Stat of the Week
A spooky stat for Cybersecurity Awareness Month - The average cost of a successful phishing attack on a single small or medium-sized business: $1.6 Million.
| An Industry Short of Skilled Workers Hasn't Fully Explored One Solution: Women.
The cybersecurity industry desperately needs more skilled workers to help protect our data, yet experts in the field say it has only just begun to explore one obvious solution: recruit more women.
Where Are All the Women?
In Canada, women make up only about 10 percent of the cybersecurity workforce. Globally, this number is only slightly higher at 11 percent.
There are a number of reasons why. Often the field simply isn't on the radar of girls and women as they pick post-secondary programs and consider new careers.
Pushing for Change
A non-profit called the Women CyberSecurity Society, is aimed at helping women and girls interested in the cybersecurity field find good careers — and then supporting them so they want to stay. It really comes down to heightened awareness on the topic — led by numerous women in cyber associations and initiatives — all of which is helping move the needle in a positive direction.
It's Not Just About Knowing How to Code
Women can enter the cybersecurity industry in more than one way - there are all kinds of jobs in cybersecurity and not all of them centre around coding. Companies hiring and women looking for roles should also consider entering the industry through compliance, client management, auditing or sales.
| FYI, October is Cybersecurity Awareness Month
Take the time this October, during Cyber Security Awareness Month, to review your online safety practices. Cyber security matters to everyone, every day.
That's the number of passwords across the web that Google has found to be exposed publicly (aka, hacked). We can also take this as an an opportune time to remind every organization of the importance of “awareness” to their cybersecurity programs.
Have I Been Hacked? How Can I Know?
Don't panic. But, it's time to take a look in the mirror and evaluate your passwords. Odds are some of them are weak, reused across multiple accounts, or may have been compromised already. Google's Password Checkup can help. It analyzes all your saved passwords and lets you know which ones may need a refresh. So you can change things up, and also sleep knowing your accounts are safe.
| Cybersecurity Warning: This Sophisticated Russian Hacking Group is Back in Action Again
A Russian cyber espionage operation which was one of the groups which hacked into Democratic National Committee in the run-up to the 2016 US Presidential election has been busy with attacks against government departments across Europe and beyond.
A Not So Cozy Bear
The Cozy Bear hacking group – also known as APT29 – is believed to be associated with the Russian intelligence service and, alongside Russian military hacking group Fancy Bear, was involved in a number of high profile attacks between 2014 and 2017.
So, What is the Threat?
Like other campaigns by Cozy Bear, attacks begin with targeted spear-phishing emails designed to lure victims into clicking a malicious link or downloading malware via an attachment – however the initial compromise emails haven't yet been identified.
From there, the attackers, steal login details to roam across networks, often exploiting admin credentials to do so.
Even If They Go Dark, Doesn't Mean Espionage Activity Has Stopped
Researchers also warn that just because an APT threat group appears to have gone dark, it doesn't mean they've stopped espionage activity – indeed, the very nature of spying means they're doing all they can to avoid detection. And while groups like Cozy Bear might occasionally pause activity, it's ultimately their job to conduct espionage at all times – so the group will return again in future.