Wednesday, October 31, 2018

The true cost of a data breach

From the implementation of the General Data Protection Regulation (GDPR) back in May, which fundamentally changed the rulebook for storing data of EU citizens at least to the Butlin’s hack, 2018 has been a very significant year for cybersecurity.  

One of the biggest changes centred around transparency, specifically businesses being forced to reveal within 72 hours if they have suffered a breach. While the US has had this type of policy for a while, businesses in the EU were not required to publicly state when a breach occurred, leaving them free to keep significant news like this from their customers. But now that things have changed, and it’s starting to heat up in the EU.

A financial hit

The first thing anyone thinks of when considering the cost of something is how can it be calculated in monetary value. Up until now, it’s been difficult to pinpoint the exact cost of a data breach, given many companies are not too willing to unveil the money they’ve spent cleaning up the mess left behind after being hit, or the drop in sales figures. There are some indications though that can help give a guidance. Studies such as the annual Ponemon Institute’s Cost of a Data Breach report aims to paint a clearer picture – indicating the average cost is currently $3.62 million globally ($141 for each piece of data) and as much as $7.35 million in the US.

However, that may be considered the average, with some financial hits being much bigger. According to its most recent SEC filing, Equifax has spent $242.7 million and counting since its data breach, which exposed the sensitive financial and personal information of nearly 148 million of its customers. To add a bit more context to this, Equifax spent nearly as much in just seven months, as Target ($252 million) did in two years after its 2013 data breach. That’s a big hit to the bottom line for simply leaving consumer data unencrypted and out in the open for hackers to simply walk up and take.

Moving forward, we should start to see a clearer picture of the tangible financial cost of a data breach through legislation like GDPR, which can fine companies up to 4% of their global turnover, if they are found to have suffered a breach.

The reputational impact

As well as business suffering from a clear financial hit, the transparency aspect of GDPR has increased the potential for companies to suffer reputationally as well. As consumers become more aware of the increasing number of breaches out there, they are starting to understand they have the power in the relationship, particularly with GDPR enabling points like the ‘right to be forgotten’.

Companies need to realise that if they get breached, consumers will simply go to another brand they consider to be more secure. Take the case of TalkTalk as a great example. Following its well-publicised data breach, the company lost around 100,000 customers, who simply deemed that they could not trust the business to keep their details safe. In this case the CEO also had to step down, a growing consequence that is beginning to develop with senior management usually in the firing line when a breach occurs.

It’s not just a reputational hit with customers that can affect a business either. Yahoo! had to lower its asking price by $350 million for its acquisition by Verizon, after it suffered a huge breach that affected millions. 

Mitigating the risks and costs of a breach 

So, with regulation making things more transparent and media headlines making consumers more aware, how can businesses avoid being the next Equifax or TalkTalk?

The simple answer is there needs to be a change of mindset when it comes to security in the business world. Businesses can no longer adopt a ‘it won’t happen to us’ approach or ‘my perimeter can’t be breached’ mentality. The focus must be on securing the most sensitive data a business has at its core. Too many companies attempt to secure the outside and leave the data exposed, meaning if a hacker was to break in, they can almost help themselves. Encrypting data at rest and in motion, securely managing the encryption keys and storing them securely, while also managing and controlling user access, are vital steps for businesses to take to protect themselves.

With nearly every business using the cloud and the continued emergence of IoT, businesses have never had such opportunities to grow, but with that comes an increased attack surface to defend against. By implementing the solutions such as encryption, businesses can essentially adopt what is known as a ‘secure breach’ strategy, whereby if they are attacked, their data can’t be accessed.

Investing in this strategy moving forward is the only way businesses can protect themselves from the financial and reputationally hitting consequences that are being seen more frequently now. The true cost of a data breach may still be up in the air and vary depending on the business, but companies shouldn’t be running the risk of finding out what it will cost them.

Jason Hart, CTO of Data Protection at Gemalto 



from TechRadar - Internet news https://ift.tt/2Ogvmzm
via IFTTT

Plusnet's amazing new broadband deal comes with a £75 Amazon.co.uk Gift Card

There are so many broadband deals out there promising different incentives and freebies and it can be really hard to know which ones are worth it. But Plusnet has a new broadband deal with a perk you will really want to get your hands on.

Until Wednesday November 7 Plusnet is offering a £75 Amazon.co.uk Gift Card with its Unlimited Broadband plan. Along with this bumper Amazon.co.uk Gift Card you' also be getting internet with average speeds of 10Mb and free landline calls to Plusnet customers. 

The package will cost you £18.99 per month and is a 12 month contract. You will have to pay an upfront fee of £5 but this is a fixed price offer so you are guaranteed the same price throughout your contract. 

More on this brilliant Plusnet deal:

What if I want a faster broadband deal?

If the 10Mb speeds of this deal just aren't doing it for you - maybe you rely on high quality 4K streaming, or just have loads of people in the house always looking to use the internet at once - Plusnet has other faster broadband deals that could be perfect for you that also come with an added bonus.

Upgrade to its Unlimited Fibre plan for an extra few pounds a month and you get some beefed up average speeds of 36Mb for faster internet use. This deal costs £23.99 a month and maintains that £5 upfront fee. This deal doesn't have the Amazon.co.uk Gift Card to sing about, but does come with £50 cashback instead which helps to make it one of the best value fibre broadband deals out there. 

If you need even faster speeds, Plusnet also offers Unlimited Fibre Extra broadband with massive average speeds of 66Mb - that equates to downloads of over 8MB per second. This one will cost you £28.99 a month and a fiver upfront, but you still get that £50 cashback. Those kind of speeds for less than £30 per month are almost unheard of.

More on that Amazon.co.uk Gift Card

Once your broadband and line rental have been activated, Plusnet says you'll be sent an email with the details of your Gift Card - then you're free to spend away to your heart's content.

It can't be traded for money but you can use it to buy anything on Amazon.co.uk. And the best bit...you'll be happy to know that the card should be with you in plenty of time for Christmas so you can use it to power through your Christmas shopping!



from TechRadar - Internet news https://ift.tt/2CTIV67
via IFTTT

From a start-up to a multinational - make the right business decision by moving to the cloud

Until some years ago it happened that the majority of companies had to create their own IT based up on their own small on-site data center, and not because it was the best solution, but because it was the only available one. It was due to several reasons, from the low level of the broadband connection to the traditionalism of the technical practice, from the lack of technical standards in the market to the lack of specific technology. Among the several solutions, today the cloud represents an alternative to this ‘on premise’ model that is reliable, affordable and possible on the different purpose. 

That’s why organizations have started moving data centres and software to the cloud: cloud could be seen as the ‘IT-as-a-commodity’, a new way to accelerate and facilitate a business.

As a result, many companies continued to deploy cloud solutions in silos, while maintaining their traditional core systems, but little by little the digital transformation has shifted the argument. There has been a step ahead in the mentality of the companies and now we can see that is the ‘best solution’ and not the ‘cheapest one’ to drive the final choice, overpassing any uncertainty or doubt. 

The cloud is not only an enabler for making businesses more digital, it’s also an essential business driver for growth. 

Moving away from the data centre

Simple, self-service, pay-per-use, scalable - there are many reasons to move to the cloud, and yet 65 percent of enterprise workloads are still running in owned or onsite data centres. Colocation data centres only host 20 percent of systems and just 9 percent are cloud-based.

For a business with an innovative tech-focused model, choosing the right cloud is an important step. By making this choice, you’ll ensure that technology is not a barrier that slows your business down, but rather a springboard for your go-to-market strategy. However, too often, businesses find a reason to convince themselves that moving to the cloud is not the best decision for them. On one hand you have large organizations talking about the supposed complexity, and on the other you have small businesses saying they are too small for the benefits to have a real impact.  

