Category: Best Practices

Mobile applications have become an essential part of our daily lives, and they are used for a variety of purposes such as communication, banking, shopping, and entertainment. However, with the increasing use of mobile applications, the risk of security breaches has also increased. In this article, we will discuss the best practices for mobile app security that developers should follow to ensure the safety of their users.

1.    Secure Coding Practices- The first and foremost step to ensure mobile app security is to follow secure coding practices. Developers should follow best practices such as using strong encryption algorithms, sanitizing user input, validating user input on the server-side, and using secure authentication mechanisms.

2.    Secure Data Storage- Mobile applications store sensitive user data such as login creden-tials, personal information, and payment details. Developers should ensure that this data is stored securely using encryption mechanisms. They should also avoid storing sensi-tive data on the device’s local storage and use cloud storage solutions with proper en-cryption.

3.    Regular Updates- Developers should release regular updates for their applications to fix any security vulnerabilities that are discovered. These updates should be made available to all users as soon as possible to ensure that their mobile app is secure.

4.    User Authentication- User authentication is an essential part of mobile app security. De-velopers should use strong authentication mechanisms such as two-factor authentica-tion, biometric authentication, or multi-factor authentication to ensure that only author-ized users can access the application.

5.    Network Security-Developers should ensure that their mobile application uses secure network protocols such as HTTPS to prevent any data breaches during data transmis-sion. They should also avoid storing sensitive data on the device’s local storage and use cloud storage solutions with proper encryption.

6.    User Permissions- Mobile applications often request permission to access various device features such as camera, microphone, and location. Developers should ensure that these permissions are necessary for the application’s functionality and that users are informed about why the application requires these permissions.

7.    Penetration Testing- Penetration testing is a crucial step in mobile app security. Devel-opers should regularly conduct penetration testing to identify any vulnerabilities in their application and take appropriate measures to fix them.

In conclusion, mobile app security is crucial for the safety of users’ sensitive data. By following these best practices, developers can ensure that their mobile applications are secure and free from any security vulnerabilities.

The post What are the Mobile App Security Best Practices appeared first on Cybersecurity Insiders.

Modern cyber attacks are ingenious — and traditional vulnerability management, or VM, simply is no longer very effective.

Related: Taking a risk-assessment approach to VM

Unlike a typical cyber attack that exploits a software vulnerability, recent cyber attacks exploit other security risks, such as misconfigurations, security deviations, and posture anomalies. But VM vendors tend to focus more on software vulnerabilities and leave out everything else.

SecPod’s research shows some 44 percent of the total vulnerabilities in a typical IT infrastructure don’t have a Common Vulnerabilities and Exposure (CVE) designation.

The consequences of a cyber attack can be devastating; from a rapid drop in brand reputation to loss of business and sensitive data. Cyber attacks can also invite lawsuits and can even be fatal.

In addition to real-time protection, effective VM can also help with compliance at a time when data security rules are increasing in regulatory policies like NIST, PCI, HIPAA and GDPR.

With traditional VM, achieving compliance is a struggle. But advanced VM provides an actionable way of adhering to regulations and policies mandates that call for risks to be identified and detected as part of ongoing data security.

While traditional VM is herky-jerky, advanced VM is a continuous and smooth process that results in much more efficient and detection, integration, and automation.

Further, effective VM can be very cost-effective; the potential cost saved in preventing cyberattacks is enormous when compared to total security expenditures.

Reinventing VM

The importance of effective VM can’t be overstated. Yet given the evolving IT environment, CISOs, sysadmins, and IT security teams are struggling to protect their networks.

Basavanna

Ideally, VM should be continuous and proactive, but traditional VM is jagged, broken, insufficient — and in desperate need of reinvention.

With traditional VM, detection is limited to software vulnerabilities, assessment and prioritization to a common vulnerability scoring system (CVSS) ranking, as well as remediation to patching. This approach only provides superficial visibility into IT infrastructure, and does not take into account lateral attack vectors.

Without automation, the laborious task of scanning and remediation is difficult. Additionally, multiple teams use multiple tools in traditional VM, leading to a disconnect and friction between them, further reducing the effectiveness of traditional VM.

The Jira misconfiguration leaks highlight the devastating impact vulnerabilities beyond those called on in CVEs can have in a modern environment. Modern cyberattacks exploit misconfigurations and other security risks, and research reflects the same. Some 31 percent of respondents to a recent ESG survey pointed to misconfigurations as the initial point of compromise for a successful ransomware attack.

