Category Archives: Internet Security

Applying the 80/20 rule to cloud security – Help Net Security

The 80/20 rule, which was first introduced as Paretos principle in 1941 by American engineer Joseph Juran, suggests that 20 percent of your activities (in life, business, athletics, etc.) will account for 80 percent of your results. Simply put: work smarter, not harder.

How can we apply Paretos principle to cloud security? Within your security activities, what is the key 20 percent that will produce 80 percent of your results when it comes to reducing risk?

One effort that absolutely falls into the 20 percent bucket is reducing threat actor dwell time. Just like a small kitchen fire is far less damaging than a full house fire, the faster you can identify and respond to an incident the more likely it is you escape it without serious damage. If a threat is swiftly and effectively addressed following detection, then subsequent cost factors such as lost business and reputational damage are drastically reduced if not eliminated completely. The 80/20 rule at work!

A focus area to reduce threat actor dwell time is cloud security misconfigurations that accidentally expose data to the internet at large. Exposed data was the most cited cloud security incident (27 percent) and the biggest overall concern of leaders (64 percent) in Cybersecurity Insiders 2019 Cloud Security Report. Garner estimates that up to 95 percent of cloud breaches occur due to human error such as configuration mistakes. Fifty-one percent of companies publicly exposed at least one cloud storage service in 2018, according to RedLocks Cloud Security Trends report.

This presents a challenge because traditional security technologies like IDS/IPS or endpoint protection products are not designed to account for cloud workloads and whether or not they are configured properly. The 2019 Cloud Security report also found 66 percent claimed their traditional security solutions didnt work or were limited in the cloud. Major IaaS providers like Amazon Web Services (AWS) do offer native tools to monitor for misconfigurations, but it is still your responsibility to keep track of your cloud assets and integrate these tools into your security stack, which are both challenges in their own right.

Regardless, the principle of reducing dwell time still applies. More accurately, its about reducing the time that sensitive data is exposed to the internet. To accomplish this, organizations need to be able to execute on three fundamental steps:

If you cant execute these steps, youre more likely to end up in good company with others who have experienced cloud security breaches. Only 37 percent claim confidence in their cloud security posture and 41 percent admit a lack of expertise and training in their staff, according to Cybersecurity Insiders 2019 Cloud Security Report. Capital One, Dow Jones, FedEx and Tesla are some of the most notable companies that have experienced breaches due to exposed cloud services.

So, how to make the 80/20 rule work for you in this context?

Managed Detection and Response (MDR) services have emerged as one of the most effective options to help organizations reduce threat dwell time. MDR often represents a turnkey solution to bolster detection of and response to advanced threats that traditional security solutions miss.

As part of its industry-leading MDR platform, eSentire recently announced its esCLOUD portfolio of services to help organizations hunt and neutralize threats to IaaS and Software as a Service (SaaS) investments. It includes esCLOUD for IaaS, a service that monitors your AWS, Azure or Google Cloud Platform assets, responds and remediates exposed services on your behalf 24x7x365. A welcome addition to our MDR platform and to the 20 percent of security efforts that should drive 80 percent of your results in risk reduction.

To learn more, check out https://www.esentire.com/capabilities/managed-detection-and-response/cloud/escloud.

Read the original:
Applying the 80/20 rule to cloud security - Help Net Security

Internet Security Audit Market Report 2020: Acute Analysis of Global Demand and Supply 2025 with Major Key Player: Symantec, Intel Security, IBM,…

The Global Internet Security AuditMarket Research report provided by Reports Monitor is a detailed study of the Global Internet Security AuditMarket, which covers all the essential information required by a new market entrant as well as the existing players to gain a deeper understanding of the market. The Global Internet Security AuditMarket report is divided in terms of regions, product type, applications, key players and other important factors. The report also covers the global market scenario, providing deep insights into the cost structure of the product, production and manufacturing processes and other essential factors. The report also covers the global market scenario, highlighting the pricing of the product, production and consumption volume, cost analysis, industry value, barriers and growth drivers, major market players, demand and supply ratio of the market, the growth rate of the market and forecast till 2025.

TheTop Leading players operating in the market: Covered in this Report: Symantec, Intel Security, IBM, Cisco, Trend Micro, Dell, Check Point, Juniper Networks, Kaspersky, Hewlett Packard, Microsoft, Huawei, Palo Alto Networks, FireEye, AT&T Cybersecurity, AVG Technologies, Fortinet, ESET, Venustech, H3C Technologies, NSFOCUS & More.

To Download PDF Sample Report, With 30 mins free consultation! Click Here: https://www.reportsmonitor.com/request_sample/887996

With this global Internet Security Auditmarket research report, all the manufacturers and vendors will be aware of the growth factors, shortcomings, threats, and the lucrative opportunities that the market has to offer in the next few years. The Internet Security Auditmarket research report also highlights the revenue, industry size, types, applications, players share, production volume, and consumption to gain an understanding about the demand and supply chain of the market.

