Connect with us

Cyber Security

Top 10 Bad Cybersecurity Habits to Shed in 2022

Published

on

Written by Phil Muncaster, guest writer at ESET

The new year is a new opportunity to rewire your digital life. An increasingly important part of this is cybersecurity. In fact, 2021 is already shaping up to have been one of the most prolific years yet for cybercriminals. Almost 19 billion records were exposed in the first half of the year alone. Better security should mean you’re more insulated from the risk of identity fraud and financial loss. The cost of these scams reached a record $56bn in 2020, with most of this coming online. Although the organizations you interact with have a duty, and often a legal responsibility, to keep your data protected, it’s important to do your bit.

If you’re still feeling reluctant to find new ways to protect your digital world, consider this: a third of US identity crime victims have claimed they didn’t have enough money to buy food or pay for utilities last year as a result of fraud, according to the U.S. Identity Theft Resource Center.

Be alert, be proactive and break these 10 bad habits to improve your cyber-hygiene in 2022:

Using outdated software
Vulnerabilities in operating systems, browsers, and other software on your PCs and devices are one of the top ways cyber-criminals can attack. The problem is that more of these bugs were discovered in 2020 than any year previously: over 18,100. That amounts to more than 50 new software vulnerabilities per day. The good news is that by switching on automatic update functionality and clicking through to update when prompted, this task needn’t intrude too much on day-to-day life.

Poor password hygiene
Passwords represent the keys to our digital front door. Unfortunately, as we have so many to remember these days – around 100 on average – we tend to use them insecurely. Using the same password for multiple accounts and easy-to-guess credentials gives hackers a massive advantage. They have software to crack weak encryption, try commonly-used variants and attempt to use breached passwords across other accounts (known as credential stuffing). Instead, use a password manager to remember and recall strong, unique passwords or passphrases. And switch on two-factor authentication (2FA) on any account that offers it.

Using public Wi-Fi
We’re all getting out-and-about more these days. And that brings with it a temptation to use public Wi-Fi. But there are risks. Hackers can use the same networks to eavesdrop on your internet usage, access your accounts and steal your identity. To stay safe, try to avoid these public hotspots altogether. If you must use them, don’t log in to any important accounts while connected.

Not thinking before clicking
Phishing is one of the most prolific cyber threats out there. It uses a technique known as social engineering, where the attacker tries to trick their victim into clicking on a malicious link or opening a malware-laden attachment. They take advantage of our hard-wired credulity and often try to force rapid decision-making by lending the message a sense of urgency. The number one rule to thwart these attacks is to think before you click. Double-check with the person or company sending the email to make sure it is legitimate. Take a breath. Don’t be pressured into taking over-hasty action.

Not using security on all devices
It goes without saying that in an era of prolific cyber-threats, you should have anti-malware protection from a reputable provider on all of your PCs and laptops. But how many of us extend the same security to our mobile and tablet devices? Research suggests we spend nearly 5,000 hours each year using these gadgets. And there’s plenty of opportunities to come across malicious apps and websites in that time. Protect your device today.

Using non-secure websites
HTTPS sites use encryption to protect the traffic going from your web browser to the site in question. It has two purposes: to authenticate that website as genuine and not a phishing or fraudulent web property; and to ensure cybercriminals can’t eavesdrop on your communications to steal passwords and financial information. It’s not a 100% guarantee nothing bad will happen as even many phishing sites use HTTPS these days. But it’s a good start. Always look for the padlock symbol.

Sharing work and personal lives
Many of us have spent a large part of the past two years merging a once clearly defined line between our work and our personal lives. As the line has become more blurred, cyber risk has crept in. Consider the use of work emails and passwords to register on consumer shopping and other sites. What if those sites are breached? Now hackers may be able to hijack your corporate account. Using unprotected personal devices for work also adds extra risk. Keeping business and pleasure discrete is worth the extra effort.

Giving out details over the phone
Just as email and SMS-based phishing use social engineering techniques to trick users into clicking, so voice phishing, also called vishing, is an increasingly popular way to elicit personal and financial info from victims. The scammers often disguise their real number to add legitimacy to the attack. The best rule of thumb is not to hand out any sensitive info over the phone. Ask who they are and where they’re calling from and then ring the company directly to check – not using any phone numbers provided by the caller.

Not backing up
Ransomware is costing businesses hundreds of millions annually. So it’s sometimes easy to forget that there are still variants lying in wait for consumers. Imagine if you were suddenly locked out of your home PC. All the data on it, and potentially cloud storage, could be lost forever – including family photos and important work documents. Regular backups, according to the 3-2-1 best practice rule, provide peace of mind in case the worst happens.

