INTERNATIONAL FOUNDATION FORCULTURAL PROPERTY PROTECTION
News
Reposted from TechCrunch
One of the most senior officials tasked with protecting U.S. critical infrastructure says that the lack of security professionals in the U.S. is one of the leading threats to national cybersecurity.
Speaking at TechCrunch Disrupt SF, Jeanette Manfra, the assistant director for cybersecurity for Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), said that the agency was making training for new cybersecurity professionals a priority.
“It’s a national security risk that we don’t have the talent regardless of whether it’s in the government or the private sector,” said Manfra. “We have a massive shortage that is expected that will grow larger.”
Homeland Security is already responding, working on developing curriculum for potential developers as soon as they hit the school system. “We spend a lot of time invested in K-12 curriculum,” she said.
The agency is also looking to take a page from the the tech industry’s playbook and developing a new workforce training program that’s modeled after how to recruit and retain individuals.
For Manfra, it’s important that the tech community and the government agencies tasked with protecting the nation’s critical assets work more closely together, and the best way to do that is to encourage a revolving door between cybersecurity agencies and technology companies. That may raise the hackles of privacy experts and private companies, given the friction between what private companies wish to protect and what governments wish were exposed — through things like backdoors — but Manfra says close collaboration is critical.
Manfra envisions that government will pay for scholarships for cybersecurity professionals who will spend three to five years in government before moving into the private sector. “It builds a community of people with shared experience [and] in security we’re all trying to do the same things,” she said.
Priorities for Homeland Security are driving down the cost of technologies so that the most vulnerable institutions like states, municipalities and townships or the private companies that are tasked with maintaining public infrastructure — that don’t have the same money to spend as the federal government — can protect themselves.
“When you think about a lot of these institutions that are the targets of nation sates… a lot of them have resources at their disposal and many of them do not,” said Manfra. “[So] how do we work with the market to build more secure solutions — particularly with industrial control systems.”
The public also has a role to play, she said. Because it’s not just the actual technological infrastructure that enemies of the U.S. are trying to target, but the overall faith in American institutions — as the Russian attempt to meddle in the 2016 election revealed.
“It’s also about building a more resilient and aware public,” said Manfra. “And adversaries have learned how they can manipulate the trust in these institutions.”
See Original Post
Reposted from Securitas Security Services, USA
Personal security awareness is essential in uncertain times. Awareness is a choice. One must choose to pay attention. Routine tasks often become just that: routine. Maintaining operative situational awareness requires real effort. Take time to focus on your responsibilities and your surroundings, even those that are most familiar. Additionally, try to avoid things that lock your focus, such as your cellphone. Things that lock your focus prevent you from maintaining active awareness. By making situational awareness part of your workday, you can reduce risks and help improve the safety of your work environment.
Be Aware of Your Surroundings
Situational awareness is a human experience defined as knowing and understanding what is happening around you, predicting how it will change with time, and being in tune with the dynamics of your environment. We practice situational awareness every day—when crossing the street, driving our cars, and making dinner in our kitchens. Situational awareness is knowing what is going on around you and staying vigilant to any changes or threats. All employees are encouraged to practice situational awareness, by always being alert to their surroundings, and to use their experience, training, and skills to assess their workplace environment on an on-going basis.
In an Emergency
In an emergency, you should always follow company security policies and protocols. Your workplace should have an emergency response plan in place, and it should include fire drills, severe weather drills, “shelter- in-place” and lockdown drills. Familiarize yourself with your company’s emergency exit plans and site evacuation alarm system. Learn the types of action plans and the response expected from employees for different types of incidents. For example, the action required for a reported fire may be different from that for a bomb threat. Find out
if there is a rally point outside the building for emergencies requiring evacuation. If there is a rally point, it is recommended that an evacuation drill be practiced annually to make sure everyone knows what to do and where to go if confronted with an emergency.
