Another cloud-based data repository, this one belonging to Alteryx, has publicly exposed datasets from the data analytics firm's partner Experian and the U.S. Census Bureau that contain sensitive personal information on 123 million U.S. households. Read more… Fileless Malware Attacks Hit Milestone in 2017 Fileless malware attacks using PowerShell or Windows Management Instrumentation (WMI) tools accounted for 52% of all attacks this year, beating out malware-based attacks for the first time according to a new report. Read more…
In our last post, we shared tips on how to address cybersecurity with your board of directors. Today, we will wrap up the year with an overview on BOHH’s activity in 2017. BOHH Labs entered the market this year and what a great year it has been. We received some excellent media attention this year and built some great media relationships. We also hit the ground running with industry networking events, speaking and attending at 10 events including SAP Teched Las Vegas, Oracle Open World and an IBM Watson Summit. BOHH Labs also kicked off its first year in business being recognized as a winner of the Google/SAP Intelligent App Challenge. This was the inaugural year for the challenge, and BOHH Labs was selected as innovative solution winner among hundreds of global entrants for its submission including the use of SAP HANA Express Edition, Google Cloud Platform, Machine Learning, Artificial Intelligence and encryption to address the security of data transport and access for Cloud and Internet of Things (IoT) streamline workflows. While BOHH Labs has been off to a great start in 2017, unfortunately the same can’t be said for the state of the cybersecurity industry. The number of attacks, methods to carry them out, and the number of people affected by breaches continues to rise. However, BOHH Labs remains committed to tackling the cybersecurity industry and delivering a new approach that will help keep data protected that the traditional security methods are no longer able to provide. We predict 2018 will continue to be a challenging year for the cybersecurity industry, but we are ready to tackle that challenge head on. At the closing of a great first year, we are excited with the progress made in 2017 and we look forward to seeing what 2018 holds in store. We have enjoyed sharing some of our thoughts with you over the past several months through the BOHH Breakdown blogs and we are eager to get started again in 2018.
Too busy working all week to keep up with the most interesting stories coming out of the technology and security industries? Below are our recommendations for a roundup of the top stories happening now that you need to know. F.C.C. Repeals Net Neutrality Rules The Federal Communications Commission voted on Thursday to dismantle rules regulating the businesses that connect consumers to the internet, granting broadband companies the power to potentially reshape Americans’ online experiences. Read more…
Three plead guilty to creating Mirai IoT botnet malware Three men have pleaded guilty in federal court to charges related to the creation of the Mirai Internet of Things botnet malware, variants of which have been used in a series of debilitating distributed denial of service (DDoS) attacks since 2016. Read more… Hackers steal $64 million from cryptocurrency firm NiceHash Cryptocurrency mining marketplace, NiceHash, said it lost about $64 million worth of bitcoin in a hack of its payment system, the latest incident to highlight risks that uneven oversight and security pose to booming digital currencies. Read more… Starbucks cafe's wi-fi made computers mine crypto-currency Starbucks has acknowledged that visitors to one of its branches were unwittingly recruited into a crypto-currency mining operation. The wi-fi service provided by one of the coffee chain's Buenos Aires outlets surreptitiously hijacked connected computers to use their processing power to create digital cash. Read more…
In our last post, we shared tips for individuals to stay safe as they begin their Christmas holiday shopping this season. Today, we will address an increasingly important topic – how to address cybersecurity with your board of directors. One thing is becoming increasingly clear in today’s climate of nonstop breaches: security matters and data is becoming an asset. It’s time organizations treat cybersecurity as a core business value. Business leaders, starting from the Board of Directors and moving through the C-suite, must insist on their organizations adapting the most effective security measures in their IT platforms, workflows and processes today. However, many board members feel they lack the technical aspects about what their role should be as directors when it comes to cybersecurity. Below are some tips to get the conversation started.
Speak in language your board understands. Many board members may not know the technical terms when speaking about technology and security. Try to break it down in terms that are simple and easy for a non-technical professional to understand.
Talk about security investments and cybersecurity risks in terms of how it impacts the organization’s business and financial bottom line.
Communicate everything in numbers. The board is the oversight of the company, so money matters. If you can relate security investments, potential breach loss, etc. in dollars, it will have a greater impact to how cybersecurity can impact the organization overall.
Tie cybersecurity measures to the competitive marketplace. Highlight what the company’s competitors are doing, so the board can understand how the company needs to keep pace with the market.
Share examples of how cybersecurity breach incidents have impacted other organizations in your similar market (Equifax, Uber etc.) – did they lose customers, pay a breach settlement fine, pay a ransom fee?
Present the facts of the company. To start a conversation on why having proper security strategies in place is important, gather a list of the organization’s valuable data assets that require protection, so you can customize the conversation to your company’s specific needs.
Share a game plan on where and how you think the board should be involved in the company’s cybersecurity strategy. Having this prepared ahead of time will help show the board where they fit into the plan.
