Guest Post, Author at Security IT Summit | Forum Events Ltd
  • Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Security IT Summit Security IT Summit Security IT Summit Security IT Summit Security IT Summit

Posts By :

Guest Post

WHITE PAPER: 5 Steps to Battle Endpoint Cybercrime with KACE

960 640 Guest Post

By Quest

Endpoint updates are becoming more complex and challenging than ever with Bring-your-own-device (BYOD) programs and internet-of-things (IoT) technologies. Each device connecting to your network increases the number of threats from malware and viruses.

Read this white paper to learn five steps for building a unified endpoint security strategy that will give you:

  • Clear visibility into all the devices connecting to your network
  • Automated patching and software deployment
  • Protection from threats such as unpatched operating systems and applications
  • Peace of mind that security compliance regulations are being met

Click here to download the White Paper.

WEBINAR: Managing the Compliance & Security Nightmares Caused By A Remote Workforce

960 640 Guest Post

Webinar – March 11th, 12pm GMT 

How do companies protect themselves with the right tools to mitigate compliance and security concerns?

There are precautions and best practices that are being employed by many companies, and should be part of the security and compliance infrastructure as companies adapt to the new norm of both people and sensitive data residing in remote locations.

In this Webinar we’ll discuss:

  • Maintaining compliance while employees work remotely
  • Maintaining Compliance when employees go offline
  • Monitoring the activity of employees working from home
  • The increased threat posed by remote employees?

Sign up for our latest Webinar on March 11th at 12pm GMT!

Sign Up Now!

Zero Trust: The practical way to look at cybersecurity

960 640 Guest Post

By LogRhythm

Zero Trust is quickly becoming the security model of choice for enterprises and governments alike. The need to protect, defend and respond to threats is more apparent than ever as we continue to work from remote locations.

Where to start

Zero Trust is more than implementing a new software, it is a change in architecture and in corporate culture. The pandemic has increased interest in this working practice, with a recent survey finding 40 per cent of organisations around the world working on Zero Trust projects.

The first aspect of any project is identifying key data and where it sits in your organisation, and then documenting who needs access to it. This will allow you to begin dividing up your network keeping users and their data in appropriate areas.

The main challenges

The key principle to a Zero Trust model is rock-solid identity management. All users, devices and applications must all be correctly identified to ensure everyone is granted the right level of access.

The data identification process described above is one of the main challenges, understanding where your data is stored and who should have access to it can be tricky with legacy applications and weak identity management.

Then there is the question of culture, will employees be resistant to the change? Managing the amount of friction caused by the process is key to success.

The benefits

Some sort of security compromise is inevitable, Zero Trust mitigates the damage by restricting the intruder to one small part of your network.

It will allow simpler provisioning and deprovisioning of staff as they join or leave, with corresponding cost benefits as IT teams spend less time onboarding and offboarding staff.

It can provide a solution to the registration of trusted devices onto your network and cut spending on managing active directory.

Moving the ‘perimeter’ to the user and their device provides a way to extend the security we take for granted in the office to staff, wherever they might be working.

Learn more about a Zero Trust implementation in the latest Forrester Report.

Remote Workforces Create New Security & Compliance Headaches

960 640 Guest Post

The new remote world has ushered in a host of security issues. Sensitive data now sits in laptops in employees’ houses and if an employee disconnects from the corporate VPN, the company goes blind. This massively increases the risk footprint and leaves the company out of compliance.

Veriato utilizes AI-driven micro-agents that sit on the endpoint, monitoring and recording all user activity. Veriato watches for signs of insider threat and because it’s not network-dependent it maintains visibility to meet compliance standards.

Additionally, it can provide productivity reporting critical for managing remote employees. Veriato is the multitool you’ve been missing.

Click here to find out more.

WHITE PAPER: Get total endpoint security with KACE

960 640 Guest Post

As an IT professional, you’re likely under pressure to manage an increasingly complex environment, while also protecting your network and devices from cyberthreats.

