Ready, Set, Go! Be Ahead of a Cyberattack
Take a glance at the most discussed cybersecurity topics of the week.November 12. 48 hours. 300 million hijacked browser sessions. And still the actor of the widespread malvertising campaign is not detected.
Canadian banks made friends with hackers
The Star on November 22, 2018
Recently, we claimed that to stop a hacker, you should think like one. However, when it comes to business security, it may be insufficient as the best solution to avoid a cyberattack is to organize it. Toronto-Dominion Bank established the in-house team of ethical hackers to evaluate the network security by targeting its internal systems.
We’re doing it exactly how our adversaries would do it … So if we find a weakness or something like that, we can close it or address it before a real attacker.
Alex Lovinger, TD Bank’s vice-president of cyber threat management
By the way, in the last year 21% of Canadian businesses confirmed that they were impacted by a cybersecurity incident that affected their operations. Banking institutions reported the highest level of incidents at 47%, followed by universities and the pipeline transportation subsector.
At first, fill cybersecurity gaps – a to-do list for Australian businesses
CSO on November 23, 2018
Perhaps, there is something to think about. In 2018, Australian businesses have been affected by more than 300 cybersecurity breaches. Another fact is that Australia is expected to spend $3.8 billion on cybersecurity in 2018, up 6.5 percent from 2017, according to Gartner.
Actually, the volume, variety, and velocity of the occurring cyberattacks make companies rethink their approach to cybersecurity.
The first step in this process is identifying core cybersecurity gaps that, as practice shows, may include:
- Risk detection
- Communication breakdown
- Skills shortage
Although it is impossible to completely eradicate cyber threats nowadays, filling these gaps can be a silver bullet solution for an organization’s cybersecurity.
Don’t click the ad or you will be hacked
Threatpost on November 27, 2018
November 12. 48 hours. 300 million hijacked browser sessions. And still the actor of the widespread malvertising campaign is not detected.
According to researchers, the malefactors inject malicious code into legitimate online ads and web pages, so when victims click those pages, they are forcefully redirected to a malicious page. In this case, the ad unit forcefully redirects mobile users to adult content and gift card scams. Then victims are asked to leave their credentials and if they don’t recognize the threat, their personal information will be stolen.
In fact, malvertising campaigns are no rare occurrence. There will always be people who may fall for an opportunity to “win $1,000” and click the infected ad. Therefore, it is always important for users to stay alert.
Sometimes bits and bytes are not the case
Dark Reading on November 26, 2018
Frankly speaking, we are used to associating cybersecurity with network dangers rather than physical threats. Nonetheless, any physical asset of the company may be a matter of concern, when it comes to data protection. Have a look at 7 dangers that threaten your cybersecurity in real life:
- Etiquette. To avoid the passage of threat actor in your office, take it as a rule to require each employee badge in and out so that everybody could be determined.
- Forgetful users. Remind people to look around them before leaving public places. Every year corporate devices are lost in coffee shops, airplanes, taxis to get right into hands of malefactors.
- Thieves. Yes, sometimes devices are stolen not to be sold on Craigslist but to get sensitive information. Provide your employees with locks for bags.
- USB Trojans. To defend against USB Trojans, security groups should make sure that antimalware systems are up-to-date and scan new USB drives of the workers.
- Walk-away data. A great amount of information may be carried away on small USB drive; so the device activity should be closely monitored and logged, with alerts for unusual activity.
- Tailgating. In this case, the employee properly entering the premises often has no idea that a violation has occurred. However, the tailgater is already inside, as well as a potential cyber threat.
- One more muffin. Don’t forget to lock your laptop before getting the second cup of coffee, especially when you are in a public place.