Tag Archive for: Improving

Enterprise ransomware preparedness improving but still lacking


The majority of organizations have made ransomware preparedness a top-five business priority, yet only half believe their preparedness is stronger than it was two years ago. That is according to a recent survey, “The Long Road Ahead to Ransomware Preparedness” by Enterprise Strategy Group, a division of TechTarget.

Ransomware is a top priority

Despite warnings and available preparedness resources, ransomware continues to distress companies. Seventy-nine percent of survey respondents said they suffered a successful attack within the last year, and 73% reported they had one or more attacks that caused negative financial impact or disrupted business operations in the same time period.

The good news is the board and the C-suite are finally getting the message that more needs to be done to address impending ransomware attempts. In fact, 79% of respondents said business leaders made ransomware preparedness a top business priority, and 82% of organizations plan to invest more in ransomware preparedness over the next 12 to 18 months.

How are companies handling ransomware preparedness?

With preparedness investments expected to grow, the survey asked how organizations currently tackle ransomware. Respondents said the most important prevention tactics involve efforts in the following:

Ongoing activities cited included data recovery testing, employee security awareness training, response readiness assessments, incident response functional exercises, penetration testing, incident planning and playbook development, phishing simulation programs, tabletop exercises, and blue/red/purple team engagements.

Chart showing what ransomware preparedness activities companies engage in
Data recovery testing and employee security awareness training are among the top activities organizations are focusing on for ransomware preparedness.

How unprepared are companies?

Companies said they are improving their fight against ransomware, but it’s clear that more work needs to be done. Ransomware preparedness gaps exist, and few organizations have solid mitigation strategies in place. Among activities that need more attention are the following:

  • Vulnerability management. Only 47% of respondents said their organizations can remediate issues within 30 days of discovering them….

Source…

Experts offer tips for improving election security | News


Political candidates and elections are increasingly being targeted by foreign and domestic adversaries, according to presenters at the virtual USC Election Cybersecurity Initiative Regional Workshop on Thursday.

The symposium — which was hosted by the University of Southern California with a regional focus on Montana, North and South Dakota, Utah and Wyoming — discussed the impact of disinformation and misinformation, as well as threats to state and federal elections. Cybersecurity experts offered tips to candidates and election officials for improving election security.

Citing recent attacks and ransom demands on a growing list of businesses, hospitals and other institutions, Clifford Newman, professor and director of the USC Center for Computer System Security, said there are four ways that bad actors attempt to disrupt elections: voter manipulation, discouraging or preventing voting, manipulating vote tallies and creating distrustful outcomes, such as with the 2020 election.

Newman said manipulating vote tallies is actually very hard to do, and despite claims to the contrary that outside influences had hacked some of the electronic voting systems, the Department of Justice and Homeland Security found no evidence that foreign adversaries had prevented voting, changed votes or disrupted the ability to tally votes or to transmit election results in a timely manner.

However, Newman pointed out that they did find evidence of “Russian, Chinese and Iranian government-affiliated actors materially impacted the security of networks associated with or pertaining to U.S. political organizations, candidates and campaigns during the 2020 federal elections.”

Despite the general consensus by these agencies that no votes were manipulated through the hacking of electronic voting machines in Wyoming or elsewhere, many voters pushed back on this assertion, particularly in the wake of My Pillow CEO Mike Lindell’s 72-hour symposium in August that asserted voting machines were responsible for stealing the election from former President Donald Trump. To date, there has been no conclusive proof to support these claims, although there are legal challenges still…

Source…

Guest Editorial: Improving cybersecurity vitally important to U.S.


Cybersecurity goes beyond protecting your identity or ensuring safe elections. As recent weeks have demonstrated, internet security is just as important to the nation’s infrastructure as roads, bridges and airports.

In May, Christopher Krebs, former head of the Cybersecurity and Infrastructure Security Agency, warned a congressional hearing that the world was on the cusp of a “pandemic of a different variety. … Cybercriminals have been allowed to run amok while governments have mainly watched from the sidelines, unclear on whether cybercrime is a national security-level threat. If there was any remaining doubt on that front, let’s dispense with it now: Too many lives are at stake.”

Two days later, Colonial Pipeline was struck by the largest known hack on U.S. energy infrastructure. The result was a shutdown of a major fuel pipeline connecting the East Coast, resulting in long lines and soaring prices at gas stations as consumers engaged in panic buying. The company paid hackers $4.4 million to regain control of its systems.

Now, JBS Foods has been hit by a ransomware attack on its operations in North America and Australia. JBS, the world’s largest meat producer, has closed facilities in several states and canceled shifts at other plants.

“Attackers are operating like a well-oiled business industry, yielding high profits in a year that most businesses struggled,” one threat analyst told Vox.com. “Why? The new ransomware business model is relentless, extortive, and paying off.”

Threats to government entities are equally nefarious. In January, the office of Washington’s state auditor was hacked, exposing the files of 1.6 million unemployment claims from last year. The auditor had received the files from the Employment Security Department while investigating fraudulent claims that were paid.

The threat of identity theft through the hacking of banks or credit companies or government agencies is well known. Victims can spend countless hours canceling credit cards, securing accounts and explaining that, no, they did not purchase $10,000 worth of items on Amazon.

But cybersecurity threats against major…

Source…

Improving Cybersecurity Pitfalls With Self-Education, System Assessments And Skills Training


Michael Moniz, Co-Founder, President, and CEO of Circadence, a leader in cybersecurity learning and training solutions. 

Every election is an uphill battle when it comes to ensuring the proper cybersecurity precautions are in place. Cybersecurity plays a big role in the election process even though it’s not the first thing people always think about when heading to the polls or filling out their mail-in ballot. Cybersecurity practices help protect the votes of the American people. Below is a summary of what and how cybersecurity pitfalls can cause challenges during an election and a few ways to overcome them with human-centered cyber skills training. 

The Vulnerabilities Of Election Security

There are many ways cyberthreats can infiltrate an election system and cause adverse effects. Some of these are at in-person voting polls, hacktivists groups threatening voter data, social media hacktivist manipulation, and a lack of cybersecurity training for election workers and volunteers.

Vulnerability during an election is nothing new to our country. Hacktivist groups compromise election security through various technology loopholes, such as:

• Shutting down a voter registration database at voting polls.

• Uploading voter files with false information.

• Compromising a county’s social media account and posting fake voting locations, news and headlines.

• Shutting down cell towers in specific areas.

The progress and pains that the 2020 general election has brought are prompting federal, state, city and county agencies to recalculate, recalibrate and reevaluate their election systems, processes and technology to address the threat of election interference and voter fraud.

Social Media Fabrications 

Over the last year, we’ve seen how the digital age and social media play a role in how voters obtain news and information, even if it’s from unauthorized sources. Unfortunately, hacktivist groups can infiltrate social media accounts, create new authoritative-looking accounts and use social sharing to release unverified information that tries to alter the political opinions of the public.

Years ago, political smear campaigns took place during TV…

Source…