Inside the BriefcaseMobile communication is playing a bigger role in modern businesses. However, many business owners are still coming to terms with this relatively new technology. Before you rush in and implement a new mobile business strategy, there are important factors you should consider first.
Cell phones are so much more than an easy way to keep in touch with loved ones. Smart phones are a pocket-sized computer that’s capable of everything from browsing the internet, to finding your location through GPS, and even helping you complete business-related tasks from a distance. Unfortunately, as convenient as the cell phone is, it’s all rife with possible security risks – particularly in regards to your personal data.
KnowBe4 cautioned companies to heed new FBI and Microsoft alerts, warning of hybrid targeted ransomware attacks that attempt to encrypt an organization’s entire network. Criminal hackers have upped the ante. They are changing their approach and penetrate a network, wipe out all backups, infect all key machines with ransomware and then demand payment. The latest method uses a little-known strain of ransomware called “Samas”, first discovered in 2014. According to research reports by Microsoft, the majority of infections thus far have been detected in North America, with a few instances in Europe.
The public’s perception of the Cloud seems to change constantly. In light of high-profile security breaches at Target (2013) and Home Depot (2014) and in the iCloud (2014), many users raised concerns about privacy and data security. Even with recent technological advances, thoughts on cloud security remain mixed. In fact, while 64 percent of medium and large enterprises believe cloud infrastructure is more secure than legacy systems, 31 percent also deem security the most prominent challenge they encountered in 2015, according to a study on the state of cloud security in the enterprise market.
Black Energy, a notorious malware that we have been researching lately, has once again become the subject of talk in the cyber world. This celebrity status is mainly due to its involvement in the recent cyberattack on Ukraine’s power industry, which left around 80,000 customers of the electricity company without power for several hours, two days before Christmas.
As soon as the global panic incited by the events of September 11, 2001 settled into public sector anti-terrorism initiatives, experts brought to light grave concerns about the security of the nation’s energy infrastructure. Even so, 15 years later, many energy organizations find themselves scrambling to meet the security measures set forth by NERC in their Critical Infrastructure Protection standards (CIP, Version 5). The new, much more comprehensive standards went into effect July 1, 2015, but the looming compliance deadline on July 1, 2016 is the real deal—an enforcement deadline that means auditors are on their way.
The downside of a website is that contains and publishes all your hard-done content is that it could get hacked. That doesn’t mean that websites developed on specific CMS platforms such as WordPress, Drupal, and Joomla are anymore or any less safe than regular HTML.
Understanding new threats and new technologies is central to optimizing IT security. But with their bring-your-own-device habits, tendency to job-hop, and simple human fallibility, IT users are the leading cause of security incidents.
with Kong Yang, SolarWindsIn this interview, Kong Yang, Head Geek and technical product manager at SolarWinds, speaks with IT Briefcase on how hybrid environments are changing the role of the IT professional. Read More >>>
A common misperception about SSH user key management concerns the need to find and control all the private keys in an environment. The idea here is that, since private keys are like passwords, it’s possible to manage them using the same methods. Once all the private keys are well controlled, safety has been achieved. What may initially seem like common sense does not hold up under inspection.
The future, it seems, is one of connectivity — not only between people from across the globe thanks to things like social media and wireless technology, but between devices too. It’s no longer just our phones or computers that access the internet, but our light bulbs, coffee-machines, refrigerators, and microwaves. As a community, we’re welcoming the “Internet of Things” into our lives — encouraging a world of constant connection to each other, and the internet. As a result, estimates suggest that by 2020, the sum of IoT (Internet of Things) devices will reach 25 to 30 billion.
Governments, utilities and businesses from every sector are embracing the possibilities of the Internet of Things (IoT). This interconnected environment promises safer public parks, more efficient factories, better healthcare – imagination seems to be the only limit when it comes to applying the IoT to today’s needs. However, for the positive action of all these improvements to work and life, there is at least an equal negative reaction. Gartner analysts recently revealed that by 2020, firms will have increased annual security budgets by 20 percent (up from less than one percent in 2015) in order to address security compromises in the IoT.
Understanding open source vulnerabilities is a daunting challenge. Most companies do not have a good handle on where open source software is being used across their organizations. As a result, when vulnerabilities in open source (e.g., Heartbleed, Shellshock, Ghost, Freak and now DROWN) come to light, companies are not able to quickly assess their exposure and take action to remediate that exposure.
A majority of businesses are moving critical applications from physical personal computers to the virtual environment. A 2015 IT priorities survey confirms this where 76% of the IT decision makers surveyed indicated their preference for cloud bases productivity applications. About 57% stated they would roll out enterprise file sharing and synching services on the cloud.
