Ransomware business model-What is it and how to break it?

Posted 2 years ago by hello@alienvault.com

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.

The threat of ransomware attacks continues to strike organizations, government institutions, individuals, and businesses across the globe. These attacks have skyrocketed in frequency and sophistication, leaving a trail of disrupted operations, financial loss, and compromised data. Statistics reveal that there will be a new ransomware attack after every two seconds by 2031 while the companies lose between $1 and $10 million because of these attacks.

As the security landscape evolves, cybercriminals change their tactics and attack vectors to maximize their profit potential. Previously, ransomware attackers employed tactics like email phishing, remote desktop protocol vulnerabilities, supply chain issues, and exploit kits to breach the system and implant the ransomware payloads. But now attackers have significantly changed their business model.

Organizations need to adopt a proactive stance as more ransomware gangs emerge and new tactics are introduced. They must aim to lower their attack surface and increase their ability to respond to and recover from the aftermath of a ransomware attack.

How is ransomware blooming as a business model?

Ransomware has emerged as a thriving business model for cybercriminals. It is a highly lucrative and sophisticated method in which the attackers encrypt the data and release it only when the ransom is paid. Data backup was one way for businesses to escape this situation, but those lacking this had no option except to pay the ransom. If organizations delay or stop paying the ransom, attackers threaten to exfiltrate or leak valuable data. This adds more pressure on organizations to pay the ransom, especially if they hold sensitive customer information and intellectual property. As a result, over half of ransomware victims agree to pay the ransom.

With opportunities everywhere, ransomware attacks have evolved as the threat actors continue looking for new ways to expand their operations’ attack vectors and scope. For instance, the emergence of the Ransomware-as-a-service (RaaS) model encourages non-technical threat actors to participate in these attacks. It allows cybercriminals to rent or buy ransomware toolkits to launch successful attacks and earn a portion of the profits instead of performing the attacks themselves.

Moreover, a new breed of ransomware gangs is also blooming in the ransomware business. Previously, Conti, REvil, LockBit, Black Basta, and Vice Society were among the most prolific groups that launched the attacks. But now, the Clop, Cuban, and Play ransomware groups are gaining popularity as they exploit the zero-day vulnerability and impact various organizations.

Ransomware has also become a professionalized industry in which attackers demand payments in Bitcoins only. Cryptocurrency provides anonymity and a more convenient way for cybercriminals to collect ransom payments, making it more difficult for law enforcement agencies to trace the money. Though the FBI discourages ransom payments, many businesses still facilitate the attackers by paying ransom in bitcoins.

What’s the worst that can happen after a ransomware attack?

A ransomware attack can have consequences for businesses, individuals, and society. Since these attacks are prevalent there are privacy risks in almost every activity online. These attacks are not only a hazard to organisations but they also carve pathways that disrupts every associated client, customer and partner’s online anonymity. Here’s a brief insight into the worst outcomes that can occur following a ransomware attack:

No data recovery and repeated attacks

Ransomware attacks can result in significant data and financial loss. Despite promises, paying a ransom ensures no guarantee that the cybercriminals will return or delete the data they already have compromised. A study finds that nearly 200,000 companies fail to retrieve data after paying the ransom. Besides this, businesses willing to pay the ransom make them a more attractive target. The same study also finds that a ransomware attack hit 80% of companies for a second time, with 68% saying that the second attack happened in less than a month – and the attackers demanded a higher amount.

Financial instability

The most significant impact of ransomware attacks is the devastating financial losses. These attacks will cost victims around $265 billion annually by 2031. The victims are usually organizations that will likely incur the costs associated with customers’ data, investigating the attack, restoring the systems, and deploying robust security measures to avoid such attacks. In addition, if an organization fails to recover the data, it may experience long-term financial instability due to operational disruptions, reduced productivity, revenue loss, and legal liabilities.

Lawsuits and regulatory fines

Cybercriminals exfiltrate valuable data in ransomware attacks. This can result in lawsuits being filed by the affected parties whose data was compromised. Equip Systems, US Fertility, TransLink, and Canon, are some companies that faced lawsuits due to ransomware attacks. Additionally, most businesses are subject to industry regulations like HIPAA, GDPR, and CCPA to maintain data privacy. Suppose the attackers exfiltrate data that includes personally identifiable information and financial or medical records. In that case, the organizations face regulatory fines, losing customers’ trust and causing significant reputational damage.

Operational downtime

Ransomware attacks paralyze the organization’s everyday operations, resulting in significant downtime and productivity losses. Stats reveal that, on average, organizations experience almost three weeks of downtime in the aftermath of a ransomware attack. When a critical infrastructure, network, or system is compromised, businesses fail to provide services, and this downtime significantly impacts their profits and earnings.

Breaking down the ransomware business model

The risk of ransomware attacks is bigger than many organizations might realize. However, the good news is that there are plenty of measures that businesses can take to mitigate these attacks:

Use data backups: Regularly backing up the data helps recover data during a ransomware attack. Businesses must ensure that all critical business data is backed up and stored in a location inaccessible to attackers.
Upgrade, update, and patch systems: The older an operating system gets, the more chances of malware and other threats targeting them. Therefore, retire legacy devices, hardware, or software the vendor no longer supports. It’s also crucial to update the network software with fixes as soon as they are released.
Reduce the attack surface: Organizations with clearly defined rules have been able to mitigate the impact of attack during the initial stages. Hence, create attack surface reduction rules to prevent common tactics that attackers use to launch an attack.
Network segmentation: Develop a logical network segmentation based on least privilege that reduces the attack surface threat and limits lateral movement. If by any means the malicious actor bypasses your perimeter, network segmentation can stop them from moving into other network zones and protects your endpoints.
Have a handy incident response plan: A survey finds that 77% of people say their businesses lack a formal incident response plan. A well-informed incident response plan can help businesses manage ransomware attacks better, minimize impacts, and foster fast recovery.
Deploy XDR and SIEM tools: These tools provide holistic insights about emerging threats and enhance the security professionals’ detection and response capabilities for ransomware attacks.
Employee education: Humans are an organization’s weakest link, and ransomware groups use this loophole to launch attacks. To close this gap, businesses must educate their employees about the latest trends, hackers’ tactics, and ways to respond promptly.

