When
it comes to remote working, who’s responsible for security? According to
research from Capita, approximately 90 per cent of employees believe it’s their
employer’s responsibility to ensure IT security when working remotely. While organizations
must ensure they are implementing proper security controls for their users,
employees must also be accountable for their actions and how they contribute to
an organization’s security. A combination of security tools and user awareness
is necessary for organizations to increase their security posture. With an
organization’s workforce so spread out, employees need to be more engaged with
security. Implementing a people-centric security strategy will empower
employees and make them feel more involved.
An effective security strategy has
clearly defined policies and procedures and outlines roles and responsibilities
for members of an organization. A people centric approach acknowledges the role
employees play in an organization’s overall security posture and creates a
culture of cybersecurity designed to change employee behaviour and encourage
employees to think with a security mindset.
3 Ways to Adopt a People-Centric Security Strategy
1. Asses User Risk
Start by establishing a baseline of
user risk. This can be done by testing employees with simulated phishing tests.
Simulated phishing tests enable users to experience real life phishing attacks
in a safe environment. It records users who click on phishing links and sends
them to remedial training to strengthen their responses. Simulated phishing
tests give organizations an idea of how many users are susceptible to these
kinds of attacks and can help them determine their vulnerability level so they
can implement better security controls moving forward.
Exposing users to phishing attacks
reminds them to inspect their emails more carefully and teaches them how to
spot these kinds of attacks. Simulated phishing tests should be done more than
once so that organizations can track user progress over time. With phishing
being the most common type of cyber attack, it’s important that users
strengthen user reactions to these kinds of attacks.
2. Hold Users Accountable
Employees must be willing to be
accountable and take personal responsibility for their actions. To encourage
accountability, organizations should implement an end user security policy that
employees must read and sign-off on.
Your end user security policy
should review security best practices you expect every employee to follow. Such
actions can include locking screens, using strong passwords and implementing
multi factor authentication. You should explicitly outline consequences of
misuse and hold users responsible if they violate the policy. Ensure your
policy is simple and easy to read so that employees understand your security
policy.
3. Provide Access to Resources
Motivate and engage users to take
responsibility for security by providing them access to high quality resources
like security awareness training. Online security awareness training is a great
way for users to learn about various cybersecurity topics at their own pace.
New methods of online training like gamification and online quizzes make
training more fun for users and helps them be more attentive in retaining
information.
Access to other online resources
like infographics, cyber tips or news articles gives employees tools they can use
to refer to and refresh their memory. If users understand how cyber threats
like phishing and social engineering affect their lives both at work and at
home, they will feel more connected to the issue.
Jolera’s Secure IT User Defence solution is designed to empower your employees to be the first line of defence. The solution includes simulated phishing tests, online cyber awareness training and credential monitoring. For more information on how Jolera can protect your organization, contact us today.
A new malware family has been discovered operating in 56 Google Play applications, which have collectively been downloaded nearly one million times around the world. Dubbed “Tekya,” the malware aims to commit mobile ad fraud by imitating user actions to click advertisements.
Proper security measures must be in place to defend against Tekya malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.
CVE-2020-3808
Adobe has released a security update for the Adobe Creative Cloud Desktop Application for Windows. This update addresses a critical vulnerability. Successful exploitation could lead to arbitrary file deletion.
Proper security measures must be in place to defend against Milum RAT and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.
As the threat of COVID-19 continues to
spread, many businesses are having employees work remotely. The rise of online
working means that an organization’s attack surface will be more spread out.
Employees may not have the same protections installed on their personal devices
at home as they do on their workstations in the office. Without proper security
precautions in place, users increase their risk to cyber threats like malware
and phishing. It’s important to remind employees that although they may be
working from home, they are still expected to engage in safe cyber habits and
safeguard corporate data.
Attacks are Increasing
Cybercriminals are exploiting people’s fears by sending phishing emails about COVID-19. These emails impersonate official health departments and claim to have new information/updates about the virus. They are designed with the hopes of tricking users into downloading malicious attachments or giving up personal information. In one other instance, cybercriminals duped a popular interactive world map that displayed confirmed cases of COVID-19 to spread malware.
