The boards and executives of companies are meant to be good at balancing risk and oppportunity; so why do so many have a massive blind-spot when it comes to computer security? High-profile hacking incidents and security breaches continue and despite the arrival of GDPR data protection rules in May aimed at prodding European organisations into improving security at the risk of large fines, many organisations still aren't getting cyber security right or don't understand what they're supposed to act on. That's something the UK's National Cyber Security Centre (NCSC) is looking to change."Cyber security is now a mainstream business risk. So corporate leaders need to understand what threats are out there, and what the most effective ways are of managing the risks," Ciaran Martin, chief executive of the NCSC, said recently."But to have the plain English, business-focused discussions at board level, board members need to get a little bit technical. They need to understand cyber risk in the … [Read more...] about Cyber security: Your boss doesn’t care and that’s not OK anymore
Cybersecurity and cyberwar what everyone needs to know
This article was originally published as a TechRepublic cover story. In the spring of 2015, faced with external cyberattacks on the US of increasing frequency and severity, President Obama made a dramatic announcement. The level of hacking and cyber-espionage against the US had created an "unusual and extraordinary threat to the national security, foreign policy, and economy" of the country, said the President, who declared a national emergency to deal with the threat. This executive order allowed the administration to pursue sanctions against those who attacked US critical infrastructure or stole secrets. Since then the national emergency has been extended three times (it must be reconfirmed every year), but the attacks against the US and its allies continue. Indeed, the ongoing state of emergency did little to deter the most spectacular anti-US hacking campaign in recent years: Russia's meddling in the 2016 US presidential election. Russia is not … [Read more...] about Can Russian hackers be stopped? Here’s why it might take 20 years
The computers of a US Navy contractor were breached by Chinese hackers, who stole hundreds of gigabytes of information about secret projects, reports The Washington Post. According to officials who spoke with the Post, the breaches occurred in January and February of this year. The target was an unnamed contractor that worked with the Naval Undersea Warfare Center, which the Navy uses to conduct “research, development, test and evaluation, engineering and fleet support center for submarines, autonomous underwater systems and offensive and defensive weapons systems associated with undersea warfare.” Hackers stole 614 gigabytes of data from the contractor, relating to a project called Sea Dragon, a secret project that the Defense Department explained as a new “disruptive offensive capability” being integrated onto “an existing weapons system with an existing Navy platform.” The Post describes the project as a “supersonic anti-ship missile” … [Read more...] about Chinese hackers reportedly stole data related to secret projects from a US Navy contractor
It's been a year since the gigantic WannaCry ransomware cyber attack caused chaos across the world, hitting more than 230,000 computers in total.The hard drive encrypting malware spread so fast because the group behind it had combined normal malware with EternalBlue, a leaked NSA hacking tool which allowed WannaCry to use worm-like capabilities to self-propagate on vulnerable Windows systems.While there was some initial speculation that WannaCry was spread in an email spam campaign, the ransomware didn't in fact require any user interaction at all. Combining EternalBlue and another leaked exploit in the form of DoublePulsar, the worm looked for vulnerable public facing SMB ports it could establish a connection to.Once these were located, the leaked SMB exploits were harnessed to not only deploy WannaCry on that particular system, but to spread to all other vulnerable machines on the connected network. In essence, even just one open, vulnerable SMB port could lead to a whole network … [Read more...] about WannaCry ransomware crisis, one year on: Are we ready for the next global cyber attack?
Verizon won’t sell any Huawei phones, including the new flagship Mate 10 Pro, because of pressure from the US government, anonymous sources told Bloomberg yesterday. Verizon declined to comment, and Huawei did not immediately respond. Huawei has been trying to make a big push into the US this year but has found its efforts stymied by the US government over concerns that the Chinese company could be a security threat. Earlier this month, AT&T pulled out of a deal with Huawei to sell the Mate 10 Pro after receiving similar pressure. While Huawei sells unlocked phones that can still work on Verizon and AT&T networks, having its phones sold by a major US carrier would have allowed it to reach more consumers than before and raise its reputation in the US. A day after AT&T’s decision was made public by media reports, Huawei’s consumer products CEO Richard Yu shared his reaction during a CES keynote. He said that American consumers were the ones who missed out … [Read more...] about Verizon won’t sell Huawei phones due to US government pressure, report says