Final words

Over time, the ransomware business model is becoming sophisticated and evolving through double extortion, the RaaS model, and the emergence of new ransomware gangs. As these attacks are unlikely to go away anytime soon, businesses must educate their staff about this lucrative attack and the consequences it presents to the company. Organizations must prioritize basic cybersecurity measures like regularly backing up the data, segmenting the network, and patching the systems. Additionally, they must invest in endpoint protection tools, have an incident response plan handy, and invest enough in security awareness programs to minimize the impact of ransomware attacks.

The post Ransomware business model-What is it and how to break it? appeared first on Cybersecurity Insiders.

Stories from the SOC: OneNote MalSpam – Detection & response

Posted 2 years ago by hello@alienvault.com

This blog was co-written with Kristen Perreault – Professional Cybersecurity and James Rodriguez – Sr. Specialist Cybersecurity.

Executive summary

Since December 22nd, 2022, there has been an increase in malware sent via Phishing emails via a OneNote attachment. As with most phishing emails, the end user would open the OneNote attachment but unlike Microsoft Word or Microsoft Excel, OneNote does not support macros. This is how threat actors previously launched scripts to install malware.

Minimal documentation has been made towards the tactics, techniques, and procedures (TTP’s) observed in these attacks. Some of the TTP’s observed included executions of Powershell.exe usage and Curl.exe once a hidden process was ran. Once the hidden executable was clicked on, a connection was made to an external site to attempt to install and execute malware. Once executed the attacker will unload additional malicious files and gain internal information from within the organization. In this case, malicious files were detected and mitigated by SentinelOne.

Investigation

Initial Alarm Review

Indicators of Compromise (IOC)

The initial alarm came in for malware being detected by SentinelOne which was a .One file type. The file sourced from Outlook indicated this was likely a phishing email. Shortly after receiving the initial alarm, the MES SOC Threat Hunters (SECTOR Team) were alerted by a customer experiencing this activity and began their deep dive. Upon entering the file hash obtained from the SentinelOne event, no discernible information regarding the file’s purpose was uncovered. This prompted SECTOR to utilize Deep Visibility to gain further insight into the process and purpose of the detected file.

Deep Visibility is a feature within SentinelOne that provides comprehensive insight into the activities and behaviors of threats within a network environment. This feature allows security teams, such as SECTOR, to investigate and respond to threats by providing greater insight in processes, network connections, and file activities. It is an incredibly powerful tool in SentinelOne and is commonly used during the Incident Response process.

Deep Visibility Sentinel One redacted

Expanded investigation

Events Search

A search string was created for Deep Visibility which included the file name and associated file hashes. An event in SentinelOne was found that included a Curl.exe process with the external domain minaato[.]com. When reviewing the domain further, it was determined that this was a file sharing website and additional malicious indicators were uncovered. Analyzing the DNS request to minaato[.]com, showed events with the source process mshta.exe with the target process curl.exe, and the parent process of onenote.exe. This chain of processes were the heuristic (behavioral) attributes that prompted SentinelOne to fire off an alert. Utilizing these TTP and previous source processes, a new query was generated to find any potential file populating the same activity. This led SECTOR to detect another file under Cancellation[.]one.

Event Deep Dive

SECTOR began their event deep dive with an initial IOC based search query that included the file name and the domain that generated outbound network connections.

Pivoting off of the results from the initial IOC based search query, SECTOR created a secondary search query that included multiple file names, domains, and hashes that were found. These IOCs had not been previously discovered in the wild but once they were found, SECTOR provided them to the AT&T AlienLabs team for additional detection engines, correlation rules, and OTX (AT&T Open Threat Exchange Platform) pulse updates.

After gathering all the IOCs, a third heuristic-based search query was created. This new query aimed to find any remaining events related to the malware that SentinelOne might not have alerted on, as it mainly focuses on execution-based activities rather than behavior-based ones. This demonstrates the importance of using threat hunting in conjunction with SentinelOne’s Deep Visibility feature for enhanced security.

SECTOR working

In the final stage of the event search, SECTOR created a final heuristic search query that detected any outreach to a domain with the same behavioral attributes observed in this environment. Although the results contained false positives, they were able to sift through and find an event where the “ping.exe” command successfully communicated with the malicious domain, “minaato[.]com”. In this case, SentinelOne did not alert on this activity due to it being a common process execution.

heuristic query

Response

Building the Investigation

After gathering all necessary information and event findings, SECTOR was able to pull the malicious OneNote file and detonate it within their sandbox environment. They were then able to see that once the file was opened, the malicious link was hidden under an overlayed stock Microsoft image that asked the user to click open. This then brought the user to the malicious domain, minaato[.]com.

SECTOR provided all data gathered from this threat hunt to the affected customers and fellow CyberSecurity Teams within AT&T for situational awareness.

Customer interaction

The affected customers were given remediation steps based on the specific activity they experienced with this malware. Some of them were successfully compromised, while others were able to avoid any execution or downloads in association with the malware itself. These remediation steps included removing all files from the affected devices, resetting all user passwords for best practices, scanning assets to ensure no further unauthorized or malicious activity was occurring in the background, globally blocking all IOC’s, and implementing block rules on their firewalls.

IOCS

IOC Type	IOC
File Name	cancelation.one
File Name	cancelation.one
File Hash (MD5)	670604eeef968b98a179c38495371209
File Hash (SHA1)	8f4fc0dbf3114200e18b7ef23f2ecb0b31a96cd7
File Hash (SHA1)	776181d69149f893e9b52d80908311c0f42ec5eb
File Hash (SHA1)	202b7c6c05c1425c8c7da29a97c386ede09f1b9f
File Hash (SHA256)	83f0f1b491fa83d72a819e3de69455a0b20c6cb48480bcd8cc9c64dbbbc1b581
Domain Name	minaato[.]com
Domain Name	simonoo[.]com
Domain Name	olimobile[.]com
Domain Name	sellscentre[.]com

The post Stories from the SOC: OneNote MalSpam – Detection & response appeared first on Cybersecurity Insiders.

Mobile Device Management: Securing the modern workplace

Posted 2 years ago by hello@alienvault.com

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.

More mobile devices, more problems. The business landscape has shifted dramatically, as more endpoints connect to corporate networks from a wider variety of locations and are transmitting massive amounts of data. Economic forces and a lengthy pandemic have caused a decentralization of the workforce and increased adoption of a hybrid workplace model.

Today, employees are more mobile than ever.

The modern workforce and workplace have experienced a significant increase in endpoints, or devices connecting to the network, and managing these diverse endpoints across various geographic locations has grown in complexity.