Product Type Coverage (Market Size & Forecast, Major Company of Product Type etc.):System Level AuditApplication Level AuditUser Level AuditApplication Coverage (Market Size & Forecast, Different Demand Market by Region, Main Consumer Profile etc.):GovernmentEducationEnterpriseFinancialMedicalAerospace, Defense and IntelligenceTelecommunicationOthers

Global Internet Security AuditMarket: Regional SegmentationNorth America(United States, Canada, and Mexico)Europe(Germany, France, UK, Russia, and Italy)Asia-Pacific(China, Japan, Korea, India, and Southeast Asia)South America(Brazil, Argentina, Colombia, etc.)Middle East and Africa(Saudi Arabia, UAE, Egypt, Nigeria, and South Africa)

Grab Your Report at an Impressive Discount! Please click [emailprotected]https://www.reportsmonitor.com/check_discount/887996

Years that have been considered for the study of this report are as follows:

What does the report offer?

Click to view the full report details, Reports TOC, Figure and [emailprotected]https://www.reportsmonitor.com/report/887996/Internet-Security-Audit-Market

Contact UsJay MatthewsDirect: +1 513 549 5911 (U.S.)+44 203 318 2846 (U.K.)Email:[emailprotected]

Read the original:
Internet Security Audit Market Report 2020: Acute Analysis of Global Demand and Supply 2025 with Major Key Player: Symantec, Intel Security, IBM,...

The Hidden Dangers of China’s Digital Silk Road – The National Interest

China switched on the largest commercial 5G network to date on October 31, 2019. Thats when Chinas three state-owned wireless carriers, China Mobile, China Unicorn, and China Telecom, unveiled 5G subscription packages. The wireless carriers noted that they would be charging customers for speed rather than data useand peak speed would cost around $45 a month. Beijing has promised that the next-generation network will unleash a technological revolution. The announcement is a message to the United States and the world that Chinas push toward 5G global dominance will not be slowed by U.S. opposition.

Chinas investment in next-generation technologies, including information communications technology (ICT), artificial intelligence, big data analytics, cloud computing, and blockchain among others has become a high priority under President Xi Jinping. A series of government directives, white papers, initiatives, and planning strategies have pushed Chinese tech firms toward the right technologies. This ambition to turn China into a global technological and cyber power is openly geopolitical in nature as the 2016 Outline of the National Strategy for Innovation-Driven Development shows: disruptive technologies are constantly emerging, continually reshaping the worlds competitive landscape, and changing the balance of power among states.

Beijings rapidly-expanding digital and telecoms infrastructure projectsall part of the Digital Silk Roadacross the Eurasian landmass will have real-world effects on the people who live within such systems, impacting systems of governance and state power over data. As Chinese tech firms export these complex ecosystems of technologies, norms, and standards in the Smart City and Smart Port programs, the United States and its allies will have to monitor how they impact recipient nations.

For while the normative impact of these technologies is of concern, it is their wider structural potential on the global order that is the most alarming.If one considers the constituent components of the Western orderfinance, banking, technological dominance, influence over market and trade rulesit is clear that Beijing is offering alternatives at every level, constructing a vast new order that suits its own preferences. Despite the disparate nature of Chinas activities, collectively they form the basis for future hegemony. In this article, we focus on three areas in which the PRC is using technology to advance its aims: values and governance, markets and trade, and shipping.

Values and Governance

As aforementioned, Smart Cities, built on the data-rich bedrock of 5G networks, integrate disparate information from different sources to create a centralized data-exchange platform critical to day-to-day operations of administrative, industrial, environmental, energy, and security systems. The premise is that a better-integrated and effectively-operated city boosts economic activity, and promotes sustainable growth into the future, a promising technology for many municipalities in South Asia where population growth is creating fast-growing new cities. However, China will export values and norms as it trains future users of its equipment, using research networks like the National Engineering Laboratory (NEL) for Big Data Application on Social Security Risks Sensing, Prevention and Control. A 2018 Freedom House report noted how China offers training packages to foreign officials on how to handle big data on public opinion management and new media development. ZTE has helped Venezuela surveil and control its population through a smart ID card system. Linked to Chinas satellite system, the cards store location data, financial information, banking transactions, healthcare, and even voting records. The government uses the cards to control access to public benefits. Some states are shaping their cyber laws to mimic those of China with Vietnam, Egypt, Tanzania, and Uganda, producing laws, not unlike the 2016 China Internet Security Law, which requires the collection and verification of users identities.

There is a very real danger that as the chief architect and administrator of these digital networks and Smart Cities, Beijing will have access to reams of data in recipient nations, either through intelligence-sharing pacts or through direct server accessanother requirement of the 2016 Internet Security Law. Access to this dataand the ability to harvest it using big data analyticswould give Beijing leverage in the form of kompromat, using sensitive information to influence key foreign leaders on issues critical to Chinese interests.

