Daily Archives: September 5, 2019

Don’t Let Your Analysts Become the Latest Victims of Burnout!

Working as a cybersecurity analyst is incredibly challenging. It’s one of the only roles in IT that requires 24/7/365 availability. The constant stressors of the job can overload security analysts, which ultimately leads to burnout—affecting every factor of the job from performance to talent retention. Recently recognized by the World Health Organization (WHO) as an […]… Read More

The post Don’t Let Your Analysts Become the Latest Victims of Burnout! appeared first on The State of Security.

Expect More Spam Calls and SIM-Card Scams: 400 Million Phone Numbers Exposed

As much as I love this one friend of mine, nothing is private when we’re together. You probably have a friend like this. The relationship is really great so you stay friends despite all, but this particular friend simply cannot know something about you without sharing it with others no matter how hard you try to get them to understand it’s totally uncool. 

Facebook Is an Open Book

They did it again this week with news that 419 million records, including phone numbers and user IDs, were scraped from Facebook and stored in a database that was just sitting online accessible to anyone who might like to peruse it. More than 130 million of those compromised by the discovery were American users. Another 18 million were UK users. A whopping 50 million hailed from Vietnam. 

Facebook later claimed about half that number were affected, or 220 million records. 

The information is at least a year old, which was when Facebook stopped allowing developers to have user phone numbers. So, we can call this a Facebook privacy facepalm legacy attack. It’s a sad state of Facebook privacy news fatigue that the urge is so strong to create privacy fail sub-categories—but there you have it. Introducing the legacy fail. 

Why It Matters

Some of the information out there was granular enough to allow a variety of scams, but the most serious is SIM-card swapping scams, where a criminal, armed with enough information about you, and most crucially your phone number, arranges to have your number moved to a phone in the criminal’s possession. 

Once the number has been transferred, the criminal has control of any accounts that are identified by caller ID (including many financial institutions) as well as any accounts protected by two-factor authentication. It is believed this was the method used to recently hack Jack Dempsey’s Twitter account. 

What You Can Do

Assume that you are a target, and tighten your protections. Your phone provider will have tips on the best practices to avoid SIM-card attacks, and common sense can be your guide regarding any unexpected phone calls, and practice the Three Ms:

Minimize your exposure. Don’t authenticate yourself to anyone unless you are in control of the interaction, don’t over-share on social media, be a good steward of your passwords, safeguard any documents that can be used to hijack your identity, and freeze your credit.

Monitor your accounts. Check your credit report religiously, keep track of your credit score, review major accounts daily if possible. (You can check two of your credit scores for free every month on Credit.com.) If you prefer a more laid back approach, see No. 5 above.

Manage the damage. Make sure you get on top of any incursion into your identity quickly and/or enroll in a program where professionals help you navigate and resolve identity compromises–oftentimes available for free, or at minimal cost, through insurance companies, financial services institutions and employers.

The post Expect More Spam Calls and SIM-Card Scams: 400 Million Phone Numbers Exposed appeared first on Adam Levin.

FTC fines YouTube, but do fines really encourage change? | TECH(feed)

The FTC hit yet another tech company with a seemingly massive fine for mishandling user data. This time, YouTube, owned by Google, is forced to pay $170 million for collecting data about children under 13 without parental consent. The Federal Trade Commission slapped Facebook with a $5 billion fine just a few months ago. In this episode of TECH(feed), Juliet asks whether or not these fines are effective in regulating the tech industry.

iPhone Users: Here’s What You Need to Know About the Latest iOS Hacks

iPhone hacks have often been considered by some to be a rare occurrence. However, a group of Google researchers recently discovered that someone has been exploiting multiple iPhone vulnerabilities for the last two years. How? Simply by getting users to visit a website.

How exactly does this exploitation campaign work? According to WIRED, researchers revealed a handful of websites that had assembled five exploit chains. These exploit chains are tools that link security vulnerabilities together and allow a hacker to penetrate each layer of iOS digital protections. This campaign took advantage of 14 security flaws, resulting in the attacker gaining complete control over a user’s phone. Researchers state that these malicious sites were programmed to assess the Apple devices that loaded them and compromise the devices with powerful monitoring malware if possible. Once the malware was installed, it could monitor live location data, grab photos, contacts, passwords, or other sensitive information from the iOS Keychain.

So, what makes this attack unique? For starters, this exploitation campaign hides in plain sight, uploading information without any encryption. If a user monitored their network traffic, they would notice activity as their data was being uploaded to the hacker’s server. Additionally, a user would be able to see suspicious activity if they connected their device to their computer and reviewed console logs. Console logs show the codes for the programs being run on the device. However, since this method would require a user to take the extra step of plugging their iPhone into a computer, it’s highly unlikely that they would notice the suspicious activity.