Here’s an analogy: imagine a bustling city, with its many roads, highways, and intersections. Each road represents a different endpoint, and the city itself symbolizes your corporate network. As the city grows and expands, more roads are built, connecting new neighborhoods and districts. Our corporate networks are like expanding cities.

But along with digital transformation and a distributional shift of the workforce, the cybersecurity landscape is evolving at an equal pace. The multitude of endpoints that connect to the network is widening the attack surface that bad actors with malicious intent can exploit.

From a cybersecurity perspective, more endpoints represent a significant business risk. Organizations need to understand the importance of managing and securing their endpoints and how these variables are intertwined for a complete endpoint security strategy.

The evolution of Mobile Device Management

Traditional Mobile Device Management has existed in some form since the early 2000s, when smartphones entered the marketplace. MDM has evolved over the last few decades, and in some way, Unified Endpoint Management (UEM) represents this modern evolution. Today, unified endpoint management has become a prominent solution for modern IT departments looking to secure their expanding attack surfaces.

UEM is more than just managing endpoints. The “unified” represents one console for deploying, managing, and helping to secure corporate endpoints and applications. UEM offers provisioning, detection, deployment, troubleshooting, and updating abilities. UEM software gives IT and security departments visibility and control over their devices as well as their end-users, delivered through a centralized management console.

For a more detailed discussion of mobile device security, check out this article.

What is the difference between MDM and UEM?

Unified Endpoint Management (UEM) and Mobile Device Management (MDM) are both solutions used to manage and secure an organization’s devices, but their scope and capabilities differ.

Mobile Device Management (MDM) is a type of security software used by an IT department to monitor, manage, and secure employees’ mobile devices deployed across multiple mobile service providers and across multiple mobile operating systems being used in the organization. MDM is primarily concerned with device security, allowing organizations to enforce policies, manage device settings, monitor device status, and secure devices if lost or stolen.

On the other hand, Unified Endpoint Management (UEM) is a more comprehensive solution that manages and secures not just mobile devices but all endpoints within an organization. This includes PCs, laptops, smartphones, tablets, and IoT devices. UEM solutions provide a single management console from which IT can control all these devices, regardless of their type or operating system.

The need for comprehensive endpoint protection

As the number of endpoints increase with the rise of a mobile workforce, so does the need for comprehensive endpoint protection. This includes the use of encryption, secure configurations, and secure communication channels.

Encryption is a critical security measure that helps protect data in transit and at rest. By encrypting data, you can ensure that even if a device is lost or stolen, the data on it remains secure and inaccessible to unauthorized users.

Secure configurations are another crucial aspect of endpoint protection, which involves setting up devices to minimize vulnerabilities and reduce the attack surface. For example, this could include disabling unnecessary services, limiting user privileges, or implementing secure settings for network connections.

For protecting data in transit, secure communication channels are essential. This can be achieved by leveraging Virtual Private Networks (VPNs), which encrypt the data being transmitted and provide a secure tunnel for communication.

The role of MDM in enforcing security measures

Mobile Device Management (MDM) solutions play a key role in enforcing these security measures consistently across all devices. MDM allows organizations to manage and control device settings, ensuring that all devices adhere to the organization’s security policies.

For example, MDM solutions can enforce encryption policies, ensuring that all data stored on the device is encrypted. They can also enforce secure configurations, such as requiring devices to have a passcode or biometric authentication, and disabling features that pose a security risk, such as USB debugging on Android devices.

Check out this infographic for a visual representation of mobile security.

Implementing DLP policies within MDM solutions

Data Loss Prevention (DLP) policies are another crucial aspect of endpoint protection. These policies help prevent unauthorized data exfiltration, whether intentional or accidental.

MDM solutions can help enforce DLP policies by controlling what data can be accessed on the device, and how it can be shared. For example, MDM solutions can prevent sensitive data from being copied to the clipboard or shared via unsecured communication channels.

Security benefits of MDM and UEM

Mobile Device Management (and by extension, Unified Endpoint Management) delivers many benefits for organizations, with the most appealing being reduced costs across multiple departments. By comprehensively automating many IT tasks and processing, UEM often lowers overhead costs and hardware expenditures.

Other key benefits are as follows:

Offers endpoint management integration with multiple platforms: One of the major selling points of UEM software is its ability to integrate with a variety of platforms, including Windows 10, macOS, Linux, Chrome OS, iOS, and Android, among others. With UEM, your business can configure, control, and monitor devices on these platforms from a single management console.

Provides data and app protection across the attack surface: UEM protects corporate data and applications, reducing cybersecurity threats. This protection is accomplished by providing conditional user access, enforcing automated rules, enforcing compliance guidelines, providing safeguards for data loss, and empowering IT administrators to identify jailbreaks and OS rooting on devices.

Helps establish a modern Bring Your Own Device (BYOD) security stance: An effective UEM deployment can go a long way in maintaining the user experience for employees, regardless of who owns the device. UEM can be an effective tool for patching vulnerable applications, updating to the latest OS version, and enforcing the use of endpoint security software that actively protects BYOD devices from network-based attacks, malware, and vulnerability exploits.

Authentication: With the increase in cyber threats, implementing robust authentication measures has become more important than ever. This includes multi-factor authentication, biometric authentication, and other advanced authentication methods.

Enhanced mobile security: As the use of mobile devices for work purposes increases, so does the need for enhanced mobile security. This includes leveraging advanced security measures such as encryption, secure containers, and mobile threat defense solutions.

Remote data wiping: In the event of a device being lost or stolen, or if an employee leaves the company, it’s crucial to ensure that sensitive corporate data doesn’t fall into (or stay in) the wrong hands. UEM solutions provide the capability to remotely wipe data from devices — which can be a full wipe, removing all data, or a selective wipe, removing only corporate data while leaving personal data intact. This feature provides an essential safety net for protecting corporate data.

Application whitelisting: With the vast number of available applications, it is important to control which apps can be installed on corporate devices. UEM solutions allow for application whitelisting, where only approved applications can be installed on the devices, which helps to prevent the installation of malicious apps or apps that have not been vetted for security. It also ensures that employees are using approved and supported software for their work tasks.

Strategies for deploying MDM and UEM

Before rolling out any MDM or UEM solution, an organization must lay the foundation for effective deployment. By embracing a few key strategies, you can dramatically improve the chances of a successful implementation.

