Expert(s):
Global Security Strategy Directorfeature_status*/ ?>
Juniper Networks

Comments Dotted : 12
September 16, 2020

Experts Reaction On Staples Data Breach
Any breach in which personal data is stolen needs to be treated as highly serious and punishable.
Many people will see this as a relief that ‘only names, email addresses, and phone numbers’ were shared – their credit cards are safe and their transactions remain a secret. However, this is not the case. These pieces of PII still have value on the black market and can be used in order to gain access to other, and perhaps more sensitive, information. The combination of ‘email address and telephone number’, for example, would be a great start for anyone attempting takeover attacks on.....Read More
Many people will see this as a relief that ‘only names, email addresses, and phone numbers’ were shared – their credit cards are safe and their transactions remain a secret. However, this is not the case. These pieces of PII still have value on the black market and can be used in order to gain access to other, and perhaps more sensitive, information. The combination of ‘email address and telephone number’, for example, would be a great start for anyone attempting takeover attacks on personal data. It’s about time that we stopped ranking personal data theft on perceived severity. Any breach in which personal data is stolen needs to be treated as highly serious and punishable. Then, maybe people will be more careful about what databases are left around for people to find.  Read Less
July 23, 2020

Cybersecurity Experts on findings of Skybox Security 2020 Vulnerability and Threat Trends Report
The money saved from people who decide not to return to the office must be invested in ensuring they are safely working from home.
The increase in mobile vulnerabilities highlights what will be an ongoing challenge to security teams. We have been successful in moving users from the office to remote working, but users at home need to be treated differently from when they are working in an office. Home IoT devices, family members using computers and even home broadband/Wi-Fi connections all are outside corporate visibility and introduce a new attack vector that needs to be managed. For many users, a simple VPN is no longer.....Read More
The increase in mobile vulnerabilities highlights what will be an ongoing challenge to security teams. We have been successful in moving users from the office to remote working, but users at home need to be treated differently from when they are working in an office. Home IoT devices, family members using computers and even home broadband/Wi-Fi connections all are outside corporate visibility and introduce a new attack vector that needs to be managed. For many users, a simple VPN is no longer enough. The money saved from people who decide not to return to the office must be invested in ensuring they are safely working from home.  Read Less
July 14, 2020

Expert Reaction On Millions of LiveAuctioneers Passwords for Sale
Laurence Pitt, Global Security Strategy Director at Juniper Networks
“While there is nothing to say that the stolen data came from a single breach, what this emphasizes is the need for people to regularly update passwords and use 2FA wherever possible. With tools like Microsoft Authenticator and 1-Password making this so easy, there’s really no excuse for old and recycled passwords today. The unfortunate reality is that hackers will steal whatever data they can lay their hands on and sell to the highest bidder. As the end user, this means we must take.....Read More
“While there is nothing to say that the stolen data came from a single breach, what this emphasizes is the need for people to regularly update passwords and use 2FA wherever possible. With tools like Microsoft Authenticator and 1-Password making this so easy, there’s really no excuse for old and recycled passwords today. The unfortunate reality is that hackers will steal whatever data they can lay their hands on and sell to the highest bidder. As the end user, this means we must take responsibility for ensuring that our personal accounts/data and profiles are well-protected with regularly updated and non-recycled passwords.”  Read Less
July 01, 2020

GDPR Breach Notifications Rising – Expert Reaction
Pre-GDPR, many of these could have remained private.
The number of breaches reported is only impressive because of growth. What’s more interesting is the type of breaches reported. Pre-GDPR, many of these could have remained private. According to this report, the top sources for a breach are hacking and scams, sending emails to the wrong people (likely CC instead of BCC), loss of unsecured devices and inadequate security on internet available data. In three out of four key breach sources, the cause was improper security basics – lack of.....Read More
The number of breaches reported is only impressive because of growth. What’s more interesting is the type of breaches reported. Pre-GDPR, many of these could have remained private. According to this report, the top sources for a breach are hacking and scams, sending emails to the wrong people (likely CC instead of BCC), loss of unsecured devices and inadequate security on internet available data. In three out of four key breach sources, the cause was improper security basics – lack of security awareness, lack of security management, weak password and weak hygiene standards. The result is three out of four GDPR notifications were entirely preventable, if a little more time had been spent on cybersecurity basics.  Read Less
June 30, 2020

