#Security Awareness

CISA Finalizes Internet Security Guidance on IPv6 Consideration

The Cybersecurity and Infrastructure Security Agency has published the finalized version of guidance made to help federal agencies securely adopt the latest internet protocol. The “IPv6 Considerations for TIC 3.0” document guides federal entities in implementing the Trusted Internet Connections 3.0 internet security initiative while transitioning to internet protocol version 6, CISA said Thursday.
Picture for CISA Finalizes Internet Security Guidance on IPv6 Consideration
Dark Reading

Looking Beyond Biden's Binding Security Directive

In November 2021, the Biden administration issued a binding operational directive that created two major tools to protect federal data and systems against cyberattacks. First, it established a formal, Cybersecurity and Infrastructure Security Agency-managed catalog of known-exploited, critical vulnerabilities; and second, it set forth the requirements for all federal agencies (and contractors) to remediate them. This new directive aims to protect government agencies from cyber-risks that could lead to significant intrusions into their networks and systems. As it turns out, federal agencies, like their private counterparts, face significant challenges when it comes to patch management.
Picture for Looking Beyond Biden's Binding Security Directive

County steps up cybersecurity

EDWARDSVILLE — Madison County officials are planning more than $360,000 in anti-virus software and security services improvements. “Cyber criminals are out there and we need to do what we can to protect the county’s IT (information technology) systems,” Chairman Kurt Prenzler said at Wednesday night's county board meeting.
Picture for County steps up cybersecurity

How to Build a Security Awareness Training Program

With increased digitization of everything post-pandemic, cybersecurity has become a top concern for global CEOs with almost half planning to increase cybersecurity investment by 9%, according to PwC. Since 85% of breaches involve human error, throwing more money at the problem by buying the latest cybersecurity technology may hit a point of diminishing returns. At its core, cybersecurity isn’t just a technical problem, it’s a human problem. Organizations need more than technology—they need employees as both their first and last line of defense; employees who embrace security awareness and who identify, avoid and flag activities and items that are of a suspicious nature.

Madison County Approves $360,000 For Technology Services

EDWARDSVILLE — Madison County officials approved agreements on Wednesday for more than $360,000 in anti-virus software and security services. “Cyber criminals are out there and we need to do what we can to protect the county’s IT systems,” Chairman Kurt Prenzler said. “Last year we saw ransomware attacks on the City of Alton, St. Clair County and Lewis and Clark Community College. Cybersecurity is important.”

Is Cyber Training Fit For Purpose?

For all the talk of criminal hacking, ransomware infections and the technologies to prevent them, the key to protecting your organisation is cyber security awareness training. Information security training empowers individuals to make better decisions, not only in how to recognise and respond to potential cyber attacks, but also to be sure they aren’t inadvertently putting data at risk in their day-to-day work.

Remote Working & Cybersecurity in Africa

In 2021, KnowBe4, Lynchpin and ITWeb conducted surveys across Nigeria, South Africa and Kenya to unpack how remote working was influencing the security paradigm for organisations. The survey found that a significant percentage of companies will very likely continue leveraging remote working. At the time of writing the report, 57%...

Box 2FA Bypass Opens User Accounts to Attack

A security bug in the file-sharing cloud app could have allowed attackers using stolen credentials to skate by one-time SMS code verification requirements. A security hole in Box, the cloud-based file-sharing service, paved the way for busting its multifactor authentication (MFA), researchers said – and it’s the second such MFA bypass they have discovered in the service so far.
Computer Weekly

Security Think Tank: Cyber training is useless without staff empowerment

In-house security training is often a knee-jerk, last-minute moment for most companies, and course development is typically crammed into a CISO’s workload, which is already sitting at 110%. It’s not that the content isn’t good, or the trainer inexperienced, it’s just that companies don’t really have the time to...

Proofpoint Joins the National Technology Security Coalition as a National Underwriter | #cybersecurity | #conferences

Proofpoint joins the NTSC as a National Underwriter. The National Technology Security Coalition (NTSC) announced that Proofpoint is joining the organization as a National Underwriter. We look forward to working with Proofpoint this year, when national cybersecurity policy will become more important than ever before.”. — Patrick D. Gaul. ALPHARETTA,...

Sacramento County CyberSecurity

What if every person in the United States – about 333,000,000 people – had tried to hack into Sacramento County government information systems in 2021?. The reality is that the amount would still be shy by roughly 27 million. Last year, there were a whopping 360 million unauthorized attempts to connect to Sacramento County information systems, and each of them was successfully blocked by network filters. At the same time, email filters were successfully blocking 145 million malicious email messages.

The Year that Operators Start Protecting Consumers Featured

2021 will, like 2020, be remembered as a pandemic year. But 2021 saw a phenomenon that was less present in 2020. Digitalization. What started in 2020 exploded in 2021 with the standardization of systems and processes designed to keep people apart. When people are physically separated, they will find ways of communicating, working and playing together from a distance. That is exactly what happened in 2021 and digitalization was a major part of that transition. With expanded digitalization, however, came a torrent of new cyberattacks, in various forms, which affected businesses, governments and individuals. The more we find ourselves online, the more the cybercriminals will find us there, too. At Allot, we have been following a number of developments that might not give 2022 the most optimistic glow as far as cybercrime is concerned. But we can also see the light at the end of the long tunnel. These are the trends and predictions that we expect to shape 2022.
Dark Reading

End Users Remain Organizations' Biggest Security Risk

With the rapid adoption of hybrid working environments and increased attacks, IT and security professionals worry that future data breaches will most likely be the result of end users who are negligent of or break security policy, according to a recent Dark Reading survey. The percentage of respondents in Dark Reading's 2021 Strategic Security Survey who perceive users breaking policy as the biggest risk fell slightly, however, from 51% in 2020 to 48% in 2021. Other potential issues involving end users showed improvements as well, with social engineering falling in concern from 20% to 15% and remote work worries halving from 26% to 13%.

Insider Threats: How to Combat Workplace Disinformation

Who hasn’t heard about disinformation or fake news? And for those responsible for security, who hasn’t heard about the risk of insider threats? Both issues are well known, but how disinformation can affect cyber risk management might not be so obvious. This article won’t tell you who’s right...

DevSecOps: 5 tenets to empower your workforce

The DevSecOps movement promotes a “shift-left” approach where security scans begin at the first commit and continue throughout the pipeline and beyond. Automation is pervasive and threats need to be identified and mitigated early and often. Developers are now tasked to write, build, secure, deploy, and potentially operate their own code.

The Hidden Benefits of Awareness Training for MSPs — CyberHoot

As a Managed Service Provider (MSP), you know your customers are serious about defending against cyberattacks, that’s part of the reason why they hired you. Data breaches are all too common these days, costing Small to Medium-sized Businesses (SMBs) an average of $108,000 in 2021 while Enterprises can pay up to several million dollars. In fact, 99% of security professionals that experienced a breach at their organization within the last two years agreed that it would have been preventable with the right measures in place. And, as the most common answer, 71% said that better security awareness training for users would have helped minimize or prevent those breaches. Currently, only 60% of MSPs offer it as part of their managed services offering.

Leaders’ Resolutions to Help Navigate the New Hybrid Work Model

Continuous review and improvement are integral to create a successful security program. Now, is the right time to look back on 2021 and prepare a few improvement resolutions for 2022. The biggest challenge currently is that of adapting to the pandemic-created hybrid office model. During the New Year, CISOs will...