Fresh cyber security content and webinars

Subscribe for our newsletter to get a weekly digest of most important cyber security news and to stay up-to-date e.g. on latest product development and upcoming webinars from our team.
Kiitos! Klikkaa vielä saamaasi vahvistuslinkkiä (sähköposti otsikolla "Vahvista sähköpostiosoitteesi") ja uutiskirje saapuu jatkossa sähköpostiisi.
Valitettavasti jotain meni pieleen. Voit olla yhteydessä tiimi@tietosuojamalli.fi.

Phishing campaigns, from first to last victim, take 21h on average

3.8.2020
Business-Email-Compromise

Most phishing victims experience a fraudulent transaction around 5 days after getting phished, new research shows.

Go to article at

An Alarming Number of Software Teams Are Missing Cybersecurity Expertise

15.5.2020
CyberNow

Go to article at

Company shuts down because of ransomware, leaves 300 without jobs just before holidays

15.5.2020
Ransomware

Employees of Sherwood-based telemarketing firm The Heritage Company were notified of the decision just days before Christmas, via a letter sent by the company's CEO. "Unfortunately, approximately two months ago our Heritage servers were attacked by malicious software that basically 'held us hostage for ransom' and we were forced to pay the crooks to get the 'key' just to get our systems back up and running," wrote Sandra Franecke, the company's CEO, in the letter sent to employees. As a result of the botched ransomware recovery process, the company's leadership decided to suspend all services, leaving more than 300 employees without jobs. Local news outlet KATV reported last month that dozens of employees already filed for unemployment with local authorities even before the Christmas holiday, with many not expecting the company to survive. The same KATV reported that when employees called the company yesterday, they were greeted by a recorded message informing them that recovery efforts have not been successful and that users should seek new jobs.

Go to article at

Ransomware Victim Southwire Sues Maze Operators

15.5.2020
Ransomware

Attackers demanded $6 million from the wire and cable manufacturer when they launched a December ransomware campaign.

Go to article at

RevengeHotels: cybercrime targeting hotel front desks worldwide

15.5.2020
Malware

RevengeHotels is a targeted cybercrime malware campaign against hotels, hostels, hospitality and tourism companies, mainly, but not exclusively, located in Brazil. We have confirmed more than 20 hotels that are victims of the group.

Go to article at

7 types of virus – a short glossary of contemporary cyberbadness

15.5.2020
Malware

Here's a short list of 7 malware categories we hope you never encounter. Sadly, it's not an exhaustive list... but it's a helpful start.

Go to article at

Adobe revealed that the Magento Marketplace was hacked

15.5.2020
Unpatched Vulnerabilities

Adobe discloses security breach impacting Magento Marketplace users Adobe discloses a security breach that affected the users of the Magento marketplace website, the incident was discovered last week. Adobe disclosed a security breach that affected the users of the Magento Marketplace portal, the security team discovered the incident on November 21. The Magento Marketplace is […]The post Adobe revealed that the Magento Marketplace was hacked appeared first on Security Affairs.

