TweakTown NewsRefine News by Category:
Just 56 percent of employees believe their password habits in the workplace are secure, according to Software Advice's "Password Use in the Workplace" report. Companies are struggling to teach their employees to hold more responsibility with security, and the problem will continue throughout 2015.
"Our findings suggest that users either remain unaware of the rules despite the hype, do not believe them to be good advice or simply find them too burdensome, and thus opt for less secure passwords," according to the report.
Proper cybersecurity must start from the top and trickle down to regular employees, though that doesn't seem to be happening, according to the survey. Only 54 percent of employees report their employers require them to create complex passwords.
US government departments are increasingly worried about high-profile data breaches, with cyberattacks targeting US infrastructure increasing, according to General Dynamics. US military spending has declined, but due to rising cybersecurity threats, spending to help defend networks has grown significantly in certain sectors.
Cybersecurity related to preventing insider threats has proven popular, with up to five government departments interested in insider threat protection over past few months. Trying to defend against threats from the inside can be extremely difficult, but cybersecurity experts tend to look for unusual employee behavior before information is compromised.
"Across the board, I see this as still being a growth area for us," said Nadia Short, VP and GM of cyber systems at General Dynamics, when speaking to Reuters. The contractor has merged its cyber and engineering departments, providing additional expertise and streamlined security developments.
It would appear China was able to steal details regarding F-35 fighter jets being sold to the Australian military, according to former NSA contractor Edward Snowden - but the US Pentagon said classified data on its F-35 fighter program remains safe.
"Classified F-35 information is protected and remains secure," according to a statement published by Reuters. US government departments and its contractors face a high volume of Internet-based attacks, with criminals interested in stealing information - which can be used or sold - as organized state-sponsored attacks continue to increase.
Meanwhile, the Chinese government said the accusations revealed by Snowden are "groundless," though China is known to conduct cyberespionage campaigns against military and political rivals.
Sixty-one percent of companies increased their cybersecurity budgets by an average of 34 percent in 2014, despite a number of high-profile data breaches still taking place, according to Identity Finder and the Ponemon Institute. Companies showed the most interest in the following security resources: Security incident and event management (SIEM), endpoint security, intrusion detection and prevention, encryption, and Web application firewalls.
Companies want to step up spending related to cybersecurity, but must ensure they are investing resources in the appropriate places. For companies breached, the information is rather frightening: 95 percent didn't discover a breach for at least three months, while 46 percent admitted they found a data incident on accident.
"This study shows that organizations are dedicating greater attention and financial resources towards managing sensitive information and preventing data breaches, which is certainly encouraging news," said Dr. Larry Ponemon, founder and chairman of the Ponemon Institute. "However, 2015 is predicted to be as bad or worse as 2014 as more sensitive and confidential data and transactions are targeted by attacks and collateral damage."
The US government has increased concerns related to cybersecurity, and a new report compiled by Michael Gilmore, director of operational test and evaluation (DOT&E), likely won't help alleviate those worries. In the published 366-page report, it was discovered that almost all U.S. weapons programs tested during 2014 faced "significant vulnerabilities" related to cyberattacks.
Problems included unpatched and aging software, misconfigured network protocols, and similar issues - opening the door to potential security concerns.
"Cyber adversaries have become as serious a threat to U.S. military forces as the air, land, sea and undersea threats represented in operational testing for decades," according to the report. "The continued development of advanced cyber intrusion techniques makes it likely that determined cyber adversaries can acquire a foothold in most (Department of Defense) networks, and could be in a position to degrade important DOD missions when and if they chose to."
The Microsoft Outlook.com email service reportedly was breached by Chinese authorities, using a "man-in-the-middle" type attack, according to the GreatFire watchdog group.
MITM attacks typically rely on hijacked online connections used to monitor and control communications through an online communication - with email users relying on IMAP and SMTP to access Outlook, Mozilla Thunderbird and other apps left vulnerable.
"We suspect that the Cyberspace Administration of China, which is directly in charge of censorship... is directly responsible for the MITM attack against Outlook, and the recent related MITM attacks in China," according to the report.
Cybercriminals are always-on the lookout for software bugs they can exploit, allowing them to hopefully compromise users. Keeping software updated, for example, helps close backdoors and make it harder to find access points - but many people fail to update software, and avoid potentially preventable security incidents.
Another aspect to good cybersecurity is understanding what types of software are being targeted - and why - with clues gathered from this type of information. Java, which has been a longtime favorite for exploits, has increased focus on security, so users have shifted attention to Microsoft Silverlight. As such, experts have seen a strong uptick in Silverlight-based attacks:
"We saw a 34 percent drop in exploits in Java," said Jason Brvenik, principal engineer of security business at Cisco, in a statement to SCMagazine.com. "Java has become more secure. Attackers have noted this, so we saw a rise in the exploit of Silverlight consequently."
The GCHQ collected emails sent to and from journalists in the United States and UK, according to documents released by former NSA contractor Edward Snowden. It took less than 10 minutes to harvest up to 70,000 emails during the GCHQ exercise, intercepted from fiber-optic cables, and included correspondence between writers and editors.
As part of its surveillance campaign, the GCHQ archived emails related to journalists from BBC, Reuters, The New York Times, Le Monde, the Guardian, NBC, the Sun and the Washington Post - with data saved on its intranet.
It's no surprise that the NSA and GCHQ have invested in a number of different digital surveillance efforts, but the widespread campaigns have shocked critics. The GCHQ is under increased pressure to ensure journalists' emails are protected, as confidentiality is important - despite government skepticism.
Once again, SplashData have released their annual list of compiled stolen passwords made public throughout the year of 2014, once again showing that people really don't put much thought, time or effort into protecting their own security.
If your password is anything like these below, please change it immediately for your own safety. It's nice to see these users really confusing hackers and 'changing it up' by pushing '12345' up 17 places to a number three placing - it's definitely going to confuse those nasty criminals from guessing the old '123456' code that was set.
Government agencies in the United States and UK increasingly rely on wide-scale surveillance programs, in their efforts to collect intelligence. It's not uncommon for politicians and department heads to claim efforts are designed to prevent terrorism, which is the line being used by a former high-level spy from the UK.
"There needs to be some new compact between the technology companies and those who are responsible for security if we're not to see events like we saw in Paris last week... becoming more and more features of our lives," said John Sawers, former head of the Secret Intelligence Service, in a statement published by BBC.
British elections take place in May, and national security is expected to be a major political talking point.