Tag Archive for: Dear

Dear Board Members, Cybersecurity Is Your Problem Too

/in


For every threat reported in the news, there are great many that remained undisclosed. In many cases, the threat or the attack also goes unnoticed until it’s too late. 

The problem is asymmetry. Hackers are constantly improving their arsenal of attack tools, focusing on ransom by targeting the most vulnerable and privileged, shifting to credential theft and disruption on top of monetary opportunities, and targeting new industries that remain unprepared (and sometimes unaware). 

The X-Force Threat Intelligence Index 2022 offers some clues to the evolving attack. It found that North America’s manufacturing industry faced more attacks that led to supply chain issues (28%) than finance and insurance — a first in the past five years. This is terrible news for companies who see IoT analytics and smart manufacturing as solutions to overcome razor-thin margins and unpredictable macroeconomic factors. 

Attackers are also dialing up their sophistication. A recent Achore survey showed that three out of five companies suffered supply chain attacks in 2021. Meanwhile, the Log4j vulnerability in open source libraries showed how vulnerable all companies are across all industries. 

“The threats are getting more sophisticated, the time to detect and respond is increasing, and vulnerabilities continue to rise. This demands a new way of delivering security, with zero trust emerging as a set of architectural standards and practices being advocated within NIST,” says Mukul Mathur, vice president for IBM Security in Asia Pacific and China.

Rethinking cybersecurity

The idea behind the zero trust, which Forrester first introduced as a model in 2010, is not revolutionary, nor is it new. But it does require a break from conventional thinking.

Here’s why: conventional security practices establish security perimeters. For business leaders, this castle-and-moat approach made sense. Anyone verified as an employee can work safely within intranets protected by rings of firewalls. All you have to do is make it someone’s responsibility to keep those perimeter defenses up. That became CISO’s primary remit.

However, the pandemic blurred work-personal life boundaries and poked holes in existing…

Source…

Dear enterprise IT: Cybercriminals use AI too

/in


Elevate your enterprise data technology and strategy at Transform 2021.

In a 2017 Deloitte survey, only 42% of respondents considered their institutions to be extremely or very effective at managing cybersecurity risk. The pandemic has certainly done nothing to alleviate these concerns. Despite increased IT security investments companies made in 2020 to deal with distributed IT and work-from-home challenges, nearly 80% of senior IT workers and IT security leaders believe their organizations lack sufficient defenses against cyberattacks, according to IDG.

Unfortunately, the cybersecurity landscape is poised to become more treacherous with the emergence of AI-powered cyberattacks, which could enable cybercriminals to fly under the radar of conventional, rules-based detection tools. For example, when AI is thrown into the mix, “fake email” could become nearly indistinguishable from trusted contact messages. And deepfakes — media that takes a person in an existing image, audio recording, or video and replaces them with someone else’s likeness using AI — could be employed to commit fraud, costing companies millions of dollars.

The solution could lie in “defensive AI,” or self-learning algorithms that understand normal user, device, and system patterns in an organization and detect unusual activity without relying on historical data. But the road to widespread adoption could be long and winding as cybercriminals look to stay one step ahead of their targets.

What are AI-powered cyberattacks?

AI-powered cyberattacks are conventional cyberattacks augmented with AI and machine learning technologies. Take phishing, for example — a type of social engineering where an attacker sends a message designed to trick a human into revealing sensitive information or installing malware. Infused with AI, phishing messages can be personalized to target high-profile employees at enterprises (like members of the C-suite) in a practice known as “spear phishing.”

Imagine an adversarial group attempting to impersonate board members or send fake invoices claiming to come from familiar suppliers. Sourcing a machine learning language model capable of generating…

Source…

Dear Ashley Madison user, I know everything about you. Pay up or else

/in
Dear Ashley Madison user, I know everything about you. Pay up or else

Enlarge (credit: ashleymadison.com)

Four years after hackers dumped the intimate details of 32 million Ashley Madison subscribers, criminals have revived an extortion scheme that targets people who used the dating website to cheat on their partners.

In the past two weeks, researchers have detected “several hundred” emails that threaten to air those intimate details to the world unless the former subscribers pay a hefty fee.

“I know everything about you,” one of the emails, dated January 15, says. “I even know that you ordered some … let’s call them ‘male assistance products’ online on 12/11/2018 using your account at Bank of America N,a routing# 121000358 account# [redacted] for $ 75 for mailing to [redacted] CA [redacted]!” The extortionist goes on to say: “If you do not act very fast your full AMadison profile and proof of it will be shared with friends, family, and online over social media—and of course your internet orders.”

Read 9 remaining paragraphs | Comments

Biz & IT – Ars Technica