Categories
cyber attack cyber security Cyber Security For Businesses cyber threats Data and Security ReadWrite

Cybersecurity Posture is a Must in an Anti-Cyber-Attack

cybersecurity

More than 10 years ago, fewer than one in four companies relied on the Internet for their business. But now,  it is 100 percent. Despite this growth,  the Internet has now been accompanied by a steady increase in the severity of “Cyber-Attacks.”

Billions of business individuals worldwide have had their personal data stolen, exposed, and rapidly occurring at a high frequency.

According to the WHSR Security evaluation, Germany tends to have the highest cyber incident. Although the United States is naturally a major target for cybercriminals. However, Germany lost an estimated $50 Billion to cybercrime, ranging from big corporations to small business enterprises.

Cybercriminals are reaching further than before, that for every 60 seconds, $1.1 million is lost to cyberattacks. In fact, Australians lost over $634 million in total to cyber-attack in just 12 months. Meanwhile, these at pace have set to cost business affair $5.2 trillion ‘worldwide’ with continuity to affect critical, pivotal facilities.  For all that, this unprecedented cybercriminal activity has generated businesses across the globe, $128 billion in cyber spending.

It’s fair to say that this has been the era of Cyber Attacks. However, not becoming a victim should be a priority for every organization rather than adding up to the number of amounts “lost” to cyber-threats.  Since cyber-attacks are globally increasing, operational effort to respond and prevent must therefore be proactive.

Cybersecurity posture; an organization’s coast-to-coast defense in disagreement with cyber-attacks

Understanding cybersecurity posture is essential to recognize where your organization stands regarding online security threats such as data breaches and intrusions.  However, by understanding where your organization is most vulnerable, you can begin to establish a plan for creating a more secure environment.

Security posture refers to the strength of your overall cybersecurity defense. This is important because cybersecurity threats are ever-increasing, and cyberattacks are considered the third greatest global threat, according to the World Economic Forum (WEF).

The modern enterprise’s attack surface is ever-growing, which makes gaining an accurate understanding of a big challenge. The hard truth is that most organizations only have a vague understanding of their attack surface and overall cybersecurity posture.

For an organization with a thousand employees, over 10 million time-varying signals should be analyzed to predict breach risk accurately. This enterprise attack surface includes a wide variety of assets spanning across its infrastructure— applications, managed and unmanaged endpoints (fixed and mobile), IoT, and cloud services. Once these elements, breached in many ways, this compromise enterprise asset, giving cyber-attackers an initial foothold inside the company’s network.

It is important to create a habit of regularly monitoring and maintaining your cybersecurity posture, most importantly, your cybersecurity risk. To understand the efficacy of cybersecurity posture, cybersecurity risk assessment by an organization must be completed. Cybersecurity risk is the probability of exposure or loss resulting from a cyber-attack or data breach on your organization. A better, more encompassing definition is the potential loss or harm related to technical infrastructure, use of technology, or an organization’s reputation. To put it simply, as your cybersecurity posture strength increases, your cybersecurity risk should decrease. This helps to identify all vulnerability points to help your organization more proactive rather than reactive to cybersecurity threats.

Maturity Assessment – worth of your cybersecurity posture; coming-of-age call’s and objectives

Maturity assessment is an upright pillar of an organization’s information security capability to protect the business against applicable cyber risks.  This measures the ability of an organization for continuous improvement in a securing discipline, which can be drilled down to departmental view, functional view, and process view.

Throughout the course of operations, business leaders set goals and objectives for their enterprise, and they rally teams to work hard and deliver on them. These goals and objectives are business needs; they are the things the business must have or achieve to run, be profitable, serve effectively, and deliver successfully on its mission. However, organizations with the most mature security posture don’t break-out, avoid cybersecurity mistakes during business racing and successfully outperform their peers.

The higher the maturity, the higher the chances that mistakes or errors will lead to improvements either in the quality or the use of the discipline’s resources as implemented by an organization. The Security Maturity Assessment gives a first look at how mature your organization is concerning cybersecurity. By knowing the security level, an organization can build an effective cyber protection strategy for the future.

Cybersecurity maturity assessment can analyze the current security state, with a view towards the desired state. It assesses cybersecurity controls and realize new technology-process controls. The main advantage is to specify the maturity level of an organization. Whereby each level depends on a group of processes. Each process can depend on the infrastructure, resources, operation’s automation, and user’s knowledge. Hence, cybersecurity maturity can help to distinguish between organizations.

