IT security breaches: Why users shouldn’t take all the blame anymore
Often, when we hear about security threats at organizations, blame is placed on employees and tech users for not being cybersecurity savvy or “being unable to follow security policies in the workplace.” According to Angela Sasse, a professor of human-centered technology and director of the UK Research Institute in Science of Cyber Security at University College London, businesses need to understand that the organizations themselves – and the processes in place at those organizations – are also partly to blame for security incidents. “’[Security awareness is] basically still driven by the assumption that people are at fault and that we need to fix them…we need to get past that,” she said at the European Information Security Summit in London. Sasse shares advice to help businesses rethink security awareness in the workplace.
Too Many Small Businesses Aren’t Prepared for a DDoS Attack
Tom’s IT Pro
Distributed denial of service (DDoS) attacks are on the rise, and one contributor to this growing threat is the rapidly expanding Internet of Things (IoT). Cybercriminals are increasingly using IoT devices to facilitate DDoS attacks against websites; this type of attack, if it temporarily takes down a business’ website, can be costly both in terms of lost revenue and the impact it has on the company’s reputation. David Bourgeois, CEO of My IT, and other experts discuss the need for small businesses – not just big companies – to anticipate and be prepared for DDoS attacks and the prevention methods businesses can leverage.
Cyber security: Experts warn on rise of hacker ransoms
According to the UK’s National Crime Agency and National Cyber Security Centre, ransomware – in which cybercriminals steal data from computers, encrypt it and demand payment in exchange for returning the data to the consumers – may soon expand to other devices, including smartphones, fitness trackers, connected watches and TVs. The agencies’ recent joint report encourages businesses to be alert to ransomware threats and work to reduce the threat to critical services and mitigate attacks. BBC News discusses findings from the report and the growing ransomware threat to both consumers and organizations.
The new focus of online security? Small business
As the threat of cyber attacks grows for all types of organizations, the Federal Trade Commission (FTC) is strengthening its efforts to educate small and medium-sized businesses about how they can mitigate and manage cyber risk. “’This is particularly an issue for small businesses…we are seeing a huge amount of data breaches target small business, but they don't have the resources to withstand the impact,” said Maureen Ohlhausen, the FTC’s acting chairman, at the Nasdaq and National Cyber Security Alliance Cybersecurity Summit on March 13. Ohlhausen emphasizes that small businesses are often targets for cyber attacks because of the information they have about customers and employees, including credit card data, Social Security numbers and health and vendor data. MarketWatch reporter Kari Paul discusses the growing cybersecurity threats to small businesses and shares experts’ insights and advice for these organizations.
How to Use Red Teaming In Your Cybersecurity Program
“Do you know how secure your company is from a cyberattack?” asks Forbes contributor Christie Terrill, who recommends conducting red teaming exercises as a way to uncover what threats an organization faces and blind spots it “never otherwise would have known existed.” Terrill discusses the difference between red teaming and traditional penetration testing and the primary intent of this effort (to mimic how hackers would actually target an organization). She also explains three types of red team strategies that can benefit organizations – tabletop exercises, threat-based assessments and realistic assessments – and how to implement them.