How Much A Bad Password Can Cost You

How Much One Bad Password Can Cost You

Anyone using a computer at work and the internet at home is likely drowning in the passwords they’re forced to maintain. With weak, stolen or reused passwords being the cause of 81% of breaches, people and the companies they work for need to ensure that there aren’t any gaps in their password management since much is at stake. So, let’s take a look at how much one bad password can cost you.

Multiple Accounts, One Password

With the average adult possessing more than 25 online accounts, it is no wonder that employees fail to maintain good password hygiene, for example having strong, unique passwords for every system they access. Instead, the same passwords are being used across multiple accounts, which exponentially increases the risk of both internal and external breaches. For example, the Dropbox data breach resulting in 60 million user credentials being compromised started with an employee reusing a work password.

The Spreadsheet Mistake

Some employers may think that storing passwords in a central location that’s easy to access will avoid password loss and keep productivity high, however, the reality is that this misstep has consequences far more extreme than the reward. The average cost of a data breach in the U.S. is $7.35 million according to IBM and the Ponemon Institute.

Cost of a Data Breach

Education, Education, Education

If businesses are relying on spreadsheets or a similar method of storing credentials, they should reconsider their security policy to ensure the best practices are being followed. Employee education, as well as introducing effective password management technology is key to reducing the threat of sensitive data being easily accessible and potentially, getting into the wrong hands. Check out our article on tips for creating a stronger password to keep your accounts secure.

Protecting your online accounts should be an ongoing priority, so make sure you know how to protect yourself. In the event that you are hacked, hopefully, it doesn’t cost you millions as it does for many companies worldwide.

cybersecurity IT difference

What Your IT Department Doesn’t Know About Cybersecurity

Times change, and cybersecurity threats are continually evolving and outgrowing previous “best practices”. The reality is, effective cybersecurity requires more than just a secure infrastructure and one-time installation of security processes. Cybersecurity requires ongoing attention to, and adjustment of, protocols and operational management. Unfortunately, many times, cybersecurity responsibilities are stacked on top of an already busy IT team. It’s no wonder why cybercrime is estimated to reach 6 trillion USD in global costs by 2021.

IT Responsibilities

An IT department and a Cybersecurity department should be thought of as two separate entities. When you have an IT department, or even a single IT professional working for you, allow them to concentrate on operating your system and optimizing its use. It’s a bit oversimplified, but your IT department should be in charge of making sure your business has uptime. If they are doing their job efficiently and appropriately, this should be all they have time to do.

Cybersecurity Responsibilities

While there are some daily operational tasks that may be required of a cybersecurity professional, their main focus should be to look for holes in your system that leave you vulnerable. They should not only be seeking out and researching potential threats but understanding what is needed to prevent them. Cybersecurity professionals are proactive while IT professionals are reactive.

Evergreen Approach

The key to being a successful cybersecurity professional is continually reviewing details of internal operational procedures, in conjunction with staying current on the newest threats and emerging cybercriminal practices. Said simpler, staying ahead of the bad guys. This does require a skill in attention to detail, as even the most minor security weakness or oversight could have huge consequences on an organization.

It’s All About Compliance

Securing data and networks reliably, while responding successfully to meticulous audits, can be daunting. Meeting compliance mandates, however, will not only ensure maximum security, but also enhance your data center’s reputation for quality. Important compliance standards include, but are not limited to:

Why You Need Both

If you have a digital presence in any way, you need both of these departments to keep things running smoothly and safely. IT and cybersecurity have very different roles to play, however, together their functions act as a sort of checks and balances relationship. Reach out to our Cybint team today to discover our cyber solutions that will fit your unique business structure. We are here to help ensure your security and continued growth.

cybersecurity IT

cyber hacks

3 Cyber Intelligence Hacks That Will Improve Your Work

Cyber intelligence refers to the process of gathering, analyzing and interpreting digital information. Not only is cyber intelligence vital to an organization for a strong security posture but has been effective in increasing workplace efficiency and due diligence.

