What's cyber security?

Computer security, cybersecurity or information technology security (IT security) is the security of computer systems in the theft of or damage to their own hardware, applications, or digital information, in addition to in the disruption or misdirection of their solutions they supply. The area is becoming more important because of greater reliance on computer technologies, the web and wireless system standards like Bluetooth and Wi-Fi, and as a result of development of "smart" devices, such as televisions, smartphones, and the numerous devices which constitute the"Internet of things". Due to its complexity, both regarding science and politics, cybersecurity can also be one of the significant challenges in the modern world.

What's cyber security?

Organizations face many threats to their data systems and information. Knowing all of the fundamental elements to cyber safety is the first step to fulfilling these threats.

Types of cyber security.

The reach of cyber protection is broad. The core regions are explained below, and some other fantastic cyber security plan must take all of them into consideration.

Critical infrastructure includes the cyber-physical systems which society is based on, for example, electricity grid, water purification, traffic lighting and hospitals. Plugging a power plant to the world wide web, as an instance, makes it vulnerable to cyber attacks. The solution for associations accountable for critical infrastructure would be to carry out due diligence to safeguard recognize the vulnerabilities and protect from them. Everyone else must evaluate the way an attack on critical infrastructure that they rely on could impact them and develop a contingency plan.
Critical infrastructure.
Critical infrastructure includes the cyber-physical systems which society is based on, for example, electricity grid, water purification, traffic lighting and hospitals. Plugging a power plant to the world wide web, as an instance, makes it vulnerable to cyber attacks. The solution for associations accountable for critical infrastructure would be to carry out due diligence to safeguard recognize the vulnerabilities and protect from them. Everyone else must evaluate the way an attack on critical infrastructure that they rely on could impact them and develop a contingency plan.
Network security guards against malicious intrusion in addition to malicious insiders. Ensuring network security frequently requires trade-offs. By way of instance, access controls like additional logins may be required, but slow down productivity. Tools used to track network safety create a great deal of information -- so much that legitimate alarms are often overlooked. To help better handle network security monitoring, safety teams are using machine learning how to flag abnormal traffic and alert to risks in real time.
Network security.
Network security guards against malicious intrusion in addition to malicious insiders. Ensuring network security frequently requires trade-offs. By way of instance, access controls like additional logins may be required, but slow down productivity. Tools used to track network safety create a great deal of information -- so much that legitimate alarms are often overlooked. To help better handle network security monitoring, safety teams are using machine learning how to flag abnormal traffic and alert to risks in real time.
The business's move to the cloud generates new safety challenges. By way of instance, 2017 has seen nearly weekly information breaches from badly configured cloud cases. Cloud suppliers are creating new safety tools to help business users secure their information, however, the bottom line remains: Moving into the cloud isn't a panacea for performing due diligence in regards to cyber security.
Cloud security.
The business's move to the cloud generates new safety challenges. By way of instance, 2017 has seen nearly weekly information breaches from badly configured cloud cases. Cloud suppliers are creating new safety tools to help business users secure their information, however, the bottom line remains: Moving into the cloud isn't a panacea for performing due diligence in regards to cyber security.
Application security (AppSec), especially web application security, has become the weakest technical point of attack, but few organizations adequately mitigate all the OWASP Top Ten web vulnerabilities. AppSec begins with secure coding practices, and should be augmented by fuzzing and penetration testing. Rapid application development and deployment to the cloud has seen the advent of DevOps as a new discipline. DevOps teams typically prioritize business needs over security, a focus that will likely change given the proliferation of threats.
Application security.
Application security (AppSec), especially web application security, has become the weakest technical point of attack, but few organizations adequately mitigate all the OWASP Top Ten web vulnerabilities. AppSec begins with secure coding practices, and should be augmented by fuzzing and penetration testing. Rapid application development and deployment to the cloud has seen the advent of DevOps as a new discipline. DevOps teams typically prioritize business needs over security, a focus that will likely change given the proliferation of threats.
IoT describes a huge array of crucial and non-critical cyber physiological systems, such as appliances, sensors, printers and safety cameras. IoT devices often ship in an insecure condition and give little to no security, posing risks to not just their customers, but also to other people online, since these devices frequently find themselves part of a botnet. This presents special security challenges for the home users and society.
Internet of things (IoT) security.
IoT describes a huge array of crucial and non-critical cyber physiological systems, such as appliances, sensors, printers and safety cameras. IoT devices often ship in an insecure condition and give little to no security, posing risks to not just their customers, but also to other people online, since these devices frequently find themselves part of a botnet. This presents special security challenges for the home users and society.
Companies with cloud-first strategies are growing in number as the benefits of cloud have become more apparent and appetizing in the fallout of the COVID-19 pandemic. However, simply having a cloud-first strategy doesn’t guarantee success in the cloud, cost savings and increased agility. Similarly, security remains a pervasive threat if a process for mitigation is not built into the very foundation of your cloud strategy.

