Make cybersecurity a business issue, not an IT challenge

| November 3, 2016

article image
Many organisations tend to see security as a technology issue rather than a business issue and, as a result, the right questions are often not asked about resilient cybersecurity defences. To effectively manage risk means having the right governance in place, with effective supporting processes and the right enabling technology. It should never start with the technology. The common misconception is that an organisation will be safe if it invests in the best of class technology or increasingly a broader platform. While it’s important for any business to integrate security technology into its IT architecture, it will only be effective if the end users understand their own responsibilities to keep their systems safe. And that’s more about changing the culture of the organisation and educating employees than spending money on another tool. This is evidenced by research from Aberdeen Group, which estimates that 65% of all data loss is down to human error.

Spotlight

Security PS

Security PS is an information security consulting firm that helps businesses take on security challenges with confidence by addressing both immediate and long term needs. Our vendor independence, depth of experience, and commitment to proven best practices are leveraged on every engagement to bring the greatest value to our client's initiatives. Our services range from strategic to tactical, including: information security management program development, compliance, comprehensive security assessments, penetration testing, secure SDLC services, training, and more.

OTHER ARTICLES

A Closer Look at the Microsoft Exchange Server Cyberattacks

Article | May 13, 2021

We recently posted an article that highlighted the high-profile Microsoft Exchange hack that impacted hundreds of thousands of organizations across the globe. (This article offered some recommendations on how this could have been avoided as well as a special three-month offer to help any company who may have been affected.) Since this cyber attack, even more details are emerging. For example, the White House recently urged victims to quickly patch applications and systems and pushed for them to do it as quickly as possible. One senior administration official emphasized that the window to update these systems could be measured in hours, not even days.

Read More

What is Ransomware and What You Need to Know to Stay Safe?

Article | March 5, 2020

While there may be more than 1 billion pieces of malware prowling the internet for a chance to infect victims, one particular piece of nastiness has been inflicting financial losses and security headaches for years.Known as ransomware, its sole purpose is to block access to computer systems or files until the victim pays a ransom. These ransom demands fluctuate wildly, from the equivalent of a couple of hundred dollars to several hundred thousand. In the simplest terms, ransomware is a piece of malicious software that prevents users from using their devices or accessing their personal or important files, unless a sum of money is paid. Payment is usually demanded in cryptocurrency, such as Monero or Bitcoin. Victims are told to purchase these digital assets and then transfer them to the attackers.

Read More

Webroot: Widespread Lack of Cybersecurity Best Practices

Article | April 7, 2020

A new list of most and least cyber secure U.S. states shows a disturbing lack of cybersecurity best practices. According to Webroot‘s fourth annual ranking, New York, California, Texas, Alabama and Arkansas are the least cyber secure states in the country, while Nebraska, New Hampshire, Wyoming, Oregon and New Jersey are the most cyber secure. Tyler Moffitt, Webroot security analyst, tells us none of the states had an average score greater than 67%. Also, there is very little difference between the most secure and least secure states, he said. No state scored a “C” grade or higher. That underlines a lack of cybersecurity education and hygiene nationally. However, the most cyber secure state (Nebraska at 67%) did score substantially better than the least (New York at 52%). This score was calculated through a variety of action- and knowledge-based variables, including residents’ use of antivirus software, use of personal devices for work, use of default security settings, use of encrypted data backups, password sharing and reuse, social media account privacy, and understanding of key cybersecurity concepts like malware and phishing,” Moffitt said.

Read More

Wormable, Unpatched Microsoft Bug Threatens Corporate LANs

Article | March 11, 2020

Microsoft is warning on a wormable, unpatched remote code-execution vulnerability in the Microsoft Server Message Block protocol – the same protocol that was targeted by the infamous WannaCry ransomware in 2017.The critical bug (CVE-2020-0796) affects Windows 10 and Windows Server 2019, and was not included in Microsoft’s Patch Tuesday release this week. The bug can be found in version 3.1.1 of Microsoft’s SMB file-sharing system. SMB allows multiple clients to access shared folders and can provide a rich playground for malware when it comes to lateral movement and client-to-client infection. This was played out in version 1 of SMB back in 2017, when the WannaCry ransomware used the NSA-developed EternalBlue SMB exploit to self-propagate rapidly around the world.

Read More

Spotlight

Security PS

Security PS is an information security consulting firm that helps businesses take on security challenges with confidence by addressing both immediate and long term needs. Our vendor independence, depth of experience, and commitment to proven best practices are leveraged on every engagement to bring the greatest value to our client's initiatives. Our services range from strategic to tactical, including: information security management program development, compliance, comprehensive security assessments, penetration testing, secure SDLC services, training, and more.

Events