Tag: information security

No more paper/hand-written ISO certification exam!

  • FLEXIBILITY: Schedule your individual online exam pretty much anytime, during regular work hours, from your home or the office;
  • SHORTER TRIPS FOR YOUR TRAINING: Do not stay on the 5th day to sit an exam because you can schedule it anytime later;
  • REMOTE INVIGILATOR: External USB camera replaces the invigilator physically on site;
  • SECURITY: Better protection against the potential loss of your written exam;
  • EFFICIENCY: No more paper to print, distribute, collect, send and shuffle around;
  • ENVIRONMENT: No shipping, no paper to recycle;
  • AND THE LAST ONE: Writing answers with a pen instead of a keyboard… Seriously!

This applies to all Self-Training and all public classes as of 01 August 2019.

Register for your training today >

Advertisements

AI for fraud detection to triple by 2021

The Anti-Fraud Technology Benchmarking Report assessed data from more than 1000 ACFE members regarding their organizations’ use of tech to fight fraud, discovering that while only 13% of businesses currently use AI and machine learning to detect/deter fraudulent activity, another 25% plan to do so in the next year or two.

Other key findings discovered that 26% of organizations are using biometrics as part of their anti-fraud programs, with another 16% expecting to deploy biometrics by 2021, while more than half of respondents (55%) plan to increase their anti-fraud tech budgets over the next two years.

“As criminals find new ways to exploit technology to commit schemes and target victims, anti-fraud professionals must likewise adopt more advanced technologies to stop them,” said Bruce Dorris, JD, CFE, CPA, president and CEO of the ACFE.

Read entire post AI for fraud detection to triple by 2021 | Michael Hill| InfoSecurity

How attackers infiltrate the supply chain & what to do about it

Attackers today are getting increasingly creative with how they target organizations, often utilizing the supply chain as a point of ingress — exactly the kind of thing that keep security pros up at night. Rather than attack their targets directly, attackers today are perfectly happy to compromise one of their third-party providers and accomplish their end goal that way.

Whether it’s a hardware provider further down the supply chain, a software provider that the organization outsourced some added features to, or a service provider, all can represent a potential point of entry. This dramatically changes the attack surface for the typical enterprise and, with recent highly publicized breaches such as ASUS and Docker, is negatively impacting once-inherent trust in the supply chain.

Recent attacks have even targeted patching processes and software updates, leveraging the very means by which organizations protect themselves against potential threats.

Read entire post How Attackers Infiltrate the Supply Chain & What to Do About It | Shay Nahari | DarkReadings

Only six months remain until the end of Windows 7 support

Despite the awareness that in six months Microsoft will officially end its support for its nearly 10-year-old operating system, Windows 7, 18% of large enterprises have not yet migrated to Windows 10, according to new research from Kollective.

At the start of 2019, researchers found that 43% of companies were still running Windows 7. Of those, 17% didn’t even know about the end of support. In its most recent analysis of 200 US and UK IT decision makers, the report revealed that organizations have a long way to go to prepare for the much anticipated end of Windows 7 support.

https://resiliencepost.com/2019/07/09/one-in-10-it-pros-would-steal-data-if-leaving-a-job/

Six months later, 96% of IT departments have started their migration, and 77% have completed the move. However, given that the migration from Windows XP to Windows 7 reportedly took some firms more than three years to complete, companies that have not started migration are at risk of missing the final deadline.

Read entire post Nearly 20% of organizations still run Windows 7 | Kacy Zurkus | InfoSecurity

ISO training and certification with ContinuityLink – Register today



UK firms hit by attacks every 50 seconds

The business ISP analyzed traffic for its customers during the period and found them to be on the receiving end of 146,491 attempted attacks each, on average. That’s 179% higher than the same period in 2018, when firms faced down 52,596 attacks on average.

IoT devices and file sharing services were most frequently targeted, hit by 17,737 and 10,192 attacks respectively during the quarter.

https://resiliencepost.com/2019/07/09/one-in-10-it-pros-would-steal-data-if-leaving-a-job/

This chimes somewhat with a FireEye report from last month which revealed a dramatic increase in attacks exploiting file-sharing services to deliver malware via email. From hardly being used in any attacks in Q4 2018, OneDrive was seen in over 60% by Q1, it claimed.

Read entire post UK firms hit by attacks every 50 seconds | Phil Muncaster | InfoSecurity

One in 10 IT pros would steal data if leaving a job

In addition, the survey found that 15% of participants would delete files or change passwords upon exiting.