The IoT security bill is a step in the right direction, as it addresses one of the biggest gaps in software security overall -- generating awareness. But, as the use of connected devices continues to exponentially grow over time, we must ask ourselves: is it enough? Let’s explore.

LexisNexis Risk Solutions released its biannual Cybercrime Report covering July 2020 through December 2020, which details how the evolving threat landscape created new opportunities for cybercriminals around the world, particularly as they targeted new online users.

Original research from CybelAngel takes a look at how cybercriminals plan healthcare-related fraud, ransomware and other attacks by obtaining stolen credentials, leaked database files and other materials from specialized sources in the cybercrime underground.

The Cybersecurity and Infrastructure Security Agency (CISA) and AVANGRID, a sustainable energy company providing services in 24 states, conducted a virtual tabletop exercise to test and identify the safety procedures AVANGRID has implemented since the beginning of the COVID-19 pandemic and identify additional procedures necessary to ensure employee safety operations and business continuity in the out years.  

Two large phishing attacks, aimed at a combined 10,000 victims, spoofed emails from FedEx and DHL Express in an attempt to steal their targets' business email account credentials.

The Phoenix Suns Arena will install 26 X-ray inspection systems, adding a new layer of protection to attendees against potential threats such as weapons and explosives. It also will help intercept other prohibited items, and reduce hands-on searches.

Local governments, including counties and municipalities, face unique cybersecurity challenges that can too easily disrupt the delivery of mission-critical services. With continuous threats of ransomware and other malicious attacks to derail day-to-day municipality function, like water infrastructure, waste management and more, the security of these entities is of top national priority. Here, we talk to Mike Hamilton, CISO for government cybersecurity firm, CI Security, about the biggest threats to the U.S. critical infrastructure.

Lookout Inc. released its Government Threat Report, which examines the most prominent mobile threats affecting federal, state and local governments in the United States. Lookout data reveals that U.S. government organizations are increasingly targeted by credential stealing mobile attacks and exposed to hundreds of vulnerabilities from outdated operating systems and risky apps.

 There are numerous solutions organizations can implement to mitigate risks associated with employee use of corporate connected devices in the execution of personal business. In this article, we will delve a bit deeper to explain the pros and cons of implementing a few of the more common solutions. It is important to note, that regardless of the solution, an effective awareness and training program for employees is the number one most effective safeguard for your organization.

Finnish IT service company TietoEVRY has been hit by a ransomware group.

Canadian airplane maker Bombardier announced that it suffered a breach that exposed employee, customer, and supplier data.

Joseph LeMire will serve as North Carolina-based Elon University’s Chief of Campus Safety and Police. 

GitHub announced Mike Hanley as its new Chief Security Officer (CSO).

Jaguar Racing announced that it has partnered with enterprise software provider Micro Focus, ahead of season seven of the ABB FIA Formula E World Championship. Initially, Micro Focus will provide technology to deliver high-performance advanced analytics and machine learning to ensure the Jaguar team performs at top speed for winning results. Micro Focus will also conduct a cyber resilience assessment workshop to help the team identify any potential risks and gaps in their cybersecurity posture.

The cybersecurity authorities of Australia, New Zealand, Singapore, the United Kingdom, and the United States have released Joint Cybersecurity Advisory AA21-055A: Exploitation of Accellion File Transfer Appliance.

As cybercriminals continue to revel in the surge of employees using weak or vulnerable methods to remotely access workplace systems, organizations are increasingly looking to boost overall security by eliminating passwords, and instead opting for passwordless authentication. Here, we talk to Shimrit Tzur-David, CTO of Secret Double Octopus, about recent developments in this technology. 

Erik Antons, Chief Security Officer of Whirlpool Corporation gives Security his first-hand account of his inspired career in security, including navigating a layoff and coming out on the other side.

Indeed, over the past few years, ransomware operators have shifted tactics, moving from widespread targeting intended to collect smaller ransoms from several entities to being more selective in what organizations are targeted and setting larger ransom amounts. One recent tactic revealed ransomware operators using virtual machine to evade detection, which was quickly adopted by other groups.

A new study finds that one in four consumers admit to using their work email or password to log in to consumer websites and applications such as food delivery apps, online shopping sites and even dating apps.

