Reducing your attack surface requires a robust vulnerability management solution to help combat today’s most persistent and devastating cyber threats. Whether you’re a CIO, IT manager or an engineer, you probably know that Vulnerability Management is a critical element of any information security strategy.
Cyber Essentials and Cyber Essentials Plus are UK government-backed schemes that are designed to help protect organizations against 80 percent of most common cyber-attacks. This scheme lays out five basic security controls that must be implemented in order to defend against today’s most common cyber threats. These controls are closely aligned to other notable security frameworks, including the Basic CIS Controls as well as the PCI DSS requirements.
When I’m not fighting the good fight against the dangerous world of cyber crime, you’ll often find me out on the field coaching youth soccer. In my experience as a coach, if you ask any group of kids new to the game of soccer “who wants to be a striker?” pretty much every hand will go up.
The coronavirus outbreak has become a real global pandemic affecting hundreds of millions of individuals and organizations across the world. Many governments have advised residents to avoid non-essential social contact and travel, a concept recently coined ‘social distancing’. For safety reasons, most organizations have also advised their employees to work remotely from home and have taken steps to allow users remote access who would not normally have the ability to do so.
A new vulnerability was recently discovered that could potentially allow attackers to obtain sensitive information from over one billion Wi-Fi-capable devices. Kr00k (CVE-2019-15126) is the latest vulnerability that's been shown to caused devices to use an all-zero encryption key to encrypt part of a user's communications, allowing hackers to decrypt some wireless network packets transmitted by impacted devices.
According to CyberMDX, medical devices pose a serious threat to healthcare organizations (HCOs) and are twice as likely as general network devices to be vulnerable to Bluekeep. The 2020 Healthcare Security Vision Report found that thirty percent of US healthcare organizations have experienced a cyber-attack over the last 12 months. These breaches reportedly cost an average of $6.45 million - a figure sixty-five percent higher than that of the cross-industry average.
A local authority in northeastern England has suffered a major ransomware attack, leaving online public services unavailable for over 135,000 residents for over a week. As of now, the website for Redcar Cleveland Borough Council is still down. An update was published on Monday February 17, stating we are experiencing issues with our IT systems and are still able to receive and answer limited calls and emails. The company is currently having to prioritize messages based on urgency.
The government of Puerto Rico has publicly announced that its Industrial Development Company has fallen victim to an email phishing scam. The government-owned corporation transferred $2.6 million to a fraudulent account after reportedly receiving an email that alleged a change to a bank account tied to remittance payments. The transfer was made on January 17, 2019, but officials only found out about the incident earlier this week.
A new study from The Ponemon Institue found that organizations are spending nearly 60% more to recover from insider threats compared to three years ago. The study involved companies located in North America, Europe, the Middle East, and the Asia-Pacific region. The report found that cybersecurity events caused by insider threats have increased by almost 50% since 2018.
