Quantcast
Channel: cyber attacks – IT SECURITY GURU
Viewing all 12 articles
Browse latest View live

Fortinet Forms Exclusive Alliance with Exodus Intelligence

0
0

Fortinet today have announced a partnership with Exodus Intelligence designed to facilitate information sharing between the two organizations, to further protect enterprises across the globe from looming cyber threats.

In addition to the intelligence sharing elements of the partnership, both Exodus and Fortinet will work on the development of new customer-facing threat mitigation and incident response services.

Logan Brown, president of Exodus Intelligence, said that sharing threat intelligence was key to protecting organisations from cyber attacks. “Exodus specializes in unearthing these types of vulnerabilities [Zero-day exploits] and developing exploits to demonstrate the impact of such flaws. Combined with the broad breadth of threat intelligence the FortiGuard team provides, we expect our partnership to enable the discovery and prevention of many ongoing, covert cyber attacks and to further protect organizations from serious these threats.”

This is the second threat intelligence partnership that has been announced this week, following HP Security and AlienVault. IBM also announced this week that they are launching a new data-sharing exchange, opening up more than two decades worth of cyber-threat intelligence.

 

The post Fortinet Forms Exclusive Alliance with Exodus Intelligence appeared first on IT SECURITY GURU.


IDC/SAS Research: Sophisticated cyber-attacks demands better grasp of big data with more proactive analytics

0
0

Despite cyber-security having sky-rocketed to the top of boardroom discussion agendas, an average of 35 per cent of all cyber-attacks still go undetected.

Recent IDC research, sponsored by SAS, shows that organisations need to shift from reactive to proactive strategies that seek to understand a threat before an attacker can cause damage.

To do this, they require a new set of security solutions to match the increasing number and sophistication of attacks. SAS Cyber-security, which harnesses high-performance analytics to process and evaluate billions of daily network transactions in real-time, shrinks the time to detect security events and improves the efficiency of security operations.

In an earlier study from the Ponemon Institute2 86 per cent of respondents said detecting cyber-attacks takes too long, and 85 per cent weren’t prioritising incidents. Meanwhile, 40 per cent said their security products did not import threat intelligence from other sources.

“After more detailed evaluation of the challenges and gaps in the market, organisations need a more strategic approach to threats by augmenting existing security systems with more advanced behavioural analytics,” said Alan Webber of IDC. “Software vendors who have integrated a big data analytics platform at the core are well positioned to provide an additional layer of security protection and deterrence in the market.”

IDC interviewed information security executives, practitioners and industry experts across three industries: US federal government, financial services and energy. The goal was to understand the evolving cyber-security threat landscape and how big data and predictive analytics should be deployed to better address threats and risks they face every day.

The research explains that effective big data solutions must differ from existing, reactive “collect and analyse” methods since we now have technology to use information in timeframes and manners not possible in the past. To derive value from big data, organisations need behavioural analytics and frameworks like Hadoop to improve security at a much faster rate.

Industry implications and opportunities

For government, IT security is neither a small nor inexpensive problem. The US Computer Emergency Readiness Team (US-CERT) reported more than 46,000 incidents at US federal government agencies in 2013. IDC estimates US federal government agencies alone will spend over $14.5 billion in IT security to thwart attackers and address incidents. In addition to multilayered security defenses, government agencies have highly complex infrastructures composed of a range of technologies from older mainframe systems to cloud-based and mobile apps. By turning to predictive behavioural cyber-analytics, these agencies are able to shift toward a more proactive defence posture.

In the utility and energy industry, the IDC research found advanced and predictive analytics critical for advancing a wide array of cyber mandates, including regulatory compliance. Utilities are just beginning to appreciate the opportunities for threat identification and remediation that big data analytics deliver.

