Experienced. Trusted. Solutions.
By PC Portal
This month, we released new features in Microsoft 365 that help users stay focused in their workflow while delivering richer, more engaging content.
The post New to Microsoft 365 in November—tools to keep you in your workflow and fine-tune content appeared first on Microsoft 365 Blog.
By PC Portal
The Microsoft 365 tools the Jefferies Group use complement their nimble approach, helping them to provide better insight and expertise to investors, companies, and government entities.
The post Jefferies Group puts banking clients first, gaining competitive edge with Microsoft 365 appeared first on Microsoft 365 Blog.
By PC Portal
At Webroot, we stay ahead of cybersecurity trends in order to keep our customers up-to-date and secure. As the end of the year approaches, our team of experts has gathered their top cybersecurity predictions for 2019. What threats and changes should you brace for?
“A large US-based tech company will get hammered by the new GDPR fines.” – Megan Shields, Webroot Associate General Counsel
When the General Data Protection Regulation (GDPR) became law in the EU last May, many businesses scrambled to implement the required privacy protections. In anticipation of this challenge for businesses, it seemed as though the Data Protection Authorities (the governing organizations overseeing GDPR compliance) were giving them time to adjust to the new regulations. However, it appears that time has passed. European Data Protection Supervisor Giovanni Buttarelli spoke with Reuters in October and said the time for issuing penalizations is near. With GDPR privacy protection responsibilities now incumbent upon large tech companies with millions—if not billions—of users, as well as small to medium-sized businesses, noncompliance could mean huge penalties.
GDPR fines will depend on the specifics of each infringement, but companies could face damages of up to 4% of their worldwide annual turnover, or up to 20 million Euros, whichever is greater. For example, if the GDPR had been in place during the 2013 Yahoo breach affecting 3 billion users, Yahoo could have faced anywhere from $80 million to $160 million in fines. It’s also important to note that Buttarelli specifically mentions the potential for bans on processing personal data, at Data Protection Authorities’ discretion, which would effectively suspend a company’s data flows inside the EU.
“Further adoption of AI leading to automation of professions involving low social intelligence and creativity. It will also give birth to more advanced social engineering attacks.” – Paul Barnes, Webroot Sr. Director of Product Strategy
The Fouth Industrial Revolution is here and the markets are beginning to feel it. Machine learning algorithms and applied artificial intelligence programs are already infiltrating and disrupting top industries. Several of the largest financial institutions in the world have integrated artificial intelligence into aspects of their businesses. Often these programs use natural language processing—giving them the ability to handle customer-facing roles more easily—to boost productivity.
From a risk perspective, new voice manipulation techniques and face mapping technologies, in conjunction with other AI disciplines, will usher in a new dawn of social engineering that could be used in advanced spear-phishing attacks to influence political campaigns or even policy makers directly.
“We’ll see a continued decline in commodity ransomware prevalence. While ransomware won’t disappear, endpoint solutions are better geared to defend against suspicious ransom-esque actions and, as such, malware authors will turn to either more targeted attacks or more subtle cryptocurrency mining alternatives.” – Eric Klonowski, Webroot Principal Threat Research Analyst
Although we’re unlikely to see the true death of ransomware, it does seem to be in decline. This is due in large part to the success of cryptocurrency and the overwhelming demand for the large amounts of computing power required for cryptomining. Hackers have seized upon this as a less risky alternative to ransomware, leading to the emergence of cryptojacking.
Cryptojacking is the now too-common practice of injecting software into an unsuspecting system and using its latent processing power to mine for cryptocurrencies. This resource theft drags systems down, but is often stealthy enough to go undetected. We are beginning to feel the pinch of cryptojacking in critical systems, with a cryptomining operation recently being discovered on the network of a water utility system in Europe. This trend is on track to continue into the New Year, with detected attacks increasing by 141% in the first half of 2018 alone.
“Attacks will become more targeted. In 2018, ransomware took a back seat to cryptominers and banking Trojans to an extent, and we will continue see more targeted and calculated extortion of victims, as seen with the Dridex group. The balance between cryptominers and ransomware is dependent upon the price of cryptocurrency (most notably Bitcoin), but the money-making model of cryptominers favors its continued use.” – Jason Davison, Webroot Advanced Threat Research Analyst
The prominence of cryptojacking in cybercrime circles means that, when ransomware appears in the headlines, it will be for calculated, highly-targeted attacks. Cybercriminas are now researching systems ahead of time, often through backdoor access, enabling them to encrypt their ransomware against the specific antivirus applications put in place to detect it.
Government bodies and healthcare systems are prime candidates for targeted attacks, since they handle sensitive data from large swaths of the population. These attacks often have costs far beyond the ransom itself. The City of Atlanta is currently dealing with $17 million in post-breach costs. (Their perpetrators asked for $51,000 in Bitcoin, which the city refused to pay.)
The private sector won’t be spared from targeting, either. A recent Dharma Bip ransomware attack on a brewery involved attackers posting the brewery’s job listing on an international hiring website and submitting a resume attachment with a powerful ransomware payload.
