SME Cyber Security
83.9K views | +0 today
Follow
 
Rescooped by Roger Smith from HIPAA Compliance for Medical Practices
onto SME Cyber Security
Scoop.it!

Internet of Things: Connected devices at risk for malware, privacy violations

Internet of Things: Connected devices at risk for malware, privacy violations | SME Cyber Security | Scoop.it
There must be a balance between the promise of new Internet of Things tools and devices and the need for robust security and data privacy, according to an Intel report.

Via Technical Dr. Inc.
Roger Smith's insight:

However, the benefits of networked devices will mean little without putting the proper security in place, according to the Intel report. Security officials and healthcare organizations must take the correct steps to prevent future attacks.

more...
No comment yet.
SME Cyber Security
Your new post is loading...
Your new post is loading...
Scooped by Roger Smith
Scoop.it!

Why the Biggest Cybersecurity Threat Is in Your Company | Inspirationfeed

Why the Biggest Cybersecurity Threat Is in Your Company | Inspirationfeed | SME Cyber Security | Scoop.it
It is possible to avoid cyber security risks - to build the right cyber security system. Such a measure can protect the company's business from leakage of information, unpredictable situations, and money lose.
more...
No comment yet.
Scooped by Roger Smith
Scoop.it!

Cyber criminals are increasingly targeting C-Suite executives

Cyber criminals are increasingly targeting C-Suite executives | SME Cyber Security | Scoop.it
C-level executives are 9 times more likely to be the target of data breaches.
Roger Smith's insight:

C level executives, could you differentiate between a real or fake request to speak at a conference?   

more...
No comment yet.
Scooped by Roger Smith
Scoop.it!

Infographic: The future of cybersecurity budgeting

Infographic: The future of cybersecurity budgeting | SME Cyber Security | Scoop.it
The topic of how much to spend on cybersecurity is always circulating, especially in smaller businesses and companies, check out the infographic.
more...
No comment yet.
Scooped by Roger Smith
Scoop.it!

IoT security crackdown: Stop using default passwords and guarantee updates, tech companies told

IoT security crackdown: Stop using default passwords and guarantee updates, tech companies told | SME Cyber Security | Scoop.it
Smart device makers will have to keep to these three rules if they want to sell their gadgets.
Roger Smith's insight:

What about online stores, whats to stop them selling insecure devices.

more...
No comment yet.
Scooped by Roger Smith
Scoop.it!

Don't let your gamers commit video game hack

Don't let your gamers commit video game hack | SME Cyber Security | Scoop.it
The research found that 82% of teens and young adults recruited by online criminals have developed their cybercrime skills through video gaming.
Roger Smith's insight:

Interesting spin, but how do we keep the talent but use it for the defensive side of cybersecurity.   If we use the same recruiting tactics for good, would it work?

more...
No comment yet.
Scooped by Roger Smith
Scoop.it!

Cyber-Security Incident Response Plans Lacking, IBM Finds

Cyber-Security Incident Response Plans Lacking, IBM Finds | SME Cyber Security | Scoop.it
eWEEK DATA POINTS: IBM Security and the Ponemon Institute asked global IT executives what they do to keep their organizations cyber-resilient and discovered interesting insights about the state of modern cyber-security.
Roger Smith's insight:

Cyber security is not only about protection! You have heard that the bad guys only have to win once.   This is all about when they do.  Getting back to business as normal is critical in todays business.   You have to get it right.

more...
No comment yet.
Scooped by Roger Smith
Scoop.it!

Ethical Hackers Cracked the Universities Cyber Defenses in Two Hours

Ethical Hackers Cracked the Universities Cyber Defenses in Two Hours | SME Cyber Security | Scoop.it
A test carried out by ethical hackers against the cyber defenses of 50 universities found that they can cripple the defense and exfiltrate sensitive data...
Roger Smith's insight:

OK, I call bull.   Phishing is a education issue!   Any penetration test run that is allowed to use phishing is not targeting the systems in place but targeting the people.   Now do the pen test again and if they gain access to the data then they have a positive result.

more...
No comment yet.
Scooped by Roger Smith
Scoop.it!