Although iOS exploits usually require a variety of complexities to be successful, this exploitation campaign proves that iOS hacking is very much alive and kicking. So, what can Apple users do to help ward off these kinds of attacks? Here’s how you can help keep your device secure:

  • Install automatic updates. In your device settings, choose to have automatic updates installed on your device. This will ensure that you have the latest security patches for vulnerabilities like the ones leveraged in these exploit chains as soon as they’re available.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post iPhone Users: Here’s What You Need to Know About the Latest iOS Hacks appeared first on McAfee Blogs.

Foundations of Microsoft Flow—secure and compliant automation, part 1

Automation services are steadily becoming significant drivers of modern IT, helping improve efficiency and cost effectiveness for organizations. A recent McKinsey survey discovered that “the majority of all respondents (57 percent) say their organizations are at least piloting the automation of processes in one or more business units or functions. Another 38 percent say their organizations have not begun to automate business processes, but nearly half of them say their organizations plan to do so within the next year.”

Automation is no longer a theme of the future, but a necessity of the present, playing a key role in a growing number of IT and user scenarios. As security professionals, you’ll need to recommend an automation service that enables your organization to reap its benefits without sacrificing on strict security and compliance standards.

In our two-part series, we share how Microsoft delivers on the promise of empowering a secure, compliant, and automated organization. In part 1, we provide a quick intro into Microsoft Flow and provide an overview into its best-in-class, secure infrastructure. In part 2, we go deeper into how Flow secures your users and data, as well as enhances the IT experience. We also cover Flow’s privacy and certifications to give you a glimpse into the rigorous compliance protocols the service supports. Let’s get started by introducing you to Flow.

To support the need for secure and compliant automation, Microsoft launched Flow. With Flow, organizations will experience:

  • Seamlessly integrated automation at scale.
  • Accelerated productivity.
  • Secure and compliant automation.

Secure and compliant automation is perhaps the most interesting value of Flow for this audience, but let’s discuss the first two benefits before diving into the third.

Integrated automation at scale

Flow is a Software as a Service (SaaS) automation service used by customers ranging from large enterprises, such as Virgin Atlantic, to smaller organizations, such as G&J Pepsi. Importantly, Flow serves as a foundational pillar for the Microsoft Power Platform, a seamlessly integrated, low-code development platform enabling easier and quicker application development. With Power Platform, organizations analyze data with Power BI, act on data through Microsoft PowerApps, and automate processes using Flow (Figure 1).

Diagram showing app automation driving business processes with Flow. The diagram shows Flow, PowerApps, and Power BI circling CDS, AI Builder, and Data Connectors.

Figure 1. Power Platform offers a seamless loop to deliver your business goals.

Low-code platforms can help scale IT capabilities to create a broader range of application developers—from the citizen to pro developer (Figure 2). With growing burdens on IT, scaling IT through citizen developers who design their own business applications, is a tremendous advantage. Flow is also differentiated from all other automated services because of its native integration with Microsoft 365, Dynamics 365, and Azure.

Image showing Citizen Developers, IT/Admins, and Pro Developers.

Figure 2. Low-code development platforms empower everyone to become a developer, from the citizen developer to the pro developer.

Accelerated productivity

Flow accelerates your organization’s productivity. The productivity benefits from Flow were recently quantified in a Total Economic Impact (TEI) study conducted by Forrester Research and commissioned by Microsoft (The Total Economic Impact™ Of PowerApps And Microsoft Flow, June 2018). Forrester determined that over a three-year period Flow helped organizations reduce application development and application management costs while saving thousands of employee hours (Figure 3).

Image showing 70% for Application development costs, 38% for Application management costs, and +122K for Worker Hours Saved.

Figure 3. Forrester TEI study results on the reduced application development and management costs and total worker hours saved.

Built with security and compliance

Automation will be the backbone for efficiency across much of your IT environment, so choosing the right service can have enormous impact on delivering the best business outcomes. As a security professional, you must ultimately select the service which best balances the benefits from automation with the rigorous security and compliance requirements of your organization. Let’s now dive into how Flow is built on a foundation of security and compliance, so that selecting Flow as your automation service is an easy decision.

A secure infrastructure

Comprehensive security accounts for a wide variety of attack vectors, and since Flow is a SaaS offering, infrastructure security is an important component and where we’ll start. Flow is a global service deployed in datacenters across the world (Figure 4). Security begins with the physical datacenter, which includes perimeter fencing, video cameras, security personnel, secure entrances, and real-time communications networks—continuing from every area of the facility to each server unit. To learn more about how our datacenters are secured, take a virtual tour.

The physical security is complemented with threat management of our cloud ecosystem. Microsoft security teams leverage sophisticated data analytics and machine learning and continuously pen-test against distributed-denial-of-service (DDoS) attacks and other intrusions.

