Training? What training? Workers’ lack of cybersecurity awareness is putting the business at risk
According to a recent UK study by AXELOS, a lack of employee cybersecurity awareness is putting organizations’ reputations and financial success at risk; the report suggests that companies “are ultimately failing to protect themselves against cyber attacks because even if staff are being provided with cybersecurity raining, it isn’t adequately informing them about good practice.” Less than half of the group surveyed had undergone security awareness training, and only a quarter of executives reported thinking that security training was “very effective” at changing employee behavior. AXELOS’ head of cyber resilience best practices, Nick Wilding, argues that organizations need to be more effective at engaging their employees and preparing them to “manage the cyber and information risks they now all face.” AXELOS has released advice for businesses on cybersecurity awareness training to accompany the research.
Mobile, Cloud Security Are Top IT Leadership Concerns
A recent Dell survey of business and IT leaders revealed that, while respondents were increasingly aware of and considering data security, they still faced obstacles with strengthening their organizations’ cybersecurity. Thomas Claburn features remarks from Michael Kaiser, executive director of the National Cyber Security Alliance, regarding the survey results and the need for stronger cybersecurity cultures in organizations. According to Kaiser, there’s “still a lot of work to do for organizations to integrate [cybersecurity] as a normalized practice,” and boards of directors need to be involved and engaged in cybersecurity at their organizations. Top concerns highlighted in the survey included mobility, cloud security and encryption.
How enterprises can defend against rapidly evolving ransomware
Cybercrime is growing and thriving, in large part because it’s successful and its “returns are enough to keep enterprising cyber criminals working nearly nonstop to improve their strategies.” According to Agari Field Chief Technology Officer John Wilson, some of the main techniques used by malware authors are web services and outsourcing – things legitimate software engineers do as well. As the Internet grows and cybercriminals become more prevalent and advanced, it will continue to be difficult to stop malware attacks; however, according to the executives interviewed by CIO Dive’s Justine Brown, “the best defense…is a good offense.” Brown discusses the elements of cyber attacks’ success, including tricking people into clicking on malicious content and relying on organizations’ lack of advanced threat protection, the need for having recovery processes in place and the importance of cyber insurance.
FBI wants U.S. businesses to help as cyber extortion gains urgency
The FBI is seeking assistance from companies and security experts as it investigates a new type of ransomware – malicious software that “encrypts a victim’s data so they cannot gain access to it on their computers, then offers to unlock the system in exchange for payment – being used in extortion schemes. This new ransomware program, MSIL/Samas.A, works to encrypt data on entire networks rather than on one computer at a time. The FBI provided companies a list of ways to help determine whether they were victims of these types of attacks and urged organizations to immediately contact the FBI’s CYWATCH cyber center if they discovered they’d been attacked or had other information that might aid the investigation.
Cybercriminals are overcoming language and time zone barriers to cooperate on making malware more dangerous
An alarming Kaspersky Lab report reveals that cybercriminals in countries thousands of miles apart are working together, overcoming differences in language and time zone to “borrow techniques from each other and speed up the development of malware.” This trend of cybercrime collaboration shows a shift from developing techniques “in complete isolation” to one of buying and selling malware and offering service and advice internationally. ZDNet reporter Danny Palmer discusses how Kaspersky noticed “signs of cooperation” between hackers in Russia and Brazil and how these criminals work to avoid detection. The experts Palmer interviews say there’s “only one answer” to fighting multi-national cybercrime cooperation: conducting an international investigation of these activities.
This one chart explains why cybersecurity is so important
Business Insider (BI)
As data breaches and other types of cyber attacks increase in prevalence, the level of concern about cybersecurity grows as well. Business Insider’s research service recently released an infographic to provide key information on the importance of cybersecurity, including the definition of cybersecurity (“technologies and processes that protect IT assets from cyber attacks”), the growing size of the cyber market, the differences between – and prevalence of – the top five types of cyber attacks and the top five areas of protection. Additionally, the BI Intelligence team discusses its IoT Security Report and Cyber Insurance Report, which discuss why IoT devices “often lack basic security measures,” the market for solutions to help prepare IoT devices against attacks, the ways hackers could attack IoT devices, how organizations can secure their IoT devices, the growing cyber insurance industry, the increasing sophistication and cost of cyber attacks and other topics.