People who aren’t used to working at home can get distracted, especially if they are accustomed to going into an office everyday to work. They may mix personal browsing with their work and encounter cyber scams related to COVID-19. In their distraction, they may accidentally click on malicious links. Users may also feel safer while working at home and let their guard down when it comes to working online. They can forget to engage in simple cyber safe behaviours like locking their computer or double-checking URLs before they click on them.
The Security Challenges of Remote Working
Working remotely can create a lot of
security challenges for organizations. Users who are not prepared to work
remotely may have to use their personal devices to access corporate material.
These devices may not be secured or have the latest updates installed. Users can
end up engaging with malicious websites that would usually be blocked by an
organization’s firewall or leave their devices open to vulnerabilities.
Users working from home may also be
connected to networks that are not secured. Although users may not be working
from public spaces (with public WiFi) during this time, home networks may not
be properly secured either. Furthermore, employees may have insecure IoT
devices (such as lights, refrigerators, etc.) connected to the home network. Each
of these devices could be a potential entry point for hackers.
What You Can Do
Inform and Update Employees
Many people are stressed out and worried
about how COVID-19 will affect them. Keep your employees informed about how
their work is being impacted by the current outbreak and provide them with
links to official sources (government, WHO, etc.) to ensure that they can keep
themselves informed safely.
Reiterate Good Cybersecurity Practices
Awareness is the only way to combat
phishing and social engineering scams. Employees must understand that they
still have a responsibility to keep company data safe even though they are
working from home. Remind employees to be careful of suspicious emails,
especially those claiming to be about the virus. If they receive any suspicious
emails, employees should disregard them and not engage. Encourage employees to
not click on any links or download any attachments. They should always double
check sender email addresses and any URLs they may encounter.
Issue Corporate Devices
To ensure employees have access to
necessary resources required for their work, employees should be given company
issued devices. This will make it easier for your organization to manage and
monitor your remote systems and ensure that company data is separate from a
user’s personal data. It will also ensure that all devices have security tools
installed (e.g. anti-virus, encryption tools, etc.).
Use a VPN
A VPN will provide employees with a secure
connection to your organization’s network. All employees should use a VPN to
access company resources, especially if they are using personal devices. Ensure
that your VPN is set up to support your entire remote workforce and that it is
up to date.
Our Support IT platform can assist your
organization in providing employees secure remote access to essential tools and
systems. For more information on how Jolera can help with your remote working
environment, contact us today.
Keeping up with the evolving threat
landscape is difficult and organizations face several challenges such as
the cyber skills shortage and managing the security tools in their
infrastructure. The more security tools an organization implements, the more
security alerts a security operations centre (SOC) has to investigate. Each of
these security alerts need to be analyzed, investigated and remediated.
However, research from
the Neustar International Security Council (NISC) found that 26% of security
alerts are false positives. To eliminate the number of false positives and keep
up with attackers, combining artificial intelligence tools with a SOC’s
expertise is crucial.
The longer a threat goes undetected, the more damage can be inflicted. Hackers have more time to steal sensitive data or gather intelligence for future attacks. Detecting a threat as soon as possible is crucial in reducing the impact of a breach. However, threats are constantly evolving, and new vulnerabilities and attack vectors are being discovered daily.
To effectively detect threats, security analysts must have access to the latest threat intelligence data. This can be done through threat intelligence feeds. Threat intelligence feeds provide information on cyber threats and risks, which gives security analysts a real time view of the external threat landscape. Threat intelligence feeds are usually integrated with a tool like security information and event management (SIEM), which has AI capabilities. Since SIEM analyzes data from all the devices in a network and correlates that information with data from threat intelligence feeds, it can identify potential threats more quickly. The data from threat intelligence feeds provide security analysts with context to inform their decisions for responding to threats. This enables them to respond more quickly and do their work more efficiently.
