Guest Post, Author at Cyber Secure Forum | Forum Events Ltd - Page 9 of 14
Posts By :

Guest Post

WEBINAR: Live Attack Simulation – Ransomware

 553 289 Guest Post
By:
0
1

Wednesday, March 24th @10:00 GMT

If you’re concerned about ransomware, whether it’s beating Ryuk, stopping data exfiltration, or preventing the latest trend of “double extortion”, this session is for you.  Join Cybereason for a live attack simulation, where we’ll discuss the latest ransomware trends, walk through a multi-stage attack, and show the side by side Defenders view. 

Beating modern ransomware attacks means not only preventing the ransomware from running, but finding and stopping the malicious behaviors that come before it. Our Nocturnus team researches every major strain of ransomware to continually improve our multi-layer prevention and our behavioural approach to threat detection with the Malop.

See our latest findings and why Cybereason arms you with fearless protection against ransomware to reduce risk across your enterprise.

Join us to learn:

– Why ransomware continues to evolve and common delivery methods 

– How ransomware is used as the “last step” in kill chains 

– See tactics and techniques used by FIN6 & UNC threat actors

Register today

WHITE PAPER: Build better endpoint security to protect your entire network

 960 640 Guest Post
By:
0
0

By Quest

As your IT environment grows, tracking and securing all the endpoints connecting to your network is a monumental task. Managing and deploying security updates is time-consuming and challenging because of the wide range of devices people use to get their work done. Every desktop, laptop, smartphone, tablet and internet-of-things (IoT) device connecting to your network increases the number of threats from malware and viruses.

Before you can rest assured that your endpoints won’t fall victim to cybercrime, you firstly need to build a foundation for securing, managing and protecting your entire endpoint landscape.

Discover how the Quest KACE Systems Management Appliance (SMA) can help you:

  • Discover every endpoint connecting to your network
  • Automate asset inventory
  • Deploy anti-virus software to targeted endpoints
  • Automate patch management and vulnerability scanning

Click here to download the White Paper.

WHITE PAPER: 5 Steps to Battle Endpoint Cybercrime with KACE

 960 640 Guest Post
By:
0
3

By Quest

Endpoint updates are becoming more complex and challenging than ever with Bring-your-own-device (BYOD) programs and internet-of-things (IoT) technologies. Each device connecting to your network increases the number of threats from malware and viruses.

Read this white paper to learn five steps for building a unified endpoint security strategy that will give you:

  • Clear visibility into all the devices connecting to your network
  • Automated patching and software deployment
  • Protection from threats such as unpatched operating systems and applications
  • Peace of mind that security compliance regulations are being met

Click here to download the White Paper.

WEBINAR: Managing the Compliance & Security Nightmares Caused By A Remote Workforce

 960 640 Guest Post
By:
0
4

Webinar – March 11th, 12pm GMT 

How do companies protect themselves with the right tools to mitigate compliance and security concerns?

There are precautions and best practices that are being employed by many companies, and should be part of the security and compliance infrastructure as companies adapt to the new norm of both people and sensitive data residing in remote locations.

In this Webinar we’ll discuss:

  • Maintaining compliance while employees work remotely
  • Maintaining Compliance when employees go offline
  • Monitoring the activity of employees working from home
  • The increased threat posed by remote employees?

Sign up for our latest Webinar on March 11th at 12pm GMT!

Sign Up Now!

Zero Trust: The practical way to look at cybersecurity

 960 640 Guest Post
By:
0
7

By LogRhythm

Zero Trust is quickly becoming the security model of choice for enterprises and governments alike. The need to protect, defend and respond to threats is more apparent than ever as we continue to work from remote locations.

Where to start

Zero Trust is more than implementing a new software, it is a change in architecture and in corporate culture. The pandemic has increased interest in this working practice, with a recent survey finding 40 per cent of organisations around the world working on Zero Trust projects.

The first aspect of any project is identifying key data and where it sits in your organisation, and then documenting who needs access to it. This will allow you to begin dividing up your network keeping users and their data in appropriate areas.

The main challenges

The key principle to a Zero Trust model is rock-solid identity management. All users, devices and applications must all be correctly identified to ensure everyone is granted the right level of access.

The data identification process described above is one of the main challenges, understanding where your data is stored and who should have access to it can be tricky with legacy applications and weak identity management.

Then there is the question of culture, will employees be resistant to the change? Managing the amount of friction caused by the process is key to success.