Establish a robust endpoint management policy: With BYOD and work from home (WFH), the risk of company data being compromised increases. Before implementing a UEM solution, an endpoint management policy is essential to ensure that all of your endpoint devices meet specific requirements.

Adopt automation: The future of enterprise device management is automation. From deployment to updates to reporting, an automated device fleet is the optimal solution. Automation helps reduce the manual effort and time spent on managing the devices, thereby increasing efficiency. Automation in Mobile Device Management (MDM) brings numerous benefits and has a variety of use cases. By automating tasks such as device enrolment, configuration, and updates, you can significantly reduce the time and effort required to manage mobile devices. This not only increases efficiency but also reduces the risk of human error, which can lead to security vulnerabilities.

Embrace 5G: The advent of 5G is already transforming the importance of mobile devices. The increased speed and reduced latency offered by 5G will enable more devices to be connected and managed efficiently. The increased speed offered by 5G means data can be transferred between devices and the MDM server much faster, enabling quicker updates, faster deployment of applications, and more efficient data synchronization. For instance, large software updates or security patches can be pushed to devices more quickly, reducing downtime and ensuring devices are protected against the latest threats. Reduced latency means that commands issued from the MDM server to the devices are executed almost in real-time — particularly beneficial in situations where immediate action is required, such as remotely locking or wiping a lost or stolen device.

Outsourcing enterprise mobility management: As the complexity of managing a mobile workforce increases, many organizations are considering outsourcing their enterprise mobility management, allowing them to leverage the expertise of specialized providers and focus on their core business functions.

By incorporating these trends and strategies into your mobile device management plan, you can ensure that your organization is well-equipped to handle the challenges of a mobile, hybrid and WFH workforce.

How AT&T Cybersecurity can help with MDM and UEM

In today’s digital landscape, securing your organization’s endpoints is more crucial than ever. AT&T Cybersecurity offers a range of endpoint security products and services designed to help you protect your laptops, desktops, servers, and mobile devices. AT&T’s unified approach to managing and securing endpoint devices provides better visibility and closes security gaps that may have been overlooked. With AT&T Cybersecurity, you can protect your organization’s reputation, safeguard against key threat vectors, simplify management, and maintain control with Zero Trust.

Don’t wait for a security breach to happen. Take a proactive approach to your organization’s cybersecurity by exploring AT&T’s endpoint security offerings. Whether you need advanced forensic mapping and automated response with SentinelOne, unparalleled visibility into IoT and connected medical devices with Ivanti Neurons for Healthcare, or high-level, end-to-end mobile security across devices, apps, content, and users with IBM MaaS360, AT&T Cybersecurity has a solution tailored to your needs.

Ready to take your Mobile Device Management to the next level?

Enable your employees with precise access to the applications and data required to do their job from anywhere. Learn more about secure remote access and how AT&T Cybersecurity can work with your organization.

Learn more

The post Mobile Device Management: Securing the modern workplace appeared first on Cybersecurity Insiders.

Get the AT&T Cybersecurity InsightsTM Report: Focus on Healthcare

Posted 2 years ago by hello@alienvault.com

We’re pleased to announce the availability of the 2023 AT&T Cybersecurity Insights Report: Focus on Healthcare. It looks at the edge ecosystem, surveying healthcare IT leaders from around the world, and provides benchmarks for assessing your edge computing plans. This is the 12th edition of our vendor-neutral and forward-looking report. Last year’s focus on healthcare report documented how we secure the data, applications, and endpoints that rely on edge computing (get the 2022 report).

Get the complimentary 2023 report.

The robust quantitative field survey reached 1,418 professionals in security, IT, application development, and line of business from around the world. The qualitative research tapped subject matter experts across the cybersecurity industry.

At the onset of our research, we established the following hypotheses.

Momentum edge computing has in the market.
Approaches to connecting and securing the edge ecosystem – including the role of trusted advisors to achieve edge goals.
Perceived risk and perceived benefit of the common use cases in each industry surveyed.

The results focus on common edge use cases in seven vertical industries – healthcare, retail, finance, manufacturing, energy and utilities, transportation, and U.S. SLED and delivers actionable advice for securing and connecting an edge ecosystem – including external trusted advisors. Finally, it examines cybersecurity and the broader edge ecosystem of networking, service providers, and top use cases.

The role of IT is shifting, embracing stakeholders at the ideation phase of development.

Edge computing is a transformative technology that brings together various stakeholders and aligns their interests to drive integrated business outcomes. The emergence of edge computing has been fueled by a generation of visionaries who grew up in the era of smartphones and limitless possibilities. Look at the infographic below for a topline summary of key findings.

In this paradigm, the role of IT has shifted from being the sole leader to a collaborative partner in delivering innovative edge computing solutions. In addition, we found that healthcare leaders are budgeting differently for edge use cases. These two things, along with an expanded approach to securing edge computing, were prioritized by our respondents in the 2023 AT&T Cybersecurity Insights Report: Edge Ecosystem.

One of the most promising aspects of edge computing is its potential to effectively use real-time data for patient care, revolutionizing healthcare outcomes and operational efficiency. While mobile devices and personal computers are still extremely popular in healthcare, their ubiquitous availability and connectivity make them vulnerable to cyberattacks. Successful cyberattacks can disrupt services, highlighting the need for robust cybersecurity measures.

Edge computing brings the data closer to where decisions are made.

With edge computing, the intelligence required to make decisions, the networks used to capture and transmit data, and the use case management are distributed. Distributed means things work faster because nothing is backhauled to a central processing area such as a data center and delivers the near-real-time experience.

With this level of complexity, it’s common to re-evaluate decisions regarding security, data storage, or networking. The report shares the trends emerging as healthcare embraces edge computing. One area that’s examined is expense allocation, and what we found may surprise you. The research reveals that the allocation of investments across overall strategy and planning, network, application, and security for the anticipated use cases that organizations plan to implement within the next three years.

How to prepare for securing your healthcare edge ecosystem.

Develop your edge computing profile. It is essential to break down the barriers that typically separate the internal line of business teams, application development teams, network teams, and security teams. Technology decisions should not be made in isolation but rather through collaboration with line of business partners. Understanding the capabilities and limitations of existing business and technology partners makes it easier to identify gaps in evolving project plans.

The edge ecosystem is expanding, and expertise is available to offer solutions that address cost, implementation, mitigating risks, and more. Including expertise from the broader healthcare edge ecosystem increases the chances of outstanding performance and alignment with organizational goals.

