Creating a People-Centric Security Strategy

Creating a People-Centric Security Strategy

When it comes to remote working, who’s responsible for security? According to research from Capita, approximately 90 per cent of employees believe it’s their employer’s responsibility to ensure IT security when working remotely. While organizations must ensure they are implementing proper security controls for their users, employees must also be accountable for their actions and how they contribute to an organization’s security. A combination of security tools and user awareness is necessary for organizations to increase their security posture. With an organization’s workforce so spread out, employees need to be more engaged with security. Implementing a people-centric security strategy will empower employees and make them feel more involved. 

people centric security strategy

Source: ZDNet

Why Make Your Security Strategy People-Centric?

An effective security strategy has clearly defined policies and procedures and outlines roles and responsibilities for members of an organization. A people centric approach acknowledges the role employees play in an organization’s overall security posture and creates a culture of cybersecurity designed to change employee behaviour and encourage employees to think with a security mindset.

3 Ways to Adopt a People-Centric Security Strategy  

1. Asses User Risk

Start by establishing a baseline of user risk. This can be done by testing employees with simulated phishing tests. Simulated phishing tests enable users to experience real life phishing attacks in a safe environment. It records users who click on phishing links and sends them to remedial training to strengthen their responses. Simulated phishing tests give organizations an idea of how many users are susceptible to these kinds of attacks and can help them determine their vulnerability level so they can implement better security controls moving forward. 

Exposing users to phishing attacks reminds them to inspect their emails more carefully and teaches them how to spot these kinds of attacks. Simulated phishing tests should be done more than once so that organizations can track user progress over time. With phishing being the most common type of cyber attack, it’s important that users strengthen user reactions to these kinds of attacks. 

2. Hold Users Accountable

Employees must be willing to be accountable and take personal responsibility for their actions. To encourage accountability, organizations should implement an end user security policy that employees must read and sign-off on.

Your end user security policy should review security best practices you expect every employee to follow. Such actions can include locking screens, using strong passwords and implementing multi factor authentication. You should explicitly outline consequences of misuse and hold users responsible if they violate the policy. Ensure your policy is simple and easy to read so that employees understand your security policy.

3. Provide Access to Resources

Motivate and engage users to take responsibility for security by providing them access to high quality resources like security awareness training. Online security awareness training is a great way for users to learn about various cybersecurity topics at their own pace. New methods of online training like gamification and online quizzes make training more fun for users and helps them be more attentive in retaining information.  

Access to other online resources like infographics, cyber tips or news articles gives employees tools they can use to refer to and refresh their memory. If users understand how cyber threats like phishing and social engineering affect their lives both at work and at home, they will feel more connected to the issue.  

Jolera’s Secure IT User Defence solution is designed to empower your employees to be the first line of defence. The solution includes simulated phishing tests, online cyber awareness training and credential monitoring. For more information on how Jolera can protect your organization, contact us today. 

Threats of the Week – March 30, 2020

Threats of the Week – March 30, 2020

Tekya Malware

A new malware family has been discovered operating in 56 Google Play applications, which have collectively been downloaded nearly one million times around the world. Dubbed “Tekya,” the malware aims to commit mobile ad fraud by imitating user actions to click advertisements.

Source: DarkReading

How do you protect yourself?

Proper security measures must be in place to defend against Tekya malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2020-3808

Adobe has released a security update for the Adobe Creative Cloud Desktop Application for Windows. This update addresses a critical vulnerability. Successful exploitation could lead to arbitrary file deletion.

Source: Adobe

How do you protect yourself?

Update Adobe Creative Cloud Desktop Application to the latest software version.

Milum RAT

Malware that shows no similarities with samples used in known campaigns is currently used to attack computers in various organizations.

The malware is a fully-developed trojan with “solid capabilities for remote device management” of a compromised host.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Milum RAT and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Working Remotely and Staying Secure During the COVID-19 Outbreak

Working Remotely and Staying Secure During the COVID-19 Outbreak

As the threat of COVID-19 continues to spread, many businesses are having employees work remotely. The rise of online working means that an organization’s attack surface will be more spread out. Employees may not have the same protections installed on their personal devices at home as they do on their workstations in the office. Without proper security precautions in place, users increase their risk to cyber threats like malware and phishing. It’s important to remind employees that although they may be working from home, they are still expected to engage in safe cyber habits and safeguard corporate data.

Attacks are Increasing

Cybercriminals are exploiting people’s fears by sending phishing emails about COVID-19. These emails impersonate official health departments and claim to have new information/updates about the virus. They are designed with the hopes of tricking users into downloading malicious attachments or giving up personal information. In one other instance, cybercriminals duped a popular interactive world map that displayed confirmed cases of COVID-19 to spread malware.

People who aren’t used to working at home can get distracted, especially if they are accustomed to going into an office everyday to work. They may mix personal browsing with their work and encounter cyber scams related to COVID-19. In their distraction, they may accidentally click on malicious links. Users may also feel safer while working at home and let their guard down when it comes to working online. They can forget to engage in simple cyber safe behaviours like locking their computer or double-checking URLs before they click on them.

The Security Challenges of Remote Working

Working remotely can create a lot of security challenges for organizations. Users who are not prepared to work remotely may have to use their personal devices to access corporate material. These devices may not be secured or have the latest updates installed. Users can end up engaging with malicious websites that would usually be blocked by an organization’s firewall or leave their devices open to vulnerabilities.

Users working from home may also be connected to networks that are not secured. Although users may not be working from public spaces (with public WiFi) during this time, home networks may not be properly secured either. Furthermore, employees may have insecure IoT devices (such as lights, refrigerators, etc.) connected to the home network. Each of these devices could be a potential entry point for hackers. 