Advanced capabilities

Advanced VM computes high-fidelity attacks and criticality to mitigate risks effectively. Traditional VM can only remediate software vulnerabilities with patches, while advanced VM fixes misconfigurations, normalizes deviations, and eliminates other security risks. So a dangerous new exploit that lacks a CVE designation and registers a low CVSS score can still be detected and remediated in a timely manner.

The lack of the right tools with enough capabilities and the inertia to shift to new technology are the main reasons why advanced VM is not yet adapted universally. But it’s only a matter of time before it gets widespread adoption.

Modern networks are becoming increasingly interconnected and massive. This means a larger attack surface, numerous security risks, and more work for IT security teams.

Advanced VM, with its broader detection, faster scans, and integrated remediation, is the only way of combating modern cyberattacks. Clearly, advanced VM is well positioned to be a core component of combating ever-evolving cyber attacks.

About the essayist: Chandrashekhar Basavanna is the founder and CEO SecPod Technologies, a cybersecurity technology company creating solutions for enterprise IT Security teams to prevent cyberattacks on the computing environments.

The United States will soon get some long-awaited cybersecurity updates.

Related: Spies use Tik Tok, balloons

That’s because the Biden administration will issue the National Cyber Strategy within days. Despite lacking an official published document, some industry professionals have already seen a draft copy of the strategic plan and weighed in with their thoughts. Here’s a look at some broad themes to expect and how they will impact businesses:

•New vendor responsibilities.  Increased federal regulation puts more responsibility on hardware and software vendors compared to the customers who ultimately use their products.

Until now, people have primarily relied on market forces rather than regulatory authority. However, that approach often leads to bug-filled software because makers prioritize new product releases over ensuring they’re sufficiently secure.

These changes mean business representatives may see more marketing materials angled toward what hardware and software producers do to align with the new regulations. Product labeling may also become easier to understand, acting somewhat like food nutrition labels, except centered on security principles.

Coverage of the strategic security program from people with firsthand knowledge of the draft document suggests congressional action or executive authority will regulate how all critical sectors handle cybersecurity. It’s still unclear what that looks like in practice, but it certainly signifies a major change.

•Expanded cybersecurity budgets. Statistics suggest almost 50 percent of employees have never received cybersecurity training. It’s also easy to find research elsewhere highlighting how workers frequently make errors that might seem meaningless but ultimately expose files or corporate networks to cyberattacks and other risks.

The heightened awareness as more people became aware of the Biden administration’s plan helped spur a change that caused elevated stock market activity for several cybersecurity companies. This may have happened because people at more companies recognized the need for such products. After all, cybersecurity awareness training for employees is vital, but it can only go so far. Businesses must also invest in specialized tools for network monitoring and security.

However, those familiar with the content of the strategic cybersecurity program say not to expect uniform standards to apply across industries. Previous U.S. presidents have tried that without getting the desired effects. That means it’s best to wait and see Biden’s intentions before increasing cyber investments.

•Critical infrastructure revisions. Analysts also believe part of Biden’s strategy for cybersecurity will rewrite a policy from President Obama’s era that provides stipulations for keeping essential infrastructure secure. It may also include details about which types of companies fall into that category. If so, entities like cloud providers might need to take additional steps to maintain security. The same would likely be true for utility, telecommunications and transportation businesses.

Flynn

However, it’ll take a while to implement even once the Biden administration’s plan is officially published. That gives all affected companies time to make any necessary adjustments, regardless of whether they’re categorized as critical infrastructure providers.

People working at businesses highly likely to need stronger cybersecurity under the new strategy should consider consulting with cybersecurity experts. Those parties can advise them about where gaps remain and how the business is already doing well by following best practices for security.

Big changes lie ahead for U.S. cybersecurity policies and practices. The previewed content of cybersecurity plans from the Biden administration indicates people should expect significant shifts from what past leaders have tried. However, even once the details of this cybersecurity strategic plan are publicized, it’ll take a while before whatever’s different is widely adopted. Business leaders should be ready to act but refrain from making any relevant decisions before getting the details straight from the source.

About the essayist: Shannon Flynn is managing editor of ReHack Magazine. She writes about IoT, biztech, cybersecurity, cryptocurrency & blockchain, and trending news.

When a company announces layoffs, one of the last things most employees or even company owners worry about is data loss.