Read this white paper to discover how the KACE Unified Endpoint Manager by Quest enables you to streamline complex endpoint management tasks and gain greater control of both traditional and modern managed devices — all from one easy-to-use interface.

  • Track all connected devices and software throughout your IT environment.
  • Provision, manage and secure assets across a variety of platforms, from Windows, Macintosh, Chromebook and Linux to iOS, Android and others.
  • Be proactive with patch management and vulnerability scanning.

Click here to download the white paper:- https://www.quest.com/whitepaper/get-total-endpoint-security-with-kace-8146293/

Is your business CyberFit?

960 640 Guest Post

If your business relies on Microsoft 365, then it’s essential that you take the time to protect it by backing up your Microsoft 365.  Learn how Acronis Cyber BackUp can help avoid downtime, protect data and improve security.  

We aim to protect your business, whilst eliminating complexity and reducing cost. We help you to upgrade cybersecurity and backup with one complete integrated solution. Acronis Cyber Protect provides unmatched protection and increased productivity while decreasing TCO.  

Find out more at: www.everycloud.co.uk/protect/cloud-backup

To succeed, enterprise cybersecurity needs IoT scale

960 640 Guest Post

By Nigel Thompson, VP Product Marketing at BlackBerry

There are few things in cybersecurity that aren’t up for endless debate. Yet one thing that is universally agreed upon is that anything with an Internet address can and will be attacked. We’ve certainly witnessed this happening on a large scale with the proliferation of Internet of things (IoT) devices in recent years, and we’re likely to see the scale and complexity of these attacks escalate in the years ahead. And due to their newness on the security scene, IoT devices will cause large headaches for enterprise security during those years.

IoT, on the whole, remains a misunderstood risk. When many consider IoT security, what comes to mind first are usually “smart home” automation systems, such as thermostats, lights, doorbells, speakers, and other consumer devices. One concerning case last year saw cyber attackers take over a family’s smart home devices to blast music at loud volumes, talk to the couple through a camera in their kitchen, and crank their thermostat to 90 degrees. In cases like these, such attacks could arguably be considered more of a nuisance than a life-endangering event.

But once you step outside the home, a more profound and immediate danger lies in wait, in the form of industrial, or enterprise IoT. This IoT includes connected devices found in manufacturing, the food supply chain, healthcare, and building automation, among other verticals. Of course, security events involving consumer IoT devices are bad enough, but such attacks hitting enterprise systems and critical infrastructure can be devastating, or in the case of medical devices, life-threatening. For example, at a past DEF CON security conference, Jay Radcliffe, an ethical hacker and diabetic, demonstrated that it wasn’t that difficult to take remote control of an insulin pump and deliver a lethal dose to a patient.

According to a recently published report from research and consulting firm Frost and Sullivan, by 2025 there will be 67 billion new connected devices in the world, up from 24 billion in 2019. Enterprises in every industry need be prepared for that eventuality. Because the more Internet-connected devices come online, the larger the potential attack surface of the organisation. In the years ahead, that attack surface is going to continue to expand exponentially.

The Threats to Enterprise IoT Are Real

The threats due to enterprise IoT are significant and should not be underestimated. These connected devices generate an enormous amount of highly detailed data. Should this data be stolen, or its network flow disrupted through a denial of service attack or a targeted ransomware strike, the results could be highly destructive to business reputation and operational availability. Also, the data within supply chains that detail operational demands, production data and more will always have value to competitors.

IoT security is a challenge across verticals. According to Frost and Sullivan, the factory and industrial automation market will have nearly 10.8 million connected devices by 2025, while building automation will reach 30 million. Other verticals expecting substantial growth, according to the report, include connected cars and telematics, retail, healthcare and medical devices, and enterprise-issued and bring your own (BYO) devices.

“This will substantially increase the threat surface, which is reflected in the rapidly expanding threat landscape,” the firm wrote in their report. The total number of devices include recognisable endpoints, such as phones and tablets, as well as devices across nearly every other industry.