Markets and Trade

The proliferation of Chinese mobile payment appssuch as Alipay, Baidu Wallet, and WeChat Paywill increase the amount of financial data going through Chinese hands as all such transactions must pass through a Peoples Bank of China clearinghouse, Wanglian. This enables not only Chinese tech companiesbut also its state bankto know foreign financial transactions in real-time. Aside from the expansion of mobile Chinese electronic payments systems, Chinese-built ICT networks and systems across the Digital Silk Road push recipient nations to favor both Chinas currency and its companies. In addition to currency swap agreements with many BRI partners, China has made clear its intent to de-entrench the world economy from the dominance of the dollar. The Cross-Border Inter-Bank Payments System is thought by some to be a challenge to the U.S.-led Society for Worldwide Interbank Financial Telecommunication.

As Chinese fintech grows, Chinese firms will benefit from valuable consumer information, similar to how Amazon employs real-time search aggregation to gain insights into consumer trends and wants. Chinese companies can use artificial intelligence to assess real-time market needs on a global scale. Privileged companies can bring desired products to the market ahead of domestic or U.S. companies. Moreover, Chinese companies understand the exact capacities and needs of the host countries, giving them a distinct competitive advantage over both Western and local firms in product design and production. This advantage is likely to be particularly acute in areas that China believes to be strategically important, such as in autonomous vehicles, artificial intelligence, and the Internet of Things.

SLOC Transportation Pillar

One of the oldest pillars of hegemonic power has been controlling thesea lanes and the trade that takes place upon them. Eighty percent of global trade is transported by sea and nearly two-thirds of sea trade passes through Chinese-owned ports. As of 2019, Chinese State-owned enterprises like COSCO and China Merchants own forty-two major ports in thirty-four countries across the Eurasian and African coastlines. Here, Chinas Digital Silk Road and its Maritime Silk Road come together in the form of Smart Ports. Centralizing data and increasing automation will create efficiencies and automation in loading, thus increasing capacity.

In one network, the Big Data Risk Monitoring Platform at Nannings Customs Office tracks cross-border trade with twenty-six ports across Southeast Asia. This platform allows China to track the real-time status of goods, destinations, and relationships around the world. While shipping manifests do track the movement of goods, never before have ports had the capability to comprehensively map real-time global supply chains. This information allows for an unofficial sanction system that targets the goods of nations (or even individuals) that the PRC wishes to influence. Indeed, China has already done this in a low-tech way when it restricted Philippine banana exports from entering Asian markets between 2016 and 2018 over bilateral tensions related to the South China Sea.

The world is rapidly changing and there are signs that Chinas ambitions with the Belt and Road Initiativeand all its digital componentsare part of the sticky power of a new hegemony. Chinese leaders recognize that new disruptive technologies are harbingers of change for people-to-people contacts and can also change how states trade, police, and run their municipalities. Beijings promotion of its tech firms across the Eurasian landmass allows for the future exploitation of international data for political effectallowing Chinese leaders to set rules, create norms and standards, and to control trade and political activity. We are entering an age of competition and it is not only between nations but between ideologies and the states that host them.

Dr. John Hemmings is an associate professor at the Security Studies College of the Daniel K. Inouye Asia Pacific Center for Security Studies, a US Department of Defense regional center as well as a senior associate fellow at the Henry Jackson Society, a London-based think tank. He writes in his own personal capacity.

Patrick Cha is an intern at the Daniel K. Inouye Asia Pacific Center for Security Studies. He is a 2019 graduate of the Woodrow Wilson School of Public and International Affairs at Princeton University.

Image: Reuters

Read more here:
The Hidden Dangers of China's Digital Silk Road - The National Interest

Students Showed Trend Micro a World Without the Internet – Business Wire

DALLAS--(BUSINESS WIRE)--Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global leader in cybersecurity solutions, through its Internet Safety for Kids and Families (ISKF) program, today announced the winners of its Whats Your Story? 2020 video competition. This years challenge was to create an impactful video around the question, If the internet disappeared today, what would your life be like?

Contestants and schools across 22 states and 2 provinces submitted entries focused on a variety of topics ranging from the fears of economic impact to the relief of being freed from devices in order to do new things offline. Judges for this years competition included representatives from TikTok, Twitter, iCanHelp, MediaSmarts, the National Association for Media Literacy Education, the Cyberbullying Research Center, and ConnectSafely.

Every year we are utterly amazed at the creativity of our contestants. This year we received entries from familiar cities, provinces and schools and welcomed new ones stretching as far as Hawaii and Alaska, said Lynette Owens, global director of the Internet Safety for Kids and Families program for Trend Micro. However, what inspired us most by this years entries was how the youngest generation sees a world that has always had the internet. We did not just see negative reactions, but many that expressed relief, hope, curiosity and the determination to move forward in what would be a new world.

