If you don’t where it is, you can’t protect it.
Do you know where ALL your organisation’s data is – not physically, but on which web and cloud services?
Here’s the problem. If you don’t where it is, then you can’t protect it. The secondary problem is finding out, because not everyone in your organisation will be onboard. It is common for people to sign up to web services because they offer something useful that helps them do their job.
They sign up using their email address and creating a password. There is the first headache – how does anyone track what has been signed up to across your organisation, let alone who has access to it? If that person leaves, no one will change the account credentials if they don’t know about it, but your ex-colleague still has access.
Secondly, what data do they upload? Is that data that you have a legal or moral responsibility for?
There’s nothing noble about Nobelium.
This isn’t theory – it’s real. USAID is a pretty important US organisation – promoting democracy and human rights around the world. Turns out, someone there was using a well-known email database tool called Constant Contact. But their account wasn’t well protected. Worse still, their account had a huge mailing set up, and of course, it had all the official USAID templates.
So, these Nobelium people, allegedly a Russian state-sponsored hacker group, compromised the Constant Contact account and sent a bulletin out. The bulletin contained malware that allowed the hackers to take command and control over victims computers. Ironically the fake email alleged interference in the US federal elections.
So, what can you do?
The first step is knowing what SaaS tools your people are using. We call this SHADOW IT and it is inevitable. Rather than stopping it, the job IT has is to identify it and manage it. The second step is to secure those platforms. That’s why our KARE for Security S2 plan contains a useful tool to help you identify what services your people are using.
Refer : What We Know About The Apparent Russian Hack Exploiting USAID : NPR
The Implications of Using ChatGPT (free gen-AI tools): An instructive Case Study from Australia
Recent news from Australia In a recent investigation, the privacy regulator in the state of Victoria has imposed a ban on the use of ChatGPT within a government department. This case highlights the dual nature of Generative AI (GenAI) tools, which offer significant...
Oh no, the worst has happened! Now what?
When we talk to people about the different risks that their organisation might face, one of the events that has the highest likelihood, and would have the biggest impact, is a significant cyber-event. The worst-case scenario would be a ransomware event, where the bad...
What is Malvertising?
Malvertising is appearing more frequently on search engines. More people are starting to experience frustration with search engines, partly due to occasional inaccuracies in AI-driven overlays and an excess of advertisements. Another emerging concern is “malvertising”...
Check out the NZ 2024 SME Cyber Behaviour Tracker
As cyber threats proliferate, small businesses find themselves not just in the crosshairs but also facing the daunting financial repercussions of a breach. There is an urgent need for robust cyber security measures. With the staggering average cost of $173,000 per...
Webinar Replay – Lessons from the recent “Largest Global IT outage in history”
Free Webinar Replay - What lessons can we learn from the recent outage?What lessons can we learn from the recent outage? How can we prevent these situations from happening to us? Join Kinetics CTO Bill Lunam and ConnectWsie's Leon Friend as they unpack what happened,...
Urgent Security Advisory (from Microsoft)
We have been alerted to an issue with some Microsoft Office products. The vulnerability is reported to be actively exploited and we expect Microsoft will expedite the release of fixes. Zero-day means that this is an immediate high risk and we are advised that it is...
Free resource: Business Cloud Security Checklist
Essential Business Cloud Security Checklist for 2024 In today’s digital age, securing your business’s cloud environment is more critical than ever. With cyber threats evolving rapidly, it’s essential to have a robust cloud security strategy. Here’s a checklist to help...
When not being able to access a website is a good thing.
We know it can be incredibly frustrating when you can’t access a website that you need. That happened for a number of a number of our clients last week, (and, counter-intuitively, it’s a good thing) Many websites are built on common components. One of those is...
TeamViewer Compromise
TeamViewer is a common piece for software that allows IT businesses to remotely access, control, manage, monitor, and repair devices – from laptops and mobile phones to industrial machines and robots. Many software vendors include it to allow them to remotely support...
Cert NZ Business online security assessment tool
A Personal Encounter with Cert NZ's Assessment Tool. Have you recently received an email about cyber-security that set off your system's alarms? It's ironic isn't it? That was my recent experience with an email from Cert NZ. Despite the initial warning, the email...