Category: Uncategorized

In a measure of the hotness of people working in cybersecurity in investment banks, several of Morgan Stanley’s senior cybersecurity professionals seem to have discovered that they can move into jobs elsewhere. 
Morgan Stanley isn’t commenting on the exits from its cyber team, but insiders say there have been several globally in the past year. Instead of going to other banks, people who leave are typically choosing to work for technology firms.
One of the most recent defectors is Arun Kumar, a senior member of Morgan Stanley’s threat hunt analytics and engineering team in Glasgow. Kumar, who resigned a few weeks ago, has joined Fastly, a cloud computing provider. He’d been at Morgan Stanley for over 15 years. 
Other recent exits are more junior. Aviva Cohen, a scenario development program lead at Morgan Stanley in Baltimore, left in June to join TikTok as a team lead in threat defense. 
A similar smattering of exits took place in 2021. Most notably, Karl Anderson, an executive director and distinguished engineer at Morgan Stanley in Baltimore, quit to become a principal security engineer at AWS.  Christina Parry, a former security and data engineer at Morgan Stanley in New York, left after around four years in October 2021 to join Twitter’s detection and response team according to her LinkedIn profile.
The exits come as banks are battling for cybersecurity talent, both with technology firms and with the crypto sector. “It’s extremely difficult to hire world-class people in the cybersecurity space,” says Dean Looney, a headhunter at Rupert Dean Associates. “The problem is that the very best people don’t want to work for banks,” says another technology recruiter. “They don’t necessarily even want to work for the big tech firms – the very best people want to work for themselves.”
Morgan Stanley is currently hiring cyber-professionals for its offices in Glasgow, Baltimore, London, and Singapore. Glassdoor indicates that the bank’s Glasgow cybersecurity specialists earn salaries of £40k-80k, while their London peers earn salaries of up to £125k.
Banks aren’t just hiring traditional cyber talent. JPMorgan recently recruited Charles Lim, a quantum encryption expert, to help prepare for the day when quantum computers render existing methods of encryption obsolete. 
Click here to create a profile on eFinancialCareers. Make yourself visible to recruiters hiring cyber security experts for jobs in financial services. 
Have a confidential story, tip, or comment you’d like to share? Contact: sbutcher@efinancialcareers.com in the first instance. Whatsapp/Signal/Telegram also available (Telegram: @SarahButcher)
Bear with us if you leave a comment at the bottom of this article: all our comments are moderated by human beings. Sometimes these humans might be asleep, or away from their desks, so it may take a while for your comment to appear. Eventually it will – unless it’s offensive or libelous (in which case it won’t.)
Photo by Rayson Tan on Unsplash
 
 
 
 

source

As AT&T continues its strategy to put all its chips on its core telecom business, the carrier is reportedly considering the sale of its five-year-old cybersecurity business unit.
AT&T is mulling the sale of its five-year-old cybersecurity unit, according to a new report.
The carrier giant’s cybersecurity solutions business, which was launched in 2018, includes assets from AT&’s purchase of open-source threat intelligence firm AlienVault in the same year. The company has been working with Barclays to explore bids for its cybersecurity business, according to a report from Reuters.
Dallas-based AT&T did not respond to CRN’s request for comment on the alleged selloff by publication time.
 [Related: AT&T Dumps Time Warner Business Four Years After $85B Deal ]
The cybersecurity unit was created to make AlienVault’s cybersecurity technologies and AT&T’s existing security capabilities accessible to all businesses, from Fortune 100 companies all the way down the chain to local mom-and-pop stores, the carrier said in 2018. The business unit today offers security consulting services, endpoint security, network security, and threat detection and response services.
In the past five years, however, AT&T has become increasingly focused on its core telecom business. Elliott Management in 2019 revealed a $3.2 billion stake in AT&T and laid out a series of changes intended to boost AT&T’s stock price and help it return to its telecom roots. The company in 2022 spun off its hard-fought $85.4 billion deal for Time Warner, which became WarnerMedia under AT&T. AT&T said last year that the spinoff gave the company room to “focus intensely” on 5G and fiber-based connectivity growth and on revamping its declining business wireline segment.
AT&T has said that it cut its net debt by about $24 billion in 2022 and the company is looking to trim another $32 billion by 2025.
Financial terms of any potential deal have not been disclosed and it’s not clear how much AT&T’s cybersecurity business is worth today, according to the report.
Gina Narcisi is a senior editor covering the networking and telecom markets for CRN.com. Prior to joining CRN, she covered the networking, unified communications and cloud space for TechTarget. She can be reached at gnarcisi@thechannelcompany.com.