“Because the cost of exploitation has risen so dramatically over the course of the last decade, we’ll continue to see a drop in the use of zero days in the wild (as well as associated private exploit leaks). Without a doubt, state actors will continue to hoard these for use on the highest-value targets, but expect to see a stop in Shadowbrokers-esqueoccurrences. Leaks probably served as a powerful wake-up call internally with regards to access to these utilities (or perhaps where they’re left behind). – Eric Klonowski, Webroot Principal Threat Research Analyst
Though the cost of effective, zero-day exploits is rising and demand for these exploits has never been higher, we predict a decrease in high-profile breaches. Invariably, as large software systems become more adept at preventing exploitation, the amount of expertise required to identify valuable software vulnerabilities increases with it. Between organizations like the Zero Day Initiative working to keep these flaws out of the hands of hackers and governmental bodies and intelligence agencies stockpiling security flaws for cyber warfare purposes, we are likely to see fewer zero day exploits in the coming year.
However, with the average time between the initial private discovery and the public disclosure of a zero day vulnerability being about 6.9 years, we may just need to wait before we hear about it.
The take-home? Pay attention, stay focused, and keep an eye on this space for up-to-the-minute information about cybersecurity issues as they arise.
The post What’s Next? Webroot’s 2019 Cybersecurity Predictions appeared first on Webroot Blog.
By PC Portal
We round up interesting research and reporting about security developments from around the web. This month: blaming the user (or not), passwords, protecting data and privacy, and security leadership (or the lack of it).
Who’s to blame when poor passwords lead to breaches? That was a matter for debate among the respected security professionals Troy Hunt and Javvad Malik recently. Hunt began by blogging that when security incidents come to light, bad password choices are often the root cause. “The account holder is the victim but they must also share the blame,” he said. Javvad Malik responded with a rebuttal, taking security professionals to task for an ‘us vs them’ mentality. There’s also a wider issue of technologists building systems with poor security that pushes responsibility back on people who are least qualified to know what’s best, he said. Both blogs are worth reading in full; in Javvad’s words they are “a natural part of a much-needed dialogue in the security industry”.
The UK’s Data Protection Authority, ICO, has published new guidance on passwords as a means of protecting data in light of GDPR. Although the GDPR doesn’t specifically mention passwords, it requires organisations to process personal data securely using appropriate technical and organisational measures, and passwords are a common way of doing this. The guidance includes details of what to consider when designing and implementing password systems. The page includes links to the relevant sections of GDPR, along with password guidance from the UK National Cyber Security Centre. It also suggests that organisations should think about whether there are any better alternatives to using passwords.
Call it the (corporate) law of unintended consequences: could GDPR compliance concerns be causing M&A activity to slow down? That seems to be the key finding in a survey of more than 500 EMEA M&A professionals from Merrill Corporation. More than half said compliance and data protection at a target company was the main reason why deals collapsed. The Times described the regulation as “a significant fetter” on mergers and acquisitions. Two-thirds of those surveyed believe that GDPR will increase potential buyers’ scrutiny of a target company’s data protection policies and process. This will further complicate the deal-making process, Merrill concluded.
Separately, Irish business leaders say GDPR has been beneficial for society and individuals. In a survey from Mazars and McCann Fitzgerald, 73 companies said complying with the regulation had been a challenge but many were confident in their efforts. A massive 88 per cent of the firms believe they have interpreted their obligations correctly.
No one senior executive function is taking responsibility for managing security, a new survey has found. The NTT Security 2018 Risk:Value report found a “narrowing gap” between the roles of CEO, CISO and CIO for security. Its report is based on responses from 1,800 decision makers from non-IT functions. The report suggests that this lack of cohesion at the top means that many organisations are struggling to secure their most important digital assets. Just 48 per cent of respondents globally say they have fully secured all of their critical data.
NTT Security’s Azeem Aleem said: “Responsibility for day-to-day security doesn’t seem to fall on any one particular person’s shoulders among our response base. This narrow gap between the roles of CIO, CEO and CISO shows that no one executive function is stepping up to the plate. It could be a sign of unclear separation between the CIO and CISO though, as often they are the same or collaborate closely.”
Worryingly, one-third of respondents also said they would pay a ransom to malicious attackers rather than investing in information security. For those troubling stats and more, the full report is here.
The US Federal Trade Commission has launched a website with free security resources aimed specifically at small businesses. In a similar vein to the UK NCSC’s excellent site, the American equivalent covers areas like phishing, ransomware, email authentication, physical security, fraud and securing remote access. The site has a clean design that’s easy to navigate. It also has a guide for employers along with links to useful security materials and a series of videos.
The post Security newsround: November 2018 appeared first on BH Consulting.
By PC Portal
Using Microsoft 365 cloud-based workplace services, EMCOR will be able to collaborate more effectively across multiple divisions and business units.
The post EMCOR Group transitions to the cloud, constructs intelligent workplace with Microsoft 365 appeared first on Microsoft 365 Blog.