New NIST Privacy Framework together with its existing Cybersecurity Framework provide a road map on cyber industry security, data handling standards and best practices for organizations.
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
Hackers exploited a zero-day vulnerability in antivirus software that caused a data breach at Mitsubishi Electric, exposing technical and sales materials, and personal data of over 8,000 employees.
Companies globally are facing a shortage in cybersecurity talent that could be managed through training with the four Es, i.e. education, efficiency, embracing and engagement, in mind.
Microsoft announced a breach where they uncovered misconfigured security rules in one internal database that exposed 250 million customer service records for almost whole of December.
Owner of a botnet has leaked the access credentials for more than 515,000 servers and claimed they were changing business models to make use of cloud service providers instead.
Phishing scam perpetrated by attackers posing as vendors cheated the school district of approximately $2.3 million before the business compromise scheme was discovered about a month later.
DICOM medical records systems that are commonly used to store sensitive images were found to expose billion of medical records just by scanning the server IP addresses and known ports.
Companies are turning to AI to defend their networks and make up for a lack of personnel, but will it be smart enough to recognize a real threat with hackers developing their own AI-powered tools too?
U.S. government-funded Android phones are found to contain unremovable pre-installed malware that leaves the phone vulnerable to invasive advertising and auto-installation of apps without user’s permission.
A new phishing attack started to surface where hackers leverage on Microsoft OAuth apps to steal user credentials from SharePoint and OneDrive users using official Office 365 login page.