Increased Productivity
Investigating several security alerts per
day can burden a SOC team. The number of alerts makes it difficult for security
analysts to prioritize alerts to investigate, which can allow critical alerts to
slip through. Furthermore, dealing with false positives makes it harder for
analysts. False positives are alerts that indicate a threat is happening when
in reality there is no threat. Dealing with false positives can slow down an analyst’s
ability to determine threats, which can also lead them to miss real critical
alerts.
Manually investigating security incidents
is a time-consuming process. Security analysts have to collect information from
the network and correlate that information to gain context and determine the
severity of an incident. SIEM makes it easier for security analysts to
investigate threats. SIEM automates the process of gathering information and
consolidating and analyzing data. When critical security alerts are identified,
a security analyst is notified and will start investigating the issue. Leveraging
artificial intelligence ensures that analyst skills are being used to identify
real and serious threats and reduces the number of false positives they
encounter.
Using a Hybrid Intelligence Platform
Implementing a SOC in-house is an expensive
investment. The cost of hiring security personnel, buying security tools and licenses
and paying for continued security training can end up costing hundreds of
thousands of dollars. Furthermore, the cybersecurity skills shortage makes it
more difficult for organizations to find qualified applicants. Fortunately,
organizations can outsource a SOC to a service provider like Jolera to ensure
their organization is protected.
Jolera combines the security expertise of a
SOC with intelligent analytics from SIEM through its hybrid intelligence platform.
Under our hybrid intelligence platform, human and machine intelligence merge with
proprietary technology to help manage and secure an organization’s environment.
Our SIEM system picks up emerging threats and eliminates false positives while
our security analysts investigate and remediate security incidents. We then
generate a report on an organization’s infrastructure allow you to gain
actionable insights to help guide their security posture and investments. For
more information on our hybrid intelligence platform, contact us today.
Researchers have found two Android malware modifications. When combined, they aim to secure root rights on a target device and transfer cookies from the browser and Facebook app to a command-and-control (C2) server. Researchers have not determined how the Trojan lands on target devices but say the cause is not a flaw in Facebook or the browser itself.
Proper security measures must be in place to defend against Cookiethief malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.
CVE-2020-3795
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Update Adobe Acrobat and Reader to the latest software version.
Nefilim Ransomware
A new ransomware called Nefilim that shares much of the same code as Nemty has started to become active in the wild and threatens to release stolen data.
Nefilim became active at the end of February 2020 and while it not known for sure how the ransomware is being distributed, it is most likely through exposed Remote Desktop Services.
Proper security measures must be in place to defend against Nefilim Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.
Mozart sets up a direct line of communication between an infected client and its server. It does this by hardcoding a DNS server IP address to which an infected client resolves, thus bypassing central DNS servers, policy rules, and monitoring. The commands which are then transmitted between the malware server and infected device are hidden in DNS TXT records.
Proper security measures must be in place to defend against Mozart malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.
CVE-2020-6805
Mozilla has released security updates for Firefox. When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash.
A ransomware campaign has returned with a new trick to fool the unwary into compromising their network with file-encrypting malware. And it’s an attack that many Windows machines won’t even recognise as potentially malicious.
The new variant of Paradise ransomware, which has been active in one form or another since 2017, spreads via phishing emails, but it’s different from other ransomware campaigns because it uses an uncommon – but effective – file type to infiltrate the network.
Proper security measures must be in place to defend against Paradise Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.
Data has the power to transform organizations but managing and securing data presents many challenges for organizations. A data breach can have several consequences for an organization, such as regulatory fines and reputational damage. With the threat of a data breach always present, safeguarding data has never been more important. According to research by Netwrix, 74% of organizations named data security as their top IT priority for 2020. Failing to properly secure your data can have several consequences including financial damage, reputational loss and compliance fines. Here are 3 challenges to data security and how your organization can handle them.