Education is key. Learn what to do in the event of an emergency before there is one. Make sure you understand the plan of action for different circumstances in your workplace for yourself and others. Lack of knowledge is not an excuse for poor job performance.
All employees should educate themselves about any potential hazards that their environment or actions can pose to themselves or others. Ensure that you are up-to- date with the systems, processes, and procedures of your work environment, and that you feel confident about what to do in any situation. Make sure your workplace has an Emergency Plan and ensure everyone knows what they is expected in an emergency. Develop a notification system.
Use the SLAM technique:
Prioritizing in an Emergency
In an emergency, life safety is always the first priority. Your emergency plan should also have protective actions for life safety.
Protective actions for life safety include:
The second priority is the stabilization of the incident. As in any emergency, one of the keys to your safety is to remain calm. Be prepared, try to keep calm, and act quickly based on your training.
For more information on this and other security related topics, visit the Securitas Safety Awareness Knowledge Center at: http://www.securitasinc.com/en/knowledge-center/security-and-safety-awareness-tips
Reposted from ArtNet News
The Mona Lisa‘s home has gotten a makeover.
The Louvre’s most famous painting was reinstalled in its longtime gallery in the museum’s Salle des États overnight on Monday. The Leonardo da Vinci masterpiece had been on a staycation in another room, the Galerie Médicis, for a rocky two months while her permanent residence underwent renovations.
The gallery now looks quite a bit different than it did before the Mona Lisa left. The walls have been repainted in midnight blue, a color that complements Leonardo’s famous painting better than the previous yellow tone. The painting has also been given a brand new vitrine so that visitors can get an even clearer view than before.
Mona Lisa‘s brief sojourn outside the gallery wreaked havoc on the museum. When the painting was relocated to its temporary display in July, tour guides reported two-hour waits with long lines forming outside the gallery’s single entrance. As chaos mounted, ticketed visitors without reserved time slots were turned away from the museum.
To avoid a similar crush of people and smart phones in the renovated gallery, the Louvre has introduced a new crowd-control system, implementing two single-file lines leading up to the work during crowded periods.
“There will be two serpentine lines that will allow the audience to get as close as possible to the work, and for everyone to have a special moment with the Mona Lisa,” a Louvre staffer told the French publication Europe 1, explaining that, on average, a visitor stays in front of the work for 50 seconds. The new system will particularly help children and people with reduced mobility, who represent 18 percent of visitors, according to a statement from the museum.
In other crowd-control efforts, the museum also plans to implement a new timed ticketing policy later this month. The decision was made in advance of the Louvre’s highly anticipated blockbuster exhibition celebrating the 500th anniversary of Leonardo da Vinci’s death, which opens on October 24.
The new ticketing policy “allows a better flow of visitors and is key to a more comfortable visit,” Louvre officials told the Art Newspaper. Exactly how the new ticketing system will work, however, remains unclear. Reservations will need to be made online, but the museum has not determined whether all visitors will need them, or just the ones visiting the special exhibition. Within the first 30 hours of the tickets going on sale in June, the public purchased 33,500 advanced tickets, straining the website servers.
The Louvre, the world’s most visited museum, hit a record 10.2 million guests last year. Museum security went on strike in May, citing the increased admissions and shrinking staff size as the cause for deteriorating work conditions. Their demands included a cap on visitor numbers, which currently range from 30,000 to 50,000 people each day. Union members are reportedly considering striking again.
And these aren’t the only changes underway at the Paris museum. This week, it is also opening a new conservation and storage center in Liévin, two hours north of Paris. As Louvre director Jean-Luc Martinez oversees a rehang of the collection—that’s why the Mona Lisa gallery was being repainted—he will move some 250,000 objects from the institution’s holdings to the new facility by 2023. Currently, reports TAN, the Louvre storerooms are located in a flood-risk zone.
Reposted from Nextgov
Nation-state actors are actively exploiting vulnerabilities in three different virtual private network services to gain access to users’ devices, according to the National Security Agency.
