Cyber Defense eMagazine December Edition for 2021

More documents

Recommendations

Info

government has offered a bounty of up to $10million (£7.4m) for information about the group, the largest bounty of its kind. The IT industry is not immune from supply chain attacks either. SolarWinds suffered an attack last year with hackers gaining access to the production system for Orion, SolarWinds’ flagship software. While in July, Kaseya, a provider of IT management software for MSPs and small to medium-sized businesses suffered a ransomware attack. As with the SolarWinds attack, the malware spread amongst Kaseya’s clients and affected dozens of businesses. So while organisations must manage the potential fallout of security breaches to themselves – reputational damage, disruption costs and more – the knock-on effect to customers, partners and the rest of the supply chain is potentially huge. Digitisation of the supply chain The ongoing digitisation of the supply chain, often through the cloud, has delivered major efficiency and cost benefits, with shared data and systems in areas such as integrated planning and execution systems, logistics visibility, autonomous logistics, smart procurement and warehousing, spare parts management and analytics. For a big company like Siemens, for example, working at the bleeding edge of supply chain innovation, the creation of a cloud-based operating system means that it can process data in real time from millions of devices and sensors in plants, systems, machinery and products dispersed throughout production processes and supply chains. Siemens may be working towards ‘supply chain nirvana’, where processes and decisions happen with minimal human intervention. But the reality for many suppliers, logistics companies, manufacturers and retailers is that business happens in browsers, on email and with shared files. The more we use the Internet to collaborate and communicate, the more we are exposed. Research has shown that web and email attacks are behind 90% 2 of all breaches. The increased adoption of cloud applications within the supply chain, accelerated by the challenges of COVID, has made the browser the most important productivity tool on any endpoint. But at the same time, the majority of cyber attacks start with the browser, and it doesn’t take much for a determined attacker to understand your key suppliers and partners and use this to target users with phishing emails and infected attachments, websites and downloadable documents. 2 Sources Google, Verisign Cyber Defense eMagazine – December 2021 Edition 84 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
The case for isolation Supply chains are evolving to be as much about the efficient exchange of information as they are about the flow of goods and services. But where there is information sharing, cybersecurity professionals are rightly uneasy. Menlo Labs has seen a steady rise in ‘credential phishing’ attacks by creating fake login pages or forms to steal users’ credentials for commonly used services, including email and document exchanges with supply chain partners. Attackers can use credential phishing to breach an organisation’s smaller supply chain partner (whose controls may be easier to bypass) then use an exchange of information, containing malware, as an easy way to laterally move and infect the larger enterprise. If this company is consciously or unconsciously allowing smaller partners to store sensitive data, attackers don’t even need to move laterally – the data is already freely available on the smaller partner’s network. We can all fall victim to a seemingly normal website or email. So now businesses are exploring options that isolate employees’ devices. Rather than detecting threats and blocking employees from accessing potentially malicious web content, this approach simply isolates all endpoints from browser-based traffic. If you take the example of a large, global manufacturer with many employees engaged in digital research and communications, they were trying to manage large volumes of phishing attacks and web malware. This meant infected devices required costly, time-consuming reimaging. While anti-phishing training for employees had some impact in reducing attacks, many employees continued to click on infected links leading to credential theft and malware infection. Isolation has changed this as all the unknown executable code from the Internet that employees previously came into contact with – including any websites visited – are now executed in a remote cloud container. Whether browsing online, reading emails or downloading documents, it is impossible for malware to infect users’ devices or the network. Plus, there is no impact on user accessibility or performance. To reduce risk but maintain agility, fast-moving organisations in the manufacturing, logistics, retail and other industries are deploying solutions to prevent malicious code from ever reaching the network perimeter – mobilising isolation-powered cloud security to shut the door on malware from within any supply chain communications. Isolation, however, will not protect an entire supply chain system from the growing number and range of attacks. Cybersecurity for these critical networks needs security and IT specialists to have conversations with a wider range of functions, such as sourcing, vendor and partner management and logistics, in a coordinated effort to reduce risks. Cyber Defense eMagazine – December 2021 Edition 85 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2:
9 Ways Social Media Sabotages Your
Page 3 and 4:
How Do You Secure the Modern Supply
Page 5 and 6:
@CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 7 and 8:
Cyber Defense eMagazine - December
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33 and 34: Cyber Defense eMagazine - December
Page 39 and 40: With over 4 billion users, social m
Page 41 and 42: Unsecure Mobile Networks When using
Page 43 and 44: However, as concerning as these pra
Page 45 and 46: Danny Lopez, CEO, Glasswall “Duri
Page 47 and 48: estoring data. Modern organizations
Page 49 and 50: When Diplomacy, Finance and Tech Co
Page 51 and 52: Another way leaders can take initia
Page 53 and 54: How Covid-19 Changed Advertising Fo
Page 55 and 56: However, this shift might not be su
Page 57 and 58: Why MFA Alone Isn’t Enough for Tr
Page 59 and 60: just highlights how vulnerable most
Page 61 and 62: on channels like email. This starts
Page 63 and 64: 3 Best Practices to Avoid Inevitabl
Page 65 and 66: For example, an employee may become
Page 67 and 68: and outcomes is essential for proje
Page 69 and 70: Electric Vehicle Charging: The Next
Page 71 and 72: Going forward, EV dealers, charging
Page 73 and 74: How does this relate to MFA? Well,
Page 75 and 76: constant exposure of countries to a
Page 77 and 78: Why do you need a malware sandbox?
Page 79 and 80: Multi-Cloud Security and Compliance
Page 81 and 82: If security controls are not consol
Page 83: How Do You Secure the Modern Supply
Page 87 and 88: Don’t Take Yourself Out of The Ga
Page 89 and 90: The U.S. Government Accountability
Page 91 and 92: assessment criteria for the tasks f
Page 93 and 94: the file. This was a great techniqu
Page 95 and 96: the wake of the pandemic where the
Page 97 and 98: Certain communications are protecte
Page 99 and 100: At Salt Communications we work with
Page 101 and 102: And it’s only getting worse. If y
Page 103 and 104: The benefits are great When HDOs ha
Page 105 and 106: 4 Pillars of Privacy-Preserving AI
Page 107 and 108: concern and a desire to be cautious
Page 109 and 110: and stay safe online. That’s why
Page 111 and 112: 2. Enabling over-the-horizon threat
Page 113 and 114: Techniques Used by Hackers to Bypas
Page 115 and 116: Phishing scams avoid email security
Page 117 and 118: ATO Detection Account takeover bene
Page 119 and 120: How To Protect Your Digital Legacy
Page 121 and 122: I worked with cybersecurity experts
Page 123 and 124: Sextortion Email Scams What to Do a
Page 125 and 126: Sextortion attacks are a type of cy
Page 127 and 128: How to respond to a sextortion emai
Page 129 and 130: Example 2:'You've been hacked' emai
Page 131 and 132: How can this strategy be implemente
Page 133 and 134: Surviving The New Era of Terabit-Cl
Page 135 and 136:
accompanying shift toward more digi
Page 137 and 138:
Survey results show businesses are
Page 139 and 140:
Enterprises Cannot Achieve Zero Tru
Page 141 and 142:
Capital One breach back in 2019. Ad
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
Page 161 and 162:
CyberDefense.TV now has 200 hotseat
Page 163 and 164:
Books by our Publisher: https://www
Page 165 and 166:
Page 167 and 168:
show all

Cyber Defense eMagazine December Edition for 2021

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?