For financial services, cyber-security strategies remain atop the agenda. The IDC research predicted the financial services industry would spend over $40 billion in 2015 on managing operational risks, including cyber-threats. They noted that $27.4 billion would be earmarked for IT spend on information security and fraud. With shrinking response windows and the complexity of threats to digital channels, advanced, predictive threat intelligence solutions and services have become top items for chief risk officers, data officers, executives and regulators.

“Cyber-security may be the most critical area where big data can be a barrier to understanding the true threat landscape,” said Stu Bradley, Senior Director of Security Intelligence at SAS. “Yet, if optimised, big data presents a significant opportunity to add context for more accurate and faster threat detection.”

 

The post IDC/SAS Research: Sophisticated cyber-attacks demands better grasp of big data with more proactive analytics appeared first on IT SECURITY GURU.

Iran Accuses US of Cyber-Attacks Against the Iranian Oil Ministry Website

Lookers takes security up a gear with Hexis Cyber Solutions

0
0

Leading automotive retailer and distributor adopts next generation endpoint security solution to protect and secure sensitive business information

Hexis Cyber Solutions, Inc. (Hexis), a wholly-owned subsidiary of The KEYW Holding Corporation (Nasdaq: KEYW), has announced that automotive retailer and distributor, Lookers plc, is using its HawkEye G next-generation endpoint security solution in the UK and Ireland. HawkEye G is being used to protect Lookers’ business infrastructure against sophisticated cyber attacks to safeguard its reputation for outstanding business performance and continue its mantra of supporting ‘Customers for Life’.

“We’re very pleased to have Lookers as a customer. They strive to be an outstanding company that builds customer relationships which last for generations, and Hexis is excited to be a part it,” explained Chris Fedde, president of Hexis. “Their goal was clear, to go the extra mile in protecting customers’ sensitive data to maintain their trust and protect the foundations of its day-to-day operations. As a result, Lookers decided to look at a next generation endpoint security solution and ultimately chose HawkEye G. Hexis is thrilled to support a forward-thinking organisation so focused on protecting their customers,” said Mr. Fedde.

HawkEye G enables Lookers to detect, verify and respond to threats at machine speeds, enhancing the resiliency of its systems and its ability to safeguard its customers’ personal information and transaction data. Lookers has embraced the HawkEye G solution, implementing it across the UK and Ireland offices to more than 5,000 endpoints.

The platform enables Lookers to identify and take action against any new or existing threats on the endpoint and network. Lookers can now set policies for automated response based on HawkEye G’s proprietary ThreatSyncTM technology which correlates threat data and assigns each incident a severity score. Any threat that is serious will be prioritised as more severe and automatically remediated. While any threat that is scored between medium will be reviewed and remediated by the HSOC, a Hexis team of security experts that supports managed service customers.

“We recognised that in a sophisticated threat landscape, we needed to future-proof our business so that we have the secure foundations in place to build long-lasting customer relationships,” said Mark Valentine, head of information at Lookers. “By moving to more sophisticated and automated technologies, we now have the ability to prioritise our efforts on those areas that need immediate attention and quickly respond to any major threats. Through this approach, we have also taken the burden off our internal team, allowing them to focus on other areas that are important to our customers.”

The post Lookers takes security up a gear with Hexis Cyber Solutions appeared first on IT SECURITY GURU.

Survey shows lack of concern around cyber security from UK students

0
0

Students aren’t concerned about cyber security despite 77% seeing it as a growing threat.

Only 17% of students are genuinely concerned by cyber security despite it affecting many of them, finds a new survey by Jisc, the digital services and solutions organisation for UK education and research. Students are unsurprisingly more worried about grades (90%), but are also more often worried about money (79%) or friendships (53%).

The findings come as the Government is set to address the growing threat of cyber-attacks by doubling investment in cyber security for 2016, spending £1.9 billion over five years. The national cyber plan includes the development of a National Offensive Cyber Programme to counter cyber-attacks, and perhaps most critically, the goal of increasing the nation’s cyber skills.

