Creating a People-Centric Security Strategy

Creating a People-Centric Security Strategy

When it comes to remote working, who’s responsible for security? According to research from Capita, approximately 90 per cent of employees believe it’s their employer’s responsibility to ensure IT security when working remotely. While organizations must ensure they are implementing proper security controls for their users, employees must also be accountable for their actions and how they contribute to an organization’s security. A combination of security tools and user awareness is necessary for organizations to increase their security posture. With an organization’s workforce so spread out, employees need to be more engaged with security. Implementing a people-centric security strategy will empower employees and make them feel more involved. 

people centric security strategy

Source: ZDNet

Why Make Your Security Strategy People-Centric?

An effective security strategy has clearly defined policies and procedures and outlines roles and responsibilities for members of an organization. A people centric approach acknowledges the role employees play in an organization’s overall security posture and creates a culture of cybersecurity designed to change employee behaviour and encourage employees to think with a security mindset.

3 Ways to Adopt a People-Centric Security Strategy  

1. Asses User Risk

Start by establishing a baseline of user risk. This can be done by testing employees with simulated phishing tests. Simulated phishing tests enable users to experience real life phishing attacks in a safe environment. It records users who click on phishing links and sends them to remedial training to strengthen their responses. Simulated phishing tests give organizations an idea of how many users are susceptible to these kinds of attacks and can help them determine their vulnerability level so they can implement better security controls moving forward. 

Exposing users to phishing attacks reminds them to inspect their emails more carefully and teaches them how to spot these kinds of attacks. Simulated phishing tests should be done more than once so that organizations can track user progress over time. With phishing being the most common type of cyber attack, it’s important that users strengthen user reactions to these kinds of attacks. 

2. Hold Users Accountable

Employees must be willing to be accountable and take personal responsibility for their actions. To encourage accountability, organizations should implement an end user security policy that employees must read and sign-off on.

Your end user security policy should review security best practices you expect every employee to follow. Such actions can include locking screens, using strong passwords and implementing multi factor authentication. You should explicitly outline consequences of misuse and hold users responsible if they violate the policy. Ensure your policy is simple and easy to read so that employees understand your security policy.

3. Provide Access to Resources

Motivate and engage users to take responsibility for security by providing them access to high quality resources like security awareness training. Online security awareness training is a great way for users to learn about various cybersecurity topics at their own pace. New methods of online training like gamification and online quizzes make training more fun for users and helps them be more attentive in retaining information.  

Access to other online resources like infographics, cyber tips or news articles gives employees tools they can use to refer to and refresh their memory. If users understand how cyber threats like phishing and social engineering affect their lives both at work and at home, they will feel more connected to the issue.  

Jolera’s Secure IT User Defence solution is designed to empower your employees to be the first line of defence. The solution includes simulated phishing tests, online cyber awareness training and credential monitoring. For more information on how Jolera can protect your organization, contact us today. 

Threats of the Week – March 30, 2020

Threats of the Week – March 30, 2020

Tekya Malware

A new malware family has been discovered operating in 56 Google Play applications, which have collectively been downloaded nearly one million times around the world. Dubbed “Tekya,” the malware aims to commit mobile ad fraud by imitating user actions to click advertisements.

Source: DarkReading

How do you protect yourself?

Proper security measures must be in place to defend against Tekya malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2020-3808

Adobe has released a security update for the Adobe Creative Cloud Desktop Application for Windows. This update addresses a critical vulnerability. Successful exploitation could lead to arbitrary file deletion.

Source: Adobe

How do you protect yourself?

Update Adobe Creative Cloud Desktop Application to the latest software version.

Milum RAT

Malware that shows no similarities with samples used in known campaigns is currently used to attack computers in various organizations.

The malware is a fully-developed trojan with “solid capabilities for remote device management” of a compromised host.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Milum RAT and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Working Remotely and Staying Secure During the COVID-19 Outbreak

Working Remotely and Staying Secure During the COVID-19 Outbreak

As the threat of COVID-19 continues to spread, many businesses are having employees work remotely. The rise of online working means that an organization’s attack surface will be more spread out. Employees may not have the same protections installed on their personal devices at home as they do on their workstations in the office. Without proper security precautions in place, users increase their risk to cyber threats like malware and phishing. It’s important to remind employees that although they may be working from home, they are still expected to engage in safe cyber habits and safeguard corporate data.

