Week in review: Shifting security priorities, phishing manipulation tactics, new issue of (IN)SECURE

Here’s an overview of some of last week’s most interesting news and articles:

Why identity verification needs to be a part of your digital transformation strategy
Here are three key reasons why identity verification needs to be part of your company’s digital transformation strategy.

(IN)SECURE Magazine issue 59 released
(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics.

Manipulation tactics that you fall for in phishing attacks
No matter which attack scheme they use, cybercriminals understand one simple fact: all human beings are vulnerable. More than any other method of attack, malicious actors prey on a company’s workforce. Here are three common cyber-crime techniques people fall for.

Data breaches make companies underperform the market in the long run
While the share prices of companies that experienced a sizeable/huge data breach suffer just a temporary hit, in the long term breached companies underperformed the market, an analysis by consumer tech product review and comparison site Comparitech has shown.

How do you protect digital channels from cyber threats?
A well-thought out and managed social media presence is a must for most companies and their workforce, but too few of them think about the potential repercussions of an attack targeting it.

Security priorities are shifting in response to increased cybersecurity complexity
The increased complexity of the IT environment, combined with increasingly sophisticated attacks and a rapidly evolving threat landscape, is causing organizations to invest more money in cybersecurity and start to focus on the impact of cyber threats and cybersecurity from a business perspective.

Building security into DevOps versus bolting it on
In this podcast, Hari Srinivasan, Director of Product Management for Qualys, talks about building security into DevOps versus bolting it on, specifically for containers.

Security data reveals worldwide malicious login attempts are on the rise
According to the Akamai 2018 State of the Internet / Security Credential Stuffing Attacks report, worldwide malicious login attempts are on the rise.

New Magecart victims ABS-CBN and Newegg are just the tip of the iceberg
With the Magecart attackers compromising web shops left and right, online shopping is becoming a risky proposition. After Ticketmaster, British Airways and Feedify, two new Magecart victims have been identified: the broadcasting giant ABS-CBN and online retailer Newegg.

How to create a Hall of Fame caliber cybersecurity playbook
Whether the sport is football, basketball or hockey, all the best coaches have playbooks and reports with the latest information on opponents. They study the playing field and never go into a game unprepared, spending hours fine tuning strategies, whether that’s finding the perfect angle to swoop past defenders or knowing an offenses’ weakness and stopping them dead in their tracks. Cybersecurity should be no different.

ENISA launches Cybersecurity Strategies Evaluation Tool
The European Union Agency for Network and Information Security (ENISA) has launched a tool that will help EU Member States evaluate their priorities according to their National Cyber Security Strategies.

Data privacy automation: Unlock your most valuable asset
In years past, data privacy was the purview of the chief privacy officer. However, increasingly, CTOs are being tasked with operationalizing a data privacy solution for the company. That’s because data privacy is fundamentally a data issue, with privacy being an outcome of a comprehensive data protection strategy.

83% of SMB owners have no cash put aside to deal with the fallout from a cyber attack
Although the average cost for small and medium-sized businesses to recover from a cyber attack is estimated to be $120,000, 83% of SMBs do not have any money reserved to get back to business as usual should a breach occur. A quarter were unaware it would cost money to put things right.

Malicious hacking activity increasingly targeting critical infrastructure
In this podcast, Andrew Ginter, VP of Industrial Security at Waterfall Security Solutions, and Edward Amoroso, CEO of TAG Cyber, talk about how the traditional focus of most hackers has been on software, but the historical focus of crime is on anything of value. It should come as no surprise, therefore, that as operational technology (OT) and industrial control system (ICS) infrastructure have become much more prominent components of national critical infrastructure, that malicious hacking activity would be increasingly targeted in this direction.

Why humans are necessary to the threat hunting process
As threat actors’ TTPs and attack strategies change, the one constant behind all attacks is that they are human-driven (at least until Skynet becomes self-aware). Understanding an attacker’s motives and tendencies can help organizations make the right strategic cybersecurity decisions.

Break out of malware myopia by focusing on the fundamentals
The ability to understand and prioritize cyber hygiene is the cure for overestimating malware’s impact, because it provides a statistically derived understanding that works as an antidote for malware myopia.

How to gain visibility with global IT asset inventory
In this podcast recorded at Black Hat USA 2018, Pablo Quiroga, Director of Product Management at Qualys, talks about how to gain unprecedented visibility with global IT asset inventory.

eBook: 9 Tips to Supercharge Your IT Security Career
This Career eBook explains employer challenges and how you can rise above expectations with the right certification. Request your copy today for 9 tips that will help you achieve more as an IT pro.

Key weapon for closing IoT-era cybersecurity gaps? Artificial intelligence
The Ponemon Institute study, entitled “How AI and Automation Can Close the IT Security Gap in the Era of IoT,” surveyed 4,000 security and IT professionals across the Americas, Europe and Asia, to understand what makes security deficiencies so hard to fix, and what types of technologies and processes are needed to stay a step ahead of bad actors within the new threat landscape.

New infosec products of the week​: September 21, 2018
A rundown of infosec products released last week.




Share this