Flow also has the luxury of being the only automation service natively built on Azure which has an architecture designed to secure and protect data. Each datacenter deployment of Flow consists of two clusters:

  • Web Front End (WFE) cluster—A user connects to the WFE before accessing any information in Flow. Servers in the WFE cluster authenticate users with Azure Active Directory (Azure AD), which stores user identities and authorizes access to data. Azure Traffic Manager finds the nearest Flow deployment, and that WFE cluster manages sign-in and authentication.
  • Backend cluster—All subsequent activity and access to data is handled through the back-end cluster. It manages dashboards, visualizations, datasets, reports, data storage, data connections, and data refresh activities. The backend cluster hosts many roles, including Azure API Management, Gateway, Presentation, Data, Background Job Processing, and Data Movement.

Users directly interact only with the Gateway role and Azure API Management, which are accessible through the internet. These roles perform authentication, authorization, distributed denial-of-service (DDoS) protection, bandwidth throttling, load balancing, routing, and other security, performance, and availability functions. There is a distinction between roles users can access and roles only accessible by the system.

Stay tuned for part 2 of our series where we’ll go deeper into how Flow further secures authentication of your users and data, and enhances the IT experience, all while aligning to several regulatory frameworks.

Image showing Microsoft’s global datacenter locations.

Figure 4. Microsoft’s global datacenter locations.

Let Flow enhance your digital transformation

Let your organization start benefiting from one of the most powerful and secure automation services available on the market. Watch the video and follow the instructions to get started with Flow. Be sure to join the growing Flow community and participate in discussions, provide insights, and even influence product roadmap. Also, follow the Flow blog to get news on the latest Flow updates and read our white paper on best practices for deploying Flow in your organization. Be sure to check out part 2 where we dive deeper into how Flow offers the best and broadest security and compliance foundation for any automation service available in the market.

Additional resources

The post Foundations of Microsoft Flow—secure and compliant automation, part 1 appeared first on Microsoft Security.

Easier Management with Integrated Endpoint Security

Integration matters. We at McAfee have been advocating the administrative benefits of integrated, centrally managed endpoint security for decades, but you don’t just have to take our word for it. A recent independently written article in BizTech Magazine concurs.

BizTech explores technology and business issues that IT leaders and business managers face when they’re evaluating and implementing solutions. In “Businesses Find Endpoint Security Easier to Manage with Integrated Solutions,” journalist Kym Gilhooly references a number of independent security surveys as well as interviews a CISO, an IT manager, and a network administrator at three different companies. Each of these cybersecurity professionals and their respective small and medium-sized companies came to the conclusion that, to defend against today’s breadth of threats—from signature-based to zero-day, known and unknown— an integrated security approach combining endpoint detection and response (EDR), next-generation antivirus, and application control makes more sense than deploying discrete solutions.

Uniting these technologies in one integrated solution has allowed them to take action across the threat defense lifecycle—from detecting and blocking threats and whitelisting critical applications to tracking down malicious exploits during or before execution and helping incident response teams respond and remediate faster. As CISO Tony Taylor of dairy company Land O’Lakes points out in the article, “There are lots of security tools out there, but if you don’t integrate the stack, you’ve got to associate all that information and make the connections yourself.”

EDR Becoming an Integral Component of Endpoint Security

All the companies interviewed by Gilhooly affirm the importance of EDR in their security defense. As an IT manager at a 500-employee retail company states in the article, “The days when IT took a set-it-and-forget-it approach to endpoint security are over.” The ability to quickly investigate threats—whether reactively seeking to understand where a threat originated, how it spread and what damage it caused, or proactively hunting for anomalous behavior and dormant threats—is becoming a must-have tool to shrink the response and remediation gap.

What’s more, the article recognizes that an integrated EDR-EPP (endpoint protection software) solution makes much more sense than bolting on an EDR point solution. That’s because EDR and EPP can enhance each other’s effectiveness. For instance, if a company uses McAfee Endpoint Security or SaaS-based McAfee MVISION Endpoint alongside McAfee MVISION EDR, when the EPP part of the integrated solution detects anomalous behavior on an endpoint—but not enough to convict it—an analyst can use EDR to enrich the data, subsequently raising or lowering the incident’s severity ranking. On the flip side, when the EDR part detects an unknown threat in the environment, the analyst can query the threat reputation database and share new threat information instantly across endpoints via the EPP.

The more cyberdefense tools can collaborate and be managed as a unified solution, the more actions can be automated, IT staff burdens reduced, and time freed up for more proactive forensics and other activities.

In short, the BizTech article reiterates what we’ve been saying: Integration is more than just a buzzword. It’s time to stop thinking about EDR as an add-on, or EPP and EDR as separate entities. It’s also time to start moving endpoint security to the cloud. The article touches on that, too.