source

Understanding why ChatGPT is garnering so much attention takes a bit of background. Up until recently, AI models have been quite “dumb”: they could only respond to specific tasks when trained on a large dataset providing context on what to find. But, over the last five years, research breakthroughs have taken AI to a whole new level, enabling computers to better understand the meaning behind words and phrases.

Leveraging these mechanics and 5 large language models (LLMs), ChatGPT can translate the human language into dynamic and useful machine results. In essence, it allows users to “speak” to their data. It’s not yet perfect, but it’s a major advancement in AI, and we can expect other technology companies to soon release competing models.
As with any new technology, ChatGPT can be used for both good and bad – and this has major implications for the world of cybersecurity. Here’s what we can expect over the coming months.
ChatGPT is a gold mine of insight that removes much of the work involved in research and problem-solving by enabling users to access the entire corpus of the public internet with just one set of instructions. This means, with this new resource at their fingertips, cybersecurity professionals can quickly and easily access information, search for answers, brainstorm ideas and take steps to detect and protect against threats more quickly. ChatGPT has been shown to help write code, identify gaps in knowledge and prepare communications – tasks that enable professionals to perform their daily job responsibilities much more efficiently.
In theory, ChatGPT and similar AI models should help close the cybersecurity talent shortage by making individual security professionals significantly more effective – so much so, in fact, that with AI, one person will be able to accomplish the same output as multiple individuals before. It should also help reduce the cybersecurity skills gap by enabling even junior personnel with limited cybersecurity experience to get the answers and knowledge they need almost instantaneously.
From a business standpoint, ChatGPT will inform a generation of similar AI tools that can help companies access and use their own data to make better decisions. Where a team and a series of database queries responds today, a chatbot with an AI engine may respond tomorrow. Additionally, because the technology can take on menial, data-driven tasks, organizations may soon reallocate personnel to focus on different initiatives or partner with an AI to add business value.
Unfortunately, cybersecurity professionals and businesses aren’t the only parties that can benefit from ChatGPT and similar AI models – cybercriminals can, too. And we’re already seeing bad actors turn to ChatGPT to make cybercrime easier – using it for coding assistance when writing malware and to craft believable phishing emails, for example.
The scary thing about ChatGPT is that it is excellent in imitating human writing. This gives it the potential to be a powerful phishing and social engineering tool. Using the technology, non-native speakers will be able to craft a phishing email with perfect spelling and grammar. And it will also make it much easier for all bad actors to emulate the tone, word selection and style of writing of their intended target – which will make it harder than ever for recipients to distinguish between a legitimate and fraudulent email.
Last but certainly not least, ChatGPT lowers the barrier to entry for threat actors, enabling even those with limited cybersecurity background and technical skills to carry out a successful attack.
Whether we like it or not, ChatGPT and next-generation AI models are here to stay, which presents us with a choice: we can be afraid of the change and what’s to come, or we can adapt to it and ensure we embrace it holistically by implementing both an offensive and defensive strategy.
From an offensive perspective, we can use it to empower workers to be more productive and empower the business to make better decisions. From a defensive standpoint we need to put a strategy in place that protects our organizations and employees from the evolving security risks stemming from this new technology – and this includes updating policies, procedures and protocols to protect against AI-enabled bad actors.
ChatGPT and AI are changing the game for both security professionals and cybercriminals, and we need to be ready. Being aware of the opportunities and challenges associated with this new technology and then putting a holistic strategy in place will help you leverage this new era of AI to drive your business. Ignoring these developments puts it at risk.

source

Federal Student Aid (FSA) has developed two new factsheets on how to establish an Incident Response Plan (IRP) and the importance of data sanitization. Additional information is below.

