Organizations aren’t moving quickly enough on cybersecurity threats linked to the drive toward using personal mobile devices in the workplace, warns a QUT privacy researcher. QUT’s Dr Kenan Degirmenci BYOD security challenges everywhere Dr Kenan Degirmenci from QUT’s Science and Engineering Faculty’s School of Information Systems said workers worldwide expected to take their work with them whenever and wherever. But he warned Bring Your Own Device (BYOD) had opened up a can of worms for … More
Thanks to increasing cyberthreats, the role of the Chief Information Security Officer (CISO) in an organization is only expanding. More and more CISOs are now part of senior leadership teams, reporting directly to the Chief Executive Officer. There is a growing awareness about the significant need to secure an enterprise from the vast number of cyber threats that attempt proliferation. CISOs are also appreciated due to high-pressure environments they operate in.
That’s exactly the reason CISOs of most organizations spend a lot of time making plans to deal with various kinds of cybersecurity challenges. All these threats use different types of vectors, affecting an organization in different ways. On top of that, the threat landscape keeps changing as cybercriminals continuously evolve in their attack methodologies.
Evidently, even now then, CISOs have to be on the lookout for invading malware threats.
Seqrite suggests CISOs watch out specifically for these five top threats –
Most CISOs all over the world were caught off guard when the WannaCry and NoPetya attacks happened.
It wasn’t just the attack itself, but also the sheer scale and simplicity by which it spread. In a matter of days, systems across disparate countries were affected, infrastructure came close to shutting down and there was utter chaos. The audacity of criminals stealing enterprise data and asking for money to release the information was unparallel. Without doubt, it represented a seminal point in cybersecurity history and hence is one of the biggest challenges which continues to plague CISOs.
The BYOD & CYOD culture
Businesses encouraging the adoption of employees working on mobile devices outside secure office networks have expanded the CISO’s work profile. From the position of cybersecurity, BYOD & CYOD policies cause immense risk. Confidential business information is carried on personal devices which are not as secure as corporate endpoints.
The CISO might work painstakingly to ensure that systems inside the company network are updated and patched without any of the latest vulnerabilities. Unfortunately, the same guarantee cannot be given for a personal device. In order for personal devices to have some level of protection will mean that CISOs explore completely new ways and processes to do so.
The CISO balancing productivity with security
CISOs nowadays are also tasked with balancing between employee productivity and security.
The millennial workforce demands more freedom and access which can open an entire channel of cyberthreats for the enterprise. On the other, clamping down too heavily on employees in the interest of information security leads to reduced motivation and hence, less productivity among employees. CISOs need to manage this very carefully as there is no one-size-fits-all mobility solution. Every organization is different and every organization’s security needs are different.
CISOs worry about protecting enterprise data in a world where data loss is becoming excessively common. Data breaches are regularly in the news – headlines and its repercussions can often be swift. It is ultimately the CISO’s main responsibility to ensure that enterprise data is safely stored and secured. That though is easier said than done hinting CISOs to always be at the top of their cybersecurity game.
An eye on the future
Every year brings new threats – as a senior leader in an organization, it is the CISO’s responsibility to ensure that the business he/she is serving is capable enough to tackle present and future cyber dangers and that there is a contingency plan in place. These threats can be in multifold and can often be unpredictable – whether they are zero-day attacks, supply chains or threats coming through the Internet of Things (IoT).
Seqrite’s Endpoint Security (EPS) solution provides CISOs with peace of mind by integrating various advanced technologies like Anti Ransomware, Advanced DNA Scan and Behavioral Detection System to protect enterprises from advanced threats.
Just a few weeks into the new school year and, already, reports of malicious cyberattacks in schools have hit the headlines. While you’ve made digital security strides in your home, what concerns if any should you have about your child’s data being compromised at school?
There’s a long and short answer to that question. The short answer is don’t lose sleep (it’s out of your control) but get clarity and peace of mind by asking your school officials the right questions.
The long answer is that cybercriminals have schools in their digital crosshairs. According to a recent report in The Hill, school districts are becoming top targets of malicious attacks, and government entities are scrambling to fight back. These attacks are costing school districts (taxpayers) serious dollars and costing kids (and parents) their privacy.
According to one report, a U.S. school district becomes the victim of cyberattack as often as every three days. The reason for this is that cybercriminals want clean data to exploit for dozens of nefarious purposes. The best place to harvest pure data is schools where social security numbers are usually unblemished and go unchecked for years. At the same time, student data can be collected and sold on the dark web. Data at risk include vaccination records, birthdates, addresses, phone numbers, and contacts used for identity theft.
Top three cyberthreats
The top three threats against schools are data breaches, phishing scams, and ransomware. Data breaches can happen through phishing scams and malware attacks that could include malicious email links or fake accounts posing as acquaintances. In a ransomware attack, a hacker locks down a school’s digital network and holds data for a ransom.
Over the past month, hackers have hit K-12 schools in New Jersey, New York, Wisconsin, Virginia, Oklahoma, Connecticut, and Louisiana. Universities are also targeted.
In the schools impacted, criminals were able to find loopholes in their security protocols. A loophole can be an unprotected device, a printer, or a malicious email link opened by a new employee. It can even be a calculated scam like the Virginia school duped into paying a fraudulent vendor $600,000 for a football field. The cybercrime scenarios are endless.
7 key questions to ask
- Does the school have a system to educate staff, parents, and students about potential risks and safety protocols?
- Does the school have a data protection officer on staff responsible for implementing security and privacy policies?
- Does the school have reputable third-party vendors to ensure the proper technology is in place to secure staff and student data?
- Are data security and student privacy a fundamental part of onboarding new school employees?
- Does the school create backups of valuable information and store them separately from the central server to protect against ransomware attacks?
- Does the school have any new technology initiatives planned? If so, how will it address student data protection?
The majority of schools are far from negligent. Leaders know the risks, and many have put recognized cybersecurity frameworks in place. Also, schools have the pressing challenge of 1) providing a technology-driven education to students while at the same time, 2) protecting student/staff privacy and 3) finding funds to address the escalating risk.
Families can add a layer of protection to a child’s data while at school by making sure devices are protected in a Bring Your Own Device (BYOD) setting. Cybersecurity is a shared responsibility. While schools work hard to implement safeguards, be sure you are taking responsibility in your digital life and equipping your kids to do the same.
The post 7 Questions to Ask Your Child’s School About Cybersecurity Protocols appeared first on McAfee Blogs.