The breadth of information and data stored on the Internet is endless, and new information is constantly generated. Studies show that most people are only accessing 5% of the information they need for work, so understanding how to improve these practices can skyrocket performance and efficiency. In this article, we’ll cover these important tips to improve your output:

1. Searching Better

Using search parameters in your Google search queries such as file type, help to narrow down the results to more targeted information that would have otherwise been buried in irrelevant links. Let’s go through an example:

Let’s say we’re looking for a downloadable copy of Alice and Wonderland. By typing in the title, the results may contain the movie’s IMDB page or reviews of the book. The results are at 145,000,000 which are still too broad.

cyber hacks

So let’s add the word “library” in quotations, meaning the search results MUST contain that word and we want a copy that is from the library. As you can see there are about 23,400,000 results.

cyber hacks

Still, our results could be better, so we add in another parameter that reads filetype: PDF. This narrows the results to only PDF pages of Alice and Wonderland from the library. Now, there are only 665,000 results, reduced from 145 million.

cyber hacks

The first link is from the Oxford Bookworm’s Library and is a complete, downloadable version of Alice and Wonderland in PDF form.

cyber hacks

2. Accessing Hidden Data

Data is not always easy to find on the web because most of the available resources are visible only to machines. People navigate the web visually, viewing content, clicking on links and downloading files. While humans look for engaging, interactive content, machines require structure, logic, and clarity.

The benefits of hidden include improved quality, relevance, context and breadth of our search. In this example, we’ll be using the tool, Lumen, an online archive that enables users to search for information that was requested to be deleted by an organization or individual from online.

Let’s say we want to find out if the Coca-Cola Company has had a cease and desist notice issued on its behalf.

cyber hacks

Similar to the first example, we’ll want to narrow these results using the “advanced search” option. We want to filter down on the recipient, by choosing Twitter.

cyber hacks

Here we can see that the subject of the notice is a DMCA takedown notice, meaning Coca-Cola requested that Twitter remove specific content, probably from a Twitter account or a specific tweet because it violates its copyrights.

cyber hacks

3. Uncovering Deleted Information

We’ve covered search hacks, hidden data hacks, but what about accessing information that was changed? In this example, we’ll be using the tool Wayback Machine which uncovers deleted data from the Internet, regardless of the reason it was deleted (whether it was outdated, deliberately deleted, etc.), to find and save specific webpages for future use, and for investigating the changes that have been made on a specific webpage. This type of tool is especially beneficial to those in law enforcement and legal careers.

Let’s check Google.

cyber hacks

The first thing we see is a summary of data collected on the website over time. Then, you can choose the year you desire and the calendar will open up.

cyber hacks

Let’s choose December 31st, 2006. Choosing a specific time may not make much of a difference but you do have that option. Here is a preview of Google from that exact date:

cyber hacks

As you’ve learned, in order to access hidden information, you don’t need a secret password, an invitation from an inside member or hacking tools. All you need is a computer and an internet connection. As long as the proper tools and methods are used, the data is only seconds away from anyone who can access the regular web.

These tools along with proper cyber intelligence training can help your employees successfully navigate the Web to find the right information and data, in order to avoid crucial mistakes, and gain a competitive edge. For more information on our cyber intelligence resources and services, please contact us here.

how to prevent a data breach

How to Prevent a Data Breach

Virtually all businesses today collect and store some sort of information for customers, employees, vendors, and others. From customer account data and intellectual property to trade secrets and proprietary corporate data, the prevalence of information in the business environment has led to a significant rise in data breaches. In the first quarter of 2018, Infosecurity Magazine noted that almost 1.4 billion records were exposed in 686 reported breaches. And, it’s not just a problem for large corporations.

Small and mid-sized companies with fewer data security resources are particularly vulnerable to theft, loss and the mistaken release of private information. As a result, it’s important for businesses of every size to take steps to prevent data breaches. Being aware should always be the first step in mitigating security threats, but there are a few other ways to protect critical assets.

Knowledge is Power

It can be difficult to keep personnel ahead of the learning curve for threat detection and response. Hackers and malicious insiders have a seemingly endless bag of tricks from which to pull. Add to this well-meaning insider breaches that can be caused by such things as broken business processes, and you have a recipe for cyber disaster.

End-user security awareness and data loss prevention training are huge benefits when done often and in such a way as to create a more security-minded culture. By implementing cyber literacy training at all levels of your organization, you help eliminate human errors that could lead to a breach and help employees become more astute at noticing suspicious behavior. Employees should know what types of information are sensitive or confidential and what their responsibilities are to protect that data.

More advanced cyber training is appropriate for enabling IT and security teams to continuously improve their strategy and actively reduce risk. Training in such areas as threat intelligence, malware analysis and cyber forensics promote greater knowledge of threats and vulnerabilities.