In an advisory issued Monday, NSA said international hackers were taking advantage of bugs in older versions of virtual private network applications produced by Pulse Secure, Fortinet and Palo Alto Networks. Users of the products are “strongly recommended” to update their systems, the agency said.
Virtual private networks, or VPNs, allow users to safely share data across public Wi-Fi and other potentially insecure networks.
According to the advisory, the vulnerability in the Pulse Secure product allows nefarious actors to remotely execute code and download files, as well as intercept encrypted network traffic. The bugs in the other two systems both allow for remote code execution, the NSA said.
The National Cyber Security Centre, a component of the United Kingdom’s intelligence agency, the GCHQ, published its own warning about the vulnerabilities on Oct. 2. The NSCS advisory said the exploits could allow hackers to download user credentials.
After upgrading to the latest version of the VPN software, users should reset their credentials before reconnecting to the network, NSA said. The agency also listed a handful of other protective measures users can take to prevent nefarious actors from infiltrating their devices.
Neither NSA nor NCSC disclosed which foreign actors were exploiting the vulnerabilities, though the advisories come roughly a month after reports that a Chinese hacker ring known as APT5 was targeting Fortinet and Pulse Secure servers. According to the cybersecurity company FireEye, the group has been active since 2007 and targets organizations across numerous industries, with a particular focus on the tech and telecom sectors.
Reposted from the New York Times
Were it not for a dark wooden door, the authorities say, Stephan Balliet may have succeeded in carrying out a massacre of Jews he had planned to broadcast live around the world. He chose Yom Kippur, knowing the synagogue in Halle, Germany, would be full.
But during every service, the thick, narrow door, its outside handle removed, was locked from the inside. It served as the only protection for Halle’s Jewish community from the outside world. On Wednesday, it spared the lives of 51 Jews from the area and a group of young, international visitors, including 10 Americans, who had come to be with them on the holiest day on the Jewish calendar.
On Thursday, bouquets of flowers and candles lay on the flagstones of the sidewalk outside of synagogue. They served as memorials to the two victims of the massacre that wasn’t — but an event that nevertheless shattered Germans’ belief that the lessons of the Nazi past had immunized them from global, internet-bred hatred espoused by right-wing attackers in Christchurch, New Zealandand El Paso, Tex.
“This brutal crime is a disgrace for our entire country,” Horst Seehofer, the country’s interior minister, said. “With our history, something like this should not happen in Germany.”
Mr. Seehofer vowed to increase security measures, including extending laws that would allow the authorities to monitor digital communication to help prevent further threats such as those, they say, posed by Mr. Balliet, who was arrested after fleeing the scene in Halle, in eastern Germany.
In a hate-filled screed he published online, Mr. Balliet, 27, made clear that he had chosen his target hoping to kill as many Jews as possible. Footage from a camera that he had strapped to the helmet he wore showed him planting explosives that appeared not to detonate, in an attempt to breach the synagogue door. He then fired at the door shortly before noon on Wednesday.
Cursing and muttering as it failed to budge, he instead turned his gun on a woman passing by, shooting her in the back. Identified only as Jana L., 40, and as a lover of traditional German music, she crumpled to the ground. He later fired two more shots at her, before driving to a nearby kebab shop.
Inside the synagogue, Ezra Waxman, a math student from Boston who is studying at the Technical University of Dresden, said the congregation was in the middle of the service when they heard a big “boom.” He thought something had fallen over, or one of the older men had collapsed.
They stopped the service after another loud noise, “and then something that sounded like machine-gun fire,” he said.
At that point, Max Privorozki, the head of the congregation, sent most of the worshipers to another windowless room, while he barricaded the door. He then checked in with the volunteer who monitors the security camera at the door.
The fuzzy images showed a heavily armed attacker on the other side. They immediately called the police. It was three minutes after noon. By the time the police arrived, eight minutes later, Mr. Balliet had driven away, said Holger Stahlknecht, the top security official for Saxony-Anhalt State.
