What makes software supply chain attacks extremely dangerous?

The first advice any cybersecurity expert will tell you is to install the latest updates for your software and system. Updates prevent hackers from exploiting vulnerabilities on computers to carry out evil deeds such as spreading malware or stealing information.

But what do you do when the updates themselves contain malware? This is exactly what happened in mid-September, when an infected version of the famous security and maintenance tool CCleaner was widely distributed among its users. What made the attack especially noteworthy was the fact that the attackers pushed their malware through the hacked servers of Avast, the company that owns CCleaner. Continue reading

Advertisements

We need to rethink how we store our personal data

The data breach at credit reporting agency Equifax, the gory details of which became clear last week, is the latest installment in a series of cybersecurity disasters in which consumers have been at the receiving end of the miseries. The breached data affected the information of 143 million people. That’s not a big number when compared to some of the bigger data breaches of the past year, such as Yahoo’s 1 billion user account record breaker.

However, what made the Equifax breach especially damaging was the sensitivity of the data that attackers laid their hands on. This included Social Security numbers, driver’s license numbers, credit card information, birthdates and addresses, and more. The only data breaches that compared in terms of severity were Anthem (approx. 80 million people affected) and the Office of Personnel Management (approx. 21 million people affected).

What makes matters worse is that Equifax professes to be a company that protects its customers from identity theft, the same kind of cyberattack that the stolen data will enable. The company is now scrambling to make amends with customers, and is getting ready to face several lawsuits. But that won’t bring back the data that has slipped through its fingers. Continue reading

5 tips to keep your customers’ data safe

By Lisa Michaels

After many large businesses around the world became involved in data breach scandals, many other businesses of all sizes have begun paying more attention to data security and protection.

No matter what kind of business you run, protecting customer data is crucial to maintain your brand’s reputation and your bottom line. In some industries, businesses who fail to take proper measures to secure confidential information may expose themselves to fines and other penalties from regulatory authorities.

In order to prevent data leaks that carry huge financial costs and could have a huge negative impact on your reputation, you need to apply the following security tips. Continue reading

Why don’t more businesses encrypt their emails?

Businesses rarely encrypt their email messages because good encryption is too hard to use.  That’s changing.

By Randy Battat, PreVeil

Most business-to-business communication involves sensitive information – stuff that the parties really don’t want others to know about. Whether it’s contracts, customer communications, supplier information, dialog with consultants and contractors, or other things, there’s a lot of sensitive information that travels via plain old email.

These emails really should be protected, i.e. encrypted. But the vast majority of B2B communication remains unencrypted, despite wide availability of very good technology and tools. Why? Continue reading

Zeltser: How to meet future cybersecurity challenges

lenny-zelster

Cybersecurity is one of the most fluid and changing fields of the tech industry. Every year, new threats and challenges emerge, outpacing past records and expectations. In this respect 2016 was no different. But as online services become more and more prominent and critical to our daily lives and businesses, being able to respond to threats before they deal their damage becomes more critical.

Case in point: The October 21 DDoS attack against Dyn cut millions of users from popular services such as Twitter and Netflix. That is something that most people can shrug off. But what happens when our cars, homes, hospitals and power grids depend on the correct functionality of our digital and online systems?

Cybersecurity expert Lenny Zeltser believes that new approaches to fighting malware can give a leg up in fighting cyberattacks and help organizations stay ahead of cybercriminals. Continue reading

These hacks and data breaches broke records in 2016

cybersecurity data breach hack

We’ve been saying this for many years: This year’s cyberattacks dwarfed last year’s. And in this regard, 2016 was no exception. From online fraud to account takeovers and data breaches, and everything else, attacks were dished out in bigger sizes and higher frequencies than before.

Some trends such as ransomware and DDoS attacks dominated the headlines, but that was not all 2016 had in stock. While experts might differ on which were the biggest hacks of the year, there’s no denying that the following four cases were really unprecedented in their own kind. Continue reading

The threat within: Understanding how to defend against the insider threat

Insider threat

By Gary Southwell, Seceon

The insider threat has become one of today’s most pressing cyber security concerns. In 2016, the Insider Threat Report Spotlight found seventy-four percent of organizations feel vulnerable to insider threats—a dramatic year-over-year increase. However, less than half of all organizations (42 percent) have the appropriate controls in place to prevent an insider attack. The survey also provides greater insight on the source of the threats:  “Privileged users, such as managers with access to sensitive information, pose the biggest insider threat to organizations (60 percent). This is followed by contractors and consultants (57 percent), and regular employees (51 percent).” Continue reading