Of course, with these device deployments, there is great opportunity to improve operational efficiency, improve the lifecycle management of capital assets, provide real-time insight into the enterprise happenings, and engage with customers in new ways. But the security concerns are also real. The challenge is to manage the security risks so that these benefits can be realised, and the risks minimised.

Attain Control and Visibility Across All Endpoints

There are a number of steps that can be taken to ensure adequate IoT security. One step every organisation can take right away is to procure devices from manufacturers that develop their products with security in mind – baking security in from the ground up, rather than bolting it on afterwards. As part of that effort, organisations should make sure to have their security teams test any new hardware and software for security flaws and ensure the devices can be managed just like other endpoints.

Of course, while it would be ideal that all enterprise IoT devices ship securely and without flaws, that’s not going to be the reality. Design mistakes will be made over the course of bringing even the most secure devices to market, and most enterprises will similarly make deployment and configuration mistakes that create detrimental security ramifications. For instance, according to Frost and Sullivan, effective IoT security is complicated by how different business departments will independently choose to manage and secure their IoT devices in different ways. All organisations must be aware of this, and should prepare to effectively track, secure, and manage all newly connected devices across the enterprise in a uniform way.

One of the most important strategies to success will be not treating IoT devices as a discrete security challenge, but as part of the organisation’s overall endpoint security strategy. If security teams are to have the visibility and control they need, endpoint and IoT security management must be unified. That includes devices that run any operating system, such as Android™, Chrome™, Windows®, and macOS®. With fewer consoles, or ideally a single console, when managing all endpoints, security teams will have all the information they need to properly identify security threats and respond to potential breaches, and to more intelligently defend systems and data.

Enterprises can’t afford to wait long to centralise their IoT and endpoint security. The longer they wait, the harder it’s going to be to successfully consolidate, especially as IoT deployments accelerate and there are ever more devices on networks, for example, as a result of the explosion of remote working caused by the recent COVID-19 pandemic. Without a centralised console, decentralised information about security events — including attacks across domains — will be lost or overlooked, and teams will be forced to try to manually piece together their responses.

Here are a number of key attributes security teams should look for from their providers when consolidating IoT and endpoint security:

  • The ability to centrally manage users, data files, devices as well as apps
  • Compatibility with most leading endpoint operating systems
  • Ability to manage security configurations for things like access credentials
  • The ability to track usage patterns through comprehensive analytics
  • The ability to deploy across cloud and on-premises environments

The swift pace of IoT has created an issue of scale “where the size of the environment of endpoints, data, and threats is making the job of the CIO and CISO unmanageable,” as the Frost and Sullivan analysts put it. While that’s accurate, it doesn’t have to be true everywhere. By taking the necessary steps today to consolidate endpoint security solutions, enterprises can make certain that their security efforts reach IoT scale.

Hold tight for 2021: A volatile global outlook will continue to fuel fraud and cyber-threats

960 640 Guest Post

By Ian Newns, Fraud Specialist at RSA Security

2020 was full of surprises. But one thing that didn’t come as a revelation was the speed and agility with which the criminal community reacted to unfolding global events. We’ve often witnessed groups behind phishing attacks, for example, capitalise on breaking news stories and consumer behavioural change to improve click-through rates. Well, news events don’t come much bigger than a global healthcare and financial crisis, and 2020 has been the year we’ve all had to embrace online working, shopping and socialising. 

UK consumers are predicted to have spent more than £141 billion on internet shopping last year, up nearly 35% from 2019. The bad news for 2021 is that cyber-criminals and fraudsters will continue to exploit our rapidly changing world to monetise their campaigns. On the other hand, following some simple best practices still offers a highly effective way for businesses to mitigate escalating online fraud risk. With that, here are five fraud and cyber-threat predictions for the coming year:

  1. Loyalty points become a valuable commodity

From frequent flyer miles to retailer loyalty schemes, the pandemic and subsequent lockdowns mean there’s a lot of loyalty points that weren’t used in 2020 and may have been forgotten about. That hasn’t been lost on the cybercrime community though, who have been observed by RSA’s FraudAction team to be discussing in online forums how to conduct loyalty scams on a range of companies – from fast food restaurants and retailers to hotel companies and gaming websites. These fraudsters will increasingly look to target the growing trove of points accruing in consumers’ online accounts this year.