Attacks are Increasing

Cybercriminals are exploiting people’s fears by sending phishing emails about COVID-19. These emails impersonate official health departments and claim to have new information/updates about the virus. They are designed with the hopes of tricking users into downloading malicious attachments or giving up personal information. In one other instance, cybercriminals duped a popular interactive world map that displayed confirmed cases of COVID-19 to spread malware.

People who aren’t used to working at home can get distracted, especially if they are accustomed to going into an office everyday to work. They may mix personal browsing with their work and encounter cyber scams related to COVID-19. In their distraction, they may accidentally click on malicious links. Users may also feel safer while working at home and let their guard down when it comes to working online. They can forget to engage in simple cyber safe behaviours like locking their computer or double-checking URLs before they click on them.

The Security Challenges of Remote Working

Working remotely can create a lot of security challenges for organizations. Users who are not prepared to work remotely may have to use their personal devices to access corporate material. These devices may not be secured or have the latest updates installed. Users can end up engaging with malicious websites that would usually be blocked by an organization’s firewall or leave their devices open to vulnerabilities.

Users working from home may also be connected to networks that are not secured. Although users may not be working from public spaces (with public WiFi) during this time, home networks may not be properly secured either. Furthermore, employees may have insecure IoT devices (such as lights, refrigerators, etc.) connected to the home network. Each of these devices could be a potential entry point for hackers. 

What You Can Do

Inform and Update Employees

Many people are stressed out and worried about how COVID-19 will affect them. Keep your employees informed about how their work is being impacted by the current outbreak and provide them with links to official sources (government, WHO, etc.) to ensure that they can keep themselves informed safely.

Reiterate Good Cybersecurity Practices

Awareness is the only way to combat phishing and social engineering scams. Employees must understand that they still have a responsibility to keep company data safe even though they are working from home. Remind employees to be careful of suspicious emails, especially those claiming to be about the virus. If they receive any suspicious emails, employees should disregard them and not engage. Encourage employees to not click on any links or download any attachments. They should always double check sender email addresses and any URLs they may encounter.

Issue Corporate Devices

To ensure employees have access to necessary resources required for their work, employees should be given company issued devices. This will make it easier for your organization to manage and monitor your remote systems and ensure that company data is separate from a user’s personal data. It will also ensure that all devices have security tools installed (e.g. anti-virus, encryption tools, etc.).

Use a VPN

A VPN will provide employees with a secure connection to your organization’s network. All employees should use a VPN to access company resources, especially if they are using personal devices. Ensure that your VPN is set up to support your entire remote workforce and that it is up to date.

Our Support IT platform can assist your organization in providing employees secure remote access to essential tools and systems. For more information on how Jolera can help with your remote working environment, contact us today.

How AI and SOC Protect Organizations

How AI and SOC Protect Organizations

Keeping up with the evolving threat landscape is difficult and organizations face several challenges such as the cyber skills shortage and managing the security tools in their infrastructure. The more security tools an organization implements, the more security alerts a security operations centre (SOC) has to investigate. Each of these security alerts need to be analyzed, investigated and remediated. However, research from the Neustar International Security Council (NISC) found that 26% of security alerts are false positives. To eliminate the number of false positives and keep up with attackers, combining artificial intelligence tools with a SOC’s expertise is crucial.

AI SOC

Source: ZDNet

Improving Threat Intelligence and Detection

The longer a threat goes undetected, the more damage can be inflicted. Hackers have more time to steal sensitive data or gather intelligence for future attacks. Detecting a threat as soon as possible is crucial in reducing the impact of a breach. However, threats are constantly evolving, and new vulnerabilities and attack vectors are being discovered daily.

To effectively detect threats, security analysts must have access to the latest threat intelligence data. This can be done through threat intelligence feeds. Threat intelligence feeds provide information on cyber threats and risks, which gives security analysts a real time view of the external threat landscape. Threat intelligence feeds are usually integrated with a tool like security information and event management (SIEM), which has AI capabilities. Since SIEM analyzes data from all the devices in a network and correlates that information with data from threat intelligence feeds, it can identify potential threats more quickly. The data from threat intelligence feeds provide security analysts with context to inform their decisions for responding to threats. This enables them to respond more quickly and do their work more efficiently.