Data is growing fast and with the rise of IoT
devices, large quantities of data are being generated daily. Organizations
cannot keep up and lack visibility on what kind of data is being stored, where
it resides and who has access. If organizations aren’t able to keep track of
their data, how can they secure it? According to research from Palo Alto
Networks, 43% of cloud databases are not encrypted. As a result, unsecured
databases continue to leak millions of records.
Organizations must keep track of their data
environment and ensure their data is properly stored and encrypted. Creating a
data strategy will help your organization improve how you store, access, use
and manage data. This will ensure that your organization can access data when
needed and ensure it’s being used efficiently.
2. Stale data and user accounts
Data needs are always changing and keeping
outdated or stale data leads to an increase in the attack surface. Stale data
refers to data that an organization no longer needs for its daily operations.
Hanging onto stale data not only takes up storage space but can also put your
organization at risk if this data contains personally identifiable information
(PII). PII is subject to compliance regulations like PIPEDA and GDPR. If this
stale data is involved in a data breach, your organization will be subject to
potential compliance fees.
Old user accounts belonging to former employees
can also pose a similar security challenge. If these accounts are not
deactivated when an employee leaves, anyone with their user credentials can use
their account to become an insider threat.
Organizations must properly dispose of stale data and deactivate old
user accounts.
3. User privileges
Research from GetApp found that 48 per cent of
employees have access to more company data than needed to perform their job.
This is worrying because the more users that have access to important data, the
greater chance the data can be modified or accidentally deleted. This can lead
to insider threats, users inside the network who can steal the data.
Furthermore, if hackers gain access to a highly privileged account, they will
be able to access important data and potentially make permissions changes of
their own.
Using the principle of least privilege will
help organizations manage how they control user access. Under the principle of
least privilege, access to resources is restricted to only those needed for their
roles. If users need access to important documents, they should only be given
permission for the duration needed. As soon as they no longer need access,
their privileges should be revoked.
Security threats are targeting organizations daily. According to the Hiscox Cyber Readiness Report 2019, 61 per cent of organizations reported experiencing a cyber incident. While there are common security threats like phishing and malware that are targeting organizations, threats like weak passwords or exposed vulnerabilities will vary from organization to organization. In order to close these security gaps, organizations must gain visibility into the threats that target their business and implement the right security tools to protect their data.
A vulnerability assessment scans your
organization’s IT infrastructure to identify known vulnerabilities like
misconfigurations or missing patches. As there are new vulnerabilities being
discovered daily, organizations should conduct a vulnerability scan on a
quarterly basis. Vulnerabilities found are ranked in order of severity to help
organizations prioritize what to patch first. Vulnerability scans should also
be done whenever there are significant changes in the IT infrastructure, such
as implementing new technology. This helps organizations verify that the
changes they are implementing are not negatively affecting the security posture
of their environment.
2. SIEM
A Security Information and Event
Management (SIEM) system analyzes log data generated from devices across a
network in real time to identify patterns of suspicious behaviour that are
indicative of potential threats. It leverages machine intelligence via
behavioural analytic capabilities and human intelligence through alert
investigation by security experts. SIEM provides organizations with a holistic
view of the security events within their infrastructure. SIEM uses correlation
rules and use cases to determine threats. SIEM can also detect more sophisticated
threats like malicious insiders.
3. Penetration Test
A penetration test is similar to a
vulnerability test in that it checks for vulnerabilities. However, a
penetration test goes more in depth because it attempts to actually exploit
them by simulating attacks. Instead of just simply knowing about
vulnerabilities, a penetration test shows how threat actors can launch
successful attacks against your organization. Penetration tests are great for
organizations who want to test their defence capabilities and have greater
insight into their infrastructure. Due to the nature of a penetration test,
these tests take longer and require more skilled resources.
4. Monitor Dark Web for User Credentials
User credentials in the wrong hands can
have devastating consequences. Cybercriminals can sell your organization’s
credentials to other threat actors on the dark web or use them to enter your
network. Once they have access, they can use an employee’s account to spread
malware to other employees or clients, gather intelligence for future attacks
or escalate privileges to gain further access. Since organizations can have
hundreds or thousands of users, it can be difficult to determine if user
credentials have been compromised until it’s too late. By monitoring the dark web
for stolen credentials, organizations will be able to take action against this
threat before it escalates to a full-blown data breach.