The grand prize in the individual category was awarded this year to Kunwoo Kim of Honolulu, HI for the entry The Perfect Plan. This entry gave judges a short glimpse into his perfect day and how reliant we are as individuals on the internet, and what changes would occur for him without it. Runner-ups included Anna Tai of Carmel, IN who submitted an inspirational animation The Aha Moment and Brad Kendrick of Logan, UT who poked fun at his own internet reliance through Chads No Internet Life.

For the school category, the grand prize was issued to teacher Zachary Mondres and the Rocky Run Film Club of Chantilly, VA. The entry A Dream Pursued focused on a young girl who realizes that without the weight of the internet pushing on her she could pursue her dream of playing basketball for her school team. Runners-up included student Coble Hartman of Alexander Early College of Taylorsville, NC for a dystopian view of an internet-free world in 2 Months After and student Isaiah Gonzalez and Long Branch High School, Long Branch, NJ who submitted A Day Without the Internet calling upon viewers to try 24 hours without internet access.

Whats Your Story? is an annual international competition that encourages students to explore multiple issues related to safe, responsible and successful technology use. Unlike most video contests, participants must both submit an entry and demonstrate that they can be an advocate for their own message. Contestants are asked to encourage their fans and communities to view and rate their entries as evidence of this advocacy. A complete list of the 2020 winners and finalists, past winners, and more about the contest can be found at whatsyourstory.trendmicro.com.

About Trend Micro Internet Safety for Kids & Families

Founded in 2008, the mission of Trend Micro's Internet Safety for Kids & Families is to enable and empower kids, parents, teachers, and schools around the world to make the Internet a safe and secure place for today's youth. ISKF does this through a worldwide employee volunteer program, grants and donations to eligible organizations, strategic partnerships with organizations working to protect youth, educational programs, and a robust series of online tips and solutions for parents, educators, and youth. For ISKF's free Internet safety tips, tools and advice, visit: https://internetsafety.trendmicro.com/.

About Trend Micro

Trend Micro Incorporated, a global leader in cybersecurity solutions, helps to make the world safe for exchanging digital information. Our innovative solutions for consumers, businesses, and governments provide layered security for data centers, cloud environments, networks, and endpoints. All our products work together to seamlessly share threat intelligence and provide a connected threat defense with centralized visibility and control, enabling better, faster protection. With more than 6,000 employees in over 50 countries and the worlds most advanced global threat intelligence, Trend Micro secures your connected world. For more information, visit http://www.trendmicro.com.

Read more:
Students Showed Trend Micro a World Without the Internet - Business Wire

Android anti-virus products put to the test which are the best at stopping new malicious apps? – Graham Cluley Security News

Ok, Google. Thats not good.

If theres one clear message you can take away from the latest real-world test of Android security products, its that relying upon Google to protect your smartphone isnt really good enough.

Independent anti-malware testing lab AV-Test pitted 17 Android security apps, including Androids own built-in Google Play Protect, against nearly 6,700 malicious apps.

3,300 of the malicious apps were considered totally new having been discovered in the previous 24 hours. The remainder of the malware, described as the reference set, was compromised of what AV-Test described as particularly widespread apps that have already been in circulation for up to four weeks.

Six of the 17 apps tested (Antiy AVL, Bitdefender Mobile Security, Cheetah Security Master, Norton 360, Trend Micro Mobile Security, and Kaspersky Internet Security for Android) achieved a perfect real-time detection rate of 100% against the totally new malicious apps and the additional reference set.

The apps from AhnLab, G Data and McAfee performed admirably too detecting 99.9% in the real-time detection test, and a perfect score against the reference test set

But Googles Play Protect fell far behind with just a 37% detection rate against the new malicious apps seen in the past 24 hours, and 33% against Android malware seen in the preceding four weeks.

To make things even worse, Google Play Protect incorrectly false alarmed on 30 harmless apps misidentifying them as malicious.

As AV-Test explains, the message is pretty clear for Android users who want to reduce the chances of malicious apps running on their smartphone:

As the detection rates of Google Play Protect are really quite poor, the use of a good security app is highly recommended.

Whats worrying about that is, in my experience, most Android users havent installed a security app onto their phone perhaps assuming that its not necessary, or more trouble than its worth.

Despite these disappointing results for Google Play Protect, its worth remembering that one of the best things Android users can do to reduce their exposure to malicious apps is to only install apps from the official Google Play marketplace rather than side-load apps from third-party sources.

The rest is here:
Android anti-virus products put to the test which are the best at stopping new malicious apps? - Graham Cluley Security News

Internet security Market 2020 | Applications, Challenges, Growth, Shares, Trends and Forecast To 2026 – Packaging News 24

The report on the Internet security Market is a compilation of intelligent, broad research studies that will help players and stakeholders to make informed business decisions in future. It offers specific and reliable recommendations for players to better tackle challenges in the Internet security market. Furthermore, it comes out as a powerful resource providing up to date and verified information and data on various aspects of the Internet security market. Readers will be able to gain deeper understanding of the competitive landscape and its future scenarios, crucial dynamics, and leading segments of the Internet security market. Buyers of the report will have access to accurate PESTLE, SWOT, and other types of analysis on the Internet security market.