Not protecting the smart home
Nearly a third of European houses are fitted out with smart gadgets like voice assistants, smart TVs, and security cameras. But by fitting them with connectivity and intelligence, these devices also become a more attractive target for criminals. They can be hijacked and turned into botnets to launch attacks on others, or used as a gateway to the rest of your devices and data. To keep them secure, change default passwords on start-up. Also, be sure to choose a vendor who has a track record of fixing known vulnerabilities in their products and research potential security flaws before purchasing a gadget.

Channel Talk

Entrust Signs Up CyberKnight as New Distributor for the Middle East Region

Published

on

Entrust has announced its new distribution partnership with CyberKnight to address compliance and simplify cyber threat management. In line with evolving regional compliance regulations and standards, Entrust’s new partnership with CyberKnight as its newest regional distributor will see the two companies jointly build solutions for the Middle East market that achieve the highest standards of cyber security.

Entrust and CyberKnight are strategically aligned on their security vision with a ‘Zero Trust’ philosophy at its core. With the aim of increasing access to the highest standards of security for Middle East customers, Entrust’s new partnership with CyberKnight will further enable the delivery of digital security solutions to customers, by tapping into CyberKnight’s local network to offer advice, education, expertise, and confidence.

“Digital transformation in the Middle East continues to evolve at a phenomenal pace, especially as the demands of the past two years called for a rapid implementation of cloud-based systems to manage the unprecedented shift to remote workforces,” said Scott Kemish, Global Vice President Channel Sales, Entrust. “In order to support local customers championing cloud adoption while meeting the requirements of local compliance regulations, as well as protecting themselves against an all-time-high of cybercrime, we have entered a stage of channel development that requires our channel distribution partners to stand up and make a difference; CyberKnight has all of the right attributes that we are looking for in the market.”

“Our partnership with CyberKnight further cements our commitment to the region, and we look forward to helping more customers transform their digital security in line with the requirements of this new age,” Scott continued. Over the last two years, the rapid adoption of cloud solutions to enable remote working resulted in an increase in cybercrime globally, as it provided cybercriminals more opportunities to target victims at home. Cybercrime is set to cost the global economy $10.5 trillion annually by 2025. And industry research reveals that, in the UAE, the average cost of remediating a ransomware attack is over $500,000.

“The pandemic has reminded us that cybercriminals are constantly fine-tuning their skills and techniques. If we do not help our customers do the same, then they will be playing catch-up,” said Avinash Advani, Founder & CEO of CyberKnight. “Our partnership with Entrust as our newest vendor will enable us to continue helping customers fill the existing gap between their digital transformation efforts, and their security posture by securing their digital ecosystems as well as supporting them with their zero-trust security journey. We are very excited about working with them to further support our local customers across the region.

Entrust’s certificate solutions, PKI, identity and access management, encryption key management and hardware security modules are available to local customers through the partnership. Later this year, Entrust will join CyberKnight’s annual roadshow, set to take place in November 2022.

Continue Reading

Cyber Security

The Rising Risk of Ransomware Attacks on Organisations and How to Mitigate it

Published

on

According to the 2022 SonicWall Cyber Threat Report, “ransomware volume increased 105% year over year and is up 232% since 2019.” With the risk of ransomware attacks continuing to rise, it’s crucial to shield your organization from these attacks to avoid unwanted financial fallout.

Ransomware attacks commonly target an organization’s file servers and databases using malicious code to encrypt files such as documents, images, and videos on the system. Ransomware can also be programmed to find vulnerabilities on the network and use these to spread to other systems in an organization. Ransomware attacks are typically executed through social engineering like widespread phishing attacks, but cybercriminals can also specifically target a certain entity, sometimes a popular one. These attacks have the potential to cripple an entire organization’s database.

Once encrypted by ransomware, files are almost impossible to retrieve without the decryption key. To get this key, the victim is demanded to pay a ransom—often millions of dollars—within a short timeframe, usually 24 to 48 hours. If the victim organization keeps a backup of its files, then it’ll be able to restore those files and avoid paying the ransom. If not, the organization often has no option but to pay the ransom.

However, if you fall victim to a ransomware attack, it’s strongly recommended that you don’t pay the ransom to regain access to your encrypted files. This is because you are relying on the integrity of a cybercriminal. The cybercriminal may not give you the decryption key after the transaction or, even worse, they may continue to target your organization and repeatedly demand higher ransoms now that they know you’re willing to pay.

