WHY IT MATTERS: Digital Transformation

Most cyber attacks and data breaches remain the result of weak passwords. So, why are we still using them?

The cybersecurity skills gap has been plaguing enterprises for years—but despite garnering much discussion and media coverage, little progress is being made.

State of Cybersecurity 2020 looks at questions such as:

• How long does it take to fill a cybersecurity role with a qualified candidate?
• What percentage of cybersecurity candidates are qualified for the role?
• Is retention improving or worsening?
• Which cybersecurity skills are in the highest demand?
• Are HR teams informed partners in the search for qualified cybersecurity candidates?
• Are cybersecurity teams becoming more gender-balanced, and are diversity programs doing enough to help?
• What can companies do to staff up more quickly and find better-qualified candidates?

Attackers look for the path of least resistance. Recently, that path has shifted from enterprise networks to you and your devices for two reasons. First, as we have built more secure software and systems, it has made it harder to …

Protecting People cybersecurity threat report explores who’s being targeted, how they’re being attacked, and what you can do about it.

Every year, millions of fraudulent web domains are registered by threat actors looking to impersonate trusted brands. Using these domains, they launch phishing attacks or other scams.

What are the latest trends around fraudulent domains, and how can you protect your organization?

Download the report now to learn: 

• How threat actors create fraudulent domains
• What characterizes fraudulent and legitimate domains
• Which keywords and top-level domains (TLD) are trending
• How fraudulent domains use email to launch attacks

In 2018 I somewhat innocently bought very expensive coffee (Nespresso capsules) online from Ebay. What followed was a series of unexpected additional packages from the manufacturer Nespresso and a lurking suspicion that something had gone terribly--if not criminally--wrong as a result of my purchase. This talk chronicles the obnoxious amounts of obsessive research and tracking that became my new hobby--stalking Nespresso fraudsters and my decidedly non-technical attempts at developing a generic search profile and reporting the fraudsters to anyone who would listen, to include : the persons whose identities had been stolen, Nespresso, Ebay, and the FBI. Ultimately I just ended up with a LOT of coffee; a lingering sense that I had committed several crimes; and no faith left in humanity.

In 2019, we saw phishing attacks reach new levels of creativity and sophistication.

Based on an analysis of more than 5 billion daily emails, 200 million social media accounts, and 250,000 daily malware samples, we found that a small subset of individuals with high levels of access or privilege continue to receive the majority of targeted attacks.

Highlights include: 

• Among the most targeted malware and credential phishing attacks, nearly 30% targeted generic email aliases
• Individual contributors and lower level management accounted for 72% of highly targeted malware and phishing attacks
• Web-based attacks that use social engineering grew 150% vs. the previous quarter

Ensuring that your website or open web application is secure is critical. Even simple bugs in your code can result in private information being leaked, and bad people are out there trying to find ways to steal data. The web security oriented articles listed here provide information that may help you secure your site and its code from attacks and data theft.

A video explainer on the technology that’s changing the meaning of the human face.

The Dark Web is real, and your information might be for sale there. Here’s what your data is worth. The simple answer is this: about $45. This is how much, on average, a full set of information for a credit card is selling for, including a name, SSN, birth date, and CVV.

How to get off of people search sites like Pipl, Spokeo, and WhitePages.

How creepy is that smart speaker, that fitness tracker, those wireless headphones? We created this guide to help you shop for safe, secure connected products. Smart home gadgets, fitness trackers, toys and more, rated for their privacy & security.

you’ll learn about some of the expert roles that are often the hardest to find or are only required in specific situations. This paper details these roles, their responsibilities and the cross-functional processes that are required to successfully hunt for, respond to and prevent threats as part of a world-class security organization.

The home surveillance company owned by Amazon bragged on Instagram about taping millions of kids going door to door.

Institutions are crossing functional boundaries to enable collaborative resistance against financial cybercrime and fraud.

The growing cyber skills shortage drives security organizations to look for ways to mitigate the pain and danger that short-staffed security teams can experience. In its report, Security Organization Dynamics, Gartner outlines this ongoing challenge and notes how, “Persistent security skills shortages have forced security leaders to explore new ways of obtaining and managing security capabilities.”

Gartner points out that hiring may not be the only option for filling the gap, cautioning that, “Few, if any, enterprises can afford to perform all security functions in-house. Consider selective outsourcing of functions, especially those that are operationalized or ad hoc.”

Google is working on a new app for its Pixel smartphones that will use hardware sensors to detect an auto accident and automatically call emergency services if a person fails to respond.

We teamed up with researchers from New York University and the University of California, San Diego to find out just how effective basic account hygiene is at preventing hijacking. The year-long study, on wide-scale attacks and targeted attacks, was presented on Wednesday at a gathering of experts, policy makers, and users called The Web Conference.
Our research shows that simply adding a recovery phone number to your Google Account can block up to 100% of automated bots, 99% of bulk phishing attacks, and 66% of targeted attacks that occurred during our investigation.

Your web browsing history is the most lucrative piece of information that can be traded.

IoT has been and will be the talk of the town for many years to come. Learn the latest internet of things statistics, forecasts and facts for 2019.

The IoT is defined by everyday objects, interconnected via the internet in order to send and receive data. The reason why we connect these objects is simple: for convenience. To help you understand this technology better in 2019, we’ve created the following list of Internet of Things statistics.

Being able to arm your security system remotely, or start your washer, turn your lights on or off, or adjust the thermostat while being nowhere near them is a convenience our grandparents fantasized about. Looks like we will probably never have to worry about leaving the stove on again.

On average, in the US, using those three records, you could be correctly located in an “anonymized” database 81% of the time. Given 15 demographic attributes of someone living in Massachusetts, there’s a 99.98% chance you could find that person in any anonymized database.

Want to beef up your security online? Use these five cybersecurity practices to keep your data, banking, and personal information safe. Take control today!

US corporates are currently using facial recognition for everything from fast food orders to trying on makeup to issuing life insurance policies, and more.