Global Internet security Market was valued at USD 32.67 Billion in 2017 and is projected to reach USD 61.42 Billion by 2025, growing at a CAGR of 8.2% from 2018 to 2025.

Get | Download Sample Copy @ https://www.verifiedmarketresearch.com/download-sample/?rid=5846&utm_source=PN24&utm_medium=003

Popular Players

Competition is a major subject in any market research analysis. With the help of the competitive analysis provided in the report, players can easily study key strategies adopted by leading players of the Internet security market. They will also be able to plan counterstrategies to gain a competitive advantage in the Internet security market. Major as well as emerging players of the Internet security market are closely studied taking into consideration their market share, production, revenue, sales growth, gross margin, product portfolio, and other significant factors. This will help players to become familiar with the moves of their toughest competitors in the Internet security market.

The report is just the right tool that players need to strengthen their position in the Internet security market. It is also the perfect resource that will help players to sustain their lead or achieve a competitive position in the Internet security market.

Key Players Mentioned in the Internet security Market Research Report:

Top Segments

The segmental analysis section of the report includes a thorough research study on key type and application segments of the Internet security market. All of the segments considered for the study are analyzed in quite some detail on the basis of market share, growth rate, recent developments, technology, and other critical factors. The segmental analysis provided in the report will help players to identify high-growth segments of the Internet security market and clearly understand their growth journey.

Ask for Discount @ https://www.verifiedmarketresearch.com/ask-for-discount/?rid=5846&utm_source=PN24&utm_medium=003

Leading Regions

The authors of the report have analyzed both developing and developed regions considered for the research and analysis of the Internet security market. The regional analysis section of the report provides an extensive research study on different regional and country-wise Internet security markets to help players plan effective expansion strategies. Moreover, it offers highly accurate estimations on the CAGR, market share, and market size of key regions and countries. Players can use this study to explore untapped Internet security markets to extend their reach and create sales opportunities.

Get Customized Report in your Inbox within 24 hours @ https://www.verifiedmarketresearch.com/product/global-internet-security-market-size-and-forecast-to-2025/?utm_source=PN24&utm_medium=003

Highlights of the Report

About Us:

Verified market research partners with clients to provide insight into strategic and growth analytics; data that help achieve business goals and targets. Our core values include trust, integrity, and authenticity for our clients.

Analysts with high expertise in data gathering and governance utilize industry techniques to collate and examine data at all stages. Our analysts are trained to combine modern data collection techniques, superior research methodology, subject expertise and years of collective experience to produce informative and accurate research reports.

Contact Us:

Mr. Edwyne FernandesCall: +1 (650) 781 4080Email: [emailprotected]

TAGS: Internet security Market Size, Internet security Market Growth, Internet security Market Forecast, Internet security Market Analysis, Internet security Market Trends, Internet security Market

Read more:
Internet security Market 2020 | Applications, Challenges, Growth, Shares, Trends and Forecast To 2026 - Packaging News 24

Eight ways to improve cyber-hygiene in the enterprise – Security Boulevard

Good hygiene keeps you safe and healthy, as well as others around you. Its the same with cyber-hygiene the sets of practices that organizations are increasingly adopting in a structured way to complement their technological layers of cyberdefense. We highlight cyber-hygiene in many of our publications alongside regularly updated education programs, it can be very effective in preventing and mitigating cyberattacks. Here are eight ways to improve your cyber-hygiene, starting today.

One of the reasons data breaches happen is that its too easy for employees to be complacent about cyberthreats the risks are largely invisible to the untrained eye. This is often compounded by an overconfidence about security infrastructure. A resulting perfect storm of cybersecurity has nothing to do with me and cyberattacks never happen to our department can have disastrous repercussions when, for example, a complacent employee receives a sophisticated phishing email that compromises the entire organization.

This is where cybersecurity culture is invaluable. Becoming a company with a strong cybersecurity culture means adopting responsibility for cyber protection as a shared value of the organization. Think in terms of this is how we do things at this company. Ultimately, the Board needs to show leadership on cybersecurity culture and get buy-in from all levels.

Another problem is helping staff understand the connection between their behavior and the cyber-risk profile of the employer organization. The opsec team should never be the only group within a company that knows how to identify potentially malicious activity. A continual program of spreading awareness ensures constant vigilance and reduces the chances of disruption and financial loss.

When educating your people about cyber-risks, concentrate on what they can influence. A seminar on botnets, for example, has limited relevance beyond establishing wider context. So focus on things like phishing emails and social engineering techniques that attackers use to steal user credentials.