The benefits

Some sort of security compromise is inevitable, Zero Trust mitigates the damage by restricting the intruder to one small part of your network.

It will allow simpler provisioning and deprovisioning of staff as they join or leave, with corresponding cost benefits as IT teams spend less time onboarding and offboarding staff.

It can provide a solution to the registration of trusted devices onto your network and cut spending on managing active directory.

Moving the ‘perimeter’ to the user and their device provides a way to extend the security we take for granted in the office to staff, wherever they might be working.

Learn more about a Zero Trust implementation in the latest Forrester Report.

Remote Workforces Create New Security & Compliance Headaches

 960 640 Guest Post
By:
0
0

The new remote world has ushered in a host of security issues. Sensitive data now sits in laptops in employees’ houses and if an employee disconnects from the corporate VPN, the company goes blind. This massively increases the risk footprint and leaves the company out of compliance.

Veriato utilizes AI-driven micro-agents that sit on the endpoint, monitoring and recording all user activity. Veriato watches for signs of insider threat and because it’s not network-dependent it maintains visibility to meet compliance standards.

Additionally, it can provide productivity reporting critical for managing remote employees. Veriato is the multitool you’ve been missing.

Click here to find out more.

WHITE PAPER: Get total endpoint security with KACE

 960 640 Guest Post
By:
0
1

As an IT professional, you’re likely under pressure to manage an increasingly complex environment, while also protecting your network and devices from cyberthreats.

Read this white paper to discover how the KACE Unified Endpoint Manager by Quest enables you to streamline complex endpoint management tasks and gain greater control of both traditional and modern managed devices — all from one easy-to-use interface.

  • Track all connected devices and software throughout your IT environment.
  • Provision, manage and secure assets across a variety of platforms, from Windows, Macintosh, Chromebook and Linux to iOS, Android and others.
  • Be proactive with patch management and vulnerability scanning.

Click here to download the white paper:- https://www.quest.com/whitepaper/get-total-endpoint-security-with-kace-8146293/

Is your business CyberFit?

 960 640 Guest Post
By:
0
2

If your business relies on Microsoft 365, then it’s essential that you take the time to protect it by backing up your Microsoft 365.  Learn how Acronis Cyber BackUp can help avoid downtime, protect data and improve security.  

We aim to protect your business, whilst eliminating complexity and reducing cost. We help you to upgrade cybersecurity and backup with one complete integrated solution. Acronis Cyber Protect provides unmatched protection and increased productivity while decreasing TCO.  

Find out more at: www.everycloud.co.uk/protect/cloud-backup

To succeed, enterprise cybersecurity needs IoT scale

 960 640 Guest Post
By:
0
0

By Nigel Thompson, VP Product Marketing at BlackBerry

There are few things in cybersecurity that aren’t up for endless debate. Yet one thing that is universally agreed upon is that anything with an Internet address can and will be attacked. We’ve certainly witnessed this happening on a large scale with the proliferation of Internet of things (IoT) devices in recent years, and we’re likely to see the scale and complexity of these attacks escalate in the years ahead. And due to their newness on the security scene, IoT devices will cause large headaches for enterprise security during those years.

IoT, on the whole, remains a misunderstood risk. When many consider IoT security, what comes to mind first are usually “smart home” automation systems, such as thermostats, lights, doorbells, speakers, and other consumer devices. One concerning case last year saw cyber attackers take over a family’s smart home devices to blast music at loud volumes, talk to the couple through a camera in their kitchen, and crank their thermostat to 90 degrees. In cases like these, such attacks could arguably be considered more of a nuisance than a life-endangering event.

But once you step outside the home, a more profound and immediate danger lies in wait, in the form of industrial, or enterprise IoT. This IoT includes connected devices found in manufacturing, the food supply chain, healthcare, and building automation, among other verticals. Of course, security events involving consumer IoT devices are bad enough, but such attacks hitting enterprise systems and critical infrastructure can be devastating, or in the case of medical devices, life-threatening. For example, at a past DEF CON security conference, Jay Radcliffe, an ethical hacker and diabetic, demonstrated that it wasn’t that difficult to take remote control of an insulin pump and deliver a lethal dose to a patient.

According to a recently published report from research and consulting firm Frost and Sullivan, by 2025 there will be 67 billion new connected devices in the world, up from 24 billion in 2019. Enterprises in every industry need be prepared for that eventuality. Because the more Internet-connected devices come online, the larger the potential attack surface of the organisation. In the years ahead, that attack surface is going to continue to expand exponentially.