“It was a miracle that the door held,” Mr. Privorozki said in an interview on Thursday. “I cannot imagine what would have happened if it had not.”
In a manifesto, written in English and published on the internet before he carried out the attack, Mr. Balliet said he had considered attacking a mosque, but decided Jews posed the greater threat.
“If I fail and die but kill a single Jew, it was worth it,” he wrote in the manifesto that was found by researchers at the International Center for the Study of Radicalization and Political Violence, a research organization at King’s College London. “After all, if every White Man kills just one, we win.”
Thwarted at the synagogue, as a kind of fallback he drove from to a nearby kebab shop, where Rifart Tekin, a father of two small children, was about to prepare a sandwich.
Mr. Balliet threw a homemade grenade against the door, then shouted and opened fire. He killed Kevin S., a 20-year-old German fan of Halle’s soccer team, who worked nearby and was on lunch break with a colleague.
“I still hear of the man’s voice — it’s stuck in my head,” said Mr. Tekin, who is from Turkey.
Mr. Balliet then returned to his car and fled the scene, but the police had caught up with him by then. The officers opened fire, grazing him in the neck, but Mr. Balliet got away and fled to a nearby town, Wiedersdorf.
There, he abandoned his car, which the authorities said was packed with about two pounds of explosives, and forced a taxi driver to give him his vehicle and headed south on a local highway.
After Mr. Balliet got into an accident with the taxi, the police arrested him and federal prosecutors took over the investigation, on suspicion of murder “under special circumstances.” It was shortly after 1:30 p.m.
Footage from the camera mounted on his helmet helped the authorities piece together the sequence of events, said Mr. Stahlknecht, the security official. It also served as evidence of the scope with which the attacker envisioned his crime.
“He wanted to have a worldwide effect,” Peter Frank, Germany’s federal prosecutor said at a news conference on Thursday. “He wanted to mimic similar acts that happened in the past, and he also wanted to incite others to copycat his acts.”
During the confused chase, those who were worshiping inside the Humboldt Street synagogue continued with prayers and songs, infused with an energy of resilience and perseverance.
Only later did they learn that, while they had escaped unscathed, two people had died.
“Our community was saved by a miracle by a door that wouldn’t open,” Mr. Waxman said. “That is juxtaposed with tragedy of two people losing their lives.”
Officials in Saxony-Anhalt, where Halle is, said Mr. Balliet did not have a criminal record and had not been on the authorities’ radar as a potential extremist. Little other information about him was known on Thursday.
Mr. Frank said his office faced “a lot of questions” about the suspect, including how he was radicalized, how he secured the materials to build the weapons and explosives used in the attack, and whether he had any supporters.
In Benndorf, the town outside of Halle where Mr. Balliet lived in an apartment with his mother, nobody seemed to know him. Sandra Kalkanis, who runs a Greek bistro said, “Even at the Easter festival where the whole village turns out, no one ever saw him.”
Jewish leaders demanded on Thursday to know why their appeals for increased police presence around the synagogue had been ignored. While Jewish institutions in most large cities in Germany have a round-the-clock police detail, that was absent in Halle.
Local police officers said there had been no threats posed to the synagogue in the past five years, and officials at the state level had accepted their assessment that it would suffice if officers passed by on occasion.
But Mr. Seehofer, the interior minister, said he would assess whether the county needed an updated security concept for synagogues in view of the recent rise in anti-Semitic attacks. Germany experienced at least 1,800 anti-Semitic crimes in 2018, a 20 percent increase over the previous year, according to German officials.
“We vowed, never again,” Mr. Seehofer said. “This government will do everything possible so that Jews can live again in this country without threat or fear.”
But the expansion of a more globalized, digitized version of right-wing extremism is challenging a system that has long been accustomed to monitoring local neo-Nazi networks. German authorities have been slower to respond to the growth of right-ring extremist channels online.
