Cyber incidents are fast moving and increasing in number and severity. When a cyber incident occurs, the attacked enterprise responds with a set of predetermined actions. Get trending information on exploits, and vulnerabilities every week to help your organisation to be better equipped to avoid being victim of cybercrimes. Anglo African brings you the weekly cyber-attack news wrap-up and remedy tips to support your business to defend against hackers.
Tesco Bank blocked all its current account customers from online shopping amid fears it had fallen victim to Russian hackers. The lender imposed the temporary freeze on Sunday after what experts described as the “most serious” cyber attack to ever hit a UK bank. Tesco Bank, part of the supermarket giant, said it had spotted suspicious activity on 40,000 of its 136,000 current accounts.
An Android Chrome bug that’s already under attack – with criminals pushing banking trojans to more than 300,000 devices – won’t get patched until the next release of the mobile browser. The flaw allows malware writers to quietly download Android app installation (.apk) files to devices without requiring approval. Users need to install the banking trojan apps and tweak settings to allow installation of apps from stores other than Google Playto be infected; however, attackers increased the likelihood of compromise by using the titles of popular Android apps such as Skype, MinecraftPE, and WhatsApp.
An Arizona man has been arrested for hacking 1050 email accounts at two united States universities, plus attempts to do so at some 75 other educational institutions. Jonathan Powell, 29, is alleged to have used password reset features to change logins for some 1050 accounts at the universities before breaching connected social media accounts for the likes of Facebook, LinkedIn and Google.
Tech support fraudsters have taught an old denial of service bug new tricks to add a convincing layer of authenticity to scams. The HTML5 bug allows sites to chew up a mountain of processor capacity, causing browsers to hang. Scammers deploy the few lines of code needed to trigger the bug, hang browsers and then display a screen that says malware has been detected.
Steps to Maximise Your Cyber security Workforce
Staff Rotation and Cross-Training – Let’s face it, not every security job is equally interesting, engaging, and/or fun to do. Instituting a staff rotation program can accomplish two things: First, it helps “share the load” among other staff (thereby helping those folks to feel like they’re gaining other skills besides just that one), and it has the extra benefit of helping to build a variety of skills throughout the team
Clear Career Tracks – Having a clearly articulated trajectory of career growth in the organization can help alleviate some of this. For employees, knowing what their next step is in advance and having a goal to work toward can help reduce anxiety, increase staff retention, and give confidence that they will be marketable in their next position, having demonstrated progression in their current role.
Individual Development – Investing in individual personnel is more than just sending them to training once a year and calling it a day. Employees, particularly in security, need to keep their skills fresh in order to stay relevant in the workforce. Training opportunities are obviously important in helping to achieve this, but budget dollars aren’t always available.
Measure at Department Level – It’s hard to evaluate any improvement you make without some mechanism to measure the effectiveness of that improvement. If you’re not already doing so, keeping some metrics about employee satisfaction, retention, and so forth can be extremely beneficial.
Alternative Work Arrangements – Lastly, consider a program of alternative work arrangements. Actions such as allowing staff to work remotely or at alternative times to suit their individual needs can increase both employee satisfaction and productivity in many cases. If goals are clear, output expectations are defined, and staff are held accountable for the work they do. Moreover, consider how you might best leverage advances in technology (e.g. mobile technologies, social media, etc.) to help foster a more interactive, collaborative work experience.