In recent years, it has become much easier to develop ransomware, resulting in the continued rise in ransomware attacks. Cybercriminals can develop and execute a ransomware attack with readily available open-source code and with easy-to-use drag-and-drop platforms. It is also hard to track these cybercriminals because transactions involving ransomware are commonly made using cryptocurrency.

Ransomware attacks can result in exploitation and loss of your organization’s critical and confidential data. But there are steps you can take to prevent and mitigate these attacks.

Back-Up Your Data
Take regular backups of all your files and data; this way, even if your system is infected, you can erase the infected files and recover them using your backups. This cannot prevent a ransomware attack, but it can mitigate the risk of losing all your data.

Keep Your System and Software Up-to-Date
Maintain a healthy patching routine. This includes updating your software as soon as possible when patches for security vulnerabilities are released by vendors. To keep your device secure from ransomware attacks, use a security solution that can identify these attacks at their earliest stages and mitigate their impact.

Be Careful Where You Click
Beware of social engineering attacks and email scams, and avoid downloading files from untrusted sources as these can result in your system being exploited by malicious software like ransomware. What makes social engineering attacks so dangerous is that they take advantage of human error rather than system vulnerabilities.

Create Awareness Among Employees About Ransomware Attacks
Since human error is a major vector cybercriminal manipulate to carry out ransomware attacks, it is essential to educate and train employees on social engineering and email phishing attacks to effectively secure your organization against them.

ManageEngine’s security information and event management (SIEM) solutions protect your enterprise network from cyberattacks and insider threats. SIEM solutions collect and analyze the security data generated by your devices in real-time, alerting you about vulnerabilities, indicators of compromise, and any suspicious activity to help you mitigate the risk of ransomware attacks.

Continue Reading

Cyber Security

Ransomware Hit 59% of UAE Organizations Surveyed for Sophos’ Annual “State of Ransomware 2022”

Published

on

Sophos has released its annual international survey and review of real-world ransomware experiences in the State of Ransomware 2022. The report shows that 59% of UAE organizations surveyed were hit with ransomware in 2021, up from 38% in 2020.

The report summarizes the impact of ransomware on 5,600 mid-sized organizations in 31 countries across Europe, the Americas, Asia-Pacific, and Central Asia, the Middle East, and Africa. The main findings for the UAE in the State of Ransomware 2022 global survey, which covers ransomware incidents experienced during 2021, as well as related cyber insurance issues, include:

  • Many organizations rely on cyber insurance to help them recover from a ransomware attack – 85% of mid-sized organizations had cyber insurance that covers them in the event of a ransomware attack – and, in 100% of incidents, the insurer paid some or all the costs incurred.
  • Ninety-eight percent of those with cyber insurance said that their experience of getting it has changed over the last 12 months, with higher demands for cybersecurity measures, more complex or expensive policies, and fewer organizations offering insurance protection.

“The findings suggest we may have reached a peak in the evolutionary journey of ransomware, where attackers’ greed for ever higher ransom payments is colliding head-on with a hardening of the cyber insurance market as insurers increasingly seek to reduce their ransomware risk and exposure,” said Wisniewski. “In recent years, it has become increasingly easy for cybercriminals to deploy ransomware, with almost everything available as-a-service. Second, many cyber insurance providers have covered a wide range of ransomware recovery costs, including the ransom, likely contributing to ever higher ransom demands. However, the results indicate that cyber insurance is getting tougher and in the future ransomware victims may become less willing or less able to pay sky-high ransoms. Sadly, this is unlikely to reduce the overall risk of a ransomware attack. Ransomware attacks are not as resource intensive as some other, more hand-crafted cyberattacks, so any return is a return worth grabbing and cybercriminals will continue to go after the low hanging fruit.”

Sophos recommends the following best practices to help defend against ransomware and related cyberattacks:

  1. Install and maintain high-quality defenses across all points in the organization’s environment. Review security controls regularly and make sure they continue to meet the organization’s needs.
  2. Proactively hunt for threats to identify and stop adversaries before they can execute their attack – if the team lacks the time or skills to do this in house, outsource to a Managed Detection and Response (MDR) specialist.
  3. Harden the IT environment by searching for and closing key security gaps: unpatched devices, unprotected machines, open RDP ports, etc. Extended Detection and Response (XDR) solutions are ideal for this purpose.
  4. Prepare for the worst. Know what to do if a cyber incident occurs and keep the plan updated.
  5. Make backups, and practice restoring from them so that the organization can get back up and running as soon as possible, with minimum disruption.
Continue Reading
Advertisement


Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.