Increased Productivity

Investigating several security alerts per day can burden a SOC team. The number of alerts makes it difficult for security analysts to prioritize alerts to investigate, which can allow critical alerts to slip through. Furthermore, dealing with false positives makes it harder for analysts. False positives are alerts that indicate a threat is happening when in reality there is no threat. Dealing with false positives can slow down an analyst’s ability to determine threats, which can also lead them to miss real critical alerts.

Manually investigating security incidents is a time-consuming process. Security analysts have to collect information from the network and correlate that information to gain context and determine the severity of an incident. SIEM makes it easier for security analysts to investigate threats. SIEM automates the process of gathering information and consolidating and analyzing data. When critical security alerts are identified, a security analyst is notified and will start investigating the issue. Leveraging artificial intelligence ensures that analyst skills are being used to identify real and serious threats and reduces the number of false positives they encounter.

Using a Hybrid Intelligence Platform

Implementing a SOC in-house is an expensive investment. The cost of hiring security personnel, buying security tools and licenses and paying for continued security training can end up costing hundreds of thousands of dollars. Furthermore, the cybersecurity skills shortage makes it more difficult for organizations to find qualified applicants. Fortunately, organizations can outsource a SOC to a service provider like Jolera to ensure their organization is protected.

Jolera combines the security expertise of a SOC with intelligent analytics from SIEM through its hybrid intelligence platform. Under our hybrid intelligence platform, human and machine intelligence merge with proprietary technology to help manage and secure an organization’s environment. Our SIEM system picks up emerging threats and eliminates false positives while our security analysts investigate and remediate security incidents. We then generate a report on an organization’s infrastructure allow you to gain actionable insights to help guide their security posture and investments. For more information on our hybrid intelligence platform, contact us today.

Threats of the Week – March 30, 2020

Threats of the Week – March 23, 2020

Cookiethief Malware

Researchers have found two Android malware modifications. When combined, they aim to secure root rights on a target device and transfer cookies from the browser and Facebook app to a command-and-control (C2) server. Researchers have not determined how the Trojan lands on target devices but say the cause is not a flaw in Facebook or the browser itself.

Source: DarkReading

How do you protect yourself?

Proper security measures must be in place to defend against Cookiethief malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2020-3795

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Source: Adobe

How do you protect yourself?

Update Adobe Acrobat and Reader to the latest software version.

Nefilim Ransomware

A new ransomware called Nefilim that shares much of the same code as Nemty has started to become active in the wild and threatens to release stolen data.

Nefilim became active at the end of February 2020 and while it not known for sure how the ransomware is being distributed, it is most likely through exposed Remote Desktop Services.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Nefilim Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Threats of the Week – March 30, 2020

Threats of the Week – March 16, 2020

Mozart Malware

Mozart sets up a direct line of communication between an infected client and its server. It does this by hardcoding a DNS server IP address to which an infected client resolves, thus bypassing central DNS servers, policy rules, and monitoring. The commands which are then transmitted between the malware server and infected device are hidden in DNS TXT records.

Source: TechRadar

How do you protect yourself?

Proper security measures must be in place to defend against Mozart malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2020-6805

Mozilla has released security updates for Firefox. When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash.

Source: Mozilla

How do you protect yourself?

Update Firefox to the latest version.

Paradise Ransomware

A ransomware campaign has returned with a new trick to fool the unwary into compromising their network with file-encrypting malware. And it’s an attack that many Windows machines won’t even recognise as potentially malicious.

The new variant of Paradise ransomware, which has been active in one form or another since 2017, spreads via phishing emails, but it’s different from other ransomware campaigns because it uses an uncommon – but effective – file type to infiltrate the network.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against Paradise Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

3 Ways to Tackle Data Security Challenges

3 Ways to Tackle Data Security Challenges

Data has the power to transform organizations but managing and securing data presents many challenges for organizations. A data breach can have several consequences for an organization, such as regulatory fines and reputational damage. With the threat of a data breach always present, safeguarding data has never been more important. According to research by Netwrix, 74% of organizations named data security as their top IT priority for 2020. Failing to properly secure your data can have several consequences including financial damage, reputational loss and compliance fines. Here are 3 challenges to data security and how your organization can handle them.