Tried-and-tested methods for account takeover, including phishing or credential stuffing, will be among the tactics of choice here. That makes it even more important that every retailer or business with a loyalty scheme communicates the dangers of password reuse, and offers multi-factor authentication (MFA) options for customers. Monitoring for suspected botnet activity with behavioural tools can also help.

2. Beware the rise of malicious QR codes 

The past year has seen an explosion in the use of QR codes. They’ve become especially common in hospitality settings where businesses want to promote hygienic access to menus and useful in facilitating the government’s Track & Trace scheme. However, whenever a new form of tech starts to become popular, there’s always the danger that it will be subverted by cyber-criminals.

QR codes are no exception – they are now being used in phishing emails and via social media to take users to fake websites designed to harvest their details or covertly download malware. Tackling the problem is more about user education than anything else. Just as recipients shouldn’t click on links in unsolicited communications, they need to be educated not to scan QR codes either. Organisations can also help by aligning any QR codes they use with MFA to mitigate the risk of account takeover.

3. Fraudsters will capitalise on COVID-19 vaccine hype

COVID-19 vaccines signal the beginning of the end of a traumatic period in recent history. But the media attention focused on the vaccine roll-out at the moment will also help cybercriminals hoping to make gains at the expense of others. Europol has already warned of counterfeit versions of the Pfizer/BioNTech vaccine appearing for sale on dark web sites, and warns that these types of forgeries will increase.

Online promotions and phishing emails are a perfect way to lure individuals desperate to jump the queue and get inoculated. Unfortunately, by paying the fraudsters up front, they not only have your money but potentially also your bank details. Governments and social media companies will need to step-up their efforts at taking down any signs of fake advertising related to COVID-19 vaccines and warn citizens of the dangers of engaging with them.

4. Buyer’s revenge as consumers dabble in first-party fraud

Historically, times of recession usually lead to an increase in fraud. According to Portsmouth University, there was an increase in fraud offences after both the 1990 recession (10%) and the financial crash of 2008 (7.3%). The coming economic crisis could be much deeper than these events, especially after the government furlough scheme ends. Cash-strapped individuals may be forced to try and see what they can get away with to make ends meet. A classic example is chargeback fraud, where a customer makes a legitimate purchase and then claims the product was never delivered, thereby generating a refund from their bank.

It’s suspected by some banks that as many as 35% of cases classified as third-party fraud could in fact be first-party scams. Many banks would prefer to write-off lower value transactions than go through the painful and awkward experience of accusing customers of lying, especially as figures showed a 36% rise in complaints last year about how banks deal with fraud and scams. If they’re going to try and tackle first-party fraud, banks need cast-iron proof. This is where more sophisticated data-centric fraud solutions can help. Such tools can crunch hundreds of data points – like age, buying habits, and previous fraud claims – to determine the likelihood of fraud having taken place.

5. Brexit: good news for scammers

There’s still some uncertainty for businesses surrounding Brexit, which opens the door for fraudsters to step in. Given the huge demand for information and advice on how to adapt, this is the perfect opportunity for cybercriminals to swoop in with some well-timed phishing emails spoofing government and other trusted institutions. Some may even request the recipient confirm bank details to continue trading in the EU.

Organisations should enhance their user awareness training simulations accordingly, and ensure they have the right email security tools to spot any phishing. Aside from URL and attachment scanning and IP reputation checks, they could invest in AI-powered tools that analyse writing style and other elements to say with more certainty whether inbound messages are to be trusted or not.

There’s plenty to look forward to this year, not least hopefully an end to social distancing, self-isolation and concerns over vulnerable friends and family. But consumers and organisations alike will need to retain their digital savvy and invest in new tools to ensure the next 12 months is a success.

WEBINAR: Security Champions – Making the Business Case

960 640 Guest Post

You have an awesome idea. You plan it in full. You share it with your colleagues. What happens next?

