50% of cyber attacks now use island hopping

ITPro | July 03, 2019

50% of cyber attacks now use island hopping
Financial, retail and manufacturing businesses are in the firing line of this increasingly popular cyber attack method. Island hopping is an increasingly popular cyber attack technique where cyber criminals infiltrate smaller companies, such as HR, marketing or healthcare firms, in order to access a larger target organisation. It’s a method that has seen a steep rise in usage over the past few years, with 50% of today’s attacks using island hopping, according to Carbon Black’s Quarterly Incident Threat Report. The report revealed that the industries most affected by island hopping are financial (42%), manufacturing (32%) and retail (32%), although those numbers may well be higher as it is sometimes difficult to work out the journey of an attempted cyber attack. “At this point, [island hopping] has become part and parcel of a cybercrime conspiracy,” said Tom Kellerman, Carbon Black’s chief cybersecurity officer. “They’re using their victim’s brand against customers and partners of that company.

Spotlight

Transforming fraud management starts with putting the customer front and center. And executing real-time, customer-centric fraud prevention gives financial services organizations a competitive advantage. Innovations in analytics and the ability to respond in real-time are now allowing financial services organizations to effectively address various fraud issues across their products and at the same time, deliver services to customers on the terms they demand.

Related News

DATA SECURITY

Cohere Cyber Secure and SecurityScorecard Partner to Improve Cybersecurity of Financial Sector

Cohere Cyber Secure and SecurityScorecard | September 24, 2021

Cohere Cyber Secure today announced a partnership with SecurityScorecard, the global leader in cybersecurity ratings, to deliver cyber ratings to customers and jointly drive market penetration with a single integrated solution. These include the most recognized companies globally across financial services, including various groups surrounding Registered Investment Advisors of Real Estate, Private Equity, Portfolio Managers, Hedge and LBO funds. As part of the partnership, Cohere will embed SecurityScorecard's monitoring capabilities into our security operations via Cohere's SIEM technology to continuously monitor and mitigate potential cyber threats, both on-premise and in the cloud. "Financial organizations are the biggest target for cyber criminals, and security teams need a comprehensive and compliant cybersecurity strategy that provides in-depth intelligence," says Aleksandr Yampolskiy, CEO at SecurityScorecard. "This partnership provides real actionable insights into the real-time threats facing financial organizations, and ensures that they will maintain the strongest possible security posture and conform to industry compliance standards." The combined solution from Cohere delivers a 360-degree view and addresses critical security concerns including vulnerability assessment and risk management, threat detection with real-time monitoring, incident response, and regulatory reporting. Partnership customers can review their SecurityScorecard rating and extend this support to their portfolio and vendor firms. This complete solution allows for continuous monitoring that provides an outside-in view into security practices, ensuring that organizations can continue to provide their clients the most secure financial services. Additionally, as a tightly-coupled solution, customers can generate comprehensive monthly or on-demand Cyber health reports for governance boards and regulators. Security organizations are often hamstrung by only looking within their cyber borders with an inside-out view into their vulnerabilities, and often have to break up monitoring tools with multiple outside vendors. Investors, customers, regulators, CISO's and compliance officers can rest easier knowing our solution keeps your company safe and secure. Steven Francesco, Chairman and CEO at Cohere Cyber Secure Scoring more than 11 million companies continuously and on a daily basis, SecurityScorecard provides an objective, outside-in view of cyber risk based on publicly-available data. In addition, the company's technology uses non-intrusive proprietary methods and data feeds continuously monitor covered entities based on 10 risk factors, including endpoint security, patching cadence, and network security, and ultimately delivers an "A" through "F" rating. About Cohere Cyber Secure Cohere Cyber Secure is a trusted, single-source provider of technology solutions including, Cybersecurity, Cloud Hosting, Managed IT and UCaaS Services. From its New York City headquarters, Cohere maintains data center facilities throughout North America and key global locations. Additionally, Cohere performs cyber protection assessments and advises companies on regulatory compliance requirements. Our clients include global enterprises that demand high availability, operating diversity and tailored IT solutions. In addition, Cohere's Consulting services provide unparalleled IT expertise that enable strategic planning in Cyber and Compliance Policies, Managed IT and Data Protection Services, Crisis Management/Incident Response, Risk Management and Business Continuity. Cohere's enhanced solutions and dedicated staff simplify the everyday challenges of complex business technologies. About SecurityScorecard Funded by world-class investors including Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital and others, SecurityScorecard is the global leader in cybersecurity ratings with more than 11 million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 22,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, and cyber insurance underwriting. SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees and vendors. Every company has the universal right to their trusted and transparent Instant SecurityScorecard rating.