Source: ZDNet

1. Data is growing quickly

Data is growing fast and with the rise of IoT devices, large quantities of data are being generated daily. Organizations cannot keep up and lack visibility on what kind of data is being stored, where it resides and who has access. If organizations aren’t able to keep track of their data, how can they secure it? According to research from Palo Alto Networks, 43% of cloud databases are not encrypted. As a result, unsecured databases continue to leak millions of records.

Organizations must keep track of their data environment and ensure their data is properly stored and encrypted. Creating a data strategy will help your organization improve how you store, access, use and manage data. This will ensure that your organization can access data when needed and ensure it’s being used efficiently.

2. Stale data and user accounts

Data needs are always changing and keeping outdated or stale data leads to an increase in the attack surface. Stale data refers to data that an organization no longer needs for its daily operations. Hanging onto stale data not only takes up storage space but can also put your organization at risk if this data contains personally identifiable information (PII). PII is subject to compliance regulations like PIPEDA and GDPR. If this stale data is involved in a data breach, your organization will be subject to potential compliance fees. 

Old user accounts belonging to former employees can also pose a similar security challenge. If these accounts are not deactivated when an employee leaves, anyone with their user credentials can use their account to become an insider threat.  Organizations must properly dispose of stale data and deactivate old user accounts.

3. User privileges

Research from GetApp found that 48 per cent of employees have access to more company data than needed to perform their job. This is worrying because the more users that have access to important data, the greater chance the data can be modified or accidentally deleted. This can lead to insider threats, users inside the network who can steal the data. Furthermore, if hackers gain access to a highly privileged account, they will be able to access important data and potentially make permissions changes of their own.

Using the principle of least privilege will help organizations manage how they control user access. Under the principle of least privilege, access to resources is restricted to only those needed for their roles. If users need access to important documents, they should only be given permission for the duration needed. As soon as they no longer need access, their privileges should be revoked.

Improve Security by Knowing Your Cyber Threats

Improve Security by Knowing Your Cyber Threats

Security threats are targeting organizations daily. According to the Hiscox Cyber Readiness Report 2019, 61 per cent of organizations reported experiencing a cyber incident. While there are common security threats like phishing and malware that are targeting organizations, threats like weak passwords or exposed vulnerabilities will vary from organization to organization. In order to close these security gaps, organizations must gain visibility into the threats that target their business and implement the right security tools to protect their data.

Source: Hiscox

4 Ways to Discover Cyber Threats

1. Vulnerability assessment

A vulnerability assessment scans your organization’s IT infrastructure to identify known vulnerabilities like misconfigurations or missing patches. As there are new vulnerabilities being discovered daily, organizations should conduct a vulnerability scan on a quarterly basis. Vulnerabilities found are ranked in order of severity to help organizations prioritize what to patch first. Vulnerability scans should also be done whenever there are significant changes in the IT infrastructure, such as implementing new technology. This helps organizations verify that the changes they are implementing are not negatively affecting the security posture of their environment.

2. SIEM

A Security Information and Event Management (SIEM) system analyzes log data generated from devices across a network in real time to identify patterns of suspicious behaviour that are indicative of potential threats. It leverages machine intelligence via behavioural analytic capabilities and human intelligence through alert investigation by security experts. SIEM provides organizations with a holistic view of the security events within their infrastructure. SIEM uses correlation rules and use cases to determine threats. SIEM can also detect more sophisticated threats like malicious insiders.

3. Penetration Test

A penetration test is similar to a vulnerability test in that it checks for vulnerabilities. However, a penetration test goes more in depth because it attempts to actually exploit them by simulating attacks. Instead of just simply knowing about vulnerabilities, a penetration test shows how threat actors can launch successful attacks against your organization. Penetration tests are great for organizations who want to test their defence capabilities and have greater insight into their infrastructure. Due to the nature of a penetration test, these tests take longer and require more skilled resources.

4. Monitor Dark Web for User Credentials

User credentials in the wrong hands can have devastating consequences. Cybercriminals can sell your organization’s credentials to other threat actors on the dark web or use them to enter your network. Once they have access, they can use an employee’s account to spread malware to other employees or clients, gather intelligence for future attacks or escalate privileges to gain further access. Since organizations can have hundreds or thousands of users, it can be difficult to determine if user credentials have been compromised until it’s too late. By monitoring the dark web for stolen credentials, organizations will be able to take action against this threat before it escalates to a full-blown data breach.

