Security News

DTEX Systems announced enhancements to DTEX InTERCEPT for critical infrastructure entities - a workforce cybersecurity solution specifically created to address the user activity monitoring requirements of public and private oil and gas, electric, water, telecommunications and healthcare organizations with headquarters in the Five Eyes countries. According to a recent report by The National Counterintelligence and Security Center of the United States of America titled, Insider Threat Mitigation for U.S. critical infrastructure entities: Guidelines from an Intelligence Perspective, "Foreign adversaries are no longer simply targeting the U.S. government, as was often the case during the Cold War, but today are using their sophisticated intelligence capabilities against a much broader set of targets, including U.S. critical infrastructure and other private sector and academic entities. These U.S. industries and academic organizations are now squarely in the geopolitical battlespace."

SANS announced the release of a report which analyzes the data of over 1,500 security awareness professionals from around the world to benchmark how organizations are managing human risk and provides data-driven action items to mature awareness programs. "Cybersecurity is no longer just about technology but people; managing human risk. Awareness programs enable security teams to do just that by not only guiding how people think about security but how they act, from the Board of Directors on down," said Lance Spitzner, SANS Security Awareness Director and co-author of the report.

In other words, the investment in most security awareness programs is window dressing - something that looks good but is a false front. Human actions account for 90% of all security incidents, so CISOs can quantifiably reduce their overall security incidents by upgrading the "Human firewall."

Security biz Proofpoint and its subsidiary Wombat Security Technologies have sued Facebook and its Instagram subsidiary to prevent the seizure of internet domain names used for security testing. It sets up domain names that incorporate trademarked terms, like Facebook and Instagram, or fragments of those terms that have similar looking domain names.

The Company's patented platform integrates easily within existing security infrastructure to deliver targeted coaching that teaches employees how to identify and remediate cyberattacks while providing security teams with insights that help them better understand the human element of their organization's security posture. SecurityAdvisor's deep integrations with leading cybersecurity vendors, including CrowdStrike, provide visibility across the entire organization for security teams and quantifies security teams' ROI. SecurityAdvisor will use the capital to support product development and drive market awareness of its innovative offering amongst enterprise security leaders.

Security awareness rarely leads to sustained behavior change on its own, according to a recent analysis - meaning that organizations need to proactively develop a robust "Human-centered" security program to reduce the number of security incidents associated with poor security behavior. According to the Information Security Forum, the information security industry is playing catch-up when it comes to positively influencing behavior - the proliferation of remote-working arrangements, exacerbated by the stress associated with the pandemic, has underlined the importance of strengthening the human elements of security.

TechRepublic's Karen Roby spoke with Lorrie Cranor, director and Bosch Distinguished Professor in security and privacy technologies of CyLab and the FORE Systems Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University, about security in Internet of Things devices for Cybersecurity Awareness Month. Lorrie Cranor: One of the things we've observed is that there are a lot of concerns about the security and privacy of IoT devices.

TechRepublic's Karen Roby spoke with Eva Velasquez, CEO of the Identity Theft Resource Center, about the importance of cybersecurity. Karen Roby: What are some of the things people can do? How do they best protect themselves?

Freezing your child's credit is one way to stop cybercriminals from destroying their credit. But you have to be careful to keep the key to thaw it later.

A cybersecurity expert warns that during Cybersecurity Awareness Month it is time for the enterprise to emphasize training that doesn't just keep their employees from putting the business at risk, but "Empowers them to become the organization's first line of defense." Last year's Cybersecurity Awareness Month presented a different set of issues than this year's.