Cybersecurity posture score; accompanied by a risk management program

The terms “safeguards� and “controls� refer to risk-reducing measures. The process of risk management allows the balance of operational and economic costs of protective measures and achieve gains in mission capability by protecting information systems and data that support organizations’ missions.

Protecting information is a business problem costing millions of dollars and reputational loss. Even with an acute awareness of these risks, many attacks go unchecked. The solution requires more than deploying technology, like firewalls and antivirus gateways, and hoping for the best.

However, security professionals cited a critical need for expertise, technology, and external services to address these external threats’ growing concerns. The solution requires a vigorous, comprehensive investment in risk management for your organization’s complete environment.

The post Cybersecurity Posture is a Must in an Anti-Cyber-Attack appeared first on ReadWrite.

Categories
cyber security Data and Security endpoint security IoT iot devices Tech

Common Challenges of Endpoint Security and Possible Solutions

endpoint security

According to Ponemon’s 2020 Study on the State of Endpoint Security Risk, the frequency of attacks against endpoints is increasing and detection is difficult. Worse is that the vast majority (80%) of successful endpoint breaches are zero-day attacks. That means that many of the threats organizations face are due to new, unresolved vulnerabilities. Here are the common challenges of endpoint security and the possible solutions.

There is no point in cybersecurity without strong endpoint security.

Endpoint devices are leeways to an organization’s network and the network security is no better than the level of protection of every endpoint.

However, there have been persistent areas in which many organizations struggle, especially relating to recent and emerging developments.

Here are the most common challenges of endpoint security and some solutions to help companies stay ahead of ever-threatening cyber attackers. 

Internet of Things

The proliferation of IoT devices has multiplied cybersecurity risks for enterprises to staggering rates.

These devices are the main contributors to the rising problem of shadow IT as they increase the number of blind spots in the enterprise’s security system.

More so, IoT devices collect very sensitive data and in massive amounts; according to the International Data Corporation, connected IoT devices are expected to generate 79.4 zettabytes of data in 2025. 

Mitigate risks arising from connected devices through network segmentation.

Isolate shadow IoT devices from the main network. In addition, the organization must create and maintain a strict policy regarding the use of IoT devices among workers. Isolating and the policy surrounding devices helps the IT department maintain visibility over all endpoints connected to the company network. 

Phishing 

The coronavirus pandemic has seen a remarkable increase in business phishing attacks. The recent unprecedented hack of many verified accounts of prominent individuals on Twitter was due to spear-phishing attacks targeting Twitter employees.

Phishers use social engineering techniques to successfully trick their targets into giving out sensitive data. Employees must be trained to recognize the tiniest threat signals and report suspicious activities.

Cybersecurity awareness is important across all sectors, whether aviation or tech. 

Cybersecurity awareness training for employees is not enough. Cyber attackers are getting more sophisticated, creating malware that is designed to evade security channels set up by IT departments.

How many more employees? To protect employees from phishing attacks, companies can use such technologies as a Secure Web Gateway, which inspects the inflow and outflow of data through office networks to block malicious content and prevent data loss. 

Lack of Visibility 

IT departments often have trouble monitoring the several endpoints of their company’s network. And without adequate visibility, the endpoints and agents in charge of them (employees) become prone to data loss.

Likewise, limited visibility affects the organization’s ability to detect suspicious activity; therefore, malware could dwell in the system for weeks or months, wreaking havoc while being under the radar.

Maintaining comprehensive visibility over endpoints is especially important in this era that an unprecedented number of companies are adopting work from home policies. When employees work remotely, it becomes a challenge to tell what they are up to or if they are accessing the corporate network securely. 

Beyond traditional endpoint detection and response tools, enterprises have to upgrade to next-generation endpoint security solutions, which use AI, machine learning, and real-time analytics to manage the network endpoint visibility. This will help organizations combat threats of greater sophistication. 

Cybersecurity Skills Shortage

According to Emsi, demand for cybersecurity talent in the US is more than twice greater than the available supply.

The skills shortage in cybersecurity has been a major concern for years, and the problem was exacerbated by the impacts of COVID-19, particularly in light of surges in cyber-attacks at this period.

It is not enough that a company has the right tools; they must have the right people in charge of their endpoint security as well. Organizations must rethink their approach to closing their cybersecurity talent gap. 

