Once they have gained access to a system, one in three penetration testers said their presence was never detected, and only 2 percent say they are detected more than half of the time. Exfiltrating data after a compromise takes less than 2 hours for 20 percent of respondents, and two to six hours for 29 percent, while 20 percent take longer than 12 hours.

See also: Pentagon Hires Hackers to Target Sensitive Internal Systems

When asked about effective protection against breaches, endpoint protection was named by 36 percent of those surveyed, while 29 percent identified intrusion detection and prevention systems.  Only 2 percent consider anti-virus software an obstruction to hacking networks.

One-quarter of those surveyed said their advice to corporate boards would be to recognize that it is inevitable that they will be hacked, it is only a question of when it will happen. Roughly the same number urged boards to consider the return on investment in security, while 10 percent said boards should realize that detection capability is much more important than deflection capability.

KnowBe4 also commissioned a study from Forrester on the Total Economic Impact of breaches to put numbers to the potential return on investment (ROI) of security spending. The study is available from the KnowBe4 website.

See also: Data Breaches Hit Record in 2016 as DNC, Wendy’s Co. Hacked

Source: TheWHIR

The increasing influence of markets and developers in the Eastern hemisphere, where Android leads iOS significantly, could be part of the reason for the shift. The end of the conflict between Google and Oracle over their Android java development kits very late 2015 may also have had an effect.

In addition to mobile platforms, the report focuses on desktop and cloud developer “tribes,” the IoT market, and the new technologies attracting developer attention.

Among Windows classic developers, 36 percent primarily use C# for cloud development, as opposed to only 2 percent of Linux-first developers and 3 percent of macOS developers, according to the report.

SEE ALSO: Cloud: Understanding Sizing and Capacity Requirements Driven by IoT

The ratio of new IoT developers fell drastically from half a year ago to 22 percent, after falling somewhat from Q2 2015 to Q4 2105, from 57 to 47 percent, respectively. The main target of IoT developers is the Smart Home, which was also the fastest growing IoT application, up by 6 to 48 percent. Ericsson has estimated that there will be 3 billion IoT devices in North America alone by 2021, which represents a lot of work for developers.

RELATED: Bsquare’s IoT Software Stack Helps Developers Link Devices to the AWS Cloud

The next big thing, judging by developer interest, is data science and machine learning, which 41 percent are involved with in some way, one-third of those professionally. Just under one-quarter of developers are working with augmented and virtual reality, mostly as a hobby or side-project.

Source: TheWHIR

“A bargained-for exchange of information for service is a perfectly acceptable and widely used model throughout the U.S. economy, including the Internet ecosystem, and is consistent with decades of legal precedent and policy goals related to consumer protection and privacy,” Comcast wrote to the FCC. The company also claims that blocking its plan “would harm consumers by, among other things, depriving them of lower-priced offerings.”

AT&T is already using this model to charge users of its gigabit broadband service a $30 (or more) add-on charge to opt out of a tracking program called, without any obvious irony in the promotional material, “Internet Preferences.”

In the most recent Who Has Your Back report from the Electronic Frontier Foundation (EFF), which measures the privacy practices of major internet companies and service providers, Comcast earned three out of a possible five stars. The report recommends Comcast adopt a stronger policy around providing users with notice about government data requests.

Source: TheWHIR

Cybercriminal Tessa88, who distributed credentials breached from LinkedIn and MySpace, is associated with the shop darkside.global, which is hosted by Deer.io, Digital Shadows says. Softpedia found a reference to Deer.io-hosted cybercrime in Russian media, but there are no indications of law enforcement investigations.

Deeri.io offers secure and anonymous hosting, site building, DDoS protection, and automatic payment systems. It also offers customer service and product development for 500 rubles ($8). It warns hosted shops not to sell illegal goods, provides a “report site” method, and Digital Shadows reports evidence that it will remove products like credit card details.

