Cybersecurity breaches are an all-too-common and ever-evolving threat that every organization should be prepared for. But as digital ecosystems evolve to support new innovations and an increasing number of connected devices, so does the complexity of managing and securing critical network infrastructure. What can be done to prevent attacks and protect sensitive data and critical infrastructure? One of the first and most critical steps to improving security is to ensure network management operates independently from the production network.
Overlooked risks can cost companies millions in financial and reputational damage — but existing commercial threat intelligence solutions often lack data coverage, especially from these alternative web spaces.
How does this impact corporate security operations, and how can data coverage gaps be addressed?
Data must be protected. There’s no argument about that. Solutions to protect data at rest and data in motion have been around for decades. The problem is that for data to be useful, it has to be processed, and, until recently, processing left data wide open to theft or attack.
A third wave – feels more like a third tsunami. Many haven’t returned to the office; some may end up back in work-from-home scenarios. While workers may feel safe at home, false senses of complacency can easily mask very real cyber threats. Cybercriminals don’t pause for pandemics. With the increase in remote work, an explosion in cybercriminal activity, like phishing, has followed. Not only is phishing still prevalent, but it’s rising much like that third wave.
For most of this year, COVID-19 has dominated and disrupted our normal business routines, and as we relocated to avoid the first wave of the virus, the hackers and thieves weren’t far behind. As people began working remotely in large numbers, the number of unsecured remote desktops soared, as did brute-force attacks against those desktops.
While the first thing that may come to mind is attacks on voter booths and polling data, hackers were expected to hit more vulnerable targets first, such as community-based organizations and systems supporting political campaigns.
These networks are rarely designed to withstand the ransomware threats much larger, established political bodies face, and hackers know it.
Here, we talk to Doug Matthews, Vice President of Product Management for Veritas, about the conditions impacting data protection during the election period.
Cybercriminals quickly weaved the pandemic into their email scams earlier this year, and more recently impersonated the IRS by pretending to share updates about COVID tax relief in an attempt to steal sensitive tax information. In mid-April, Google’s Threat Analysis Group reported that they detected 18 million COVID-19 themed malware and phishing emails per day. And that’s without including all the email impersonation, invoice fraud, and phishing attacks that have nothing to do with COVID, but are dangerous nonetheless.
In this article, I will provide some tips to help individuals and organizations communicate more securely over email.
By now, it’s no secret that the endless quest by tech companies, data brokers and other players to capture, make sense of and monetize as much user data as possible – a practice known as surveillance capitalism – presents all sorts of privacy issues. Less discussed are the increased security risks this model creates for companies, governments and individuals.
Ian Pratt, HP’s Global Head of Security for Personal Systems, believes hardware-embedded security paired with a robust cybersecurity education and cyber hygiene protocols for remote employees is core to any organization’s operational resiliency. Below, we speak with Pratt about the long-term security implications of the pandemic, what CISOs should be doing now to prepare for an increasingly uncertain future and where he believes cybersecurity is headed next.
Cybersecurity teams struggle with a lack of visibility into threats, endpoint devices, access privileges, and other essential security controls necessary for a robust cybersecurity posture. Without full visibility into their entire digital ecosystem, infosec teams cannot fully secure the assets on their networks or effectively prioritize the most serious threats. Below, I dive into how security professionals are still fighting the battle between effectively viewing serious threats and communicating cyber risk to company leadership.