In its report, Emsi recommended a “build, don’t buy” strategy whereby organizations focus on strengthening and arming their present workforce against cybersecurity risks instead of trying to recruit scarce talent.

The build, don’t buy strategy is not necessarily about transforming your workers into IT professionals than it is about building a strong, cyber-aware workforce through continuous training. 

Conclusion 

In strengthening their endpoint security, businesses must put the future of cybersecurity into consideration. Not in terms of technology, but in terms of obstacles. Having a contingency plan helps a company to fill gaps and solve problems proactively, rather than reactively. 

Of course, this requires the adoption of advanced tools that can help professionals gain insights into the organization’s security framework, assess risks, and neutralize threats.

The post Common Challenges of Endpoint Security and Possible Solutions appeared first on ReadWrite.

Categories
cyber attack cyber security Data and Security Hack hacking Software TikTok

How to Protect Your TikTok Account from Hackers

TikTok

TikTok, a mobile video-sharing service owned by Beijing-based technology company ByteDance, has been around since 2016. Its popularity shifted into hyper-drive over the past two years, with the user count exceeding 2 billion (according to Craig Chapple, a mobile insights strategist) globally at the time of this publication.

TikTok generated a whopping 315 million installs in Q1 2020 alone, which eclipses any other app’s achievements in terms of quarterly growth.

It’s common knowledge that cybercriminals follow the trends.

Cybercriminals are following the trends — so they treat the hype around TikTok as an opportunity to extend their reach. Haters, spammers, con artists, and malware distributors can weaponize hacked accounts in a snap. Therefore, it’s in every user’s interest to ascertain that their video blogging experience isn’t vulnerable to exploitation.

The good news is, you can benefit from TikTok’s built-in security and privacy features to raise the bar for malicious actors. This article provides simple steps to harden the defenses and make your account a hard nut to crack. Before delving into the protection facet of the matter, though, let’s see what security concerns about this service have been unearthed to date.

Known TikTok Security Loopholes

In early January 2020, experts at cybersecurity company Check Point Research discovered a series of TikTok vulnerabilities that might undermine the protection of one’s account. According to the white hats, a hypothetical attacker could take advantage of these flaws to do the following:

  • Compromise an account and alter its content
  • Erase videos
  • Upload new videos
  • Change the status of private videos to “publicâ€�
  • Obtain the victim’s email address and other sensitive information related to the account

SMS link spoofing is one of the malicious techniques piggybacking on TikTok imperfections. It can cause a great deal of harm with very little effort. This foul play is fueled by a somewhat crude implementation of a feature called “Text yourself a link to download TikTok,� which is available through the platform’s official website.

(Image by Check Point Research, “Tik or Tok? Is TikTok secure enough?� article)

A malefactor can use a proxy tool to skew the underlying HTTP query that consists of a user’s phone number and the legitimate app download link. This interference allows the hacker to substitute the URL with a custom value and thereby send malware-riddled text messages on behalf of TikTok.

Malware distribution and scams are the obvious use cases of this technique. The resulting sketchy site can be a credential phishing page or have exploits onboard.

Offensive mechanisms such as cross-site request forgery (CSRF) or cross-site scripting (XSS) may also kick in to execute malicious JavaScript code surreptitiously. This abuse can entail particularly disruptive outcomes, making it easy for an adversary to tamper with the victim’s browser cookies and perform different actions in their name.

What does the cybercriminal do next?

This access can pave the crook’s way towards removing arbitrary videos, adding new ones, approving followers, and making private content public. The info-stealing facet of this exploitation puts the victim’s sensitive data at risk, including their email address, payment details, and birth date. Thankfully, the company behind TikTok has since released patches for these issues.

Another pitfall is that the service isn’t too fair and square when it comes to users’ privacy.

In March 2020, security researchers exposed more than 50 iOS and iPadOS applications that regularly read the clipboard information. TikTok ended up on that list, too.

Whereas it’s not entirely clear what the application does with this data, such activity resembles eavesdropping at its worst. An additional concern is that an attacker who succeeds in compromising the TikTok app will be able to keep a record of everything the user copies to the device’s clipboard, including credit card details and login credentials for other services.

A malefactor with advanced tech skills can broaden the attack surface.

For instance, a feature called Universal Clipboard plays into crooks’ hands in this regard. It is intended to facilitate the process of copying and pasting between different devices under Apple’s umbrella.