This couldn’t be farther truth. From scalability to disaster recovery and digital transformation, the benefits of moving to the cloud are available to organizations of all shapes and sizes.

Moreover, let’s bear in mind that cloud is one of the possible ideal solution, but there is enough room for colocation, dedicated servers or managed dedicated servers and infrastructures too.  Each provider has to find the right solution and it could also mean to integrate those services and approaches, by taking the best part of each of them, and at the same time, being able to hide their complexity so that the end user should only focus on his own business, and do not take care of the IT.  

Making scalability easier

Moving to the cloud gives businesses the ability to adapt to business growth. With the cloud, scalability can be achieved in two ways: horizontally, by manipulating the infrastructure to add or remove cloud servers and vertically, by increasing or reducing the individual components (vCPU, RAM, HD etc.) of a server. 

Businesses of all sizes can achieve scalability needs, such as start-up CercaOfficina.it – a website through which you can choose a repair shop to fix your car. After only four years in business, CercaOfficina.it crossed the threshold of 100,000 requests. For this start-up, scaling up needed to scale fast and it also was the only way to stay in business. Another example is Tommigame.com, a startup aimed at supporting hospitalized children: it is a business realized by a digital health company using virtual reality and artificial intelligence in order to create immersive VR experience for those little patients. By using cloud solutions, it is possible to collect data about their psychomotor behavior, monitor and personalize their treatments. Also, in this case, the business growth so fast that it was necessary to scale up and provide tools and resources very quickly.

Cloud-based solutions enables businesses to find the perfect solution for every stage of growth. You can expand your IT infrastructure by increasing or decreasing the resources you need, depending on how the business is developing. You can start off with a relatively small infrastructure, then gradually scale up, eliminating latency that results from dormant physical IT infrastructure. 

More effective disaster recovery 

Over two-fifths (43%) of SMEs have no contingency measures in place to deal with an IT crisis. For businesses that don’t have a specialised IT department, disaster recovery (DR) generally means relying on a third-party provider. This is the case for most businesses, either because they think they’re too small to need DR, or because they are not able to justify the cost and resources needed to maintain traditional DR. For businesses that do have DR in place, a recent survey found that one in five (18%) lack confidence in their DR plans and almost half (46%) are not testing those plans on an annual basis. 

Cloud-based DR offers solutions adapted for all types of firms. Whatever your size, cloud based DR offers a way to build up your resilience at a price that’s relative to the size of your business, and with smaller resource overheads when creating, implementing and testing your DR plan. 

Accelerating digital transformation 

As part of an overall five year and 3.5 million Euro investment plan, Nexive, Italy’s number one provider of private postal services, decided to digitize all of its operations, moving from on-site to cloud-based data centers. 

By moving to a cloud-based model, Nexive was able to ensure reliable physical and digital services. This also put Nexive one step ahead of its competition, with a flexible and secure solution for its data.

Before moving to the cloud, Nexive’s data was stored on a private server. This approach was a costly one, requiring significant investment in human resources to manage processes, constant manual upgrades and high maintenance costs. The regulatory requirements and activities involved in ensuring compliance were also significant.

Moving to the cloud eliminated the maintenance and compliance costs from Nexive and offered a solution that could instantly scale up in case of an activity peak.

Moving to the cloud, and staying one step ahead

From start-ups to multinationals, moving to the cloud is the best insurance against downtime – whether that be due to natural disasters, or human errors. It’s also the best way to respond to activity peaks and free business leaders concentrate on running their companies, rather than these potential concerns. 

What’s more, having the right cloud solution provides protection for IT resources, the data the business holds and for the business processes it supports. 

As the cloud becomes an everyday part of how we live and work, it will become increasingly difficult to not have it as an essential part of your business process. Businesses that fail to take this leap risk missing out on the many opportunities that cloud presents. And ultimately, they risk losing their customers, many of who now expect cloud-transformed experiences as the norm, to competitors that provide these experiences. 

Stefano Cecconi, CEO of Aruba S.p.A



from TechRadar - Internet news https://ift.tt/2ADfJif
via IFTTT

Cybersecurity: The latest news and statistics

In our increasingly digital world, cyberattacks are a daily risk for businesses and consumers alike. 

While installing an antivirus is an essential first step for staying safe online in 2018, being informed regarding the latest cyberattacks will ensure that you’re prepared for when not if the next attack comes.

We’ve compiled a collection of recent security headlines and statistics to keep you up to date with the latest developments. The list will be regularly updated, so be sure to check back often.

Got an addition for us? Contact mike.moore@futurenet.com

"Cyberattacks against businesses rise 55 per cent during last three months"

While the first half of 2018 was relatively uneventful in terms of cyberattacks, Malwarebytes identified a 55 per cent increase during the last three months as cybercriminals increased the number as well as the severity of their attacks. This includes a major rise in the number of ransomware attacks carried out as well as an 84 per cent increase in banking trojans compared to the previous quarter...

Read more here

"One in six businesses unprepared for data breaches"

A significant portion of organisations are ill-prepared for the event of a cyberattack and four in ten have gone through such an event in the last 12 months according to a report by BSI’s Cybersecurity and Information Resilience division...

Read more here

"4.5bn files compromised in first half of 2018"

New data from Gemalto found that 4.5 billion records were compromised during the first half of 2018 as businesses were busy preparing for GDPR to go into effect. The US was hit the hardest with 3.25bn of breached data entries while the UK was the highest country in Europe with 22 data incidents during the first half of 2018...

Read more here

Security

"Two thirds of German manufacturers have fallen victim to a cyberattack"

A survey published by Bitkom found that two thirds of the country’s manufacturers have fallen victim to a cyberattack costing Europe’s largest economy around $50bn. A third of the companies reported having their employees phones stolen while a quarter said they had lost sensitive data...

Read more here

"Quarter of cyberattacks hit ordinary users"

Research from Positive Technologies revealed that cyberattacks increased by 47 per cent during Q2 2018. Data theft has grown in popularity as hackers move away from mass campaigns with personal data (30 per cent) and credentials (22 per cent) being the most attractive targets...

Read more here

CipherTrace: Almost $1 billion in cryptocurrency was stolen in 2018

Cryptocurrency thefts have risen to almost $1 billion over the course of 2018 according to a study by cybersecurity firm CipherTrace. The majority of thefts come from cryptocurrencies and trading platforms being hacked, with smaller, more frequent attacks becoming increasingly common...

Read more here

"Worldwide AI investment to top $200bn by 2025"

A new report from KPMG estimates that investment in AI, along with machine learning and robotic process automation (RPA) technology, is set to reach $232bn by 2025. This is a significant increase from the $12.4bn spen today as more and more organisations adopt AI in their business...

Read more here



from TechRadar - Internet news https://ift.tt/2F1FTzs
via IFTTT

With a new branding, 1&1 IONOS wants to be more than just a hosting provider

1&1 recently announced that it would be joining forces with ProfitBricks, the German specialist for cloud infrastructure solutions, to form a new united brand called 1&1 IONOS. 

The change is meant to accelerate the firm's ambitions to move beyond just web hosting and it will give customers the opportunity to use a personal consultant free of charge as their central contact person for all questions related to products.

TechRadar Pro sat down with 1&1's Achim Weiss (the founder/CEO of ProfitBricks) to learn more about 1&1 IONOS and how the new entity will benefit its customers.



from TechRadar - Internet news https://ift.tt/2OeQJkV
via IFTTT

Tuesday, October 30, 2018

Third of US data breaches happen in hospitals

After a recent series of aggressive phishing attacks on NHSmail, cyber security provider Cofense has compiled a new report using shared US client data to reveal how much of a danger future phishing attacks could become in the UK.

