Securing IT Infrastructure in today’s corporate environments is extremely critical. There are lurking threats waiting to infest networks and systems with all kinds of major issues leading to massive setbacks for any company. With the possibility of losing millions of dollars and their earned reputation at stake; most companies regardless of size have taken a very serious approach to securing their IT assets. The risk of any exposure to any type of attack clearly outweighs the investments that a company should be making in ensuring that they are secure. Like all other IT implementations, security too is an ongoing process. It cannot start and end...
Most organizations are either familiar with, or have been victimized by, a Business Email Compromise (BEC). A BEC is a type of scam targeting organizations with the goal of leveraging a compromised email account to trick employees and executives into making fraudulent wire transfers. However, it’s not BEC attacks which are predicted to be the largest threat to organizations worldwide over the next 12-18 months, it’s a BEC variant known as Vendor Email Compromise (VEC).  The US Treasury department estimates BEC attacks already cost US firms $300 million a month.
If you talk to any security expert about securing online accounts, the first thing they will tell you is “enable 2FA.” However if you start looking at the number of accounts where Two-Factor Authentication is purposely turned off or opted out of, you will be surprised at how high the number is. The reason for this is because most end users consider 2FA to be a nuisance, and don’t see the need for it when it comes to securing their accounts.
I was meeting with a company the other day, and security was naturally brought up. In their opinion, they felt that they had a good handle on security and their overall network — they perform security awareness training, they have a SIEM solution, they have AD monitoring and firewall monitoring, and a plethora of other items that would keep their business safe. Digging in deeper I started asking about what types of incidents they got notified for, and how do they get notified? That was when I realized that they were trying to do everything correctly, but they didn’t actually have the manpower to do everything they wanted.
Most people in the United States think of Halloween when they think of the month of October. As we begin October 2019 you should also think of Cybersecurity Awareness Month and training yourself to check your emails as closely as the parents do the candy that is brought home on Halloween evening.
Normally I talk about how to setup your work network to be more secure. Today, I want to talk about your personal security. Not physical security, but virtual security. Most people do not want to tinker with their home network. I don’t blame you, neither do I. I just want my home network to work… mostly because if it breaks, then all the kids will come running wondering why the sky is falling.
But for personal technology, there are some practical steps that will help make you more secure.
While I’m sure we can learn something, I think we can all agree defense is boring. The same is true for security. Your defensive security, that blocked someone from potentially getting into your network, is a lot less impressive than saying you hacked NASA.
But to win the Super Bowl the Patriots defense needed to be one step ahead. Yes, Tom Brady is who everyone talks about, but if the defense hadn’t done their job, they would not have won the game.
So, I’m going to spend the rest of this time talking defense. The unsung heroes.
While I am not a big fan of the “Top 10” things that we expect to see next year, I do think looking forward with a security focus is a good endeavor. While this time of year is always full of next year’s predictions, you really should be looking at the next six months every month. That way things won’t surprise you. But without further ado, here are my predictions for next year.
It was 2:30am one weekday night when my smoke alarms started going off at home. They are all connected together, so the whole house was a nice alarm bell. It was a weird fall night when it was warm outside and very foggy. We have had a lot of work done in the house, and I assumed it was a malfunction because of the dust that had been kicked up and the humidity outside. I disconnected the alarm that started this noise and got the family back into bed.
Are you aware that October is National Cybersecurity Awareness month? With the day to day security headlines year-round you may be thinking to yourself “I am sick of hearing about security”. As we come to the end of the month, bear with me for just a second as I let you in on a little security gem. While there are many different security solutions that exist, some cheap and many expensive, yet arguably one of the most important ones is free. It is a phrase coined by the National Cybersecurity Alliance, “When in Doubt, Throw It Out”. When at home or work, if you receive a piece of physical junk mail that that claims you have one a free trip to the Moon, what do you do? Most likely, you throw it out in the trash as you know it is not true.