When it comes to cybersecurity, no doubt humans are the weakest link. No matter how many layers are added to your security stack, nor how much phishing education and awareness training you do, threat actors continue to develop more sophisticated ways to exploit the human vulnerabilities with socially engineered attacks. In fact, as security defenses keep improving, hackers are compelled to develop more clever and convincing ways to exploit the human attack surface to gain access to sensitive assets.
Cybercriminals are leveraging ransomware threats to extort big money from organizations of all sizes in every industry, but financial services organizations are one of today’s primary targets. It is non-negotiable for financial services companies to maintain the privacy of theirs customers and the security of their confidential data. If a bank or credit union is hit with a ransomware attack, significant backlash is undoubtedly going to ensue – especially if customer data is held ransom for a significant amount of time.
Much like the It (the clown), phishing goes by many names, has become much more adept at preying on the hopes and fears of individuals, and is growing rapidly as criminals learn which techniques are most effective.
Ninety-four percent of large businesses in the U.S. have a cybersecurity policy, according to the 2017 Cybersecurity Survey by Clutch, and most of them have had a policy for more than three years. U.S. enterprises are more likely to have a cybersecurity policy than most global organizations (two-thirds of which lack a formal cybersecurity policy), and policies most commonly include required security software, backups, scam detection and security incident reporting protocols.
If you thought phishing emails were going away anytime soon, think again. According to Symantec’s July Intelligence report, “one in every 1,968 emails” during the 31-day month was a malicious phishing message – the highest rate in the past 12 months.
Until the massive U.S. Target store credit and debit card data breach in 2013, the lasting impact of cybercrimes was a relatively unknown experience to most consumers, and it wasn’t on the top list of HR onboarding topics either.
To combat the problem, the IRS updated its computer files to identify more fraudulent returns, and the major tax preparers have increased their security. However, as individuals’ tax returns are becoming more difficult to manipulate, thieves are taking aim at data belonging to tax return preparers and tax professionals, the payroll community, small employers and human resource departments.
A recent survey by Rapid 7 found that security professionals are struggling to detect and investigate incidents because the monitoring solutions available do not provide visibility into today’s modern IT environments and cannot give users the insight they need to make decisions quickly.
This month in Security magazine: meet the global security team at Boston Scientific - five female professionals with diverse background and skills who are creating a best-in-class enterprise security team while ensuring the safety and security of employees, customers and patients. Also this month, we highlight Kristin Lenardson and her successful career in protective services. Security experts discuss whistleblowing, the CCPA and more.