Connect with us

Cyber Security

COVID isn’t the only virus employees could be bringing back into the office

As harmless as a computer may seem, companies should be putting in the same effort into protecting their network’s health as they are that of their workers.

Published

on

A virus may be the biggest threat to in-person office reopenings, in more ways than one.

After more than a year of remote work from makeshift home offices, employees are finally physically returning to their desks, along with the personal devices they’ve been depending on in the absence of their work-issued desktops and laptops. And as harmless as a computer may seem, companies should be putting in the same effort into protecting their network’s health as they are that of their workers.

“Organizations need to know what types of [devices] are accessing their core applications and make sure that whatever they are, they’re truly secure,” says Bert Kashyap, co-founder and CEO of cybersecurity firm SecureW2. “Apps don’t discriminate — when you go into your Gmail account from your work laptop versus your personal laptop, it still lets you in.”

Read More: How to protect your organization from internal and external threats to cybersecurity

Over half of IT leaders believe that employees have picked up bad cybersecurity habits over the pandemic, according to a survey by software company, Tessian — and with 40% of employees planning on bringing their personal computers into the office, IT decision makers are getting increasingly more worried remote workers will also bring infected devices and malware.

Unlike company-issued computers — which normally come fully equipped with top of the line data loss and intrusion prevention and detection software, as well as various types of malware detection systems as per corporate policy — personal devices don’t always have the same safety net.

The challenge for companies will be implementing the right kind of checks and balances for personal devices, according to Kashyap. That needs to happen before employees connect to the network and are granted access to sensitive information.

“Ideally an employee [could use] their personal device,” Kashyap says. “But the corporation would have a chance to determine what their level of threat is and set some policies centrally and make sure those policies are enforced.”

Read More: Everyday tech — even printers — needs cybersecurity protection

Without these precautions, companies will be left vulnerable to cybersecurity breaches that can — and will — spread to other systems once the compromised device connects to the shared network, Kashyap warns.

The majority of IT leaders believe that ransomware attacks — which are viruses that demand payment to re-release the information that was hacked — and targeted phishing emails will be a greater concern in a hybrid workplace, according to Tessian. That’s due, in part, to the fact that one in three workers think they can get away with riskier security behavior from their personal devices and 27% of workers are afraid to tell IT when they’ve made a security mistake.

Not only are cybersecurity breaches expensive to fix — the average cost of a malware attack for a company is over $2.5 million, according to cybersecurity testing platform company Cobalt — their damage is expansive, extending to critical employee benefit information such as HIPAA applications.

Read More: Data breaches are putting client data at risk. Here’s what advisers can do

Addressing cybersecurity protection is best done in a layered approach, according to Kashyap. First companies should decide what information can be accessed by personal devices and what information should only ever be accessed by a controlled, work-issued device. Companies can then begin implementing other levels of precautions such as user identity trusts — which refers to means for employees to identify themselves when logging into a server — and device trusts, which is a means for the device itself to be deemed trustworthy and secure.

“We’ve seen a lot of substantive growth in the cybersecurity space,” Kashyap says. “Already large enterprises are doing substantial amounts of [prevention] — organizations that I never would have thought would have implemented these things just three years ago.”

Source: https://www.benefitnews.com/news/cybersecurity-protection-should-be-critical-to-office-reopening-strategies-post-covid

Cyber Security

October is National Cybersecurity Awareness Month

October is National Cybersecurity Awareness Month and the Office of Information Technology (OIT) is reminding faculty, staff and students that they hold many of the essential keys to lock criminals out of individual and SIU systems and accounts.

Published

on

October 14, 2021

October is National Cybersecurity Awareness Month and the Office of Information Technology (OIT) is reminding faculty, staff and students that they hold many of the essential keys to lock criminals out of individual and SIU systems and accounts.

In the first of a two-part installment, the OIT is sharing what is at risk. A second article will explain what people can do to enhance their cybersecurity efforts and prevent criminal activity. Later in October, the OIT will also offer a cybersecurity challenge designed to elevate awareness and keep the campus cyber-safe.

The OIT wants to remind the campus community that everyone plays a role in maintaining cybersecurity. Sensitive information and device access is extremely valuable, and cybercriminals are smart! Almost every electronic device you use, whether University-owned or personal, is vulnerable to cyberattack. Computers, tablets, phones, gaming devices and smart electronics like printers, smart TVs, and even thermostats can be exploited by cybercriminals. A single mistake can cost you, others, and/or the University much more than time or money; a single breach can destroy the trust earned over decades.

