Authentication, CISO and Phishing - Cyber Security Informer

Nine Top of Mind Issues for CISOs Going Into 2023

Cisco Security

JANUARY 10, 2023

In my role, I regularly engage with CISOs in all kinds of sectors, representatives at industry bodies, and experts at analyst houses. This gives me an invaluable macroview not only of how the last 12 months have affected organizations and what CISOs are thinking about, but also how the upcoming year is shaping up.

CISO

CISO Insurance Cyber Insurance Phishing

MailChimp breached, intruders conducted phishing attacks against crypto customers

Security Affairs

APRIL 4, 2022

Threat actors gained access to internal tools of the email marketing giant MailChimp to conduct phishing attacks against crypto customers. Trezor WARNING: Elaborate Phishing attack. Trazor also took the phishing domain used by threat actors offline and launched an investigation to determine how many users have been impacted.

Phishing

Phishing Data breaches Cryptocurrency Social Engineering

What Is the NIST Phish Scale?

SecureWorld News

SEPTEMBER 24, 2020

The National Institute of Standards and Technology (NIST) recently developed a new method that will help prevent organizations and their employees from falling victim to phishing cyberattacks, which it calls the Phish Scale. A tool like the Phish Scale could be very useful for organizations in the fight against phishing.

Phishing

Phishing CISO Cybercrime Technology

Why CISOs at gaming companies need to reimagine security

SC Magazine

APRIL 21, 2021

The hack of Words with Friends in 2019 was high-profile, but today’s columnist, Yuval Elddad of CYE, says CISOs at all gaming companies have to take a closer look at the growing threats to online gaming platforms. The post Why CISOs at gaming companies need to reimagine security appeared first on SC Media.

CISO

CISO Marketing Accountability Passwords

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 3)

The Last Watchdog

DECEMBER 14, 2023

CISOs will have to get quantum resilient encryption on their cyber roadmap. Nick Mistry , SVP, CISO, Lineaje Mistry The software landscape is poised for significant changes, with a growing emphasis on Software Bill of Materials (SBOM.) In 2024 I encourage leadership to dedicate more attention to discussing the risks of spear phishing.

Cybersecurity

Cybersecurity Marketing Encryption CISO

What Are Passkeys?

Duo's Security Blog

JUNE 12, 2023

Before we can discuss passkeys, we need to lay some groundwork and discuss authentication, Passwordless and WebAuthn. What is authentication? Authentication is the process of verifying your online identity. We added multi-factor authentication (MFA) – something you know and something you have or are. What is passwordless?

Authentication

Authentication Passwords Password Management Phishing

3 Steps to Prevent a Case of Compromised Credentials

Duo's Security Blog

MAY 23, 2023

Passwords are a weak point in modern-day secure authentication practices, with Verizon highlighting that almost 50% of breaches start with compromised credentials. In our previous two features, we covered the dangers of phishing (one method of credential compromise) and how to mitigate its impact on users. Likely not immediately.

Authentication

Authentication Passwords Data breaches Phishing

Passkeys vs. Passwords: The State of Passkeys on Cloud Sites

Duo's Security Blog

SEPTEMBER 1, 2023

We’ve been answering these questions in this blog series by unpacking the pros and cons of passkey technology from different authentication perspectives. Today, we’re focusing on how passkeys compare to passwords when it comes to authenticating on cloud sites. An alternate site cannot be substituted, mitigating the threat of phishing.

Passwords

Passwords Authentication Phishing Technology

What's the Buzz on Passwordless?

Duo's Security Blog

SEPTEMBER 16, 2021

At Duo, we're building a passwordless authentication solution that’s as easy to set up as it is to use – with our world-class security baked in. Your Journey Begins with Multi-Factor Authentication See the video at the blog post. Advisory CISO J. No Phishing, Please See the video at the blog post.

Authentication

Authentication Passwords Phishing CISO

Abagnale Kicks Off 'Vision 2023' Future-Looking Webcast

SecureWorld News

DECEMBER 14, 2022

Dedicated to helping cybersecurity leaders learn about the evolving threats that modern organizations face today and in the future , Vision 2023 features security influencers, reformed hackers, enterprise CISOs, and the U.S. Email Authentication: A Cloud Email Essential Rarely Done Right. Secret Service.