The report, entitled Say Ah: A Closer Look at Phishing in the Healthcare Industry, compares the resilience of the healthcare sector to phishing attacks with other industries monitored by the software provider.

Resilience is the ratio between users who report a phishing attack versus those that fall susceptible.

Over the past three years, the healthcare industry in the US' resilience rate has improved from 1.05 in 2015 to 1.49 in 2018. Despite these small improvements, healthcare still has the lowest resilience rate when compared to other industries with energy at 4.01, financial services at 2.52 and legal services at 2.50.

The report notes that high turnover could be a factor holding back the US healthcare industry's resilience rate. Doctors, nurses and administrative staff change positions constantly which can make it hard to gain traction in the fight against phishing.

Active threats from phishing emails

Cofense highlighted requests for invoices, emails posing as manager evaluations and emails reporting package deliveries as the three most active threats from phishing emails. Each of these threats imposes a sense of urgency and the report warns healthcare providers to stress this when educating employees to the dangers of phishing.

Back in April of 2017, Leeds Teaching Hospitals NHS Trust used a fake phishing email to see whether any of its 17,000 members of staff would be tricked into disclosing confidential information. 400 members of the staff (around 2.3%) responded to the phishing email and revealed sensitive information such as their passwords and network credentials.

Cofense's CEO Rohyt Belani explained the reasoning behind compiling the report, saying:

“The results are staggering and speak for themselves. When the U.S. sneezes the world catches a cold, and we hope this data can serve as an early warning sign for NHS Trusts to have appropriate anti-phishing measures in place. At present the healthcare industry is at specific risk, lagging behind other industries, as our findings show. With careful planning however these threats can be mitigated and repulsed very quickly.”   



from TechRadar - Internet news https://ift.tt/2Q4THtL
via IFTTT

Data in the cloud is more exposed than organisations think

Data stored in the cloud is not nearly as secure as companies think according to new research from cybersecurity firm McAfee.

The company's recently released Cloud Adoption and Risk Report analysed billions of events from customers production cloud use to better assess the current state of cloud deployments and risks.

McAfee's report shed light on the fact that nearly a quarter of the data stored in the cloud can be categorized as sensitive which could put organisations at risk if it is stolen or leaked. The amount of sensitive data stored in the cloud has also increased by 53 per cent year-over-year, highlighted the need for organisations to adopt a cloud strategy with data loss protection, configurable audits and collaboration controls.

The study also found that the average enterprise experiences more than 2,200 misconfiguration incidents each month in their infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) instances. 

Cloud service providers are only responsible for the security of the cloud itself and companies are responsible for securing their data. This is why businesses must deploy cloud security solutions that span the whole cloud spectrum from sofware-as-a-service (SaaS) to IaaS and PaaS.

Cloud collaboration and uncontrolled sharing

Cloud services have made it possible for employees to easily collaborate with one another and share documents with just a few clicks. However, uncontrolled sharing can expose sensitive data.

According to McAfee, 22 per cent of cloud users share files externally and sharing sensitive data with an open, publicly accessible link has increased by 23 per cent year-over-year. Sending sensitive data to a personal email address has also growing in popularity with an increase by 12 per cent year-over-year.

To prevent uncontrolled sharing from being the cause of data leaks, companies must first gain visibility of all their cloud services and then enforce appropriate security policies that limit sensitive data from being stored in unapproved cloud services.

Compromised accounts and insider threats

Compromised accounts and insider threats make up most of the threats to data in the cloud with 80 per cent of all organisations experiencing at least one compromised account threat per month. Additionally 92 per cent of all organisations have stole cloud credentials for sale on the Dark Web making them easy targets for hackers.

To protect themselves from these threats, businesses should take advantage of cloud access security brokers (CASB). These cloud-native services enforce security, compliance and governance policies for cloud services.

Senior Vice President of McAfee's Cloud Security Business, Rajiv Gupta provided further insight on the findings of the report, saying:

“Operating in the cloud has become the new normal for organizations, so much so that our employees do not think twice about storing and sharing sensitive data in the cloud. Accidental sharing, collaboration errors in SaaS cloud services, configuration errors in IaaS/PaaS cloud services, and threats are all increasing. In order to continue to accelerate their business, organizations need a cloud-native and frictionless way to consistently protect their data and defend from threats across the spectrum of SaaS, IaaS and PaaS.” 



from TechRadar - Internet news https://ift.tt/2OgcOQ6
via IFTTT

Hackers target UK cybersecurity universities

Iranian cybercriminals attempted to hack into UK universities offering government-certified cybersecurity courses, new research has claimed.

The group behind the attacks targeted at least 18 British universities over a period of several months, according to researchers. The list of targets includes some high-profile institutions as well as some lesser known universities certified by the National Cyber Security Centre (NCSC) to provide degrees in cybersecurity.

At this time though, it is not known as to whether the universities in question were singled out because of their affiliation with the NCSC but half of the targets on the list were NCSC-certified. 

The attacks are believed to be linked to a previous campaign in which dozens of universities were hacked and their research was published on two Iranian websites.

Phishing for university credentials

Students with UK university logins were sent phishing emails by the attackers to trick them into giving up their passwords.

According to Lancaster University, a small number of recipients fell for the attack and entered the credentials. Luckily though the University reset their passwords and investigated whether any sensitive data had been obtained.

The hackers even created fake websites which appeared quite similar to the sites of the universities they targeted. A fake site for Lancaster University was set up in May while one for Warwick University was created in June.

Those responsible for the attacks also took advantage of the Internet's “green padlock” system to try to fool victims into entering their credentials by using padlock certificates obtained from the US company Let's Encrypt.

Via Forbes



from TechRadar - Internet news https://ift.tt/2PCqolD
via IFTTT

Google is making CAPTCHA less annoying

Websites have been using CAPTCHAs as a means to differentiate between actual users and bots since the early days of the Internet and now Google has introduced reCAPTCHA v3 with the aim of reducing the number of challenges to users.

The company has continually updated its reCAPTCHA API as more sophisticated bots have come closer to passing as actual humans. The first tests had users type in distorted text to prove they were human while the modern equivalent has users identify objects in images.

Google has also been working to make its reCAPTCHA challenges less noticeable by using a number of signals to help determine whether a users is authentic or fake.

ReCAPTCHA v3

With today's release of reCAPTCHA v3, Google is improving the experience further by having the API return a score between 0.0 and 1.0. This score is then used to rank “how suspicious an interaction is” with the end goal to minimize the “need to interrupt users with challenges at all”.

The new system puts reCAPTCHA on more pages besides the login box and runs “adaptive risk analysis in the background to alert you of suspicious traffic”. 

Google explains how the new system works in greater detail in a blog post, saying:

“In reCAPTCHA v3, we are introducing a new concept called “Action”—a tag that you can use to define the key steps of your user journey and enable reCAPTCHA to run its risk analysis in context. Since reCAPTCHA v3 doesn't interrupt users, we recommend adding reCAPTCHA v3 to multiple pages. In this way, the reCAPTCHA adaptive risk analysis engine can identify the pattern of attackers more accurately by looking at the activities across different pages on your website.”

Changes to the API

Google's reCAPTCHA API is now much more customizable to allow sites to determine how  they fight spam and abuse.

Site owners can now set a threshold to determine when a user is let through or when further verification such as two-factor authentication or phone verification is needed. They can also combine the reCAPTCHA score with their own signals such as user profiles or transaction histories to better understand if a user is indeed real.