Learn how Jolera can help your organization
defend against the evolving threat landscape by contacting us today.
A new malware family called LeifAccess or Shopper is taking advantage of the accessibility features in Android to create accounts, download apps, and post reviews.
LeifAccess, “is a broad campaign [and] is using alternate methods to achieve installation but thereafter trying to achieve legitimacy to the user with fake warnings,”
Proper security measures must be in place to defend against LeifAccess malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.
CVE-2020-0031
Android has released its monthly security bulletin addressing details of security vulnerabilities affecting Android devices. The vulnerability in this section could enable a local malicious application to bypass operating system protections that isolate application data from other applications.
Driven by the temptation of big ransom payments, a new ransomware called PwndLocker has started targeting the networks of businesses and local governments with ransom demands over $650,000.
This new ransomware began operating in late 2019 and has since encrypted a stream of victims ranging from local cities to organizations.
Proper security measures must be in place to defend against PwndLocker Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.
According to research by Forrester, 55% of organizations use 20 or more tools for their security and operations. While it’s important to protect every aspect of your IT infrastructure, buying every security tool available isn’t always the best solution. Integrating several security tools at once can be difficult to manage, especially if they’re all from different vendors. This can cause your infrastructure to become unnecessarily large and complex, which can lead to security gaps.
An organization’s security stack consists of all the tools, technologies, platforms and vendors used to protect data and manage security. The larger an organization’s security stack, the harder it is to properly manage and ensure it stays updated. This can lead to backdoors hackers can exploit to enter your network and launch attacks.
The more security tools integrated, the greater amount of alerts being generated. Managing and investigating these alerts take a lot of time and effort and can result in a lot of false positives. As a result, organizations miss important alerts because they are either too overwhelmed or don’t take any alerts seriously. To overcome these issues, organizations must evaluate their cybersecurity stack to ensure they are implementing the right level of security protection and controls for their business.
3 Ways to Minimize Security Gaps
1. Assess your security framework
The security tools in your IT infrastructure should be strategically implemented to align with your organization’s security framework. Once you’ve established a good security framework, you can assign the necessary tools to meet each category. Your security framework should drive your security strategy and the tools you implement, not the other way around. A popular industry standard framework is the NIST framework, which is designed to help organizations better understand, manage, and reduce cybersecurity risks.
Assessing your security risk profile with a security risk assessment is also a good idea to help validate the security tools in your infrastructure. Security risk assessments analyze IT environments to determine an organization’s cyber risks and their potential impacts. It’s important that organizations understand the unique risks to their business to ensure they are taking the right actions to prevent these risks and minimize any harm.
2. Leverage unified security solutions
To best optimize their security stack, organizations must focus on gaining visibility across their infrastructure while using intelligent analytics to make decisions. This is best achieved through using unified security solutions that take a holistic approach to security by combining the best features into one solution.
Integrating turnkey solutions rather than those that only serve one-off functions will help reduce the number of tools in your security stack. For example, having a firewall is great but you will need security experts to monitor, and investigate firewall logs to ensure your network is being protected. Instead of having to install a separate firewall monitoring tool and hiring experts to investigate and respond to alerts, integrating a firewall solution that includes these features, like Secure IT – Firewall, will help you save time and money.
3. Use automated detection
As mentioned earlier, keeping up with the vast amount of cyber threats can be overwhelming. A security system that combines automation with human expertise increases the efficacy and efficiency of detecting threats. Jolera’s investment in hybrid intelligence combines human and machine intelligence with proprietary technology to help manage and secure IT environments. Our security information and event management (SIEM) system uses AI and machine learning capabilities to analyze and detect potential threats within your entire network.
For more information on how Jolera can help your organization defend against the latest threats, contact us today.
