The cybersecurity culture of an organization encompasses the knowledge, awareness, attitudes and behaviors of employees regarding the threat landscape, cybersecurity and information technologies. Strong cybersecurity culture starts with building awareness and encouraging best practice cyber-hygiene, normalizing these behaviors so they become second nature to your team.
In a world driven by digital business, enterprise security needs to be continuously monitored and improved to keep up with evolving cyber-threats and to ensure data protection across the web. As the corporate, office-based workforce evolves to become more permanently remote, increased access control to business assets is needed for those both within and outside of the company network.
The impact of AI on cybersecurity continues to be a hot topic of discussion within the information security industry. Cyber-threats are rapidly increasing in volume. In part, this is because the attack surface for cybercriminals is huge, and it continues to grow and evolve at a lightning pace. Every year billions of cyber-attacks are launched with a wide variety of motives, and new threats with more sophisticated tactics or methods are trialed to bypass existing security systems.
Aside from executing physical attacks on servers, hardware or people, there are three main access points where criminals can break into systems: web, mobile and API. In this post, we’ll focus on mobile security, an area increasingly being exploited due to a sharp rise in mobile device use over the course of the pandemic.
OpenBullet is a testing suite of software allowing users to perform requests on a target web application. The open source tool can be found on GitHub and is used by businesses for various legitimate purposes including scraping and parsing data and automated penetration testing. Although designed to aid security professionals, in the wrong hands OpenBullet can be abused for the opposite purpose.
Spam filters are essential. Without them we couldn’t cut through the noise of phishing scams and malware links to read our messages. Hatred of spam is well entrenched in society, just as bots (especially scalpers) have become the bane of so many lives in recent years. There are several parallels between the email spam in our inboxes and malicious bots that crawl the web. Both are designed to cause harm to businesses and individuals. Both exploit systems designed to be useful.
The online casino industry is a big target for fraudsters, from sign-up bonus abuse through to sidestepping account bans and exploiting business logic to guarantee a profit. This month’s guest on the Cybersecurity Sessions can attest to this – he used to exploit online casinos professionally!
Our world is driven by technological innovation. Recent years have seen many companies adopt artificial intelligence (AI) and machine learning technology to analyze larger data sets and perform more complex tasks with faster and more accurate results. This is not limited to technology-based industries such as computer science – now, many industries work continuously to enhance their technology to keep up with consumer expectations, with data-based decision making often central to this drive.
Passwords are dying as a sole security measure, particularly within financial services. It is widely expected (and in the UK, mandatory) that any institution responsible for finances, from banks to brokers and even crypto wallets, should be implementing multi factor authentication (MFA) to prevent fraudsters gaining access to accounts using automated attacks, even if they know the user’s password.
Bots are rampant across the web – in fact, around 50% of all web traffic is automated or invalid, i.e., doesn’t come from a real user with genuine interest. While some of this traffic is good and useful, for example, search engine crawlers and content aggregators, a high percentage is malicious. Hosting bad bots on your server can result in a plethora of problems for your website and business, from damage to your brand reputation to excessive financial and technical costs.
