Practical Guide to IT Security Breach Prevention Part I: Reducing Employee and Application Risks

|

article image
"Did you know 59% of people fail to store their passwords securely? With users connecting to unsecured public networks and running multiple applications from both company and personal devices, sensitive corporate data is more vulnerable than ever before. For your security policies to be effective, they need to bring all devices and applications under IT control and regulate user behavior."

Spotlight

EclecticIQ

EclecticIQ is an applied cyber intelligence technology provider, enabling enterprise security programs and governments to bootstrap a threat intelligence practice. Empowering analysts to take back control of their threat reality and mitigate exposure accordingly. EclecticIQ’s mission is to restore balance in the fight against cyber adversaries. Its flagship product EclecticIQ Threat Intelligence Platform enables operationalization of security information exchange, empowers collaborative analyst workflow and ensures timely integration of cyber threat intelligence detection, prevention and response capabilities. EclecticIQ is a privately held company headquartered in Amsterdam, the Netherlands, and holds an office in London. Awarded the 2015 EU IPACSO Cyber Security Award, the 2016 Deloitte FAST50 Rising Star 'Most Disruptive Innovator' Award, and partner of the NATO NCI Agency Security Incubator.

OTHER ARTICLES

Cybersecurity Must Be Embedded in Every Aspect of Government Technology

Article | March 17, 2020

Cybersecurity has never been more important for every level of our government. The hacking attempts at major federal agencies have raised the profile of nefarious actors who use their highly advanced cyber skills to exploit both security and the vulnerabilities created by human error. Just last month, the Department of Defense confirmed that computer systems controlled by the Defense Information Systems Agency had been hacked, exposing the personal data of about 200,000 people. Additionally, the Department of Justice recently charged four members of the Chinese military for their roles in the 2017 Equifax breach that exposed the information of 145 million Americans. The hackers were accused of exploiting software vulnerability to gain access to Equifax’s computers. They are charged with obtaining log-in credentials that they used to navigate databases and review records.

Read More

Coronavirus malware roundup: watch out for these scams

Article | March 17, 2020

With so many of us hunting out the latest Covid-19 info, it hasn’t taken long for hackers to take advantage. So first off, a basic hygiene reminder: Don’t download anything or click on any links from unfamiliar sources. This includes coronavirus-related maps, guides and apps. Here’s a closer look at some of the specific threats that have emerged over the last week or so. The DomainTools security research team has uncovered at least one example of a coronavirus-related fake app .The Android app in question was discovered on a newly created domain, (coronavirusapp[.]site). The site prompts users to download an Android App to get access to a coronavirus app tracker, statistical information and heatmap visuals. The app actually contains a previously unseen ransomware application, dubbed CovidLock. On download, the device screen is locked, and the user is hit with a demand for $100 in bitcoin to avoid content erasure.

Read More

A 4 Step Guide to Stronger OT Cybersecurity

Article | March 17, 2020

Security and risk management leaders at organizations around the world are increasingly concerned about cybersecurity threats to their operational technology (OT) networks. A key driver behind this is that cyberthreats, like disruptionware, are increasing in quantity and sophistication all the time. Industrial control system (ICS) networks are categorized as high risk because they are inherently insecure, increasingly so because of expanding integration with the corporate IT network, as well as the rise of remote access for employees and third parties. An example of an IT network within a control system is a PC that’s running HMI or SCADA applications. Because this particular PC wasn’t set up with the initial intention of connecting to IT systems, it typically isn’t managed so can’t access the latest operating system, patches, or antivirus updates. This makes that PC extremely vulnerable to malware attacks. Besides the increased cyberthreat risk, the complexity resulting from IT–OT integration also increases the likelihood of networking and operational issues.

Read More

Delivering on the promise of security AI to help defenders protect today’s hybrid environments

Article | March 17, 2020

Technology is reshaping society – artificial intelligence (AI) is enabling us to increase crop yields, protect endangered animals and improve access to healthcare. Technology is also transforming criminal enterprises, which are developing increasingly targeted attacks against a growing range of devices and services. Using the cloud to harness the largest and most diverse set of signals – with the right mix of AI and human defenders – we can turn the tide in cybersecurity. Microsoft is announcing new capabilities in AI and automation available today to accelerate that change. Cybersecurity always comes down to people – good and bad. Our optimism is grounded in our belief in the potential for good people and technology to work in harmony to accomplish amazing things. After years of investment and engineering work, the data now shows that Microsoft is delivering on the potential of AI to enable defenders to protect data and manage risk across the full breadth of their digital estates.

Read More

Spotlight

EclecticIQ

EclecticIQ is an applied cyber intelligence technology provider, enabling enterprise security programs and governments to bootstrap a threat intelligence practice. Empowering analysts to take back control of their threat reality and mitigate exposure accordingly. EclecticIQ’s mission is to restore balance in the fight against cyber adversaries. Its flagship product EclecticIQ Threat Intelligence Platform enables operationalization of security information exchange, empowers collaborative analyst workflow and ensures timely integration of cyber threat intelligence detection, prevention and response capabilities. EclecticIQ is a privately held company headquartered in Amsterdam, the Netherlands, and holds an office in London. Awarded the 2015 EU IPACSO Cyber Security Award, the 2016 Deloitte FAST50 Rising Star 'Most Disruptive Innovator' Award, and partner of the NATO NCI Agency Security Incubator.

Events