What is at risk?

The OIT typically focuses efforts on cybersecurity awareness and prevention: how to spot suspicious activity and what to do. It is also important that everyone knows what can happen from a single mistake.

If someone unintentionally provides “sensitive information” such as a username and password, a Social Security number, account numbers, or the sensitive data belonging to other people, the door opens for cybercriminals. Similarly, if just one individual clicks on a malicious link or opens an infected attachment cybercriminals may then have access to any data on the machine, use of the machine for additional criminal activity, and/or control over the device’s audio and video capabilities for spying or voyeuristic activity.

Once a skilled cyber-criminal has sensitive data or access to a device, they can:

  • Lock down the device or encrypt data and hold it hostage for ransom (known as Ransomware).
  • Open and use accounts in an individual’s or institution’s name.
  • Access current accounts to steal data, information, or money.
  • Connect to thousands of other computers to create illicit networks.
  • Spy and record audio and/or video in the area where a device is located.
  • Track every keystroke or website visited.
  • Store and sell illegal information, photographs, music, software and video.
  • Send countless scam, spam and phishing emails to other people.
  • Use individual or institutional identities for illegal gain.
  • Destroy reputations intentionally or through the fallout associated with a cyberattack.

These risks may seem distant, but they are very close and very real. Any device that connects to a network or extracts information from a portable media source – a thumb drive, portable hard-drive, or CD – is vulnerable.

Here is a helpful, graphic summary of cyber risks. For additional information or for help with a cybersecurity issue, contact SIU’s cybersecurity team at security@siu.edu or visit the SIU Information Security website at https://oit.siu.edu/infosecurity/.

What is at risk?

Source: https://news.siu.edu/2021/10/101421-October-is-National-Cybersecurity-Awareness-Month.php

Continue Reading

Cyber Security

Free Cloud Trial

Free Cloud Trial The Securonix platform is available as a completely online Securonix as a Service (SaaS) offering, with the same benefits as Securonix UEBA and Securonix Next-Gen SIEM. The cloud-based service enables you to leverage your data and Securonix security analytics without the need to purchase, deploy or manage any infrastructure components. The benefits…

Published

on


The Securonix platform is available as a completely online Securonix as a Service (SaaS) offering, with the same benefits as Securonix UEBA and Securonix Next-Gen SIEM. The cloud-based service enables you to leverage your data and Securonix security analytics without the need to purchase, deploy or manage any infrastructure components.

The benefits of SaaS include:

  • Instant SOC Deployment

    Get up and running with the core components of your own Security Operations Center virtually instantly.

  • Cost Effectiveness

    Without the need to deploy your infrastructure stack, you operate at the lowest cost efficiency possible.

  • Scalability

    You can use as much or as little storage and analytics processing as is necessary for your organization, and expand as you grow with the click of a button.

  • Complete Security

    Your data is secure. Rest assured that Securonix stores information with the highest security protocols.