The reCAPTCHA score can also be used to train machine learning models to help fight abuse.

Via 9to5 Google



from TechRadar - Internet news https://ift.tt/2qf8WFo
via IFTTT

Skype for Web gets HD video calls and much more

If you use the web version of Skype, then you’ll doubtless be interested to learn that Microsoft has brought all the latest features to the web-based spin of its messaging service – or at least to the preview version.

As spotted by MS Power User, a big update to the Skype for Web preview (which you can access here – providing you’re running Chrome or Microsoft’s Edge browser) brings with it all the latest features from the desktop and mobile versions.

That means web users can now enjoy HD video calling (individual or group video calls), and they can record calls, as well.

A new Notifications Panel collects all your reactions to messages, @mentions in group chats, and more, in one central hub so you can see what’s happened at a glance.

Search me…

There’s also a search function to let you easily find a particular message in a conversation, and a Chat Media Gallery keeps track of all the media, links and files you’ve been sent, again for quick and convenient access.

That’s a lot of smart added functionality aimed at web users, for sure.

As we saw recently, another feature currently in testing is the ability for Windows 10 users to send money via Skype (using their PayPal account), with no fees charged by Microsoft (although PayPal may still exact a transaction fee when transferring money across borders, for example).



from TechRadar - Internet news https://ift.tt/2ESPRCU
via IFTTT

Google releases frightfully addictive multiplayer Doodle game for Halloween

If you've ever played a Google Doodle game, you'll know how fun (and addictive) they can be - and now for the first time ever, you can play along with other people in Great Ghoul Duel.

The Halloween-themed multiplayer game allows you to invite up to seven friends via a custom link, or play along with randomly selected strangers across the world. To play, simply head to the Google homepage and click on the Doodle image. 

The spooky mini-game allows you to form two teams of up to four ghosts, meaning you must work together to collect 'spirit flames' and return them to your home base. 

The team with the most spirit flames after two minutes wins - you can also steal flames from the opposing team, as well as unlocking special powers like night vision and speed boost. 

Halloween spirit

Great Ghost Duel follows the immensely popular Halloween Doodle game, Magic Cat Academy from two years ago, in which you played as a magical black cat and battled to save your school from invading ghosts. 

If this one is as addictive like its predecessor, it's probably best to avoid it during working hours - or just don't let your boss see you playing it. 

Via Cnet



from TechRadar - Internet news https://ift.tt/2yH6rQB
via IFTTT

Taking care of business: ransomware adopts a new model

Ransomware was rampant in 2017, and ill prepared users were caught off-guard. This spiralled into widespread panic as victims scrambled to safeguard valuable data, often succumbing to criminal demands to pay increasingly expensive ransoms via cryptocurrency, which skyrocketed in value itself. Unfortunately, meeting these demands did not guarantee files would be returned undamaged, if at all, making it a favourable year for ransomware authors.  

Over time it’s become increasing difficult for ransomware authors to scare victims into paying to salvage their data, with more adoption of simple best practices like timely and cloud backups. This combined with more users turning to Windows 10, a more secure operating system, has forced hackers to get more creative. The ransomware threat is still real, and is in fact adopting a more targeted business model through unsecured Remote Desktop Protocol (RDP) connections as the attack vector.

Exploiting unsecured RDP connections 

While RDP connections support modern working practices, by enabling off-premise access to a machine and network, they can act as a weak link in an organization’s cybersecurity defences. This attack vector is gaining popularity with cybercriminals who use tools like Shodan to scan for businesses that have not created adequate RDP settings, leaving their environments open to infiltration. Even the less sophisticated cybercriminals can visit the ‘dark web’ to buy RDP access to already hacked machines. Once a given system has been accessed, criminals can browse all data on the system or shared drives to assess its value. This helps the criminal decide whether to deploy ransomware or other payloads - whichever will have the most impact and profitability. This targeted approach improves the chances of an organization paying the ransom, as the encrypted content will be of highest value and importance. 

Cybercriminals in action

This isn’t theoretical. The notorious SamSam Ransomware group and their campaigns made millions in cryptocurrency earlier this year, thanks to improperly configured RDP. High profile attacks dominated headline news when they shut down government sectors of Atlanta and Colorado, along with medical testing giant LabCorp. In the cases of Atlanta and Colorado, these states chose not to pay the ransom and instead decided to rebuild their IT systems, to the tune of over $2.5 million (in the case of Atlanta). But there are now multiple viable choices for payloads in an RDP compromise. Because the criminal can see all the hardware installed, it’s easy to determine if the installed CPU and GPU would deliver more profit mining cryptocurrency than if attackers simply deployed a ransomware infection.

Defending against attacks

The importance of education cannot be understated and plays a crucial role in protecting an organization from compromise. IT departments often leave default ports open and are lax about password policies, underscoring the reality that employees are the weakest link. Continuous training on how to configure the environment and establish a baseline of resilience is as important for a company with 50 employees as for a multinational corporation. According to the Webroot Mid-Year Threat Report 2018, organisations who implemented 11 or more security awareness campaigns saw their phishing email click-through rate drop to 13%. In addition, assessment of the impact of this training should be made, bolstered by a comprehensive disaster recovery plan.  

Ransomware continues to plague organisations of different sizes and industries. The recent attacks on the San Diego Port Authority and Bristol Airport highlight the direct impact and disruption that can occur, even to public services. The best defence is security awareness education for employees – particularly around avoiding phishing attacks that could compromise their system’s credential – coupled with installing anti-malware software to protect valuable information. No organization is exempt from attacks and only a robust security posture will mitigate these threats.

Tyler Moffitt, Senior Threat Research Analyst at Webroot



from TechRadar - Internet news https://ift.tt/2Stb0X7
via IFTTT

Monday, October 29, 2018

Plusnet's £65 cashback offer makes this the cheapest broadband deal around

Hunting for new broadband can be difficult with so many different deals and freebies to choose from, but Plusnet has come out with a cheap broadband deal that cannot be ignored. 

This limited time deal ends at midnight on Tuesday and will give you unlimited broadband at average speeds of 10Mb for just £18.99 a month. 

This is already a pretty eye-catching deal in itself but it gets even better when you find out Plusnet is offering cashback of £65, which takes the yearly cost down from £228 to £163 - that's effectively the equivalent of only £13.58 per month.

Click here to head straight through to this cheap Plusnet internet deal

If all that wasn't enough, Plusnet will install it for free with no upfront costs. 

Plusnet is offering a fixed price offer with this deal so you know you are guaranteed the same price throughout your contract - no nasty price hikes along the way.

More on this brilliant Plusnet deal:

Today's other best broadband deals

If you are looking for something with a cheaper monthly cost without faffing around with cashback then Onestream is offering unlimited broadband with average speeds of 11Mb for just £13.99 a month, which is an incredible deal. You will have to pay a £10 upfront cost but you do get a free Onestream "super dooper" router.

If these speeds aren't cutting it for you and you don't mind spending a bit more Vodafone is offering a whopping 35Mb average speed for £21 a month with no upfront costs and a free installation - it's the cheapest fibre broadband deal on  the market. 



from TechRadar - Internet news https://ift.tt/2qjdWsA
via IFTTT

Europeans "have lost control" of their personal data

Kaspersky Lab has discovered that Europeans have lost control of their personal data online with 64 per cent of those surveyed not knowing all the places where their personal data is stored across the web.

The security firm surveyed over 7,000 consumers across Europe to learn more about this issue ahead of its Kaspersky Next conference where it will be discussed in even greater detail.

