the development of a public standard for measuring cybersecurity.

  • CybersecurityHow far should organizations be able to go to defend against cyberattacks?

    By Scott Shackelford

    Organizations can and should be encouraged to take passive defense measures, like gathering intelligence on potential attackers and reporting intrusions. But in my view they should be discouraged – if not prevented – from acting aggressively, because of the risk of destabilizing corporate and international relations. If the quest for cyber peace degenerates into a tit-for-tat battle of digital vigilantism, global insecurity will be greater, not less.

  • CybersecurityHow cybercriminal spend their illicit gains

    A new study, drawing on first hand interviews with convicted cybercriminals, data from international law enforcement agencies, financial institutions, and covert observations conducted across the Dark Web, reveals the socio-economic and spending differences among cybercriminals. Annual earning level of successful cybercriminals push them into some of the higher income brackets.

  • CybersecurityMeltdown and Spectre: Exposing the ghost in our machines

    Researchers had found that in an effort to make computer chips more efficient, major manufacturers had inadvertently inserted an opening that would allow hackers to spy on sensitive data. In two papers that were published on 3 January, researchers coined the cyber security threats Meltdown and Spectre. The name Meltdown was chosen for the attack’s ability to “melt” the security system typically enforced by a processor’s hardware. The name Spectre was based on the root cause of the security vulnerability, speculative execution, a speed-enhancing technique in which the processor tries to predict what part of code it will be required to execute next and starts executing it. And, much like a real spectre, the attack is nearly impossible to detect.

  • CybersecurityDowntime of a top cloud service provider could cost U.S. economy $15 billion

    Businesses in the United States could lose $15 billion if a leading cloud service provider would experience a downtime of at least three days. A new study finds that if a top cloud provider went down, manufacturing would see direct economic losses of $8.6 billion; wholesale and retail trade sectors would see economic losses of $3.6 billion; information sectors would see economic losses of $847 million; finance and insurance sectors would see economic losses of $447 million; and transportation and warehousing sectors would see economic losses of $439 million.

  • CybersecurityCyber trends in 2017: The rise of the global cyberattack

    A new report, Cyber maturity in the Asia–Pacific region 2017, distils the major trends from a year’s worth of cyber events and looks at how countries in the region are measuring up to the challenges and opportunities posed by the internet and ever-more-connected IT infrastructure. Although cyber maturity and cybersecurity generally improved over the past year, the threat landscape worsened. Cybercriminals are investing in more advanced and innovative scams, and nation-states are prepared to launch massively destructive attacks causing huge collateral damage.

  • CybersecurityPetya variant hobbles European businesses

    In the wake of May’s WannaCry attack, which affected more than 230,000 computers in over 150 countries, a fast-moving malware malware outbreak was reported 27 June at targets in Spain, France, Ukraine, Russia, and other countries. The attack infected large banks, law firms, shipping companies, and even the Chernobyl nuclear facility in the Ukraine. The new malware is thought to be a variant of Petya, a wiper malware designed to destroy systems and data with no hope of recovery.

  • CybersecurityU.K. industry warned that cybercriminals are imitating nation state attacks

    The annual assessment — the most detailed of its kind to date — of the biggest cyberthreats to U.K. businesses has been published the other day, emphasizing the need for increased collaboration among industry, government, and law enforcement in the face of a growing and fast-changing threat. The report discusses the trend of criminals imitating the way suspected nation state actors attack organizations such as financial institutions, and the risk posed by the ever-increasing number of connected devices, many of which are not always made secure by manufacturers or users.

  • CybersecurityMisaligned incentives, executive overconfidence create advantages for cyberattackers

    New report outlines how cybercriminals have the advantage, thanks to the incentives for cybercrime creating a big business in a fluid and dynamic marketplace. Defenders on the other hand, often operate in bureaucratic hierarchies, making them hard-pressed to keep up. Attackers thrive in a fluid, decentralized market, while bureaucracy constrains defenders. Ninety-three percent of organizations surveyed have a cybersecurity strategy, but only 49 percent have fully implemented it. Nearly 60 percent of IT executives believe their cybersecurity strategy is fully implemented, while just over 30 percent of IT staff agree. Senior executives designing cyber strategies measure success differently than implementers.

  • CybersecurityGlobal entities come shopping for Israeli cybersecurity

    By Viva Sarah Press

    As computer devices and Internet of Things (IoT) connectivity continue to break new boundaries and create changes to our lifestyle, new cybersecurity technologies to defend our tech-savvy lives are crucial. “We’re still at the beginning for the cyber arena. We still need the security solution for smart homes, we still don’t have security solutions for autonomous cars, or for connected medical devices or MRI machines, or for connected kitchen appliances. Every technology that will be introduced to our lives in the coming years will need a cyber solution,” says one expert.

  • CybersecurityDHS releases Strategic Principles for Securing the Internet of Things

    DHS the other day issued a set of Strategic Principles for Securing the Internet of Things (IoT), Version 1.0. These principles highlight approaches and suggested practices to fortify the security of the IoT. They aim to equip stakeholders to make responsible and risk-based security decisions as they design, manufacture, and use internet-connected devices and systems.

  • CybersecurityBolstering small businesses cybersecurity

    Small-business owners may think that they are too small to be victims of cyber hackers, but NIST experts know otherwise. NIST reaches out to small businesses, helping them understands the challenges they face in protecting their data and systems. The agency has just released Small Business Information Security: The Fundamentals, a guide written for small-business owners not experienced in cybersecurity, which explains basic steps they can take better to protect their information systems.

  • CybersecurityWhat CSPs can learn from the latest DDoS attacks

    Around the world, communications service providers (CSPs) and subscribers were affected by the 21 October 2016 DDoS attack, making it virtually impossible to reach many popular Web sites for several hours. Although CSPs weren’t targeted directly, they were still affected since the outages drove additional caching DNS traffic caused by the errors from failed DNS requests. This spike in traffic slowed overall network performance, likely driving up customer support call volumes from unhappy subscribers. The attacks highlighted the easily overlooked — yet vital — role that DNS plays on the Internet. An expert offers a few key steps CSPs can take to prepare for similar attacks in the future.