As if dealing with COVID-19 were not enough, 2020 turned out to be a banner year for another troublesome strain of virus— ransomware. Malicious actors grew more sophisticated, daring and brutal. They also hit a number of high-profile targets. For those of you who didn’t keep up with all of the developments in the ransomware space, we’ve broken down some of the most important events and trends of the year here.
If high-tech gadgets are on your holiday shopping list, it is worth taking a moment to think about the particular risks they may bring. Under the wrong circumstances, even an innocuous gift may introduce unexpected vulnerabilities. In this blog series, VERT will be looking at some of the Internet’s best-selling holiday gifts with an eye toward their possible security implications.
As a security analyst, engineer, or CISO, there are so many aspects of the field that require immediate attention that one cannot possibly know everything. Some of the common areas of security knowledge include topics such as where to place a firewall, configuration and patch management, physical and logical security, and legal and regulatory concerns.
2020 was dominated by news of the pandemic and anchored by reality that we all found ourselves in – entire families logging in remotely, trying to keep school and work feeling “normal.” While we tested the limits of what a home office could sustain, the privacy and security of a fully remote world was put front and center. In this piece, we take a look at a few privacy highlights that will likely impact your business and look ahead to see what’s in store for 2021.
If high-tech gadgets are on your holiday shopping list, it is worth taking a moment to think about the particular risks they may bring. Under the wrong circumstances, even an innocuous gift may introduce unexpected vulnerabilities. In this blog series, VERT will be looking at some of the Internet’s best-selling holiday gifts with an eye toward their possible security implications.
As the retail world’s center of gravity shifts to the cloud, payment card fraud has followed suit. According to Verizon’s retail vulnerabilities study, attacks against e-commerce applications are by far the leading cause of retail data breaches. This trend mirrors similar outcomes in other industries, like food service. A complimentary Verizon study finds remote attacks against food service operators on the rise, as well.
Last week, the United States Cybersecurity & Infrastructure Security Agency (CISA) advised on initial steps to take in response to the SolarWinds software that was compromised by advanced persistent threat actors. While federal agencies were under a deadline to complete certain actions, this issue will require continued clean-up and longer-term efforts to mitigate the threat.
Every website on the Internet is somewhat vulnerable to security attacks. The threats range from human errors to sophisticated attacks by coordinated cyber criminals. According to the Data Breach Investigations Report by Verizon, the primary motivation for cyber attackers is financial. Whether you run an eCommerce project or a simple small business website, the risk of a potential attack is there.
Life for university students has changed massively during the coronavirus pandemic, as it has for all of us. While some in-person lectures and seminars are still taking place, there has been a big shift to remote learning. This has, perhaps understandably, led to concerns about how well students are engaging with this way of studying. Many universities have sought to address this by turning to remote monitoring tools to track students’ online activities.
Digital threats confronting Critical National Infrastructure (CNI) are on the rise. That’s because attackers are increasingly going after the Operational Technology (OT) and Industrial Control Systems (ICS) that shareholders use to protect these assets.
Coronavirus 2019 (COVID-19) stopped many things in 2020. While in-store holiday shopping may be greatly reduced for some, there’s still a lot of shopping happening online. Near the end of November 2020, Statista revealed that holiday retail sales were expected to grow approximately 3.6% over the previous year. And Adobe Analytics reported that online sales would likely rise 33% to a record $189 billion.
For the longest time, or as far as I can remember, the holy grail of all networking platforms has been the need for a single pane of glass, that single source of all information that you would need to be most effective. So, what is a single pane of glass?
Moving to the cloud means a lot more than just moving your servers and applications to the cloud; it’s also about the data – and data always has a target on it. A lot of IT departments are finding that it’s easier to meet the “five nines” (99.999%) of uptime and availability by going outside their organization and letting AWS, Microsoft, or Google handle the infrastructure and personnel needed to meet those requirements.
2020 has been a very interesting year for the global workforce, with the vast majority of organizations having to rapidly transition to a remote workforce with little to no prior notice thanks to the COVID-19 pandemic. The 2020 (ISC)2 Cybersecurity Workforce Study looks at the effect of this transition to remote work and how organizations have fared. It also analyzes the impact of the pandemic and the resultant transition to remote work on cybersecurity professionals.
On December 11, 2017, Platinum Edge Media and its founder CJ Thompson created National App Day as a way to celebrate how apps have inspired us and changed our culture. The Registrar at National Day Calendar went on to proclaim National App Day to be observed annually. We can’t truly appreciate the impact that apps have on our lives without an idea of how to use these programs securely.
It’s time to say a final “Goodbye” to Flash. (Or should that be “Good riddance”?) With earlier this week seeing the final scheduled release of Flash Player, Adobe has confirmed that it will no longer be supporting the software after December 31 2020, and will actively block Flash content from running inside Flash Player from January 12 2021.
Hey, did you get that sketchy email? You know, the one from that malicious hacker trying to fool us into clicking on some malware? Boy, these criminals are relentless. Wait, what? You clicked on it? Uh-oh. A hypothetical scenario, but one that plays out every day in organizations across the globe — a very real scenario that provides a good reason to take a deep dive into the topic of email security. Here are some more good reasons.
Organizations face an ever-evolving threat landscape. With this in mind, it is imperative that organizations keep an up-to-date vulnerability management policy for remediating and controlling security vulnerabilities that may lead to a breach. A good vulnerability management policy should contain the following.
The National Cyber Security Centre (NCSC) released its annual review of 2020. If you are unfamiliar with the NCSC, part of their mission is that they are “dedicated to making the United Kingdom the safest place in the world to live and work online.” This is a lofty goal, and since the first report, issued in 2016, the NCSC remains steadfast in its vision. This year’s report, which spans the period from September 2019 through August 2020, contains many interesting insights.
Organisations are still underestimating the risks created by insufficiently secured operational technology (OT). One current example comes from Germany. According to a report by heise.de, external security testers consider it “likely” that a successful serious cyberattack against the publicly owned water company Berliner Wasserbetriebe could lead to a complete failure of the German capital’s waste water management.
The Lazarus Group (also known as Guardians of Peace or Whois) is a notorious cybercrime gang made up of unknown individuals. According to the United States Federal Bureau of Investigations, the group is a North Korean “state-sponsored hacking organization.” However, some believe that their connections to North Korea might be a false flag intending to hide their true origins.
As an infosec professional, you’ve likely heard of the National Institute of Standards and Technology (NIST).
In October, the Federal Energy Regulatory Commission (FERC) released its “2020 Staff Report Lessons Learned from Commission-Led CIP Reliability Audits.” The report summarizes the Commission’s observations from Critical Infrastructure Protection (CIP) audits performed in conjunction with staff from Regional Entities and the North American Electric Reliability Corporation (NERC).
Computer security regulations have come a long way from their early beginnings. Even before the Federal Information Security Management Act (FISMA), there was the Computer Security Act of 1987 (CSA). The Computer Security Act was enacted by the 100th United States Congress in response to a lack of computer security protection measures, and a strong need for internal computer security governance for U.S. Federal agencies. Although the U.S.
