5 Lessons to Learn From GAO's Latest Information Security Assessment

| December 14, 2016

article image
Federal agencies are at a staggeringly increased risk of information security attack. The U.S. General Accountability Office (U.S. GAO) released a report in September 2016 titled Federal Information Security: Actions Needed to Address Challenges, authored by Information Security Issues Director Gregory C. Wilshusen. Over the past nine years, the GAO report states, security incidents at federal agencies have increased 1300%. The report includes data-driven insight into the state of security at federal agencies, as well as a recommended series of actions for organizations to address. While it's critical reading for government security officials, there's also a wealth of insights for professionals who work in a corporate setting. Join us as we review the findings of this report and how they should impact security strategies at public and private organizations.

Spotlight

Intellias

Intellias is a challenge-driven software engineering company, based in Ukraine (Kyiv, Lviv, Odesa, Kharkiv) and locally represented in Berlin, Germany. Since 2002, we've been helping leading technology companies from EU and North America to create their software products by building and operating world-class engineering teams in Eastern Europe for them.

OTHER ARTICLES

What is Ransomware and What You Need to Know to Stay Safe?

Article | March 5, 2020

While there may be more than 1 billion pieces of malware prowling the internet for a chance to infect victims, one particular piece of nastiness has been inflicting financial losses and security headaches for years.Known as ransomware, its sole purpose is to block access to computer systems or files until the victim pays a ransom. These ransom demands fluctuate wildly, from the equivalent of a couple of hundred dollars to several hundred thousand. In the simplest terms, ransomware is a piece of malicious software that prevents users from using their devices or accessing their personal or important files, unless a sum of money is paid. Payment is usually demanded in cryptocurrency, such as Monero or Bitcoin. Victims are told to purchase these digital assets and then transfer them to the attackers.

Read More

Single Layers Of Security Aren’t Enough To Protect Your Organization’s Data

Article | May 3, 2020

Next to your employees, your organization’s data is its most important resource. A data breach can devastate an organization’s finances and reputation for years. According to the 2019 Cost of a Data Breach Report, conducted by Ponemon Institute, the average total cost of a data breach in the U.S. is close to $4 million, and the average cost per lost data record is $150. Hackers are more sophisticated than ever and the value of data seems to rise every day. In fact, McAfee believes that 92% of organizations unknowingly have credentials for sale on the Dark Web or “dark net.”

Read More

Ryuk: Defending Against This Increasingly Busy Ransomware Family

Article | February 12, 2020

On December 16, 2019, the U.S. Coast Guard disclosed a security incident at a facility regulated by the Maritime Transportation Security Act (MTSA). Forensic analysis suggests that the incident might have begun when an employee clicked on a link embedded in a phishing email.This action enabled a threat actor to set Ryuk ransomware loose on the facility’s network. Ultimately, the infection spread to all IT network files, leading Ryuk to disrupt the corporate IT network and prevent critical process control monitoring systems from functioning properly. Phishing is one of the primary infection vectors for most ransomware families, but there’s an interesting twist with this particular family. As noted by Malwarebytes, a typical Ryuk attack begins when a user opens a weaponized Microsoft Office document attached to a phishing email. Opening the document causes a malicious macro to execute a PowerShell command that attempts to download the banking trojan Emotet. This has the ability to download additional malware onto an infected machine that retrieves and executes Trickbot.

Read More

COVID-19 and Amygdala Hijacking in Cyber Security Scams

Article | April 9, 2020

What races through your mind when you see “Coronavirus” or “COVID-19”? Fear, anxiety, curiosity… these internal reactions can prompt actions that we may not normally take. Recent attacks have been sending out mandatory meeting invites that ask you to log in to accounts. Others have been receiving emails to put themselves on a waiting list for a vaccine or treatment. The heightened emotions we experience when we see emails, or messages like this, may prompt us to give personal information out more willingly than we usually would. Security awareness takes a back seat as emotion takes over. It’s known as amygdala hijacking. Why does this happen to us? The amygdala is a small part of the brain that is largely responsible for generating emotional responses. An amygdala hijack is when something generates an overwhelming and immediate emotional response.Many common cyber security scams use amygdala hijacking to their benefit. We see this used often in phishing, vishing, SMShing, and impersonation attacks. Chris Hadnagy of Social-Engineer, LLC did a case study on amygdala hijacking in social engineering.

Read More

Spotlight

Intellias

Intellias is a challenge-driven software engineering company, based in Ukraine (Kyiv, Lviv, Odesa, Kharkiv) and locally represented in Berlin, Germany. Since 2002, we've been helping leading technology companies from EU and North America to create their software products by building and operating world-class engineering teams in Eastern Europe for them.

Events