Kaspersky Lab's research does show that consumers care about the fate of their data with 88 per cent caring if their data is used unlawfully. Additionally, 57 per cent said they would feel scared or stressed if their personal financial data was hacked into. 

However, consumer trust in large businesses is declining with just 45 per cent of respondents placing their trust in them to take care of their data and only 36 per cent believing that their data is secure on social media sites.

Consumer responsibility

Despite their lack of trust in large businesses to manage their data, consumers are not doing much to help themselves and a worrying number of those surveyed get even the simple things wrong. For example, one in five (20%) do not password protect their Wi-Fi and 30 per cent do not protect their devices with security software.

These and other privacy related issues will be discussed in detail at Kaspersky Next on a panel entitled The price of Privacy in an Age of Data Promiscuity. The company will also launch its latest solution, Privacy Audit at the event to help consumers better understand their privacy online.

Head of Kaspersky's Global Research and Analysis Team in Europe, Marco Preuss provided further insight on this issue, saying:

“People know they must protect their own data, because failing to do so can be disastrous. If your data is stolen you may lose money, be chased for a debt that somebody else has run up, your reputation may be destroyed, you may even be accused of a crime. Your information may be sold and the money used to fund all sorts of crime.” 



from TechRadar - Internet news https://ift.tt/2JmVVlV
via IFTTT

Microsoft topples Amazon as second-biggest US company

Microsoft was able to once again regain its spot as the second most valuable company in the US after a disappointing quarterly report from Amazon lowered its market capitalization by $65bn.

Apple still holds the top spot at over $1tn after it crossed the trillion dollar threshold back in September but Microsoft and Amazon are still competing for second place. Before the dot-com bubble burst in the early 2000s, Microsoft had the highest market capitalization on Wall Street.

Amazon's holiday season sales outlook missed targets which led its stock to drop by seven per cent which is the most its fallen in nearly three years. The plunge also raised concerns that Wall Street's tech darlings have begun to face stiffer competition.

The race for second place

Microsoft's stock fell by just 1.1 per cent as a result of a broad technology sell-off led by Amazon's holiday outlook and a weaker-than-expected report from Google's parent company Alphabet.

The company's shares remain up by almost four per cent as the it beat quarterly profit expectations thanks in part to its cloud computing business which has improved at competing with Amazon's AWS.

Microsoft's stock market value is around $823bn and it is on track to close above Amazon for the first time since April when it first gave up its spot as the second largest company in the US by market capitalization. Amazon meanwhile is worth $805bn after it fell below Microsoft in extended trading.

After its recent decline, Amazon is up around 40 per cent year to date while Microsoft has gained around 25 per cent during 2018.

Apple will report its quarterly results on November 1st and then we'll see just how the top second and third US tech company stack up to the trillion dollar giant.

Via Reuters



from TechRadar - Internet news https://ift.tt/2Sr5OD0
via IFTTT

Create new documents instantly with Google's .new domain

Google recently announced a new time-saving feature for Docs and its other productivity tools including Sheets, Slides, Sites and Forms via Twitter that allows users to create new documents instantly.

Previously users had to go to Google Drive or to the site of any one of the company's productivity tools to create a new project. Now though, with the introduction of Google's .new domain, users can simply type “doc.new” into the search bar to instantly create a new Google Doc.

The company also registered a number of variations such as documents.new that also work to create new documents. 

However, this format is not limited to Google Docs but also works with Google's other products as well so sheet.new would create a new sheet while slide.new creates a new presentation and form.new creates a new form, etc. With all of these shortcuts, it is important to remember not to type in the “www” and to just type in the domain.

Improved productivity

For those that work with Google Docs or any of its productivity tools often, this new feature will likely be a big time saver and will make creating new documents almost effortless. Users can also bookmark Google's new domains if they want an even faster way of creating new files.

The fact that the company owns the .new domain means that it can create whatever subdomains it wants on the site and users have already requested for a few that were overlooked such as “drawing.new” and “email.new”. Google has not yet responded to these requests but don't be surprised if the search giant adds more .new links in the future.

To get started using this new feature just type “doc.new” into your search bar to create a new document.

Via TechCrunch



from TechRadar - Internet news https://ift.tt/2Pu8Vvt
via IFTTT

Reputation in the era of phishing and Facebook

Rarely out of the spotlight these days, Facebook’s most recent scandal saw information on 30 million users stolen at the hands of hackers. With public opinion of Facebook continuing to flux, we took the opportunity to poll businesses at the IP Expo earlier this month on the state of their cyber defences in the wake of this latest high profile attack.

When we last spoke to the tech industry, at Cloud Expo earlier this year, it was on the heels of the news that millions of Facebook profiles had been exploited for political purposes. 

Back then, trust in Facebook was understandably shaken, with more than 50% stating that they trusted the social media juggernaut less following its involvement with Cambridge Analytica. Our recent findings at IP Expo echoed this, with 41% going as far to say that they didn’t trust Facebook even before this latest story. This is all having a positive impact on individual security awareness, however, with 28% claiming to have amended their security settings since these breaking stories.

It’s encouraging, then, to see users become increasingly wary of how they use Facebook in their personal lives, but what effect has this had on businesses?

A tale of caution

For all that we’re still unsure of following the recent Facebook hack, we do know that information on at least 30 million accounts was stolen (versus the originally reported 50 million), and that the attackers had total access to a trove of personal information including usernames, email addresses and phone numbers.

For over 14 million of the accounts, however, the hackers also acquired information on relationship statuses, work and education history, religious beliefs, current city, gender, device type, recent check ins and much more. With information on workplaces included in the stolen information, it would be foolish to argue that many organisations will now find themselves in the phishing firing line - a sentiment shared among those we spoke to at IP Expo. 

More than a third agreed that the hack meant that businesses were likely to become phishing targets, with just 20% of respondents believing it could instead alert businesses to predict such an attack and (hopefully) prepare themselves. 

That being said, businesses are clearly taking stock: one in four of the 200 businesses we polled believed they had both the technology and education needed to combat any potential phishing scams. 38%, meanwhile, were confident they had the technology in place but not the user education, while on the flip side 22% believed they were properly educated but didn’t have adequate technology in place. Encouragingly, only 7% had reason to panic, with neither the technology or education in place to protect them.

The ripple effect

So what does the future hold for Facebook, in both our consumer and business lives? Those who regularly use the social media platform but haven’t reviewed their security and sharing settings should do so immediately, particularly if, like many of us, they have other apps linked to their account that could be at risk of being compromised. 

On the business front, user education and raised awareness of criminal techniques is critical in defending against potential attacks. Those regularly implementing simulation and training programs will see improved security awareness among their users, utilising simulations to empower individuals with the baseline knowledge and confidence to identify subtle phishing attempts.

Of course human resilience can only go so far. Technology in the form of effective perimeter filtering, bespoke network architecture and other tools to identify malware within the network are also vital for a robust security strategy. Businesses would also be wise not to become complacent, ensuring they remain up to date with the latest software and security updates and developments in order to maintain a sophisticated security strategy. 

If the likes of Facebook and Google find themselves victims to cyber-attacks, any one of us could be next. Every breach, every news story and every attack proves that we need to become the gatekeepers of our most valued data.

Asaf Cidon, VP of Email Security at Barracuda Networks 



from TechRadar - Internet news https://ift.tt/2AxopGK
via IFTTT

Saturday, October 27, 2018

What does Facebook know about you?

Social media remains a popular internet application, and is a powerful platform for connecting with family and friends, as well as finding like minded individuals across many topics. Dating back over a decade to 2004, Facebook remains the leader in social media, with 2.23 billion users worldwide, and is also the most popular social media app in the US with over 168 million users.