To learn more about effective endpoint security strategy, be sure to follow us @McAfee and @McAfee_Business.


“There are lots of security tools out there, but if you don’t integrate the stack, you’ve got to associate all that information and make the connections yourself.”

— Land O’Lakes CISO Tony Taylor (as quoted in BizTech)



The post Easier Management with Integrated Endpoint Security appeared first on McAfee Blogs.

A fresh, new look for the CMD+CTRL Cyber Range: Part 4

As you’ve seen, we’re announcing a bunch of new features and improvements in our CMD+CTRL Cyber Range to give you an experience that you’ll remember. Over a few weeks, we’ll dive into these new features to provide you with an idea of what to expect. Today we’ll show you how quickly and easily you can create your own cyber range event. 

Hundreds of millions of Facebook users’ phone numbers found lying around on the internet

A security researcher found a server on the internet containing more than 419 million records related to Facebook users.

No password protection was in place – meaning the treasure trove of phone numbers was available to literally anybody with an internet connection.

Read more in my article on the Tripwire State of Security blog.

The Human Element of Pen Testing and the Role Tools Can Play


Science fiction novels, TV shows, and movies often demonstrate the possibility of, and perhaps the danger of, computers and machines taking over the day to day jobs that humans once completed. While this has come to fruition in some instances, like with many factory jobs now being completed by highly specialized robots, more often than not, these inventions and innovations serve as tools to enhance human skills, not replace them. This is the case in the cybersecurity world, especially when it comes to penetration tests. Read on to find out about misconceptions about penetration tests, why they will always require the human element, and how tools can be an invaluable resource for pen testers.

Vulnerability Scan or Penetration Test?

Many use vulnerability scans or vulnerability assessments as terms that are synonymous with penetration tests. However, there are clear differences between the two. Vulnerability scans look for and report on if known vulnerabilities are present within an IT environment. These scans are great to run on a regular basis in order to make sure your infrastructure is up to snuff on basic security measures.  However, since vulnerability assessments only alert you to the existence of vulnerabilities in your systems, but do not take any further action, they often do not require anything more than a user to press “run.”

Penetration tests, on the other hand, are far more complex. Vulnerability scans identify potential risks, while penetration testers investigate that potential. While something may look like a risk at first glance, until you put it through its paces, you don’t know what kind of risk it is.

Pen testers evaluate an environment’s security by exploiting weaknesses, breaching systems using a variety of methods and tools in order to simulate what would happen if an organization was hit with a real-world attack. Penetration tests are more expansive and provide a roadmap for organizations to know exactly what needs to be remediated. Since these tests are unique to every environment and may require a combination of skills in order to successfully infiltrate an environment, they simply cannot be done without any human interaction. 

Automation Does Not Mean Automatic

As pen testing tools have become more widely available, there has been a growing misconception that pen testing will also be as simple as running some software and walking away. While pen testing tools do provide some automation, this does not mean the entire pen testing process is automatic. At the very least, humans must be involved to choose which automations should be run and tailor them to an organization.

For example, Core Impact features Rapid Penetration Tests (RPTs) which allow beginning pen testers to build and run step by step automations using user friendly wizards. These RPTs focus on completing high level tasks in specific areas. These automations are designed to make the pen testing process more efficient, but don’t replace the sophisticated detail and analysis that goes into an effective pen test. For instance, the act of deploying phishing emails and collecting data on who opened them for a social engineering campaign can be automated. Pen testers must still research phishes that are out in the wild, create the content of the emails, and analyze the collected data for deeper meaning and wider trends.

Human Adversaries Require Human Defenders

As described above, penetration tests are intended to imitate real world attack scenarios. Real world attacks are made by humans with set motivations. Computers don’t attack other systems of their own volition. In order to authentically replicate these attacks, human pen testers are needed to think like and act like attackers.

As security defenses become more sophisticated, threat actors have had to become more creative in order to achieve their end goals. In order to imitate these attackers, pen testers have to be equally creative. Part of what makes attackers and pen testers successful is by concentrating on a common blind spot of many organizations—lack of communication. Whether it’s a failure for departments to check in with one another on aligning practices, or systems not configured to know what the other parts of the IT environment are doing, or even failing to have centralized security, these issues leave an organization vulnerable to breach by a clever attacker. For instance, pen testers look for seemingly unrelated security weaknesses throughout their infrastructure and build on them to create composite attacks. On their own, these singular weaknesses may not cause any alarm. But when linked together, a pen tester can easily exploit a network’s defenses using only their skills of analytical observation.

That said, attackers also use tools in order to make their breach attempts more successful. The same is true for pen testers. These penetration testing tools are intended for human augmentation, not replacement—they allow pen testers to focus on thinking outside the box by taking over tasks that take time, but not brain power. When it comes to pen testing, it’s never a choice between penetration testing tools vs. penetration testers. Instead, it’s a choice of what penetration tools will help a penetration tester most.