Tim Kidd, executive director of Jisc technologies, said: “It’s no surprise that so many students view cyber security as a growing threat, recently there has been daily media coverage about new attacks on businesses, and over 15% of the students we asked have already had their personal e-mail accounts hacked.

“Students have many demands on their time and have grown up in a digital world, and have a low level of concern about cyber security. This may be as students feel they understand the security in place on their devices, 65% of the 406 students asked said they know how to protect themselves online from security threats, such as hacker’s phishing for their personal data.”

The survey also found that 35% of students see it as their own responsibility to learn about cyber security. Tim continues: “In a world that is becoming more digital by the day it is undeniable that students and education professionals may need to learn more about cyber security. There is no clear responsibility for the education of students in this area, but universities may find this becomes a focus for them in the future.”

Further results showed that 35% of students don’t know what security is available on their university/college computer, compared to 76% who are aware of the security on their own devices. Steve Kennett, head of operational services for Jisc, including the CSIRT (Computer Security and Incident Response Team) comments: “We provide security services and access to the global Internet, through our private Janet network, to UK universities and colleges. We monitor and resolve security incidents to protect users and make sure students have 24/7 access to resources. We also work closely with IT teams in education, but all this all goes on behind the scenes so it is no surprise that students aren’t fully aware of how secure their university or college network is, often more secure than a home broadband connection.

“Only 24% of students actually think their university network is more secure than their home network, but 16% had had their personal details hacked online, whereas only 4% had ever had their college or university emails hacked. This may demonstrate that more needs to be done to education students about the security of their network and on how they can help reduce cyber security threats at their institution.”

The subject of cyber security in education will be discussed and addressed by experts at Jisc’s network and technology conference, Networkshop44, on the 22-24 March 2016 at the University of Manchester. Please visit here to buy your ticket, or watch online.

The post Survey shows lack of concern around cyber security from UK students appeared first on IT SECURITY GURU.

Getting to Grips with Cyber-Security

0
0

Presented by
Bob Tarzey, Analyst and Director, Quocirca Ltd

The majority of organisations across Europe and UK now accept that targeted attacks are a serious problem. Quocirca’s presentation reviews recent research into the perception of cyber-threats, the impact they can have and the before, during and after measures organisations are putting in place to protect themselves against them. The presentation includes a preview of new research to be published in December 2015.

This webinar was hosted as part of Security Serious Week 2015 – to find out more about the campaign for cyber awareness in business, visit https://securityserious.com/ or follow them on twitter @SecSerious.

The post Getting to Grips with Cyber-Security appeared first on IT SECURITY GURU.

Forget about antivirus and phishing – cybercrime has industrialised and we need a new approach to combat it

0
0

Bernard Hogan-Howe’s comments are a recognition that things cannot continue as they are: banks are fighting an expensive, losing battle against cybercrime, and carrying the can for the overall slow response to the explosion in online fraud. Cybercrime has moved on, and while people do need to take more responsibility for their use of technology, his proposals aren’t the solution.

In the last decade, cybercrime has industrialised. It’s no longer the preserve of a small number of skilled hackers. Tools for carrying out sophisticated cyber-attacks are now cheap, mass-produced, and easily accessible. Hacking communities, discussion groups and online walkthroughs are plentiful and easy to find. The raw material for crime – personal information – is available at low cost and neatly packaged for resale in online marketplaces. It really is possible for anyone, aged 8 to 80, to get involved if they want to.

Unfortunately, simply installing antivirus software does not protect against these newly introduced and more sophisticated malware threats. Modern malware tools can hide code in apparently harmless files, meaning that antivirus can’t detect the danger until it’s too late. Of course, running antivirus is a necessary precaution, but it is just one component of a much larger strategy that needs to be undertaken to mitigate chances of fraud loss.