In the event of a cyberattack, an IRP mitigates risk and limits damage by establishing plans, procedures, roles, and responsibilities. To learn more, create, or strengthen your institution’s IRP, visit FSA’s Cybersecurity Incident Planning for Institutes of Higher Education factsheet.

Physical documents, mobile devices, external hard drives, USB drives, memory devices, and computers can harbor abundant sensitive student data. If not properly disposed of, confidential data may be wrongly disclosed. FSA’s Media Sanitization and Disposal Best Practices factsheet details how to permanently destroy media to protect confidential personal data and proprietary information.

A recent Cybersecurity and Infrastructure Security Agency (CISA) report, “Partnering to Safeguard K-12 Organizations from Cybersecurity Threats,” provides recommendations and resources showing how a small number of steps will significantly reduce cybersecurity risk.
Institutes of Higher Education may find the key findings and recommendations useful, including:

develop a cyber incident response plan that leverages the NIST Cybersecurity Framework;

minimize the burden of security by migrating IT services to more secure cloud versions;

build a relationship with CISA and FBI regional cybersecurity personnel;

implement multifactor authentication (MFA);

prioritize patch management;

perform and test backups; and

create a training and awareness campaign.

The full CISA report, along with links to resources, training, and a digital toolkit, is available at: https://www.cisa.gov/protecting-our-future-partnering-safeguard-k-12-organizations-cybersecurity-threats.

If you have any questions about the information included in this announcement, please contact FSASchoolCyberSafety@ed.gov.  
To sign up for FSA’s IHE cybersecurity newsletter, email FSASchoolCyberSafety@ed.gov with the subject line: “Send me the FSA Cybersecurity Newsletter for IHEs.” Created for IT and compliance professionals at institutions of higher education (IHEs), FSA’s cybersecurity newsletter features news, updates, tips, and resources about cybersecurity best practices—all to help protect student data and keep your institution secure.

source

Advertisement
Supported by
The breach exposed information like names, addresses and phone numbers and lasted more than a month, the company reported in a securities filing.
Send any friend a story
As a subscriber, you have 10 gift articles to give each month. Anyone can read what you share.
By Niraj Chokshi
T-Mobile said on Thursday that a hacker had collected data, including names, birth dates and phone numbers, from 37 million customer accounts, the company’s second major breach in less than two years.
In a securities filing, T-Mobile said it first discovered that a “bad actor” was obtaining the data on Jan. 5. With help from outside cybersecurity experts, the mobile service provider stopped the leak the next day, it said.
The company said there was no evidence that its systems or network had been compromised, adding that the mechanism the hacker exploited did not provide access to more sensitive information such as Social Security numbers, government identification numbers, or passwords or payment card information.
“We understand that an incident like this has an impact on our customers and regret that this occurred,” T-Mobile said in a statement.
The exposed information included names, billing and email addresses, phone numbers, birth dates, T-Mobile account numbers, and information such as the lines on an account and plan features. Many of the accounts did not include all of that data. The company said it has started to notify some of the affected customers in accordance with state and federal requirements.
T-Mobile said it was continuing to investigate the exposure and had notified the federal authorities. The company said it believed that the hacker first started retrieving data on Nov. 25 through an application programming interface, a common bit of code that allows software to communicate with other software.
A cyberattack in 2021 exposed data from nearly 77 million T-Mobile customer accounts, including names, Social Security numbers and driver’s license information. As a result, the company agreed both to pay $350 million to settle customer claims and to spend $150 million to enhance its cybersecurity practices and technologies.
In Thursday’s filing, T-Mobile said it had “made substantial progress to date” on those upgrades. It also acknowledged that it could face “significant expenses” from the latest breach.
Advertisement

source

Up to 254,000 Medicare beneficiaries are getting new ID cards due to data breach at subcontractor. What they need to know  CNBC
source

The demand for Cyber Security experts is huge, and pursuing a career in this field means joining a booming industry where openings outnumber qualified candidates.
In recent times a number of cyber incidents have hit the headlines in South Africa, such as the widely reported ransomware attacks on the City of Johannesburg, Transnet, and the Department of Justice in South Africa
Interpol’s African Cyberthreat Assessment Report for 2021 found that Cyber-attacks cost South Africa R2.2 billion per annum, and an Accenture report on digital safety found that South Africa experiences roughly 577 malware attacks per hour.
In light of the massive increase in cyber-attacks in recent years, large and small organisations are focusing on cyber security and are willing to spend large sums of money to ensure that their critical data is kept secure.
There are many certified training courses available, from vendor-specific to general, but before you spend your money and time on certification, it is crucial that you find one that will give you a competitive edge in your career.
 