A Winning Combination: Pen Testers and Core Impact

Core Impact empowers pen testers of all skill levels to replicate multi-staged attacks using commercially developed exploits in an easy to use environment. It helps pen testers that don’t have years of experience get up to speed by showing them all the ways to dynamically pen test with an intuitive interface, while also enabling senior pen testers to dive deeper and stay efficient. Take advantage of all of the red and purple teaming capabilities, utilize a vast threat library, and ensure that you leave no trace with programmable self-destruct capabilities for agents at different levels. Galvanize your security teams with the industry leading solution that will enable them to intelligently manage security weaknesses and safeguard your organization.



Human element of pen testing
Penetration testing
Big text: 
Resource type: 
Equip your pen testers with the most effective tools

See how Core Impact ensures comprehensive pen testing with a live demo from one of our experts.

Ransomware Attackers Demanded $5.3M from City of New Bedford

Digital criminals demanded $5.3 million in ransom from the City of New Bedford, Massachusetts following a ransomware attack. Jon Mitchell, Mayor of New Bedford, explained in a press briefing that the ransom demand came shortly after the City’s Management Information Systems (MIS) staff detected a ransomware attack in the early morning hours of 5 July […]… Read More

The post Ransomware Attackers Demanded $5.3M from City of New Bedford appeared first on The State of Security.

Defining the Principle of Least Privilege (POLP)

The Principle of Least Privilege, or POLP, is the idea that any user, program, or even process should only be provided the bare minimum of privilege for them to perform their function. For example, a new user created for the purpose of pulling records from a database may not need administrative privileges, while a programmer who updates lines of legacy code does not need access to financial records. The main principle of POLP is also known as the Principle of Least Authority, or POLA, and the Principle of Minimal Privilege, or POMP.

Following POLP is considered best practice for information security.

How It Works

The POLP works by granting just enough access to perform a specific task. Within an IT environment, this reduces the risk of malicious attacks gaining access to critical systems, as well as sensitive data, due to a low-level account user, a single device, or an application being compromised. By implementing the Principle of Least Privilege, this contains the compromise to the area of origin, which stops it from spreading.

Examples of Principle of Least Privilege (POLP)

The Principle of Least Privilege is applicable on every level of a system, including end users, devices, processes, networks, applications, systems, and all other facets of the IT environment. Here are examples of how POLP can work in practice.

User Accounts With POLP

An employee who’s tasked to enter information into a database requires access to the specific database. If a malware is able to infect this employee’s device, the infection would be limited to this database because that employee does not have access to other databases or systems.

MySQL Account With POLP

A MySQL account can use POLP by employing several different accounts to do a unique task. An online form that allows users to sort data should only use an account with sorting privileges. This way, if an attacker gains access, they are only granted one specific privilege. However, if that account has the ability to delete records, for example, the attacker would be able to wipe out the entire database.

“Just in Time” Least Privilege

A user who rarely needs root privileges should only be granted such freedom when working on a specific task. Otherwise, those privileges should be pulled. Disposable credentials are a great way to implement POLP and increase security.

POLP Benefits

POLP was established for enhanced security and so carries many benefits.

  • Enhanced Security – Edward Snowden was able to access and take millions of NSA files because he had administrator privileges even though his task was simply to create backups. Ever since, the NSA has implemented POLP.
  • Limit Malware Attacks – If a system or device is infected by malware, POLP is able to contain it to the original infection and prevent it from spreading throughout the network.
  • Improve Audits – The scope of an audit will dramatically reduce when POLP is in effect. On top of that, several regulations actually require companies to abide by this principle.
  • Improved Stability – The Principle of Least Privilege increases the system stability by limiting the effects of changes.

POLP Best Practices

  1. Do a privilege audit – Check all current accounts, programs, and processes to see if they have the right privileges or too much.
  2. Create accounts with least privilege – By default, new user accounts created should have the least possible privilege set and higher ones to be set later on.
  3. Separate privileges – There should be separate administrative accounts from standard ones and higher accounts from low-level system functions.
  4. Use “just in time” privilege – When possible, you should restrict raised privileges in moments of need only.
  5. Trace individual actions – Automatic auditing can simplify tracking and mitigation of damage.
  6. Regularize – In the practice of POLP, privilege audits should be done regularly to prevent old user accounts and processes from accumulating privileges they do not need.

Also Read,

API Security, Developers And Users Responsibility

5 Informative Security Podcasts to Listen To

Cybersecurity In Mid-2019: Nothing To See Here, Same Problems

The post Defining the Principle of Least Privilege (POLP) appeared first on .

