Cybersecurity

RSS

Attackers shifted tactics in Q2 2020, with a 570% increase in bit-and-piece DDoS attacks compared to the same period last year, according to the new Nexusguard Q2 2020 Threat Report. Perpetrators used bit-and-piece attacks to launch various amplification and elaborate UDP-based attacks to flood target networks with traffic.

Seven in every ten CISOs (71%) believe cyberwarfare is a threat to their organization, and yet just over a fifth (22%) admit to not having a strategy in place to mitigate this risk. This is especially alarming during a period of unprecedented global disruption, as half of infosec professionals (50%) agree that the increase of cyberwarfare will be detrimental to the economy in the next 12 months.

Keren Elazari, CISSP, Security Analyst, Researcher, and Public Speaker, kicked off GSX+’s fourth day with a keynote address on the future of cybersecurity. Elazari, a former hacker turned cybersecurity expert, is an internationally celebrated speaker, researcher, and author on all matters of cybersecurity. Her 2014 TED talk, viewed by millions, helped shape the global conversation about the role of hackers and the evolution of cybersecurity in the information age.

Previously, school districts dealt with securing their systems at both the district and school level. But now, teaching, learning and working are all happening at home simultaneously. It’s messy, far more complicated, and gives our cyber and IT teams significantly less control over networks and security than there was when traditional in-school learning was the norm. It’s especially crucial we keep our security measures tight, even if it feels like an uphill battle.

As users receive more security awareness training, their ability to effectively deal with security threats increases, reveals a new study by MediaPRO, co-sponsored with Osterman Research. The report also found that boring security awareness training doesn’t make employees want to be secure.

To get buy in from the entire organization on your role as a security professional, share these basic elements of an effective cybersecurity strategy with the rest of the C-suite.

Using memes as propaganda, employing sophisticated communication networks for both planning and recruiting, making use of both fringe and private online forums and organizing militias to inspire lone wolf actors for violent action have proven to become tried-and-true tactics by extremist online communities seeking to expand their influence in recent years. According to the Network Contagion Research Institute (NCRI) report, presented by the Rutgers Miller Center for Community Protection and Resilience, Network-Enabled Anarchy: How Militant Anarcho-Socialist Networks Use Social Media to Spread Violence Against Political Opponents and Law Enforcement, militant and extremist groups have taken to social media and online forums to plant hateful, anti-Semitic and/or revolutionary ideas in the public eye, which are often disguised with humor or through using coded language.

Government organization Enterprise Ireland put on a cybersecurity panel discussion yesterday tackling a wide range of subjects as it relates to cybersecurity, private and public sector roles and responsibilities, and even managing cybersecurity for organizations with a huge global reach operating in multiple countries. 

The Information Security Forum (ISF) announced the launch of ISF Aligned Tools Suite 2020, bringing together 14 ISF tools and cross reference aids, including a rebuilt Benchmark platform and the new IRAM2 WebApp. Aligned to the latest version of the Standard of Good Practice for Information Security 2020 (SOGP 2020), the suite – which also includes Security Healthcheck, Supply Chain accelerator tools and SOGP 2020 cross-references – helps ISF Members demonstrate compliance with international standards and assure security across their external suppliers.

A ransomware attack last spring at Simon Fraser University (SFU) reportedly compromised the personal information of about 250,000 students, faculty and alumni. Information included student and employee identification numbers, full names, birthdays, course enrolments and encrypted passwords.