On Feb. 22, 2021, the “Minnesota Consumer Data Privacy Act” (MCDPA) was introduced in the Minnesota House of Representatives. The MCDPA is now the primary candidate to become Minnesota’s omnibus consumer privacy law. To learn more about the MCDPA and privacy regulations, Security magazine spoke to attorney Nadeem Schwen, from Winthrop & Weinstine, who has been at the forefront of this bill’s creation and leads data privacy work for the firm. 

The Department of Homeland Security will allocate $1.8 billion in grants to state and local jurisdictions to protect against terrorism and other disasters, with at least $77 million specifically going toward combatting domestic violent extremism.

Malwarebytes’ Threat Intelligence analysts  introduced a new APT group they have named LazyScripter, presenting in-depth analysis of the tactics, techniques, procedures, and infrastructure employed by this actor group.

With 94% of organizations reporting an identity-related breach at some point, getting a solid Identity Governance and Administration initiative off the ground and scaling it is no longer a nice-to-have, but a need-to-have. 

As the global pandemic forces more people to work remotely than ever before, it’s important to take steps to protect both your personal and company data from online threats.

Quantum computing, the use of quantum phenomena such as superposition and entanglement to perform computation, is expected to impact many sectors, including healthcare, energy, finance, entertainment, and security. Before this large-scale impact is achieved, several challenges need to be overcome, and security leaders should start preparing for this change, says Sergey Strakhov, Chief Technology Officer at IronCap. Here, we talk to Strakhov about the impact quantum computing will have on security and the potential risks it poses.

Netskope revealed new research showing that the majority of all malware is now delivered via cloud applications, underscoring how attackers increasingly abuse popular cloud services to evade legacy security defenses putting enterprise data increasingly at risk. The findings are part of the February 2021 Netskope Cloud and Threat Report, which analyzes the most interesting trends on enterprise cloud service and app use, web and cloud-enabled threats, and cloud data migrations and transfers. 

Contact center call volumes will vary from industry to industry and from month to month, but the general trend is steeply upward.  Adding new agents isn’t the only or even the most efficient way that contact center managers can respond to the great COVID crunch of 2021. A properly deployed Interactive Voice Response system can make workloads manageable for agents while keeping customers from long and frustrating minutes on hold. Still, new options for callers may correspond to new opportunities for attackers. 

The International Foundation for Protection Officers (IFPO) is announcing today that funding has been secured for a security research project that will aim to provide comprehensive data on the roles and responsibilities of today's security officers, including insights into their ever-evolving role.

In a report titled, “COVID-19 Vaccine Security Assessment,” analysts at G4S detail the security threats – both physical and cyber – associated with vaccine distribution across the U.S. and around the globe.

According to a new study by Zebra Technologies, nearly two-thirds (67%) of retail shoppers are concerned with surface sanitation or social exposure in stores. To better accommodate customers, retailers must deploy technologies that aid in compliance with social distancing measures, mask mandates, and sanitation practices. Through the use of security solutions, like hands-free two-way audio, video surveillance, access control, and artificial intelligence (AI)-driven analytics, business owners can better protect employees and customers.

The WebsitePlanet research team in cooperation with security researcher Jeremiah Fowler discovered a non-password protected database that contained more than 1.5 billion records. The database belonged to American cable and internet giant Comcast, and the  publicly visible records included dashboard permissions, logging, client IPs, @comcast email addresses, and hashed passwords. 

David Pekoske, Senior Official Performing the Duties of the Deputy Secretary of Homeland Security, met with local law enforcement officials and the National Football League (NFL) to review Department of Homeland Security (DHS) operations to help ensure the safety and security of employees, players, and fans during Super Bowl LV.  Dozens of federal agencies and components, including DHS, contributed to security measures seen and unseen in connection with the Super Bowl.

The restaurant chain, El Pollo Loco, was looking for a way to cut false alarm costs and deter crime. By switching to a managed service provider for its physical security management, the restaurant chain has been able to save significant money each year in false alarm costs, as well as receiving better overall value from its current systems.

A new study by (ISC)², conducted in 2020, revealed that the cybersecurity profession experienced substantial growth in its global ranks, increasing to 3.5 million individuals currently working in the field, an addition of 700,000 professionals or 25% more than last year’s workforce estimate. The research also indicates a corresponding decrease in the global workforce shortage, now down to 3.12 million from the 4.07 million shortage reported last year. Data suggests that employment in the field now needs to grow by approximately 41% in the U.S. and 89% worldwide in order to fill the talent gap, which remains a top concern of professionals.  Security experts, like Sarah Tatsis, VP of Advanced Technology Development Labs at BlackBerry, believe women can help solve the cybersecurity workforce shortage. Here, we speak to Tatsis about why women are needed and valued in the ongoing fight against cybercriminals.