Source: https://duckduckgo.com/y.js?ad_provider=bingv7aa&eddgt=itHzKa_R3FH1EtkvLN4zgg%3D%3D&rut=8493512127c9749789f10c9bbe11ce03e8f5d99fee8c2f7ef7e2d9e939f6abf6&u3=https:%2F%2Fwww.bing.com%2Faclick%3Fld%3De8O5uZA29xe9r5AiozlxoNTjVUCUzzUTlOPg1jr3zrxdKklvBpkTEL-25hJiR2I7WPw6kQ87KTqCMaX4nEAn57vE79VYTUeetuDzobV3RiOOLviHSz1Au17xO7-m-s9Hw3xRXyliLq3GC6hwUWR_l-Deyj6bfxz0IezLf0xBUKLsYYWoiSLoLkshQL1lKOfHHNlCnEDCbz3tqj1KZqXrfZY00Y0Q6o8XBOmYqCKb5LvpaVwAUVQWHajm3Am0jSuTPr1rkoO29kRyfYRsjm9rJu1QSRhC4Vb_5XihVXp0ioJKziQRNNwkDSVCnq-UsCU62PuWHDhcc5A4CfdV5yw7oE6GPH0qxCG6AJrg2elhL4KKY2eR2sdGPQDzAcIK04I_KgxULYmyj3csBXeDC-YYcSINcw9ub5fmtFUyiSispsGTKceDwR2lxE4tirMcJmnys063wjJtfya1YYGk_ZuasG1kno-tsFfaiGa7sNwh3XEQJZq_kstQfp-Zui_pPb-2S4JTjga_FeJpqa4dmcddRZ6kSU1nt8OJrYZMNh_W5LnhSMe075czLZTgJCcFI-tnVaDxlkAYm9kTnfl7gB7LwffpS9acvWJQVuuUcEtqNfyoI6k7gEfdxdeGnauQ6cSY04DQF0sRJZr2GGeUPVqUGZKQiVWuH2Fz4C3lTrssE-vwzY9e5G4MVUs4UoMKtRXXlUEs1aQPRzbQDVmNVuCorm2jdEQIgYPZOhxULPMW4ZkNtxHHguxaUcawi4jUS-vcxFJssfDA%26u%3DaHR0cHMlM2ElMmYlMmZ3d3cuc2VjdXJvbml4LmNvbSUyZmZyZWUtY2xvdWQtdHJpYWwlMmYlM2Ztc2Nsa2lkJTNkZjg0ZDZmZTAzNjIyMWI4MjY5M2MwZWI2ZTM4NTliYmM%26rlid%3Df84d6fe036221b82693c0eb6e3859bbc&vqd=3-14078054627930388435070795111506886909-103915915486924297021438552878520208642&iurl={1}IG%3DFF0AE46114E4481A959E03189F37A2A8%26CID%3D1BE4FC3A5EDC6A9A27DDECF95F776BF2%26ID%3DDevEx%2C5629.1

Continue Reading

Cyber Security

Russia arrests leading cybersecurity exec on treason charges

Russian authorities have arrested an executive of a top cybersecurity company on the charges of high treason, a move that has sent shock waves through Russia’s business community. A court in Moscow on Wednesday announced a ruling to place Ilya Sachkov, founder and CEO of the Group-IB, one of the leading cybersecurity companies in Russia, in custody for two months pending investigation and trial. The court didn’t offer any details about the case against the executive as the case files have been classified, the Interfax news agency reported — as is typical with treason cases in Russia.

Published

on

MOSCOW (AP) — Russian authorities have arrested an executive of a top cybersecurity company on the charges of high treason, a move that has sent shock waves through Russia’s business community.

A court in Moscow on Wednesday announced a ruling to place Ilya Sachkov, founder and CEO of the Group-IB, one of the leading cybersecurity companies in Russia, in custody for two months pending investigation and trial.

The court didn’t offer any details about the case against the executive as the case files have been classified, the Interfax news agency reported — as is typical with treason cases in Russia.

According to Russian media reports, Sachkov was arrested on Tuesday morning and the law enforcement raided the offices of Group-IB in Moscow. The company on Wednesday confirmed that the raid took place.

In a statement Wednesday, Group-IB said the company’s employees were “sure” of their boss’s innocence and “honest business reputation.” The company refused to comment on the accusations against Sachkov or details of the case, citing ongoing legal proceedings.

Russia’s state news agency Tass reported, citing anonymous sources, that Sachkov also insisted on his innocence. The agency’s source alleged that Sachkov “worked for foreign intelligence services and passed on cybersecurity data that constitutes a state secret.”

Sachkov’s arrest on treason charges surprised many. Russia’s business ombudsman Boris Titov demanded that investigators “explain themselves,” “given the caliber and the uniqueness of entrepreneur Sachkov for Russia’s entire IT industry.”

If the authorities don’t explain their case against Sachkov, “a critical blow will be delivered to the sector and its investment appeal,” Titov said.

Kremlin spokesman Dmitry Peskov argued Wednesday that Sachkov’s case “has nothing to do with (Russia’s) business or investment climate,” because “accusations (against him) are not connected to the economy, they are connected to treason.”

Group-IB specializes in combating cyberattacks, online fraud and investigating high-tech cyber crimes. Top Russian banks and companies, including state-run ones, are among the company’s clients.

Group-IB helped Russian authorities investigate cyberfraud cases and is also said to be an official partner of the Interpol and Europol.

According to Russian media reports, Sachkov was arrested on Tuesday morning and the law enforcement raided the offices of Group-IB in Moscow. The company on Wednesday confirmed that the raid took place.

Source: https://news.yahoo.com/russia-arrests-leading-cybersecurity-exec-190826276.html

Continue Reading

Trending