Go to article at

Cybersecurity: top of mind Q and A

15.5.2020
CyberNow

I really enjoy Shira Rubinoff's videos, and captured one of them in case you prefer reading to watching videos. Please find snippets of this commentary in the AT&T Cybersecurity video series with Shira Rubinoff interviewing me recently.Episode #6 - @attcyber Video SeriesWith @twaskelis AVP @attcyberDiscuscussing:Issues we are facing in #CyberSecurity todayFull video��https://t.co/1GxIQVAeJ0#ai #attinfluencer #Security@sstoesser @BinduSundaresan @BJWebb4 @saritasayso @MoKatibeh @eisaiah_e @ChuckDBrooks pic.twitter.com/VuJfAsoSYH— Shira Rubinoff (@Shirastweet) October 24, 2019Q1: How will CISO’s investments change in 2019? What areas of cybersecurity do they see receiving more funding?Many large and mid-size businesses are recognizing security requires more than just a technology investment. Service organizations bring technology, expertise, and resources to the table in a way that may be a more cost-effective alternative to trying to manage all this internallyLack of resources as a major challenge along with keeping up with advancements in cybersecurity technology by utilizing outside service providers rather than hire, retain, and manage staffFor the CISO, this translates to set a big picture of priorities such as maintaining customer trust and keeping the organizations name out of the headlines. In order to accomplish these priorities, there are essential areas where security executives will spend their time, and money in 2019Develop a culture of security: The culture must go together with policies and best practices. Every single person within the organization has some responsibility for securitySecurity and Risk Management: Governance and resource requirements, security frameworks, data protection, training and awareness, insider threats, third-party security practices as outsourcing increasesCloud Services: Cloud strategy, proper selection of services and deployment models. Scalable and elastic IT-enabled capabilities provided as a service utilizing internet technologiesGain threat visibility across all platforms: You cannot secure what you cannot see. Having data spread across multiple tiers of applications and cloud services, and sometimes out on unauthorized services has greatly impacted the CISO’s ability to have unified visibilityGrasp the perimeter: Thanks to cloud computing, mobile devices and IoT, the perimeter is an archaic concept. The operations teams both security and IT need to change their assumptions about traffic, trusted users and the idea that there is a single demarcation point between public and private clouds. CISOs are now faced with new tactics for managing those perimeters.Q2: Can you give us your perspective of what you’re seeing right now in cybersecurity? What are the biggest issues and then what can we expect looking forward? How zero trust is maturing into digital trust and the evolution of predictive threat detection?In today’s environment, the network can no longer be considered a safe zone. In fact, there is no safe zone. As the risk of insider threat scales exponentially, every asset an organization possesses and every transaction it conducts must be secured as if it were a standalone item continually exposed to the full range of cyber threats. Essentially everyone is “inside”, because the network is perimeter less.The understanding that perimeter protection alone is not enough has increasingly led to the security concept of Zero Trust, which is beginning to play a large role in. Building a secure Zero Trust Organization is based on a never-trust/always-verify approach to all entities and transactions in which multiple solutions work together to secure digital assetsQ3: Is cloud security getting better or do companies now better understand their role in managing cloud security?It is a combination of both better cloud security controls and better understanding of how to manage them. As technologies become less hardware dependent and move to virtual functions, security controls for cloud environments are becoming more scalable and easier to deploy. In parallel, the ability to monitor and report on the effectiveness of those controls is becoming easier for organizationsInitially, cloud service providers first hit the market with a “Trust Us” mentality and didn’t do a great job making companies feel like their security and compliance concerns were being heard. That tide has shifted, and cloud providers now fully appreciate the security requirements their clients are asking forCloud providers are now becoming more open and accommodating of security data and controls, and more vendor solutions can bridge the gap between implementations on-premises and in the cloud. As a result, the fear of adopting cloud services, often driven by the lack of security controls and visibility into the controls, is lessened. There’s progress, and more acceptance of in-cloud controls and services – but that progress is still slowQ4: Is SOC as a service the right approach for smaller companies?Cybersecurity is not just an IT problem, it’s an organizational issue and you can’t manage what you can’t see. Every organization should be aware of the cyber activity within its environment. Even a small network generates over 250,000 logs per hours. An impossible task for a human to review. There are many ways to monitor and report on this, but it ultimately comes down to people, technology, and budget. That spending decision must be commensurate with the risk appetite of the organizationWe now live in the days of sophisticated digital hackers so your concern shouldn’t be if you’re going to get hacked, but what you’re going to do when it happens. Making sure your business invests in a security operations center (SOC) can be your saving grace during an attempted cybersecurity attack. A security operations center is an organizational hub of skilled team members and technology whose goal is to detect, prevent and respond to cybersecurity threats in as close to real time as possible. For best results, the SOC must keep up with the latest threat intelligence and leverage this information to improve internal detection and defense mechanisms.

Go to article at