Similarly, phishing scams are now more sophisticated. It’s no longer about emails purporting to be from your bank, requesting sensitive details like passwords. Today, phishing scams are cleverly designed and carefully targeted using “social engineering” to entice individuals to click on malicious links. Phishing emails can appear to be from almost anybody or any organisation, and they’re believable because they’re built from personal information found online. While banks have improved their notification process when they come across one of these scams, cyber criminals cast such a wide net with this approach that it’s inevitable a small fraction of consumers will mistakenly click on links.

The above are just two scenarios that will raise the question of where does the burden of proof lie – on the organisation or the consumer. Even when the consumer does the right thing, they are still susceptible to fraud.

Fraud losses increase every year, and the scale has grown so quickly that our crime surveys have yet to properly account for it. Banks are expected to pick up the cost of the consumer fraud but it’s difficult to think of any other walk of life in which a product provider reimburses the consumer for goods they’ve had stolen.

Perhaps the time has come for proper online fraud insurance. However, if we’re rethinking this, it’s also time to encourage other parties to re-evaluate their approach to fighting this type of fraud. ISPs need to be encouraged to increase efforts to block malware and take responsibility for what is happening within their networks. Law enforcement should also change their thinking when it comes to fighting fraud more effectively. Cyber criminals are no longer computer savvy individuals. It’s not uncommon for a 13-year-old child to be committing these crimes from the comfort of his home.

While we all try to figure out an effective approach to industrialised cybercrime, here are some things consumers can do to better protect themselves:

Use two-factor authentication in email and financial accounts. Two factor authentication requires extra login credentials, in addition to your username and password, making the account more difficult for cyber criminals to access. For high value accounts, the added security is worth the extra time.

Enable automatic software updates. Updates are usually issued to address vulnerabilities.  Patching your system with the latest updates will reduce your exposure to malicious activity.

Monitor your personal information. Stolen personal information can lead to financial problems, if criminals take out credit in your name; or reputational damage, if the information is used in illegal activities. The risk can be mitigated with a fraud protection service, which monitors whether your personal or financial information is being used, as well as providing recovery assistance if it is.  You should also check your credit reference files regularly: if someone is making false applications for credit in your name, it will show up immediately.

Share with care on social media. Apparently innocuous details like your pet’s name or your birthday are common identity authentication questions on many sites, and thus useful to fraudsters.  Aggregation sites can collect information from multiple Internet sources, making it easy to build up a detailed picture.  According to a recent Javelin survey of identity fraud, some 54% of social media users have been the target of an identity threat, and those who are active users and share personal information are at increased risk.

 

The post Forget about antivirus and phishing – cybercrime has industrialised and we need a new approach to combat it appeared first on IT SECURITY GURU.

Former MI5 Director General Dame Stella Rimington to open IP EXPO Manchester 2016

0
0

Annual IP EXPO Manchester event welcomes the original ‘M’ to keynote programme

IP EXPO Manchester, part of Europe’s number one enterprise IT event series, has announced that Dame Stella Rimington, former Director General of MI5 and the real-life inspiration for ‘M’ in the James Bond series, will be the opening keynote speaker at this year’s event.

Taking place on Wednesday 18 and Thursday 19 May at Manchester Central, Dame Stella will open the free to attend event.  In a world of state sponsored cyber-attacks and ferocious debate around our privacy this is a rare opportunity to hear from a pioneer in the world of the secret service

Bradley Maule-ffinch, Director of Strategy for IP EXPO Manchester, says: “With impending legislation like the Investigatory Powers Bill hitting the news, plus new challenges the global technology industry now faces, such as Apple’s digital privacy battle with the FBI, state security versus the right to privacy is once again at the top of the national agenda. We are delighted to welcome Dame Stella Rimington to IP EXPO Manchester 2016, to share her insights.”

Dame Stella was appointed Director General of the MI5 in 1992, the first woman in history to take the post and the first Director General to be publicly named. She began her career with the British Secret Service as a Security Service employee in New Delhi, and has since held positions including Non-Executive Director of Marks and Spencer Plc and BG Group Plc, Associate Director of CPS and Chairman of the Institute of Cancer Research.