Keep Only What’s Needed

It’s important to keep an inventory of the type and quantity of information in files and on computers so you know what you have and where you have it. By reducing the volume of information you collect to only what’s absolutely needed, you can minimize the number of places you store private data and, thus, reduce the opportunities for a breach.

The use of a remote data backup service can provide a safe and effective means for backing up information without using tapes that can be lost or stolen. If you choose to keep your data in-house, remember that deleting files or reformatting hard drives does not erase information. Instead, use software designed to permanently wipe the hard drive, or physically destroy the drive itself. And, be mindful of photocopy machines which often scan a document before copying. The settings should be changed after each use to clear the data.

how to prevent a data breach

Monitor What Comes In and What Goes Out

The use of Social Security numbers as employee IDs or client account numbers is a prime way to invite hackers in. If this is a policy your organization practices, it’s time to implement another ID system and update your procedures — pronto.

Good data loss prevention technology allows you to set rules and, based on those rules, block content that you do not want to enter or leave the network. It’s an effective measure for safeguarding personal data and restricting access. So many breaches today occur because employees visit malicious or compromised websites that can exploit a machine, putting an entire network at risk. Being able to block where insiders go is key to a good security policy.

With the right training, key personnel such as your HR person or compliance officer can know how to effectively review insider behavior that could lead to a data breach.

Assess Your Vulnerabilities, Often

Once a quarter isn’t enough when it comes to performing vulnerability assessments. System scans should ideally be done weekly, and every system in the network should be assessed. This is especially important when a new service is added to the network, new equipment is installed, or additional ports are opened. Look at computer systems, applications and your network infrastructure, both wired and wireless networks, internal and external.

The process of defining, identifying, classifying, prioritizing and training against cyber-attacks cannot be undersold. Having the necessary knowledge, awareness and risk background to understand threats and the ability to react appropriately to them is priceless.

Cyber Security Analyst

A Day in the Life of a Cyber Security Analyst

A Cyber Security Analyst (CSA) or Incident Response Analyst is a professional that is trained to detect and prevent attacks to their organization or network. Protecting the security and integrity of data is vital for all business and organizations, and with cybercrime at an all-time high, it is no wonder why the demand for qualified Cyber Security Analysts (CSA) is surging. According to the U.S. Bureau of Labor Statistics (BLS), jobs in this field are projected to increase by nearly 30% between 2016 and 2026, which makes it one of the fastest growing and in-demand occupations in the last decade.

Against that backdrop, an average annual wage as a Cyber Security Analyst sits at a competitive $99,690 as of May 2017, the BLS reports. So, if you’re looking for a future-proof career, this may be the one for you. However, being a CSA is not for the faint of heart. In this article, Cybint covers what a day in the life of a CSA looks like – and it’s not what you expect!

Not Your Typical 9 to 5

Regardless of the specific title of a cybersecurity professional, the day that lies ahead of them is unlikely to follow a generic 9 to 5 pattern. The unpredictable nature of information security means that though certain tasks will always need to be completed, such as checking in with the latest security news reports, the days’ events will likely differ from its predecessors. The likelihood is that Cyber Security Analyst face many exciting security challenges that ultimately require a lot of investigation, much like a police detective.

Know Your Vulnerabilities

For example, you are a CSA at a power plant that manages infrastructure on the East Coast. This plant provides electricity to millions of households and therefore, has a team of incident responders, such as yourself, working in their Security Operations Center (SOC). Someone in the company submits an IT request for a computer that keeps “re-setting” and is still connected to the company’s network.

Cyber Security Analyst

Be Alert to Any and All Threats

Now, at this point in our example, the responsibility lies with IT, however, as an experienced CSA – it should pique your interest. In a company that is responsible for an incredible amount of infrastructure, your network is no doubt a target for determined hackers.

Communication is Key

As a CSA, throughout any investigations, you will work and communicate with many team members, not just IT and security. This is because many threats that do infiltrate the system, come through “regular” employees such as people in accounting, marketing, or HR. Those employees are not always on the lookout for threats and unfortunately in most cases are not properly educated on cybersecurity enough to prevent access or spear phishing to occur.

Consult Your Toolkit

However, in this example, you turn to IT first to investigate. After discussing with the IT shift manager, you both run several tests on the defective computer. First you test the anti-virus logs, and that’s not the issue. Then, you test system logs, the hardware, and Wireshark for network traffic analysis. Nevertheless, you find nothing conclusive.