German security officials’ response has been weaker “when it comes to message forums like 4chan and 8chan and this new, more diffuse and ideologically more promiscuous far-right extremism,” said Peter R. Neumann, a professor of security studies at King’s College.
Schimon Meyer, 31, who was inside the synagogue with his wife, Luba, said safety was not his main concern on Wednesday, although he knew it was Yom Kippur. “Historically it’s the day when the Jewish people have been most targeted,” he said.
When worshipers were finally escorted out of the synagogue and onto a bus, they continued their songs, surprising the bus driver, Ms. Meyer said. At the hospital, they finished the service, even blowing the shofar, or ram’s horn, to mark the end of Yom Kippur at sundown, she added.
“We wanted to show that we weren’t defeated,” Ms. Meyer said, “but that we defeated the situation.”
Reposted from WCBV5
The Museum of Fine Arts is making changes after a group of minority middle school students said they were discriminated against during a spring field trip because of their race.
A video that will be sent to schools will outline new procedures at the museum and highlight increased staffing in select galleries.
"The majority of our visits are self-guided, but we don't want that to mean unguided," said Makeeba McCreary, the MFA Chief of Learning and Community Engagement. On May 16, a group of 26 middle school students and chaperones from Davis Leadership Academy in Dorchester visited the museum. During the visit, students reported that they were met with racism and verbal abuse from visitors and staff during a self-guided tour.
Museum officials said they investigated the four racist incidents that were reported during the field trip. Investigators reviewed security footage of the three-hour visit.
Two visitors who were found to have made racist comments to the students by museum officials had their memberships revoked and were banned from visiting the museum grounds.
The museum also investigated an allegation from a teacher, Marvelyne Lamy, who said an employee greeted students with a slur, "No food, no drink, no watermelon." The museum said that employee recalled telling students "no food, no drink and no water bottles" were allowed in the galleries, which is part of standard operating procedure. Officials said there was no way to definitively confirm or deny what was said or heard in the galleries.
Lastly, the museum responded to the teachers' complaint that a security guard followed the students into the museum. Officials said the class actually visited spaces patrolled by 13 separate security guards.
"Based on surveillance footage, it is understandable that, because of this movement, the students felt followed," officials wrote. "That was not our intention. It is unacceptable that they felt racially profiled, targeted and harassed. In response, the MFA is taking a number of steps to adapt security procedures -- specifically designed to make sure that all people feel welcome, safe and respected at the Museum."
The museum instituted additional training for all front-line staff on how to engage with incoming school groups about policies and guidelines.
“I am cautiously optimistic and encouraged by the work that has happened here," said City Councilor Kim Janey, who represents District 7. "But, again, there is much more work to be done.”
The museum said it will continue to work with school groups as an outside investigation into the reports of racism continues.
Reposted from the BBC
An intruder who broke into the former home of suffragette leader Emmeline Pankhurst was found asleep on bean-bags, a charity has said.
The man was discovered inside Manchester's Pankhurst Centre museum at about 02:00 BST following reports of vandalism.
Museum boss Gail Heath said she arrived to find the building's "beautiful Georgian windows" had been "kicked in".
Repairs to the site, which also offers services for vulnerable women, are set to cost £15,000.
Sash windows, soft furnishings and suffragette costumes were damaged during Tuesday's break-in, said Ms Heath, who estimated the cost of the damage at about £15,000.
She said she was called to the museum in the early hours.
"When I arrive I can see that someone's kicked in our beautiful Georgian windows and when I open the museum door I find someone fast asleep on the bean-bags in the museum," she said.
Security had already been stepped up after a previous break-in just a few days before.
"We don't think much has been taken because of the initial intruders we'd moved some of our most precious stuff out of the way but quite a bit's been damaged," Ms Heath said.
Emmeline Pankhurst founded the Women's Social and Political Union - later becoming known as the suffragettes - at the building at 60-62 Nelson Street in 1903.