Read More

DATA SECURITY

Vulcan Cyber to Introduce Risk Scoring Platform for Businesses

Vulcan Cyber | June 19, 2021

The only risk remediation platform of developers of the industry, Vulcan Cyber®, has announced a new for IT security organizations to measure risk compliance through IT asset health scores across logical business groupings. For the first time, this enables enterprise cybersecurity teams to track remediation progress against prioritized risks to measure business risk against customizable security compliance KPIs. This will help businesses protect themselves from various exploits such as ransomware attacks and data breaches. Other approaches lack many aspects in vulnerability risk prioritization and often only the risks at the individual, atomic, and asset levels. Customers of Vulcan Cyber now benefit from the ability to control custom risk parameters and improved vulnerability prioritizing scores weighted with industry asset data. These newest additions to the Vulcan Cyber risk model improve the industry's only threat remediation orchestration platform and are an indispensable second step after susceptibility scanning. Practically all subjugated vulnerabilities are known by IT and security teams in advance; they are exploited at the occurrence. As a result, the windows for vulnerability remediation presently span much time giving bad actors an intolerable amount of time to abuse businesses with significantly less capacity to protect themselves. Vulcan Cyber helps get the proper remedies to the right people, prioritize vulnerabilities, automate remediation tasks at scale, integrate with dozens of best-of-breed tools, and measure risk across the complete process to get it fixed finally. About Vulcan Cyber Vulcan Cyber developed the industry's first vulnerability remediation orchestration platform, which was built to help various businesses reduce the online threat risks using application security and measurable cloud. By curating and delivering the best remedies, prioritizing vulnerabilities, and automating processes and fixes via the last mile of remediation, the platform of Vulcan orchestrates and tracks the remediation lifespan from scan to fix. Vulcan Cyber platform’s unique capability has garnered Vulcan Cyber recognitions.

Read More

DATA SECURITY

Mayorkas to Announce the Largest Cybersecurity Hiring Initiative in DHS History

Mayorkas | July 06, 2021

Alejandro N. Mayorkas, Secretary of Homeland Security, has announced its onboarding of 300 cybersecurity professionals and an extension of other 500 tentative job offers in the Department’s largest cybersecurity hiring initiative in its history. This initiative is part of a 60-day Cybersecurity Workforce Sprint, aiming to build a more diverse and multi-talented cybersecurity workforce. According to Secretary Mayorkas, cyber threats and crimes are increasing, so we should prepare well to defend it by hiring more talents. In early May, Secretary Mayorkas set a goal to hire around 200 new cybersecurity personnel in the Department by July 1. The achievement of the Cybersecurity Workforce Sprint shows a strong wish by our country's highest cyber talent to bestow them to public service and support blocks some of the most compound trials we come across today. DHS is dedicated to confirming its staff represents the varied communities it assists. To this end, the Cybersecurity Workforce Sprint is stranded in diversity, equity, and inclusion most acceptable practices, and comprises targeted outreach to underserved communities. Secretary Mayorkas, this month, will also launch an Honors Program starting with an initiative to recruit recent graduates with degrees in cybersecurity-related arenas for a one-year specialized development program at DHS. Participants who productively complete this program will be qualified for enduring, full-time cybersecurity positions at the Department. Additionally, the Department's Cybersecurity and Infrastructure Security Agency (CISA) is mounting its K-12 initiative to nurture the next generation of diverse cybersecurity professionals. Secretary Mayorkas, in March, outlined his dream for the Department's cybersecurity urgencies during a virtual address hosted by RSA Conference in corporation with Hampton University and Girl Scouts of the USA. The Secretary highlighted a series of full sprints intended to raise existing work, eliminate roadblocks to development, and take off new initiatives and partnerships to attain DHS’s cybersecurity assignment and implement the Biden-Harris Administration's primary concern. The first sprint was concentrated on raising consciousness about the cumulative risk of ransomware.

Read More

Spotlight

Transforming fraud management starts with putting the customer front and center. And executing real-time, customer-centric fraud prevention gives financial services organizations a competitive advantage. Innovations in analytics and the ability to respond in real-time are now allowing financial services organizations to effectively address various fraud issues across their products and at the same time, deliver services to customers on the terms they demand.