Related: The importance of preserving trust in 2023

Valuable or sensitive information on a computer is exposed to theft or to getting compromised. This can happen due to intentional theft, human error, malware, or even physical destruction of servers. But it’s a real and growing risk to be aware of.

In 2020, Forbes reported that pandemic layoffs and remote work served to increase the risk of company data loss. Tesla, for example, suffered two cybersecurity events after layoffs back in 2018.

Data loss isn’t necessarily spiteful. Imagine an employee creates a spreadsheet showing all your clients and the main points of contact for each. She updates this sheet, but forgets to share it internally.

She gets laid off, and she takes the spreadsheet with her because she believes that the work she created at her job belongs to her. This may sound like an edge case, but a survey by Biscom found that 87 percent of employees took data that they themselves had created from their last job.

Data theft can also be deliberate and malicious. That same employee might use that spreadsheet as a bargaining chip in securing a new job with your competitor.

Data theft can also happen as a result of hackers. In the infamous 2014 Sony hack, an employee moving from Deloitte to Sony allegedly took sensitive data with him when he left. It is believed that the employee was storing employee information from both Sony and Deloitte in his computer, leading to the salaries of 30,000 Deloitte employees being leaked.

Data loss prevention is a concept that’s been around since the ‘90s, but in the age of AI, machine learning, natural language processing, and all those other fun new buzzwords, it’s taken on new relevance and significance.

With relaxed security measures due to remote work, disgruntled employees due to sudden mass layoffs, and logistical oversights due to reorganization, company data can fall through the cracks. To keep up, companies need to use technology to ensure their most important asset, their information, is safe.

Consolidated visibility

Rittman

The first step is to know what you have. Then you can work on protecting it.

That’s why the first step in any layoff-proof data loss prevention strategy has to be the collection and categorization of all the company data that exists. This is both easier and harder thanks to a distributed system of information.

Data might be in spreadsheets, on Slack, on OneDrive, in custom databases, or any other number of off-premises cloud systems.

The best way to consolidate all that info is to use machine learning and artificial intelligence. First, identify all potential sources of data. You might also want to ensure you’re scanning all emails going in and out of the company.

Then, companies need to set up rules to determine what the AI identifies as what kind of data. For example, one priority is identifying personally identifiable information of your customers. You don’t want that leaving your data warehouses.

Another example is any kind of proprietary algorithm or system. For instance, if you’re Equifax, you don’t want any employee able to leave with your credit score algorithm.

Using a combination of AI and ML, you should be able to put together a comprehensive catalog of all company data.

Spotting anamolies

The next step is to train the AI to spot suspicious-looking behavior. For example, you might set it up so that when an employee starts downloading massive amounts of data, that gets flagged as suspicious.

You might also need to use technology that can use optical character recognition (OCR). For example, imagine instead of sharing that customer spreadsheet, our laid-off employee just takes a screenshot of it and emails it to herself.

Unless your data loss prevention strategy has OCR to read what screenshots are, you’d never be able to know that she walked off with that spreadsheet unless you manually went through every single one of her emails.

You also have to take steps to stop data loss from happening. For example, your system should include a rule to automatically log out any users downloading a high number of files. It should also limit access for any soon-to-be laid off employees to sensitive material.

And finally, in the case of non-malicious theft, you should be able to quickly scan any employee-generated data to ensure files like comprehensive customer databases don’t get lost just because nobody knows they exist.

One major component of data loss prevention is to map the organization’s critical information. With a map of who has access to what, the knowledge is less likely to get lost when employees move on. This enables companies to classify the information and prevent data loss, or at least educate employees not to take data with them to their next job.

You should also have set up your system to flag suspicious events, such as the mass downloading of files, laid-off employees sending lots of emails, or people logging in from unusual locations.

Your final step is to patch those holes. With AI on the case, it will auto-recognize suspicious events and take care of them. You can also be assured that important or sensitive information won’t fall through the cracks of mass layoffs.

Data loss is a real threat. Make sure your company is up to the job of handling it.

About the essayist: Dr. Danny Rittman, is the CTO of GBT Technologies, a solution crafted to enable the rollout of IoT (Internet of Things), global mesh networks, artificial intelligence and for applications relating to integrated circuit design.

Small and medium-sized businesses are facing immense security challenges and these are the same as those of mid-size or larger enterprises.

Related: Myths about safe browsing

Clearly, SMBs need to be alert for cyberattacks, but they also need to stay focused on their business and not sacrifice productivity.

