6/17/16 Weekly News: Most Organizations Unprepared for Cyber Threats, Email Scams Take $3b, Google Invests in Bug Bounty.

This week we at Astria found several interesting articles for discussion, including a report from RSA on the state of cyber-security levels worldwide, news from the FBI that losses from email scams have drastically increased in the past months, and Google investing further in the security of its Android OS.


RSA Research: "75% of Organizations are at Significant Risk of Cyber Incidents."

Security company RSA's findings in its second annual Cybersecurity Poverty Index revealed some unfortunate facts about the state of information security. It seems that about 75% of their survey respondents were found to be at a significant risk of various cybersecurity incidents, and about 50% were poorly prepared or even entirely unprepared for a cyber-attack on their network. The report notes that although most organizations are aware that cyber-security should be important, most do not invest in it until they experience a security incident themselves, largely because many organizations do not fully realize the costs of such security incidents.

This is certainly concerning, but it emphasizes how much people can do to help this situation. The biggest problem is a lack of knowledge, of the risks, and of what constitutes proper security. But spreading awareness and building the security mindset are incredibly key in improving these statistics.

Network World: "FBI: Business email scam losses top $3 billion, a 1,300% increase in since Jan."

This article by Network World discusses the FBI's Internet Crime Complaint Center (IC3) announcement last week that the losses from e-mail based scams in businesses have reached over $3 billion, with nearly one third of that amount stolen from US businesses. The scams seem to have targeted businesses of many different industries, and do not seem to be targeting any particular type of business.

The scams are generally written as if from the company's CEO, often asking the victim for information (such as W-2's) to be sent over email or for funds to be wired to the criminal's account. Since the emails are well researched and often professionally written and formatted, the mid-level employees targeted by these scams often believe the requests are genuine, and don't question sending the funds or information to steal employee identities. The FBI has found, the losses from these scams have been increasing rapidly, proving that it is often more practical for criminals to perform social engineering attacks over more complicated malware to steal from businesses.

Security Week: "Google Increases Android Bug Bounty Payouts."

In more positive news, Security Week reported that Google has increased the payouts for its bug-bounty program for the Android OS. For those who aren't familiar with them, Bug-Bounty programs reward hackers for finding bugs and vulnerabilities in different software and disclosing it to the developer first. This allows the developer, in this case Google, to improve on their software, in this case Android OS, and limit vulnerabilities before they are actively exploited by malicious hackers.

The fact that Google is investing more in something that can improve Android's security is definitely a great sign. While their payouts are not considerably high, the more that developers invest in bug-bounty programs, the more that white-hat hackers can succeed and improve the security of software. Because software is never written perfectly, vulnerabilities will often exist, and it is much better for developers to able to patch it before attackers even know they exist.


That's all for this week, check back next week for more news on Information Security. And if you want more information on how Astria Business Solutions can assist you in meeting your business' information security goals, visit our website at AstriaBiz.com