Over 100k Daily Brute-force Attacks On RDP In Pandemic Lockdown – Expert Reaction
It is an invitation for anyone walking by to pop in, take what they want and mess up everything else.
Attacks using RDP are not a new problem, but one made worse by the number of RDP ports that have been exposed to the internet in recent months. According to some statistics, they have increased by around 50%. More ports equates to more opportunity for the bad guys. Reducing the risk of attack is not complicated, as these attacks are either taking advantage of well-known existing exploits, such as Bluekeep, or weak passwords on devices. The prevention method is to ensure that you apply the.....Read More
Attacks using RDP are not a new problem, but one made worse by the number of RDP ports that have been exposed to the internet in recent months. According to some statistics, they have increased by around 50%. More ports equates to more opportunity for the bad guys. Reducing the risk of attack is not complicated, as these attacks are either taking advantage of well-known existing exploits, such as Bluekeep, or weak passwords on devices. The prevention method is to ensure that you apply the latest patches on all devices and introduce good, strong and, ideally, centrally-managed password hygiene. Leaving RDP unpatched, with a simple password, is like going out and leaving the front door of the house unlocked and open. It is an invitation for anyone walking by to pop in, take what they want and mess up everything else.  Read Less
June 01, 2020

Over Half Of Work-from-home Staff Believe Riskier Cybersec Behaviors Are Ok – Experts Reaction
Security awareness is important for home workers.
This COVID-19 situation will drive changes in remote working policies not just to be better prepared for the future, but also because it’s likely that many users will find that working from home is something they want to do more regularly, once it becomes optional again. Many organizations already have flexible and detailed policies in-place, but it would still be highly recommended to dust them off and make sure everything is up to date. For those that are being challenged today, this will.....Read More
This COVID-19 situation will drive changes in remote working policies not just to be better prepared for the future, but also because it’s likely that many users will find that working from home is something they want to do more regularly, once it becomes optional again. Many organizations already have flexible and detailed policies in-place, but it would still be highly recommended to dust them off and make sure everything is up to date. For those that are being challenged today, this will be an opportunity to create a modern policy that supports users and their work. It will need to include technical requirements, such as home-working equipment, methods of access, VPN and multi-factor locational requirements. Security awareness is important for home workers. It’s easy to be briefly distracted at home by a website you might not normally access in the office, perhaps to show your children something. However, home workers need to be (made) aware of the types of scams that will be targeted at them and how spending more time at home can make them a more likely target.  Read Less
April 26, 2020

Cyber-Attacks On WHO Increase 5X – Expert Insight
For an attacker, the theft of email addresses from WHO is valuable.
Organizations such as WHO will be targets because they are very visible to the current crisis and will be taking in large numbers of new, global contact details as they bring everyone together to work toward a solution. For an attacker, the theft of email addresses from WHO is valuable because they would expect for the list to contain up-to-date and relevant details that can be leveraged in the generation of scams and phishing campaigns. But migration of affected systems after an attack is a.....Read More
Organizations such as WHO will be targets because they are very visible to the current crisis and will be taking in large numbers of new, global contact details as they bring everyone together to work toward a solution. For an attacker, the theft of email addresses from WHO is valuable because they would expect for the list to contain up-to-date and relevant details that can be leveraged in the generation of scams and phishing campaigns. But migration of affected systems after an attack is a response, not a solution. Any organization dealing with current, relevant personal details should be reviewing data security and looking to airgap, encrypt or add additional security, in order to prevent a breach from occurring in the first place.  Read Less
March 25, 2020

Hackers Hijack Routers To Spread Malicious COVID-19 Apps – Networks Expert Comments
Most internet providers today provide routers that have a decent strength default security setup.
This attack highlights the need for people to make sure they change the default username/password for their home router, as a number of the affected users admitted having a weak or default combination. Most internet providers today provide routers that have a decent strength default security setup. It appears that this attack has targeted a certain brand of router that would also indicate that users have left the default admin/password combination to access the device.
December 21, 2019

2020 Cybersecurity Landscape: 100+ Experts’ Predictions
The Masad Stealer attack, reported by Juniper Threat Labs in late 2019.
Any threat that costs money, and especially where it affects public money (government and healthcare) will remain newsworthy. We’ll see more attacks using common vectors, such as phishing, download via malvertisiting, etc., but also attacks that use old methods with new vectors. The Masad Stealer attack, reported by Juniper Threat Labs in late 2019, is a good example of this, where data (and money) was stolen via malware injected into a used and respected piece of software.
October 09, 2019

Experts On Credit Information Exposed In TransUnion Credit Stuffing Attack
It should only have been possible to access this sensitive data remotely using a corporate device.
Whatever the cause of the attack, however, organizations need to be more careful of protecting data in all states – whether at rest or on the move. It should only have been possible to access this sensitive data remotely using a corporate device, and through a VPN client, to ensure that authentication and the records accessed could be logged. In addition the use of a CASB (Cloud Access Security Broker) could have ensured not only a secure connection, but also detected any anomalous data.....Read More
Whatever the cause of the attack, however, organizations need to be more careful of protecting data in all states – whether at rest or on the move. It should only have been possible to access this sensitive data remotely using a corporate device, and through a VPN client, to ensure that authentication and the records accessed could be logged. In addition the use of a CASB (Cloud Access Security Broker) could have ensured not only a secure connection, but also detected any anomalous data access by the user as they downloaded the records – then shut down the connection and raise a security alert.  Read Less