The end user is both the weakest and the strongest link in the chain. Expose your people to real-world threat simulations and test them regularly to identify those needing extra coaching and support. This can transform users from a potential weak spot in your security apparatus to a powerful defensive asset.

Each organizations threat profile is unique so it pays to understand it as much as possible, and gear user training programs to suit. Be cautious with generic e-learning modules that use scenarios that arent applicable to your sector and dont match your users day-to-day experiences.

A regular schedule of pen-testing is crucial to safeguarding data and should be carried out by a qualified third party. Ensure you act upon all critical advisories.

You can go even further with a subset of designated red-team employees. Red-teaming is where your own people try to outfox security defenses without warning. Not only does this keep company personnel on their toes (see above in relation to both awareness and practice), but it also uncovers potential weak spots in security posture that you can subsequently improve.

Regularly scanning computers, networks and applications for known weaknesses is an essential hygiene measure its success rests on the freshness of the insights and your ability to manage and prioritize patching efforts.

Use threat intelligence to scan outside the network to detect leaked, stolen and even sold user credentials in underground marketplaces. IT security teams can apply this intelligence to locate the sources of the initial attacks and patch vulnerabilities to ensure additional breaches do not occur through that vector.

Another feature of advanced threat intelligence is the ability to gain qualified, contextual insights into the actual threat actors and campaigns affecting your organization or sector. Graphical representations of kill chains mean you can practise on highly realistic attack simulations ahead of time, patching potential vulnerabilities and minimizing your attack surface.

Passwords are regularly exploited by attackers because simple security measures are not consistently enforced. A recent Tripwire survey of IT security professionals found that one-third do not require users to change default passwords. Many organizations also fail to crackdown on things like password reuse, employees sharing credentials and users forming passwords with dictionary-based words.

While organizations have increased their use of two-factor authentication to protect access to critical data, attackers have become more adept at circumventing this with stolen passwords. An improved measure is multi-factor authentication (MFA) where more than two factors are required. This is particularly effective in conjunction with one-time passwords (OTPs), which typically expire within 5 minutes and remove the need for users to memorize multiple passwords or place them in a password vault that will inevitably come under attack.

The Center for Internet Security (CIS) offers a diligently researched and updated set of 140+ free to access configuration guidelines for operating systems, cloud providers, server software and desktop software as well as mobile, network and even multifunction print devices. Developed and accepted by government, business and academia, base-level versions of the benchmarks can be implemented simply and rapidly, while more detailed level 2 benchmarks address the needs of the most security-conscious organizations. The US DoDs Defense Information Systems Agency (DISA) publishes similar materials in the form of Security Technical Information Guidelines (STIGs).

Validating your approach with these best-practice benchmarks is labor-saving, plus it allows you to benefit from world-class security resources. Each institution regularly updates its canon in line with system versions and high-level changes to the overall threat landscape.

The key to emerging from cyberattacks intact is discovering them as fast as possible. It suits the cyberattacker to remain silently undetected, particularly when motivated by commercial gain rather than conspicuous disruption. However, not everyone uses fit-for-purpose threat intelligence, which is why the average timelag is 206 days. And each day that attacks go undetected enables attackers to compromise more data. Literally billions of data records were exposed in 2019, many from exploits that lay undetected for weeks if not months.

The problem of spotting new devices on your network is exacerbated by the rapid growth in IoT endpoints. 57% of IT security pros said it takes them hours, weeks or longer to detect these far too long given that cyberattackers only need a few minutes within which to launch a successful attack.

There are lessons to be learned outside of the cyber paradigm, at those sectors where the mindset needed to adopt standard safety hygiene has evolved to become second nature. You cant help but notice it on construction sites in the form of bold signage, specialist apparel and regular inspections.

On hospital wards its less visible but just as ingrained: despite all the advanced drugs and technological therapies money can buy, washing hands and keeping dressings clean is the baseline for medical care.

Thats the objective your organization should have for cyber-hygiene; make these measures so obviously beneficial for everyone that it becomes fully ingrained.

The post Eight ways to improve cyber-hygiene in the enterprise appeared first on Blueliv.

Recent Articles By Author

*** This is a Security Bloggers Network syndicated blog from Blueliv authored by Joshua Hoppen. Read the original post at: https://www.blueliv.com/cyber-security-and-cyber-threat-intelligence-blog-blueliv/improve-cyber-hygiene-enterprise/

Originally posted here:
Eight ways to improve cyber-hygiene in the enterprise - Security Boulevard

iboss Wins Customer Service Department of the Year – Computer Services Silver Award in the 2020 Stevie Awards for Sales and Customer Service – Yahoo…

The Stevie Awards Recognize iboss for Outstanding Customer Service and Support

LAS VEGAS, March 4, 2020 /PRNewswire-PRWeb/ -- iboss was presented with a Silver Stevie Award in the Customer Service Department of the Year - Computer Services category in the 14th annual Stevie Awards for Sales & Customer Service.