Introduction to “Is Your Digital Front Door Unlocked?” a book by Gary Davis

“Is Your Digital Front Door Unlocked?” explores the modern implications of our human nature: our inherent inclination to share our experiences, specifically on the internet. Our increasing reliance on technology to connect with others has us sharing far more information about ourselves than we realize, and without a full understanding of the risks involved.

While we’re posting innocent poolside pictures, we’re also creating a collection of highly personal information. And not just on social media. It happens by simply going about our day. Whether it is the computers we use for work and play, the smartphones that are nearly always within arm’s reach, or the digital assistants that field household requests—all of these devices capture and share data about our habits, our interests, and even our comings and goings. Yet we largely don’t know it’s happening—or, for that matter, with whom we’re sharing this information, and to what end.

I wrote this book for anyone who wants to live online as safely and privately as possible, for the sake of themselves and their family. And that should be plenty of us. With news of data breaches, companies sharing our personal information without our knowledge, and cybercrime robbing the global economy of an estimated $600 billion a year, it’s easy to feel helpless. But we’re not. There are things we can do. It’s time to understand how we’re creating all this personal information so we can control its flow, and who has access to it. The book takes an even-handed look at the most prevalent privacy and security challenges facing individuals and families today. It skips the scare tactics that can dominate the topic, and illustrates the steps each of us can take to lead more private and secure lives in an increasingly connected world.

The notion that binds the book together is the idea of a personal data lake. “Data lake” is a widely used term in business to reflect a large repository of data that companies collect and store. In the book I explore how we create personal data lakes as we go about our digital lives. I explore how our data lakes fill as we do more and more activities online, and offer insights that can be used to protect our personal data lakes, so that we can live more privately and enjoy safe online experiences.

This book is for people in families of any size or structure. It looks at security and privacy across the stages of life, and explores the roles each of us play in those stages, from birth to the time we eventually leave a digital legacy behind, along with important milestones and transitional periods in between. You’ll see how security and privacy are pertinent at every step of your digital journey, and how specific age groups have concerns that are often unique to that stage of life. The structure allows you to easily navigate to the chapters and sections that most relate to the life stage you are in, and offers guidance.

This book, like most things in life, is about choice. You can choose to roll the dice and hope that you’re not one of the hundreds of millions who are victims each year of phishing scams, ransomware attacks, and identity theft, or among the handful of people who still fall for the Nigerian prince lottery scam. You can also choose to use your computers, tablets, smartphones, and personal assistants as you have been, letting companies grift all kinds of personal information from you, without your knowledge or consent. Or you can choose to embrace the guidelines outlined in the book and make it extremely more difficult for a bad actor or cybercriminal to make you or your loved ones a victim.

Gary Davis’ book, Is Your Digital Front Door Unlocked?, is available September 5, 2019 and can be ordered at amazon.com.

The post Introduction to “Is Your Digital Front Door Unlocked?” a book by Gary Davis appeared first on McAfee Blogs.

Smashing Security #144: Google helps the FBI, Twitter Jack’s hijack, and car data woes

Should Google really be helping the FBI with a bank robbery? What’s the story behind the Twitter CEO claiming there’s a bomb in their offices? And how much does your car really know about you?

And we mourn the loss of Doctor Who legend Terrance Dicks…

Ransomware Protection and Containment Strategies: Practical Guidance for Endpoint Protection, Hardening, and Containment

Ransomware is a global threat targeting organizations in all industries. The impact of a successful ransomware event can be material to an organization - including the loss of access to data, systems, and operational outages. The potential downtime, coupled with unforeseen expenses for restoration, recovery, and implementation of new security processes and controls can be overwhelming. Ransomware has become an increasingly popular choice for attackers over the past few years, and it’s easy to understand why given how simple it is to leverage in campaigns – while offering a healthy financial return for attackers.

In our latest report, Ransomware Protection and Containment Strategies: Practical Guidance for Endpoint Protection, Hardening, and Containment, we discuss steps organizations can proactively take to harden their environment to prevent the downstream impact of a ransomware event. These recommendations can also help organizations with prioritizing the most important steps required to contain and minimize the impact of a ransomware event after it occurs.

Ransomware is commonly deployed across an environment in two ways:

  1. Manual propagation by a threat actor after they’ve penetrated an environment and have administrator-level privileges broadly across the environment:
    • Manually run encryptors on targeted systems.
    • Deploy encryptors across the environment using Windows batch files (mount C$ shares, copy the encryptor, and execute it with the Microsoft PsExec tool).
    • Deploy encryptors with Microsoft Group Policy Objects (GPOs).
    • Deploy encryptors with existing software deployment tools utilized by the victim organization.
  2. Automated propagation:
    • Credential or Windows token extraction from disk or memory.
    • Trust relationships between systems – and leveraging methods such as Windows Management Instrumentation (WMI), SMB, or PsExec to bind to systems and execute payloads.
    • Unpatched exploitation methods (e.g., EternalBlue – addressed via Microsoft Security Bulletin MS17-010).

