Expert(s):
Security Awareness Advocatefeature_status*/ ?>
KnowBe4

Comments Dotted : 170
January 21, 2021

Experts Reaction On World Economic Forum 2021 Report Cites Cyber Failure As 4th Highest Risk
Given the trends of recent years, breaches have shown no signs of slowing down.

As technology has engulfed every aspect of life and society, it is no surprise that cybersecurity failure is viewed as a clear and present danger. Given the trends of recent years, breaches have shown no signs of slowing down. In fact, the impact of breaches have risen, not just in terms of financial cost, but impacting individuals privacy and livelihood. It's also good to see digital inequality captured as a risk. It can be easy to overlook digital inequality. But without the latest devices or

.....Read More

As technology has engulfed every aspect of life and society, it is no surprise that cybersecurity failure is viewed as a clear and present danger. Given the trends of recent years, breaches have shown no signs of slowing down. In fact, the impact of breaches have risen, not just in terms of financial cost, but impacting individuals privacy and livelihood. It's also good to see digital inequality captured as a risk. It can be easy to overlook digital inequality. But without the latest devices or fast internet connectivity, many people are left behind in terms of cybersecurity as well as learning opportunities. Collectively, it is important that a culture of cybersecurity is embedded globally from manufacturers, to designers, to resellers, implementers, and users. Cybersecurity should not be for the privileged few, and neither should it require so much user interaction that it becomes overlooked. Only then will we begin to see changes that are needed to address some of these most pressing issues.

  Read Less
January 20, 2021

Experts Insight On Latest Flaw Within DNSpooq
These attacks can be chained together if internal devices have already been compromised on the network.

These are interesting attacks and while each on their own is limited, when combined together they can pose a high risk to devices running over versions of Dnsmasq. 

 

Additionally, these attacks can be chained together if internal devices have already been compromised on the network.

 

Therefore, it's important that organisations prioritise the patches for Dnsmasq where possible. The challenge however for many organisations will be where devices running Dnsmasq cannot be updated directly and so

.....Read More

These are interesting attacks and while each on their own is limited, when combined together they can pose a high risk to devices running over versions of Dnsmasq. 

 

Additionally, these attacks can be chained together if internal devices have already been compromised on the network.

 

Therefore, it's important that organisations prioritise the patches for Dnsmasq where possible. The challenge however for many organisations will be where devices running Dnsmasq cannot be updated directly and so they will be reliant on each device manufacturer to independently provide an update. 

 

It highlights some of the ongoing challenges with patching that organisations face and why unpatched software remains a popular attack method for criminals.

  Read Less
January 14, 2021

Expert Commentary: Chinese Data-Scraping Startup Leaked Its 408 GB Database Online
Indeed most cloud databases have all the features available to secure databases.

Cloud is the gift that keeps on giving. Unfortunately, in this case, it's the gift of misconfigured databases that keeps giving sensitive information out to anyone with an internet connection and a browser. 

 

These kind of cloud database misconfigurations are unfortunately very common and can expose millions of records publicly which should otherwise be kept private. Often we see that this isn't because of the lack of technical controls available. Indeed most cloud databases have all the

.....Read More

Cloud is the gift that keeps on giving. Unfortunately, in this case, it's the gift of misconfigured databases that keeps giving sensitive information out to anyone with an internet connection and a browser. 

 

These kind of cloud database misconfigurations are unfortunately very common and can expose millions of records publicly which should otherwise be kept private. Often we see that this isn't because of the lack of technical controls available. Indeed most cloud databases have all the features available to secure databases. Rather what we see here is a combination of human error or lack of knowledge along with lack of assurance to validate if systems are secured properly.

 

This is why it's important for all staff to receive appropriate security awareness training, and to build a culture of security throughout the organisation which reinforces best practices.

  Read Less
January 12, 2021

Experts Insight On UN’s Environmental Program Breach-100K+ Employee Records Leaked
Keeping track of all these disparate systems can be challenging enough.

It's easy for organisations, especially global ones, to have data spread out across various systems and platforms. Keeping track of all these disparate systems can be challenging enough, and ensuring the right security settings are applied and that credentials are appropriately managed is key. 

 

While many technologies and processes exist to help secure organisations to prevent these kinds of issues, it is essential that organisations cultivate a culture of security so that everyone is aware

.....Read More

It's easy for organisations, especially global ones, to have data spread out across various systems and platforms. Keeping track of all these disparate systems can be challenging enough, and ensuring the right security settings are applied and that credentials are appropriately managed is key. 

 

While many technologies and processes exist to help secure organisations to prevent these kinds of issues, it is essential that organisations cultivate a culture of security so that everyone is aware of the role they have to play in securing the organisation as it's not something a security department can do on their own.

  Read Less
December 10, 2020

Expert On Facebook Introduces Whatsapp Carts
Customers can inadvertently send sensitive personal information through insecure mechanisms.
With many people opting to shop online, it is in the retailers best interest to try and make the purchasing process as easy as possible by offering multiple avenues by which customers can interact with them. However, with this approach comes challenges. Customers can inadvertently send sensitive personal information through insecure mechanisms, or worse still, untrained staff could ask for information from customers over different channels. More importantly, this opens up multiple avenues.....Read More
With many people opting to shop online, it is in the retailers best interest to try and make the purchasing process as easy as possible by offering multiple avenues by which customers can interact with them. However, with this approach comes challenges. Customers can inadvertently send sensitive personal information through insecure mechanisms, or worse still, untrained staff could ask for information from customers over different channels. More importantly, this opens up multiple avenues for cyber criminals who can target unsuspecting customers with social engineering scams through these channels. Therefore, organisations and customers need to balance out the ease of sale with security, and be aware of what information they are providing to who and over which channels.  Read Less
December 09, 2020

