Companies Are Stockpiling Bitcoin to Pay Off Cybercriminals
MIT Technology Review
A recent Citrix survey of IT and security professions indicates that some companies are acquiring and storing digital currency Bitcoin in order to be ready for potential ransomware attacks – which hold data hostage unless fees are paid – on their networks. Ransomware attacks are growing in prevalence, and many victims have opted to pay the ransoms in order to get their data back. According to MIT Technology Review San Francisco Bureau Chief Tom Simonite, it may be hard to determine how many companies stockpile bitcoins for this purpose because if they were to acknowledge that they are “ready to pay,” it “could attract the attacks this policy is designed to handle.”
More Than Half of IT Execs Will Lose Jobs for Poor Reporting
A recent report from Osterman Research indicates that board members and executive teams are “indeed paying attention” to whether their IT and security executives provide them with useful reporting information – with more than half of these executives losing their jobs if they fail to do so. Eighty-nine percent of board members surveyed said they are “very involved” in making cybersecurity risk decisions, and cyber-risks were the top priority for more than a quarter of those surveyed. However, Infosecurity Magazine reporter Tara Seals points out that “awareness doesn’t mean that they fully understand what that risk entails” and that 85 percent of those surveyed consider IT and security executives responsible for conducting better reporting for board members.
FBI: Business Phishing Attacks Net Cyber Thieves $3.1 Billion
According to a June 14 FBI alert, phishing attacks on businesses have “soared to a $3.1 billion scam” since January 2015, with a 1,300-percent increase in the amount of exposed losses from business email compromise (BEC) scams. These email scams are sophisticated, with criminals spending time learning about potential victims to understand “the protocols needed to conduct wire transfers from their specific company or business environment to the would be cyber thieves.” InformationWeek reporter Dawn Kawamoto discusses the June alert and recent scams requesting wage or tax statement information and the FBI’s recommendations for victims.
The number of corporate users hit by crypto ransomware is skyrocketing
The prevalence of ransomware programs has “exploded over the past two years,” with a March Kaspersky Lab study showing a jump of almost 18 percent in a one-year period over the previous 12 months. More than 2.3 million people encountered ransomware between April 2015 and March 2016, according to the analysis, and corporate users made up 13 percent of all ransomware victims in this period. IDG News Service correspondent Lucian Constantin discusses these and other results of the analysis and emphasizes the importance of prevention by backing up critical data regularly, training people on recognizing phishing emails and keeping software on devices up to date.
Spy Tech That Reads Your Mind
Eric Shaw, a psychologist and consultant to the intelligence community, developed a software tool called Scout that “combs through an organization’s emails and text messages…looking for high usage of words and phrases [associated] with certain mental states and personality profiles.” According to Shaw, this software could be used to determine which staff members, for example, were the most disgruntled at a company not just by looking for key concerning words but also through using “unconscious syntactic and grammatical clues” to detect anger, stress or other red flags in employees. Scout is being marketed as a “cutting-edge weapon” to help companies fight insider cybersecurity threats and arm them against potential data breaches and workplace violence from disgruntled employees. Fortune’s Roger Parloff discusses Shaw’s work in the ”rare specialty” of political psychology, the prevalence of insider threats and how new software and tools can help organizations identify behaviors that depart from routine.