Therefore, if an attacker takes over a TikTok account used on an iOS or iPadOS gadget, they may be able to access sensitive information on a related Mac computer.

For the record, the latest version of TikTok is no longer peeking into clipboard data. However, the aftertaste of past foul play remains. All of the reported caveats have called forth some restrictive moves at the level of governments and military branch departments.

In December 2019, the U.S. Navy banned personnel from using this service, and so did the U.S. Army shortly afterward.

TikTok Account Security Tips

Because a TikTok account is a goldmine of the user’s sensitive information, cybercriminals are lured to find ways to circumvent its defenses and get in. The following red flags may indicate a compromise and should urge you to take immediate action:

  • Your TikTok password, security email address, or phone number tied to the account has been changed.
  • Your username or nickname has been modified.
  • Someone is removing or adding videos behind your back.
  • Messages are being sent without your permission.

This brings us to the techniques that will keep perpetrators from gaining unauthorized access to your account. Below is a summary of TikTok security best practices:

1. Use a Strong Password

No matter how vanilla this recommendation may sound, it’s the stronghold of your account’s intactness. In addition to making your password at least 12 characters long, include special characters (%, $, &, etc.), uppercase letters, and numerals.

Also, make sure it looks as random as possible to prevent crooks from guessing it based on your personal details available on publicly accessible resources such as social networks.

2. Refrain from Reusing Passwords

Data breaches happen, so you don’t want your authentication info for another account to match the TikTok password. Using the same password across different services is a classic instance of a potential single point of failure (SPOF).

3. “Log In with Verification� Feature Can Make Your Day

If you enable the verification by adding your phone number to the profile details, the TikTok platform will be creating a one-time password (OTP) every time you sign in. But note the issue above with your phone number.

As opposed to the better-known two-factor authentication (2FA), the phone technique replaces password protection rather than boosting its efficiency. By the way, the video blogging service under scrutiny doesn’t currently provide 2FA.

A text message with TikTok verification code inside

4. Prevent Your Password from Being Automatically Saved

It goes without saying that password saving is a handy option. In fact, TikTok does it by default.

The whole convenience, though, can be overshadowed by the security risks stemming from this mechanism.

Consider turning the auto password save OFF to err on the side of caution.

  • Tap the Me icon at the bottom right of TikTok main screen.
  • Head to Settings and privacy
  • Select Manage my account
  • Then slide the Save login info toggle to the left — that turns it OFF.

Switch OFF the Save login info option

5. Stay Abreast of Account Usage Statistics

The app’s Your Devices pane lets you know what devices your account is opened on your mobile at any given time.

You may have previously signed in from somebody else’s gadget and forgot to exit the account. This is a benign scenario, though.

If the list includes a smartphone you can’t identify, it might be a heads-up. To make sure you are in the clear, go to Manage my Account, proceed to Security, and take a look at the account activity stats and the list of logged-in devices.

TikTok account activity stats

6. Stay Away from Sketchy Links

Cybercriminals may try to social-engineer you into tapping a hyperlink that leads to a malicious web page hosting a harmful payload. These links may arrive via booby-trapped text messages, phishing emails sent by strangers, or malicious redirects caused by malware.

As one of the abuse techniques demonstrates — the messages can as well impersonate TikTok. Don’t be gullible and ignore them.

7. Think What You Share

Don’t spill any personally identifiable information (PII) such as the email address or phone number in video descriptions. A seasoned hacker may mishandle the info to compromise your account.

What to Do If Your TikTok Account Has Been Hacked?

If you spot the slightest sign of a breach, go ahead and change your account password without a second thought.

Here’s how you do it: go to Settings and privacy — proceed to Manage my account, and follow the on-screen prompts to complete the procedure. As part of the attack remediation, be sure to check the accuracy of your account information on the same screen.

In case you are having issues with this, go to the Report a problem subsection under Support to access the Feedback and help screen. Then, tap the paper sheet icon in the top right corner to submit a support ticket describing your situation in detail.

TikTok Feedback and help section

All in all, TikTok is a great service bringing so many bells and whistles to your fingertips and allowing you to express yourself via nifty videos.

It’s not perfect in terms of security, though. Do your homework and tweak some settings to prevent your account from being low-hanging fruit for a cyberattack. Stay safe.

The post How to Protect Your TikTok Account from Hackers appeared first on ReadWrite.