Category Archives: Software

What are some of the worst enterprise security habits?

Estimated reading time: 3 minutes

Enterprise security is a habit! Good habits take years to form – bad habits, on the other hand, take only seconds, and can bring years of hard work taken down in minutes. The same rule applies to enterprise security also.

It’s just easier to put an easy password (or worse, no password) on an important function and leave it open to danger – or turn off the auto-updater of your security solution, consequently leading to disaster and danger.

Hence, here are ten of the worst enterprise security habits which organizations should get rid off immediately –

  1. Access to everything – Strangely, a lot of organizations, especially the legacy ones allow everyone, access to everything. The net result of this critical oversight transforms enterprise security to be seriously low ensuring that the organization is just one small slip up away from a major disaster.
  2. No security policy – Most companies have policies for everything – HR policies, leave policies, dress policies, time policies, so it’s amusing that they don’t have something as intrinsic as a cyber security policy. Enterprises must keep a strong, updated cyber security policy with clear dos-and-don’ts about what measures need to be taken.
  3. Software update – The grim realization when the WannaCry ransomware attack hit the world and caused mayhem was that it could have easily been avoided. It exploited a security hole in Windows XP. Yes, that’s right – Windows XP, an operating system which is now almost two decades old and which Microsoft itself stopped supporting in 2014. In fact, it was found that 7% of PCs all across the world still use this outdated operating system. This example sums up the extreme danger of not updating the software a business uses.
  4. Underestimating social engineering – Many enterprises can slip into the notion that cyber security is purely a technological problem and putting in place, a strong cyber security solution can solve all problems. But that is not the case – social engineering is as big an issue as cyber security, nowadays. The only way to solve this is to ensure that employees are as well- versed in cyber security issues as experts.
  5. Forgetting to patch software – It’s fine to keep a strong cyber security focus but enterprises can call on great harm if they don’t patch their software. Even the most secure software can become outdated extremely fast and may be at risk of attack. Enterprises must be proactive in patching software at regular, timely intervals.
  6. Believing we won’t be attacked – SMBs and SOHOs usually perceive that they won’t be prone to cyber-attacks as hackers will be typically interested in attacking larger corporations. But the truth is, smaller enterprises are at high risk of attacks as cyber criminals know about smaller businesses having weaker defenses, compared to relatively high-profile organizations.
  7. Not having a security response plan – This ties into the above point but is applicable for organizations at all scales. Complacency can often creep into enterprises which means that they believe that they are immune to cyber-attacks. This means they won’t even have a security response plan which can be catastrophic at the worst possible time – when an attack hits.
  8. Not having cyber security drills – It’s okay to have a security response plan but is it updated? Has it practically ever been used? Mock drills can help showcase an enterprise’s preparedness to cyber-attacks, while lack of these drills means that there might be chaos.
  9. Not investing in the right people – Cyber security hiring is increasingly becoming a specialized trend now, one which enterprises must wake up to. It’s important to have good skilled personnel to deal with the cyber security function and ensure that they keep on getting new certifications so they stay updated.
  10. No backup – Backup is integral in cyber security. Enterprises sometimes neglect backup which puts them in a precarious situation, whenever there is a cyber security attack. Don’t wait for that time – invest in good backup solutions and ensure that valuable data is backed up to prevent loss.

By getting rid of the above enterprise security habits and investing in a strong, secure cyber security solution (like Seqrite’s range of solutions), enterprises can go a long way in ensuring that their network security parameters are safe and secure.

The post What are some of the worst enterprise security habits? appeared first on Seqrite Blog.

Open source security: The risk issue is unpatched software, not open source use

Many of the trends in open source use that have presented risk management challenges to organizations in previous years persist today. However, new data also suggest that an inflection point has been reached, with many organizations improving their ability to manage open source risk, possibly due to heightened awareness and the maturation of commercial software composition analysis solutions. The 2019 Open Source Security and Risk Analysis (OSSRA) report, produced by the Synopsys Cybersecurity Research Center … More

The post Open source security: The risk issue is unpatched software, not open source use appeared first on Help Net Security.

Slack warns investors it might be targeted by organized crime, nation-state hackers

Slack Technologies, the company whose cloud-based collaboration tools and services are used by companies worldwide, has warned potential investors that the company faces threats from a wide variety of sources, including “sophisticated organized crime, nation-state, and nation-state supported actors.” Acknowledging the risk In the documents it was required to file with the Securities and Exchange Commission (SEC) due to its going public, the company has spelled out the many cyber threats to its existence, functioning … More

The post Slack warns investors it might be targeted by organized crime, nation-state hackers appeared first on Help Net Security.

Researchers develop new tool for safety-critical software testing

We entrust our lives to software every time we step aboard a high-tech aircraft or modern car. A long-term research effort guided by two researchers at the National Institute of Standards and Technology (NIST) and their collaborators has developed new tools to make this type of safety-critical software even safer. Augmenting an existing software toolkit, the research team’s new creation can strengthen the safety tests that software companies conduct on the programs that help control … More

The post Researchers develop new tool for safety-critical software testing appeared first on Help Net Security.

Google will check apps by new developers more thoroughly

In an attempt to thwart Android developers who are set to distribute malicious apps through Google Play, Google will be taking more time when reviewing apps by developers with newly minted accounts. This reviewing process will take days, not weeks, Google assures, and should allow them to do more thorough checks before approving apps to be featured in the store. Sameer Samat, VP of Product Management, Android & Google Play, also says that they know … More

The post Google will check apps by new developers more thoroughly appeared first on Help Net Security.

Microsoft 365 security: Protecting users from an ever-evolving threat landscape

In this age of frequent security and data breaches, the statement “We take our customers’ privacy and security very seriously” has been heard from breached companies so often as to become a point of mockery, anger and frustration. But when Rob Lefferts, CVP of Microsoft 365 Security and Compliance, tells me the same thing (and the statement is not in response to a security breach), I believe him. If they didn’t, this cloud-based SaaS offering … More

The post Microsoft 365 security: Protecting users from an ever-evolving threat landscape appeared first on Help Net Security.

Request for Comments: PCI SPoC MSR Annex

 

From 26 Feb to 26 March, PCI SSC stakeholders can participate in a Request for Comments (RFC) on the draft PCI SPoC Magnetic Stripe Reader (MSR) Annex. RFC periods are avenues for PCI SSC stakeholders to provide feedback on existing and new PCI Security Standards. This feedback plays a critical role in the ongoing maintenance and development of these resources for the payment card industry.