Here are 7 cybersecurity certifications that will take your career to the next level:
ISO/IEC 27032 Lead Cybersecurity Manager training enables you to acquire the expertise and competence needed to support an organization in implementing and managing a Cybersecurity program based on ISO/IEC 27032 and NIST Cybersecurity framework.
During this training course, you will gain a comprehensive knowledge of Cybersecurity, the relationship between Cybersecurity and other types of IT security, and stakeholders’ role in Cybersecurity.
Who should attend?
Cost: $1,490

Click here for more
The Lead Cloud Security Manager training course enables participants to develop the competence needed to implement and manage a cloud security program by following widely recognized best practices. 
The growing number of organizations that support remote work has increased the use of cloud computing services, which has, in turn, increased the demand for a secure cloud infrastructure proportionally.
This training course is designed to help participants acquire the knowledge and skills needed to support an organization in effectively planning, implementing, managing, monitoring, and maintaining a cloud security program based on ISO/IEC 27017 and ISO/IEC 27018. It provides a comprehensive elaboration of cloud computing concepts and principles, cloud computing security risk management, cloud-specific controls, cloud security incident management, and cloud security testing.
The training course is followed by the certification exam.
Who should attend?
Cost: $1,550
Click here for more
 
Moving up the certification ladder at CompTIA, the CASP is an advanced cybersecurity certification with hands-on experience in security engineering and architecture. Other topics covered include cryptography and governance. Despite the advanced level, this isn’t one of the best cybersecurity certifications for managers; instead, it’s a better fit for professionals who wish to work in technology as architects and engineers.
Prerequisites: No formal requirements, but the exam provider recommends this certification exam only to IT professionals with at least 10 years of experience
Cost: $480
Click here for more
 
ISO/IEC 27001 Lead Auditor training enables you to develop the necessary expertise to perform an Information Security Management System (ISMS) audit by applying widely recognized audit principles, procedures and techniques.
During this training course, you will acquire the knowledge and skills to plan and carry out internal and external audits in compliance with ISO 19011 and ISO/IEC 17021-1 certification process.
Based on practical exercises, you will be able to master audit techniques and become competent to manage an audit program, audit team, communication with customers, and conflict resolution.
After acquiring the necessary expertise to perform this audit, you can sit for the exam
Who should attend?
Cost: $1,370 
Click here for more
 
This certification gives you the tools to excel in the management part of cybersecurity. Some topics of interest include:
Prerequisites: 5 years of experience in a managerial role related to information security
Best for: Programmers interested in solidifying their managerial experience
Cost: $575 for members; $760 for non-members
Click here for more
 
The CISSP is one of the best cybersecurity certifications for programmers and professionals seeking to advance their careers in the industry. It’s certainly not for beginners, requiring 5+ years of experience. It’s not uncommon to see security engineers and chief information officers with this designation; however, they likely have many others as well. The CISSP certification is the most common requirement or preferred qualification for cybersecurity job postings.
Cost: $749
Prerequisites: 5 years of experience in at least two cybersecurity topics areas like Security and Risk Management, Security Engineering, Software Development Security, Communication and Network Security, and more.
Click here for more
 
ISO/IEC 27001 Lead Implementer training course enables participants to acquire the knowledge necessary to support an organization in effectively planning, implementing, managing, monitoring, and maintaining an information security management system (ISMS).
Information security threats and attacks increase and improve constantly. The best form of defense against them is the proper implementation and management of information security controls and best practices. Information security is also a key expectation and requirement of customers, legislators, and other interested parties.
This training course is designed to prepare participants in implementing an information security management system (ISMS) based on ISO/IEC 27001. It aims to provide a comprehensive understanding of the best practices of an ISMS and a framework for its continual management and improvement.
After attending the training course, you can take the exam.
Who Can Attend?
Cost: $1,370
Click here for more
 
These are just a few of the top cyber security certifications out there. Depending on your interests and aspirations, there may be another program that’s more aligned with your career goals. Browse Primus Institute’s website to see all of the online education programs they offer in cyber security.
 