Social Engineering

Social Engineering CISO Education Cybercrime

Inside the Complex Universe of Cybersecurity

SecureWorld News

JANUARY 11, 2024

Working as CISO, DeSouza's areas of expertise include strategic planning, risk management, identity management, cloud computing, and privacy. Role-based access controls, multi-factor authentication, and adherence to standard screening checklists are essential to securing the cloud environment. Zero Trust has come of age.

Cybersecurity

Cybersecurity CISO Cyber threats Risk

ROUNDTABLE: Why T-Mobile’s latest huge data breach could fuel attacks directed at mobile devices

The Last Watchdog

AUGUST 19, 2021

The attacker claims to have compromised an end-of-lifed GPRS system that was exposed to the internet and was able to pivot from it to the internal network, where they were able to launch a brute force authentication attack against internal systems. Could be phished credentials. Could be weak application security practices.

Mobile

Mobile Data breaches Authentication Accountability

Around the World with Thales: Our Upcoming Events

Thales Cloud Protection & Licensing

SEPTEMBER 27, 2023

We have two meeting rooms, and our focus is on protecting and securing access to your data through modern and strong authentication solutions. We will have a booth there, so if you want to discuss all things authentication with us, please make an appointment by following this link. Our event booth number is H25-C70.

Authentication

Authentication Data privacy Education Technology

The Top Five Habits of Cyber-Aware Employees

CyberSecurity Insiders

JULY 21, 2021

By: Matt Lindley, COO and CISO at NINJIO. But a survey conducted by Google and Harris found that many people still refuse to adopt even the most essential credential security measures: just 37 percent use two-factor authentication, around a third change their passwords regularly, and a mere 15 percent use a password manager.

Social Engineering

Social Engineering Password Management Passwords Phishing

Three Risk Mitigation Strategies to Address the Latest Data Security Threats

CyberSecurity Insiders

JUNE 7, 2023

By Dannie Combs , Senior Vice President and CISO, Donnelley Financial Solutions (DFIN) As security threats to data continue to ebb and flow (mostly flow!), I am keeping a close eye on regulations, identity and access management (IAM), and Artificial Intelligence (AI) — and I suggest that business leaders do the same.

Risk

Risk Artificial Intelligence Technology Digital transformation

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

The Last Watchdog

APRIL 13, 2022

Educate your employees on threats and risks such as phishing and malware. Enforce strong passwords and implement multi-factor authentication (MFA) — by educating users about using a unique password for each account and enforcing higher security for privileged accounts (administrators, root).

Cybersecurity

Cybersecurity Cybercrime Education Government

Healthcare Cyberattacks Lead to Increased Mortality, Lower Patient Care: Ponemon Study

eSecurity Planet

SEPTEMBER 9, 2022

The most common types of attacks were cloud compromise, ransomware, supply chain , and business email compromise (BEC)/ spoofing / phishing. Ponemon and Proofpoint held a briefing yesterday to preview the report, joined by two healthcare CISOs: Hussein Syed of RWJBarnabas Health and Dan Anderson of LifeScan Global.

Healthcare

Healthcare Ransomware Cybersecurity Big data

How to build a zero trust ecosystem

SC Magazine

MAY 19, 2021

With its tailored controls, micro-perimeters and trust-nothing approach to access, Zero Trust gives CISOs confidence that their security program can secure their remote workforce and meet regulatory compliance requirements. Thanks to a rapid shift to remote work, Zero Trust is finally garnering the attention it deserves.

CISO

CISO CSO Architecture IoT

Moving the Cybersecurity Goal Posts

Security Boulevard

NOVEMBER 28, 2022

Adaptive control, no trust, zero-trust, auto-remediation artificial intelligence, and content filter with multi-factor authentication aligning with your CASB deployment add in open-source technology, unpatched critical infrastructure, is your organization’s cybersecurity risks and compliance mandates protected? Time for a new perspective?

Cybersecurity

Cybersecurity Digital transformation Technology Risk

RSAC insights: ‘SaaS security posture management’ — SSPM — has emerged as a networking must-have

The Last Watchdog

JUNE 2, 2022

Every CISO should, by now, cringe at the thought of his or her organization becoming the next Capital One or Solar Winds or Colonial Pipeline. Fraudulent cash transfers, massive ransomware payouts, infrastructure and supply chain disruptions all climbed to new heights. And malicious hackers attained deep, unauthorized access left and right.

Cloud Migration

Cloud Migration CISO Technology Security Awareness

GUEST ESSAY: 5 steps for raising cyber smart children — who know how to guard their privacy

The Last Watchdog

JANUARY 13, 2021

There are additional safety measures you can (and should) take to teach your child as they grow, things like installing virus protection, enabling multi-factor authentication, using password managers, and raising awareness about phishing scams. Make it a family conversation.