What You Can Do

Inform and Update Employees

Many people are stressed out and worried about how COVID-19 will affect them. Keep your employees informed about how their work is being impacted by the current outbreak and provide them with links to official sources (government, WHO, etc.) to ensure that they can keep themselves informed safely.

Reiterate Good Cybersecurity Practices

Awareness is the only way to combat phishing and social engineering scams. Employees must understand that they still have a responsibility to keep company data safe even though they are working from home. Remind employees to be careful of suspicious emails, especially those claiming to be about the virus. If they receive any suspicious emails, employees should disregard them and not engage. Encourage employees to not click on any links or download any attachments. They should always double check sender email addresses and any URLs they may encounter.

Issue Corporate Devices

To ensure employees have access to necessary resources required for their work, employees should be given company issued devices. This will make it easier for your organization to manage and monitor your remote systems and ensure that company data is separate from a user’s personal data. It will also ensure that all devices have security tools installed (e.g. anti-virus, encryption tools, etc.).

Use a VPN

A VPN will provide employees with a secure connection to your organization’s network. All employees should use a VPN to access company resources, especially if they are using personal devices. Ensure that your VPN is set up to support your entire remote workforce and that it is up to date.

Our Support IT platform can assist your organization in providing employees secure remote access to essential tools and systems. For more information on how Jolera can help with your remote working environment, contact us today.

How AI and SOC Protect Organizations

How AI and SOC Protect Organizations

Keeping up with the evolving threat landscape is difficult and organizations face several challenges such as the cyber skills shortage and managing the security tools in their infrastructure. The more security tools an organization implements, the more security alerts a security operations centre (SOC) has to investigate. Each of these security alerts need to be analyzed, investigated and remediated. However, research from the Neustar International Security Council (NISC) found that 26% of security alerts are false positives. To eliminate the number of false positives and keep up with attackers, combining artificial intelligence tools with a SOC’s expertise is crucial.

AI SOC

Source: ZDNet

Improving Threat Intelligence and Detection

The longer a threat goes undetected, the more damage can be inflicted. Hackers have more time to steal sensitive data or gather intelligence for future attacks. Detecting a threat as soon as possible is crucial in reducing the impact of a breach. However, threats are constantly evolving, and new vulnerabilities and attack vectors are being discovered daily.

To effectively detect threats, security analysts must have access to the latest threat intelligence data. This can be done through threat intelligence feeds. Threat intelligence feeds provide information on cyber threats and risks, which gives security analysts a real time view of the external threat landscape. Threat intelligence feeds are usually integrated with a tool like security information and event management (SIEM), which has AI capabilities. Since SIEM analyzes data from all the devices in a network and correlates that information with data from threat intelligence feeds, it can identify potential threats more quickly. The data from threat intelligence feeds provide security analysts with context to inform their decisions for responding to threats. This enables them to respond more quickly and do their work more efficiently.

Increased Productivity

Investigating several security alerts per day can burden a SOC team. The number of alerts makes it difficult for security analysts to prioritize alerts to investigate, which can allow critical alerts to slip through. Furthermore, dealing with false positives makes it harder for analysts. False positives are alerts that indicate a threat is happening when in reality there is no threat. Dealing with false positives can slow down an analyst’s ability to determine threats, which can also lead them to miss real critical alerts.

Manually investigating security incidents is a time-consuming process. Security analysts have to collect information from the network and correlate that information to gain context and determine the severity of an incident. SIEM makes it easier for security analysts to investigate threats. SIEM automates the process of gathering information and consolidating and analyzing data. When critical security alerts are identified, a security analyst is notified and will start investigating the issue. Leveraging artificial intelligence ensures that analyst skills are being used to identify real and serious threats and reduces the number of false positives they encounter.

Using a Hybrid Intelligence Platform

Implementing a SOC in-house is an expensive investment. The cost of hiring security personnel, buying security tools and licenses and paying for continued security training can end up costing hundreds of thousands of dollars. Furthermore, the cybersecurity skills shortage makes it more difficult for organizations to find qualified applicants. Fortunately, organizations can outsource a SOC to a service provider like Jolera to ensure their organization is protected.

Jolera combines the security expertise of a SOC with intelligent analytics from SIEM through its hybrid intelligence platform. Under our hybrid intelligence platform, human and machine intelligence merge with proprietary technology to help manage and secure an organization’s environment. Our SIEM system picks up emerging threats and eliminates false positives while our security analysts investigate and remediate security incidents. We then generate a report on an organization’s infrastructure allow you to gain actionable insights to help guide their security posture and investments. For more information on our hybrid intelligence platform, contact us today.

Threats of the Week – March 30, 2020

Threats of the Week – March 23, 2020

Cookiethief Malware

Researchers have found two Android malware modifications. When combined, they aim to secure root rights on a target device and transfer cookies from the browser and Facebook app to a command-and-control (C2) server. Researchers have not determined how the Trojan lands on target devices but say the cause is not a flaw in Facebook or the browser itself.

Source: DarkReading

How do you protect yourself?

Proper security measures must be in place to defend against Cookiethief malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2020-3795

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Source: Adobe

How do you protect yourself?

Update Adobe Acrobat and Reader to the latest software version.

Nefilim Ransomware

A new ransomware called Nefilim that shares much of the same code as Nemty has started to become active in the wild and threatens to release stolen data.

Nefilim became active at the end of February 2020 and while it not known for sure how the ransomware is being distributed, it is most likely through exposed Remote Desktop Services.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Nefilim Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.