Be Persistent

After running through multiple tests and attempts to find the culprit, you’re still out of luck. However, as a CSA, you cannot stop here, especially when there’s a chance that something much larger and more destructive is at play. Next, you dig deeper in the Network Access Control (NAC) and find alerts that were missed. After updating the SOC manager, you collect more information, unplug the defective computer from the network, and go back to the owner of the computer.

Ask A Lot Of Questions

The owner of the computer happens to be the company’s procurement director, so you decide to give her a call. You ask about anything out of the ordinary and discover that she received an unusual client email with a proposal attachment that was in a strange format. After investigating the suspicious attachment with IT, you come to the conclusion that the fake proposal was part of a social engineering attack on the company and the file was in fact, infected with malware.

Justice Is Served

You identified and intercepted an attempt to disrupt the power supply of the entire East Coast – you should be proud! You report the case to the FBI and assist with the investigation. Apparently, other power generators were attacked as part of the social engineering attack which led back to a group of known cybercriminals. Your work helped cease any damages and keep the power going for the community.

How’s that for a day’s work? If the high demand and impressive earning potential of a Cyber Security Analyst (CSA) is not enough to catch your attention, perhaps the exciting challenges and crime-fighting components did. If you are interested in learning more about becoming a CSA or just want to find out more information. Please reach out to our team of experts at info@cybintsolutions.com. We work with higher education, businesses, and government to deploy our CSA Lab Suite which takes learners through a scenario-based and interactive virtual machine labs course that provides them with the required skills to begin working as a Cyber Security Analyst. Together, we can put an end to cybercrime.

virtual machine labs cybersecurity education

Are Virtual Machine Labs the Future of Cybersecurity Education?

Cybercrimes are growing exponentially, posing tremendous threats on our financial markets, undermining public confidence, violating our privacy, and costing hundreds of billions of dollars annually (estimated to cost up to six trillion dollars by 2021).

It’s no wonder cyber professionals are in great demand in every walk of life. Contrary to common belief, cybersecurity is much more than a technical challenge. It is also a business challenge and a human challenge.

As a result, cybersecurity education has become one of the fastest growing disciplines in higher ed and vocational training. Building the cybersecurity workforce of the future and integrating cybersecurity understanding across all industries are top priorities for our national security, financial stability, and economic prosperity.

One promising avenue for cybersecurity education and training is lab simulation. Lab simulations serve to enrich existing security curricula or to enable security courses to be offered with a lab component. Unlike traditional labs, simulators utilize virtual equipment and space, and are accessed through a geographically distant computer (virtual machine). Lab simulation also affords the opportunity to work in a team environment – sharpening soft skills as well as technical skills. Through proper lab settings, students can work on the same network environment simultaneously as part of a team. Additionally, lab simulation removes the time and space limitations of traditional labs, thereby allowing more users overall to share the resources and access anytime, from anywhere. On top of the mentioned features are additional benefits that have drawn educators across the country to incorporate virtual machine learning in their programs:

  1. Flexible access. Perhaps the most often cited benefit of any online learning is that it can be done at the student’s convenience and when he or she learns best. The same is true of virtual laboratories if the experiments are on the student’s own time.
  2. Instant feedback. Students can redo experiments on the spot while they are still in a critical thinking mode. All the results are recorded, making communication between teachers and students more efficient too.
  3. Top-notch technology. Schools and students that use virtual labs have access to cutting-edge technology when it comes to experimentation. Companies that build and maintain virtual labs must compete with each other to stay ahead of technology progression and that raises the quality of options for students.
  4. Lower costs. There is a fee associated with using virtual labs but the capital and maintenance costs are drastically reduced.

We need a large cybersecurity workforce quickly, and we need one that is hands-on trained in the latest tools and techniques of the field. In the short term, rather than reinventing the wheel in educational organizations across the nation, we should utilize hands-on skills lab simulators within cyber degrees, cyber centers, and training programs. So, are virtual machine labs the future of cybersecurity education? Absolutely.