By Primus Institute
 

source

Although %75 of all US and UK companies were exposed to cyber incidents in the past year, employees still hate cybersecurity training sessions. Considering most cyberattacks capitalize on human error, employee reluctance continues to play into the hands of malicious actors in the shadow of this avalanche of cyber attacks.
Despite the overwhelming belief of cyber executives that their organizations have a solid security culture, recent data gathered by email security expert Tessian suggests that these leaders may be deluding themselves, revealing an unsettling gap between security experts and the rest of the business.
While 85% of employees participate in cybersecurity training or awareness programs, “How Security Cultures Impact Employee Behaviour” research revealed that 64% do not pay full attention, and 36% find their organization’s cybersecurity training uninteresting. Do you know how businesses could utilize AI in security systems?
The survey found that security leaders generally agreed on the recipe of good security culture, but Tessian said it was evident that those at the top still had a lot of work to do, given the stubbornly high incident counts.
“Everyone in an organization needs to understand how their work helps keep their co-workers and company secure. To get people better engaged with the security needs of the business, education should be specific and actionable to an individual’s work,” said Kim Burton, Head of Trust and Compliance at Tessian.
Join the Partisia Blockchain Hackathon, design the future, gain new skills, and win!
“It is the security team’s responsibility to create a culture of empathy and care. They should back up their education with tools and procedures that make secure practices easy to integrate into people’s everyday workflows. Secure practices should be seen as part of productivity. When people can trust that security teams have their best interest at heart, they can create true partnerships that strengthen security culture.” she added.
The study demonstrated how cybersecurity training exercises, which frequently consist of brief PowerPoint presentations created by legal and compliance professionals without a true grasp of how people interact with instructional materials, have no overall positive effect on employees.
For instance, only one in three respondents said they were satisfied with the communications from their IT or security team, and 30% of respondents said they didn’t think they had a personal role to play in keeping their company secure. Similarly, 45% of respondents didn’t know how to report a security incident or who to report it to.
Over half of those surveyed claimed that behaviors including downloading apps to work devices, transmitting private information to personal email addresses, exchanging passwords among coworkers, and connecting to open or public Wi-Fi networks on work devices are not caused concerns.
Over 40% of respondents said they didn’t see an issue with blatantly hazardous behaviors, such as reusing passwords, leaving business devices unattended or unlocked, downloading unsolicited attachments, or clicking links in emails from unfamiliar sources.
The leadership’s propensity to utilize cybersecurity training to spread fear and uncertainty as a motivation appeared to be a significant source of estrangement.
For instance, according to Tessian’s survey, 50% of participants reported having a “bad experience” with a phishing simulation, as shown by the 2021 account of a phishing test that went horribly wrong at West Midlands Trains.
Many others clicked on the link in what appeared to be an email from corporate leadership explaining a thank-you bonus for workers who had endured the pandemic, only to be reprimanded for not being vigilant enough about security. Officials from the union called the stunt “crass and reprehensible.”
Such strategies can “cripple employee decision-making, creative thought processes, and the speed and agility that businesses need to operate in today’s demanding world,” according to Marc Dupuis, assistant professor at the University of Washington Bothell, and Karen Renaud, chancellor’s fellow at the University of Strathclyde.
Tessian listed five actions security leaders should do to improve employee understanding of cybersecurity protocols.
For instance, security leaders must take a more active part in important touchpoints like onboarding, position or office changes, and offboarding during an employee’s “journey” with the company. According to Tessian, the onboarding of new employees offers a fantastic opportunity to grab people’s interest before they grow weary and bored, while more thorough and careful offboarding procedures can assist in preventing the loss of crucial data when a person departs.
Establishing open lines of communication throughout the entire organization and paying close attention to how much information is shared, who it comes from, via what channels, and how frequently are other things that any security leader should be doing.
Tessian provided four essential guidelines for accomplishing this successfully (page 28):
Finally, there are technology solutions that, when wisely implemented, can support the organization’s development of cyber “self-efficacy.”
Tessian’s research was created by OnePoll, which surveyed 2,000 US and UK-based employees, along with 500 IT security leaders.