The Stevie Awards for Sales & Customer Service are the world's top honors for customer service, contact center, business development and sales professionals. The Stevie Awards organizes eight of the world's leading business awards programs, also including the prestigious American Business Awards and International Business Awards.

The awards were presented to honorees during a gala banquet on Friday, February 28 at Caesars Palace in Las Vegas, NV. More than 600 executives from the U.S.A. and several other nations attended.

More than 2,600 nominations from organizations in 48 nations of all sizes and in virtually every industry were evaluated in this year's competition. Winners were determined by the average scores of more than 180 professionals worldwide on seven specialized judging committees.

iboss, the leader in cloud delivered network security, secures Internet access on any device, from any location, in the cloud. Built for the cloud and border-less organizations, the iboss cloud delivers Internet security in the cloud as a Network Security as a Service solution. iboss solves the challenges related to the cloud-first future including user mobility and exponential bandwidth growth due to applications moving to the cloud by leveraging the cloud to deliver infinite capacity for Internet security. The iboss cloud platform ensures all Internet traffic is secured for compliance, web filtering, malware defense and data loss at all times. With its unique patented containerized cloud architecture, found in no other vendor, iboss cloud can ensure a smoother and more seamless transition to the cloud than any other cloud security vendor on the market.

"We are thrilled to be honored as a Silver Stevie Award winner for Sales and Customer Service," said Paul Martini, Co-founder and CEO of iboss. "This recognition reflects our customer service team and their tireless effort to support our customers' security needs, especially at a time where secure cloud connectivity is a critical part of everyday life."

The 2020 IDC iboss Research Study found that organizations using the iboss cloud platform have significantly reduced risks related to security breaches, non-compliance, and revenue-impacting security events as they establish a more cost-effective security environment by minimizing hardware and bandwidth requirements. iboss provides fast and secure cloud access so that employees can be productive as they work in the office, on the road, or at home. The iboss cloud simplifies securing Internet access by delivering security in the cloud so that the protection follows the user, providing protection at all times.

The 2020 Stevie Award Judges commented on the award-winning iboss cloud platform during the submission review process:

"Stevie Award winners from around the world should be very proud of their achievements. The judges were impressed with the vast range of nominations submitted for 2020 and have agreed that their accomplishments are worthy of public recognition," said Stevie Awards executive chairman, Michael Gallagher.

Details about the Stevie Awards for Sales & Customer Service and the list of Stevie winners in all categories are available at https://stevieawards.com/sales.

About iboss iboss is a cloud security company that provides organizations and their employees secure access to the Internet on any device, from any location, in the cloud. The iboss cloud platform provides network security as a service, delivered in the cloud, as a complete SaaS offering. This eliminates the need for traditional network security appliances, such as firewalls and web gateway proxies, which are ineffective at protecting a cloud-first and mobile world. Leveraging a purpose-built cloud architecture backed by over 190 issued and pending patents and more than 100 points of presence globally, iboss protects more than 4,000 organizations worldwide. To learn more, visit http://www.iboss.com.

Story continues

About The Stevie Awards Stevie Awards are conferred in eight programs: the Asia-Pacific Stevie Awards, the German Stevie Awards, the Middle East Stevie Awards, The American Business Awards, The International Business Awards, the Stevie Awards for Great Employers, the Stevie Awards for Women in Business, and the Stevie Awards for Sales & Customer Service. Stevie Awards competitions receive more than 12,000 entries each year from organizations in more than 70 nations. Honoring organizations of all types and sizes and the people behind them, the Stevies recognize outstanding performances in the workplace worldwide. Learn more about the Stevie Awards at http://www.StevieAwards.com.

Sponsors of the 14th annual Stevie Awards for Sales & Customer Service include HCL Technologies, Sales Partnerships, Inc., and ValueSelling Associates, Inc.

SOURCE iboss

Original post:
iboss Wins Customer Service Department of the Year - Computer Services Silver Award in the 2020 Stevie Awards for Sales and Customer Service - Yahoo...

The Top 8 Concerns for CISOs in 2020 – Security Boulevard

Although a relatively new corporate position, Chief Information Security Officers (CISOs) are becoming an integral part of the corporate hierarchy as enterprises begin to take security concerns more seriously. Its a smart move considering that in 2019 security breaches cost companies on average $3.92 million. Now in 2020, CISOs are facing accelerating old threats along with some brand new ones. Here are the top eight CISO concerns of 2020:

In a recent study published by Fortinet, when asked what to expect in terms of threats in the new year, CISOs named hackers as their biggest concern. They expressed particular concern about hackers arming themselves with adversarial AI systems capable of breaching networks entirely undetected.

Many companies are shifting from storing their data on site to hosting it in the cloud, which while newer, is less secure and creates a myriad of ways for hackers to invade systems. Multiple clouds, growing mobile connectivity, proliferating IoT devices, and software-defined networking (SDN) combine to form the perfect storm for an attack. CISOs need to be prepared to combat security threats on a variety of fronts. Thus, CISOs need a single screen that at a glance shows multiple streams of network traffic to keep track of whats going on.

