Insider threats cause more damage than big data breaches

Experian’s just released third annual Data Breach Industry Forecast report for 2016 predicts that big hacks will continue to grab the headlines, but small breaches will cause “a lot more damage.”

“Whether it’s a true malicious insider, or just employee negligence, 80 percent of the breaches we’ve worked so far in 2015 have been [caused by] employees … and I don’t think that’s going to change in the healthcare field and other fields,” says Michael Bruemmer of Experian Data Breach Resolution.

Posted in Cybersecurity Memo - Insiders Edition | Comments Off on Insider threats cause more damage than big data breaches

How malware peddlers trick users into enabling MS-Office Word macros

“One popular social engineering trick to entice users to enable macros, is to make the user believe that the document contains secret or confidential information, and that the user needs to take action to reveal this information,” Didier Stevens explained.

The Word document will contain a message that the content is hidden (or encoded, or encrypted, …) and that the user needs to enable the content (or the macros) to visualize it. This function will change the font color from white to black (thereby “revealing” the hidden information) and remove the header that instructs the user to enable the content.

Effectively, this function will make you believe that nothing out of the ordinary happened, and that your action simply allowed you to read the document. What you won’t know or notice is that a malicious payload is downloaded and executed in the background, and your computer has been compromised.

More from HelpNetSecurity by clicking here.

 

Posted in Cybersecurity Memo - Insiders Edition | Comments Off on How malware peddlers trick users into enabling MS-Office Word macros

MIT algorithm emulates human intuition in big data analysis

Max Kanter, who created the algorithm as part of his master’s thesis at MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL), entered the algorithm into three major big data competitions. In a paper to be presented this week at IEEE International Conference on Data Science and Advanced Analytics, he announced that his “Data Science Machine” has beaten 615 of the 906 human teams it’s come up against.

The algorithm used raw datasets to make models, predicting things such as when a student would be most at risk of dropping an online course, or what indicated that a customer during a sale would turn into a repeat buyer.

Kanter’s algorithm seems to do a decent job of approximating human “intuition” with much less time and manpower, he hopes it can provide a good benchmark.

More from the Washington Post by clicking here.

Posted in Cybersecurity Memo - Insiders Edition | Comments Off on MIT algorithm emulates human intuition in big data analysis

Online Dating Made This Woman a Pawn in a Global Crime Plot

According to the Internet Crime Complaint Center, American victims of online romance scams elrodlost more than $87 million in 2014 (compared with just $50 million in 2011). The intimate details of one woman’s foray into an online relationship that resulted in victimization are fascinating…

Click here for the juicy details from Wired.

Posted in Cybersecurity Memo - Insiders Edition | Comments Off on Online Dating Made This Woman a Pawn in a Global Crime Plot

If you counted all the bits in one petabyte at one bit per second, it would take 285 million years.

nuff said!  it’s all about the data!

http://www.computerweekly.com/feature/What-does-a-petabyte-look-like

Posted in Cybersecurity Memo - Insiders Edition | Comments Off on If you counted all the bits in one petabyte at one bit per second, it would take 285 million years.

Employees are the biggest threat to network security

“The days when firewalls, data backup and antivirus programs provided sufficient protection are over” according to Corey Steele, network security engineer for local voice and data network solutions provider High Point Networks.

“A network that’s protected just by a firewall, antivirus and backups in this environment is really akin to taking a super carrier from our American Navy today and dropping it into World War II. It would be a similar battle. The threats are so sophisticated that you can’t just protect with those three controls anymore.”

Steele says the No. 1 threat to a company’s network security today is its employees. It’s been his experience that “breaking into a network is much more difficult that breaking into a person.”

“Trust is very deeply ingrained into our psyche. The easiest way for an attacker to get into a network is to break that trust,” he said.

He has found two scenarios particularly successful.

Learn about these two scenario’s, and get the rest of the article from by the Grand Forks Herald by clicking here.

Posted in Cybersecurity Memo - Insiders Edition | Comments Off on Employees are the biggest threat to network security

Next-Generation Cybersecurity Is All About Behavior Recognition

Rather than focusing on stopping cybercriminals with walls, new technologies are emerging that work to identify cybercriminals instead. For example, BioCatch technology works to identify patterns of user behavior in certain applications, creating user profiles that can then be matched to subsequent visits. Mimicking a user’s online behavior is far more difficult than breaking down a wall.

Get the whole article here from TechCrunch.com

Posted in Cybersecurity Memo - Insiders Edition | Comments Off on Next-Generation Cybersecurity Is All About Behavior Recognition

“I love technology but I’m not in love with technology. The human hunch is priceless.”

A recent survey of government cybersecurity professionals found that 86 percent of respondents believe big data analytics could help improve cybersecurity, but only 28 percent oradare currently fully leveraging big data for security purposes.

Amir Orad built his career at the intersection of cybersecurity and big data analytics. “When I started 15 years ago, very binary, manual security decisions were the norm. We introduced the use of big data for security by adjusting in real-time the level of cybersecurity based on analytical decisions.:

Analytics is key to fighting security information overload, highlighting what’s important, and striking the right balance between automated decisions and decision-making by humans.

Check out the entire article at Forbes.com

Posted in Cybersecurity Memo - Insiders Edition | Comments Off on “I love technology but I’m not in love with technology. The human hunch is priceless.”

Hacker remotely crashes Jeep from 10 miles away

“All they have to do is work out the car’s IP address and know how to break into its systems and they can take control ”

In his disturbing account Greenberg described how the air vents started blasting out cold air and the radio came on full blast when the hack began.

The windscreen wipers turned on with wiper fluid, blurring the glass, and a picture of the two hackers appeared on the car’s digital display to signify they had gained access.

Greenberg said that the hackers then slowed the car to a halt just as he was getting on the highway, causing a tailback behind him – though it got worse after that.

He wrote: ‘The most disturbing maneuver came when they cut the Jeep’s brakes, leaving me frantically pumping the pedal as the 2-ton SUV slid uncontrollably into a ditch.

Get the entire article from http://www.telegraph.co.uk/news

Posted in Cybersecurity Memo - Insiders Edition | Comments Off on Hacker remotely crashes Jeep from 10 miles away

iOS flaw tricks you into giving up your iCloud password

Successful hack attacks often happen not because of tricky coding, but plain old “social engineering” — ie, conning people. The latest version of iOS, 8.3, apparently fails to filter out potentially dangerous HTML code embedded in incoming emails. The researcher’s proof-of-concept code takes advantage of that by calling up a remote HTML form that looks identical to the iCloud log-in window. It could easily trick someone into entering their iCloud username and password, then hide the dialog after the user clicks “OK.”

More from engadget.com by clicking here

Posted in Cybersecurity Memo - Insiders Edition | Comments Off on iOS flaw tricks you into giving up your iCloud password