7 Ways to Prepare for a Cybersecurity Audit
Data breaches, phishing attacks, information disclosure – the Internet can be a scary place. Conducting a cybersecurity audit (or getting a third-party assessment) is a great way to understand your organization’s cybersecurity posture. But, like preparing any exam or review, getting ready for a cybersecurity audit can be intimidating. While every security assessment will be…
18.5 Million Websites Infected With Malware at Any Time
There are more than 1.86 billion websites on the internet. Around 1% of these — something like 18,500,000 — are infected with malware at a given time each week; while the average website is attacked 44 times every day. Sitelock has published its Q4 2017 Website Security Insider analysis of malware and websites based on…
Spend Less, Test Faster: Choosing the Right Security Tools
People are creatures of habit. If we learn something one way, we’re prone to stick to it. Less in a “my way or the highway” sense and more so in a “if it ain’t broke, don’t fix it” one. Not every security tool is right for every environment, and just because one set of tools…
Malware ‘Cocktails’ Raise Attack Risk
Malware mash-ups hiding in encrypted traffic are boosting attack numbers and increasing the danger to data, according to recent reports. It was good while it lasted. The drop in malware attack attempts seen in 2016 – from 8.19 billion in 2015 to 7.87 billion – is but a fond memory, as 2017 saw more than…
IIC Publishes Best Practices for Securing Industrial Endpoints
The Industrial Internet Consortium (IIC) has published a new paper designed to provide a concise overview of the countermeasures necessary to secure industrial endpoints; that is, the industrial internet of things (IIoT). The paper (PDF) is not meant to provide a checklist for compliance or certification, but rather a starting point to understand what is…
Data privacy: What your employees don’t know but should
What do employees in your organization understand about security, data privacy, and compliance? According to a recent report from Bothell, Wash.-based MediaPro, perhaps not as much as they should. With data privacy fast becoming a hot-button issue, and the European Union’s General Data Protection Regulation (GDPR) right around the corner, what your employees don’t know…
Tracking Malicious Insiders: Catch Me If You Can
The idea of malicious insiders stealing valuable assets brings to mind a picture of masked men breaking into a bank vault or museum and making a getaway with their illicit stash. But what if the enemy is one of us — someone who knows exactly where we keep our most valuable items, how we safeguard…
Most top US higher ed institutions fail to protect students from phishing
88.8 percent of the root domains operated by top colleges and universities in the United States are putting their students, staff and other recipients at risk for phishing attacks that spoof the institution’s domain, according to 250ok. Phishing and spoofing attacks against consumers are likely when companies do not have a published Sender Policy Framework…
Healthcare Experiences Twice the Number of Cyber Attacks As Other Industries
Healthcare has become the second largest sector of the U.S. economy, accounting for 18% of gross domestic product (GDP) in 2017, and is rivaled only by U.S. Federal Government’s 20% share of GDP in the same year. Not surprisingly, IT spending in healthcare is keeping pace, reaching $100 billion in 2017. As healthcare sector technology spending grows, so does the sector’s…
Where Rubber Meets the Road: Exposed Credentials in the Cloud Facilitate Cryptocurrency Mining
Cloud and DevOps enable powerful, transformational advances across many businesses – from finance to manufacturing. But, what happens when a cyber attacker gets a hold of the access keys to the cloud account of a leading automobile manufacturer? Well, as learned in the recently reported breach at Tesla, the attackers exploited access to mine for cryptocurrency! Reportedly,…