The Threats to Enterprise IoT Are Real

The threats due to enterprise IoT are significant and should not be underestimated. These connected devices generate an enormous amount of highly detailed data. Should this data be stolen, or its network flow disrupted through a denial of service attack or a targeted ransomware strike, the results could be highly destructive to business reputation and operational availability. Also, the data within supply chains that detail operational demands, production data and more will always have value to competitors.

IoT security is a challenge across verticals. According to Frost and Sullivan, the factory and industrial automation market will have nearly 10.8 million connected devices by 2025, while building automation will reach 30 million. Other verticals expecting substantial growth, according to the report, include connected cars and telematics, retail, healthcare and medical devices, and enterprise-issued and bring your own (BYO) devices.

“This will substantially increase the threat surface, which is reflected in the rapidly expanding threat landscape,” the firm wrote in their report. The total number of devices include recognisable endpoints, such as phones and tablets, as well as devices across nearly every other industry.

Of course, with these device deployments, there is great opportunity to improve operational efficiency, improve the lifecycle management of capital assets, provide real-time insight into the enterprise happenings, and engage with customers in new ways. But the security concerns are also real. The challenge is to manage the security risks so that these benefits can be realised, and the risks minimised.

Attain Control and Visibility Across All Endpoints

There are a number of steps that can be taken to ensure adequate IoT security. One step every organisation can take right away is to procure devices from manufacturers that develop their products with security in mind – baking security in from the ground up, rather than bolting it on afterwards. As part of that effort, organisations should make sure to have their security teams test any new hardware and software for security flaws and ensure the devices can be managed just like other endpoints.

Of course, while it would be ideal that all enterprise IoT devices ship securely and without flaws, that’s not going to be the reality. Design mistakes will be made over the course of bringing even the most secure devices to market, and most enterprises will similarly make deployment and configuration mistakes that create detrimental security ramifications. For instance, according to Frost and Sullivan, effective IoT security is complicated by how different business departments will independently choose to manage and secure their IoT devices in different ways. All organisations must be aware of this, and should prepare to effectively track, secure, and manage all newly connected devices across the enterprise in a uniform way.

One of the most important strategies to success will be not treating IoT devices as a discrete security challenge, but as part of the organisation’s overall endpoint security strategy. If security teams are to have the visibility and control they need, endpoint and IoT security management must be unified. That includes devices that run any operating system, such as Android™, Chrome™, Windows®, and macOS®. With fewer consoles, or ideally a single console, when managing all endpoints, security teams will have all the information they need to properly identify security threats and respond to potential breaches, and to more intelligently defend systems and data.

Enterprises can’t afford to wait long to centralise their IoT and endpoint security. The longer they wait, the harder it’s going to be to successfully consolidate, especially as IoT deployments accelerate and there are ever more devices on networks, for example, as a result of the explosion of remote working caused by the recent COVID-19 pandemic. Without a centralised console, decentralised information about security events — including attacks across domains — will be lost or overlooked, and teams will be forced to try to manually piece together their responses.

Here are a number of key attributes security teams should look for from their providers when consolidating IoT and endpoint security:

  • The ability to centrally manage users, data files, devices as well as apps
  • Compatibility with most leading endpoint operating systems
  • Ability to manage security configurations for things like access credentials
  • The ability to track usage patterns through comprehensive analytics
  • The ability to deploy across cloud and on-premises environments

The swift pace of IoT has created an issue of scale “where the size of the environment of endpoints, data, and threats is making the job of the CIO and CISO unmanageable,” as the Frost and Sullivan analysts put it. While that’s accurate, it doesn’t have to be true everywhere. By taking the necessary steps today to consolidate endpoint security solutions, enterprises can make certain that their security efforts reach IoT scale.

Hold tight for 2021: A volatile global outlook will continue to fuel fraud and cyber-threats

 960 640 Guest Post
By:
0
5

By Ian Newns, Fraud Specialist at RSA Security

2020 was full of surprises. But one thing that didn’t come as a revelation was the speed and agility with which the criminal community reacted to unfolding global events. We’ve often witnessed groups behind phishing attacks, for example, capitalise on breaking news stories and consumer behavioural change to improve click-through rates. Well, news events don’t come much bigger than a global healthcare and financial crisis, and 2020 has been the year we’ve all had to embrace online working, shopping and socialising. 