Organizations are confronted with a severe security threats landscape, and it is critical that they have the ability to prevent, detect and respond to these threats in a timely manner. Hence, using a threat prevention and detection solution that doesn’t disrupt day-to-day operations while providing early warning and stopping potential threats before they escalate is essential.

Our dependence on technology has grown and so has the number of ways that criminals can exploit vulnerabilities to gain access to sensitive information or disrupt critical systems. Today, businesses of all sizes must be vigilant in protecting their data and infrastructure from a wide variety of threats, including malware, phishing, and denial-of-service attacks.

While the threat landscape is constantly evolving, there are a few trends that we are seeing in the modern cybersecurity landscape:

•Increased use of AI and automation by attackers.

•A shift from traditional malware to ransomware.

•An increase in sophisticated phishing attacks.

•A rise in targeted attacks against specific industries.

Threat detection solutions can be used to protect against both known and unknown threats, and can be deployed as part of a simple or comprehensive security strategy, since some of their most significant benefits for an SMB or larger enterprise are:

•Quick identification and classification of threats, allowing businesses to respond in real-time and thus reducing the chances of a data breach or other security incidents.

•Advanced analytics to reduce false positives, giving businesses peace of mind that their security systems are working as intended.

•Centralized management, which simplifies identifying and responding to threats across an organization.

Leveraging AI

The market has shifted – I am currently seeing strong demand for the ability to reduce time spent on removing threats. Hence, the advancements being done to pre-analyze data for the operator are a big shift in what the market is trying to achieve.

Kjaersgaard

There are a number of different factors that have contributed to this shift, including the rise of sophisticated cyberattacks, the growing importance of your data security, and the need for your organization to be able to respond quickly to incidents for compliance. As a result, there is an increased demand for threat detection solutions that can provide faster and actually effective responses to threats.

Moreover, one of the most important trends in threat detection is the move toward artificial intelligence (AI). AI-powered solutions are able to quickly identify patterns in data that may indicate a security breach. They can also rapidly respond to threats, often before humans even realize there is an issue.

Another trend is the use of cloud-based solutions. Cloud-based threat detection solutions offer a number of advantages over traditional on-premises solutions, including lower costs, scalability, and easier management – all of them being strong requirements from SMB-sized organizations.

Role of managed services

Finally, many vendors are now offering managed security services that include threat detection as part of a consolidated package. This can be an attractive option for SMBs that don’t have the resources to invest in their own security team or infrastructure. EDR, NDR, XDR and MDR are all great alternatives that SMBs can choose to strengthen their security posture.

For SMBs that want control in their own hands and cannot afford SIEM/SOAR solutions, Heimdal is launching a groundbreaking new technology with our Threat-hunting and Action Center, which will open up a new category in the cybersecurity market and combine four key elements under one unified roof: detection, visualization, threat-hunting, and remediation. These attributes combined with Heimdal’s solutions will enable the tool to serve as a single point of contact for risk management.

Our upcoming product is powered by Heimdal’s XTP (eXtended Threat Protection) engine to provide real-time visibility, rich intel, contextual awareness, and data to identify, protect and react to sophisticated threats, in a very easy-to-use and fast action environment.

SMBs can stay ahead of the curve. The key is effective threat detection, which requires the right tools in place for your specific environment and needs. Thus, you can leverage the latest advances in threat detection and protect your business from a constantly evolving security threats landscape.

About the essayist: Morten Kjaersgaard is CEO of Heimdal Security

Endpoints are where all are the connectivity action is.

Related: Ransomware bombardments

And securing endpoints has once more become mission critical. This was the focal point of presentations at Tanium’s Converge 2022 conference which I had the privilege to attend last week at the Fairmont Austin in the Texas capital.

I had the chance to visit with Peter Constantine, Tanium’s Senior Vice President Product Management. We discussed how companies of all sizes and across all industries today rely on a dramatically scaled-up and increasingly interconnected digital ecosystem.

The attack surface of company networks has expanded exponentially, and fresh security gaps are popping up everywhere.

Guest expert: Peter Constantine, SVP Product Management, Tanium

One fundamental security tenant that must take wider hold is this: companies simply must attain and sustain granular visibility of all of their cyber assets. This is the only way to dial in security in the right measure, to the right assets and at the optimum time.

The technology and data analytics are readily available to accomplish this; and endpoints – specifically servers and user devices – represent a logical starting point.

