[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x

Cybersecurity

375

Solutions

737

Contributors

The Cybersecurity specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. Cybersecurity focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.

Share tech news, updates, or what's on your mind.

Sign up to Post

This article explores how the implementation of threat intelligence into an Industrial Control System (ICS) and SCADA environment can help to fortify the defense in depth strategy.
0
Prep for the ITIL® Foundation Certification Exam
LVL 11
Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technology, what hackers may target, more.
0
What we learned in Webroot's webinar on multi-vector protection.
4
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
0
ransomware-2320941_960_720<wbr />
With the rising number of cyber attacks in recent years, keeping your personal data safe has become more important than ever. The tips outlined in this article will help you keep your identitfy safe.
0
In this blog we highlight approaches to managed security as a service. We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
0
Email attacks are the most common methods for initiating ransomware and phishing scams. Attackers want you to open an infected attachment or click a malicious link, and unwittingly download malware to your machine. Here are 7 ways you can stay safe.
1
When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and protection.
1
Cyber Crime
While it may be true that the internet is a place of possibilities, it is also a hostile environment lurking with many dangers. By clicking on the wrong link, trusting the wrong person or using a weak password, you are virtually inviting hackers to access all your sensitive information.
1
Smart phones, smart watches, Bluetooth-connected devices—the IoT is all around us. In this article, we take a look at the security implications of our highly connected world.
4
How to Use the Help Bell
LVL 11
How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Most MSPs worth their salt are already offering cybersecurity to their customers. But cybersecurity as a service is wide encompassing and can mean many things.  So where are MSPs falling in this spectrum?
0
Data breaches are on the rise, and companies are preparing by boosting their cybersecurity budgets. According to the Cybersecurity Market Report, worldwide spending on cybersecurity is predicted to exceed $1 trillion for the five year period from 2017-2021, making this year a great time to enter the information security game. 

Whether you’re just starting your career in tech or are a seasoned veteran looking to argue for a salary boost, continuing your tech education has many benefits. Getting the latest and most in-demand certification is a great way to stay current and add weight to your resume. 

Here are a few of the most sought after security certifications for 2017:

1CompTIA Security+

The Security+, while technically an entry level certification, signifies a broad range of knowledge and expertise in multiple security-related disciplines. CompTIA certifications are vendor neutral and well respected in the tech community. 

Experience needed for success: About 2 years 
Cost: $320
Test Format: Multiple choice and performance-based
Training: CompTIA Security+ Training by StormWind Studios


2. CEH: Certified Ethical Hacker
2
One of the biggest threats in the cyber realm pertains to advanced persistent threats (APTs). This paper is a compare and contrast of Russian and Chinese APT's.
0
Credit Card
A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.
0
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.

How it Works


fake gmail login screen- phishedThe attack works by targeting a victim’s contact list and sending out authentic looking phishing emails. When this forged email is opened and the attachment clicked, a page appearing to be the Google log in portal opens.

Once the victim submits their credentials into the site, the hackers start crawling the victim’s inbox. These crawlers look at previous subject lines and attachments for contextual relevance to copy.

A screenshot is taken of a previous attachment and a new message is composed. This screenshot becomes the entry way into the phishing Gmail login page. The subject line is then pulled from a previous email that would be relevant to the attachment.

The new version of the email is sent to all the victims contacts, and the attack starts again. The use of previous subject lines and attachment, help to make the hacker’s email look very genuine. This technique has tricked many users into opening the infected attachment.

One of these emails is described by a commenter on Hacker News,

“[The hackers] went into one student’s account, pulled an attachment with an athletic team practice schedule, generated the screenshot, and then paired that with a
1

A customer recently asked me about anti-malware and the different deployment options available for his business. Daily news about cyberattacks, zero-day vulnerabilities, and companies that suffered a security breach made him wonder if the endpoint anti-malware his company has been using is doing what it should.