The report covers several technical recommendations to help organizations mitigate the risk of and contain ransomware events including:

  • Endpoint segmentation
  • Hardening against common exploitation methods
  • Reducing the exposure of privileged and service accounts
  • Cleartext password protections

If you are reading this report to aid your organization’s response to an existing ransomware event, it is important to understand how the ransomware was deployed through the environment and design your ransomware response appropriately. This guide should help organizations in that process.

Read the report today.

*Note: The recommendations in this report will help organizations mitigate the risk of and contain ransomware events. However, this report does not cover all aspects of a ransomware incident response. We do not discuss investigative techniques to identify and remove backdoors (ransomware operators often have multiple backdoors into victim environments), communicating and negotiating with threat actors, or recovering data once a decryptor is provided.

Cybersecurity to be the biggest threat to the enterprise for the next decade

Estimated reading time: 3 minutes

Ernst & Young (EY) conducted a CEO imperative survey and gathered exclusive insights from 200 global CEOs and some of Forbes’ largest private players about what they thought will be the biggest problem for businesses in the coming years? The professional services giant asked the same question to 100 senior investors that have managed at least $100 billion worth of assets.The result – the elite group of participants overwhelmingly voted for cybersecurity to be the biggest threat for the enterprise in the next five to ten years.

Seqrite is in agreement with the report and while stakeholders are thinking right, they are not fully understanding the gravity of the situation, at least not yet.

As per our findings for Q1 – 2019 that Seqrite released through a periodic threat report recently, our labs detected 28 million malware to penetrate Windows Operating Systems, and this is just for three months.

Cyber attackers are always trying to stay one step ahead when it comes to designing malware that can outsmart the best cybersecurity systems. Recent examples of malware such as Emotet and TrickBot are classic use cases of how sophisticated and complex malware is evolving into.

If enterprises have to consider cyberattacks as the main problem here, stakeholders need to look at the mediums through which malware penetrates into a business network. So here, we have a host of channels such as emails, content collaboration platforms, office messengers, social media, websites, etc.

Today’s times are times of digital transformation. More and more organizations are going digital by lightning speeds. This change is dynamically required for every business for a number of reasons some of which are –

  • To stay at par with the competition
  • To be efficient and agile
  • To be fast and to be in sync with how everybody is doing business today

Hence, the aforementioned penetration channels are in reality the core component of an enterprise’s initiative for digitalization. Hackers know that businesses cannot function without digital mediums and this is where most attacks are happening nowadays. Compare this to a couple of decades back where businesses were alien to cyberattacks as digitalization was at its minimum.

  • Businesses that have experienced cyberattacks on operational technology infrastructure – 31%
  • On average, companies lose $2.4 million after a malware attack with up to 50 days of downtime
  • By 2021, cyberattacks are expected to damage the global economy by $6 trillion

Maybe large corporations can recover from this – however, for SMBs and SOHOs the impact of such an attack is going to be back-breaking. CXOs everywhere need to think more about when an attack will happen rather than if it will. This automatically transforms cyberthreats to be more of a business problem than an IT problem.

CTOs and CISOs largely come in the picture here. Secondly, budget re-alignments automatically get highlighted to prioritize more on safeguarding the enterprise. So far, budget allocations have been biased towards enterprise domains such as marketing, sales and IT. This needs to change and cybersecurity needs to receive a substantial chunk of annual budgets.

As for technology officers in the company, they need to start implementing simple but effective methods to secure business networks from cyberattacks.

Secure endpoints, networks, and data

Collaborating with a proven cybersecurity expert is always favourable then procuring an in-house team to fence an enterprises’ Information Technology Infrastructure. CTOs and CISOs should opt for a single solution that encapsulates securing every digital medium made available for the enterprise.

Review cybersecurity readiness of the employees periodically

The biggest threat to enterprise data is its employees. It’s not like employees are making mistakes while knowing that they are doing so. Innocent mistakes happen and with the increasing culture of BYOD and CYOD, critical business data is at risk. Hence, reviewing the cybersecurity readiness of employees periodically is important.

Conduct third-party audits to avoid supply chain attacks

Hacker tendency is such that they will always try and attack the weakest links in an enterprise. Supply chain attacks can happen in any industry and third-party audits act as medical tests to understand if these systems are sick, beforehand.

Have an action plan in place and prepare for the worst-case scenario

CXOs need to zero in on contingency plans in case of an attack. Designing protocols and business continuity processes in case of an attack event helps in ensuring the status quo of an enterprise.

