The Problem with Statistics of Compromised Credentials in the Dark Web

These reports do often include a “shopping list” of Dark Web prices for various types of credentials and many do delve deeper into the details of these findings, often speculating as to why certain things cost as much as they do. However, the reality of the Dark Web is usually much more complex, to the point that quoting credentials volume and price is usually meaningless. Some reports do a better job than others touching on these complexities, but the fact remains that normally only the numbers in the reports – the volumes and prices – are the focus and what only gets quoted, with the full intent of those who wrote the report. But as noted, these numbers are usually meaningless. Here is why, and why you should always take them with a pinch of salt.

Read more...

International Computer Security Day 2021: A Day to Strengthen Our Cyber Defences

Something that most businesses are beginning to understand is that, in today’s hyper connected age, robust cybersecurity is no longer an option, it’s a necessity.  In the UK alone, 39% of all businesses have suffered a data breach within the past 12 months, and this figure increases substantially for medium (65%) and large enterprises (64%). So, this Computer Security Day, what should organisations be doing to better protect their most valuable assets from cyber threats?

Read more...

DDoS Attacks on the Educational Sector are Threatening Online Learning

With the onset of Covid, online classes are starting to become a staple of modern learning. Many schools, colleges, and universities remain closed for months due to social distancing. Over 1.2 billion children are out of school globally.
Instead of whiteboards, we’re starting to use digital boards and software such as Miro. Instead of classrooms, we’re using Zoom and Skype calls. And for many, the only way to find out when the next lesson is starting is to look up a digital timetable on a school’s website.
At the same time, online learning infrastructure is largely unprotected. Many local schools or university websites operate under the pretense that they won’t become a DDoS target. And it’s easy to think that way. These platforms are small, they don’t generate a lot of income, if any, and they contribute to a good cause. So who would DDoS them?
and launch a powerful network flood for just a few dollars.

Read more...

Identity Is the New Black

Identity is a concept that has existed since the dawn of the computer, but identity and its protection is becoming ever more important. Historically the identities we use have been stored and managed in on-premises environments. With cloud computing and the new normal of working from home, identity is now the only parameter that companies and organizations can use to exert control over systems and accesses.
The cloud has made the security of identities an on-going issue for the past 10 years, but increased working from home has made this issue a business critical one.

Read more...

The Thriving Underground Economy and How It’s Increasing Hacker Capabilities

The spread of ransomware has reached unprecedented levels; every few days, there are headlines about new attacks crippling major companies or organizations. Some of these attacks have resulted in 8 figure ransoms, but the damage caused by downtime and data leaks is much larger than losses to ransoms.
A lot of the profits hackers are raking in get reinvested in enhancing their capability. All of this cash is driving the growth of an increasingly advanced and sophisticated underground economy, and with it, an expansion in hacker capabilities.

Read more...

Prevention is Better Than Cure: The Ransomware Evolution

With the number and frequency of ransomware attacks increasing, not to mention the innovation in distribution methods, this should be a wake up call for organisations to strengthen their defences. By taking a preventative approach, businesses can take the necessary steps to strengthen their cybersecurity posture. This includes a combination of education, processes, hardware and software to detect, combat and recover from such attacks if they were to arise.

Read more...

4 Steps to Creating Effective Post-Pandemic Data Security

Even before the COVID-19 pandemic, enterprise organisations faced seismic shifts in how they meet data privacy and security requirements. Whether due to mandated regulatory controls, ever-evolving digital transformation projects, or changing market conditions, keeping up with data security was like hitting a fast-moving target.
Despite their adaptability to staffers working remotely, however, many organisations remain wedded to outdated security protocols that don’t reflect this new work-from-home reality. If your organisation hasn’t changed data security priorities to keep up with the rapid shift to remote work environments, you may struggle to ensure that remote-work employees are secured and empowered to work from anywhere.

Read more...

CSA – Cloud Security Framework

A few weeks ago, an article on the new CIS 18 framework was published on this site. CIS is one of the go to frameworks for security assessments, but the cloud has its own set of controls and a framework developed by the Cloud Security Alliance (CSA). They have recently released a new version of their framework as well. This article will introduce the CSA and its security framework.

Read more...

Cyberattacks Shine Spotlight on Operational Technology Vulnerabilities for Every Industry

Recent high-profile ransomware and cyberattacks expose vulnerabilities in commercial buildings that are far too widespread. In fact, the same headline-making exposures of late can be faced by any company that uses operational technology (OT) and information technology (IT).
Smart leaders across the nation and around the world should be thinking: “Maybe it could happen here.” The question becomes how to prevent similar attacks and how to position your organization to meet upcoming cybersecurity mandates with wide-ranging implications. Those of us in the cybersecurity business are aware of many such incidents, including some stories from my experience.

Read more...