atech Archives - Cyber Secure Forum

The four biggest mistakes in IT security governance

https://cybersecureforum.co.uk/wp-content/uploads/2022/06/atech-Cybersecurity-Newsletter-Andy-Jones-Atech-2.jpg 960 640 Guest Post Guest Post https://secure.gravatar.com/avatar/cb2a67f15cd7d053d8e638a1df3fd67f?s=96&d=mm&r=g 29th June 2022 28th July 2022

By: Guest Post

29th June 2022

By Atech

Intelligent IT security and endpoint protection tools are critical components of security governance, and the stakes within today’s threat landscape have never been higher.

A lapse in identity protection or zero trust networks could spell financial disaster for a company. We know that attacks are increasing in sophistication and frequency, and in cost with research showing the average cost of a data breach at an eye-watering $4.24 million.

But what about the other end of the spectrum? How can companies identify and rectify issues in their security governance before they become a problem?

#1 Not realising you are a target with less-than-perfect cloud IT security

Many business leaders using cloud data storage mistakenly believe they are not vulnerable to security breaches from outside attackers. However, this is not the case.

The barriers to entry in becoming a cybercriminal are incredibly low, yet the cost to a brand’s reputation is staggeringly high. Furthermore, fines issued to businesses for not adequately managing customer data are also extremely costly.

Therefore, IT leaders need reliable security governance systems and full visibility over user data, secure identity and access management protocols, encryption, and more.

Businesses can update their IT security playbook by partnering with managed security service providers. By understanding the distinct accreditations that service providers display, solution specialisms can be distinguished from operating procedures, to build a real picture of how the service aligns with your business’ needs. You need to receive timely guidance on the latest cloud security threats and how to mitigate them and how to remediate fast. This can only come with in-near-real-time insights of behaviours and attacks and with the expert support of a security operations centre, carrying an industry recognised accreditation such as CREST.

We outline the biggest mistakes in IT security governance and provide a comprehensive view of today’s cloud security challenges and how best to tackle them as an organisation. Read on to identify the other critical mistakes you could be making.

The fastest growing threat

https://cybersecureforum.co.uk/wp-content/uploads/2022/05/Atech-Cloud-MAy-19th.jpg 960 640 Guest Post Guest Post https://secure.gravatar.com/avatar/cb2a67f15cd7d053d8e638a1df3fd67f?s=96&d=mm&r=g 17th May 2022 17th June 2022

By: Guest Post

17th May 2022

By Atech

Did you hear about the hackers who got away from the scene of the crime? They just ransomware.

There are countless evolved versions of this joke out there. Just as the jokes are evolving, ransomware attacks are evolving, too, and they are not funny. The true cost of an attack consists of both the cost of the forensic investigation, any downtime suffered, and on top of that any costs that the business agrees to pay the threat actors. The damage can have a lasting impact on the business.

According to the UK National Cyber Security Centre, there were three times as many ransomware attacks in the first quarter of 2021 as there were in the whole of 2019. And research by PwC suggests that 61% of technology executives expect this to increase in 2022. Once again, we can largely blame this on the pandemic, and the growth in the amount of activity carried out online and in digital environments.

Ransomware typically involves infecting devices with a virus that locks files away behind unbreakable cryptography and threatens to destroy them unless a ransom is paid, usually in the form of untraceable cryptocurrency. Alternatively, the software virus may threaten to publish the data publicly, leaving the organization liable to enormous fines.

Ransomware is typically deployed through phishing attacks – where employees of an organization are tricked into providing details or clicking a link that downloads the ransomware software or malware onto a computer. However, more recently, a direct infection via USB devices by people who have physical access to machines is becoming increasingly common. Worryingly there has been an increase in these types of attacks targeting critical infrastructure, including one at a water treatment facility that briefly managed to alter the chemical operations of the facility in a way that could endanger lives. Other ransomware attacks have targeted gas pipelines and hospitals.

Education is the most effective method of tackling this threat, so read on to find out what you can do to fight this threat more effectively than ever before.

Prepare for Battle in 2022: How hackers and the new world of work are shaping security models

https://cybersecureforum.co.uk/wp-content/uploads/2022/01/Atech-Cybersecurity-Newsletter-Andy-Jones-Atech.jpg 960 640 Guest Post Guest Post https://secure.gravatar.com/avatar/cb2a67f15cd7d053d8e638a1df3fd67f?s=96&d=mm&r=g 12th January 2022 9th February 2022

By: Guest Post

12th January 2022

By Atech

The main challenge in 2022 is data loss prevention (DLP) and it’s clear to see already from vendors’ such as Microsoft’s compelling propositions for compliance solutions. We are moving towards detecting data loss in real time. As we understand more about the human element in breaches and develop smarter controls and human-like detection of anomalies, we have the power to implement solutions that give us eyes and areas across our whole end user organisation. This extends from owned platforms to external platforms such as social media.

For example, organisations can monitor mentions of confidential projects and get notifications and visibility of messages related to it, including scenarios where any data has been shared on social platforms.

This increases the accountability within an organisation, and this is a fundamental shift in the new world of work. Organisations trust end users with a wealth of information, and we are expected to take care of it. We have smarter controls, and the AI behind this is human-like in detecting anomalies. Finding the right balance between security and privacy means that DLP is a key challenge for all business leaders.

Last month, the world saw hackers making thousands of attempts to exploit systems with a flaw in Log4j.

This flaw in Log4j, a Java library for logging error messages in applications, is the most high-profile security vulnerability on the internet right now and comes with a severity score of 10 out of 10. The library is developed by the open-source Apache Software Foundation and is a key Java-logging framework.

It is widely used in many applications and is present in many services as a dependency. This includes enterprise applications, including custom applications developed within an organisation, as well as numerous cloud services.

An application is vulnerable if it consumes untrusted user input and passes this to a vulnerable version of the Log4j logging library.

Read on about what Atech is doing to protect its customers, including the favourite weapons our team take to battle.

Are you still worried about your security posture? Reach out to atech.cloud and we will help you to implement military-grade security in your business.

Security IT Summit

atech

More info