Tag Archive for: fight

Local tech firm now equipped to help businesses fight cyberattacks – News Room Guyana

/in


Innovative IT Solutions, a local tech firm is taking steps to help businesses protect their networks against cyber threats. 

With Guyana being an oil-producing nation, the company believes it is important that businesses safeguard their computer systems, networks and data against cyber threats.

In a statement, the company noted that it wants to secure a partnership with Fortinet, a global leader in cyber security solutions and services, and 3CX Voice Over IP, a leader in IP telephony communication which can be integrated into an existing network or cloud-hosted infrastructure. 

Fortinet also delivers high-performance network security solutions that protect your network, users, and data from continually evolving threats.

Director for Innovative IT Solutions, Somal Sharma explained that cyber security is becoming a severe issue for individuals, companies and governments. 

“When everything is on the internet, from pictures of our children to our credit card information, ensuring that our data remains safe is one of the biggest challenges of cyber security,” Sharma said in the statement. 

He explained that cyber security challenges come in many forms, some of which include, ransomware, phishing attacks, malware attacks, and more. 

In 2017, the Guyana National Cybersecurity Incident Response Team advised persons and businesses to protect their devices against a global ransomware attack called ‘Wanna Cry’ or ‘Wanna Decryptor’. 

Several local companies were affected by ransomware, some of which were made to pay hackers in order to regain access to their data. 

In 2019, Guyana Power and Light (GPL) said that it had been the victim of a cyber-attack and had also been issued a ransom demand which it rejected.

Cybersecurity is the protection to defend internet-connected devices and services from malicious attacks by hackers, spammers, and cybercriminals. Cyber threats come in the form of phishing schemes, ransomware attacks, identity theft, data breaches, and financial losses.

 

Source…

Telstra boss talks down need for legislation in ransomware fight

/in


The federal government ought to place a greater focus on “community awareness” in the fight against ransomware as the risk of attack continues to escalate, according to outgoing Telstra chief Andy Penn.

But Mr Penn, who chairs the government’s telco-heavy Industry Advisory Committee on Cyber Security, has stopped short of recommending legislation, despite urging the former government adopt a “clear policy position”.

The committee made the recommendation in its annual update last year after observing that it was not clear to business whether paying ransomware gangs was illegal or what best-practice was for incident reporting.

digital
Penn: Community awareness is the best defence for ransomware.

The recommendation followed a spate of high-profile ransomware attacks including one that forced US pipeline operator Colonial Pipeline to proactively close down operations and freeze its IT systems.

The then government took on the advice shortly thereafter, releasing a ransomware action plan in October 2021 that sought to introduce tougher penalties for criminals and a mandatory incident reporting scheme.

But legislation that would have enacted tougher penalties lapsed at the dissolution of Parliament in April, and legislation for the mandatory ransomware incident reporting regime was never introduced.

The newly minted government is yet to detail its plans in this space, though it could form part of country’s revised Cyber Security Strategy.  A spokesperson from Home Affairs minister Claire O’Neil’s office has been contacted for comment.

In the previous term of government, Labor attempted to force the Coalition’s hand by introducing a bill that would require businesses and government to notify the Australian Cyber Security Centre before paying a ransomware gang.

During his address to the National Press Club on Tuesday, Mr Penn said ransomware remained “major and escalating issue”, estimating that 80 per cent of Australian businesses had experienced an attack in 2021, up from 45 percent in 2020.

Asked whether legislation was important to address ransomware risks and whether it should be an urgent consideration for the new government, Mr Penn said there…

Source…

Bringing lessons from cybersecurity to the fight against disinformation | MIT News

/in


Mary Ellen Zurko remembers the feeling of disappointment. Not long after earning her bachelor’s degree from MIT, she was working her first job of evaluating secure computer systems for the U.S. government. The goal was to determine whether systems were compliant with the “Orange Book,” the government’s authoritative manual on cybersecurity at the time. Were the systems technically secure? Yes. In practice? Not so much.  

“There was no concern whatsoever for whether the security demands on end users were at all realistic,” says Zurko. “The notion of a secure system was about the technology, and it assumed perfect, obedient humans.”

That discomfort started her on a track that would define Zurko’s career. In 1996, after a return to MIT for a master’s in computer science, she published an influential paper introducing the term “user-centered security.” It grew into a field of its own, concerned with making sure that cybersecurity is balanced with usability, or else humans might circumvent security protocols and give attackers a foot in the door. Lessons from usable security now surround us, influencing the design of phishing warnings when we visit an insecure site or the invention of the “strength” bar when we type a desired password.

Now a cybersecurity researcher at MIT Lincoln Laboratory, Zurko is still enmeshed in humans’ relationship with computers. Her focus has shifted toward technology to counter influence operations, or attempts by foreign adversaries to deliberately spread false information (disinformation) on social media, with the intent of disrupting U.S. ideals.

In a recent editorial published in IEEE Security & Privacy, Zurko argues that many of the “human problems” within the usable security field have similarities to the problems of tackling disinformation. To some extent, she is facing a similar undertaking as that in her early career: convincing peers that such human issues are cybersecurity issues, too.

“In cybersecurity, attackers use humans as one means to subvert a technical system. Disinformation campaigns are meant to impact human decision-making; they’re sort of the ultimate use of cyber…

Source…

Luta Security and Emsisoft discuss how to fight ransomware at Disrupt – TechCrunch

/in


Ransomware is an exponentially growing global threat. Here are just a few examples from 2022: Costa Rica declared a national emergency after a $20 million ransomware attack; ransomware caused one of the biggest U.S. health data breaches; and ransomware topped CSO’s list of nine hot cybersecurity trends.

To hammer the point home, 14 of the 16 critical infrastructure sectors in the U.S. experienced ransomware attacks during 2021, according to a February 2022 report from the Cybersecurity & Infrastructure Security Agency.

The urgent threat ransomware presents is why we’re excited to announce that Katie Moussouris, the founder and CEO at Luta Security, and Brett Callow, a threat analyst at Emsisoft, will join us onstage at TechCrunch Disrupt on October 18–20 in San Francisco.

In a conversation called “Winning the war on ransomware,” Moussouris and Callow will talk about why ransomware is escalating at such an alarming rate, define what “winning the war” looks like, and share what startup founders need to know — and what steps they can take — to protect their customers and their business.

A self-described computer hacker with more than 20 years of professional cybersecurity experience, Moussouris has a distinct perspective on security research, vulnerability disclosure, bug bounties and incident response. She serves in three advisory roles for the U.S. government as a member of the Cyber Safety Review Board, the Information Security and Privacy Advisory Board, and the Information Systems Technical Advisory Committee.

Moussouris worked with the U.S. Department of Defense where she led the launch of Hack the Pentagon, the government’s first bug bounty program. During her tenure with Microsoft, she worked on initiatives such as Microsoft’s bug bounty programs and Microsoft Vulnerability Research.

Moussouris serves as an advisor to the Center for Democracy and Technology, and she is also a cybersecurity fellow at New America and the National Security Institute.

A Vancouver Island–based threat analyst for cybersecurity company Emsisoft, Brett Callow lives life with an ear to the ground, monitoring emerging cyberthreat trends and…

Source…