CyberScout is the nation’s premier consultative provider of identity and data risk management, resolution and education services.

Businesses don’t feel real comfortable about security

Businesses don’t feel real comfortable about security
January 22, 2016


Only 45 percent of worldwide organizations are confident in their ability to fend off today’s sophisticated cyber attacks, says a key finding in Cisco’s 2016 Annual Security Report. With the rate of digital transformation continuing to increase, business leaders are boosting measures to secure their organizations’ future, with 92 percent agreeing that regulators and investors will expect them to manage cybersecurity risk. John Stewart, Cisco’s senior vice president, chief security and trust officer, said: “With the Internet of Things and digitization taking hold in every business, technology capability must be built, bought and operated with each of these elements in mind.” Other findings: aging infrastructure: 92 percent of Internet devices are running known vulnerabilities and 31 percent of all devices analyzed in the survey are no longer supported or maintained by the vendor; from 2014 to 2015, the number of small and medium-size businesses using Web security dropped by more than 10 percent; and nearly 92 percent of “known bad” malware was found to use DNS as a key capability. This is frequently a security “blind spot” as security teams and DNS experts typically work in different IT groups within a company. Source: Beta News

Sharing is caring when it comes to protecting data

sh_taxes_280With the IRS, state revenue agencies and tax preparation services banding together to fight fraudsters, such companies as H&R Block and Intuit, which owns TurboTax, will share more and new types of data with the government to fight fraud. Tax-filing companies will, for instance, show the IRS how many returns are being filed from a single IP address, which could help catch criminals filing multiple returns from the same location. Tax-filing companies also are adding or improving security features. Passwords will require more complex combinations of characters. Users will get locked out after exceeding a certain number of failed login attempts. And two-factor authentication should help cut down on security breaches. Source: Time magazine

File early, get your refund later, but it’s a good thing

North Dakota Tax Commissioner Ryan Rauschenberger announced that the state will be instituting “additional preventative measures” to address concerns about tax fraud and, as a result, taxpayers should expect slower refund processing times. “We encourage taxpayers to file as early as possible to help prevent fraud.” North Dakota, along with many state tax departments, is requesting driver license or state-issued identification card information for electronically filed tax returns. “A slightly longer processing time is actually a good thing,” Rauschenberger says. “We are taking the time to prevent North Dakota tax dollars from getting into the hands of fraudsters.” In the last filing season, Rauschenberger’s office stopped more than 900 returns claiming $1.3 million in fraudulent refunds. Source: Forbes

Civilian cyber experts get caught in a draft

sh_britain cyber_280Britain is “drafting” civilian volunteers with specialist knowledge to help police fight cyber crime under reforms to be announced by Home Secretary Theresa May. Police forces have come under fire for lacking the necessary skills to deal with cyber crime at a local level, and have sought to ramp up capability to respond to cyber crime reports and collect evidence. In October 2015, the Office of National Statistics revealed there were 625,000 cyber crime offenses a month on average in England and Wales between May and August 2015, which security experts believe is just a fraction of the actual number. The government plans to expand the role of volunteers by approving measures aimed at giving more powers to volunteers with cyber, financial and other specialist knowledge. The home secretary said the measures were aimed at helping forces to bring in skills and free up officers to focus on jobs only they can carry out. Source: Computer Weekly

Uniting in the battle against cyber bad guys

FireEye paid $200 million to buy iSight Partners, in a move to boost its cyber intelligence offerings for governments and businesses as the sector consolidates. The deal brings together two of the world’s most prominent cyber firms: FireEye’s Mandiant forensics unit is a leader in helping companies investigate cyber attacks, while iSight has uncovered major cyber campaigns from Iran, Russia and other nations. ISight has 250 experts in 17 countries tracking about 16,000 adversaries. Both companies already have significant government businesses, but FireEye is stronger in the corporate market and said it hopes to distribute new intelligence products to those customers. Source: Reuters