Hackers have been hijacking D-Link home routers through known exploits.

Hackers have been hijacking D-Link home routers through known exploits. | SME Cyber Security | Scoop.it
For the past three months, a cybercrime group has been hacking into home routers --mostly D-Link models-- to change DNS...
Roger Smith's insight:

Home routers are one of the easiest targets because of the two reasons.   They have insecure operating systems and people don’t even try to secure them properly.   

more...
No comment yet.
Scooped by Roger Smith
Scoop.it!

Facebook Succeeded In Killing Cybersecurity Like It Did Privacy

Facebook Succeeded In Killing Cybersecurity Like It Did Privacy | SME Cyber Security | Scoop.it
Two billion users no longer care that Facebook shares their data with myriad companies all over the world to misuse or when it loses their data through breach after breach after breach after breach. It seems that like privacy, Facebook has taught the world to no longer care about cybersecurity.
Roger Smith's insight:

Interesting article - what do you think?

more...
No comment yet.
Scooped by Roger Smith
Scoop.it!

Cybersecurity: Don’t let the small stuff cause you big problems

Cybersecurity: Don’t let the small stuff cause you big problems | SME Cyber Security | Scoop.it
If hospitals don't take cybersecurity seriously, a series of small issues could be as bad as a major cyberattack like WannaCry, warns NHS Digital chief.
more...
No comment yet.
Scooped by Roger Smith
Scoop.it!

Infographic: List of data breaches in 2018

Infographic: List of data breaches in 2018 | SME Cyber Security | Scoop.it
2018 saw some of the biggest data breaches yet, with Marriott, Under Armour and Facebook suffering breaches that affected 500 million, 150 million and 100 million people respectively. It was also the year of the GDPR (General Data Protection Regulation), which changed the way organisations handle...
more...
No comment yet.
Scooped by Roger Smith
Scoop.it!

New Arm Certification Aims to Secure IoT Devices

New Arm Certification Aims to Secure IoT Devices | SME Cyber Security | Scoop.it
A three-tier certification regimen shows adherence to the Platform Security Architecture.
Roger Smith's insight:

The problem is how do you stop insecure system getting to the public.  Shiny and new will always beat creditation

more...
No comment yet.
Scooped by Roger Smith
Scoop.it!

Prepare to Be Hacked: Why Realtime Security is Crucial in 2019

Prepare to Be Hacked: Why Realtime Security is Crucial in 2019 | SME Cyber Security | Scoop.it
The threat of cyberattacks grows each year.According to a recent survey by Pew, cyberattacks now rank as one of the top global threats alongside climate...
more...
No comment yet.
Scooped by Roger Smith
Scoop.it!

The tech-hikers’ guide to outthinking hackers

The tech-hikers’ guide to outthinking hackers | SME Cyber Security | Scoop.it
IT Security Training & Resources by Infosec...
more...
No comment yet.
Scooped by Roger Smith
Scoop.it!

How 5G could impact cybersecurity strategy

How 5G could impact cybersecurity strategy | SME Cyber Security | Scoop.it
With 5G wireless on the horizon, what will businesses need to do to secure their devices and networks?
Roger Smith's insight:

Interesting!   In our drive for faster and faster connection speeds, the security of those connections and the systems using them needs to one of the driving forces behind those connections.   

more...
No comment yet.
Scooped by Roger Smith
Scoop.it!

Orpak Gas Stations Easily Hackable Thanks To Hardcoded Passwords

Orpak Gas Stations Easily Hackable Thanks To Hardcoded Passwords | SME Cyber Security | Scoop.it
Connecting Infosec with News...
Roger Smith's insight:

Are we ever going to understand and implement basic security in IOT???

more...
No comment yet.
Scooped by Roger Smith
Scoop.it!

Cyber security not just IT's problem: McAfee

Cyber security not just IT's problem: McAfee | SME Cyber Security | Scoop.it
New research shows over half of respondents reported a data breach at current organisation.
Roger Smith's insight:

The combination of policy, people and technology is often overlooked as a business strategy to counteract cybercrime.  Frameworks are critical to business security.

more...
No comment yet.
Scooped by Roger Smith
Scoop.it!