Organizations are racing to outpace their competitors, better serve their customers, and get a handle on new security technologies. With the advent of the Internet of Things (IoT)in particular, cybercriminals are finding easy new entry points to targeted networks. Coupled with the acceleration of mergers and acquisitions, this rapid pace of change has created a virtually borderless world of data. As borders get erased, cybersecurity threats and third-party risks grow more imminent.

A well-developed cybersecurity team poses the most reliable threat to hackers. However, because global demand for IT security professionals has outstripped supply, positions can be hard to fill. Gartner predicts that the number of unfilled cybersecurity roles will hit 1.5 million by the end of 2020. Lacking a solid support team can distract a CISO from critical issues, reducing resources to properly manage cyber risks. Its not just having warm bodies to fill the roles that are a problem, however. In Fortinets Global Internet Security Survey, 40% of businesses expressed an increased need for employee learning and development, including teaching awareness of security threats and tactics to prevent them. And fully 20% of respondents in the survey cited a lack of development as a factor that leads to stress and burnout. Helping security professionals stay on top of the latest changes in the industry is also a major concern for CISOs this year.

People are the weakest link in the network security chain. For instance, an employee who falls for a phishing scam can introduce malware into the companys network. Or a staff member can access sensitive information on their mobile device while connected to public networks, elevating the risk of a data breach and letting hackers dodge even the most sophisticated systems. Disgruntled employees may also choose to leak confidential information, making the complete security of company information virtually impossible.

One employees reckless action can leave CISOs vulnerable as the CISO is responsible for all aspects of IT risk management. Of course, CISOs cannot control each employees actions, yet those very actions pose the greatest security threat to the organization. This discrepancy will be keeping many CISOs up at night. Thats why they need to review corporate information security policies regularly and proactively introduce new training materials to educate employees on cybersecurity risks.

IBM puts the average cost of a data breach at $3.92 million. Ironically, however, cybersecurity isnt top of mind at most organizations when budget line items are getting funded. Often thats because its difficult to show a clear return on investment. At smaller organizations or local governments, the problem may simply be the lack of financial resources to reduce cyber threats. Although cybersecurity risks are growing in prominence and corporate boards are taking a greater interest in these threats, many CISOs still have difficulty securing larger budgets.

CISOs face increasingly stringent data protection regulations driven by the dual threat of privacy invasions and increasing cyberattacks. Consequently, corporate security leaders must align their organizations security structures with new, often extremely rigorous proposed laws in addition to meeting the incumbent regulations.

The three challenges noted beforehackers, an expanding attack surface, and the opportunities needed for a security teamare compounded by the current technological landscape. The speed of technological growth and its resulting complexity means the major threats CISOs have to manage will only grow with time.

CISOs will face new security challenges each year, requiring them to keep pace with the constant revolutions of the technology world. This pace, however, is accelerating rapidly. The Fortinet survey mentioned above noted additional issues CISOs raise concerns about, ranging from risk management to strategy security tool proliferation and cybersecurity awareness. These increasingly varied risks in 2020 will put CISOs in an unenviable but critical position in the corporate hierarchy.

2019 Data Breaches By the Numbers

MixMode Now Supports Amazon VPC Flow logs

Featured MixMode Client Success Story: Nisos

A Well-Equipped Security Team Could Save You Millions of Dollars a Year

Network Data: The Best Source for Actionable Data in Cybersecurity

3 Cyberthreats Facing Federal and State Governments in 2020

Staying CCPA Compliant with MixModes Unsupervised AI

Follow this link:
The Top 8 Concerns for CISOs in 2020 - Security Boulevard

2020 Premium Ethical Hacking Certification Bundle Is Up For A Limited Time Discount Offer Avail Now – Wccftech

Cybersecurity is no joke. By now if you think it is a joke, then my friend you are on the wrong planet. Internet security has become extremely essential not just to protect your privacy but also to prevent valuable data from being stolen. There is a great demand for security experts and you cannot go wrong by learning more about it. Wccftech is offering limited time discount offer on the 2020 Premium Ethical Hacking Certification Bundle.

The bundle is extensive and contains 8 superb courses. Each course will train you on Ethical Hacking and in no time at all, you can add it to your resume. This will help you stand out from your peers and put your career in an over drive in just a few days. All the courses have been designed by experts who have years of experience in the relevant fields. So, you are in safe hands. Here are highlights of what the 2020 Premium Ethical Hacking Certification Bundle has in store for you:

Original Price 2020 Premium Ethical Hacking Certification Bundle: $1,600Wccftech Discount Price 2020 Premium Ethical Hacking Certification Bundle: $59.99

Share Submit

Read this article:
2020 Premium Ethical Hacking Certification Bundle Is Up For A Limited Time Discount Offer Avail Now - Wccftech