Develop an investment strategy. During healthcare edge use case development, organizations should carefully determine where and how much to invest. Think of it as part of monetizing the use case. Building security into the use case from the start allows the organization to consider security as part of the overall cost of goods (COG). It’s important to note that no one-size-fits-all solution can provide complete protection for all aspects of edge computing. Instead, organizations should consider a comprehensive and multi-layered approach to address the unique security challenges of each use case.

increase your compliance capabilities. Regulations in the healthcare industry can vary significantly across different jurisdictions, including countries, states, and municipalities. This underscores the importance of not relying solely on a checkbox approach or conducting annual reviews to help ensure compliance with the growing number of regulations impacting healthcare organizations. Keeping up with technology-related mandates and helping to ensure compliance requires ongoing effort and expertise. If navigating compliance requirements is not within your organization’s expertise, seeking outside help from professionals who specialize in this area is advisable.

Align resources with emerging priorities. External collaboration allows organizations to utilize expertise and reduce resource costs. It goes beyond relying solely on internal teams within the organization. It involves tapping into the expanding ecosystem of edge computing experts who offer strategic and practical guidance. The healthcare industry is familiar with the concept of engaging external subject matter experts (SMEs) to enhance decision-making. Involving outside SMEs can help prevent expensive mistakes and accelerate the deployment process. These external experts can help optimize use case implementation, ultimately saving time and resources.

Build-in resilience. Consider approaching edge computing with a layered mindset. Take the time to ideate on various “what-if” scenarios and anticipate potential challenges. For example, what measures exist if a private 5G network experiences an outage? Can patient data remain secure when utilizing a public 4G network? How can business-as-usual operations continue in the event of a ransomware attack?

Successful healthcare edge computing implementations require a holistic approach encompassing collaboration, compliance, resilience, and adaptability. By considering these factors and proactively engaging with the expertise available, healthcare organizations can unlock the full potential of edge computing to deliver improved patient outcomes, operational efficiency, and cost-effectiveness in the ever-evolving healthcare landscape.

The post Get the AT&T Cybersecurity InsightsTM Report: Focus on Healthcare appeared first on Cybersecurity Insiders.

Artificial Intelligence Governance Professional Certification – AIGP

Posted 2 years ago by hello@alienvault.com

For anyone who follows industry trends and related news I am certain you have been absolutely inundated by the torrent of articles and headlines about ChatGPT, Google’s Bard, and AI in general. Let me apologize up front for adding yet another article to the pile. I promise this one is worth a read, especially for anyone looking for ways to safely, securely, and ethically begin introducing AI to their business. On June 20th the International Association of Privacy Professionals (IAPP) released a new body of knowledge (BOK) for their soon-to-be-released Artificial Intelligence Governance Professional Certification (AIGP). This first-of-its-kind certification covers a series of knowledge areas, which I’ll explore later in this post. It’s of great value to any professional interested in implementing or managing AI, or simply curious about the field.

The field is booming with new tools, ideas, and use-cases being developed by the hour (at least that’s how it seems sometimes). Several companies, IBM being the most prolific, have also released several technical certifications aimed at the creation and refinement of AI. There are not, however, any certifications aimed at business leaders or non-technical professionals, the people who will approve and use AI in their day-to-day tasks. At least there weren’t until the IAPP announced their new AIGP certification, that is.

Introduction to the IAPP, and the AIGP knowledge areas

While the IAPP is the de facto leader in the industry when it comes to privacy certifications, I recognize not everyone may be familiar with them or their offerings. The IAPP was founded in 2000 and currently offers a suite of certifications aimed at professionals, including lawyers, who work with data privacy or governance. Their key offerings include the Certified Information Privacy Professional series (including individual certifications on European, Canadian, and American privacy laws), the Certified Information Privacy Manager, Certified Information Privacy Technologist, as well as a few others. The AIGP is a brand-new offering that hasn’t been fully released yet beyond the newly posted BOK.

The AIGP covers seven different domains that range from fundamental components of AI, all the way to development lifecycles and risk management. The topics on the exam will allow professionals to showcase their knowledge of both AI as a field of study and a technology, but also how to effectively manage it within an organization. Learning what you need to know to pass the test will create an excellent foundation and equip you to identify and leverage opportunities when they appear, and manage risks when they invariably crop up. I’ve listed the seven domains below:

Understanding the Foundations of Artificial Intelligence
Understanding AI Impacts and Responsible AI Principles
Understanding How Current Laws Apply to AI Systems
Understanding the Existing and Merging AI Laws and Standards
Understanding the AI Development Life Cycle
Implementing Responsible AI Governance and Risk Management
Contemplating Ongoing Issues and Concerns

Conclusion

While the certification itself isn’t out quite yet, I highly recommend you visit the IAPP’s website and take a look at the AIGP’s BOK. This will give you a good idea of what you can expect to see on the exam and let you begin preparing while we wait for the official training material to be released. I reached out to the IAPP for more information and was informed that additional training material to support this certification is planned for a Q4 release later this year.

This certification promises to become a milestone in the realm of AI governance, effectively bridging the gap between those with deep technical knowledge and non-technical business leaders. As the presence and use of AI becomes more pervasive, being able to understand its governance, risks, and ethical implications is no longer a luxury, but a necessity. This certification is going to be a vital first step towards achieving that understanding. I’ll continue to follow the development of the AIGP and provide more insights as new information becomes available.

The post Artificial Intelligence Governance Professional Certification – AIGP appeared first on Cybersecurity Insiders.

Get the AT&T Cybersecurity InsightsTM Report: Focus on Healthcare

Posted 2 years ago by hello@alienvault.com

Get the complimentary 2023 report.

At the onset of our research, we established the following hypotheses.

Momentum edge computing has in the market.
Approaches to connecting and securing the edge ecosystem – including the role of trusted advisors to achieve edge goals.
Perceived risk and perceived benefit of the common use cases in each industry surveyed.

The role of IT is shifting, embracing stakeholders at the ideation phase of development.

Edge computing brings the data closer to where decisions are made.

How to prepare for securing your healthcare edge ecosystem.

The post Get the AT&T Cybersecurity InsightsTM Report: Focus on Healthcare appeared first on Cybersecurity Insiders.

Effectively managing security budgets in a recession

Posted 2 years ago by hello@alienvault.com

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.

