RSA: Centrify Survey Reveals Almost Half of Respondents Lack Confidence in Their Company’s Cybersecurity Strategies

Yesterday, we conducted an onsite survey of IT professionals attending the RSA Conference, being held this week at Moscone Center, San Francisco. The poll asked respondents how their companies secure applications and infrastructures in the age of access, and it revealed that only slightly more than half (55%) believe their company’s current technology investment ensures their company’s cybersecurity. This leaves about half of respondents with a lack of confidence in their own organization’s corporate security! While this fact is startling, it shouldn’t be too surprising, since a recent Forrester study, commissioned by Centrify, confirms that in the past two years, two-thirds…

The Cybersecurity Tipping Point Nears

If we’d take a moment to pull our heads out of the sand and look around, we’d quickly see that we’re on an ominous trajectory. There’s no arguing that over the last several years, we’ve been suffering from increasing numbers of breaches, cyberhacks and data leaks. What’s truly puzzling is the fact that we’ve grown so used to the headlines, they no longer seem to impact us: Target spent $250 million to manage a breach? A massive 1 terabytes per second attack against a DNS provider that knocks out major websites? One billion Yahoo identities hacked? Even a hacked election?…

Uh Oh, Yahoo Breach Hits 1 Billion User Accounts

Could this be the catalyst for change to end hacks? Compromised enterprises face huge barriers to rebuilding customer trust and brand reputation. And for Yahoo, this may be an insurmountable task. In September, Yahoo disclosed that the company lost access control for over 500 million accounts. Turns out the largest breach in history of 500M Yahoo accounts in 2014 is only half as much as the latest and largest hack ever discovered – 1B Yahoo accounts lost in 2013. Will this event finally be the catalyst for not only Yahoo but every other company that maintains customer accounts to force…

How to Prevent Another SFMTA Ransomware Attack

By now, many have heard about the recent ransomware attack against the San Francisco’s “Muni” system on Black Friday where the hacker locked out the railway’s system and demanded 100 BTC as payment. The second, less known, part of the story was published by Brian Krebs on his blog yesterday: “On Monday, KrebsOnSecurity was contacted by a security researcher who said he hacked this very same cryptom27@yandex.com inbox after reading a news article about the SFMTA incident. The researcher, who has asked to remain anonymous, said he compromised the extortionist’s inbox by guessing the answer to his secret question, which then allowed him to reset the attacker’s…

How to Avoid a Snowden-esque Security Breach at Your Company

What would happen to your company’s reputation or market share if its data was hacked? This article originally appeared on Inc. Magazine and is reprinted with permission. The recent release of Snowden, the 2016 film about exiled former cyber-security contractor Edward Snowden, highlights some of the inherent cyber-security risks that organizations face. These concerns have been reinforced by the controversy over hacked emails during the current election cycle. In Snowden’s case, it was the National Security Agency (NSA) that was breached, but the vulnerabilities he exploited exist in many enterprise-level companies as well. Security Breaches in recent memory While I worked at Symantec for the…

How To Prevent Cybercrime: CFO Insights for Mid-Market and SMB Companies

Cybersecurity Risk From the Break Room to the Board Room How can CFO’s enable an organization to effectively combat cybercrime, while reducing IT security budgets? If this sounds too good to be true, let me explain how it can be done. Cyber risk is present at every level in every company from the break room to the board room. In retail, data breaches occur in companies of every size; from Yellowfront, a one-store grocer in Maine to the massive Home Depot and Target breaches. Cyber awareness of social engineering attack modes is a management priority, and all employees have responsibility in preventing…

Last Hurrah for Yahoo? 500 Million Accounts Compromised

I have personally been on Yahoo email since it was released in 1997 (almost 20 years!). I remember how cool it was to have an email address that would live independently from my school, work and ISP accounts. This was especially cool because I lived in Silicon Valley and all three of those emails tended to change every few years. I have been a loyal user of Yahoo mail even when seemingly better or more popular alternatives were available (Gmail, AOL, me.com, Hotmail, etc.). Well, today is the day that I may finally consider making the move to another service. Turns out…

Russian Hackers Target World Anti-Doping Agency in Latest Breach

What Happened: A Russian cyber espionage group known by the name of Tsar Team, also calling itself Fancy Bear, were successful in illegally hacking the World Anti-Doping Agency (WADA). The Anti-Doping Administration and Management System (ADAMS) database was accessed using a compromised account provided to the International Olympic Committee for the Rio 2016 Games. A release by WADA indicates, “While it is an evolving situation, at present, we believe that access to ADAMS was obtained through spear phishing of email accounts.” Olivier Niggli, Director General, WADA states, “WADA has been informed by law enforcement authorities that these attacks are originating…

How Personal is Personal When It Comes to Handing Out Information?

Recent experiences have made me question just how much information we hand out nowadays to people we barely know. It seems that everyone wants a bit of our personal information, and more often than not we are happy to provide it. Even from my recent experiences selling a flat, it was surprising how much personally identifiable information the estate agent needed to see. I was asked to send all sorts of documents, from passport details to bank statements, often over e-mail. As someone keen to sell a flat, I did it without question of course — we all want the…

Dear Taxpayer: We Still Can’t Guarantee Your Security

2015 was the year of the U.S. Internal Revenue Service (IRS) Get Transcript identity theft. Since the spouse and I were affected by this breach last year, I figured I’d better have a look into any recent developments. The IRS has implemented new safeguards for 2016 to help taxpayers verify their identity and the validity of their tax returns, before it will accept the returns for processing. Here’s a summary: Stronger password with a minimum of eight characters, including alphanumeric and special characters Three security questions to verify identity upon login Account lockout features for session length, and number of login attempts Email address verification, via email or text…