Hackers History: Part 1

erm “hacker” was used as a term of honour for someone who was able to come up with creative solutions to programming problems. The term hacker changes from something positive to something negative during this period. This happens when a journalist gets the term changed after an interview. When exactly this happens, there is a lot of disagreement about, therefore I will refrain from giving a precise year. This is also the period when you start hearing the name Kevin Mitnick for the first time. He has been described far and wide in many places, including in a movie.

Read more...

Do I Still Need a WAF?

The FBI recently released a public advisory regarding a sharp rise in deepfake videos being used by scammers when applying for remote positions. Combined with identity theft, these criminals are able to convince their would-be remote employers that they are who they claim, and often get positions that have access to sensitive data.
HR, recruiters, and other hiring professionals can no longer use only the techniques they used even a year ago when hiring for remote positions. Those in a hiring position need to be able to pick up on potential clues, such as lip movement that doesn’t coordinate with the audio. It’s not a matter of “this isn’t your parents’ world;” it’s “this isn’t even last year’s world.”

Read more...

7 Reasons Why Businesses Are Failing to Secure Their APIs

Application Programming Interface (API) use has eclipsed web app use in many sectors, with 70 percent of the 21.1 billion transactions analysed in the latter half of 2021 using this mechanism. APIs are popular because they the business to rapidly upscale development by providing mobile services, migration to the cloud and faster release cycles all of which results in a better connected ecosystem. Their use is expected to continue to rise, with 57 percent of organisations expecting to switch their applications to APIs over the next two years, according to the Enterprise Strategy Group (ESG).
Recognising this shift, attackers have been quick to capitalise on the move and have also turned their attentions to APIs. The latest Cloud Security Alliance (CSA) league table of threat vectors released in June revealed that API attacks are now the second biggest threat facing cloud computing, Two years previously they came in way down the list at number seven which means API attacks are real and growing and that businesses aren’t doing enough to secure their API infrastructure. But where are they going wrong?

Read more...

How Social Media Impacts Business Cybersecurity

Social media has become an essential marketing tool for modern companies. Online platforms like Instagram, Facebook and Twitter allow businesses to easily expand their reach, communicate with their ideal audience and build trust by posting organic content. Unfortunately, using social media also increases cybersecurity risks.
Criminals are skilled at mining social media for data, manipulating employees and using public information to break into company accounts. Without proper protections in place, it can be a significant security risk for your business.

Read more...

The Obstacles to Putting SAP in the SIEM

SAP is used by 92% of Forbes Global 2000 companies, stores 70% of all corporate data globally and touches 77% of the world’s transactional revenue so its reputation as a market leader in enterprise application software is undeniable. But its ubiquity, longevity and access to sensitive data also makes it a prime target.
SAP systems, from enterprise resource planning (ERP) and human capital management to sales, stakeholder relationship management (SRM), and customer relationship management (CRM), hold valuable digital assets – be it intellectual property, company secrets, employee data, and more. This data is used for business planning, product lifecycle management, business intelligence, or other vital operational procedures.

Read more...

Design and Deployment of Network Testbed for Web Data Security

Abstract: In recent years, the cyber security scenario has transformed predominantly from conventional response-based security mechanisms to proactive security strategies. And this transformation is still continuing which is shifting it from proactive security strategies to cyber immunity which eliminates the cyber threats by introducing stringent and adaptive security measures. In the process of developing new security algorithms/procedures, accurate modelling and effective simulation play a vital role for the robustness and effectiveness of proposed system. It is also necessary to analyze the behaviour of proposed system against multiple types of known cyber attacks. This paper focuses on the existing network testbeds for an effective analysis and monitoring while proposing a new network testbed for examining new security concepts like cyber immunity. The proposed network testbed is designed to incorporate the methods and procedures of Nature-inspired Cyber Security to accommodate the adaptive responses against the sophisticated and ever-advancing cyber attacks. The proposed testbed provides customizable analytical tool to design, test and examine the new security algorithms through a rich set of attack scenarios. It also allows developers to design, implement, and evaluate their defensive techniques with library support.

Read more...

The Current Intersection of Universal Design and Cybersecurity and Why It Must Expand

Many businesses develop cybersecurity programs without considering universal design. This results in programs that fail to meet the needs of the entire workforce. Even worse, inaccessible cybersecurity programs can force workers to miss out on important security tips and insights. This can lead to data breaches that damage a company’s brand reputation and bottom line. 
A clear understanding of the relationship between cybersecurity and universal design is a must, especially as more industries become common targets for cyberattack. Cybersecurity professionals can apply universal design best practices in their everyday work. In doing so, they can develop and maintain best-in-class cybersecurity programs.

Read more...