UK consumers are predicted to have spent more than £141 billion on internet shopping last year, up nearly 35% from 2019. The bad news for 2021 is that cyber-criminals and fraudsters will continue to exploit our rapidly changing world to monetise their campaigns. On the other hand, following some simple best practices still offers a highly effective way for businesses to mitigate escalating online fraud risk. With that, here are five fraud and cyber-threat predictions for the coming year:

  1. Loyalty points become a valuable commodity

From frequent flyer miles to retailer loyalty schemes, the pandemic and subsequent lockdowns mean there’s a lot of loyalty points that weren’t used in 2020 and may have been forgotten about. That hasn’t been lost on the cybercrime community though, who have been observed by RSA’s FraudAction team to be discussing in online forums how to conduct loyalty scams on a range of companies – from fast food restaurants and retailers to hotel companies and gaming websites. These fraudsters will increasingly look to target the growing trove of points accruing in consumers’ online accounts this year.

Tried-and-tested methods for account takeover, including phishing or credential stuffing, will be among the tactics of choice here. That makes it even more important that every retailer or business with a loyalty scheme communicates the dangers of password reuse, and offers multi-factor authentication (MFA) options for customers. Monitoring for suspected botnet activity with behavioural tools can also help.

2. Beware the rise of malicious QR codes 

The past year has seen an explosion in the use of QR codes. They’ve become especially common in hospitality settings where businesses want to promote hygienic access to menus and useful in facilitating the government’s Track & Trace scheme. However, whenever a new form of tech starts to become popular, there’s always the danger that it will be subverted by cyber-criminals.

QR codes are no exception – they are now being used in phishing emails and via social media to take users to fake websites designed to harvest their details or covertly download malware. Tackling the problem is more about user education than anything else. Just as recipients shouldn’t click on links in unsolicited communications, they need to be educated not to scan QR codes either. Organisations can also help by aligning any QR codes they use with MFA to mitigate the risk of account takeover.

3. Fraudsters will capitalise on COVID-19 vaccine hype

COVID-19 vaccines signal the beginning of the end of a traumatic period in recent history. But the media attention focused on the vaccine roll-out at the moment will also help cybercriminals hoping to make gains at the expense of others. Europol has already warned of counterfeit versions of the Pfizer/BioNTech vaccine appearing for sale on dark web sites, and warns that these types of forgeries will increase.

Online promotions and phishing emails are a perfect way to lure individuals desperate to jump the queue and get inoculated. Unfortunately, by paying the fraudsters up front, they not only have your money but potentially also your bank details. Governments and social media companies will need to step-up their efforts at taking down any signs of fake advertising related to COVID-19 vaccines and warn citizens of the dangers of engaging with them.

4. Buyer’s revenge as consumers dabble in first-party fraud

Historically, times of recession usually lead to an increase in fraud. According to Portsmouth University, there was an increase in fraud offences after both the 1990 recession (10%) and the financial crash of 2008 (7.3%). The coming economic crisis could be much deeper than these events, especially after the government furlough scheme ends. Cash-strapped individuals may be forced to try and see what they can get away with to make ends meet. A classic example is chargeback fraud, where a customer makes a legitimate purchase and then claims the product was never delivered, thereby generating a refund from their bank.

It’s suspected by some banks that as many as 35% of cases classified as third-party fraud could in fact be first-party scams. Many banks would prefer to write-off lower value transactions than go through the painful and awkward experience of accusing customers of lying, especially as figures showed a 36% rise in complaints last year about how banks deal with fraud and scams. If they’re going to try and tackle first-party fraud, banks need cast-iron proof. This is where more sophisticated data-centric fraud solutions can help. Such tools can crunch hundreds of data points – like age, buying habits, and previous fraud claims – to determine the likelihood of fraud having taken place.

5. Brexit: good news for scammers

There’s still some uncertainty for businesses surrounding Brexit, which opens the door for fraudsters to step in. Given the huge demand for information and advice on how to adapt, this is the perfect opportunity for cybercriminals to swoop in with some well-timed phishing emails spoofing government and other trusted institutions. Some may even request the recipient confirm bank details to continue trading in the EU.

Organisations should enhance their user awareness training simulations accordingly, and ensure they have the right email security tools to spot any phishing. Aside from URL and attachment scanning and IP reputation checks, they could invest in AI-powered tools that analyse writing style and other elements to say with more certainty whether inbound messages are to be trusted or not.

There’s plenty to look forward to this year, not least hopefully an end to social distancing, self-isolation and concerns over vulnerable friends and family. But consumers and organisations alike will need to retain their digital savvy and invest in new tools to ensure the next 12 months is a success.