Atlanta Municipal Systems Hit with Ransomware Attack

Atlanta city employees coming to work this morning were handed an unusual notice: don’t turn on your computers. The municipal systems had been hit with a ransomware attack on Thursday, and employees at City Hall were not to use their computer until they were cleared by the municipal IT group.

According to the Atlanta Journal-Constitution, city officials have been struggling to determine how much sensitive information may have been compromised in the attack. Atlanta Mayor Keisha Lance Bottoms told employees to monitor their bank accounts.

“Let’s just assume that if your personal information is housed by the City of Atlanta, whether it be because you are a customer who goes online and pays your bills or any employee or even a retiree, we don’t know the extent, so we just ask that you be vigilant,” Bottoms said.

The attackers demanded the equivalent of $51,000 in digital currency to unlock the system, and the attack is affecting applications customers use to pay bills or access court-related informationUSA Today reports.

According to Craig McCullough, AVP, U.S. Federal for data protection and information management solution provider Commvault: “The recent ransomware attacks on Atlanta’s computer systems is another wake up call for the U.S. Government to be better prepared to defend against cyber-attacks. Unfortunately these attacks are not isolated incidents and will continue across Federal […] Read more »

 

 

Only 39% of Breached Companies Can Confidently Identify Source

Nearly four in five companies (79%) were hit by a breach in the last year, according to new research from Balabi. The report, titled The Known Unknowns of Cyber Securityalso revealed that seven out of ten (68%) businesses expect to be impacted by further breaches this year, with more than a quarter anticipating a breach to occur within the next six months.

The Unknown Network Survey, deployed in the UK, France, Germany and the US, reveals the attitudes of 400 IT and security professionals surrounding their IT security concerns, their experience with IT security breaches, their understanding of how and when breaches occur, and the strategies they’re using to combat hackers.

Knowing your Environment

The majority of businesses know very little about the nature of the security breaches that take place within their organizations. Whilst a high percentage of companies have experienced a breach, less than half of respondents (48%) feel fully confident that they would know if a breach had even happened, meaning that more could have taken place without their knowledge. Furthermore, only 42% of respondents feel very confident about what data was accessed during a breach, and a mere 39% were fully confident that they could identify the source of a breach.

Privileged users, who are granted the most access within an organization, are vulnerable to attack and can open the door to insider threats, leading to internal tension around the development of cohesive security strategies. With half of all security breaches being employee-related, 69% of senior IT professionals agree that an insider data breach is the biggest threat they are facing in network security.

“Attacks are becoming more and more sophisticated and every organization is at risk,” said Csaba Krasznay, security evangelist, Balabit. “Security is no longer about simply keeping the bad guys out. Security teams must continuously monitor what their own users are doing with their access rights, as part of a comprehensive and cohesive security strategy.”

“What’s really alarming, though, is that the majority of businesses know very little about the nature of the security breaches that are happening to them. Many even admit that a security breach could quite feasibly go unnoticed. That’s how loose a grip we’ve got on them, or how little we really understand them. We know about breaches, sure – but we really don’t know enough,” Krasznay continued […] Read more »

 

 

4 Trends Driving Security Operations Center

Today, the need for organizational trust has been amplified by cyber threats that continue to grow in variety, volume and scope. According to the Cisco 2018 Annual Cybersecurity Report, 32 percent of breaches affected more than half of organizations’ systems, up from 15 percent in 2016. Network breaches shake customer confidence, and it’s essential that organizations protect intellectual property, customer records and other critical digital assets. A strong cybersecurity strategy is today’s foundation for creating confidence among partners and customers.

The Security Operations Center Gains Prominence

A key factor in establishing trust is the presence of a Security Operations Center (SOC). This is true whether the SOC functions internally or is provided by a third party, such as a managed security service provider (MSSP).

This team monitors, detects, investigates and responds to cyber threats around the clock. The SOC is charged with monitoring and protecting many assets, such as intellectual property, personnel data, business systems and brand integrity. This includes the connected controls found in networked industrial equipment. The SOC assumes overall responsibility for monitoring, assessing and defending against cyberattacks.

SOCs have grown in importance due to four primary trending needs:

  1. Departmental collaboration: It’s more important than ever that organizations maintain an environment where skilled people with the right tools can react quickly and collaborate to remediate system-wide as well as local problems.
  2. Cross-functional collaboration: People and cybersecurity tools must work together with other critical IT functions and business operations. These departments align with business objectives and compliance needs for a high-performing operation that is efficient and effective.
  3. Company-wide coordination and communication: As a security event takes place, it’s essential that there’s a centralized team to communicate with the rest of the organization and ensure efficient resolution. In turn, it’s also important that the organization knows who to turn to in the event of an incident.
  4. A holistic view: A view of all digital assets and processes that is centralized and real-time makes it possible to detect and fix problems whenever and wherever they occur. Centralization is critical for IoT systems. The sheer number of devices and the likelihood that they are widely dispersed make local monitoring impractical and inconsistent.

As security operations have changed, the associated job roles and responsibilities have evolved as well. Having the right team with the right skills in place is essential to optimizing an organization’s front-line defense.

SOC Member Roles

Within the SOC, there are many roles. While SOC teams are not all the same, these roles typically include:

  • Cybersecurity SOC Manager: Manages the SOC personnel, budget, technology and programs, and interfaces with executive-level management, IT management, legal management, compliance management and the rest of the organization.
  • Incident Responder: Investigates, evaluates and responds to cyber incidents.
  • Forensic Specialist: Finds, gathers, examines and preserves evidence using analytical and investigative techniques.
  • Cybersecurity Auditor: Monitors compliance of people, procedures and systems against cybersecurity policies and requirements.
  • Cybersecurity Analyst: Identifies, categorizes and escalates cybersecurity events by analyzing information from systems using cyber defense tools.

