The 2018 Human Factor report by Proofpoint states that as many as 95% of web-based attacks now incorporate social engineering, or human error factor. So, with that simple fact, how can your organization prevent its employees from releasing confidential and critical information?
When it comes to security risks and errors, businesses often fall victim to assumptions and oversights. The reality is that the protection of information and applications is always evolving and, as criminals find new ways to exploit weaknesses, it's tough to stay one step ahead.
Has anyone at your organization ever received an email that was not what they thought it would be? Maybe it was a message from a vendor looking to verify sensitive account information; a message from an accountant sending completed tax returns in the month of August; or, a note from what appears to be your accounting firm indicating they need you to confirm Social Security Numbers in order to send employee paychecks?
Systems Engineering's recent Lunch & Learn titled Risk Management in the Era of Ransomware, took place in three locations on three various dates. SE presenters, Joe McIntyre and Alan Damon, discussed how vulnerable businesses are to ransomware over a natural disaster. No matter what the cause or the suspect, business data continually plays the role of victim. So, what are businesses doing to backup and recover the data that is imperative to their survival?
It’s no revelation that the age of Bring-Your-Own-Device (BYOD) computing is here and has been for some time. Whether it's with a smart phone, tablet, or smart watch, BYOD is a convenient way for today's workforce to stay connected. Recent surveys show that BYOD adoption, as a business tool, presents a company as more attractive and a "must-have" for millennial-generation job applicants.
At the risk of giving undeserved kudos, I am going to write it: phishers are clever and tenacious.
On July 29, Microsoft released its latest generation of Windows operating systems, Windows 10. Within days, Internet security bodies such as the Cisco Talos Group began detecting prevalent propagation of CTB-Locker (a variant of the CryptoLocker ransomware virus) targeting users of Windows 7 and 8, crafted to look like the free Windows 10 upgrade. Often delivered by email messages containing .ZIP attachments, the virus encrypts the user’s personal files and demands a ransom to make them usable again.
A typical office in 1995, with PC's and email, might have looked very sophisticated to your mother who was used to working with typewriters and physical mailboxes in 1975. In the same cyclical pattern, the office we see in 2015 is not like that of 1995. We now have to consider working from several devices no matter where we are, and access to everything is of utter importance.
CryptoWall continues to infect and plague both companies and consumers. At this point it is estimated that tens of thousands of machines have been infected and that the perpetrators of CryptoWall have sent millions of emails. While anti-virus software can block some variants of CryptoWall the speed with which criminals are releasing new variants makes it necessary to consider additional protections.
One of the reasons that the Poodle vulnerability is not assigned the same level of risk as the earlier Heartbleed one is that it requires what is called a “Man in the Middle” attack. This means in order to exploit Poodle the attacker needs to be able to jump on your Internet connection, most likely in a public place like a coffee shop or hotel and then it takes a significant number of attempts to break in.
Symantec sent out notification earlier today that it had released a virus definition file which contains a False Positive (FP). This FP could result in a false detection and alert for the “Trojan.Webkit!htm” virus. Symantec is currently preparing Rapid Release definitions which will remove this detection. While Symantec is working to fix this issue, SE clients should still contact SE if they see an alert for this or any virus.