How can you effectively manage a security budget in a recession? An economic downturn will likely impact your team, so you must prepare to balance your cybersecurity needs with your spending limits.

How will a recession impact security teams?

Cyber attacks become more common during recessions because potential insider threats and fraud cases increase. On top of the risks, you likely must deal with reduced budgets and staff. Less flexible spending usually means you have to take on larger workloads.

In addition, you face increased risk from anyone who was let go due to the economic downturn. They know your organization’s security vulnerabilities and how to exploit them if they want to retaliate. Cybercrime also gives them an opportunity to utilize their skills for financial gain. You must effectively manage your budget to prepare for such effects.

Preparing security budgets for a recession

Your organization will likely cut or limit your security budget, so you must prepare to handle increased security threats with less flexible spending. The key to an adequate long-term solution is to consider the returns you’ll get for each investment.

Consider a loan

Getting a loan to boost your security budget may be a good approach if you need more flexibility with your expenses. However, you must be aware of transaction types to navigate the complexities of borrowing adequately. For example, hindering is the practice of keeping assets from creditors, which is fraud. Establish a relationship with a trustworthy lender before committing. In addition, you should ensure you fully understand your contract and repayment responsibilities.

Get cyber insurance

Cyber insurance is a great consideration. You can justify the expense because a recession puts you at greater risk for data breaches and network intrusions. Since it typically covers damages, information restoration and incident response, it can put you in a better place financially.

Prioritize spending

Prioritizing cybersecurity spending is the first step you should take to prepare your team for an economic downturn. Identify your compliance and essential security needs, and determine how to support them with a smaller budget. You can then take inventory of your technology and labor necessities and decide how to allocate funds properly.

Analyze technology needs

You can only effectively manage your security budget if you fully understand what you’re working with. Take inventory of the hardware and software you possess, and categorize it. Even if you don’t have to cut your existing equipment, doing so may give you future spending flexibility. Identify what is essential to your team and isn’t, then decide what you can efficiently operate without.

In addition to potentially saving you money in the long term, taking note of your equipment can inform your security decisions. For example, your cloud platform may be helpful for storage purposes but can also open you up to unique risks. Since everything is a potential attack surface, you may be better off operating with only the essentials.

Assessing your technology may help you optimize spending, as well. You can recognize security gaps more quickly when you have an accurate inventory. It also allows you to patch, update and manage devices, reducing the chance of experiencing an expensive breach.

Effectively budgeting during a recession

Preparation is crucial, but continuous budget management is essential. You’ll have to routinely reevaluate your security spending to align with the recession’s effects.

Leverage automation

Automating workflows with artificial intelligence (AI) is an excellent solution if you have large workloads or need more staff. It can complete tasks in seconds without your input or assistance, so you can let it run on its own while focusing on more essential duties. Despite its speed, its decisions are accurate because they’re data-driven. While AI may require a larger initial investment, it’s usually worth it.

On top of reducing labor expenses, it can save your team money when handling security issues. Organizations using automation and AI saved over $3 million during data breaches and controlled them 74 days earlier than those without the technology. It allows for more flexibility in your department’s budget because dealing with situations becomes more affordable. Since it can also scale with your needs, you can adjust its involvement as necessary.

Increase training

Training is essential since human error causes 95% of cybersecurity issues for organizations. You only need to spend on labor, which can be an effective strategy. Your department’s budget may be limited, but consider the benefits of allocating funds toward upskilling. It can inform your team of potential risks during the recession. Also, it can better prepare them to respond to security threats — a critical factor for those dealing with high workloads or understaffing.

Focus on employee retention

The cybersecurity skills shortage is a significant factor to consider because you’ll likely see its impact during the recession. The longer it goes on, the more you may feel its effects. Employee retention is essential to mitigate this challenge.

You could use a multi-layered security architecture to make your role manageable. It’s a cost-effective approach to reducing burnout and simplifying tech stacks — some of the main ways to keep your team productive.

Balancing security and spending

A recession may limit your budget, but you can continue to provide security to your organization if you manage it effectively. Ensure you understand your equipment needs, prioritize spending and stabilize your team’s workload.

The post Effectively managing security budgets in a recession appeared first on Cybersecurity Insiders.

The human element of Cybersecurity: Nurturing a cyber-aware culture to defend against social engineering attacks

Posted 2 years ago by hello@alienvault.com

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.

As organizations across every sector come to rely more and more heavily on digital data storage, digital work platforms, and digital communications, cyber attacks are becoming increasingly common. Enterprising cyber attackers see opportunities abound with the widespread digital transformation across industries. Social engineering cyber attacks present a particularly potent threat to organizations.

In this article, we will take a look at why training your employees to become aware of social engineering cyber attacks is key to protecting your business. We will explore the most common forms of social engineering attacks. Finally, we’ll also share key actionable advice to help educate and defend your employees against social engineering schemes.

Why cybersecurity awareness is important

Oftentimes the most vulnerable element in any organization’s cybersecurity defense system is an unaware employee. When someone does not know the common features of a social engineering cyber attack they can easily fall for even the most widespread cyber attack schemes.

Educating employees on signs to look out for that might indicate a hidden cyberattack attempt and training employees on security policies and appropriate responses is essential to creating a resilient company-wide cybersecurity policy.

Three common types of social engineering attacks

To understand how to identify, trace, and respond to social engineering cyber attacks, it is important to get to know the most common forms that social engineering attacks can take.

A social engineering attack occurs when a bad actor contacts an unsuspecting individual and attempts to trick them into providing sensitive information (such as credit card details or medical records) or completing a particular action (such as clicking on a contaminated link or signing up for a service).

Social engineering attacks can be conducted over the phone, or via email, text message, or direct social media message. Let’s take a look at the three most common types of social engineering cyber attacks:

Phishing

Phishing is a type of social engineering attack that has bad actors posing as legitimate, and oftentimes familiar, contacts to extort valuable information from victims, such as bank account details or passwords.

Phishing attacks can come in the form of emails claiming to be from legitimate sources- such as a government body, software company you use, or relative. Bad actors can hack someone’s legitimate account, making the communication seem more convincing, or they can impersonate an official organization, copying their logo and content style.

Pretexting

Pretexting attacks occur when a bad actor invents a story to gain an unsuspecting victim’s trust. The bad actor then uses this trust to trick or convince the victim into sharing sensitive data, completing an action, or otherwise accidentally causing harm to themselves or their affiliated organizations.

