To define risks, learn where they come from, and what their effect on information assets and the operation of your company is. In this article learn about IT assets and risks.
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
With client-side security and JavaScript-related attacks staring us in the face these days, a probable question that many business owners or developers may ask is, “Can I truly determine if a third-party script is secure or not?”
Ransomware groups have shifted from the automated, ‘spray and pray’ tactics of yesterday to highly targeted, human-operated ransomware attacks, carefully crafted to find and encrypt your data and cause maximum critical service disruption.
$1.3 million BEC attacks on three large financial services companies in U.K. and Israel shows how far cyber criminals are willing to go and what they are capable of.
Swedish police will be given powers to deploy spyware on devices of suspected criminals. The spyware could turn on cameras, microphones, and access encrypted chat logs or images stored on the device.
Imperva found that bot traffic accounted for 40% of internet activity. Malicious scripts were responsible for 26% of website visits and could interfere with the COVID-19 vaccine.
The threat of cyber attacks on connected cars is getting very real as report shows majority of new smart vehicles from top 10 auto manufacturers are vulnerable and will be connected to Internet.
Cyber insurance premiums have jumped 73% in the U.S alone. Greater specificity over what is (and what is not) covered has become a feature of many updated policies, as has the expectation that companies need to have greater cybersecurity hygiene in place in order to qualify for insurance.
Recently, we examined some of the challenges that companies face in terms of the evolving privacy and data protection landscape - and how these challenges may require a whole new breed of information security professional. In this second part of the series we unpack the argument for a new role combining Chief Security Officer and Chief Privacy Officer in a rapidly evolving regulatory and threat rich environment. We also chat with Chief Security and Privacy Officer (CSPO) at a Fortune 500 company to get his take on the subject.
This article discusses why developer-first AppSec is the future and how organizations can evaluate tools that will help them adopt a developer-first approach.