Tinder, the world’s most popular app for meeting new people, has achieved certification for its Information Security Management System (ISMS) under the ISO/IEC 27001:2013 standard following an extensive impartial external audit — becoming the first app in its category to achieve a certification decision for this globally recognized security standard. 

Emergency communications are changing. At the City of Stamford, Conn., Joe Gaudett, Director of Emergency Communications says that his biggest focuses right now are keeping his staff safe and secure; having enough resources; and using technology to continue to function and respond safely and efficiently to serve its citizens. Learn how Gaudett and the city of Stamford have responded to COVID-19 and implemented new technologies to help ensure operational efficiency and increase safety and security.

Each week. Kastle Systems has been monitoring access control data to find out building occupancy among American enterprises and determine which cities remain the most open amid COVID-19 and the work-from-home movement.

As part of an initiative to enhance safety and security as well as support for staff and more than 17,000 students, Trinity College Dublin implemented a technology which helps first responders better pinpoint the location of calls for help, emergencies and other incidents.

A more foundational goal is to make security and compliance part of the development process from the start. This is a transition that requires DevOps to bring along risk, security and compliance teams into the shared responsibility of making the organization resilient to change. But bringing the idea of shared responsibility to fruition can be difficult because there is a natural tension between DevOps and SecOps, as they have different charters and cultures. DevOps can be seen as more of a do culture (Atlassian calls this a “do-ocracy”) and SecOps can be seen as a control culture and they are inherently in conflict. To fulfill the promise of teaming for shared responsibility, DevOps and SecOps should align on three key objectives: collaboration, communication and integration.

Hagerty Consulting, a firm specializing in emergency management and homeland security consulting, announced the addition of Lee Mayfield as the company’s first Director of Response.

Arkose Labs released new data on the latest fraud trends that reveal a massive spike in fraud across all industries from Black Friday onwards. As consumers continue to flock online in droves greater than ever before, credential stuffing, account takeover (ATO) attacks and gift card fraud are poised to be top attack vectors in 2021.

Internet usage in 2020 rose sharply compared to pre-pandemic levels. More online activity also drove more consumer consciousness around what happens to their online data; nearly three-quarters (72%) of Americans say they are "very concerned" to "extremely concerned" about their online privacy, according to a new Startpage study.

Hackers broke into a water treatment facility in Florida, gained access to an internal ICS platform and changed chemical levels, making the water unsafe to consume. 

How can electronic access control solutions and other devices like biometrics technologies be configured to help mitigate unauthorized entry through swing doors and turnstiles? Here, we’ll take a look at swing doors and turnstiles first, then the high security revolving doors and mantrap portals.

While Artificial Intelligence (AI) has already been introduced into medical facilities – revolutionizing the research and development methods of critical disease treatments, it’s also bringing about a transformation in healthcare security operations. With technologies such as smart cameras and IoT platforms to better manage field level operations, healthcare organizations are seeing the possibility of a more streamlined, efficient and cost-effective way to manage their facilities.

COVID-19 wasn’t the only thing to sweep the globe in 2020 — the year also brought a wave of privacy legislation. Major players, including Brazil, Canada and China, all introduced privacy legislation that closely aligns with the EU General Data Protection Regulation. And in the U.S., California debuted the highly anticipated California Consumer Privacy Act (CCPA) and quickly followed up by approving the California Privacy Rights Act of 2020 (CPRA), which modifies the existing CCPA obligations and introduces new ones. So, what’s in store for 2021?

What are the consequences to the organization, to the cities they reside in, to workplace efficiency and, of course, to the evolving security landscape? The answers are unknown, but the opportunities are plentiful.

In a recent State of DDoS Weapons Report for H2 2020, which covers the second half of 2020, researchers saw an increase of over 12% in the number of potential distributed denial of service weapons available on the internet, with a total of approximately 12.5 million weapons detected. So how can organizations defend against this common and highly damaging type of attack?

Your next home will be connected in creepy ways. It will take a while, but eventually every machine and device in your house will talk to everything else, and Consumer Electronic Show (CES)-born inspiration will be at their roots. From e-toothbrushes to connected e-toilets that can detect a health issue (Really!), the items in your home will be controlled via the internet and will be everywhere. But what does that mean for security?