Hang-on… They’re not jumping up and down. In fact, they’re frowning. They don’t get it!

Sound familiar?

When that happens remember:

“If you want something to change, only you can make that happen”

Join us – 1st Feb for a Masterclass in Making the Business Case for Security Champions. 

https://us02web.zoom.us/webinar/register/1816100266890/WN_OgUMcWkuTqWWtlSZBHyvsw

We’ll look at:
· Finding your WHY for your Champions Programme through socially constructed change (e.g. impactful conversations)
· Creating a 5-minute pitch for your programme
· Establishing resource and budget requirements

5 innovative cybersecurity training methods to try in 2021

960 640 Guest Post

By Juta Gurinaviciute, Chief Technology Officer at NordVPN Teams

As much as 88% of data breaches are caused by human error, but only 43% of workers admit having made mistakes that compromised cybersecurity. In the past year a third of the breaches incorporated social engineering techniques and the cost of a breach caused by a human error averaged to $3.33 million

To mitigate the risk, enterprises develop complex cybersecurity strategies and action plans, yet they are insufficient unless acknowledged by every member of their organization. Half of the Chief Information Security Officers (CISOs) plan to extend cybersecurity and privacy into all business decisions and that makes it every employee’s concern. 

With the ever-changing and evolving digital threats, maintaining cyber resistance is no longer limited to IT and security officers and depends on every member of the organization. Constant training is a way to build the team’s resilience against threats, yet it is not uncommon for them to turn into dull PowerPoint sessions, after which few remember the safety measures they should take. The problem is amplified by the workforce operating from home and not subscribing to security policies of the company.

CISOs and other stakeholders can grab employees’ attention by changing the methods of the regular cybersecurity training. Those who found training to be very interesting were 13 times more likely to change the way they think about cyber threats and protection against them. Therefore, organizations should seek memorable, entertaining and accessible ways to talk about complicated security matters.

5 ways to make cybersecurity training more attractive

Gamify it. Dull figures slide after slide, myriads of ‘dos and don’ts’ along with knotty safety procedures make the process lethargic. Quizzes, games, prizes and quality time with colleagues will enhance enjoyment and learning. Interactive activities boost engagement and thus yield better results when it comes to teaching staff about cybersecurity. 

Engage in friendly competition. The key element of the gamification is competition. However,  putting a prompt question within the video lesson or offering ‘innovative’ content is not enough. People are engaged when they have an incentive, be it a prize or pride. Companies should organize monthly, quarterly or yearly competitions to keep a workforce constantly aware of new threats and how to tackle them.

Make it rewarding. Turn the right answer into a badge, a discovered vulnerability into a star, and a year without an incident into a holiday bonus. People expect feedback while participating in a competition, and the reward system is the optimal way to do it. Instead of giving an opinion to everybody in private, security and IT professionals can award the achievements. They also help to track the progress of each employee and take the precautions if necessary.

Turn it into a team effort. Staying protected from breaches and attacks is everyone’s interest. Thus employees should be encouraged to work in teams and solve riddles with their colleagues. In a cybersecurity workshop, for instance, employees can be asked to craft a phishing email. This encourages them to find out more about this criminal technique, to look at the examples of it and thus recognize them at the first glance next time. 

Be understood. For information security professionals, IT and cybersecurity jargon is a native language.  Yet for accountants, marketers and many others it’s just a meaningless jabber. Make sure to speak clearly and to explain every term in plain language so the relative layman understands and remembers.

These tips also apply when teaching the staff how to use various cybersecurity tools, such as cloud services or VPNs. With people working remotely, many of them face the need to use two-factor authentication or secure connection for the first time as it was readily available by default at their usual workstations. Now they have to care for their and their company’s protection themselves. 

Cybersecurity is no longer a thing only information security and IT departments care about. As many workplaces rely solely on digital solutions which are used by the entire workforce, staying protected against cyberattacks requires everyone’s joint effort. The main notions of data security must be conveyed in an appealing manner.