While password spraying results in the infiltration of many accounts every year, it’s also one of the easiest attacks for cyber-aware employees to thwart. In other words, password spraying needs to be a top consideration for any successful cybersecurity platform.
The SolarWinds hack is a strong reminder why third-party risk management is so important. Not only was SolarWinds breached, but the hack is now believed to have affected upward of 250 federal agencies and businesses. Here, we speak to Jonathan Ehret, Vice President of Strategy & Risk at RiskRecon, who believes organizations should be asking their vendors about the third-party risk management and cybersecurity policies they have in place to protect against a breach and leak of critical data.
These are the terrible uncertainties and costs organizations like yours face as ransomware rages around the cybersphere. As you deliberate on the best strategy and tactics for defending your organization from ransomware, understand that the total cost of recovering from such an attack more than outweighs the cost of being prepared to defend against it.
Though filling the cybersecurity talent pipeline has often been thought of as a longer-term goal for the United States, there is renewed urgency to address the tremendous workforce shortage – and quickly. Recent cyberattacks on U.S. infrastructure continue to serve as warning signs that the cadence of threats has increased tremendously and requires immediate action by both industry and government partners. Solving the cybersecurity workforce and talent shortage requires taking action, starting with the youngest learners in the K-12 educational system.
There has been an significant increase in PYSA ransomware targeting education institutions in 12 U.S. states and the U.K., according to a joint Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) flash industry alert.
The SolarWinds supply chain attack has, to date, impacted nine government agencies and as many as 100 private sector companies, according to some reports. By the time the full extent of the hack is known, it may be the most widespread security breach on record. But what does this mean for the organizations impacted and is it potentially insurable? In light of the massive cyberattack, we spoke to Seth Rachlin, Executive Vice President and Insurance Lead at Capgemini, to discuss the implications of this attack and the fast-growing cyber insurance market.
Area 1 Security recently stopped a sophisticated Microsoft Office 365 credential harvesting campaign targeting C-suite executives, high-level assistants, and financial departments across numerous industries, including financial services, insurance, and retail. Further research and analysis of the activity revealed a much larger operation than originally discovered. This included several additional directly-related credential phishing campaigns that targeted the same industries and positions using sophisticated techniques and advanced phishing kits, to bypass Microsoft’s native email defenses and email authentication.
It’s simple: If you are using a legacy ecosystem, your compliance is at risk. The fact that your security hasn’t yet been compromised is no evidence of your safety; it really is a case of it being quiet, too quiet. When it comes to security breaches, it’s not a question of if, but when. Whether your household or institutional architecture, the full value of security is only appreciated after disaster has already struck.
Nearly daily we see new stories of cybercriminals breaching security walls, stealing valuable data, and then holding it hostage in return for money. Companies risk exposing valued customer data as well as their own reputations, placing their credibility in disarray.