With over two billion folks looking to make online connections, Facebook remains quite popular, which contributes to additional users joining up. However, before you pull up your smartphone and breeze through those app sharing permissions, clicking ‘Yes’ to give access to every sensor and bit of data that the device has, just to get the app working, let’s look at the data collected on Facebook users, so you can make an informed decision if this is the platform for you.

While Facebook is not quite upfront with their data collection, and it is more opaque as they emphasize other aspects, it is not a secret either. You can certainly head to Facebook’s page, that they title “What categories of my Facebook data are available to me?” where they list many categories of what they collect and keep. Here are some of the highlights:

Cards in jean pocket

Credit card

This one should hardly be a shocker, as there are occasions where folks purchase items on Facebook. These purchases include games, ticketed events and contributions for both personal and charitable fundraisers. As this is done via a credit card, Facebook has this on file, which seems appropriate enough, but in reality should give any user a pause for concern with the revelation of a recent hack of Facebook that exposed information on 30 million users.

Furthermore, Facebook keeps a running tally on these purchases, and for those that buy stuff, can easily track where the money gets spent, and use this to build a personal profile on you from the causes you support.

Phone data

Facebook continues to be popular on smartphones, and in fact for last year, 63% of Facebook users went with the mobile platform, making it quite a bit more popular than desktop use, a trend that is expected to continue in coming years. While the Facebook app needs to be on the smartphone for use, this is another example of a ‘Grabby app,’ as just because it gets downloaded to a phone, it should not just helping itself to an unsuspecting user’s data.

On balance, most of us would likely be ok with Facebook going through our contacts, for the purpose of finding us some additional folks to friend and expand our Facebook circle. However, most users would not realize that their Facebook app has been delving into more than that. In particular, on the Android platform, there have been reports of Facebook having access to, and keeping data on the calling history of the user- yes that includes every single call for a time period spanning years.

If that is not enough, the Facebook app also has helped itself to the SMS data, you know, all those texts sent back and forth constantly. They are also applying their algorithm to try and determine business from personal contacts. If you wanted Facebook to have your message, you could have sent a Facebook Messenger, and not a text. Also fascinating, is that the phone contacts, call history and SMS data does not get mentioned, at all, in their list of the types of data they collect.  

Ad preferences

Following the Google model of making money through targeted advertising, in a recent analysis, Facebook is deriving 98% of their income from an advertising business model. And targeted advertising achieves better results the more that they know about their audience.

Therefore, Facebook keeps a running tally of your likes and dislikes, based on your past activity. Therefore, if you like a certain political figure, for example, while Facebook claims they won’t sell this information directly, they will then allow advertisers to send ads based on what they surmise your political preferences are.  

As ad revenue is so crucial to the company, they also incorporate your other data, including demographics such as age, gender and topics liked to try and find you relevant ads, which they term your ‘Ad preferences.’

They also target ads based on your previous clicks on ads, as well as your posts, and which posts of others you have liked. After all, rather than just showing random ads, it is much better to send the right ad to an interested party, such as an ad to for a baby registry once Facebook knows that the user is pregnant, or car ads once they know that you put up a post that you were stranded by the side of the road waiting for a tow truck.

Facebook knows who you are

Part of settling into your Facebook account is to post a profile pic, allowing you to be easily recognized by other users. It also, for those with common names like “John Smith,” makes it easier for other users to confirm they are friending the correct John Smith that they attended college with, and not the other umpteen others that they could be confused with.

Facebook has taken this further, ran Artificial Intelligence facial recognition software on user’s profile pics, and turned them into a large database. This came up as users figured out that they were being automatically tagged in other user’s images, while nobody had manually designated who they were.

Earlier this year, this even resulted in a class action lawsuit going ahead. Users have claimed that they did not explicitly consent to being subjected to the facial recognition process, nor the creation and storage of their facial templates. Once again, Facebook’s own page on their too long list of data collected on users, neglects to mention anything about storing your facial recognition template.

Facebook remembers

While many of us cannot remember what we had for breakfast today, Facebook remembers- like everything. They know exactly when you created your account, everyone you friended and unfriended, and every post you have ever made. They know your work, your college and have a front row seat on your relationship status.

If that was not creepy enough, under the term Facebook Location Services, they know exactly where you are currently, and everywhere you go. Sure, there is a way to opt out, but too many users, most likely by default, opt in, and literally have ‘Big Brother Facebook’ along for the ride, and tracking their every move.



from TechRadar - Internet news https://ift.tt/2D6tLer
via IFTTT

Friday, October 26, 2018

1&1 launches new web hosting service

The largest hosting provider in Europe, 1&1, has announced that it is joining forces with cloud infrastructure specialists ProfitBricks to form 1&1 IONOS.

The new united brand will give customers the opportunity to use a personal consultant free of charge as their central contact person for all questions related to products, their contract and how to become successful online.

1&1 IONOS is the first hosting provider with the ability to guide companies through all of the phases of their business development. 

The company can help businesses tackle building their first website, establishing a shop system, launching their own servers or even implementing IONOS' self-developed enterprise cloud infrastructure. Customers will also be able to use numerous cloud applications to further support their business.

Creation of 1&1 IONOS

Back in 2017, ProfitBricks was acquired by 1&1's parent company United Internet AG. Now the company has been merged into the new 1&1 IONOS brand.

ProfitBricks' founder and now CEO of 1&1 IONOS, Achim Weiss explained how the new company is building on the strengths of both firms, saying:

"At 1&1, I personally experienced and helped shape the growth from a small internet startup to an international provider. With 1&1 IONOS, we can now cleverly combine the strengths of the European web hosting market leader and the leading German cloud provider. With our new personal consultant, which is now available to all customers worldwide free of charge, we are demonstrating that the customer is really the focus of our corporate philosophy - an offer that no other provider can match".

1&1 IONOS now operates in 10 countries with data centres in Europe and the USA that comply with the highest European security and data protection guidelines. The new company also replaces 1&1 Internet and ProfitBricks in Germany, France, the UK, Italy, Canada, Mexico, Austria, Spain and the US.



from TechRadar - Internet news https://ift.tt/2q95ADQ
via IFTTT

Why your web host matters: building a better site

For a busy business owner, your website is critical. Often, it’s the first interaction that most people have with your business. If you’re a digital operation, it’s often the only interaction that someone will have with you. So, making sure your site is up and running is critical. 

Unfortunately, managing that also takes time and requires the completion of a lot of menial tasks. That’s time you don’t have or should be spending worrying about other things. That’s why managed hosting of your WordPress site makes a lot of sense for most small businesses. But the benefits of managed hosting go beyond just the actual management of your site.

Scalability

Managed WordPress hosting helps you create a more scalable website. Those websites that grow in popularity or have fluctuations in traffic experience resource changes. The need for additional servers or server space during peak use, for instance, may mean it’s smarter for you to have your website professionally managed. Web hosts have additional server capacity to handle spikes in traffic and other resources available to meet whatever your needs are.

Support

The hosting team is also another support resource that’s around if something bad happens and you need immediate troubleshooting. Managed hosting means that if something goes dramatically wrong and your website stops functioning in the middle of the night, there are people watching and able to step in and fix it. 

Security

Since many websites are hosted on the same server along with other websites and can be somewhat more vulnerable security-wise, having your site security managed by a team of professionals through managed hosting can protect your site. 

How Managed Websites Are Built Differently

Managed WordPress hosts often have servers that are specifically configured and optimized for WordPress. These websites can achieve greater performance. Managed hosting can mean you use your plugins and software differently, which is something to keep in mind as you build your site. 