While a number of organizations have invested in technologies to help detect and defend against external attackers, many companies are starting to better understand the risks from insider threats, which a recently published whitepaper said may actually be a larger issue.

https://resiliencepost.com/2017/07/18/more-than-half-of-ex-employees-still-have-access-to-corporate-networks/

According to the report insider attacks are more difficult to detect and prevent than external ones, with 91% of respondents in a similar survey of IT and security professionals reporting they feel vulnerable to both malicious and accidental insider threats.

Read entire post One in 10 IT pros would steal data if leaving a job | Kacy Zurkus | InfoSecurity

The global internet is disintegrating what comes next?

In 1648, the Treaty of Westphalia was signed, ending 30 years of war across Europe and bringing about the sovereignty of states. The rights of states to control and defend their own territory became the core foundation of our global political order, and it has remained unchallenged since.

Russia's increasingly restrictive internet policies have sparked protests across the country, including this demonstration in Moscow in March 2019

In 2010, a delegation of countries came to an obscure agency of the United Nations with a strange request: to inscribe those same sovereign borders onto the digital world.

In 2010, a delegation of countries – including Syria and Russia – came to an obscure agency of the United Nations with a strange request: to inscribe those same sovereign borders onto the digital world. “They wanted to allow countries to assign internet addresses on a country by country basis, the way country codes were originally assigned for phone numbers,” says Hascall Sharp, an independent internet policy consultant who at the time was director of technology policy at technology giant Cisco.

After a year of negotiating, the request came to nothing: creating such boundaries would have allowed nations to exert tight controls over their own citizens, contravening the open spirit of the internet as a borderless space free from the dictates of any individual government.

Read entire post The global internet is disintegrating what comes next? | Sally Adee | BBC

Germany seeks access to encrypted messages on WhatsApp and Telegram

Germany’s federal interior minister, Horst Seehofer, wants companies such as WhatsApp and Telegram to give security authorities access to end-to-end encrypted messages or calls. Not complying with this could end with companies being banned by the Federal Network Agency.

The latest issue of Der Spiegel reports that Seehofer wants the order to be implemented quickly, especially with the move to 5G potentially causing “complications” for security authorities. This comes after WhatsApp had to fix its app due to a remote code execution (RCE) vulnerability, which may have been exploited by a national-state.

As Infosecurity reported at the time, the Facebook-owned mobile communication giant, with 1.5 billion users, rolled out a fix on the vulnerability that allowed users to be infected with spyware by being phoned by the attacker.

Read entire post Germany seeks access to encrypted messages on WhatsApp and Telegram | Phee Waterfield | InfoSecurity

Lawmakers propose cyber training for congress

A bipartisan bill proposed last week by New York representatives Kathleen Rice (D) and John Katko (R), who co-sponsored the act, requires members of Congress to receive annual cybersecurity and IT training. The Congressional Cybersecurity Training Resolution of 2019 adds to the existing requirement that House employees receive annual training by mandating that the House members themselves also receive cybersecurity and IT training, according to The Hill.

“The chief administrative officer shall carry out an annual information security training program for members (including the delegates and resident commissioner), officers, and employees of the House,” the act states.

“We strongly encourage support for the Congressional Cybersecurity Training Resolution,” said Jack Koziol, CEO and founder at Infosec. “Cyber-criminals are responsible for hundreds of billions of dollars’ worth of damage to the global economy and undermine democracy around the world.”

Read entire post Lawmakers propose cyber training for congress | Kacy Zurkus | InfoSecurity

Cyber resilience vs business resilience

This article is divided in two parts. First, it guides you into thinking about cyber-resilience: What is it about? What are its characteristics and its differences with the more traditional cases of unavailability of information technologies? The second part proposes an exploration of responses through the development of a “Cyber Resilience Plan” integrated with the other plans of the Business Continuity Management System.

The question is no longer when you will be impacted, but how you will react when faced with three major risks:

    • Your data is destroyed or corrupted
    • Your activities suddenly stop
    • Communication is no longer possible
Read entire post Cyber-resilience vs business resilience | PECBInsights

Israel responds to cyber-attack with air strike

The Israel Defense Forces (IDF) claim to have thwarted a cyber-attack from Hamas by targeting the building where Hamas cyber operatives work, according to IDF.

After the alleged cyber-attack, IDF responded with a physical attack in what Forbes contributor Kate O’Flaherty called “a world first.”

According to the commander of the IDF’s cyber division, identified only by his rank and first Hebrew letter of his name, Brigadier General Dalet, this was also the first time that Israel cyber forces had to fend off an attack while they were also under fire, which required both Israeli technology soldiers and the Israeli Air Force, according to The Times of Israel.

Read entire post Israel responds to cyber-attack with air strike | Kazy Zurkus | InfoSecurity