“We have to make sure that we truly know what and where everything is and take a proactive approach to hardening security controls and reducing the attack surface,” Constantine observes. “And then there is also the need to be able to investigate and respond to the complexities that come up in this world.”

For a full drill down on Tanium’s approach to network security that incorporates granular visibility and real-time management of endpoints please give the accompanying podcast a listen.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

 

Consider what might transpire if malicious hackers began to intensively leverage Artificial Intelligence (AI) to discover and exploit software vulnerabilities systematically?

Related: Bio digital twin can eradicate heart failure

Cyber-attacks would become much more dangerous and much harder to detect. Currently, human hackers often discover security holes by chance; AI could make their hacking tools faster and the success of their tactics and techniques much more systematic.

Our cybersecurity tools at present are not prepared to handle AI-infused hacking, should targeted network attacks advance in this way. AI can help attackers make their attack code even stealthier than it is today.

Attackers, for obvious reasons, typically seek system access control. One fundamental way they attain access control is by stealthily stealing crypto-keys. Hackers could increasingly leverage AI to make their attack code even more  undetectable on computers – and this will advance their capacity to attain deep, permanent access control of critical systems.

If AI-infused hacking gains traction, breaches will happen ever more quickly and automatically; the attack code will be designed to adapt to any version of an OS, CPU or computing device. And this would be a huge game-changer – tilting the advantage to the adversaries in command of such an AI hacking tool.

Wittkotter

This scenario is nearer than we might think or expect. Consider the approach to AI taken by the software firm DeepMind; their system turns technical problems into rules for games — and can deliver extraordinary results even if their developers are non-expert in the underlying problems.

We assume we are okay or safe if responsible humans are in the loop, i.e., switch things off or press a button. But every button/switch is linked to software; and advances like those made by DeepMind can be adopted to malicious purposes, such as to continually make unauthorized modifications at the access control level.

Cybersecurity must become better prepared to defend against super-hackers, master-thieves of crypto-keys and digital ghosts who are driving in this direction. Here are three fundamental practices that I believe need to become engrained:

Never commingle security code and regular code. We must make every change or manipulation of anything security-related detectable. Security operations should be separate from the main operating system and CPU. This independence makes attacks on security easier to detect.

Hashcodes need to be registered. Hashcodes are unique values linked to software that can be associated with the manufacturer. Registering — and thus whitelisting hashcodes – will reduce and eventually eliminates unauthorized code from circulating.

Protect crypto-keys. Crypto keys processed in main CPUs, as well as the public keys in PKI, should always be referred to via their registered hashcodes; and they should never be stored in clear text. In short, crypto-keys must be extremely well-guarded and processed on separate, independent security systems.

I’d argue that these practices make good, common sense; they are practices that make code changes updateable and deployable, so device owners remain in control. Unauthorized access control needs to become next to impossible.

To get there, cybersecurity must become much more proactive and incorporate more fundamental preventative elements. Once we create overkill in our security measures, in a way that goes unnoticed by regular users, we’ll achieve effective countermeasures to global cyber-threats

About the essayist: Erland Wittkotter is an inventor and technology architect. He is the founder of No-Go-* —  a grassroots developer community focused on the promise to make our digital life much safer.

Here’s a frustrating reality about securing an enterprise network: the more closely you inspect network traffic, the more it deteriorates the user experience.

Related: Taking a risk-assessment approach to vulnerabilities

Slow down application performance a little, and you’ve got frustrated users. Slow it down a lot, and most likely, whichever knob you just turned gets quickly turned back again—potentially leaving your business exposed.

It’s a delicate balance. But there’s something you can do to get better at striking it: build that balance into your network testing and policy management.

Navigating threats

Why do so many businesses struggle to balance network security and user experience? Because recent trends create new challenges on both sides of the equation. Trends like:

More distributed users and applications. Even before COVID, enterprises saw huge increases in people working outside the traditional corporate firewall. Today, users could be working anywhere, accessing applications and data from any number of potential vulnerable public and private clouds. It adds up to a much larger potential attack surface.

•More dynamic environments. Security has always been a moving target, with new threat vectors emerging all the time. Today though, the enterprise network itself changes just as frequently. With software-defined networks, shifting cloud infrastructures, and continuous integration/continuous delivery (CI/CD) pipelines, the network you have today might look very different tomorrow.