The research we examined today revealed why some cybersecurity training and awareness initiatives are far from being effective. However, none of this changes the fact that cyber attacks can bring a company down. You can also check our guide explaining the best cybersecurity practices for staying safe against today’s digital perils.
Your email address will not be published. Required fields are marked *
Comment *
Name *
Email *
Website
Save my name, email, and website in this browser for the next time I comment.

source

What’s on the horizon for cybersecurity in 2023? The landscape includes an acceleration of familiar and emerging trends, which means businesses should be ready to face an ever-changing environment where risk is inherent. In today’s cyber climate, no fish is too small for an attacker to try to hook. Thus, SMBs have more reason than ever to be proactive around security, as these key trends target an expanding attack surface and increased risks.
Cybercriminals continue efforts to steal credentials from users to gain access to networks. Historically, they’ve used email, but they are increasingly using social engineering. In the first half of 2022, around 70% of email attacks contained a credential phishing link.
Credential phishing and social engineering go hand in hand. The practice is direct and indirect. Lateral attacks, where hackers target one person to get to someone else, are increasing. If a cybercriminal can compromise one user, they can impersonate them to trick other users within the organization, or springboard to a related organization such as a partner or supplier.
These methods aren’t going away; in fact, they’re becoming more sophisticated. The countermeasure for organizations is multifactor authentication (MFA). Mandating this for admin accounts should be the minimum threshold, because of the privileges these accounts have.
But getting other users to adopt this has been difficult because it’s a poor user experience and one more burden. So, instead of burdening users with more steps and passwords to remember, a new approach is using passwordless authentication, wherein a code is sent to the device to perform authentication without requiring a password. This approach increases security and convenience, which are usually in conflict.
However, it’s not only email where phishing keeps dropping its bait. Attacks are now omnichannel.
Phishing has become omnichannel, mirroring and exploiting the technologies businesses use to communicate. These attacks cross channels, as hackers use phone calls, SMS, social media direct messages and chat. A targeted user could receive communication in one channel to start, followed by a flood of communication in other channels. These are attempts to trip up the user and project more authenticity.
Expanded channels of attacks call for a broadened umbrella of protection from email to cover all channels. Defending against social engineering is especially challenging because the messages don’t contain explicit threats (malicious links or attachments) until the final step of the attack.
As the level of risk from these attacks increases, SMBs may find it hard to retain cyber insurance, which is the next trend.
Cyber insurance is evolving in the new threat landscape. It has become more expensive and difficult to obtain or retain coverage. Increasingly, a prerequisite for coverage is for businesses to demonstrate that they have the appropriate level of protection. With no standard in the industry on what this is, companies may find it hard to meet this requirement.
To prove that an organization doesn’t present uninsurable risks, it needs to increase its technology base of security, ensure strong authentication is in place and provide certifications where available. If the business outsources IT, it will expect its provider to provide robust security. The type of certifications to look for in a cloud partner include ISO 27001 and SOC 1, 2 and 3, as well as industry-specific compliance, such as HIPAA support for healthcare-covered entities. If an organization can substantiate these things, it could see better coverage options.
In considering protection technologies that are well suited for reducing the security risk for SMBs, AI (artificial intelligence) and machine learning (ML) are especially interesting and the next trend to consider.
AI has become a critical technology for improving many business processes. Its continuous learning model is especially relevant to changing security threats, which makes it more effective at reacting to the constantly changing threat landscape. As a result, it provides a continuous strengthened defense over time, identifying and protecting against evolving attacks. This technology is essential for detecting attacks that are outside of the range of previously experienced threats.
Traditional phishing attacks are broad attacks using a specific threat. Email filtering that looks for that threat can process and prevent attacks quickly. What it won’t catch are unique, customized phishing schemes deployed to a specific company or an individual in that company.
Hackers bypass email filtering by using social sites like LinkedIn to obtain employees’ names, which is easy to do, then sending socially engineered messages that don’t include telltale links or attachments. They then identify other employees and introduce phishing via email and other channels. It’s not a mass attack, so it’s less likely to be recognized by email filtering. AI can be beneficial in this scenario as it builds a picture of what is “normal” for a specific company to better detect unusual communications.
Again, this situation highlights that every user and company is attractive to hackers, who count on SMBs having weaker defense measures.
Using AI as a safety net should be on the priority list for small businesses. It’s now less expensive and more accessible. So, the barrier to obtaining it is much lower.
Zero-trust architecture modernizes traditional security models that operate on an outdated assumption that everything within the network is trustworthy. In this framework, as soon as a user enters a network, it can access anything and exfiltrate data.
Zero trust does away with implicit trust and applies continuous validation. Establishing zero-trust architecture in a network requires visibility and control over an environment’s traffic and users. Such a scope involves determining what’s encrypted, monitoring and verifying traffic and using MFA.
With zero-trust security, organizations review everything, standardize all security measures and create a baseline. As many companies go through their own digital transformations, we will see an increase in the adoption of this approach.
All these trends are interconnected and demonstrate that modern cyber-defense must be flexible and adjustable to meet new and evolving threats — as well as old threats. SMBs need security-centric partners for cloud hosting and applications to sustain their boundaries and reduce risk in the year ahead and beyond.
Alex Smith is VP of product management at Intermedia Cloud Communications.
Welcome to the VentureBeat community!
DataDecisionMakers is where experts, including the technical people doing data work, can share data-related insights and innovation.
If you want to read about cutting-edge ideas and up-to-date information, best practices, and the future of data and data tech, join us at DataDecisionMakers.
You might even consider contributing an article of your own!
Read More From DataDecisionMakers
Want must read news straight to your inbox?
© 2023 VentureBeat. All rights reserved.

