December cyber attack costs New Orleans $7 million, so far

Security Boulevard | January 20, 2020

A ransomware attack targeting the city of New Orleans has inflicted $7 million in losses so far, with more to be incurred in coming months, Mayor Latoya Cantrell said in a recent update. At 5 a.m. on December 13, New Orleans was becoming the latest victim in a long string of ransomware attacks directed as U.S. municipalities, throwing the state of Louisiana’s most populous city into a state of emergency. Employees were told to disconnect all computer systems, including servers, and halt all work. The attackers had made no ransom demands, suggesting the attack was meant to disrupt the city and dent its economy. However, this is not confirmed.

Spotlight

A review of the growing number of universities that offer courses or degrees in computer security or information assurance reveals that many of them maintain their research center in either computer science or computer engineering departments. Their goal is to produce technology that addresses specific aspects of information security. This has been true for many years. However, despite several decades of work in this arena we are still experiencing increases in the number of incidents that occur (see the annual CSI/FBI survey from the Computer Security Institute, www.gocsi.com or check the statistics provided by the CERT/CC at Carnegie Mellon University at www.cert.org for more information on the number and trends in Internet attacks). According to one study, as many as 94% of large organizations in North America have deployed firewalls, and 52% have deployed virtual private network solutions [19]. Reasons for the increases include the discovery and use of new vulnerabilities or methods of attack by the intruders, thus evading the existing list of attack signatures contained in current intrusion detection systems. It might also be explained by the fact that even when vulnerabilities are known and patches to fix them are available, individuals and organizations frequently do not patch their systems. [12] The solution to information systems security is obviously not technology alone. The  solution has to include the environment in which the technology is deployed, including human and organizational elements [3]. A quote from a respondent to the Deloitte, Touche, and Tohmatsu 2003 Global Security Survey serves to nicely sum up the issue: “Technology can only help reduce risks to a point.” [13] This position is reflected in an emerging belief that the bulk of previous information systems security research, although worthy, is too narrow in scope to cope with the increasing pervasiveness and intertwined nature of information systems in all aspects of our individual, organizational, and societal lives [3]

Spotlight

A review of the growing number of universities that offer courses or degrees in computer security or information assurance reveals that many of them maintain their research center in either computer science or computer engineering departments. Their goal is to produce technology that addresses specific aspects of information security. This has been true for many years. However, despite several decades of work in this arena we are still experiencing increases in the number of incidents that occur (see the annual CSI/FBI survey from the Computer Security Institute, www.gocsi.com or check the statistics provided by the CERT/CC at Carnegie Mellon University at www.cert.org for more information on the number and trends in Internet attacks). According to one study, as many as 94% of large organizations in North America have deployed firewalls, and 52% have deployed virtual private network solutions [19]. Reasons for the increases include the discovery and use of new vulnerabilities or methods of attack by the intruders, thus evading the existing list of attack signatures contained in current intrusion detection systems. It might also be explained by the fact that even when vulnerabilities are known and patches to fix them are available, individuals and organizations frequently do not patch their systems. [12] The solution to information systems security is obviously not technology alone. The  solution has to include the environment in which the technology is deployed, including human and organizational elements [3]. A quote from a respondent to the Deloitte, Touche, and Tohmatsu 2003 Global Security Survey serves to nicely sum up the issue: “Technology can only help reduce risks to a point.” [13] This position is reflected in an emerging belief that the bulk of previous information systems security research, although worthy, is too narrow in scope to cope with the increasing pervasiveness and intertwined nature of information systems in all aspects of our individual, organizational, and societal lives [3]

Related News

DATA SECURITY

Cohere Cyber Secure and SecurityScorecard Partner to Improve Cybersecurity of Financial Sector