I’m sure I would have won if I’d been able to buy a ticket

sh_euro lottery_280Ireland’s National Lottery website and ticket machines were brought down by a cyber attack, the operator confirmed. Lotto customers were unable to buy tickets for the drawing for a 12 million-euro jackpot, which was the largest in 18 months without a winner, for up to two hours because of the disruption. “Indications are that this morning’s technical issues were a result of a DDoS (Distributed Denial of Service) attack affecting our communications networks,” operator Premier Lotteries Ireland said in a statement. “The issues were resolved by the National Lottery’s DDoS protection systems, limiting disruption and restoring all operations within two hours.” Source: The Irish Times

We want action, and we want it now

More than 50 digital rights and consumer groups are pressing the Federal Communications Commission to start drafting Internet privacy rules “as quickly as possible.” The groups sent a letter to FCC Chairman Tom Wheeler arguing that increased monitoring by companies that provide Internet service can “have a chilling effect on speech and increase the potential for discriminatory practices. Their position as Internet gatekeepers gives them a comprehensive view of consumer behavior and, until now, privacy protections for consumers using those services have been unclear,” the groups wrote in the letter, signed by such groups as the American Civil Liberties Union, the Center for Digital Democracy, Public Knowledge, the Electronic Frontier Foundation, Free Press, Consumer Watchdog and many others. Source: The Hill

The Force isn’t with you with this password

sh_star wars_280A list of the most popular passwords of 2015 reveals the high number of people who continue to compromise their own cybersecurity, an expert said. The list, complied by Splash Data from more than 2 million leaked passwords, revealed the two most popular passwords had not changed since 2011. The password “123456” remains the most popular, followed by “password.” “Football,”, “welcome,” “login” and “abc123” were included on the list of 25 most popular passwords for 2015. Newcomers included “starwars” and “solo,” coinciding with the release of “Star Wars: The Force Awakens.” Other favorites include “dragon” “monkey” “let me in” and the numbers one through nine. Matthew Warren, professor of information security at Deakin University, says the top of the list has barely changed in the past 30 years. “Historically, since the ’80s, the top passwords have been very similar. It shows how users haven’t learned from history, or their experiences.” Source: ABC Net News

Lawsuit says they added insult to injury

sh_online gambling_280In what is being referred to as a landmark case, Affinity Gaming is suing the cybersecurity firm Trustwave for allegedly failing to adequately investigate and remedy a data breach. According to court documents, Affinity hired Trustwave to investigate and remediate a 2013 breach that compromised hundreds of thousands of credit cards. The online gambling company claimed Trustwave conducted a “woefully inadequate” investigation then submitted a misleading report to Affinity. The gaming company learned its systems were still compromised despite Trustwave’s efforts. Trustwave said the company disputed and disagreed “with the allegations in the lawsuit, and we will defend ourselves vigorously in court.” Affinity Gaming declined to comment. Source: SC magazine

Going to the top of the mountain for privacy

Facebook has added the option to route traffic from its Android mobile app over the Tor anonymity network, good news for privacy-conscious users or those living in countries where the service is censored. Users can enable the feature, which is still experimental, from the Facebook app’s settings. However, they first need to install a separate application from Google Play called Orbot that functions as a proxy for routing traffic through Tor. Because of how the anonymity network is designed, Facebook will not be able to push notifications back to its mobile application, so users who enable this feature will need to periodically open it themselves and check for updates manually. Tor routes traffic through a series of random computers that participate in the network, which uses encryption and is built in such a way that no relay knows both the source and the final destination of a particular connection. The destination is known only by the exit relays that send the traffic back onto the public Internet after it’s been anonymized through Tor. The final destination of the traffic, for example a website, will see a Tor exit relay as the source, not the real user’s device. Source: PC World






The post Businesses don’t feel real comfortable about security appeared first on Third Certainty.

Offer 24/7 CyberScout Protection

CyberScout's partnership options help you safeguard the identity and privacy of your policyholders, customers, members and employees. Discover how a customized program can help build brand loyalty, customer retention, and quickly generate long-term recurring revenue.

Get Started