2018 appears to be the year of regulatory compliance, threatening to hinder all IT initiatives and projects. Whether it’s The Payment Card Industry Data Security Standard (PCI DSS), the banking sector’s PSD2 (Revised Payment Service Directive), NIST for federal agencies or the EU’s boogey-man - Global Data Protection Regulation (GDPR), organizations worldwide are struggling to meet all industry-specific guidelines and recommendations to avoid substantial fines following an incident.
About a year ago, Europe’s largest electrical and telecommunications retailer was hacked, compromising 5.9 million customer cards and 1.2 million personal records. Dixons Carphone claimed it had been unaware of the breach until recently, so no information had been held back from their customers or regulatory bodies.
We are thrilled to let you know we’ve been named a leader in this Wave evaluation. We believe this validates what our customers have been saying about our enterprise endpoint protection capabilities across a wide range of platforms.
Two of the hottest technology trends today are the rise in Internet of Things (IoT) and blockchain adoption. A recent report by the Cloud Security Alliance (CSA) brings these two areas together—in a potentially good way.
As bad actors seek ever-more lucrative ways to enhance their Distributed Denial of Service (DDoS) attacks, analysts are noticing a sustained effort from the black hat community to amplify their firepower.
Electric car manufacturer Tesla is facing a nightmare insider attack scenario for which too many companies today fail to prepare. Tesla CEO Elon Musk admitted this week that an employee managed to intentionally wreak havoc with the software code that underpins the company's manufacturing system. The fallout has resulted in "quite extensive and damaging sabotage to our operations," according to Musk in a company-wide email that was leaked to CNBC two days ago.
Employees are a company’s first line of defense against an impending breach. All it takes is one negligent staffer with bad password hygiene, or an unwary employee falling for a phishing scam, for hackers to gain a foothold in an organization’s infrastructure.
Dixons Carphone, the major electrical and telecommunications retailer in Europe, has just confirmed a data breach attempt that occurred almost a year ago in the UK. According to the company’s press release, the security incident affected 5.9 million customer cards and 1.2 million personal records, involving names, addresses and emails, were compromised.
Chances that ransomware will go away any time soon are slim, so security experts can’t emphasize enough the importance for enterprises to seriously invest in cybersecurity and focus on developing risk mitigation strategies to avoid being caught off-guard. For some reason, the number of businesses ready to pay ransom to get their data back is increasing, opening up endless opportunities for hackers working on complex malicious software to further compromise corporate networks.
Software defined Networking is here, and there’s plenty of talk about what this means for security. As Ericka Chickowski wrote in Security Must Adjust as SDN Goes Mainstream we know one thing: security will need to continue to adjust to compensate.
Reuters reported last week week that the ransomware attack suffered by the city of Atlanta in March was proving costlier than initially thought. City officials told the news agency that the strike continued to disrupt Atlanta’s “mission critical” applications even after its discovery, as the pestilence had not been fully contained.
The French National Commission on Informatics and Liberty (Commission Nationale de l'informatique et des libertés or CNIL) has issued a record fine to an optical center after the company failed to secure the personal (and in some cases highly sensitive) data of its customers.
In late April, a Windows zero-day attack was discovered in the wild that affected all supported versions of Windows. Microsoft released a patch on May 8th to address the issue. This zero-day, dubbed Double Kill, exploits a VB script vulnerability, and potentially affects any system from Windows 7 onwards, including servers.
That’s the conclusion of at least one cybersecurity services provider. According to Risk Based Security, following year over year increases in the number of publicly reported data breaches, the first three months of 2018 saw a respectable decline. But while the numbers look good, they may reflect a change in criminal targeting and goals and less an indication that cyber-criminals are waving white flags.
Once a paltry segment of enterprise IT, security has become a crucial factor in the success of an organization. This paradigm shift, driven by growing legions of bad actors and new regulations, have cast the spotlight on IT security leaders like never before. This, Gartner analysts calculate, creates an unprecedented opportunity for CIOs and CISOs to prove their value and – why not? – forge new career paths.
Private and public Wi-Fi networks have become critical parts of the technology infrastructure of many organizations, particularly with the rise of mobile device users in the workplace. Many people rely on these networks to access the Internet, leverage corporate applications and data, and collaborate with their colleagues—among other uses.
Breaching enterprise systems and holding their data hostage is a growing threat to organizations everywhere. Governments are fighting back by putting the onus on custodians to protect their data or face hefty fines. Even so, bad actors show no signs of backing off.
Last week the team behind Git, a platform that powers millions of the world's developer code repositories--including those on the wildly popular GitHub hosted service--released a crucial security update meant to keep developer environments safe. The patch was made to fix a flaw in how Git handles submodule repository configuration during cloning. It's a dangerous hole that could give attackers the power to create malicious Git repositories and leverage them to run arbitrary code execution on target developer machines.
(Article also available in German, French, Spanish, Italian, and Romanian.)
In an increasingly hostile landscape where large cyberattacks make headlines virtually every month, companies have started shifting their security defense paradigm toward gaining more visibility into the way attacks occur, and how they become targets.
Companies provide detailed reports on previous and identified cyberattacks to their managers or board of directors every eight months on average, according to a recent survey of 1,050 chief information security officers in the US and Europe.
What’s a leading indicator that an organization may invest in biometric authentication? It turns out that it’s a data breach.