The Scary Truth About Cyber Security Facts and Stats

13 Alarming Cyber Security Facts and Stats

The cybersecurity industry is rapidly growing every day. As more specialists join the ranks, more malware is being launched than ever before, with approximately 230,000 new malware samples/day.  Although more resources are being deployed to counter cyber attacks, the nature of the industry still has a long way to go before we can, as a whole, catch up with these threats. It’s important for us to define what the current information security and cybersecurity industry looks like with these alarming 13 Cyber Security Facts and Stats:

1. 95% of breached records came from only three industries in 2016

Government, retail, and technology. The reason isn’t necessarily because those industries are less diligent in their protection of customer records. They’re just very popular targets because of the high level of personal identifying information contained in their records.

cyber security facts and stats

2. There is a hacker attack every 39 seconds

A Clark School study at the University of Maryland is one of the first to quantify the near-constant rate of hacker attacks of computers with Internet access— every 39 seconds on average, affecting one in three Americans every year —and the non-secure usernames and passwords we use that give attackers more chance of success.

3. 43% of cyber attacks target small business

64% of companies have experienced web-based attacks.  62% experienced phishing & social engineering attacks. 59% of companies experienced malicious code and botnets and 51% experienced denial of service attacks.

4. The average cost of a data breach in 2020 will exceed $150 million

As more business infrastructure gets connected, Juniper Research data suggests that cybercrime will cost businesses over $2 trillion total in 2019.

5. Since 2013 there are 3,809,448 records stolen from breaches every day

158,727 per hour, 2,645 per minute and 44 every second of every day reports Cybersecurity Ventures.

Cyber Security Facts and Stats

6. Over 75% of health care industry has been infected with malware over last year

The study examined 700 healthcare organizations including medical treatment facilities, health insurance agencies and healthcare manufacturing companies.

7. Large-scale DDoS attacks increase in size by 500%

According to the Q2 2018 Threat ReportNexusguard’s quarterly report, the average distributed denial-of-service (DDoS) attack grew to more than 26Gbps, increasing in size by 500%.

8. Approximately $6 trillion is expected to be spent globally on cybersecurity by 2021

Organizations need to make a fundamental change in their approach to cybersecurity and reprioritize budgets to align with this newly defined reality of our modern society.

9. Unfilled cybersecurity jobs worldwide will reach $3.5 million by 2021

More than 300,000 cybersecurity jobs in the U.S. are unfilled, and postings are up 74% over the past five years.

Cyber Security Facts and Stats

10. By 2020 there will be roughly 200 billion connected devices

The risk is real with IoT and its growing. According to figures compiled within a recent Symantec Internet Security Threat Report, there are 25 connected devices per 100 inhabitants in the US.

11. 95% of cybersecurity breaches are due to human error

Cyber-criminals and hackers will infiltrate your company through your weakest link, which is almost never in the IT department.

12. Only 38% of global organizations claim they are prepared to handle a sophisticated cyber attack

What’s worse? An estimated 54 percent of companies say they have experienced one or more attacks in the last 12 months.

Cyber Security Facts and Stats

13. Total cost for cybercrime committed globally has added up to over $1 trillion dollars in  2018

Don’t think that all that money comes from hackers targeting corporations, banks or wealthy celebrities. Individual users like you and me are also targets. As long as you’re connected to the Internet, you can become a victim of cyber attacks.

What does it all mean?

Last year, Ginni Rometty, IBM’s chairman, president and CEO, said: “Cybercrime is the greatest threat to every company in the world.” And she was right. During the next five years, cybercrime might become the greatest threat to every person, place and thing in the world. With evolving technology comes evolving hackers, and we are behind in security. Understanding the cyber terminology, threats and opportunities is critical for every person in every business across all industries. By providing advanced cyber training and education solutions in all departments of your business, from marketing and sales to IT and InfoSec, you are investing in your company’s protection against cyber threats. Learn more at Cybint Solutions.

Industried Likely To Get Hacked

4 Industries Likely to Get Hacked

From retail chains to hospitals, the entertainment industry to the presidential election, no one seems immune from the potential of a cyber-attack. With few stones left unturned by today’s hackers, the need is real for every organization to invest some money and effort into implementing reliable security measures. Yet, many companies that have very valuable data believe they can still do business under the radar of hackers or aren’t big enough to suffer a data breach. As a result, they often do little to arm themselves and become highly vulnerable in the process.