Scams

Scams Education Password Management Passwords

Passkeys and The Beginning of Stronger Authentication

Thales Cloud Protection & Licensing

FEBRUARY 1, 2024

Passkeys and The Beginning of Stronger Authentication madhav Fri, 02/02/2024 - 05:23 How passkeys are rewriting the current threat landscape Lillian, an experienced CISO, surveyed the threat landscape. Lillian knew that a shift in authentication couldn't wait. Fortunately, it didn’t have to.

Authentication

Authentication Passwords CISO Password Management

Australia Recorded the Highest Rate of iOS & Android App Threats

Appknox

JUNE 23, 2022

More threats were detected on iOS than Android devices; 68% of Australian CISOs expect their organization to suffer a material cyber-attack within the next year. 68% of Australian CISOs confessed that they expect their organization to suffer a material cyber-attack within the next year, compared to the rest of the globe.

Social Engineering

Social Engineering Mobile Scams Engineering

Remote Working One Year On: What the Future Holds for Cybersecurity

Security Boulevard

MARCH 19, 2021

In late 2020, HelpSystems research with CISOs of global financial organizations revealed that 45% of respondents reported an increase in cyber-attacks since the pandemic first emerged. Almost half the CISOs in the HelpSystems’ research admitted that they had already increased their investment in secure collaboration tools.

Cybersecurity

Cybersecurity CISO Social Engineering Technology

Cost-Effective Steps the Healthcare Industry Can Take To Mitigate Damaging Ransomware Attacks

CyberSecurity Insiders

OCTOBER 25, 2022

More than half of the breaches started with the network servers being compromised either through email phishing, malware or privileged credential misuse. Regular backups and multi-factor authentication should also be consistently enforced for all accounts. million patients.

Healthcare

Healthcare Ransomware Social Engineering Identity Theft

How MFA and Cyber Liability Insurance Effectively Manage Risk in Higher Education

Duo's Security Blog

OCTOBER 18, 2021

These groups are having lots of discussion around the fact that many campuses are required to use multi-factor authentication (MFA) for their cyber liability insurance. The use of phishing to take over user accounts as a first step to gain access to a campus for a ransomware attack has been making the headlines.

Insurance

Insurance Education Risk Cyber Insurance

My 2020 Predictions Revisited: What Worked, What Didn't

Duo's Security Blog

JANUARY 8, 2021

With the world’s attention shifting, phishing emails preying on people reading the latest headlines led to nearly 200% increase in overall phishing attacks in 2020. The other prediction I made was passwordless authentication being on the security roadmap in 2020. But overall, more of the same was the theme in crime in 2020.

Digital transformation

Digital transformation Phishing Authentication DDOS

LinkedIn Hack is Scraped Data, Company Claims

eSecurity Planet

JUNE 30, 2021

” In response, Hodson urged all LinkedIn users to update their passwords and enable two-factor authentication. RestorePrivacy examined the sample posted online and found that it does appear to be authentic, linked to real users, and up to date. ” LinkedIn’s Response. ” A Wake-Up Call for Social Media Users.

Hacking

Hacking Social Engineering Identity Theft Data breaches

Understanding Cyber Risk and the C-Suite

CyberSecurity Insiders

MAY 17, 2023

As a result, cybersecurity has become a top priority for organisations of all sizes, and the C-suite, including CEOs, CFOs, CIOs, and CISOs, plays a critical role in managing and mitigating cyber risk. Email remains the primary communication tool for businesses, but it also poses significant security risks.

Cyber Risk

Cyber Risk Risk Education Technology

Passkeys and The Beginning of Stronger Authentication

Security Boulevard

FEBRUARY 1, 2024

Passkeys and The Beginning of Stronger Authentication madhav Fri, 02/02/2024 - 05:23 How passkeys are rewriting the current threat landscape Lillian, an experienced CISO, surveyed the threat landscape. Lillian knew that a shift in authentication couldn't wait. Fortunately, it didn’t have to.

