Cybercriminals quickly weaved the pandemic into their email scams earlier this year, and more recently impersonated the IRS by pretending to share updates about COVID tax relief in an attempt to steal sensitive tax information. In mid-April, Google’s Threat Analysis Group reported that they detected 18 million COVID-19 themed malware and phishing emails per day. And that’s without including all the email impersonation, invoice fraud, and phishing attacks that have nothing to do with COVID, but are dangerous nonetheless.
In this article, I will provide some tips to help individuals and organizations communicate more securely over email.
By now, it’s no secret that the endless quest by tech companies, data brokers and other players to capture, make sense of and monetize as much user data as possible – a practice known as surveillance capitalism – presents all sorts of privacy issues. Less discussed are the increased security risks this model creates for companies, governments and individuals.
Ian Pratt, HP’s Global Head of Security for Personal Systems, believes hardware-embedded security paired with a robust cybersecurity education and cyber hygiene protocols for remote employees is core to any organization’s operational resiliency. Below, we speak with Pratt about the long-term security implications of the pandemic, what CISOs should be doing now to prepare for an increasingly uncertain future and where he believes cybersecurity is headed next.
Cybersecurity teams struggle with a lack of visibility into threats, endpoint devices, access privileges, and other essential security controls necessary for a robust cybersecurity posture. Without full visibility into their entire digital ecosystem, infosec teams cannot fully secure the assets on their networks or effectively prioritize the most serious threats. Below, I dive into how security professionals are still fighting the battle between effectively viewing serious threats and communicating cyber risk to company leadership.
The ongoing COVID-19 pandemic has taken work out of the office and into the home for most people. This means workers are using their home networks and personal devices to connect to the office more than ever before. This shift in work patterns brings with it new network connectivity and security challenges for IT teams to tackle.
A CEO will last 8.4 years in the position, while a CFO clocks in at 6.2 years in average length of tenure. But a look around the boardroom will tell you that longevity isn’t in the cards for overworked, overwhelmed CISOs, with most only spending an average of two years in the role before calling it quits. This trend is no coincidence - CISOs are at the top of the list for burnt out, especially this year, as organizations accelerated digital transformation nearly overnight and employees continue to work remotely.
As we head into the final day before the 2020 election, disinformation on social media continues to make headlines as a means to sway public opinion and to discourage people from voting. For example, swing states have been targeted with evolving disinformation tactics in an attempt to influence what happens in the voting booth, while Black and Latino voters have been flooded with messages aimed to depress turnout by fueling cynicism and distrust in the political process.
Cybercriminals are taking notice of the seemingly endless vulnerabilities schools face. Take the explosive ransomware attack on the University of Utah from earlier this summer, or the malware attack on the Rialto school district in California, for example. Even with a rapidly increasing attack surface, schools aren’t exactly able to drain their already-limited funding on transforming their IT infrastructure in the midst of a global pandemic. However, it is possible for schools to reduce risk by understanding where they are most vulnerable, taking the time to educate teachers, parents and students, and adopting certain tools and strategies to prevent targeted attacks on remote learning networks.
It’s the season of ghouls, ghosts and outrageous costumes. But for CISOs and cybersecurity professionals, a bump in the night on Halloween is more likely to be a notification warning them of data breach than a spooky ghostly visitation. In the COVID-19 era, spookiness-as-a-service providers who rent out costumes or sell party products are likely to have a difficult time as lockdowns and home-working play havoc with businesses focused on in-person interaction. Yet for hackers, the dawn of a socially-distanced new normal has opened up vast numbers of attack vectors and given them new opportunities to target businesses or individuals. So what should you be worried about this Halloween? To help you work out the answer to that question, here are some of the scariest cybersecurity stories and trends of 2020:
This month, Security magazine brings you the Security 500 Report, Rankings and Thought Leader Profiles. How does your enterprise compare to others? Which security programs are leading the way? Also this month, we highlight how to plan, prepare for and build resilience to protests and other unplanned events, video surveillance tools for SMBs and more.