•Pervasive encryption: Most application and Internet traffic is now encrypted by default, making it much harder to secure the network from malicious traffic. Inspecting encrypted traffic adds significant latency—sometimes cutting application performance literally in half. If you don’t have much higher-performing security controls than you’ve used in the past, your latency-sensitive applications can become effectively unusable.

These are big challenges, and most organizations are still searching for answers. For example, half of enterprise firewalls capable of inspecting encrypted traffic don’t have that feature turned on due to performance concerns. You might preserve user Quality of Experience (QoE) that way, but you’re leaving your business vulnerable.

A smarter approach

Jeyaretnam

The constant push and pull between security and performance isn’t an anomaly. It’s baked into network threat defense, and no miracle tool is coming that will make the problem go away. But that doesn’t mean you can’t do something about it. In fact, the smartest thing to can do is just acknowledge it will always be a problem—and adapt your change management processes to reflect that. You do that via synthetic testing.

Using modern emulation assessment tools, you can deploy test agents at strategic points in your environment (within the on-premises network, in public and private clouds, at branch offices, and more) to simulate the network topology. You can then inject emulated traffic to test the performance limits of your network devices, web applications, and media services with all security controls engaged.

With this approach, you can establish a baseline for application performance on the network and ensure that user QoE remains good, even with network threat controls fully engaged. You can identify the right mix and size of security solutions to deploy and validate that you’re getting what you paid for. Then—and this is the key—you can proactively verify performance and security against the established baseline every time something changes in the network.

Balancing security and QoE

This approach is already widely used by organizations that can’t tolerate performance problems, such as service providers and financial enterprises in areas like high-speed trading. Given the steady growth of cyberthreats, encryption, and distributed users and applications, enterprises in every industry should be following their lead.

If you’re ready to implement continuous testing, here are four principles to keep in mind:

•Look beyond vendor data sheets. Enterprises often devote significant effort evaluating network security solutions prior to implementation, but surprisingly little to validating their performance once deployed. That’s a good way to get surprised. In too many cases, network and security organizations don’t even realize they have a performance problem until users start complaining.

•Emulate your unique environment. Even when a security vendor’s reported specs reflect reality, they’re based on ideal conditions—not your network. As you design your test scenarios, make sure you’re emulating the real-world production environment, with all applications and security controls configured as they will be for real users. You can then drill down into exactly what throughput looks like, what latencies different network applications are experiencing, and verify that you’re supporting your business practice.

•Think like an attacker. Along those lines, to validate security efficacy, make sure you’re testing against a realistic set of threat vectors that you’re looking to protect against. Keep in mind, attackers won’t just send basic threats; they’ll use evasions and obfuscations to try to hide what they’re doing. Your network security simulations should do the same.

•Test and test again. The most important step you can take to balance network security and performance: adopt a posture of continuous assessment. Start by identifying your baseline—what the environment looks like when everything is working as it should, when the security controls that matter to your business are active, and your users have good  quality of experience, QoE. Then, test against that baseline every time something changes.

Whether it’s a new network security solution, a software upgrade, a policy or configuration update, or any other change, you should immediately measure the effects of that change on user experience. You can now identify problems right away—before your users. And, since you’re measuring performance from multiple points across your environment, you can quickly zero in on their cause.

By taking these steps, you may not permanently solve the problem of balancing network security and performance. But you’ve solved it for today—and you’ve put the tools and procedures in place to keep solving it in the future.

About the essayist: Sashi Jeyaretnam is Senior Director of Product Management for Security Solutions, at Spirent,  a British multinational telecommunications testing company headquartered in Crawley, West Sussex, in the United Kingdom.

Humans are rather easily duped. And this is the fundamental reason phishing persists as a predominant cybercriminal activity.

Related: How MSSPs help secure business networks

Tricking someone into clicking to a faked landing page and typing in their personal information has become an ingrained pitfall of digital commerce.

The deleterious impact on large enterprises and small businesses alike has been – and continues to be — profound. A recent survey of 250 IT and security professionals conducted by Osterman Research for Ironscales bears this out.

The poll found that security teams are spending one-third of their time handling phishing threats every week. The battle has sprawled out beyond email; phishing ruses are increasingly getting seeded via messaging apps, cloud-based file sharing platforms and text messaging services.

Guest expert: Ian Thomas, VP of Product Marketing, Ironscales

Some 80 percent of organizations reported that phishing attacks have  worsened or remained the same over the past 12 months, with detection avoidance mechanisms getting ever more sophisticated.

