Tag Archives: cyber threat technology

Are Employees the Weak Link in Company Cyber Security?

Are your employees leaving the door open for cyber attacks? Here’s how to help them reduce the cyber security threat.

employees weak link

Employees are a significant risk to their employer’s cyber security according to research by specialist global executive search and interim management company Norrie Johnston Recruitment (NJR).

The research forms part of NJR’s cyber security report, ‘How real is the threat and how can you reduce your risk‘. The report shows that:

  • 23 per cent of employees use the same password for different work applications.
  • 17 per cent write down their passwords.
  • 16 per cent work while connected to public Wi-Fi networks.
  • 15 per cent access social media sites on their work PCs.

Such bad habits and a lack of awareness about security mean that employees are inadvertently leaving companies’ cyber doors wide open to attack.

This research is supported by a report which incorporates the advice from fifteen experts in the field. In it, Benny Czarny, Founder of OPSWAT, discusses the top tips to avoid massive data breaches.

With Sony recently setting aside $15M to investigate the reasons for, and remediate the damage caused by, last year’s data breach, many of our customers—from large enterprises to small business—are wondering what they need to do to make sure they aren’t the next big data breach headline.

The good news is that most data breaches can be prevented by taking a common sense approach, coupled with some key IT security adjustments.

1. Employees’ security training is an absolute necessity. 

I cannot emphasise this point enough, as your network is only as safe as your most gullible employee. Even the most sophisticated security systems can be compromised by human error. The Sony breach started with phishing attacks.

And people still also use USB devices from unknown sources, which is allegedly how the Stuxnet worm was delivered.

2. Access to executable files should be limited to those who need them to complete their duties. 

Many threats are borne via self-extracting files. Therefore, limiting the number of employees who are allowed to receive this file type limits your exposure.

Your IT department absolutely needs the ability to work with executable files. Bob in accounting? Not so much!

3. MS Office documents and PDFs are common attack vectors. 

Vulnerabilities are identified in MS Office and Adobe Reader on a regular basis. While patches are typically released very quickly, if the patches are not applied in a timely fashion the vulnerability can still be exploited.

As an everyday precaution, document sanitisation is recommended to remove embedded threats in documents.

4. Data workflow audits are essential. 

Data can enter your organisation through many different points – email, FTP, external memory device, etc. Identifying your organisation’s entry points and taking steps to secure them is a critical step in avoiding data breaches.

At a minimum, scanning incoming and outgoing email attachments for viruses and threats, and implementing a secure file transfer solution, should be considered.

5. Store sensitive data in separate locations. 

Simple data segregation could have mitigated the impact of the Sony breach. The hack exposed both internal communications and unreleased video files.

Had the videos and emails been stored on two separate systems some of the damages may have been prevented.

6. Internal and external penetration tests are critical. 

Internal testing is a valuable tool, but hiring an outside party to attempt to breach your network will identify security holes your team may have missed.

7. Keep your security architecture confidential. 

You may be excited about your innovative networking solution or new cloud-based storage system, but think twice about making any of that information public!

8. Remember that traffic generated internally to your security system may still be suspect. 

For example, the Sony malware connected to an internal security system to impersonate legitimate traffic to disguise its malicious nature.

9. Multilayer defence is needed. 

I like to describe defence in depth by comparing it to the defence systems you might see at a castle. It could be defended by a large stone wall, followed by a deep moat, followed by a draw-bridge, followed by an iron gate, etc.

A single layer of defence is not sufficient for your data. It must be protected by multiple systems working in parallel. That way if one layer is breached your data is not exposed.

10. Finding your weakest security link is your top priority. 

Every office has one, and it will vary wildly from organisation to organisation. It might be the employee with their passwords taped to their monitor. It might be the deprecated Linux server everyone seems to have forgotten about.

You might not be looking for those weak links, but rest assured that cyber attackers are. The question is: Who will find them first?”

To read more useful and practical insights into topics including how to assess the scale of your risk level and managing the immediate aftermath of a security breach, download the full report.

Gotta Catch Them All! But Is Pokémon Go a Cyber Crime Target?

Pokémon Go is the new craze sweeping the world. It’s just a game, but how does it relate to real-life laws? And could it really be a target for cyber criminals?

Pokémon Go

Last week, Nintendo launched its new ‘augmented reality’ game, Pokémon Go, across the world. Nintendo spread the launch dates out, with the USA, Australia and New Zealand first, and Europe and other parts of Asia launches in the following days.

For the uninitiated (and you’ll be hard pushed to be one of those with the blanket media coverage), the game blends digital characters from the successful Pokémon franchise, with GPS and location based technologies on smart phones.