Authentication

Authentication Passwords CISO Password Management

Spotlight on Cybersecurity Leaders: Women in Cybersecurity Delaware Valley

SecureWorld News

MARCH 10, 2022

In her current role as CISO and Data Privacy Officer, she leads a team of Information Security and IT Risk Management professionals in enacting the bank's insider risk management, external service provider, and data privacy programs. Answers: [NH] Not taking the bait and clicking on phishing emails. [RC]

Cybersecurity

Cybersecurity Data privacy Education Banking

Local government cybersecurity: 5 best practices

Malwarebytes

SEPTEMBER 30, 2022

Phishing Campaign Assessment (PCA) : Evaluates an organization’s susceptibility and reaction to phishing emails. In particular, local governments looking to be eligible for the State and Local Cybersecurity Grant Program must include these best practices in their cybersecurity plan: Multi-factor authentication (MFA).

Government

Government Cybersecurity Cyber Insurance Insurance

Reducing Human Error Security Threats with a Remote Workforce

Security Boulevard

MARCH 24, 2021

In a survey of UK&I CISOs, 55% said that human error posed a risk no matter what protections are in place. Damaging employee mistakes often come in the form of clicking or downloading malicious content, interacting with phishing emails, and unauthorized use of a device or app.

Education

Education Risk Cybersecurity VPN

Ransomware Protection: 8 Best Strategies and Solutions in 2021

Spinone

DECEMBER 23, 2019

No wonder this threat keeps our client’s CISO and security teams up at night. Email Security: Anti-Spam Filtering Phishing emails with malicious links in them are confirmed by cybersecurity experts to be the leading cause of ransomware, being responsible for 67% of successful attacks in 2019-2020.

Ransomware

Ransomware Backups Antivirus Firewall

The Remote Access Guide 2.0 — A Reality Check

Duo's Security Blog

NOVEMBER 17, 2020

In the future — which is now, actually — ‘remote access’ will just become ‘access.'" — Wendy Nather, head of advisory CISOs at Cisco's Duo Security The Remote Access Guide Version 3.0 But with this convenience comes a number of threats to users - like phishing, brute-force attacks and password-stealing malware. In our new 3.0

Risk

Risk Passwords CISO VPN

Safeguarding Ethical Development in ChatGPT and Other LLMs

SecureWorld News

AUGUST 7, 2023

Further, in Todd's article, he points out a recommendation by Dmitry Shestakov, Head of Threat Intelligence at Group-IB, emphasizing the importance of implementing two-factor authentication (2FA), enforcing password change rules, and maintaining continuous prioritization of all sensitive data. text deepfake, spear phishing, etc.).

Technology

Technology Risk Government Engineering

5 Major Cybersecurity Trends to Know for 2024

eSecurity Planet

DECEMBER 19, 2023

Government actions will increase: Expect more government regulations, state-sponsored cyberattacks, and increased documentation required to protect CISOs. Christine Bejerasco, CISO of WithSecure , expands that “in the physical dimension, poisoning the well could impact communities in the area.

Cybersecurity

Cybersecurity CISO Government Technology

SHARED INTEL Q&A: Forrester report shows Identity and Access Management (IAM) in flux

The Last Watchdog

JUNE 6, 2024

Cairns Cairns: One of the most vital lessons for CISOs and IAM leaders to take away from the MGM and Okta breaches is that your IAM vendors’ servicing and operations is intrinsic to your own organization’s security posture and, ultimately, end-customer trust. To be effective, IAM implementations must be dynamic and constantly evolving.

CISO

CISO Technology Threat Detection Engineering

State auditor’s office clashes with file transfer service provider after breach

SC Magazine

FEBRUARY 2, 2021

Mike Hamilton, president and chief information security officer at CI Security and former CISO of Seattle, told SC Media that the disparity in dates might simply be a matter of semantics. Our latest release of FTA has addressed all known vulnerabilities at this time,” said Frank Balonis, Accellion’s CISO, in a statement.

Government

Government CISO Media Encryption

GUEST ESSAY: 5 steps all SMBs should take to minimize IAM exposures in the current enviroment

The Last Watchdog

FEBRUARY 14, 2022

Which topics should CEOs, CIOs and CISOs have on their radar when it comes to Identity and Access Management ( IAM ) and cyber security risks in 2022? Related: How IAM authenticates users. Multi-Factor Authentication ( MFA ) can tremendously increase their access security and prevent phishing and social engineering attacks.

CISO

CISO Social Engineering Authentication Risk

Snowflake Data Breach Rocks Ticketmaster, Live Nation, and Others

SecureWorld News

JUNE 3, 2024

Brad Jones, CISO at Snowflake, issued a Joint Statement regarding Preliminary Findings in Snowflake Cybersecurity Investigation on its Snowflake Forums. The access was possible because the demo account was not behind Okta or Multi-Factor Authentication (MFA), unlike Snowflake's corporate and production systems.