Cohere Cyber Secure and SecurityScorecard | September 24, 2021

Cohere Cyber Secure today announced a partnership with SecurityScorecard, the global leader in cybersecurity ratings, to deliver cyber ratings to customers and jointly drive market penetration with a single integrated solution. These include the most recognized companies globally across financial services, including various groups surrounding Registered Investment Advisors of Real Estate, Private Equity, Portfolio Managers, Hedge and LBO funds. As part of the partnership, Cohere will embed SecurityScorecard's monitoring capabilities into our security operations via Cohere's SIEM technology to continuously monitor and mitigate potential cyber threats, both on-premise and in the cloud. "Financial organizations are the biggest target for cyber criminals, and security teams need a comprehensive and compliant cybersecurity strategy that provides in-depth intelligence," says Aleksandr Yampolskiy, CEO at SecurityScorecard. "This partnership provides real actionable insights into the real-time threats facing financial organizations, and ensures that they will maintain the strongest possible security posture and conform to industry compliance standards." The combined solution from Cohere delivers a 360-degree view and addresses critical security concerns including vulnerability assessment and risk management, threat detection with real-time monitoring, incident response, and regulatory reporting. Partnership customers can review their SecurityScorecard rating and extend this support to their portfolio and vendor firms. This complete solution allows for continuous monitoring that provides an outside-in view into security practices, ensuring that organizations can continue to provide their clients the most secure financial services. Additionally, as a tightly-coupled solution, customers can generate comprehensive monthly or on-demand Cyber health reports for governance boards and regulators. Security organizations are often hamstrung by only looking within their cyber borders with an inside-out view into their vulnerabilities, and often have to break up monitoring tools with multiple outside vendors. Investors, customers, regulators, CISO's and compliance officers can rest easier knowing our solution keeps your company safe and secure. Steven Francesco, Chairman and CEO at Cohere Cyber Secure Scoring more than 11 million companies continuously and on a daily basis, SecurityScorecard provides an objective, outside-in view of cyber risk based on publicly-available data. In addition, the company's technology uses non-intrusive proprietary methods and data feeds continuously monitor covered entities based on 10 risk factors, including endpoint security, patching cadence, and network security, and ultimately delivers an "A" through "F" rating. About Cohere Cyber Secure Cohere Cyber Secure is a trusted, single-source provider of technology solutions including, Cybersecurity, Cloud Hosting, Managed IT and UCaaS Services. From its New York City headquarters, Cohere maintains data center facilities throughout North America and key global locations. Additionally, Cohere performs cyber protection assessments and advises companies on regulatory compliance requirements. Our clients include global enterprises that demand high availability, operating diversity and tailored IT solutions. In addition, Cohere's Consulting services provide unparalleled IT expertise that enable strategic planning in Cyber and Compliance Policies, Managed IT and Data Protection Services, Crisis Management/Incident Response, Risk Management and Business Continuity. Cohere's enhanced solutions and dedicated staff simplify the everyday challenges of complex business technologies. About SecurityScorecard Funded by world-class investors including Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital and others, SecurityScorecard is the global leader in cybersecurity ratings with more than 11 million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 22,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, and cyber insurance underwriting. SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees and vendors. Every company has the universal right to their trusted and transparent Instant SecurityScorecard rating.

Read More

Abacode announces its participation in CyberXchange, a cybersecurity e-commerce marketplace for B2B

prnewswire | October 06, 2020

Abacode today announced the availability of its Managed Cybersecurity & Compliance Services available on CyberXchange, the innovative new ecommerce marketplace dedicated to cybersecurity and compliance. For the first time, CIOs, CISOs and IT professionals can find and consult with supplier partners or purchase Abacode's solutions mapped to the major cybersecurity frameworks such as SOC 2, PCI, CMMC, and NIST bringing unprecedented visibility and efficiencies in building their cybersecurity programs. Built on CyberXchange's proprietary mapping engine and AI platform called Harmony, Abacode's solutions are available now at: https://cyberxchange.apptega.com/company/abacode-inc.

Read More

DATA SECURITY

AppOmni Announces its SaaS Security Management Support for Leading Digital Workflow Company, ServiceNow

AppOmni | July 21, 2021

The leading provider of SaaS Security Management, AppOmni, has announced that it would provide SaaS Security Management support for the leading digital workflow company, ServiceNow. ServiceNow is a leading digital workflow company that does work, works better for people. It also delivers a practical solution that helps companies enhance managerial workflows from IT and HR services to customers and employee integrations. Security and IT teams of ServiceNow can identify and remediate configuration risks and security preferences with the addition of AppOmni AppOmni is empowering ServiceNow clients who have numerous SaaS vendors to accomplish their security pose and threat across all of their dangerous SaaS environments in one place. The Now Platform delivers extensive competencies for clienteles to monitor and accomplish the security features for the platform and the applications built on top of the ones they use most such as auditing tools, providing best practices, proactive security administrator notifications, and security events detection. Now with the cooperation of AppOmni Security and IT teams of ServiceNow, will have: • Access to ServiceNow safety best practice policies from an essential SaaS monitor service to support confirm maximum defenses are in place to reduce susceptibilities during custom distributions • Amplified discernibility and know-how to recognize configuration risks and safety inclinations across many SaaS salespersons such as the Now Platform • Accessibility of high-fidelity recognition alerts, which clients can configure to send to ServiceNow or other safety monitoring tools to rationalize response. Now with AppOmni, it would make it simple for enterprise security, CISOs, and IT teams to completely secure their rising SaaS environments by providing a complete suite of SaaS protection, security posture, and monitoring capabilities., AppOmni expands, with the addition of ServiceNow, it's SaaS Security Management solution to cover the most extensively used corporate critical applications, which now include GitHub, Box, Microsoft Teams, Microsoft Office 365, Slack, Salesforce, and Zoom. About AppOmni As the leading provider of SaaS Security Management, it provides unprecedented data management, access visibility, and security of SaaS solutions, allowing organizations to make safe, mission-critical, and sensitive data. The company customer base of AppOmni includes global leaders across healthcare, technology, banking, finance, and security. The company's leadership team brings know-how and invention from leading high tech companies, SaaS providers, and cybersecurity vendors.

Read More