Renowned for her illustrious career with MI5, Dame Stella is recognised by millions as the inspiration for Dame Judi Dench’s portrayal of “M” in the James Bond series as the first female Director General of MI5 and the first to be publicly named.

New for 2016, IP EXPO Manchester is encompassing six events under one roof, covering all key aspects of enterprise technology, including Cloud and Infrastructure, Cyber Security, Data Centre, Data Analytics, DevOps and Unified Communications. Other speakers of note include James Akrigg, Head of Technology for Partners at Microsoft Ltd, Amazon Web Services technical evangelist Ian Massingham, and leading UK tech personality Dr Sue Black OBE.

For further information and to register for free, please visit: www.ipexpomanchester.com

About IP EXPO Manchester

IP EXPO Manchester is part of the IP EXPO event series, Europe’s number one enterprise IT event series, which also includes IP EXPO Europe in London and IP EXPO Nordic in Sweden. Launched by organisers Imago Techmedia in 2015, the event now encompasses six events under one roof including Cloud and Infrastructure, Cyber Security, Data Centre, DevOps, Data Analytics and Unified Communications.  Designed for those looking to find out how the latest IT innovations can drive and support their business and transition to a digital future

The events showcase brand new exclusive content and senior level insights from across the industry, as well as unveiling the latest developments in IT. It covers everything you need to run a successful enterprise or organisation.

For full details and to register free, visit www.ipexpomanchester.com

The post Former MI5 Director General Dame Stella Rimington to open IP EXPO Manchester 2016 appeared first on IT SECURITY GURU.


Russian hacker group Buhtrap targeting largest EU banks

0
0

The Russian government has begun working with Russia’s Central Bank to develop a package of measures aimed at fighting Buhtrap, the recently discovered  hacker group, which, to date, has stolen around RUB 4 billion (£42 million) from Russian and Western banks, and is reportedly planning further attacks on the EU banking system. An official spokesman of Xenia Yudaeva, the first Deputy Chairman of the Russian Central Bank, told SCMagazineUK.com that the hacker group uses sophisticated cyber-attacks, the most recent of which allowed it to steal about RUB 600 million £6.3 million) from Metallinvestbank, one of Russia’s largest banks.

Original Source: SC Magazine UK

View the full story here

The post Russian hacker group Buhtrap targeting largest EU banks appeared first on IT SECURITY GURU.

Spearphishing Reels in Big Profits

0
0

The dramatic increase in phishing attacks (especially spear phishing emails) in the last few months raises serious concerns among business corporations.

Join AppRivers security experts as they go through the process of such highly-targeted attacks, the ways users are usually approached and suggest how users can stay protected.

To get the latest insights from AppRiver,  sign up to their blog.

The post Spearphishing Reels in Big Profits appeared first on IT SECURITY GURU.

Retailers experience two cyber attacks every week

0
0

Retailers are responding to cyber attacks on average twice a week — this is according to the latest research from Zynstra, an enterprise-grade IT software provider. 16% of retailers said they experienced an attack or attempted attack every day, 11% said they responded 2-3 times per week, and 64% said once a month.

The incidence of cyber attacks was found to be especially high in the grocery industry with 29% of respondents dealing with attempted security breaches every day, and 55% every week. In other retail verticals, 65% of respondents in the sports and outdoor sector said they responded once a week, as did 49% of fashion retailers and 40% of department stores.

The research, conducted by independent survey consultants Censuswide on behalf of Zynstra, surveyed 300 IT professionals and C-level executives in the retailer sector in the UK and US.

“Taking care of a distributed branch network, from a maintenance and security point of view, can be extremely challenging,” says Nick East, CEO, Zynstra. “Looking at the high number of cyber attacks and attempted attacks shines light on the ongoing battles that retail IT is facing in terms of workload, particularly when it comes to security basics like patching and performing updates.”