Although most hackers focus less on targeting specific industries and more on locating widespread vulnerabilities that will allow them to wreak havoc, industry experts have pinpointed four at-risk industries likely to get hacked in the coming years. Take a look at what they view as top targets.

industries likely to get hacked

1. Small Businesses

While big-name, headline-grabbing data breaches are likely to continue, many hackers are now going small. According to a report by technology consulting firm Kelser Corporation, a surprising 65 percent of cyber-attacks are aimed at small and medium-sized businesses. The reason being, many large companies have the infrastructure in place to guard against cyber-attacks. Small businesses, however, either don’t have the proper resources to thwart an attack or they don’t take cybersecurity as seriously as they should.

A business sector that is especially vulnerable is the small manufacturers that operate as part of a vast supplier network. For example, small shops that do work for the larger defense and aerospace manufacturers to the Federal Government often have classified information and trade secrets that may be prime targets for foreign entities or competitors. A ransomware attack here ― where hackers lock a company out of its own data until a ransom is paid ― could be extremely effective as well as costly to a small manufacturing plant. Such small-business owners are also more likely to pay ransoms to restore their critical data.

Industries likely to get hacked

2. Healthcare

The healthcare industry is another prime target for ransomware attacks because of the sheer amount of patient data stored by healthcare entities. Health information is some of the most valuable data on the dark web because it can be used to commit insurance fraud.

It’s also an industry that’s largely still transitioning from paper to digital records. The lack of a digital presence in the field brings with it a lack of cyber-security readiness ― combined with steady cost-cutting measures.

industries likely to get hacked

3. Higher Education

When you think of potential targets for hackers, colleges and universities probably aren’t the first to come to mind, however, the higher education industry is another mecca of personal data. From social security numbers, addresses and passwords to loan and bank information, it’s no wonder attacks on colleges and universities are becoming more prevalent.

Classrooms and dorms aren’t all that make up universities. They are also research facilities, laboratories and other entities generally interconnected, making their exposure to hackers greater. Plus, the computer systems operated by institutions of higher learning are designed to promote access with minimal difficulty for students and parents. It’s also true that state-of-the-art cyber protection can far exceed the budgets for many institutions.

industries likely to get hacked

4. Energy

Last, but by no means least, is the energy sector. Here, things like the electric power grid and power generation facilities are controlled by technology and communication systems that could be disrupted, hacked or taken over during a cyber-attack to put our economy in serious danger.

Here, too, stretches miles of physical equipment often separated by nothing but uninhabited spaces. All a hacker would need to do is tap into an energy network by driving near it.

How to Improve Your Cyber Readiness

Whether you have an interest in heightening your cybersecurity knowledge or are concerned about the safety of information sharing within your organization or industry, Cybint Solutions has you covered. Our cyber solutions range from literacy, hands-on skills, and advanced specialized education programs to integrated technologies and cyber talent management. We help organization globally to prepare for the unknowns of the cyber world.

Data Breach Affect

8 Data Breaches That May Have Affected You

Company data breaches are difficult to keep track of these days and have become more troublesome for consumers. With news story after news story, Cybint to compiled some of the most wide-spread hacks that may have exposed your data to hackers and how to check:

Data breach affect

1. Orbitz

As many as 880,000 customers may have had personal information such as their names, dates of birth, email addresses, phone numbers, and payment information compromised in a security breach. On March 1, 2018 Orbitz discovered that someone had gained unauthorized access to one of its legacy travel booking platforms. The travel fare aggregator service believes the attacker had the permissions required to view the sensitive information, however, no evidence was found to suggest the incident exposed customers’ passports, travel itineraries, or Social Security Numbers. The breach period occurred between January 1st, 2016 and December 22nd, 2017, leaving customers in the dark about this exposure for over two years.

The company urges customers to take measures to protect their account by getting new payment cards, signing up for a credit monitoring system, and freezing credit lines.

Data breach affect

2. Adidas

On June 28th, 2018, sportwear company, Adidas, announced that an “unauthorized party” had gained access to customer data. Currently, the company is not disclosing the breach period or scope of the incident but is estimated at “a few million.” Those potentially affected are believed to be customers who made purchases on the Adidas’ US website. Exposed information is likely to include: contact information, usernames, passwords, and possibly credit card information.

Adidas says it’s working with data security firms and law enforcement as it investigates the incident. It’s also alerting any customers that might have been affected.

