On cybersecurity, execs are burying their heads in the sand
San Francisco Business Times
Despite businesses increasing their overall spending on cybersecurity – a recent survey of C-level executives showed an increase of 24 percent between 2014 and 2015 – added funding “doesn’t always translate into an increase in efficiency,” security knowledge or interest. In fact, 40 percent of respondents said they don’t feel responsible for cybersecurity and 91 percent of board members said they couldn’t interpret a cybersecurity report. Reporter Annie Gaus discusses these and other results of this survey, which, highlights a need to better prepare executives for dealing with cyber threats that could impact their businesses.
That email from your CEO could be a scam
CBS Money Watch
The FBI recently issued a statement on a “dramatic rise [in] the business e-mail compromise scam, or B.E.C.,” a type of fraud in which criminals use spoof company emails or social engineering to convince victims to transfer funds to their accounts. In the statement, the FBI, which cites reports from more than 17,600 victims of this type of crime, suggests that people should be suspicious of any emails requesting urgent wire transfers and, when in doubt, verify whether emails that appear to be from colleagues are legitimate by checking with the colleagues themselves. Additionally, the FBI recommends using multi-factor authentication and looking carefully at messages to verify their legitimacy in order to protect their accounts. CBS Money Watch’s Aimee Picchi discusses B.E.C. scams, the rise of tax fraud and NCSA’s advice about phishing and suspicious messages.
Are IT executives blind to cybersecurity threats?
Security company Barkly’s “Cybersecurity Confidence Report,” which resulted from a recent survey of 350 IT professionals, found a disconnect between IT professionals and executives regarding their levels of cybersecurity concern. For example, the survey revealed that half of staff were “not confident in their current security products or solutions,” whereas nearly 70 percent of respondents at the executive level were confident in their organization’s cybersecurity. Jen A. Miller of CIO discussed these and other results of the survey with security experts and executives, suggesting that IT professionals’ closer work with security threats might make them more concerned than executives, who are not dealing with attacks on a daily basis. Additionally, executives might have more “blind faith” in security technologies like firewalls than IT professionals. Miller’s interviewees suggest different methods for dealing with this disconnect, including sending fake phishing emails to staff to test their security knowledge and fostering better communication between executives and staff.
Balancing privacy and security a key challenge, says NCA
According to the United Kingdom’s National Crime Agency (NCA), the “post-Snowden era” has made it more challenging for law enforcement to strike a balance between security and privacy, particularly when it comes to cybercrime. NCA’s head of operations, Mike Hulett, discusses the debate regarding the use of encryption and whether law enforcement should be given access to the information on encrypted devices and suggests that public perception about how law enforcement agencies collect consumer data is “’wholly inaccurate.’” Hulett emphasizes that law enforcement should show that they are only seeking information for “specific reasons that result in tangible outcomes” in order to succeed in making the case for access to necessary information. Additionally, ComputerWeekly.com security editor Warwick Ashford highlights Hulett’s insight on the focus of the NCA’s attention (“’elite cybercriminals’” located mostly overseas), the marketplace for cybercrime and NCA’s plans to improve information sharing between law enforcement and industry.
How Network Segmentation Can Help Entrepreneurs Manage Ransomware Risks
Entrepreneur contributor Peter Gasca discusses the growing prevalence of ransomware, “malicious software designed to block computer systems by encrypting the data in which the attackers gain access…until a ransom is paid,” highlighting how phishing scams and individuals’ poor cybersecurity habits make it easier for cybercriminals to act. According to the Symantec Internet Threat Report, the number of ransomware attacks doubled from 2014 and 2015, and many experts predict that the trend will continue. Even worse, “authorities have no solid strategy for stopping [these attacks],” with even the FBI recommending that companies targeted by ransomware pay the ransom in order to regain access to their data. As the numbers and sophistication of ransomware grow, some companies are working to protect businesses by providing cutting-edge technology tools in response to studying the evolution of ransomware. For example, by grouping together network assets, or segmenting networks, businesses can help limit how much information an attacker could access. Gasca recommends dividing company networks into segments and then controlling each group’s “communication to the outside world…[and] between segments of the same network.” He explains how the approach can work to help protect businesses’ critical information and urges organizations to consider how they can best use the approach to thwart cybercriminals and limit the impact of these types of attacks.
Think tank warns about ransomware epidemic with IoT devices
According to the Institute for Critical Infrastructure Technology, a cybersecurity think tank, the Internet of Things (IoT) and IoT devices ranging from pacemakers to cars are “the next target for ransomware.” As ransomware attacks become more widespread and our critical devices become more connected, cybercriminals will have more opportunities to make money by compromising these devices and demanding money in exchange for renewed access to them. Companies are becoming more concerned about the threats of ransomware attacks as they and other cybercrime incidents become more common and sophisticated, with many of them securing cyber insurance for protection in the event of a breach. The Business Insider Intelligence team discusses these trends and some key takeaways of its new report on cyber insurance, including the growing cost of purchasing insurance, the lack of historical data about cyber attacks to inform insurers of their risks and exposures and the low adoption rates in certain markets such as manufacturing.