The US Secret Service hosted a virtual Cyber Incident Response Simulation for financial services, real estate, retail and hospitality executives who trained on mitigation strategies for a simulated business email compromise (BEC) attack. Business Email Compromise is a sophisticated scam targeting both businesses and individuals performing a transfer of funds. The scam is frequently carried out when a subject compromises legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.
Traditionally, security operations centers (SOC) used tools such as endpoint detection and response (EDR), network detection and response (NDR), and security information and event management (SIEM), but as a result of the rush to remote work, many security teams have found their tools are now blind to many new and emerging threats.
With mobile usage a dominant channel going forward, authentication techniques need to move beyond two steps forward for authentication and one step backward for user experience. Just as passwords are being discarded because of the high friction they create for users, new multi-factor authentication techniques are moving in.
A recent survey conducted among consumers and IT professionals by SecureAge Technology suggests that a majority of these groups believe COVID-19 contact-tracing technologies put individuals' personally identifiable information (PII) at risk. Generally, however, both these groups believed that these types of tools could help mitigate the spread of the disease, and would support a nationwide rollout of the technology in spite of privacy concerns. So, are contact tracing apps a 'necessary evil'? If so, what can be done to make these apps safer to protect PII and the privacy of the public? Here, we talk to Paul Kohler, Chief Technology Officer (CTO) at S3 Consulting.
The Cybersecurity and Infrastructure Security Agency (CISA) issued an Emergency Directive 21-01, in response to a known compromise involving SolarWinds Orion products that are currently being exploited by malicious actors.
Hackers working on behalf a foreign government are believed to be behind a highly sophisticated attack into a range of key government networks, including in the Treasury and Commerce Departments, and other agencies. The hackers had free access to their email systems.
It’s a typical day in the Global Security Operations Center (GSOC). The anticipated chatter on the phones, radio communication, and sounds of the software giving audible alerts are all what you’ve come to expect in this busy hub of the security program.
Employees forced to work remotely during the COVID-19 pandemic altered their online habits, and to minimize hacking risk they needed cybersecurity tools to keep up. As a result, security administrators face a danger they may not have previously anticipated: attacks from insiders.
For retailers, a rapid shift to e-commerce means significant opportunity to increase sales margins, in an effort to end the year strong as COVID-19 continues to rattle the industry. However, this opportunity also comes with significant risk, as malicious actors are highly-motivated to exploit holes in retailers’ digital platforms for financial gain this holiday shopping season. To achieve strengthened eCommerce software security, here are four best practices retailers should implement, not just throughout the holiday shopping season, but year-round.
With the world transitioning to ecommerce, your online store is vital for ensuring your products are moving and sales are coming in. While you “can’t sell what you don’t have” in the retail world, you certainly can’t sell without a working online store in the ecommerce arena. Take the steps needed to ensure that all the goodwill and progress you made strengthening your online presence in 2020 is not wiped out in the coming year.
RSS