Shared hosting, an alternative to managed hosting, is generally cheaper and may be more flexible for you if you’re not interested in using WordPress. However, websites with shared hosting require a greater time and resource commitment from their owners. Keep in mind that you’ll be the one managing updates and providing maintenance, for instance. 

This is why it’s a good idea to decide how you want your website to be hosted before you build it. A website with managed hosting can be designed and tweaked to work with the optimized server. Websites using shared hosting must work using more generic server resources. 

David Andrews, Technical Product Marketing Manager at DreamHost



from TechRadar - Internet news https://ift.tt/2ENxIqh
via IFTTT

Sophos Project Darwin is security survival of the fittest

With security threats becoming smarter and more evolved by the day, the need for intelligent protection is greater than ever.

Fortunately Sophos thinks it has found the answer, with its latest launches looking to harness the power of AI and machine learning to help detect and conquer new threats to your business.

Earlier this month, the company revealed Project Darwin, a new initiative that it says can keep organisations safe from threats that they may not even know exist yet.

We spoke to Dan Schiappa, SVP and GM of Sophos Products to find out more about exactly what Project Darwin is, and why it could be the key to helping secure your business.

Predictive security

Although utilising AI and machine learning in business software, including security protection, is not exactly a new idea, Schiappa says that Project Darwin can offer safety like no other product around today.

"It allows you to be predictive in your security,” he told TechRadar Pro at Sophos' recent London launch event, “and that means that if you build good models, and you use the right approaches, you can build protection for malware you've never seen before - or in some cases, malware that hasn't even been developed yet."

"What's unique about our deep learning mechanism is that it does actually does learn on its own,” he adds, noting that traditional endpoint security used to be reactive, in that it had to have a patient zero to develop its knowledge around.

However now with deep learning, security models can become predictive instead, with Project Darwin using different machine learning levels to scrutinise whatever data you feed it before drawing in-depth conclusions on how your organisation works and what threats it faces. 

The service can then dynamically change its protection depending on the threat situation, something Schiappa calls a, "logical next step" in security market at the moment.

"Hackers are trying to find the seams in your coverage,” he notes, “we want to build a system that, like Darwin's theory, can automatically adapt to survive and protect itself."

Project Darwin’s launch comes alongside the release of the latest version of Sophos’ Intercept X platform, which looks to give businesses the best protection, whatever their budget.

Intercept X Advanced with EDR provides comprehensive protection for even small IT teams thanks to the company’s latest advances in deep learning.

Sophos’ extensive deep learning network analyses millions of threats to track and alert users to new threats before providing a full run-down online, providing what the company calls an, “expert in a box”.

"Our strategy is in each critical product that we have, to be the best that we can be,” Schiappa says, "Protection is the most important thing....the more we can protect, the less you have to worry about.”



from TechRadar - Internet news https://ift.tt/2OSaBzp
via IFTTT

Royal Mint shutters plans for gold-based blockchain

The UK Royal Mint has shuttered its long-running plans to create a digital gold crypto token.

Reuters reports that the Royal Mint had frozen its plans to issue Royal Mint Gold (RMG) tokens after its partnership with the CME Group fell through and the the UK government vetoed a plan to have tokens trade on a cryptocurrency exchange.

In an email with Coindesk, a spokesperson for the Royal Mint confirmed that RMG will not be launching at this time but it could do so at a later date, saying:

"Over the last few years, The Royal Mint has been working on the development of a digital gold product, RMG, which was due to launch this spring. Sadly, due to market conditions this did not prove possible at this time, but we will revisit this if and when market conditions are right." 

History of RMG

RMG was originally scheduled to launch in the fall of 2017. However, when a partnership with CME failed at the last minute, the Royal Mint lost its trading platform to issue tokens on. The organisation didn't give up though and began looking for a crypto exchange to partner with instead but the British finance ministry reportedly blocked the move.

The RMG token was then rescheduled to be launched in the spring of 2018 but once again things did not work out as planned.

RMG was envisioned as a way to manage small amounts of gold which would make it easier for investors to enter the market and increase liquidity. The Royal Mint also saw a great deal of potential value in the blockchain platform RMG was based  on and the organisation believed it could be used to track and prove a piece of gold's record of ownership.

The crypto security firm BitGo was chosen to build digital wallets to store RMG while Civic would provide know-your-customer (KYC) services for the project. 



from TechRadar - Internet news https://ift.tt/2D6YxUu
via IFTTT

Cyber strategy: why the best defence is a good offence

There’s no doubt that cyber security is increasingly important for business leaders, and is rapidly climbing up the board agenda. Yet data from Vodafone’s latest research, the Cyber Security Barometer, suggests that business leaders often still have a traditional defence-first mind-set when it comes to tackling cyber threats effectively. Perhaps as a consequence of this, it’s clear many have yet to realise the wider benefits of cyber security. 

No leader likes missing out on a competitive advantage, but current attitudes toward cyber security mean that many organisations may not even realise that they are doing so. We found a clear link between organisational Cyber Readiness – their approach to the challenges and opportunities of cyber security – and broader positive business outcomes.  Being Cyber Ready is about changing your posture, understanding that a sound security posture and attacking mindset won’t just secure your business, it can drive performance.

Cyber Ready businesses exhibited a higher degree of stakeholder trust (amongst customers, employees and regulators) of 4.3 out of 5 and 47% reported annual revenue increased by more the 5% in the last year. Adopting this proactive security mind-set means thinking of security as an opportunity and a value investment rather than just a cost. By investing in resilience and readiness, leaders of less Cyber Ready businesses can start to reap wider financial and reputational benefits. 

Defining the problem

Business leaders are struggling against a range of challenges and, in a time of uncertainty and change, it’s understandable that many have been forced to adopt a reactive rather than proactive security stance. However, this attitude has meant that only 24% of organisations are truly Cyber Ready. Business leaders are taking advantage of the agility, cost savings and productivity benefits of new technologies to succeed in a competitive marketplace: 83% of organisations are using multiple cloud technologies, 48% are deploying IoT devices and 43% allow BYOD. Yet each new aspect of workplace technology necessarily brings additional cyber security challenges and pressures.

To overcome these security challenges, many business leaders have wisely established employee cyber-security training programmes to raise awareness amongst staff, with 77% of organisations conducting training. However, the real picture may not be quite as positive. Worryingly, only 47% of employees reported that official policy is followed by all staff and 39% think that IT security is just a “box ticking” exercise. 

When we examined the processes businesses had put in place to prepare for cyber threats, it again underlined the fact that many businesses can only be reactive when it comes security: 21% didn’t have any financial contingency in place and 20% didn’t have the ability to identify complex security issues and were unable to proactively identify vulnerabilities. In addition to an increased likelihood of attack, a reactive attitude means many organisations will miss the associated business benefits of a proactive security stance.

What’s the solution?

The majority of business leaders need to make a concerted effort to change their mind-set when it comes to cyber security, framing it as a value investment, not a just a cost. Top performing companies have security embedded throughout their organisations, and report a wide range of benefits: 68% of the businesses scoring Advanced readiness (the top 5% of the Cyber Ready Index) described themselves as “more focused on innovation” than their competitors; 65% considered themselves better able to be customer centric than rivals and 59% thought that they were building a digital advantage. 

This is the crucial reason why, when it comes to security, the best defence is a strong offence. The evidence shows that businesses that take a proactive stance on cyber threats, investing in resilience and readiness, start to reap wider financial and reputational benefits. These processes can form a valuable feedback loop allowing businesses to profit from their security status, reinvesting and further shoring up their cyber footprint.

