This article is part 1 of 3 in the “Insider Enterprise Threats” series, outlining effective policies and practices for combating insider cyber security threats to the modern enterprise. Insider cyber security threats are much more prevalent than most of us realize. IBM estimates that 60 percent of all cyberattacks are perpetrated by those with...

The Council of Economic Advisers recently released a report that examines the cost of malicious cyber activity to the U.S. economy. The report cites many of the usual findings from the Verizon DBIR and Ponemon reports—nothing new to those of us who live and breathe cybersecurity. However, the report caught my eye because it offers some very...

A security researcher has released an updated list of 500 million breached passwords so that organizations can use it to protect their systems. On 22 February, Australian web security expert Troy Hunt published the second version of "Pwned Passwords." The feature enables users to check a new or used password against a list of 501,636,842...

Security breaches are increasingly affecting organizations across various domains as they heavily rely on technologies to reduce the operational costs and improve the work efficiency. The United States is the world leader in data breach incidents. According to a report shared by the Identity Theft Resource Center in 2017, the security breach...

Whoever hacked the LA Times' interactive county murder map probably hoped to make a killing mining cryptocurrency - but swift action from a security researcher has put paid to their plans. Security researcher Troy Mursch, whose blog has focused on cryptomining threats in recent months, raised the alarm on Twitter, after discovering that an Amazon...

Colorado's Department of Transportation (DOT) shut down more than 2,000 computers after its network suffered a ransomware attack. First thing in the morning on 21 February, the DOT discovered that ransomware had struck all employee computers running Windows and protected by McAfee anti-virus software. It immediately launched an investigation into...

With distributed ledger technology (such as blockchain), there is growing interest in automating routine commercial transactions. But how will these smart contracts be interpreted under existing commercial contract laws? Although there is no federal contracts law for private commercial transactions in the United States, there is a widely adopted...

Living in today’s society, it is almost impossible to meet someone without an email account. For almost everything you do online, you need to have an email ID whether for work, education, or socially. Many of us hold multiple accounts, each for a different purpose; however, you need to protect yourself. If you are using Outlook as your email...

In these times of unabated data breaches, the typical Chief Information Security Officer (CISO) must feel like a moving target in a shooting gallery. It’s not a matter of whether an attack and possible breach will occur, it’s a matter of when. Being a CISO is a fascinating and important job. Often, though, it’s a thankless one. Unfortunately for...

The U.S. Department of Energy (DOE) has announced the establishment of a new cybersecurity office to help protect and prepare the energy sector, including the oil and gas industry. Named the Office of Cybersecurity, Energy Security, and Emergency Response, or CESER, the new office received nearly $96 million in funding for the 2019 fiscal year....

A company embedded password-stealing malware into an installer as part of its digital rights management (DRM) efforts to combat software pirates. On 18 Sunday, Reddit user crankyrecursion spotted the malware hiding within Flight Sim Labs' installer for its A320 flight simulator desktop software. A little digging on the user's part revealed that the...

Let’s face it: it is a matter of when your company is going to get hit by digital attackers and how hard, not if. This causes a lot of pain and overall damage, both of which are not good for business. Cyber attacks are at the forefront of news headlines and are plaguing C-Level executives' thoughts; unfortunately, these attacks are going to get more...

Mobile online dating apps are popular among adults looking to find their ideal partner. According to the Pew Research Center, 15 percent of U.S. adults said they had used matchmaking sites in 2015. Following Valentine’s Day, many dating sites may offer promotions, coupons, and discounts to encourage new users to enroll, meaning new users will be...

Digital attackers abused the SWIFT system of an Indian bank in an attempt to make off with approximately $2 million in stolen funds. On 18 February, City Union Bank disclosed the attempted heist in a statement (PDF): During our reconciliation process on 7th February 2018, it was found that 3 fraudulent transactions were initiated by the cyber...

There were 978 million victims of cybercrime last year and these people lost a combined $172 billion, according to Norton. Those numbers alone should be enough to make businesses sit up and take notice. It’s important, too, to stress that it isn’t just the large corporations that suffer at the hands of online criminals. About half of small...

It's mid-February, which means IT security executives' and industry analysts' plans for 2018 are really starting to gather momentum. Every year, this personnel faces the difficult task of deciding what security investments they should make given current developments in the cyber threat landscape. Google Trends and other services can help...

Unknown criminals abused the SWIFT network to steal 339.5 million rubles ($6 million) from the Central Bank of Russia in 2017. The bank's Financial Sector Computer Emergency Response Team (FinCERT) revealed the attack in its report on illegal transactions that occurred in 2017. As quoted by Sputnik International: Bank of Russia has been informed...

A cybercrime gang based in Ukraine is estimated to have made as much as $50 million after tricking Bitcoin investors into handing over the login credentials for their online wallets. Security researchers at Cisco Talos describe how a massive phishing operation has been co-ordinated from Ukraine, after criminals purchased Google Adwords posing as...

UK government officials have publicly attributed the NotPetya malware attacks of June 2017 to actors in the Russian government. Foreign Office Minister Lord Ahmad made his thoughts known in a statement released on 15 February: The UK Government judges that the Russian Government, specifically the Russian military, was responsible for the...