Ms Heath said the break-in happened before a series of events to mark the anniversary of founding of the suffragette movement on 10 October.
The centre is also home to Manchester Women's Aid.
A statue of Emmeline Pankhurst was unveiled in Manchester in December to mark a century since British women first voted in a general election.
Reposted from Help Net Security
1 in 50 URLs are malicious, nearly one-third of phishing sites use HTTPS and Windows 7 exploits have grown 75% since January.
A new Webroot report also highlights the importance of user education, as phishing lures have become more personalized as hackers use stolen data for more than just account takeover.
Tyler Moffitt, Senior Threat Research Analyst, Webroot: “We are beginning to see hackers create more personalized phishing emails using data gathered in recent massive breaches, as well as the use of HTTPS and trusted domains to seem more legitimate.
“These tactics take advantage of familiarity and context, and result in unwarranted trust. Businesses and consumers need to be aware of and continually educate themselves about these evolving methods and risks to protect their data and devices.”
Reposted from The Washington Post
The National Security Agency on Tuesday will launch an organization to prevent cyberattacks on sensitive government and defense-industry computers — with an eye also toward helping shield critical private-sector systems.
For decades the agency had a cyberdefense organization, the Information Assurance Directorate (IAD), that focused on safeguarding the government’s classified and sensitive networks, as well as the private sector’s, when asked.
What is new, NSA officials said, is that the agency is hitching together under one roof threat detection, cyberdefense and future-technologies personnel. They are calling it the Cybersecurity Directorate.
“The mission of the organization is to prevent and eradicate threats,” said its director, Anne Neuberger, who reports directly to the NSA director, Gen. Paul Nakasone. “Our focus is going to be on operationalizing intelligence.”
“The cyber directorate is the right idea, period,” said Thomas Bossert, former homeland security adviser to President Trump. “If only our country could combine the NSA cyber directorate with [the Department of Homeland Security’s cybersecurity organization] and trust in our institutions, we could make an even bigger difference for our security.”
The public knows the NSA as a powerful electronic spy agency that collects intelligence by intercepting radio, satellite and phone communications and increasingly by hacking computers of foreign targets overseas. Few know about the agency’s defensive mission to protect digital systems, a job enabled by the data gathered from the “offensive,” or intelligence-gathering, side of the house.
Now the agency — which used to be so secretive that people joked its initials stood for “No Such Agency” — is seeking to be more public in its defensive work. And the new directorate will strive to declassify threat intelligence in a timely manner so it can be used by as many private-sector firms as possible, officials said.
The directorate, ordered up by Nakasone, may have the most impact in the defense industry, analysts say. The NSA’s record there is mixed. In 2011 it conducted a pilot project in which it shared threat “signatures,” or malware samples, with the major Internet providers to the defense contractors. But often the signatures were stale by the time they were shared and so were not that useful to the companies.
Neuberger acknowledged the pilot had challenges. But this time, she said, the data will arrive fresher and faster. Moreover, she said, the key is to get the most useful information to the right hands, including by partnering with the Department of Homeland Security, Neuberger said. DHS, for instance, has begun working with the NSA to identify specific systems within the banking sector that are most vulnerable to hacking so the agency’s threat detection personnel can keep an eye out for them.
One example is “wholesale payments systems,” through which banks facilitate high-value, large-volume financial transactions between banks. “In some cases, [the target] will be the big banks, but it’s also some of the niche players and the boutique software suppliers,” said Christopher Krebs, head of DHS’s Cybersecurity and Infrastructure Security Agency. “We’ll say, ‘These are the things you need to be looking for, the things you need to refine your analytics against.’ ”
The goal, Neuberger said, is “integrating all of our cyber mission so there’s one focus . . . sharing all of our unclassified information as early as possible, as quickly as possible, so we can target that sharing to the right entity and then partner with DHS on critical infrastructure . . . to build the security of that sector.”