I had the chance to visit with Ian Thomas, vice president of product marketing at  Ironscales, an Atlanta-based email security company.

We discussed advances in cybersecurity training that combine timely content and targeted training to combat the latest phishing campaigns. For a full drill down, please give the accompanying podcast a listen.

Timely, effective security training of all employees clearly must continue to be part of the regimen of defending modern business networks, even more so as cloud migration accelerates. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

 

Employee security awareness is the most important defense against data breaches.

Related: Leveraging security standards to protect your company

It involves regularly changing passwords and inventorying sensitive data. Cybercriminals view employees as a path of least resistance. As such, you should limit the amount of information that employees have access to.

There are several ways you can protect your business from data breaches.

Create security awareness for employees. One of the most important ways to protect against data breaches is to increase employee security awareness. Employees are the first line of defense against cybercrime and should understand how to recognize phishing emails and what to do if they suspect them. With proper training, employees can prevent these attacks before they happen.

While the protection of the company’s assets can never be completely guaranteed, security awareness training should be a top priority for business owners. Without it, a business is vulnerable to a variety of risks, including financial loss, damage to intellectual property, and brand reputation. In addition, educating employees about cybersecurity issues can help to reinforce the security-minded culture of the organization and change employee behaviour.

Provide frequent training about the risks of cyberattacks. One of the best ways to increase employee security awareness is to provide frequent training and communication about the risks of phishing and other cyberattacks. This training should be short and concise and provide guidance on identifying security risks.

Additionally, employees should receive guidance on how to report suspicious activity and confront strangers in secure areas. After a few months, organizations should evaluate the security awareness training to make sure that it is still relevant and effective.

Shafiq

Cybercriminals are constantly searching for ways to gain access to an organization. As a result, they seek to exploit the weakest link. This can include phishing emails that contain malicious links that infect an organization’s network or steal its database login credentials. Training employees is a crucial part of fighting back against this kind of attack and can complement other technological security solutions.

•Change passwords regularly. One of the most overlooked ways to protect your business from data breaches is changing passwords on a regular basis. Many people have their original passwords from college, and they never update them. This can be risky. It can also leave your company vulnerable to disgruntled employees. That’s why it’s essential to change passwords regularly and change them after every staff change.

Passwords are easy to steal, and hackers can use them in just a few seconds. If you’re not changing passwords regularly, you’re inviting hackers and cybercriminals to steal your company’s sensitive data. Changing passwords regularly will make the lives of cyberbullies much harder. It also ensures that your account credentials won’t be used for as long. The best practice is to change passwords every 90 days. You can even use password managers to automatically create strong passwords for you.

In addition to changing passwords, you should also change passwords when entering sensitive information on public computers.

The best passwords are those that are difficult to guess. A common problem is that people tend to use the same password for too long. If you want to be completely safe, use passwords that are hard to guess and don’t use passwords you don’t know.

Inventory your sensitive data. Inventorying sensitive data is a crucial process in protecting your business from data breaches. It helps you determine gaps in security and prioritize your efforts. Data discovery technologies can scan data stores and label sensitive and regulated data by purpose and type. By doing so, you can better protect sensitive data and improve security. This process also helps you determine the amount of data you have in your possession.

Sensitive data may be stored on different media, including discs, tapes, mobile devices, or websites. Every potential source should be considered when creating an inventory. Make sure to involve each department in the process. This includes accounting, sales, and other teams. You should also include third-party service providers, like call centres and contractors.

Data inventory also makes your data searchable. Often, it is the first time a company has a common definition of data. If teams have different naming conventions, data inventory can be a confusing process. Make sure to use common, understandable labels and data value tags for your data.

•Use a corporate VPN. Encrypting data on corporate devices can prevent hackers from accessing sensitive information. The best way to protect data in this way is to set up a corporate VPN (a virtual private network). VPNs allow employees to connect to the internet securely while hiding the company’s IP address. This method is particularly important for employees working remotely and in public places.

Identifying sensitive data is an essential part of effective information security. You must understand how sensitive data is moved and who has access to it. The Federal Trade Commission recommends that organizations put sensitive data in inventory stored on storage devices and add the devices of employees who work from home. By identifying these locations, you can easily determine security vulnerabilities.

About the essayist: Idrees Shafiq  is a Research Analyst at AstrillVPN with diverse experience in the field of data protection, and cyber security, particularly internet security.