Information security can be tricky. Spending millions on improving security posture is not enough to prevent every potential disaster. In fact, organizations hit by security attacks are not always the ones with loose security. Alternative reasons for attack include bad fortune on a particular day, a newer form of attack, an outdated control, etc. However, an enterprise’s greatest vulnerability is often the poor security awareness of enterprise employees.

Employees and staff must be made aware of the security environment around them. Awareness is not financially expensive, especially when compared with installing the latest security controls around the enterprise premises. On the other hand, awareness is very challenging in terms of planning, time management and implementation to ensure employees are well aware of cybersecurity and prepared to take on new, daily challenges.

Introduce employees to general security awareness

Creating enterprise security awareness among employees begins with highlighting the need for individuals to secure their own interests. People will be most interested in first hearing how they can secure their own devices, before they will show any interest in making enterprise resources secure. Moreover, an employee who is personally security conscious is more likely to better understand the security needs of the enterprise and to positively engage with and follow enterprise standing operating procedures.

Read More

The information age has brought a lifestyle of limitless connectivity. People rely on online sources to remain updated about current events. Organizations service their customers through web 24/7. Offices may close in the evening, but the services are always on.

This connected lifestyle has gradually become the new normal. Now, services are easier to get, people have access to more information, and processes are running faster than ever. Overall, people have embraced this lifestyle. Microsoft predicts that by 2020, four billion people will be online – double the number of people online today.[1]

In many ways, the Internet of Things (IoT) is a natural result of this hyperconnectivity. However, with the advancements in connection accompanying IoT come a variety of apprehensions and risks.

Read More

On December 1, 2016, the Commission on Enhancing National Cybersecurity presented the President of the United States with its Report on Securing and Growing the Digital Economy.[1] The commission had been tasked by the president to offer actionable recommendations for securing and growing the digital economy.

In its report, the commission highlights the need for the Internet, interconnections, and openness in this age of information technology. The commission also examines the challenge of security as a conflicting objective in this environment. There is no doubt of the link between IT advancements and IT security issues. The report suggests changing the current approach while maintaining balance between IT advancements and security; i.e. we should be further committed to cybersecurity but also remain committed to innovation, for the sake of a prosperous digital economy. If every enterprise takes care of its own security, the country as a whole becomes more safe and secure. This is only possible with increased coordination between the public and private sectors against today’s cyber risks.

Read More

Ransomware has been listed as one of the looming cybersecurity threats of 2017.[1]According to Osterman Research, 50% of 540 surveyed organizations had been through a ransomware nightmare in the past year, and just 4% of respondents from US organizations were very confident about preventing future ransomware attack.[2] As per Symantec, after dipping in the first quarter of 2015, overall ransomware infection numbers began to climb in the fourth quarter, spiking in October and November 2015 and again in March 2016.[3]

The danger of ransomware comes from its ability to infect a system, making the system’s data unusable by legitimate users, and then demand the victim to pay ransom in order to regain access. Simple ransomware may only lock the system or stop one or more applications before displaying instructions for paying ransom. Another variant makes the system unbootable by fiddling with the master boot record. However, the most common, advanced ransomware may encrypt all or critical data on the system and ask ransom for the decryption key.

Read More

Rapid advancements in the field of IT have brought new meaning and value to cybersecurity. Due to the modern-day cyber threat spectrum, enterprises are ready and willing to improve their cyber defenses. But what actually leads to a security breach in an otherwise well-prepared and security-cautious organization? More often than not, security breaches emanate from enterprise staff’s own follies. Institute of Information Security Professionals (IISP) polls show that 81% of security problems are generated by people.[1]

Certain activities are likely to compromise enterprise cyber defenses and lead to some sort of security disaster. Though not an exhaustive list, these are some of the most frequent activities commonly undertaken by staff due to complacency, casualness and ignorance.

Read More

The information technology threat environment is constantly reshaped as new threats and vulnerabilities bring new cyber-attack and security patterns. Defending against these new threats requires maintaining a constant watch on the threat spectrum, taking time to understand recent information security-related events. Insight into previous mistakes and successes enables us to move forward, reasonably enlightened.

One useful cyber resource for top management, executives and IT professionals is Symantec’s Internet Security Threat Report (ISTR) – 2017, published in April. ISTR provides a statistical overview of cyberattacks from the last few years, highlighting the most prevalent previous and upcoming threats and attacks.

Read More

The Internet of Things (IoT) is enhancing the scope of global connectivity. Beginning with ARPANET and evolving into the giant called the Internet, computers, networks, organizations and mobile devices are now effectively connected. However, the advent of IoT promises to extend that connectivity to everything, from household devices and wearables, to cars and health equipment. As more entities become part of the global network, the attack surface of this network is increasing exponentially. Attackers can find security loopholes more easily in one of the billions of connected things, compared with the millions of computing machines and mobile devices that have already been part of the Internet. This increased attack surface highlights why IoT security must be a top priority for anyone involved with information technology.

Read More

Social engineering has been defined as “[a]ny act that influences a person to take an action that may or may not be in their best interest.” In a cyber security context, social engineering attacks are often directed against individuals and organizations in order to accomplish some nefarious design. People are convinced to reveal valuable and otherwise secure information such as private data, authorization or access details, etc. Common targets of social engineering attacks are help desk personnel, administrators and technical support.

Examples of social engineering attacks:

·        Emailing with a friendly tone to convince a user to click some fraudulent link.

·        Calling a help desk and asking, politely and tactically, for sensitive information.

·        Fooling a victim into downloading malware.

Read More

Information security is getting tougher every year. The Internet of Things, cloud infrastructure growth, widespread mobile device use, the explosion of social media, and similar factors have resulted in an environment where security breaches are not only increasing in number, but also in intensity and area of influence.

Despite this rapid growth, the United Kingdom’s Department for Culture, Media & Sport’s Cyber Security Breaches Survey 2016 surprisingly shows that only 69% of enterprise senior managers consider cyber security as high priority, and just 51% of those enterprises have acted on recommended actions against cyber risks. Moreover, only 29% of enterprises surveyed had a formal cyber security policy, and only 10% possessed a formal incident management plan.

Enterprise senior managers require increased awareness of both recent security breach statistics and current trends, in order to begin understanding the IT world’s security challenges and to become more conscious of security in general and information security in particular. The following are just a few of the most relevant trends expected for 2017.

Read More

Information security is all about protecting information assets while making them available to legitimate users in reasonable time. Practically, the whole concept of information security planning and implementation revolves around attack threats and defense options, similar to military tactics and strategy. A threat is any probable harm (intentional or unintentional) that may exploit some vulnerability in a system. Possible defensive options must be analyzed and put in the form of controls to guard against threats.

The most important element in this war game of information security is the data that must be protected. Data in an organization includes all kinds of information about clients, business entities, products, financial capacity, state of projects, location/site plans, technical parameters, etc. In today’s environment, with data breaches are on the rise, it is important for enterprise executives to be concerned with safeguarding their data, assisted by their information security department. While technical implementation details can be left up to the information security department, executives must know how to best secure their data.

Read More