READ MORE: Organization Calls for the Development of Tools to Monitor the Dark Web

Digital Shadows notes that there are non-criminal businesses hosted by Deer.io, even if it is hard to call “tennis score prediction” a “legitimate product.” However, bulk bot-registered social media accounts, hijacked social media accounts, popularity-faking tools for social media, and stolen bank accounts are much more common. The company also advertises with “well-known criminal forums” Xeksek, AntiChat, Zloy, and Exploit, and seems to encourage sites to do the same.

“Deer.io works according to the laws of the Russian Federation. Our clients can create shops that do not violate the laws of the Russian Federation. We block shops that sell drugs/stolen bank accounts. We will also block any shop if requested by Roskomnadzor or the competent authorities of the Russian Federation,” Deer.io told Softpedia in a response to the report.

Perhaps most troubling is the conclusion of Digital Shadows that Deer.io represents another service lowering the barrier to cybercrime entry, as DDoS-as-a-Service and exploit kits for sale have done.

A report from Trend Micro in late 2015 called the criminal internet activity in North America a “glass tank” for its obviousness.

Source: TheWHIR

VeriSign processed 10 million new .com and .net registrations in the quarter, up from 8.7 million in the first quarter of 2015.

The number of .com and .net sites redirecting to LinkedIn increased by 35 percent, while the number leading to Amazon.com, Etsy, Facebook and Twitter were all between 23 and 30 percent. The number of sites redirecting to Chinese social media site Weibo jumped 49 percent.

The report cites DN Journal aftermarket sale price tracking, which shows the top 10 .com domain names resold for an average of $315,800 in Q1 2016. Two years ago Sedo reported the third highest price for a public .com domain sale in the first half of 2014 was $320,000 for malls.com.

VeriSign’s daily DNS query load increased by 0.5 percent, but the peak actually decreased by 2.7 percent, though the year-over-year query load increased by 3.5 and 14.2 percent, respectively. By contrast, the query load jumped by 8 percent as a daily average and 225 percent at peak from Q2 to Q3 2015, resulting in 4.8 and 86.4 percent year-over-year increases.

Source: TheWHIR

IT departments are making gains in visibility, with 54 percent saying the department is aware of all cloud applications, platforms, and infrastructure services in use, up from 45 percent two years ago. Also, the number of respondents saying it is more difficult to protect data using cloud services fell from 60 to 54 percent, however those gains were offset by more broadly reported challenges in controlling end-user access.

“Cloud security continues to be a challenge for companies, especially in dealing with the complexity of privacy and data protection regulations,” Dr. Larry Ponemon, chairman and founder, Ponemon Institute said. “To ensure compliance, it is important for companies to consider deploying such technologies as encryption, tokenization or other cryptographic solutions to secure sensitive data transferred and stored in the cloud.”

The number of companies storing customer data in the cloud is increasing, with nine percent more organizations reporting the practice than in 2014, despite 53 percent still saying that is where it is most at risk.

Almost three-quarters say encryption and tokenization are important, and even more think it will be important over the next two years. However, almost two-thirds (64 percent) said their company does not have policies requiring safeguards like encryption for certain cloud applications.

Seventy-seven percent say managing identities is harder in the cloud than on-premises, yet only 55 percent have adopted multi-factor authentication.

“Organizations have embraced the cloud with its benefits of cost and flexibility but they are still struggling with maintaining control of their data and compliance in virtual environments,” said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto. “It’s quite obvious security measures are not keeping pace because the cloud challenges traditional approaches of protecting data when it was just stored on the network. It is an issue that can only be solved with a data-centric approach in which IT organizations can uniformly protect customer and corporate information across the dozens of cloud-based services their employees and internal departments rely every day.”

The report recommends organizations set comprehensive policies for data governance and compliance, as well as guidelines for sourcing cloud services, and cloud data storage rules.

A study released in June by Alert Logic indicated that workloads were subject to the same security operations strategy regardless of the infrastructure they are on.