Learn how Jolera can help your organization defend against the evolving threat landscape by contacting us today.

Threats of the Week – March 30, 2020

Threats of the Week – March 9, 2020

LeifAccess Malware

A new malware family called LeifAccess or Shopper is taking advantage of the accessibility features in Android to create accounts, download apps, and post reviews.

LeifAccess, “is a broad campaign [and] is using alternate methods to achieve installation but thereafter trying to achieve legitimacy to the user with fake warnings,”

Source: TechRepublic

How do you protect yourself?

Proper security measures must be in place to defend against LeifAccess malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2020-0031

Android has released its monthly security bulletin addressing details of security vulnerabilities affecting Android devices. The vulnerability in this section could enable a local malicious application to bypass operating system protections that isolate application data from other applications.

Source: Android

How do you protect yourself?

Update Android to the latest version.

PwndLocker Ransomware

Driven by the temptation of big ransom payments, a new ransomware called PwndLocker has started targeting the networks of businesses and local governments with ransom demands over $650,000.

This new ransomware began operating in late 2019 and has since encrypted a stream of victims ranging from local cities to organizations.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against PwndLocker Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Eliminate Gaps in Your Security Tech Stack

Eliminate Gaps in Your Security Tech Stack

According to research by Forrester, 55% of organizations use 20 or more tools for their security and operations. While it’s important to protect every aspect of your IT infrastructure, buying every security tool available isn’t always the best solution. Integrating several security tools at once can be difficult to manage, especially if they’re all from different vendors. This can cause your infrastructure to become unnecessarily large and complex, which can lead to security gaps.

security tech stack

Source: Forrester

Do You Have Gaps in Your Security Stack?

An organization’s security stack consists of all the tools, technologies, platforms and vendors used to protect data and manage security. The larger an organization’s security stack, the harder it is to properly manage and ensure it stays updated. This can lead to backdoors hackers can exploit to enter your network and launch attacks.

The more security tools integrated, the greater amount of alerts being generated. Managing and investigating these alerts take a lot of time and effort and can result in a lot of false positives. As a result, organizations miss important alerts because they are either too overwhelmed or don’t take any alerts seriously. To overcome these issues, organizations must evaluate their cybersecurity stack to ensure they are implementing the right level of security protection and controls for their business.

3 Ways to Minimize Security Gaps

1. Assess your security framework

The security tools in your IT infrastructure should be strategically implemented to align with your organization’s security framework. Once you’ve established a good security framework, you can assign the necessary tools to meet each category. Your security framework should drive your security strategy and the tools you implement, not the other way around. A popular industry standard framework is the NIST framework, which is designed to help organizations better understand, manage, and reduce cybersecurity risks.

Assessing your security risk profile with a security risk assessment is also a good idea to help validate the security tools in your infrastructure. Security risk assessments analyze IT environments to determine an organization’s cyber risks and their potential impacts. It’s important that organizations understand the unique risks to their business to ensure they are taking the right actions to prevent these risks and minimize any harm.

2. Leverage unified security solutions

To best optimize their security stack, organizations must focus on gaining visibility across their infrastructure while using intelligent analytics to make decisions. This is best achieved through using unified security solutions that take a holistic approach to security by combining the best features into one solution.

Integrating turnkey solutions rather than those that only serve one-off functions will help reduce the number of tools in your security stack. For example, having a firewall is great but you will need security experts to monitor, and investigate firewall logs to ensure your network is being protected. Instead of having to install a separate firewall monitoring tool and hiring experts to investigate and respond to alerts, integrating a firewall solution that includes these features, like Secure IT – Firewall, will help you save time and money.

3. Use automated detection

As mentioned earlier, keeping up with the vast amount of cyber threats can be overwhelming. A security system that combines automation with human expertise increases the efficacy and efficiency of detecting threats. Jolera’s investment in hybrid intelligence combines human and machine intelligence with proprietary technology to help manage and secure IT environments. Our security information and event management (SIEM) system uses AI and machine learning capabilities to analyze and detect potential threats within your entire network.

For more information on how Jolera can help your organization defend against the latest threats, contact us today.