Nouvelles

The Pentagon is now working to institute JWCC, as pressure builds to seamlessly link the military services and more effectively process reams of data.

A brief walk down memory lane: Ransomware is not a new threat   Ransomware’s first documented attack was relatively rudimentary. It was delivered via floppy disk containing a malware program in 1989 that told its victims to pay $189 in ransom to a PO Box in Panama. Today ransomware criminals are significantly more sophisticated, thanks to advances in cyber methods and cryptocurrencies. Not all Ransomware is created equally. Like all malware, malicious codes vary in so

Finally, Uncle Sam is compelling companies to take cybersecurity seriously. Related: How the Middle East paved the way to CMMC Cybersecurity Maturity Model Certification version 2.0 could take effect as early as May 2023 mandating detailed audits of the cybersecurity practices of any company that hopes to do business with the Department of Defense. Make [...]

Il sera désormais bien plus complexe pour les entreprises québécoises de négliger la cybersécurité. Entrée en vigueur le 22 septembre dernier, la loi 25 vise à les inciter à prendre ce problème grandissant au sérieux — et pénalisera celles qui demeurent nonchalantes. Survol.

Les PME disposent de moins de ressources financières et humaines que les grandes entreprises, mais elles font face aux mêmes défis en matière de cybersécurité. Pour se protéger, elles ont néanmoins accès à des outils performants, mais l'enjeu se situe surtout sur le plan des processus entourant le facteur humain.

C'est à la demande d'un client important que Groupe CIS s'est lancé dans l'obtention de la certification ISO 27 001. La PME a dû se mettre rapidement à la t'che pour pouvoir conserver ce client. Mais elle a aussi découvert que le fruit de ses efforts allait lui rapporter bien plus que prévu.

Every year, the Department of Defense (DoD) relies on hundreds of thousands of entrepreneurial businesses to provide critical technologies and innovations that help support the men and women who are working to protect the US. Equally, DoD contracts are often the lifeblood for many of those private-sector businesses. More recently, those companies––known as the defense industrial base (DIB)––have been the target of increasingly sophisticated cyberattacks. In an effort to safeguard against those attacks, the DoD initially introduced the NIST 800-171 standard to protect the confidentiality of controlled unclassified information (CUI). That program allowed defense contractors to self-attest, however after review, the department discovered a majority of contractors could not pass their audits.

Finally, Uncle Sam is compelling companies to take cybersecurity seriously. Cybersecurity Maturity Model Certification version 2.0 could take effect as early as May 2023 mandating detailed audits of the cybersecurity practices of any company that hopes to do business with the Department of Defense.

EXECUTIVE SUMMARY: The US airline, which reportedly owns the world's largest fleet of aircraft, has fallen prey to a phishing campaign. The campaign ultimately fooled American Airlines' employees. American Airlines breach Americans Airlines stated that the personal information of a “very small number” of employees and customers was affected by an unauthorized party's compromise of the company's business email accounts. “American Airlines is aware of a phishing campaign that led to the unauthorized access to a limited number of team member mailboxes,” – American Airlines Information obtained by hackers includes driver's license details, passport numbers, dates of birth, and medical information. Thus far, analysts do not believe that the stolen data has been misused or sold, although attackers may be waiting for a lower-profile sales opportunity. Keeping customers secure Additional safeguards have been put in place to prevent future attacks, says the airline. The company secured breached accounts and hired a cyber security firm to assist with an investigation. “We regret that this incident occurred and take the security of your personal information very seriously,” wrote Chief Privacy and Data Protection Officer, Russell Hubbard, in a letter to affected customers. American Airlines is offering two years of identity theft monitoring services to victims. Are airlines more prone to data breaches than other sectors? Vicious phishing attacks are becoming increasingly common across nearly all sectors of the economy, and the aviation industry is no stranger to data breaches. In 2020, nine million EasyJet passengers were affected by a data breach, which exposed the credit card details belonging to over 2,000 individuals. The airline waited for four months before notifying customers. After litigation, customers were entitled to compensation. Last year, Malaysia Airlines suffered a security incident affecting those who participated in the airline's frequent flyer program. The breach reportedly involved a third-party IT service provider. No evidence pointed to data misuse, however, as a precaution, the company did request for passengers to change account passwords. Because airlines store information that can be used to orchestrate identity theft, airlines represent an attractive target for cyber criminals. Passport numbers, full names, and dates of birth allow criminals to pursue illegal activities such as fraudulently taking out loans in someone else's name or crossing international borders. Fending off phishing The commercial availability of ‘phishing kits' means that nearly anyone can organize a phishing campaign, regardless of technical capabilities. In the modern era, phishing is a DIY activity. Take steps to prevent phishing attacks. Start with the following: 1. Educate employees. Phishing awareness training can protect your employees, customers and your business from email fraud. 2. Consider password managers. Using a password manager can help defend against brute-force accounts with weak passwords, along with credential stuffing. 3. Endpoint security. The increased use of cloud services and personal devices in the workplace have introduced new endpoints that may not be fully protected. It's essential to monitor endpoints for security threats and to implement rapid remediation and response for compromised devices. 4. Deploy email security. Email filtering solutions can block malware, detecting malicious links, attachments, spam content and language that may indicate a phishing threat. 5. Conduct phishing simulations. Request for your IT department to send out a fake phishing email and to assess responses. 6. Limit access to high-value systems and data. Privileged user accounts are attractive to cyber criminals, as access potentially allows for lateral movement across a network. Learn more about essential phishing prevention best practices here. For the top 15 phishing attack statistics, see CyberTalk.org's past coverage. Lastly, to receive cutting-edge cyber security news, interviews, expert analyses and leading security resources, please sign up for the CyberTalk.org newsletter.