Bad actors may use pretexting to manipulate an individual into downloading malware or compromised software, sending money, or providing private information, including financial details.

Baiting

Baiting is a similar type of social engineering attack to pretexting. While in a pretexting attack the bad actor lulls a victim into a sense of false security with a compelling narrative, a baiting attack uses enticing promises to trick a victim into completing an action or providing information.

Essentially baiting involves a bad actor setting a trap for victims. This trap could be an email attachment or file sent through social media messaging that at first seems legitimate, but includes malware. Victims may not even be aware that they have fallen for a baiting scheme, as the malware could be downloaded onto their device without them knowing about it. Bad actors can also use baiting to steal bank details or other personal data from victims.

How to educate employees to recognize social engineering attacks

Each employee should be able to adequately recognize and respond to social engineering attack attempts; when every employee knows how to do this your organization will have a robust level of human security defending the organization against cyber breaches.

Conduct regular security awareness training

Make sure that cybersecurity is a priority for employee education. The more your employees are reminded of the importance of cybersecurity, the more likely they will be to remember the correct course of action to take in the event of an attack attempt. Include cybersecurity information posters on the walls of your office, upon which you can try integrating QR codes to provide a multimedia and more secure way for employees to access this information while on the go.

Encourage employees to read up on the latest cybersecurity protocols and attack methods. And schedule regular mandatory cybersecurity training sessions to refresh employees on how to stay vigilant against cyber attacks and where to report suspicious activity when it occurs.

Utilize Multi-factor Authentication

Multi-factor Authentication, or MFA, maintains a higher level of security against each attempt to access your company networks and files. Multi-factor authentication can require employees to answer security questions, provide a one-time-only code that is sent to their email or phone number, or pass through secure restricted access digital gateways using another method that verifies their identity and right to access that digital space.

With multi-factor authentication in place, hackers who successfully access one employee’s phone number, login info, or email address will still not be able to compromise the security of the entire organization.

Track company KPIs

Your organization should create a shared checklist that employees can consult and reference in the event of a suspected (or successful) cybersecurity breach.

This document should contain all relevant security KPIs, or key performance indicators, that provide measurable metrics. Employees will be able to trace and evaluate the robustness of your organization’s security system based on whether or not these individual metrics are performing at the appropriate level.

Implement strong password requirements

Ensure that every employee is maintaining good password hygiene. Each employee should utilize a unique combination of letters, numbers, and symbols, including both uppercase and lowercase levels.

Employees should never use the same password for multiple accounts, and they should avoid using any phrases or words that may be easy for hackers to guess. Birthdays, anniversaries, pet names, and song lyrics should never be used as passwords.

Establish company-wide cybersecurity policies

Confusion about your organization’s expectations and standards can lead to further weak spots, vulnerable points, and openings for enterprising cyber attackers to exploit. Make sure every employee has a clear understanding of company policies surrounding cybersecurity.

Organizations that are hiring freelance employees, for example, will need to be on extra high alert. Freelancers or independent contractors your company works with may not always comply with the basic security guidelines and expectations that full-time employees hold to.

To avoid this, establish clear cybersecurity expectations from the start of the professional working relationship by laying out cybersecurity policies in the freelancer contract. Look for freelancing contract templates that come with flexible customization options, so you can be sure to include the relevant section about cybersecurity policy agreements for freelancers and contractors.

Use common sense

It may sound obvious, but following up on a hunch to double-check whether or not an offer or request seems legitimate is a great way to defend against social engineering scams. If you receive an email that seems suspicious, for example, try contacting the original sender- whether that was a colleague, a friend, or a company. Use another method to contact them and double-check whether it was indeed them trying to contact you.

If a request seems suspect, there is a good chance it is a scam. If a bad actor is trying to scam you, then taking the extra time to verify can save you hours of cleanup, not to mention financial damages and reputation loss. Employees can report suspicious phone calls or text messages directly to their phone carriers, who may be able to track the perpetrator and restrict their access. Or employees can file a complaint with the FBI Internet Crime Complaint Center.

Final thoughts

Defending against sophisticated social engineering attacks can be a daunting challenge for any organization. The best method of protecting sensitive data and preventing unwanted access to restricted organization networks is to implement a multilayered approach to cybersecurity.

Provide each employee with the training and education that will eliminate accidental individual cybersecurity slip-ups and you will have a more robust, well-rounded, and dynamic cybersecurity defense system.

Make use of common sense, encourage employees to report suspicious activity, conduct frequent employee security training sessions, track KPIs with shared checklists, and establish clear company-wide security policies. Ensure that every employee knows how to create a secure password, and set up multi-factor authentication procedures.

With a highly aware workforce, your organization will be better equipped to prevent phishing, pretexting, baiting schemes, and other forms of social engineering cyber attacks.

The post The human element of Cybersecurity: Nurturing a cyber-aware culture to defend against social engineering attacks appeared first on Cybersecurity Insiders.

What your peers want to know before buying a DLP tool

Posted 2 years ago by hello@alienvault.com

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.

Preventing data loss is a concern for almost every organization, regardless of size, especially organizations with sensitive data. Organizations, now more than ever before, rely on voluminous amounts of data to conduct business. When data leakage or a breach occurs, the organization is forced to deal with the negative consequences, such as the high cost associated with data breach fines and remediation and reputational harm to their company and brand.

Data loss prevention (DLP) solutions help mitigate the risk of data loss. Losses can occur as a result of insider-related incidents (e.g., employee theft of proprietary information), or due to physical damage to computers, or as a result of human error (e.g., unintentional file deletion or sharing sensitive data in an email). In addition to the various ways an organization might experience data loss, mitigating the risk of loss requires the right people, processes, and technology.

Meeting the technology requirement can be a challenge when it comes to selecting the right DLP solution. During the vendor exploration and evaluation phases, there may be questions about whether it makes sense to invest in a solution that protects the network, endpoints, or the cloud or whether it’s better to select a solution that protects the enterprise and takes into account the hybrid nature of many organizations.

Data classification and labeling

The decision to invest in a DLP solution should be informed by sufficient research and planning with key stakeholders. This blog will discuss three additional things you should consider before making such an investment. Let’s begin with the types of data an organization collects, stores, and analyzes to conduct business.

