Category

Reports

Category

With the coronavirus constantly in the news, more businesses than ever are considering the viable option of  telework as opposed to traditional onsite work for their company and employees. The new cyber threats and data breaches constantly reported indicates that business owners have to ask themselves the question: How do I maintain my cybersecurity when my employees work remotely?

Whether you have one employee working on a mobile device while on a business trip or your entire staff telecommuting from home, your cybersecurity shouldn’t be sacrificed for convenience. By understanding your options and working with quality IT services providers, you can safely navigate the cyber world and keep your business protected.

Cyber Security and Telework

Maintaining your cybersecurity while allowing your employees to work remotely can be a challenge, but it can be accomplished with minimal risk if you plan ahead and choose the right options for your business. If you don’t expect someone to infiltrate your network, you won’t be protected when someone tries. Always prepare for the worst-case scenario.

The report below states the constants that incorporate and facilitate the ability to work from home for security professionals

In 2015, the United States Congress passed the cybersecurity Act of 2015 (CSA), and within this
legislation is Section 405(d): Aligning Health Care Industry Security Approaches. As an approach to this
requirement, in 2017 HHS convened the 405(d) Task Group leveraging the Healthcare and Public Health
(HPH) Sector Critical Infrastructure Security and Resilience Public-Private Partnership. The Task Group is
comprised of a diverse set of over 150 members representing many areas and roles, including
cybersecurity, privacy, healthcare practitioners, Health IT organizations, and other subject matter
experts.
The Task Group’s charge was to develop a document that is available to everyone at no cost and
includes a common set of voluntary, consensus-based, and industry-led guidelines, practices,
methodologies, procedures, and processes that serve as a resource to meet three core goals to:
1. Cost-effectively reduce cybersecurity risks for a range of health care organizations;
2. Support voluntary adoption and implementation; and
3. Ensure on an ongoing basis that content is actionable, practical, and relevant to healthcare
stakeholders of every size and resource level.
Progress || The Task Group assembled in May 2017 and since then, many achievements have been
made with this effort. The table highlights current accomplishments made by those involved.

The report below elaborates the current health industry cybersecurity best practices.

A foundational element of innovation in today’s app-driven world is the API. From banks, retail and transportation to IoT, autonomous vehicles and smart cities, APIs are a critical part of modern mobile, SaaS and web applications and can be found in customer-facing, partner-facing, and internal applications. By nature, APIs expose application logic and sensitive data such as Personally Identifiable Information (PII) and because of this have increasingly become a target for attackers. Without secure APIs, rapid innovation would be impossible.

API Security focuses on strategies and solutions to understand and mitigate the unique vulnerabilities and security risks of Application Programming Interfaces (APIs)

Download the OWASP API Security Top 10 2019 today!


Ransomware Hostage Rescue Manual

Ransomware can take different forms, but in its essence, it denies access to a device or files until a ransom has been paid.
In this manual, we discuss ransomware as PC or Mac-based malicious software that encrypts a user or company’s files and forces them to pay a fee to the hacker in order to regain access to their own files.

The hackers primarily use the following vectors to infect a machine: phishing emails, unpatched programs, compromised websites, poisoned online advertising, and free software downloads.

Download full document addressing Ransomeware Hostage today.

Read and download Hackerone’s official 2019 Hacker-Powered Security report, focusing on the latest industry-wide cybersecurity tactics and events from the hacker’s perspective.

With hacker-powered security testing, organizations can identify high-value bugs faster with help from the results-driven ethical hacker community.

This Hacker-Powered Security Report 2019 is the most comprehensive report on hacker-powered security, having the largest repository of hacker activity and vulnerability data on display in one comprehensive report.

Inside you will find:

  • Year over year bug bounty program growth by industry
  • Vulnerabilities by type found across different industries
  • Average time to resolution and reward
  • Percentage of bounties found by severity level
  • Bug bounty payout trends and highest awarded bounties ranked by industry
  • Customer success highlights and hacker quotes and motivations

The universal adoption of mobile devices in business environments has created new attack vectors that organizations struggle to address. A new report from CrowdStrike, the “Mobile Threat Landscape Report: A Comprehensive Review of 2019 Mobile Malware Trends,” offers a deep-dive into some of the threats that plague mobile devices, and provides recommendations for how organizations can best secure their data and networks against mobile threats.

CrowdStrike’s Mobile Threat Report details how mitigating the risks has become even more urgent because of the rapid adoption of mobile devices worldwide. In some regions, such as Latin America, mobile devices have surpassed desktop computing as a source for both business and personal use, including email access, banking and authentication, making mobile security an even more pressing issue.

CrowdStrike’s report offers an overview of the key types of malware observed so far in 2019 and the deployment mechanisms adversaries typically use. It also identifies the adversary groups and unaffiliated criminal actors that target mobile devices and how their tactics — and the mobile threat landscape in general — are evolving. The report includes valuable recommendations that can help you better secure your organization against mobile threats.

The nation’s intelligence community warned in its annual assessment of worldwide threats that climate change and other kinds of environmental degradation pose risks to global stability because they are “likely to fuel competition for resources, economic distress, and social discontent through 2019 and beyond.”

Released Tuesday, the Worldwide Threat Assessment prepared by the Director of National Intelligence added to a swelling chorus of scientific and national security voices in pointing out the ways climate change fuels widespread insecurity and erodes America’s ability to respond to it.

“Climate hazards such as extreme weather, higher temperatures, droughts, floods, wildfires, storms, sea level rise, soil degradation, and acidifying oceans are intensifying, threatening infrastructure, health, and water and food security,” said the report, which represents the consensus view among top intelligence officials. “Irreversible damage to ecosystems and habitats will undermine the economic benefits they provide, worsened by air, soil, water, and marine pollution.”


Reshaping Intel Operations in the Cyberspace – DoD