This is reflected in the research, with 55% of retailers applying security upgrades and patches across their branch network at least once a week; with 12% doing it daily, and 77% once a month. In addition, when asked about the frequency of backing up critical in-store data across their branch network, 75% do so once a week, with almost half of respondents (46%) doing it daily.

The pattern is similar across a range of retail industries; sports and outdoor (79%), department stores (70%), electrical stores (69%), DIY (65%), grocers (61%) and Fashion stores (60%).  

Despite the frequency of patching, applying updates and backups, only 33% of retailers are very confident that their branch network is secure, with the major concerns being that back-up data will not be restored quickly enough in the event of a cyber event (37%), and that patches and upgrades are not applied in a timely manner (22%).

 “There is little doubt that IT teams are responding as best they can to mitigate the cyber threat, but despite their action, confidence in retail IT branch security remains a challenge. This lack of confidence points to the fact that a new approach is needed, one that takes the load off IT teams and increases assurance through the intelligent automation of processes required to keep branches secure,” concludes East.

The full research report can be downloaded here: https://knowledge.zynstra.com/insight-retail-branch-security/

The post Retailers experience two cyber attacks every week appeared first on IT SECURITY GURU.

Alert Logic announces results of cybersecurity professionals survey as they celebrate their 3-year anniversary in Cardiff

0
0

Alert Logic, a leading voice in the cybersecurity industry providing security-as-a-service solutions for the cloud has found that security professionals are most concerned about the development of advanced threats, in a survey conducted to understand where the industry sees cyber threats moving in 2018.

According to the results, conducted with 400 cybersecurity professionals, 62% cited the detection advanced threats as the most pressing issue facing them as we look towards 2018. Advanced threats are threats which are made up of complex and varied attack vectors, making them some of the most persistent, yet difficult to detect cyber-incidents that security professionals face, because of the combination of methods used by threat actors.

“Advanced cyber threats present the most arduous task for cybersecurity professionals, and the survey results bear this out,” said Oliver Pinson-Roxburgh, EMEA director at Alert Logic. “Cyber attacks are increasingly difficult to detect, as the security threats presented by malicious actors become increasingly bold and sophisticated, particularly when attacking web applications.”

In addition to this, lack of budget, skilled personnel and lack of security awareness amongst employees weighed in as the most significant obstacles facing cybersecurity teams, inhibiting their organisations from adequately defending against cyber threats.

The issue of skilled personnel holding back security protocol is something that Alert Logic have been working as a company to remedy. They recently celebrated the 3rd anniversary of their Security Operations Centre opening in Cardiff. Alert Logic have worked tirelessly to turn Cardiff into a cybersecurity hub, growing its team from 0 to approximately 130 people, providing highly skilled and well-paid IT jobs for both graduates and seasoned IT staff, and increasing the total UK staff to 180.

This has been possible, in part, as a result of the support provided by the Welsh government and close partnerships with the University of South Wales and Cardiff University as part of their efforts to help combat the cyber security skills gap in the UK.

“Alert Logic is a great success story for South Wales,” said Welsh Economy Secretary Ken Skates. “In just three years the company has firmly settled into the region, becoming a significant employer offering high paid specialist jobs. The company is an active member and contributor to the growing Welsh Cyber Security community.”

In addition, when asked about the business impact of security incidents, system downtime was highlighted as having the biggest impact. Interestingly, revenue impact was only cited as a relatively minor factor (16 percent), suggesting that either security teams have evolved their maturity to effectively manage risk or lack full visibility into the downstream business impact of security incidents.

So, whether it’s in establishing new cybersecurity hotspots in the UK, or polling the community for their most pressing issues, Alert Logic is a cyber company with its finger firmly on the pulse, who remain dedicated to improving cybersecurity as an industry, not just in their own business interests.

The post Alert Logic announces results of cybersecurity professionals survey as they celebrate their 3-year anniversary in Cardiff appeared first on IT SECURITY GURU.

Viewing all 12 articles
Browse latest View live




Latest Images