Improving railroad cyber-threat resilience

Improving railroad cyber-threat resilience | SME Cyber Security | Scoop.it
Railroads are a critical component of America’s transportation infrastructure, and have been making significant investments in advanced networked computer control systems and information technologies.
Roger Smith's insight:

This can be applied to any business.   Resilience is the key to survival in today's business world!

more...
No comment yet.
Scooped by Roger Smith
Scoop.it!

Reducing the costs and complexity of Backup & Disaster Recovery

Reducing the costs and complexity of Backup & Disaster Recovery | SME Cyber Security | Scoop.it
Backing up your data is beyond imperative, but you don't need to pay over the odds. Find out here how to reduce the costs of backup and disaster recovery.
Roger Smith's insight:

Back to basics - back up = plan B

more...
No comment yet.
Scooped by Roger Smith
Scoop.it!

CIOs and CISOs hold off on crucial updates due to potential impact on business operations

CIOs and CISOs hold off on crucial updates due to potential impact on business operations | SME Cyber Security | Scoop.it
CIOs and CISOs around the world have held back from implementing critical measures that keep them resilient against disruption and cyber threats.
Roger Smith's insight:

Troubling statistics!   Have you done this?

more...
No comment yet.
Scooped by Roger Smith
Scoop.it!

Hackers created a secret backdoor in 'hundreds of thousands' of Asus computers using software update

Hackers created a secret backdoor in 'hundreds of thousands' of Asus computers using software update | SME Cyber Security | Scoop.it
Leading computer maker ASUS suffered a cyber attack that allowed hackers to send malware to more than 50,000 customers, researchers claim.
Roger Smith's insight:

This could be a problem!

more...
No comment yet.
Scooped by Roger Smith
Scoop.it!

Why You Don’t Need (or Want) a SIEM Tool – Cyber Defense Magazine

Why You Don’t Need (or Want) a SIEM Tool – Cyber Defense Magazine | SME Cyber Security | Scoop.it
There are a lot of things that sound good on paper, but don’t work out as planned in practice: Hot dog buns that are sliced on the top, being a Detroit Lions fan, implementing a SIEM tool. Of course, you can just buy regular hot dog buns, and—thankfully—you don’t need to buy a SIEM tool. I can’t help you with being a Lions fan—it’s a curse I live with myself—but, two out of three isn’t bad. But I digress. Let’s get back to why you don’t want a SIEM tool. What is a SIEM? What is a SIEM, anyway? I suppose we should start by considering why someone might think about implementing a SIEM tool in the first place. In the Magic Quadrant for Security Information and Event Management, Gartner defines it: “Gartner defines the security and information event management (SIEM) market by the customer’s need to analyze event data in real time for early detection of targeted attacks and data breaches, and to collect, store, investigate and report on log data for incident response, forensics and regulatory compliance. SIEM technology aggregates event data produced by security devices, network infrastructure, systems and applications. The primary data source is log data, but SIEM technology can also process other forms of data, such as network telemetry. Event data is combined with contextual information about users, assets, threats and vulnerabilities. The data may be normalized, so that events, data and contextual information from disparate sources can be analyzed for specific purposes, such as network security event monitoring, user activity monitoring and security compliance reporting. The technology provides real-time analysis of events for security monitoring, query and long-range analytics for historical analysis and other support for incident investigation and management, and reporting (e.g., for compliance requirements).” That is an awful lot to expect from one enterprise security solution—especially if you don’t have the skills and expertise to properly implement, configure, and manage it. What SIEM vendors won’t tell you is that the value of a SIEM solution for cybersecurity depends heavily on the threat intelligence feeds it uses, and on having security experts capable of doing the log management, threat detection, and forensic analysis necessary to deliver the results you’re expecting. SIEM is Complex and Challenging Matt Selheimer, Chief Marketing Officer for Alert Logic, recently presented a webinar titled “Why You No Longer Need a SIEM Tool.” During the presentation, he asked the audience about their view on SIEM tools. More than 80 percent responded that a SIEM is challenging to get up-and-running and get value from, or that they’ve held off implementing a SIEM tool because they’ve heard of the significant difficulties involved. What you really want is confidence in your security posture and some peace of mind. There are a variety of tools that can help you achieve that goal. A SIEM is one such tool—but it’s a tool that requires significant effort from you to implement, maintain, and monitor. Let’s use an analogy. Breakfast. What you want is a meal. There is a wide array of things you could eat that would satisfy that need, but you decide you want an omelette. Good choice. However, instead of a delicious ham and cheese omelette, someone gives you a chicken, a pig, and a cow and leaves it up to you to get from there to your original goal: breakfast. All you really wanted was breakfast. You’re not a farmer. You’re not a chef. You don’t want to be either of those things, really. You just want breakfast. That is essentially what you get with SIEM software. SIEM systems are a concept that sounds good on paper—and can be effective in practice. The issue, however, is that it requires expertise to implement and configure, and it requires consistent updating and monitoring by someone with the right skill to identify and respond to suspicious and malicious activity. It is not something you can just buy and install and magically get the peace of mind you were looking for. SIEMless Threat Management I have good news. There is better way to get breakfast…I mean confidence in your security posture and peace of mind. Think of it like having an executive chef deliver the perfect omelette to your table rather than raising your own animals and making it yourself. If you want to know more about the pitfalls and challenges of implementing your own SIEM tool, and how Alert Logic SIEMless Threat Management can help you avoid that mess and provide the security you need at the same time, check out the recording of Matt Selheimer’s webinar: Why You No Longer Need a SIEM Tool. About the Author: Tony Bradley is Senior Manager of Content Marketing for Alert Logic. Tony worked in the trenches as a network administrator and security consultant before shifting to the marketing and writing side of things. He is an 11-time Microsoft MVP in security and cloud and has been a CISSP-ISSAP since 2002.  Tony has authored or co-authored a dozen books on IT and IT security topics, and is a prolific contributor to online media sites such as Forbes and DevOps.com. He has established a reputation for effective content marketing, and building and engaging a community and social media audience. Learn more about Tony at Alert Logic.
Roger Smith's insight:

The constant attitude that you can dumb down the capabilities of the cybr security fraternity is one of the largest problem we have in combating cybercrime.    Somewhere along the line you have to rely on someones capability to look at a SIEM and make decisions concerning input and output.   SIEM is not a set and forget process.   It requires knowledge of technology and the bad guys capability.   The issue is not whether you need a SIEM but whether it will be and internal or external process

more...
No comment yet.
Scooped by Roger Smith
Scoop.it!

Brace yourselves: New variant of Mirai takes aim at a new crop of IoT devices

Brace yourselves: New variant of Mirai takes aim at a new crop of IoT devices | SME Cyber Security | Scoop.it
Virulent malware updated to add 11 new exploits.
more...
No comment yet.
Scooped by Roger Smith
Scoop.it!

Australia cyber hack raises privacy concerns 

Australia cyber hack raises privacy concerns  | SME Cyber Security | Scoop.it
Australia's Parliament House computer network suffered a "malicious intrusion" on Feb. 8, according to Prime Minister Scott Morrison; on Feb. 18, he revealed before the House of Representatives that a number of specific political parties were hacked as part of that intrusion, among them his own...
Roger Smith's insight:

What happned to the implementation of the Australian Signals Directorate essential 8. Was it implemened?  What security framework was being used and why was the implementation not checked.   Sounds like security for political parties is follow the bouncing ball and sign off on the form because that is what we always do.

more...
No comment yet.
Scooped by Roger Smith
Scoop.it!

Cyber security services top priority for fifth of MSPs, says Kaseya

Cyber security services top priority for fifth of MSPs, says Kaseya | SME Cyber Security | Scoop.it
Security and infrastructure are "key" to MSPs successfully building their businesses...
Roger Smith's insight:

Still focusing on the technology.  


When it comes to compliance and governance, cybersecurity should be a primary focus of all SME’s, but most MSP’s are still focussed on the technology.   It is not about technology, it is about people, policy and frameworks.   Getting the correct “systems” in place is absolutely critical in protecting your “crown jewels”, if you are asking your MSP to do it you are getting incorrect information.

more...
No comment yet.