source

Chennai, Feb 20 (IANS): The Tamil Nadu Cyber Wing police are in the process of c
tracking down phishers who dupe gullible consumers by sending them false messages power cut if they don’t pay money immediately on receiving the messages.
While the number of people getting duped under such false messages has come down due to high-end awareness campaigns conducted across the state, police still receives four to six calls a week regarding the same.
The Tamil Nadu police had arrested two people from Haryana for duping people to the tune of Rs 3.3 lakhs but on interrogation, they admitted that they were not the bosses but working on orders received.
Cybercrime wing is now tracking down the masterminds in the operation of duping power consumers and will be traveling to some North Indian states to arrest the big players.
Tamil Nadu Generation and Distribution Company (Tangedco) has kept awareness boards in all its offices in full public display not to fall prey to such messages calling for people to pay the money immediately on receiving the message or the power supply would be cut. The message will have a phone number and those who call that number will be asked to pay 1 rupee to rectify the problem after downloading some application. If the consumer pays the amount, phishers will swindle the entire money in that account of the consumer.
Tangedco in their awareness boards has clearly mentioned that the department would not send such messages and people to be wary of such cheating in the name of paying bills Tangedco.
While the state power utility has conducted several awareness programmes against this and Cyber wing police also creating awareness through social media platforms, some consumers still fall prey to such cyber attacks and the state cyber wing is planning to curb this menace once and for all.
A senior officer with the Tamil Nadu Police Headquarters while speaking to IANS said, “Once we arrest the kingpin of this gang, the phishing process will stop in Tamil Nadu for the time being. But new gangs will surface and it is for the people to be aware of such cheating and not fall prey to these gangs. However, complaints on phishing have come down largely but still, there is a group of people who are not aware of money being lost in such a manner.”
 
Disclaimer:
Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.
Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.
Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.
Daijiworld Residency,
Airport Road, Bondel Post,
Mangalore – 575 008 Karnataka India
Telephone : +91-824-2982023.
General Enquiry: office@daijiworld.com,
News & Info : news@daijiworld.com
Kishoo Enterprises,
3rd Floor, Mandavi Trade Centre, Kadiyali, Udupi – 576 102
Telephone : 0091-820-4295571
E-mail : udupi@daijiworld.com
Daijiworld Middle East FZE,
P.O.Box: 84772, Dubai, UAE
Tel: 971-50-6597629
Fax: 971-4-2639207
Email: dubai@daijiworld.com
Copyright &copy 2001 – 2023. All Rights Reserved.
Published by Daijiworld Media Pvt Ltd., Mangalore.
Powered by ATC Online LLP

source