These individuals work together to identify and respond to cybersecurity incidents in real time.

Building a SOC: A Challenge and an Opportunity

As networks expand and grow in complexity, SOCs are emerging as the enterprise’s front and best line of defense. The SOC is a strategic, risk-reducing asset that strengthens the security of an organization’s systems and data. Building a SOC isn’t as easy as simply hiring new team members, however […] Read more »

 

 

The US Cities that are Best at Password Security

New research reveals the US cities that are best at password security, with Minneapolis topping the list.

A study by password manager Dashlane scores cities based on several metrics, including average password strength and average number of reused passwords.

The cities best at password security are:

  1. Minneapolis, MN
  2. Seattle, WA
  3. San Francisco – Oakland, CA
  4. Detroit, MI
  5. Chicago, IL
  6. Denver, CO
  7. New York, NY
  8. Saint Louis, MO
  9. Washington, DC
  10. Miami – Fort Lauderdale, FL
  11. Riverside, CA
  12. Boston, MA
  13. Philadelphia, PA
  14. San Diego, CA
  15. Tampa – St. Petersburg, FL
  16. Los Angeles, CA
  17. Dallas, TX
  18. Phoenix, AZ
  19. Houston, TX
  20. Atlanta, GA

Mess With Texas

Things might be bigger in Texas, but not when it comes to passwords: All of the Texas locations scored near the bottom in both rankings, the study said.

NorCal vs. SoCal

According to the study, NorCal officially takes cybersecurity bragging rights as their scores were dramatically better across the board. The trend does not follow a straight North-South progression, however, as San Diego came out on top of LA.

Southern Discomfort

Four out of the six lowest-scoring cities hail from the south: Dallas, Atlanta, Houston, and Tampa […] Read more »

 

 

Investors Put Cybersecurity Top of the Business Threat List

Cyber attacks are the now the biggest threat to business in the eyes of investors, mirroring growing global concern from business leaders, according to a new study by PwC.

In the PwC Global Investor Survey 2018 the views of investors and analysts are compared with those of business leaders. The study found that 41% of investors and analysts are now extremely concerned about cyber threats, seeing it as the largest threat to business, rising to first from fifth place in 2017. A similar amount (40%) of business leaders see it as a top three threat, but business leaders rank over-regulation and terrorism higher in the global study.

To improve trust with consumers, investors believe businesses should prioritize investment in cyber security protection (64% investors; 47% CEOs).

Investors rank geopolitical uncertainty (39% extremely concerned), speed of technological change (37%), populism (33%) and protectionism (32%) in the top five threats to growth.

Hilary Eastman, head of global investor engagement at PwC, said: “The top concerns of investors and CEOs emphasise the different internal and external perspectives on, and day to day experiences of, businesses. While on-the-ground challenges such as finding the right skills are high on business leaders’ agendas, investors are preoccupied with the impact that wider societal trends, such as geopolitical uncertainty, populism and protectionism, have on businesses generally.”

Overall, PwC finds that both investors and CEOs are more confident about the global growth outlook than they were last year. 54% of investors (+9%) believe global economic growth will improve and 57% of CEOs (+19%) […] Read more »

 

Beyond Talking the Talk: Building Cybersecurity into a Company’s DNA

Security is constant. It’s fast-paced with a high burnout rate, and many companies continue to struggle with implementing basic security controls. Given the overwhelming reality of resources and time that are already being dedicated to a company’s security strategy, how can organizations begin to build security into a company’s DNA in a realistic way?

While it may seem onerous or unrealistic to some, it is possible to create more than a cyber-aware culture. Changing the fabric of a company’s DNA is more than just a Pollyanna goal, it’s a necessary reality. But it will take time and leadership buy-in. The very basic building blocks require a shift in the way companies think about accountability. It starts with making everyone in the organization responsible for cybersecurity.

Let’s be clear that there is a difference between corporate culture and a company’s DNA. The DNA encompassing everything that relates to the very fibers of the organization. All those aspects of the company that we don’t think about it. When we talk about building cyber into the company DNA, we want it to be part of the normal day-to-day operations. Security needs to be part of what we are investing into the organization and people throughout the year. So that limited resources of time and money never diminish the way the company values security, it must be part of the corporate development life cycle.

When security is a part of the profit and loss statement, it inherently becomes a priority of the company’s goals. These are the ideas and behaviors we need to be going after in order to make security a priority for the organization.

So, what are some realistic steps you can take today? Here are a few ways to rebuild a company’s DNA and make a real difference in the way employees, the C-Suite, and the board value security[…] Read more »

 

 

Study Shows Which Phishing Attacks are Most Successful

A new phishing study of six million users shows insurance organizations and not-for-profits lead all other industries with greater than thirty percent of users falling for baseline phishing tests.

The study shows these types of organizations rank higher (in the low 30 percentiles) than the overall average of 27 percent across all industries and size organizations. Large business services organizations had the lowest Phish-prone benchmark at 19 percent.

The Phish-prone percentage is determined by the number of employees that click a simulated phishing email link or open an infected attachment during a testing campaign using the KnowBe4 platform.

The study, drawn from a data set of more than six million users across nearly 11,000 organizations, benchmarks real-world phishing results. Results show a radical drop of careless clicking to just 13 percent 90 days after initial training and simulated phishing and a steeper drop to two percent after 12 months of combined phishing and computer based training (CBT).

The study anonymously tracks users by company size and industry at three points: 1) a baseline phishing security test, 2) results after 90 days of combined CBT and simulated phishing, and 3) the result after one year of combined CBT and phishing […] Read more »