Seqrite is one of the best-in-class cybersecurity solutions that enterprises can leverage on for an invincible cybersecurity system. Cyberattacks are here to stay with hackers finding varied ways to attack networks, more so jumping on to the gold rush created by cyber attacks pertaining to cryptocurrency, data theft, and financial information. With an entourage of CEOs agreeing to the dangers of cybercrimes, enterprises should act now!

The post Cybersecurity to be the biggest threat to the enterprise for the next decade appeared first on Seqrite Blog.

Is cyber security software worth the investment?

‘Do we really need to spend a load of money on cyber security software?’ you might ask. You have built-in antivirus, so won’t that do?

No. Cyber security is about more than preventing viruses and malware. Criminals have plenty of other tricks for breaking into your organisation, so you must purchase software to close as many gaps as possible.

Why cyber security software is so important

Over the past few years, organisations and individuals have acknowledged the severity of the threat posed by cyber crime. We tracked 557 data breaches last year alone, with organisations of all sizes coming under attack.

Meanwhile, the introduction of the GDPR (General Data Protection Regulation) has raised the stakes when it comes to effective security. Organisations that fail to secure data properly, or that violate individuals’ privacy rights, face fines of up to €20 million (about £18 million) or 4% of their annual global turnover.

If organisations are to avoid suffering data breaches, they need to protect their systems. Many people believe that refers to technological solutions – but although that’s our focus here, it’s only one way to secure your organisation.

After all, it’s no good purchasing cyber security software if no one knows how to use it or employees expose data in other ways. That’s why technology must always be complemented with security policies and staff awareness training, in what is often known as the people–processes–technology model.

The reason so many people focus on technology, as opposed to people or processes, is that it does a lot of the heavy lifting in a security framework.

Most data breaches are the result of basic mistakes that all three parts of the model address, but whereas ‘people’ and ‘processes’ are designed to change poor security habits – something that takes time and effort – security software can be plugged straight into the system.

It doesn’t address the root cause of the problem, but it prevents breaches from occurring.

For example, access controls, which limit who can view certain information, doesn’t stop an employee from wanting to view sensitive information (or even explain why this is a security concern), but it does ensure that a breach doesn’t occur.

There are myriad programs designed to protect your organisation in ways like this. In the next section, we run through some of the most common types of software and how they work.

Examples of cyber security software

  • Antivirus and anti-malware

Antivirus software is the quintessential example of cyber security technology. It was originally designed to root out viruses, but modern software now generally includes protection against a broad range of malicious programs, including malware, ransomware, keyloggers, Trojan horses, worms, adware and spyware.

The software scans your computers, looking for files that match its built-in database of known viruses and malware, and either deletes them or alerts you to their presence.

Antivirus and anti-malware software are essential for all businesses that use online systems. Malicious programs are hidden in all kinds of files, and it’s only a matter of time before an employee downloads something harmful or a criminal otherwise infects your organisation.

  • Firewalls

Firewalls create a buffer between your IT systems and external networks. They monitor network traffic, and identify and block unwanted traffic that could damage your computers, systems and networks.

Implementing firewalls helps protect organisations from criminal hackers trying to break into their networks, and from outgoing traffic originating from a virus.

  • System monitoring

There are several inexpensive tools you can use to detect suspicious activity on your organisation’s networks.

Such activity includes attempts to access privileged information (whether from an employee or external actor), login attempts from unusual locations, and unusual activity related to the way information was viewed.

Monitoring this information gives you a head start when it comes to active or attempted system compromises.

  • Access controls

Access controls ensure that staff can only view information that’s relevant to their job. For example, someone in marketing must be able to view contact information for those who have signed up for a service, but they won’t need access to, say, HR files and payroll data.

Walling off those parts of the system ensures that staff can’t compromise that data, either accidentally or maliciously. It also protects organisations should a criminal hacker break into an employee’s account, as they will only be able to view a select amount of data.

How do you know which software is necessary?

The examples we’ve listed will be essential for almost every organisation, as they address universal issues. But what about other types of software, like encryption programs? Should you invest in those?

The answer can be found by conducting a risk assessment. This is a process in which you identify, analyse and evaluate security risks and determine appropriate solutions.

If, once you’ve completed the assessment, you decide that certain software is necessary, then you should purchase it. If you don’t need it, then invest your money elsewhere.

A software solution to help you decide

There’s a lot at stake when you conduct a risk assessment, so it’s a good idea to get expert advice. That’s where vsRisk Cloud comes in.

This online tool helps you conduct an information security risk assessment aligned with ISO 27001, the international standard for information security.

With vsRisk Cloud, you’ll get repeatable, consistent assessments year after year. Its integrated risk, vulnerability and threat database eliminates the need to compile a list of risks, and the built-in controls helps you comply with multiple frameworks, including the GDPR.

The post Is cyber security software worth the investment? appeared first on IT Governance Blog.