Data breaches

Data breaches Authentication Accountability Passwords

Charting a Course to Zero Trust Maturity: 5 Steps to Securing User Access to Apps

Duo's Security Blog

OCTOBER 6, 2023

Threat actors have dramatically escalated their attacks – targeting security controls like multi-factor authentication (MFA), conducting wily social engineering attacks and extorting businesses large and small with ransomware. To achieve more resilience in this heightened risk environment, stepping up zero trust maturity is essential.

Authentication

Authentication Risk Social Engineering InfoSec

2023 Cybersecurity Predictions from Marcus Fowler, Darktrace

CyberSecurity Insiders

DECEMBER 18, 2022

A look ahead to 2023 we can expect to see changes in MFA, continued Hactivism from non-state actors, CISOs lean in on more proactive security and crypto-jackers will get more savvy. 5 – Recession requires CISOs to get frank with the board about proactive security. 1 – Attacker tradecraft centers on identity and MFA.

Cybersecurity

Cybersecurity CISO Insurance Ransomware

The bleak picture of two-factor authentication adoption in the wild

Elie

DECEMBER 20, 2018

This post looks at two-factor authentication adoption in the wild, highlights the disparity of support between the various categories of websites, and illuminates how fragmented the two factor ecosystem is in terms of standard adoption. reuse of passwords found in data breaches and phishing attacks. How prevalent is 2FA authentication?

Authentication

Authentication Internet Internet Software

Nine Top of Mind Issues for CISOs Going Into 2023

MailChimp breached, intruders conducted phishing attacks against crypto customers

Trending Sources

What Is the NIST Phish Scale?

Why CISOs at gaming companies need to reimagine security

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 3)

What Are Passkeys?

3 Steps to Prevent a Case of Compromised Credentials

Passkeys vs. Passwords: The State of Passkeys on Cloud Sites

What's the Buzz on Passwordless?

Abagnale Kicks Off 'Vision 2023' Future-Looking Webcast

Inside the Complex Universe of Cybersecurity

ROUNDTABLE: Why T-Mobile’s latest huge data breach could fuel attacks directed at mobile devices

Around the World with Thales: Our Upcoming Events

The Top Five Habits of Cyber-Aware Employees

Three Risk Mitigation Strategies to Address the Latest Data Security Threats

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

Healthcare Cyberattacks Lead to Increased Mortality, Lower Patient Care: Ponemon Study

How to build a zero trust ecosystem

Moving the Cybersecurity Goal Posts

RSAC insights: ‘SaaS security posture management’ — SSPM — has emerged as a networking must-have

GUEST ESSAY: 5 steps for raising cyber smart children — who know how to guard their privacy

Passkeys and The Beginning of Stronger Authentication

Australia Recorded the Highest Rate of iOS & Android App Threats

Remote Working One Year On: What the Future Holds for Cybersecurity

Cost-Effective Steps the Healthcare Industry Can Take To Mitigate Damaging Ransomware Attacks

How MFA and Cyber Liability Insurance Effectively Manage Risk in Higher Education

My 2020 Predictions Revisited: What Worked, What Didn't

LinkedIn Hack is Scraped Data, Company Claims

Understanding Cyber Risk and the C-Suite

Passkeys and The Beginning of Stronger Authentication

Spotlight on Cybersecurity Leaders: Women in Cybersecurity Delaware Valley

Local government cybersecurity: 5 best practices

Reducing Human Error Security Threats with a Remote Workforce

Ransomware Protection: 8 Best Strategies and Solutions in 2021

The Remote Access Guide 2.0 — A Reality Check

Safeguarding Ethical Development in ChatGPT and Other LLMs

5 Major Cybersecurity Trends to Know for 2024

SHARED INTEL Q&A: Forrester report shows Identity and Access Management (IAM) in flux

State auditor’s office clashes with file transfer service provider after breach

GUEST ESSAY: 5 steps all SMBs should take to minimize IAM exposures in the current enviroment

Snowflake Data Breach Rocks Ticketmaster, Live Nation, and Others

Charting a Course to Zero Trust Maturity: 5 Steps to Securing User Access to Apps

2023 Cybersecurity Predictions from Marcus Fowler, Darktrace

The bleak picture of two-factor authentication adoption in the wild

Stay Connected