It all began circa 1957, when a seven-year-old boy named Joe Engressia stumbled upon what would one day become a widespread threat to the phone system. When Engressia whistled into his telephone with perfect pitch at a frequency of 2600 Hz, the automatic switch disconnected the line from one end, leaving the other end wide open to call long-distance free of charge.
Read MoreFor some, the history of cyber-attacks might live in their minds as scenes from movies from as far back as Tron or Matthew Broderick in War Games. But in the real-world timeline of attacks in the digital sphere, these classics are preceded by cyber criminals who set the bar for future testers of cyber security. There are too many famous quotes about the need to and benefits of learning from history to include here, but the sentiment is worth repeating--looking back at the history of cyber-attacks helps develop a well-rounded security posture for today.
Read MoreSurvey after survey of cybersecurity and IT professionals echo the fact that breaches are becoming more difficult to defeat, digital risk management is ever-trickier, and the cyberthreat landscape is growing. Even just a couple of years ago, a strong security posture was easier to attain and maintain. Why is cybersecurity and breach protection so tough?
Read MoreArtificial intelligence (AI) is already changing the digital world, with Internet of Things (IoT) and operational technology (OT) devices flooding homes, workplaces, and nearly every aspect of daily life. Along with many benefits, including greatly improved cybersecurity [link to the previous post about AI as a security tool], AI has a dark side. Cybercriminals are employing AI tactics and automation, machine learning, and agile software development to more quickly and effectively discover and exploit security vulnerabilities.
Read MoreIn 2015, the CEO of an Austrian aircraft parts manufacturer was dismissed after he fell victim to a whaling attack that cost the company €40.9 (approx. $50 million at the time). Although whaling attacks aren’t new, they are becoming increasingly common, endangering not only the jobs of C-level employees but also the financial and brand security of the organizations they work for.
Read MoreA reformed cyber-criminal who popularized the term “social engineering attack” famously pointed out that “it is far easier to trick someone into handing over, say, their password than to go to the trouble of hacking them.” This approach has taken hold in the cyber-crime world, with social engineering and phishing attacks—when an attacker poses as an authority figure via email or a website to trick a victim into divulging sensitive data—costing businesses $676 million in 2017, according to the FBI. Now an even simpler attack is gaining traction.
Read MoreIf you check for the green padlock symbol in your browser to ensure you’re accessing a safe and legitimate site, you’re not alone. According to a 2018 PhishLabs survey, more than 80% of those surveyed thought the green padlock in the address bar guaranteed the legitimacy/safety of a website. The reality is the padlock doesn’t mean the site is legitimate and it doesn’t mean you’re safe from hackers.
Read MoreLife is hectic. As a result, we all look for ways to eliminate inconvenience, ease our stress levels, and save precious time. However, some comforts might come at too high of a price. Unfortunately, the auto-fill function on your browser might be a more of a risky convenience than most people realize. For years, security insiders have argued the dangers of the auto-fill function: the handy tool that automatically provides your name, address, phone number, and such for web page forms. It turns out, they are right.
Read MorePhishing has become a well-known term, even showing up in prime-time commercials and rolling off the tongue of tech-savvy, scam-weary seniors. Despite the widespread awareness of phone, email, and even in-person phishing scams, new and creative attacks remain the bane of security staff. The latest phishing threat gaining traction? Cloud-based documents.
Read MoreA recent report from Nielson predicts credit card fraud will result in more than $31 billion in losses by 2020. And, e-commerce fraud attacks increased by more than 30% from 2016 to 2017, according to credit reporting agency Experian. So how are attackers getting away with fraud and how can you protect your business credit cards?
Read MoreOnline banking has been ubiquitous for some time—and cybersecurity attacks that target business’ banking information are just as common. Stories of companies large and small that have had their banking data and accounts compromised date back to the beginning of online banking. Are you taking all the necessary steps to protect your company’s banking assets?
Read MoreMisinformation relating to cryptocurrency, such as Bitcoin, continues to increase public exposure and vulnerability to cyber crime. Some people have developed an overconfidence in the technology behind cryptocurrency (blockchain), while others have a misunderstanding of how it works entirely. However, the majority of those who trade digital currency have one common characteristic: They don’t fully recognize or mitigate against the risks and threats associated with cryptocurrency holdings.
Read MoreWith the growth of bitcoin popularity comes the danger of hacker attention. Industry insiders estimate that cryptocurrency attacks have cost governments and businesses nearly $11.3 billion in the past decade. As more people invest in bitcoins—some less savvy about security than others—there are new avenues for bitcoin attacks.
Read MoreSocial engineering techniques are not only becoming more common but also more sophisticated. Attackers seem to be taking notes from Marketing 101, ensuring that their lures strike a chord with their victims with emails that include customized messages with very official looking logos and layouts, fraudulent phone calls that cite actual employee names and titles, and even well-rehearsed seemingly innocuous facility access attempts.
Read MoreMany users naively believe they can browse the Internet, and as long as they don’t click on anything, they are safe. Unfortunately, that is not the case. Cross-site scripting (XSS) attacks are one of many malicious threats looming in the web world—in fact, XSS vulnerabilities are rampant out there. Read and learn how to browse as safely as possible.
Read MoreDrive-by-download attacks sound like the made-up ranting of a conspiracy theorist. Is it really possible for your computer to become malware infected simply from visiting a legitimate website that has been hacked?
Read MoreIn our two previous posts on cyber resilience (CR)—how you manage operational risk and protect your assets—we explored how a holistic approach is best practice for a security-minded organization. Continuing to build on that knowledge foundation, this third part in the series explores risk management, external dependencies management, training and situational awareness.
Read MoreCyber resilience (CR)—how you manage operational risk and protect your assets—is, or should be, the goal of every security-minded organization. Building on our previous CR post, let’s explore additional tenets of CR, including vulnerability, incident, and service continuity management.
Read MoreBusiness email compromise (BEC) attacks are increasing at a staggering rate. These social engineering attacks are cleverly disguised and can fool even the best of them. So, what exactly is a BEC attack and how can you protect your company from falling victim?
Read MoreThe news is covered with headlines of successful social engineering attacks that have affected companies large and small. So, what exactly is a social engineering attack and how do you protect your organization?
Read More