How then, can leaders access these benefits? Cyber Ready organisations were able to confidently answer the following questions, which can act as a quick reference guide for leaders looking to improve the security posture of their businesses: 

  1. Do you understand and have clear visibility of your digital footprint and where your data goes?
  2. Have you invested in cyber security to adequately protect your data, devices and places?
  3. How quickly can you recover and resume normal operations after a security incident – do you have effective processes in place to communicate with regulators and customers?
  4. Do you have a clear cyber strategy that everyone has bought into – including the board?
  5. Have you put in place training and effectively communicated security policies to help educate your staff?
  6. Do you have the right cyber skills and knowledge in place to keep your business running, and support growth and transformation initiatives?

It’s no longer enough to build up perimeter defences. Instead, leaders need to be more dynamic, putting their organisation on a ready footing. Resilience and recovery should be seamless, incidents quickly learned from and acted upon. Only then will they be able to take their next step in confidence, whether that is launching innovative new products, services or business models.

Leaders that can shift their mind-set from reactive to proactive will ensure their organisation is as secure as possible and can also be confident cyber security will help them to realise a competitive advantage. 

Maureen Kaplan, Cybersecurity Lead at Vodafone Group Enterprise



from TechRadar - Internet news https://ift.tt/2PXgVSL
via IFTTT

Microsoft quizzes Windows 10 users on why they use Chrome (rather than Edge)

We know that the Edge browser is struggling – more on that later – but it seems that Microsoft is resorting to fresh tactics to boost user numbers, by (indirectly) checking up on why folks prefer the most-used browser, Google’s Chrome, rather than Windows 10’s own integrated effort.

As spotted by Italian tech site HTNovo, the Feedback Hub app – which is built into Windows 10 to elicit feedback from the user base, particularly testers – recently popped up a notification asking (roughly translated): ‘Is it likely that you’ll recommend the Google Chrome web browser to a friend or colleague?’

The user in question was, obviously enough, surfing the web with Chrome rather than employing Edge.

So it seems Microsoft wants to explore the reasons why Windows 10 users are picking Chrome for their web browsing, presumably with a view to bolstering Edge to better rival the top dog browser.

Message from Microsoft

It’s no secret that Microsoft is trying to push Edge, and it has traditionally trumpeted its tight security, as well as pulling off little tricks like earlier this year, when the company trialed having links from Windows Mail messages automatically opened in Edge (with the preview version of Windows 10).

As mentioned at the outset, Edge is really struggling these days, with recent figures showing Google’s Chrome has captured two-thirds of the desktop browser market, whereas Microsoft’s rival has around 4% of users.

But the worst of it is that Edge is actually dropping market share rather than making any kind of slow gains, which must be a massive worry for Microsoft – in those recent figures from Statcounter, Windows 10’s browser actually fell behind Apple’s Safari.

It’s certain, then, that Microsoft needs to take action, although badgering Windows 10 users about why they go with rivals may not be the most wise or productive way to go about this.

Via MS Power User



from TechRadar - Internet news https://ift.tt/2CGoXvm
via IFTTT

Best NBN & broadband plans in Australia compared: Updated October 2018

With so many options available, it can be a bit of a headache choosing the right broadband or NBN connection for your home. There's plenty to consider: whether the NBN is actually available to you or not, if you think a cable connection is going to be your best bet, or if ADSL is sufficient for your needs. Regardless your situation, we're hoping our comparison will help you out.

It's important to note these recommendations do not take into consideration other factors which could make certain deals a better option for you. For instance, do you already have a Telstra mobile plan and home phone line? If so, combining them with a Telstra cable or ADSL connection on the same Telstra bill could save you money overall, same with Optus. We'll leave these decisions to you, though.

On this page, you'll find a list of our recommended broadband deals separated into three types of connection: ADSL, cable and NBN (aka fibre). We'll update this page regularly when offers change or new ones become available, so it’s worth coming back to this article when you're ready to sign up for a new plan. 

When applying for new broadband deals, make sure you're not already signed up to a contract you can't get out of – most broadband contracts are on 12 or 18 month terms, so it's important to contact your current provider before committing to anything else. 

Another thing worth noting is some services may not be available in your area. If a particular deal seems good to you, head over to the provider's website to find out if it's available at your address. 

Another notable recent development is that some providers have scrapped separate line rental charges, so others could also follow suit in the coming months. 

Now let's get to the best broadband deals of October 2018!

Best fibre (NBN) deals

After years of waiting, many Australians are now finding that the NBN has finally reached their area. If you do have access to a fibre connection, it's definitely worth considering one of the plans below. The vast majority of plans offer unlimited data, with the price difference basically reflecting the speed you'll be getting.

Best value

Premium package

Best ADSL deals

ADSL customers have a number of great options on offer, ranging from a sensible amount of data to straight up unlimited downloads. Depending on the amount of data you're likely to use each month, you'll almost certainly be able to find a great broadband deal to suit your needs. 

 Best value

Budget option

Best cable deals

If sturdiness and incredible speed is what you're after, cable is a good option for those who can get it. Offering speeds of up to a whopping 100Mbps, cable can be a suitable alternative to the NBN, depending on your plan. Unlike ADSL, you don't need a phone line and your monthly quota is generally high. That said, you can experience decreased bandwidth during peak usage hours. 

Best value

Premium package



from TechRadar - Internet news https://ift.tt/2nykMXk
via IFTTT

Thursday, October 25, 2018

Android apps used in multimillion dollar ad fraud scheme

A recent investigation by BuzzFeed News has revealed that more than 125 Android apps were used by cybercriminals in an ad fraud scheme that earned millions of dollars by replicating the behaviour of actual users.

The site found that a company called We Purchase Apps had bought legitimate Android apps from developers to use in the largest advertising fraud scheme to date.

Once the apps were purchased from their creators, their Google Play store pages were changed to list four different companies as their developers with addresses in Bulgaria, Cyprus and Russia to give the appearance that the apps now had different owners. The ownership of the apps was transferred to shell companies in Cyprus, Malta, the British Virgin Islands, Croatia, Bulgaria and elsewhere.

Using legitimate apps for advertising fraud

In total, BuzzFeed News identified 129 different Android apps that were purchased from developers by We Purchase Apps to be used in the ad scheme. The apps have been installed on Android phones more than 115m times and are mostly games but there are also utilities such as a flash light app and even a VPN called Blink VPN.

The apps were still maintained after they were purchased to keep their real users satisfied and to create the appearance of a thriving audience. However, the fraudsters recorded how actual human users interacted with the apps and then used this information to have bots mimic their actions. 

The apps in question were still served ads even though they were mostly being used by bots which earned those behind the scheme close to $10m in ad revenue.

BuzzFeed News alerted Google with its findings and the company has begun to remove the fraudulent apps from the Play Store. Google praised BuzzFeed for sharing its information in a blog post in which it stressed the need for companies to collaborate to counter bad actors, saying:

“Collaboration throughout our industry is critical in helping us to better detect, prevent, and disable these threats across the ecosystem. We want to thank BuzzFeed for sharing information that allowed us to take further action. This effort highlights the importance of collaborating with others to counter bad actors. Ad fraud is an industry-wide issue that no company can tackle alone. We remain committed to fighting invalid traffic and ad fraud threats such as this one, both to protect our advertisers, publishers, and users, as well as to protect the integrity of the broader digital advertising ecosystem.” 

Via BuzzFeed News



from TechRadar - Internet news https://ift.tt/2D5E02H
via IFTTT

Blog Archive

Web Resource

Total Pageviews

Copyright Design jitu it's222. Powered by Blogger.

Text Widget