Last July, the FBI reported that global losses from business email compromise (BEC) scams, also known as email account compromise and CEO fraud, had shot past $12 billion. The year 2018 alone ended with over $1.2 billion in losses to BEC, nearly double the figure for 2017.

BEC scams are alive, well, and continuously evolving. A new report by the Financial Crime Enforcement Network (FinCEN), a unit of the U.S. Department of Treasury, estimates that U.S. companies are being drained of $301 million per month. …

In theory, U.S. government contractors should be very secure, especially those working for the Department of Defense (DoD). The majority of federal contractors are required to comply with NIST 800–171, and DoD contractors have the additional burden of complying with DFARS. Then, there’s the lengthy, extremely expensive FedRAMP certification process, which is a requirement for cloud services providers (pretty much all IT providers these days) that do business with federal agencies.

Despite this alphabet soup of IT security mandates, the cybersecurity posture of federal contractors, including defense contractors, leaves a lot to be desired. Last year, a Wall Street Journal…

Online retailers, banks, hotels, and airlines have been struggling with a tidal wave of credential stuffing, with this form of cyberattack accounting for over 90% of traffic to ecommerce sites. Credential stuffing is fast becoming a significant problem for the gaming industry as well. A recent report by Akamai Technologies found that gaming sites accounted for 12 billion of the 55 billion credential stuffing attacks Akamai recorded over a 17-month period.

Hackers like credential abuse, Akamai points out in their report, because it’s a low-risk, high-profit-potential venture. Months, even years may pass from the time a set of credentials are…

We’ve all gotten a laugh out of photos on Instagram and other social media networks where the photographer obviously forgot to remove an embarrassing background element before posting a photo, like a sex toy or a half-dressed (or naked) significant other.

This sort of thing happens in workplaces, too (minus the sex toys and naked people), but instead of just being embarrassing, the background elements could get the photographer’s company hacked. …

Everyone is familiar with travel safety tips such as leaving valuables at home and keeping their hotel room locked, but few people give any thought to cybersecurity while traveling. Yet according to the 2019 IBM X-Force Threat Intelligence Index, the transportation industry is now ranked second for cyberattacks, up from tenth in 2017.

Hotels, airlines, car rental agencies, and other travel and transportation companies are treasure troves of information that can be put up for sale on the Dark Web, used to orchestrate other cyberattacks, or even leveraged for real-world blackmail or stalking. In addition to credit card numbers and…

Formjacking is a relatively new, frighteningly simple, and dangerously effective cyber attack that grew rapidly in 2018 and is now infecting nearly 5,000 websites a month. Currently, the primary targets are ecommerce sites, but any website that employs some sort of a form is at risk.

What is formjacking?

Formjacking is often described as the cyber version of ATM card skimming; in fact, the growth of EMV chip technology at brick-and-mortar retailers, which prevents skimming, is one of the reasons why hackers are increasingly turning to formjacking.

A typical formjacking attack involves hackers injecting a few lines of malicious JavaScript…

“Shadow IT” is a broad term referring to any software, device, or service being used on an enterprise network without the knowledge of the IT department. Prior to the advent of cloud services, this generally meant more technically inclined employees installing software they had purchased on their own onto their desktops. Just like everything else, shadow IT has migrated to the cloud, where it has been growing relatively unchecked. SaaS apps are plentiful, free or very low-cost, and easy for anyone to access and use. Over 80% of employees admit to using unauthorized SaaS applications on the job.

Despite the…

Enterprise cyberattacks are growing more frequent, sophisticated, destructive, and costly, alarming global investors and c-suite executives alike. PwC’s 2018 Global Investor Survey found that investors see cyberattacks as the biggest threat businesses currently face, and business leaders place it in the top three, alongside over-regulation and terrorism.

Here are a few of the biggest cyber threats facing businesses right now.

Phishing

Hackers continue to rely on the old standby attack, phishing, because it works so well. Verizon’s 2018 Data Breach Investigations Report found that 90% of cyber-attacks originated with a phishing scheme. The FBI estimates that global losses due to…