Police Warn Shared Power Banks Could Transmit Malware – Expert Reaction
Innocent-looking phone charging cables or power banks serve as a great way to compromise a device.
We've seen several different attack avenues which leverage external devices plugged into phones, tablets, and laptops which are designed to steal information or install malware. Innocent-looking phone charging cables or power banks serve as a great way to compromise a device. While attacks of this nature may not be widespread, it is something that could be used in targeted attacks, particularly against executives, politicians, or key employees. Which is why it's worthwhile to be aware of the.....Read More
We've seen several different attack avenues which leverage external devices plugged into phones, tablets, and laptops which are designed to steal information or install malware. Innocent-looking phone charging cables or power banks serve as a great way to compromise a device. While attacks of this nature may not be widespread, it is something that could be used in targeted attacks, particularly against executives, politicians, or key employees. Which is why it's worthwhile to be aware of the threats and be cautious by only travelling with your own cables and power banks.  Read Less
December 09, 2020

Cyberattack On Package Delivery Lockers In Moscow
It is therefore essential for all organisations to build a culture of cybersecurity into its fabric.
It is very easy to stand up servers to connect things online and provide an interactive user experience, but ensuring it is secure is a different story altogether. Any organisation that manufactures, develops, or sells software is in the cybersecurity business whether they know it or not. It is therefore essential for all organisations to build a culture of cybersecurity into its fabric. Just like how quality control, or safety, or budgets are factored into the entire organisation, so should.....Read More
It is very easy to stand up servers to connect things online and provide an interactive user experience, but ensuring it is secure is a different story altogether. Any organisation that manufactures, develops, or sells software is in the cybersecurity business whether they know it or not. It is therefore essential for all organisations to build a culture of cybersecurity into its fabric. Just like how quality control, or safety, or budgets are factored into the entire organisation, so should cybersecurity to ensure that all services and products are secured end to end.  Read Less
December 08, 2020

Experts On Major Security Flaw Found In Android TV – Consumers Be Warned
Unfortunately, there are not many easy options for non-technical consumers to explore.
With nearly every device being embedded with smart capabilities and being connected to the internet, consumers should be wary when purchasing any device. More tech-savvy consumers can look into things such as whether default passwords can be changed, how easy it is to patch the device, and whether it is remotely accessible. Unfortunately, there are not many easy options for non-technical consumers to explore. Which is why any regulatory requirements placed on manufacturers to ensure devices.....Read More
With nearly every device being embedded with smart capabilities and being connected to the internet, consumers should be wary when purchasing any device. More tech-savvy consumers can look into things such as whether default passwords can be changed, how easy it is to patch the device, and whether it is remotely accessible. Unfortunately, there are not many easy options for non-technical consumers to explore. Which is why any regulatory requirements placed on manufacturers to ensure devices are secure before shipping and are maintained for a minimum period of time is quite essential. Otherwise, we will continue to see the market flooded with products which have vulnerabilities that are difficult, if not impossible to patch or rectify.  Read Less
December 04, 2020

Experts On Clop Ransomware Attacking Retail Giant E-Land
It's important for organisations to try and prevent criminal gangs entering their environment to begin with by having good technical controls.
Ransomware operators no longer lead with encrypting data. Rather, many are taking their time to understand their victim environments, navigating throughout the infrastructure to find valuable information that is worth stealing as well as gaining an understanding of what information is worth encrypting with ransomware, and how much they should charge. If the groups claims are to be believed, they had been inside the network for over a year. This is why it's important for organisations to try.....Read More
Ransomware operators no longer lead with encrypting data. Rather, many are taking their time to understand their victim environments, navigating throughout the infrastructure to find valuable information that is worth stealing as well as gaining an understanding of what information is worth encrypting with ransomware, and how much they should charge. If the groups claims are to be believed, they had been inside the network for over a year. This is why it's important for organisations to try and prevent criminal gangs entering their environment to begin with by having good technical controls such as perimeter controls, patching software, MFA, and security awareness training amongst others. Similarly, it's important to have strong monitoring and threat detection controls in place so that any infiltration can be quickly and reliably detected so that remedial action can be taken.  Read Less
December 01, 2020

Experts Reaction On Ipsos Mori Internet Survey Could Be A Privacy Risk For UK Consumers
People need to remain constantly vigilant to protect their cyber security and privacy.
People need to remain constantly vigilant to protect their cyber security and privacy. While it's true that most attacks against individuals will come via phishing emails, that doesn't mean they won't be approached via phone calls, SMS, or in this instance via regular mail. While the intent of the market research organisation may be genuine, the fact is that by installing the software and participating, users are rendering all of their device security useless. People should always be wary of .....Read More
People need to remain constantly vigilant to protect their cyber security and privacy. While it's true that most attacks against individuals will come via phishing emails, that doesn't mean they won't be approached via phone calls, SMS, or in this instance via regular mail. While the intent of the market research organisation may be genuine, the fact is that by installing the software and participating, users are rendering all of their device security useless. People should always be wary of anyone that asks them to install software, particularly if it involves accepting or bypassing security notifications. With this particular offer, people are incentivised by the potential of gaining £5-10 a month in points by participating. This is no different from the old methods of asking for people’s passwords in exchange for a chocolate sweet. People need to remember that their data and personal information is worth a lot more than £5 a month and should not compromise their privacy for such a trivial amount.  Read Less