Global Craze…and Growing

Within 24 hours of its US release last Tuesday, Pokémon Go had already overtaken its competition to be the biggest game of 2016. It moved to number 1 on App Store, and after 3 days had become the biggest mobile game in US history.

The game surpassed Twitter in terms of daily active users, and Facebook in terms of user engagement on its app. It’s also estimated that it may overtake Google Maps as the largest user of Alphabet’s mapping data.

The incredible growth has also helped Nintendo’s market value jump. It marks the end of a difficult period for Nintendo, who’s market value has been in decline since October 2015.

Nintendo’s market value increase by 10 per cent when the game went viral in the first week of July, with a further 25 per cent added by last Tuesday. This equates to nearly $9 billion added to the market value in less than a week.

Safety First!

The new craze has not been without its hiccups, however. In addition to people walking into walls and falling down holes while glued to their phones, there have also been reports of muggings and armed robbery facilitated by the game’s geolocation software.

Police in Australia have also issued a couple of public announcements in light of these incidents. They have asked the public to be aware of their surroundings while hunting Pokémon, that they shouldn’t use the app while driving, and that “I was collecting Pokémon” is not a defence for trespassing.

The final point brings into focus the issue of how augmented reality games will cope with country laws. As users are collecting characters in the real-world, the potential for trespass grows.

How this will be handled by businesses (some of whom are taking advantage of the craze) and locations (like Arlington National Cemetery) in the future will be interesting to see.

Pokémon Go a Cyber Target?

A number of experts have also argued that Nintendo’s launch could leave some users potentially vulnerable to cyber criminals. With a staggered launch, some users may have been tempted to download a version of the app from unverified third-party app stores. This could subsequently leave them vulnerable to malicious apps and malware.

These apps could then allow criminals to access smartphone data, spy on users, or even control phones remotely. Another report by security software company, Trend Micro, highlighted the risk posed by the game to individuals’ data.

Gamers who downloaded Pokémon Go and registered using a gmail account, could inadvertently give third parties access to private data. However, this issue could be mitigated by ensuring the correct privacy settings in the app.

Connected Devices

While the cyber crime risk for Pokémon Go seems fairly low, it may signify the start of a larger issue. The growth of augmented reality games, smartphone technology, and connected devices via the Internet of Things, does pose a cyber security risk.

But what is certain is that as the technology leaps forward, security provisions and investment needs to move forward too.

Have you jumped on the Pokémon Go bandwagon? Do you think talk about cyber crime for these games is realistic? Let us know. 

We’ve dragged ourselves away from virtual creature capture long enough this week to bring you the weekly headlines…

General Motors Deal with Bankrupt Supplier
  • GM’s contract dispute with Clark-Cutler-McDermott Co. (CCM) has forced the parts supplier into bankruptcy protection, with plans to sell its remaining assets.
  • CCM has argued that unprofitable contracts have led them to lose $12 million since 2013.
  • GM will purchase a quantity of critical factory equipment and parts necessary to continue production across their North American factories.
  • The well-publicised dispute in the bankruptcy court has shed light on the uneven power dynamic between car makers and parts suppliers.

Read more at the Wall Street Journal

Retailers Struggling with Reverse Supply Chain
  • Customer returns and product recalls are becoming increasingly common, with the most notable recent event being IKEA’s massive recall of 36 million dressers worldwide.
  • Returns and recalls pose a significant challenge for the retail sector to build a ‘reverse supply chain’.
  • This term can be misleading, as it is not simply the usual supply chain run backwards, but a complex network of transportation and resellers.
  • Retail Industry Leaders Association VP Adam Siegel warns: “You’re not going to succeed if you’re losing money on your reverse supply chain because, inevitably, the reverse supply chain is going to grow.”

Read more at PYMNTS.com

Palm Oil Industry Rife with Human Rights Abuses
  • The palm oil industry has come under further scrutiny for human rights abuses.
  • The Rainforest Action Network (RAN) has released an animated video that highlights the organisation’s largest criticisms of the palm oil industry.
  • The video focuses on the non-compliance of a PepsiCo joint venture and endemic labour abuses in Indonesia. 
  • RAN claims workers at palm oil plantations have been subjected to excessively long work hours for low wages, dangerous exposure to agricultural chemicals, confiscation of passports, and child labour.

Read more at Triple Pundit

IBM Pushes Blockchain in Supply Chain
  • IBM has launched a platform for companies to test “blockchain” record-keeping technology in their supply chains.
  • The service is an attempt to expand the use of blockchain beyond the financial services industry.
  • IBM’s new service lets supply chain customers build and test blockchains using a version of the company’s LinuxOne system.
  • The service is aimed at companies that need to track high-value items through complex supply chains.

Read more at the Wall Street Journal