To have a successful data loss prevention program, it’s important to identify all types of data (e.g., financial data, health data, or personally identifiable information) and to classify the data according to its value and the risk to the organization if it is leaked or exfiltrated. Data classification is the process of categorizing data to easily retrieve and store it for business use. It also protects it from loss and theft and enables regulatory compliance activities. Today, systems are more dispersed, and organizations have hybrid and remote workforce models, so it is critical to protect data regardless of where it resides or with whom it is shared. This kind of protection requires properly classified and labeled data.

Automated data classification is foundational to preventing data loss. It is the best way for organizations to fully understand what types of data they have, as well as the characteristics of the data and what privacy and security requirements are necessary to protect the data. Properly classifying data also enables the organization to set policies for each data type.

Techniques to identify sensitive data

DLP solutions detect instances of either intentional or unintentional exfiltration of data. DLP policies describe what happens when a user uses sensitive data in a way the policy does not allow. For example, when a user attempts to print a document containing sensitive data to a home printer, the DLP policy might display a message stating that printing the document to a home printer violates the policy and is not permissible. How does the DLP tool know that the document includes sensitive data? Content inspection techniques and contextual analysis help identify sensitive data.

The inspection capability of the DLP solution is very important. It’s important to note that traditional DLP solutions focus on data-specific content inspection methods. These inspection methods are no longer effective for organizations that have migrated to the cloud because the techniques were developed for on-premises environments. Gartner recommends investing in a DLP solution that not only provides content inspection capabilities but also offers extra features such as data lineage for visibility and classification, user, and entity behavior analytics (UEBA), and rich context for incident response. UEBA is useful for insider-related incidents (e.g., UEBA might help identify data exfiltration by a dissatisfied employee).

What actions will the DLP solution perform

After it’s clear that the tool can classify sensitive data, a logical next question is what actions the tool will perform to prevent loss of that data. A DLP solution performs actions such as sending out alerts for DLP policy violations, warnings using pop-up messages, and blocking data entirely to prevent leakage or exfiltration. Another feature might include quarantining data. Organizations should be able to define their policies based on their policy, standards, controls, and procedures.

Traditional DLP relies heavily on content analysis and does not always accurately identify sensitive data. Sometimes traditional tools block normal activity. In contrast, a modern DLP solution minimizes false positives by combining content analysis and data lineage capabilities to more accurately understand whether the data is sensitive.

Conclusion

There are many DLP tools on the market. A DLP solution might also be a capability in another security tool such as an email security solution. Selecting the right tool requires knowledge of market trends, the gap between traditional and modern DLP tools, data loss prevention best practices, and the purchasing organization’s security initiatives and goals. Given the many options and variables to consider, it can be challenging to understand the nuances and distinctions among solutions on the market.

The post What your peers want to know before buying a DLP tool appeared first on Cybersecurity Insiders.

How social media compromises information security

Posted 2 years ago by hello@alienvault.com

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.

Today’s companies operate in a complex security environment. On the one hand, the threat landscape is growing. Bad actors are becoming more and more refined as they get access to new tools (like AI) and offerings (like hacking-as-a-service). On the other hand, companies are dealing with more sensitive data than ever before. This has prompted consumers and regulators alike to demand for better security practices.

To top it all off, companies are operating in an increasingly decentralized digital model. Gone are the days of firewalls. Employees want to be able to access work from anywhere, and on their own networks and devices. This has heightened the prevalence of insider threats, making it much easier for employees to inadvertently (or intentionally) share corporate data with others.

One way that insider threats have become particularly problematic is through social media. In this article, we’re taking a closer look at how social media can compromise data security for organizations — and what they can do to address this concern.

The challenge with social media

Depending on the platform, social media encourages users to share information about their life and experiences in varying degrees. When it comes to employees, social media can easily be a channel to discuss work-related topics, whether that’s sharing excitement about an upcoming product feature, posting a photo of a company event, or even sharing sensitive information with a colleague via private chat features. This degree of sharing — both of personal and corporate information — can pose a number of challenges for businesses.

For starters, there’s a risk of accidentally sharing information. An employee could post a picture of their desk on Instagram to show off their lunch for the day or the view from their office and forget to blur the sensitive information on their computer screen. Alternatively, a software developer might seek out peers on a Reddit forum to try and solve a particular issue with their code, and inadvertently share proprietary code when asking for help.

Some social media channels also allow for a certain degree of anonymity. A disgruntled employee could take to Twitter or Reddit and make corporate secrets widely available to competitors or regulators.

On the other side of the equation, cybercriminals use social media platforms as resources for their attacks. These bad actors understand that people are prone to sharing information, so they access public profiles to try and glean useful information that can then be used for sophisticated social engineering attacks. In addition, they can use the likes of LinkedIn to map out an organizational structure, get access to corporate email addresses, and even identify when core individuals are on vacation. They can also review an individual’s follower or contact list, create a fake account for someone at the company that’s not on the list, and encourage the employee to share sensitive information.

All of these challenges can put a business at risk of sophisticated threats including phishing and other forms of social engineering, brand impersonation aimed at tricking customers, data theft, and even large-scale data breaches. Despite the potential impact of a social media leak, it’s notoriously difficult for companies to control the egress of data through these platforms. That said, below are some of the things companies can proactively do to mitigate these threats.

Staying ahead of social media threats

Businesses can’t dictate what their employees say on their personal social media accounts — that’s a given. That said, they can educate their users on the dangers of disclosing too much information and the best ways to protect their data, credentials, and corporate details. This can be done through onboarding training, gamified security weeks where employees are given challenges to identify and act out security best practices, as well as lunch and learns dedicated to security.

For companies that provide their employees with mobile devices, there’s also an opportunity to set clear expectations around what can be posted from a corporate device or not. They can also encourage individuals to change their phone passwords often, and to use a password manager for their social accounts.

There are also services and technologies that can help here. For example, companies can hire social media scanning services to identify fraudulent accounts and flag them to employees. In addition, a comprehensive data loss prevention tool can also be instrumental in identifying when sensitive data has been exposed and kickstarting an immediate response.

Evolving with the times

When it comes to maintaining robust security measures, companies have a responsibility to keep up with cultural shifts and the adoption of new platforms. Security practitioners need to be continually aware of any new threat vectors, incorporating new measures and policies as needed and keeping up with best practices. This is why having a robust, comprehensive, and iterative cybersecurity strategy — one that accounts for both insider and external threats — is more important than ever.

The post How social media compromises information security appeared first on Cybersecurity Insiders.