Source: TheWHIR

With the new offering, ZENEDGE assigns clients a DDoS-protected IP address range from its IP pool. It establishes a GRE tunnel to route traffic between the companies servers and the ZENEDGE protected IP network, and then directs new traffic through ZENEDGE via a DNS change.

“ZENEDGE serves many gaming companies, SaaS providers and organizations who are hosting their solutions in a colocated data center or in the cloud,” Leon Kuperman, CTO of ZENEDGE said in a statement. “While these organizations operate smaller networks and don’t control their routers, they are nevertheless consistently targeted with volumetric DDoS attacks.”

SEE ALSO: DDoS Attack Victims Have 82 Percent Chance of Being Hit Again: Report

The company says gaming companies and others using proprietary protocols, UDP, VPN, or non-standard TCP ports.

With network layer DDoS attacks costing up to $40,000 per hour according to a 2015 report, the solvency of smaller organizations without protection could be at risk.

ZENEDGE received $4 million in a Series B funding round late last year.

Source: TheWHIR

“Businesses that have made the transition to the cloud quickly realize the significant financial and operational advantages, but the reality is that Canadian customers do not have enough options for simple, cost effective cloud computing solutions,” Mark Schrutt, Research Vice President, Services and Enterprise Applications, IDC said in a statement. “New services like Rogers Public Cloud will make it easier for businesses to adopt cloud solutions and could ultimately foster more innovation as customers get access to more efficient, cost-effective IT as-a-service solutions.”

Rogers operates 17 data centers in Canada, and will run its public cloud from four Tier III certified locations in Calgary, Edmonton, Toronto, and Ottawa, ensuring consistent uptime and availability, the company said.

SEE ALSO: Amazon Plans First Cloud Data Centers in Canada

France-based OVH entered the Canadian market with a data center in Montreal in 2013. The company became a platinum sponsor of the Let’s Encrypt project late last year.

The Canadian government has been considering additional data protection measures for some time, but is not expected to introduce major regulatory changes applying to cloud services in the near future.

Source: TheWHIR

At this point #HostingCon is buzzing with friends in the industry connecting ahead of the show next week.

As you pack for the big event, you can familiarize yourself with keynote speaker Andrew Blum and his quest to broaden understanding of the internet by watching his Ted Talk.

The 2016 edition of HostingCon Global is shaping up to be the biggest and best in its 12-year history. By size, quality, and staying power, HostingCon Global is the top vendor neutral conference and trade show for the web hosting and cloud services industry. Register today if you haven’t already; it’s a show not to be missed!

Source: TheWHIR

“Weak privileged account management is a rampant epidemic at large enterprises and governments globally,” Steve Morgan, founder and CEO at Cybersecurity Ventures said in a statement. “Privileged accounts contain the keys to the IT kingdom, and they are a primary target for cybercriminals and hackers-for-hire who are launching increasingly sophisticated cyber-attacks on businesses and costing the world’s economies trillions of dollars in damages. We expect the needle on automated (PAM) solutions adoption to move fairly quickly into the 50 percent range over the next two years.”

Three out of 10 organizations allow accounts and passwords to be shared; three out of 10 have no formal password controls, and four out of 10 use the same security for privileged and standard accounts.

SEE ALSO: Report: Cloud Requires New Approach to Security Operations

Nearly one in five organizations have never changed the default passwords on their privileged accounts, and while many of the report’s findings are unsettling, this practice is so obviously negligent that one has to wonder about possible legal ramifications. Clients, partners, and shareholders of any given business should have assurances that it will not be brought to a standstill and suffer major losses from a years-old “admin” password.

Only 10 percent of those surveyed have implemented commercial automated PAM security, perhaps in part because 30 percent say they have not communicated the importance of following IT security policies to stakeholders.

The PAM report also puts a new spin on previous reports like the Ping Identity study from late 2015 which showed enterprise employees often share credentials for devices they do work on with family members and commonly reuse passwords. If the organization neglects basic credential controls, it is unrealistic to expect employees to pick up the slack.

Source: TheWHIR