The government of the Unites States of America is perhaps the largest target on Earth for cyber attacks. The US has plenty of enemies, a track record of perpetrating cyber warfare and espionage (even upon its allies), numerous recent instances of susceptibility to such attacks, countless official documents attesting to its weakness against cyber attacks, and, of course, the US government leads the wealthiest nation with the most powerful military. These facts are not lost on the good people responsible for the well being of American citizens and people all over the world.
UpGuard is proud to announce that security expert Chris Vickery is joining our team as a cyber risk analyst, bringing with him a stunning track record of discovering major data breaches and vulnerabilities across the digital landscape. Chris comes to us from his previous role as a digital security researcher, where among other achievements, he discovered a publicly accessible database containing the voter registration records for 93.4 million Mexican citizens, protecting more than seventy percent of the country’s population from the risk of exposure of their personal information.
Leading security researchers have confirmed that the U.S. Air Force (USAF) suffered a massive data breach leading to the exposure of sensitive military data and senior staff information. Here's what you need to know about this latest security failure involving the U.S. government.
Retailers aren’t the only ones benefiting from increased sales around the holidays — scammers and hackers are seeing their own bump in business.
As enterprises resign themselves to the sobering fact that security compromises are unavoidable, another resulting inevitability is coming into play: ensuing lawsuits and class actions spurred by data breaches and customer data loss. Last week, the Republican presidential nominee's hotel chain and the U.S.' third largest search engine came to terms with this reality. What does the future hold for organizations facing inexorable data breaches coupled with the spectre of resulting litigation?
For Spotify CEO Daniel Ek, the goal for the rest of 2016 should be simple: don’t rock the boat. The Swedish music streaming service, which is widely expected to go public late next year, is already locked in enough significant conflicts to occupy most of Ek’s waking hours.
For believers of the old adage love of money is the root of all evil, it comes as no surprise that most data breaches are carried out for financial gain. Verizon's 2016 Data Breach Investigations Report (DBIR) reveals that the 75 percent of cyber attacks appear to have been financially motivated; suffice to say, it's not surprising that ATMs are constantly in the crosshairs of cyber attackers.
Facebook's Mark Zuckerberg, Google's Sundar Pichai, Twitter's Jack Dorsey, what do these three high-flying CEOs have in common? Their social media accounts were all hijacked recently due to bad password habits. To be fair, these breaches occurred indirectly as a result of triggering events—for example, the massive Linkedin data breach led to Zuckerberg's Twitter account getting hijacked, but one thing is for certain: the executive leadership of the world's leading tech companies are as prone to password management mishaps as the rest of us. And—as the latest LastPass vulnerability serves to illustrate—password management solutions may no longer be a safe alternative for memorizing passwords.
You've seen enough Hollywood blockbusters about casino heists to know that gambling institutions are constantly in the crosshairs of attackers—online and off. In the digital realm, however, better malware tools and access to deep funding make today's cyber criminals more than a bad movie, especially when lucrative payloads are for the taking.
No, we aren't talking about your burger-inhaling operator passing out on the job, leaving your precious IT assets unattended. You've probably guessed that we're referring to the latest Wendy's data breach announcement: on June 9th, the international fast food chain disclosed that its January 2016 security compromise was, in fact, a lot worse than originally stated—potentially eclipsing the Home Depot and Target data breaches.
A few days ago, Taiwanese computer manufacturer Acer disclosed that "a flaw" in their online store allowed hackers to retrieve almost 35,000 credit card numbers, including security codes, and other personal information. Most of the major personal computer retailers have online stores like Acer's, allowing people to buy directly from the manufacturer, rather than through a reseller like Amazon. But how secure are these digital outlet stores, and what are the chances that if you use them you'll end up like Acer's customers? We examined seven industry leaders with our external risk grader to see how they stacked up, and unfortunately, Acer wasn't alone in its security practices.
Glassdoor's 2016 Employees' Choice Awards Highest Rated CEO List includes household names like Marc Beniof, Mark Zuckerberg, and Tim Cook—CEOs of companies that also score high marks for strong security. Is there any correlation between a company's cyber risk profile and its CEO employee approval rating?
The term cyber risk is often used to describe a business’ overall cybersecurity posture, i.e., at how much risk is this business, given the measures it has taken to protect itself. It’s often coupled with the idea of cyber insurance, the necessary coverage between what a company can do security-wise, and the threats it faces day in and day out. Cybersecurity used to belong exclusively in the realm of Information Technology, one of many business silos that while important, was only a small piece of the business and as such, often delegated to a C-level manager who interfaced with other executives as necessary. Today’s businesses have outgrown this model, as what used to be considered information technology has grown to encompass business itself, permeating every aspect of it, governing its speed, its range, its possibilities. As a CEO or CFO, the way your business handles information technology and begins to foster cyber resilience, reflects the way you think about your company and its place in the contemporary market.
A routine fill-up at the local gas station or ATM withdrawal might cost you dearly these days. With the recent surge in ATM and gas pump skimming attacks, you certainly wouldn't be alone—in fact, the odds are one in three that you'll fall victim to identity theft once your financial data is swiped. Is there any hope in an increasingly hostile landscape rife with external threats?
Yesterday you might have read about Facebook founder and user Mark Zuckerberg’s social media accounts getting “hacked.” Hacked is maybe not the right word here, since many people believe Zuck’s password was among the 117 million leaked LinkedIn passwords recently posted online. If this is true, it means that Zuckerberg used the same password for multiple websites, allowing the damage done by the LinkedIn hack to spread into other areas. If you have or want a job, chances are you also have a LinkedIn account, and if you had one back in 2012, it was probably one of the compromised accounts from that incident. Do you still use that password anywhere? Our 9 step password security checklist will help you secure your accounts, whether you’re a billionaire CEO or just someone who likes to post funny cat videos.
Chances are, if you've any semblance of a professional life, you probably have a corresponding LinkedIn account to show for it. And if that's the case, your data was likely stolen in the massive 2012 data breach, now thought to be more expansive than originally posited. Last week, the world's largest professional social network sent out a notice stating that its initial announcement of 6.5 million stolen passwords turns out to be quite off—by about 110.5 million.
Cyber resilience is a fundamental change in understanding and accepting the true relationship between technology and risk. IT risk (or cyber risk, if you prefer) is actually business risk, and always has been. And the cybersecurity industry, for what it's worth, has generally avoided this concept because it goes against the narrative that their respective offerings—whether it's a firewall, IDS, monitoring tool, or otherwise—would be the one-size-fits-all silver bullet that can keep businesses safe. But reality tells a different story.