Mobile devices are quickly becoming the primary devices among enterprises. Their great user experience, increased computing capabilities, explosion of apps, and always-on connectivity combined with agility, make them ideal replacements for PCs. Mobility these days, is not just a tool enabling employees access to email and a handful of corporate applications, but rather a tool to improve employee productivity and ease of working by enabling them with real-time connectivity to customers, partners, suppliers and workers.
by Fouad Khalil, SSH Communications SecurityNo matter what an enterprise’s major market is, it is probably subject to regulatory compliance requirements, such as PCI, SOX, FISMA and HIPAA. PCI requirements in particular demand a high level of auditability and controls. Read More >>>
Traditionally, information regarding health is closely guarded, available only to the immediate healthcare providers and patients involved. However, as electronic records become normal, and people allow health applications to track their fitness and everyday activities, the lines demarking what is Protected Health Information (PHI) and what isn’t are blurring. Essential, commonplace items like smartphones and office computers are playing a role in the unauthorized loss or disclosure of patients’ sensitive medical data. It’s important to make sure you and your practice are not at risk.
When it comes to dealing with data breaches, there is no one-size-fits-all guide. Every incident and organization is different. Even so, preparing for the evitable breach is worth the time, effort, and expense given the millions of dollars a breach could cost an organization in terms of lost data, business, and reputation. This playbook is a starting point to help an organization’s board of directors create an action plan.
While technology has benefited retailers in many ways, it has also contributed to growing levels of fraud. Although EMV and other developments are helping to curb identity theft fraud and unauthorized transactions, “chargeback fraud” remains a major threat to eCommerce merchants. As the technology of electronic payment processing becomes nearly ubiquitous in the business world, online shopping is rapidly overtaking in-store sales for many items. But with any fast-evolving system, scammers find loopholes that can eat deeply into profits.
There are distinct differences when it comes to the hackers out in the world. Most often, the media focuses on the most unethical of hackers, but that doesn’t mean that ethical hacking doesn’t have its rightful place in the world of information technology security systems. In fact, there are three types of standard hackers: the White Hat hackers, the Grey Hat hackers, and the nefarious Black Hat hackers. Let’s delve into each one of these unique hacker hats and the features and ethics attributed to each, which separate one from another.
Forged emails are extremely common. Most of the time forged emails are merely a nuisance.However, if you accidentally share information with or click on a link from someone who sent a forged email, the results can devastate your goal or even your site, or if it’s really evil, an entire computer. Here’s some information about how to recognize and stop forged emails.
No longer a catchphrase or a vague notion, the Internet of Things is in full swing. McKinsey & Company estimates that the IoT has a total potential economic impact of $3.9 trillion to $11.1 trillion a year by 2025. Manufacturers are already spending considerable amounts of money on mobilizing the enterprise, including connecting employees, products, services and machines/vehicles. Digging deeper, we can see what functions in the business they’ve tackled first.
Cyberattacks are a real threat to a great many industries. They have cost the U.S. economy over $100 billion dollars in 2014 alone, and have put the personal information of approximately half of the U.S. adult population at risk. Some industries are more susceptible than others and are at a greater risk of becoming victims of cybercrimes than others. Cyber criminals certainly aim to get the most bang for their buck, and tend to target specific industries that offer the highest financial return for their efforts.
There is no longer any subjectivity in this statement: security is at the top of list for all CIOs. Every meeting I’ve attended over the last three months has been dominated by the topic of security and when it’s injected into the conversation, it’s not necessarily by my team, but the customer.
In their recently released report, “Define a Road Map to Accelerate Your Security Program,” Forrester Research explains why a security road map is exactly what your organization needs.
This report details the survey results of all aspects of alert management – covering where alerts originate, how they’re categorized, and how they’re managed – and how the process can increase the likelihood of a breach being successful.
According to Bank Info Security, infosec jobs in the United States are on track for moderate growth — in the last year, popular roles such as “security analyst” enjoyed a 5 percent bump in total number of available positions. As noted by the Office of Personnel Management, however, there’s a “critical cybersecurity skills gap” emerging, one that requires an influx of new IT talent to fill. For tech experts who’ve just finished their first round of certifications or made the investment in more training, here’s a look at four top infosec jobs that should be on your radar.
Data breaches make headlines, and continue to raise very justified concerns. It’s not just random hackers. Nor should we assume that corporations and high-tech firms are the ones at risk. The majority of data theft affects small businesses. Sensitive data like credit card numbers means relatively greater reward for less risk. Retailers with numerous POS systems transmitting data are especially vulnerable. The increasing use of cell phones as payment devices means another avenue of attack opening up to hackers.
To engage employees in IT security, they’re going to need to understand why it’s important. Simply telling them it’s important isn’t enough. Sure, everyone has a vague notion of what security is, and many – if pressed – would tell you it’s important.
2015 was fraught with high profile security breaches and highlights that no industry or organization is immune from attack. We have seen significant breaches in government (Office of Personnel Management), healthcare (Anthem and UCLA health), retailers (CVS) and telecom organizations (T-Mobile). Not even toy vendors are safe. VTech revealed that 5 million customers accounts in three-dozen countries were hacked, exposing personal data, chat logs and photographs of children who use its Internet-connected toys. With many experts expecting more of the same in 2016, why are these hacks increasing in scope and severity and what should enterprise security teams do to minimize their exposure?
