IT News: Security (Volume 290 Issue 1)
John J. McLaughlin
Editor-In-Chief, Board Member, Professional Services Engineer, Community leader
Each week I select 80-110 items from mainstream IT publications and publish them on the website for “IT News and Events.” I also select?press releases and blog posts?from various mainstream IT vendors. Vendors can engage with [email protected] to have their own section in this and other ITNE newsletters which reach over 45,000 subscribers including the 5,100+ subscribers to the LinkedIN edition.
Please share this?linkedIN newsletter?with your IT friends and colleagues!
In this issue
Still using 'MrFluff' as your password? Maybe mixed with a little Leet-speak - say, 'MrFl0ff' - to confound all those hackers who want to vacuum out your 401K plan?
Still using 'MrFluff' as your password? Maybe mixed with a little Leet-speak - say, 'MrFl0ff' - to confound all those hackers who want to vacuum out your 401K plan?
Well, today is the first Thursday in May, and that means it's World Password Day. Time to celebrate! You can do that by retiring 'MrFl0ff' and replacing him with a longer, stronger password than a pet's name (consistently a subset of the most hacked passwords worldwide, studies have found).
You've probably taken notice that how you authenticate your personal accounts is slowly starting to evolve. Phones can now be unlocked via facial recognition, and many devices and apps can verify your identity through fingerprinting technology.
Biometric identification may be the way of the future, but don't be mistaken, passwords remain most practical in the present. Unfortunately, cybercriminals continue to compromise passwords to gain unauthorized access and to steal personal data that can be used to commit identity theft, online fraud, and cyberattack.
Parsing the White House's cybersecurity directives.
The increasing importance of cybersecurity was underlined in President Biden's of May 12, 2021. This focus has been reiterated, and even more emphatically described in the context of the Russian invasion of Ukraine.
A surprising conclusion from these governmental missives is that in the high-tech world of cybersecurity, the core challenge is not advanced cryptological methods nor quantum computing, but simply implementing known best practices in the real world.
Last year saw the highest average cost of a data breach in 17 years, with the cost rising from $3.86 million to $4.24 million on an annual basis, according to the IBM Cost of a Data Breach Report.
Clearly, organizations must have the correct people and processes in place to prepare for unrelenting cyber attackers.
As CIOs, CISOs, CTOs, and IT managers think about boosting cybersecurity strategies, they should consider what happened in the year prior and what might potentially get worse.
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets.
Security teams need to understand these attack pathways better in order to fight back
Maintaining digital risk management in today's connected world requires updating security processes and procedures to identify the levels of risk that the more traditional approaches fail to identify. This means understanding your applications and the interconnection between technologies across your supply chain/alliances and/or partners. You also need to understand the data processes.
Data loss has a worldwide cost of $3.92 million. Any organization lacking the diligence to protect its data is at risk of losing it to cyberattackers
Data loss is more than a mere inconvenience; it's an event that can make or break your company's future. The only meaningful way to fight such an event is with a robust data loss prevention strategy.
There are many data loss prevention methods, but they have the same goal: To counter and reduce the risks of losing your company data.
领英推荐
With World Password Day upon us, let's consider password managers.
Nowadays, individuals and organizations use different online apps and social media platforms that require them to submit login credentials. Creating a unique, long, and complex password can be tricky and difficult to remember.
That's why the majority of people end up using weak and easy-to-remember passwords or they create and memorize a strong password, and then reuse it across multiple sites.
However, hackers are always on the prowl so following a secure practice when creating passwords is vital. A strong password should contain between 8 and 12 characters, consist of numbers, uppercase and lowercase letters, and special symbols.
Had you told me 30 years ago the first web browser would be the ancestor of most software interfaces, I'd have been skeptical.
Of course, that was before most of us had an inkling of what the web would become. Even with that hindsight, it's staggering how web browsers have become our primary windows into the digital world. Were it not for mobile apps, that domination would be nearly absolute. And many apps use the same scripting languages that create modern websites.
The rise of the cloud and services era cemented the browser's ubiquity. It doesn't matter what backend software or operating systems you deploy.
Productive CISO-vendor partnerships are to key to overall security success. Here's how to establish and maintain effective relationships with security vendors.
Effective partnerships between CISOs and their cybersecurity vendors are integral to security success. A well-oiled relationship built on trust, communication and mutual understanding can reap significant benefits for a business's cybersecurity posture.
Security operations (SecOps) teams continue to be under a constant deluge of new attacks and malware variants.
In fact, according to recent research, there were over 170 million new malware variants in 2021 alone. As a result, the burden on CISOs and their teams to identify and stop these new threats has never been higher. But in doing so, they're faced with a variety of challenges: skills shortages, manual data correlation, chasing false positives, lengthy investigations, and more.
Phishing is a growing risk and concern for businesses today. There are 383,278 spam, phishing and malware attacks on the BBC every day, according to recent data from think-tank Parliament Street.
That is up by 35% compared to 2020 data. Phishing attacks are a serious threat that can lead to ransomware infection. 59% of organisations that fall victim to a phishing attack are infected with ransomware as a result. As these threats escalate, what, if anything, can organisations do to protect themselves?
Phishing is the number one attack vector for bad actors
Phishing is a social engineering attack. It attempts to steal user data such as login credentials and credit card numbers. Such schemes are becoming increasingly sophisticated.
Data loss happens when a company loses access to clusters of information for specific reasons. Data can be destroyed, deleted, corrupted, or rendered useless with intent or by accident during this event.
Data loss can also occur in physical storage setups or the cloud. It's an incident that takes place when data is in transit or processed by a network.
It makes sense to safeguard the information that can keep your company running, even after losing some data. After all, data is invaluable. Having data loss prevention protocols in place is imperative Still, you can salvage your daily operations by knowing how to prevent data loss.
As the ever-increasing list of cybersecurity acronyms and vernacular grows, what cybersecurity tools are truly best for your team and meet your organization's needs?
To make sense of it all, let's dive into security technologies used in the market today and the differences between endpoint detection and response (EDR), network detection and response (NDR), extended detection and response (XDR), and security information and event management (SIEM).