Bring in a security expert to talk to your board about the importance of having proper cybersecurity measures in place. Having a trusted source always goes a long way in the decision-making process, plus highlights the consequences of a breach such as fines, potential senior job losses etc.
Educate them on all of the laws and industry compliance rules in place. This will help them understand why a certain amount of the business strategy needs to be designated to security investments. Highlight that General Data Protection Regulation (GDPR) is effective starting in May 2018, so there must be a strategy to meet this deadline.
Be concise and clear. Do not waste their time. Prepare ahead of time the main points you want to hit to educate them on the necessary security investments.
Leaders who make security a business priority and an integral part of their organizations daily operations, can help navigate their organization to better long-term performance and success. Hopefully these will be a useful tool to get the conversation started. Come back next Tuesday when we take a look back at all of the developments and accomplishments made by BOHH this year.
Too busy working all week to keep up with the most interesting stories coming out of the technology and security industries? Below are our recommendations for a roundup of the top stories happening now that you need to know. Millions 'stolen' in NiceHash Bitcoin heist "Highly professional" hackers made off with around 4,700 Bitcoin from a leading mining service, a Bitcoin exchange has said. The value of Bitcoin is currently extremely volatile, but at the time of writing, the amount stolen was worth approximately $80m. Read more…
In our last post, we shared what the team at BOHH Labs believes will be the hot topics in 2018. Today, we offer tips for individuals to stay safe as they begin their holiday shopping this season. We have all heard the stories: people losing money in a cyber scam, a bankcard that has had to be replaced because it has been compromised, and many other ways that simply swiping our cards this holiday season put our finances at risk. So, with the holidays right around the corner, here are a few steps to protect yourself while you are out shopping for your near and dear:
Check for encryption on websites when shopping online. Look for a small lock icon somewhere on your browser and URLs that begin with “https:” This means the site is secured and your data is encrypted.
Make sure your security software is up-to-date, regardless of if you are using a computer or mobile device.
Phishing attacks are more frequent than ever and are projected to be one of the top methods for cybercriminals to carry out scams this season. Learn to recognize and avoid phishing emails, threatening calls, and texts from thieves posing as legitimate organizations such as your bank, or credit card company. With lots of coupons, discounts and sales, be cautious on what links you click on and don’t download attachments from unknown or suspicious emails.
Don’t respond to emails requesting your account details. Do not ever send personal information or credit card information via email. It is best to call back instead using a phone number you can verify from their official website.
When shopping online, think about where you are doing it from. For example, by using public Wi-Fi, it’s rather simple for someone to intercept your data in a man-in-the-middle attack. It is advisable to use your own Wi-Fi network that is setup with password protection when doing online holiday shopping.
Sign out of your accounts when you complete your purchases online. This may sound easy, but you should always log out of your online session rather than let it expire. This will help reduce the chances of your session being hacked. Most site will log you out automatically after you are idle for a couple of minutes, but logging out is still a good habit.
Make sure that when you purchase online you know the seller. If it is your first purchase from them, check other users feedback. It’s not necessary to get 100%, but two or three bad reviews over poor customer service or non-delivery should raise an alarm.
When withdrawing cash at ATM’s (remember the days when it was used for everything?), security is not just about looking over your shoulder. Scammers often target an ATM and place a card reader over the card slot so that they can copy your card details. This is not as easy with a chip card, but they also can have a camera on the machine to access the details required to skim your card. Always check the slot to make sure it has not been tampered with.
Passwords (yawn). Boring maybe. A necessity? Definitely. Also, the biggest hole in your security? Probably. Use different passwords for every site so that when one is hacked, and your details are stolen, only that site is compromised, not all of them.
Now that we’ve highlighted some of the tools to employ when holiday shopping this season to stay cyber safe, come back next Tuesday when we will share ideas to get your board members involved in your cybersecurity strategy.
Too busy working all week to keep up with the most interesting stories coming out of the technology and security industries? Below are our recommendations for a roundup of the top stories happening now that you need to know. Senators Again Propose National Breach Notification Bill A trio of Democratic Senators is attempting to catapult Congress into the information security era by pushing for passage of a U.S. national data breach notification law. Read more...
Top secret government files stored without password protection on Amazon server It doesn’t always require a whistleblower to leak classified NSA data, considering top secret files were stored on an Amazon Web Services (AWS) S3 bucket that was configured for public access. The server contained sensitive data belonging to the U.S. Army Intelligence and Security Command (INSCOM), which is a joint Army and NSA division. Read more...
Over 100GB of Secret Consumer Credit Data Leaked Online Some 111GB of highly sensitive information including consumer credit histories has been exposed by the National Credit Federation as the result of yet another misconfigured Amazon Web Services (AWS) S3 cloud storage bucket. Read more...
Clarksons' breach again shows need to eliminate passwords The global shipping firm Clarksons reported that it has suffered a cybersecurity breach which it, and outside security firms, believe was caused when a lone user account was hacked, again bringing to the forefront the need to move past the legacy username and password for logging in to a critical system. Read more...