One former senior intelligence official praised the NSA for seeking “to have a more active role” in sharing intelligence to protect the private sector. “My only point is they could have been doing this years ago,” said the former official, requesting anonymity to speak candidly about a sensitive matter. “You could have made a decision that the IAD was going to do that. You didn’t need to stand up a new directorate. The authorities were there from day one. It’s just a matter of having the will do to it.”
The new organization also will continue the work that NSA’s cyberdefensive arm has always done — developing security standards for military and commercial technologies. But it will focus as well on future technologies, Neuberger said.
“If you build secure products, it is so much easier and less costly to defend,” she said.
Defense companies expressed an openness to the initiative but are taking a wait-and-see attitude. Overseas partners, meanwhile, are rooting for its success.
If the NSA and DHS can partner effectively in the cybersecurity mission, it “could be incredibly powerful,” said Ciaran Martin, the head of Britain’s National Cyber Security Center. His organization, which is part of Britain’s electronic spy agency, GCHQ, effectively combines under one roof the British equivalent of the cyberdefense components of DHS and the NSA.
The new directorate, he said, “provides the opportunity to take the transatlantic cybersecurity relationship to a new level.”
While a majority (79%) of people say they are able to distinguish a phishing message from a genuine one, nearly half (49%) also admit to having clicked on a link from an unknown sender while at work, according to a Webroot survey.
Further, nearly half (48%) of respondents said their personal or financial data had been compromised by a phishing message. However, of that group more than a third (35%) didn’t take the basic step of changing their passwords following a breach.
Not only is this false confidence potentially harmful to an employee’s personal and financial data, but it also creates risks for companies and their data.
The report surveyed 4,000 office professionals from the U.S., U.K., Japan and Australia (1,000 per region) to determine what people know about phishing attacks, what makes them click on a potentially malicious link and other security habits.
There is no foolproof way to prevent being phished but taking a layered approach to cybersecurity including ongoing user training will significantly reduce risk exposure.
As Forrester points out in its report, Now Tech: Security Awareness and Training Solutions, Q1 2019, “your workforce should treat cybersecurity awareness with the same importance they use for ensuring that their projects, products, and messages are on key with company brand. Invest in solutions that weave security best practices throughout your corporate culture.”
Can your employees spot phishing emails?
Nearly half (48%) of participants say they have had their personal or financial data compromised, but many fail to take basic cyber hygiene action following that exposure:
Security habits leave businesses vulnerable:
Employees are more click happy outside of work:
Nearly two-thirds of respondents (60%) are most likely to open an email from their boss first, compared to:
Cleotilde Gonzalez, Ph.D., Research Professor, Carnegie Mellon University: “Security and productivity are always in a tradeoff. People put off security because they are too busy doing something with a more ’immediate’ reward. These findings illuminate the pertinent need for a mindset makeover, where the longer-term reward of security doesn’t get put on the back burner.”
George Anderson, Product Marketing Director, Webroot, a Carbonite Company: “Phishing attacks continue to grow in popularity because, unfortunately, they work. Hackers and criminals weaponize the simple act of clicking and employ basic psychological tricks to inspire urgent action.
“It is vital that consumers educate themselves on how to protect both their personal and financial data and what steps to take if their information is compromised or stolen.
“For businesses that means implementing regular simulated phishing and external attacks that address the various ways hackers attempt to breach organizations through their users.
“By combining the latest detection, protection, prevention and response technology with consistent attack training and education, IT Security departments can tackle the people, process and technology combinations needed to successfully mitigate attacks.”
QUICK LINKS
ConferenceMembershipTraining & CertificationDonate to IFCPP
TRAINING & EVENTS
1305 Krameria, Unit H-129, Denver, CO 80220 Local: 303.322.9667 Copyright © 2015 - 2018 International Foundation for Cultural Property Protection. All Rights Reserved
Contact Us