 

Protection that follows the endpoint wherever it goes

Malware prevention and detection at the endpoint is a best practice every company should (and probably already does) follow. There are three main reasons to use endpoint agents:

 

  1. Endpoints tend to move and leave the network, so even if you run network-based anti-malware, your endpoints are protected only when connecting to the network.
  2. The way to infect the endpoint is not just via the network but also by plugging in a peripheral device (like a USB or camera) that the network doesn’t see.
  3. None of the anti-malware solutions protect against all threats, and since they get constant signatures updates (for new known vulnerabilities), it can address threats after infection.

 

The disadvantages of an anti-malware agent on the endpoint include:

 

  • The complexity involved with deployment
  • Updates (clients and signatures)
  • False positive investigation
  • Performance impact on the machine
  • Troubleshooting when it blocks legitimate business applications

 

In addition, most businesses use multiple platforms (different OSs, legacy solutions, services, appliances) that aren't supported by most anti-malware vendors.

 

Inspecting traffic in motion before it hits the target

The biggest advantage of network-based anti-malware is that it inspects the traffic while it is in motion, before it hits the endpoint that is the actual target - an in-depth best practice for defense.

 

Network anti-malware is always connected and usually gets automatic signatures updates, which makes it more reliable and secure. In addition, they are platform agnostic, as they see all traffic, so any platform on the network is protected.

 

The downsides of network-based anti-malware are that endpoints are only protected when connected to the network, and that it’s blind to peripheral devices.

 

Cloud-based Anti-Malware: the network advantages without the box constraints

When using on-premise network anti-malware solutions, it usually runs on an appliance that already inspects the business traffic (next generation firewall, UTM, secure web gateway).

 

Enabling the anti-malware capabilities on that box introduces two challenges:

 

  1. Capacity constraints: the anti-malware engine is a “heavy user” of computing and memory resources. This means that your appliance is now required to do a lot more processing on the same traffic load. The ability to grow (more users or traffic) is limited by the appliance capacity and can be extremely challenging if SSL traffic inspection is required.
  2. Continued maintenance: the appliances’ software needs to be upgraded and patched. This means network downtime, compatibility testing, IT investment and need for skilled resources. The impact is heavier in a multi-site environment.

 

Cloud-based anti-malware overcomes appliance limitations, as all business traffic is inspected via a managed service in the cloud, regardless of location. This eliminates the need to deploy and configure appliances at each location. A cloud-based service is elastic, and the vendor is responsible to scale it to address customer traffic needs. It is also the vendor’s responsibility to make sure the service is always up and running and has the latest updates, so the customers no longer need to maintain the solution for optimal performance and effectiveness. Also, mobile users can dynamically connect to the service on the go, so they are always protected even when they are away from corporate locations.

0
These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives basic information about SQL injections
4
How important is it to take extra precautions to protect your online business? These are some steps you can take to make sure you're free of any cyber crime.
6
Password security
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringing your solution beyond military grade security.
3
The Growing Need for Data Analysts
The Growing Need for Data Analysts

As the amount of data rapidly increases in our world, so does the need for qualified data analysts. WGU's MS in Data Analytics and maximize your leadership opportunities as a data engineer, business analyst, information research scientist, and more.

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
3
Superb Internet Corp - SSL Certificates
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant.
Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like a customer’s personal and credit card information.
1
cybersecuritty
Read about achieving the basic levels of HRIS security in the workplace.
1
 
LVL 6

Author Comment

by:Oscar Waterworth
Comment Utility
It was a mistake, thanks for having such a keen eye.
0
Cyber or not!
Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
3
cloud
Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our businesses and ultimately lives.
0
6 motivations of cybercriminals
So, a cyberiminal’s ultimate goal and motivation has to involve financial gain, right?—not necessarily. There are at least five other motivations behind cybercriminal activities.
1

Cybersecurity

375

Solutions

737

Contributors

The Cybersecurity specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. Cybersecurity focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.