Data breach affect

3. Saks Fifth Avenue and Lord & Taylor

In March 2018, Gemini Advisory, a security firm, came across an announcement from the hacking syndicate “JokerStash” which was offering nearly 5 million stolen credit and debit cards up for sale. These were traced back to a total system database of luxury department stores, Saks Fifth Avenue and Lord & Taylor. A spokesperson for the Hudson’s Bay Company, which owns the two claims, confirmed a breach involving North American customer payment card data at both stores. After investigating, it was determined that the breach period was between May 2017 and March 2018 when new database systems were installed.

Hudson’s Bay said customers could get further information on dedicated pages on the websites of Saks Fifth Avenue, Saks Off 5th and Lord & Taylor. Customers, such as Bernadette Beekman, have joined a class action lawsuit on behalf of all customers who used a payment card at either Lord & Taylor or Saks Fifth avenue during the breach period. In the lawsuit, Beekman stated that the companies “failed to comply with security standards and allowed its customers’ financial and other private information to be compromised.”

Data breach affect

4. Sacramento Bee

Two databases for the Sacramento Bee, a daily newspaper published in Sacramento California, were seized in January 2018 by an anonymous hacker who demanded a Bitcoin ransom. Discovered in early February, an employee for the Bee noticed one of the exposed databased contained California Voter Registration info and the other database contained activated Bee Subscriber digital account information. The Bee did not pay the ransom and has deleted the databases to prevent further attacks.

According to the Sacramento Bee, the hack exposed 53,000 subscribers’ information along with the personal data of 19.4 million California voters. The Bee has since notified affected subscribers.

Data breach affect

5. MyHeritage

On June 24th, 2018, a security researcher reached out to the Chief Information Security Officer of online genealogy platform MyHeritage and revealed they had found a file labeled “myheritage” on a private server outside the company. After investigating the file, officials at MyHeritage determined that the asset contained the email addresses only and that DNA and credit card information was stored elsewhere and was not affected. At least 92 million account details were compromised, and the breach period was said to have occurred on or prior to October 26th, 2017.

MyHeritage has since set up a response team that is investigating the incident and is “taking immediate steps to engage a leading, independent cybersecurity firm” to look into the scope of the breach. They also encourage users to reach out to their privacy team with any questions or concerns.

Data breach affect

6. Facebook

So far 2018 has been a tough PR year for Facebook…Not only did reports emerge in March 2018 around Cambridge Analytica, a political data firm hired by President Trump’s 2016 election campaign, gaining access to private information of 50 million Facebook users for aggressive political advertising, but several other breaches followed. On June 27, security researcher Inti De Ceukelaire disclosed another app called Nametests.com had publicly exposed information of more than 120 million users. And more recently roughly 90 million users were affected by a “security issue” that compromised account information, allowing hackers to infiltrate connected accounts such as Spotify and other apps.

So if you’re still a devote Facebook user, it’s probably best you take a few basic steps to protect your data and secure your account before anything else happens.. there are still a few months left before 2019.

Data breach affect

7. Under Armour

An estimated 150 million users were affected by a breach that occurred to Under Armour’s food and nutrition application, MyFitnessPal. Under Armour first became aware of a potential breach on March 25, 2018, when the company discovered an unauthorized party had accessed the app’s user data the month previous. Under Armour, Inc. notified users that data such as usernames, email addresses, and passwords but were able to protect other information such as birthdays, location, and payment cards.

Under Armour encourages users to change passwords and use account security steps to help protect information. Additionally, they are now working with data security firms and law enforcement to assist in its investigation.

Data breach affect

8. Equifax

Perhaps the most devasting of all breaches to happen in recent memory, is the Equifax hack. Not only are the numbers startling, approximately 145.5 million or more affected, but the types of data exposed included names, social security numbers, birthdates, and driver’s license numbers, as well as some credit card information. Equifax is a credit reporting agency, which makes them a treasure trove for hungry hackers. In July 2017, the company discovered US and Canadian accounts were breached by attackers through a web-application vulnerability patch that occurred in March earlier that year. Adding to this already horrific scandal, three of the company’s top executives sold Equifax shares just days after the breach was discovered, which had not been publicly disclosed yet.

