Whaling, highly targeted social engineering attacks aimed at senior executives, as well as executive impersonations, have seen an increase of 131% between Q1 2020 and Q1 2021, according to GreatHorn.
Even if you are not mandated to adhere to any particular regulations, it still makes sense for your business to be proactive in managing risk. All frameworks include guidance for good cybersecurity hygiene, such as effective inventory and asset management, contingency planning, personnel security, system access control, and staff awareness and training, to list a few. To prepare for the aftermath of a cyber incident, frameworks provide incident response guidelines you can follow to recover and try to limit the damage. Establishing a framework can not only help your organization follow best practices but also bring rigorous cyber discipline to your organization.
While many people around the country were under stay-at-home orders, many security professionals, classified by the federal government as essential personnel, have continued to report to work during the pandemic. The heart and soul of the physical security business are the nation’s contract security professionals who assume leadership roles – sometimes with lifesaving ramifications – at facilities across country. Security professionals act as the first line of defense against civil unrest, violence, terrorist attacks and the pandemic.
It seems that every day there’s a new story about a security lapse, emergency lockdown, or violent act taking place at a school somewhere in the United States. Today it’s simply inexcusable not to have adequate security measures in place—regardless of how safe you think your community may be. In School Security: How to Build and Strengthen a School Safety Program, Second Edition, Paul Timm, board-certified Physical Security Professional, nationally acclaimed expert in school security, and recipient of Security magazine's 2020 Most Influential People in Security, explains how to make your institution a safer place to learn with easy-to-follow steps.
U.S. President Joe Biden has signed an executive order (EO) to improve the cybersecurity of the U.S. As the U.S. faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately people’s security and privacy, the EO seeks to improve efforts to identify, deter, protect against, detect, and respond to these actions and actors. Specifically, the EO will:
Noted security expert Mathy Vanhoef recently discovered a Wi-Fi security vulnerability, that if exploited, it would allow an attacker within radio range to steal user information or attack devices. The security vulnerability, known as FragAttacks - fragmentation and aggregation attacks - are design flaws in the Wi-Fi standard and therefore affects most devices. In addition, Vanhoef discovered several other vulnerabilities that are caused by widespread programming mistakes in Wi-Fi products.
For many years, the focus on securing OT environments has been on the imminent danger of a cyberattack upon critical infrastructure, in other words, SCADA/ICS attacks. Most of the concern has been on nation state actors like China, North Korean, Iran and Russia directly attacking and destroying our infrastructure.
Just like about everything else in the world, the loss prevention/asset protection space has been hugely affected by the pandemic and the “traditional” threat landscape for security professionals in this area has evolved over the past year and half. Let’s take a look at pain points, best practices and COVID-19’s impact on loss prevention.
HP Inc. released its HP Wolf Security Blurred Lines & Blindspots Report, a comprehensive global study assessing organizational cyber risk in an era of remote work. The report shows that changing work styles and behaviors are creating new vulnerabilities for companies, individuals, and their data.
COVID made “flatten the curve” a household phrase in 2020, but did you know the concept also applies to vulnerability exploits? It turns out that what’s past is prologue in exploit trends. By tracking which attacks are being exploited the most, organizations discover important information to help proactively determine their vulnerability and risk. But it is also important to track attacks where activity has increased the most within a specified timeframe. It only takes one critical exploit to cause significant damage and, once inside the network, the attacker will need to move laterally and probably deploy additional exploits. That’s why understanding which exploits have the greatest likelihood of arriving on the network’s doorstep helps organizations prioritize patch management and risk assessment. This remains top of mind as cyber adversaries continue to maximize vulnerabilities, as we have recently seen with DearCry ransomware, for example.
RSS