Equifax and the Federal Trade Commission are urging people to take the steps to protect your information from being misused. Additionally, you can learn more about how to add a credit freeze to your account and check your credit report.

cybersecurity stats

Cybersecurity Workforce: Six Important Stats and Facts You Should Know Before Starting Your Career

Cybersecurity is now a global priority as cybercrime and digital threats grow in frequency and complexity. However, one of the major setbacks preventing a handle on cybercrime is the cybersecurity workforce shortage and lack of new professionals funneling into this industry. Let’s take a look at a few of the biggest topics facing the cybersecurity and intelligence workforce:

1. Unfilled Jobs

Anyone looking for a stable and successful career may want to consider the cybersecurity and intelligence industry. According to the Cybersecurity Jobs Report, there will be approximately 3.5 million unfilled cybersecurity jobs by 2021, against that backdrop, global cybercrime is expected to climb to 6 trillion annually that same year.

As you can imagine, the cybersecurity industry is turning to businesses and higher education institutions to educate and prepare the next generation of cyber professionals. Currently, the unemployment rate in this industry stands at a mere 0% and is expected to remain there for the next several years.

This issue spans across industries, as organizations of all sizes and types, ranging from Fortune 500 and Global 2000 corporations to small-to-midsize businesses, governments, and schools globally, are scrambling to hire qualified professionals.

cybersecurity stats

2. Lack of Awareness

The cybersecurity labor crisis may be due in part to a lack of awareness in the field so expanding the pipeline of candidates is critical for improving workforce shortages.

Similar to the web programming and web development industry in the 1990’s and 2000’s, students looking for stable and lucrative careers just weren’t aware of web development careers and the path to take until the tech bubble burst. Encouraging students to pursue a degree or training program in cybersecurity as the job market expands will help prepare them for successful and futureproof careers. We need to educate incoming college students, high schoolers, and even K-12 on these job possibilities.

Other data suggests there’s growing interest from students entering college, and IT workers thinking about cybersecurity as an upgrade to their current positions. There are more than 125 colleges and universities in the US alone offering a master’s degree in cybersecurity. Dozens of those programs offer online-only classes and degrees, so even students who can’t attend in person can get a degree.

3. Hands-On Skills Are Critical

One of the reasons companies are struggling to hire recent graduates and professionals in computer science and cybersecurity, is because they do not possess the necessary hands-on skills required for the position. Even Bachelor of Science in Cyber Security holders are often not prepared to handle even minor on-the-job cyber incidents. Beyond technical skills, which are very important, cybersecurity analysts and incident responders need to understand how to hone in on their soft skills such as communicating and collaborating with other departments and team members to resolve issues.

cybersecurity stats

4. Rethinking Education

Due to this skills gap, higher education must re-think their traditional methods of lecturing and theories. While developing a foundation and understanding is important, experience is critical. Experts recommend that universities begin incorporating this on-the-job training in their current programs to really prepare future professionals and earn them better jobs with higher salaries, and the confidence to approach those jobs.

One avenue of collaboration is to offer lab simulation to enrich existing security curricula or to enable security courses to be offered with a lab component. Unlike traditional labs, simulators utilize virtual equipment and space, and is accessed through a geographically distant computer (virtual machine). Through proper lab settings, students can work on the same network environment simultaneously as part of a team. Additionally, lab simulation removes the time and space limitations of traditional labs, thereby allowing more users overall to share the resources and access anytime, from anywhere. Cybint Solutions, among other vendors, offers a suite of simulated labs, the CSA Simu-Labs. These labs are unique in that they are based on real-life cyber scenarios and offers both theoretical and applied learning vectors.

5. Salary Outlook

Developing skill sets in specific technical domains is the best way to boost one’s salary. Threat intelligence, security software development, cloud, auditing, and big data analysis are some of the hot skills that may lead to a pay raise, as reported by (ISC)².

According to CyberSeek, entry-level positions start as high as $78,000 on average and are said to be increasing due to the few qualified applicants and the mass number of employers looking to fill these positions.

6. Career Paths

Estimates from various sources suggest somewhere between 50% to 70% of large companies globally have a dedicated CISO (chief information security officer) today. The most recent “Annual Cybersecurity Jobs Report” (2017 edition) from Cybersecurity Ventures posits that 100% of large companies globally will have a CISO by 2021.

Additional career paths such as Cybercrime Analyst and Incident Responder are growing in the field of cyber. While these positions still require a bachelor’s degree, education providers are developing focused degree programs for those eager to get into the workforce.

All of this research adds up to a lucrative field that desperately needs more people. So when you’re considering a career pathway or new direction, consider this futureproof industry and all it has to offer. For more information about cybersecurity and education, check out our resources page at www.cybintsolutions.com.