If you don’t where it is, you can’t protect it.
Do you know where ALL your organisation’s data is – not physically, but on which web and cloud services?
Here’s the problem. If you don’t where it is, then you can’t protect it. The secondary problem is finding out, because not everyone in your organisation will be onboard. It is common for people to sign up to web services because they offer something useful that helps them do their job.
They sign up using their email address and creating a password. There is the first headache – how does anyone track what has been signed up to across your organisation, let alone who has access to it? If that person leaves, no one will change the account credentials if they don’t know about it, but your ex-colleague still has access.
Secondly, what data do they upload? Is that data that you have a legal or moral responsibility for?
There’s nothing noble about Nobelium.
This isn’t theory – it’s real. USAID is a pretty important US organisation – promoting democracy and human rights around the world. Turns out, someone there was using a well-known email database tool called Constant Contact. But their account wasn’t well protected. Worse still, their account had a huge mailing set up, and of course, it had all the official USAID templates.
So, these Nobelium people, allegedly a Russian state-sponsored hacker group, compromised the Constant Contact account and sent a bulletin out. The bulletin contained malware that allowed the hackers to take command and control over victims computers. Ironically the fake email alleged interference in the US federal elections.
So, what can you do?
The first step is knowing what SaaS tools your people are using. We call this SHADOW IT and it is inevitable. Rather than stopping it, the job IT has is to identify it and manage it. The second step is to secure those platforms. That’s why our KARE for Security S2 plan contains a useful tool to help you identify what services your people are using.
Refer : What We Know About The Apparent Russian Hack Exploiting USAID : NPR
Is Ignorance Bliss?
Are there things you would rather not know? If those things were about you, and could impact you, would that change your answer?Sometimes a regular check-up can reveal information that you would rather not know – whether it’s getting your car serviced, and finding out...
Should we worry about DeepFake?
What can you believe? For years we've told you that you can't believe every email you read. But now we can't believe every photo or video you see. Deepfake is the term for when a picture, video or audio file is altered to put a different person into the content,...
Webinar: Updating what is ‘reasonable’ to protect your organisation from cyber-crime.
Cyber-security gets harder, so we make it easier. Much as the heading may sound 'double-dutch', it isn't. Simply, the levels of protection that are 'reasonable' to protect your organisation have changed. We need to do more, and at Kinetics we know that...
What’s a passkey? What do they mean for my password?
Every time you sign up for something new, it seems you have to think up a new password. Sometimes you can use your Google or Facebook credentials but more often than not, you have to use your email address and come up with a new password. The lazy amongst us reuse...
Cyber-attacks on emails get faster and faster
A lot can happen between your morning coffee and your lunch. That’s all it takes to go from ‘normal’ to ‘disaster’ when the hackers strike. Microsoft researchers recently worked backwards through a ‘BEC’ attack (business email compromise – IT people love to convert...
When KARE isn’t enough
The world has changed... Since we designed our original ‘base’ KARE plans, the world has gone more mobile, more in the cloud and ‘work-from-anywhere’ is ubiquitous. And the cyber-threat environment has become much more adverse. Our KARE plans need to reflect 2023! In...
How cybersafe are you at home?
The NSA have released a ‘Cybersecurity Information Sheet’ for home networks. We know that home networks can range from simple to complex. You might have smart TVs, smart home lighting, Google Home, Alexa, alarms, cameras – the list goes on. These devices can be less...
Warning : Business Email Compromises skyrocket
The stats are in, and they are alarming! Business Email Compromise (BEC) attacks are up 81% in 2022! Small Medium Businesses often say to us that they don’t need to worry about cyber because they're not worth it for an attacker. Unfortunately, that’s incorrect. There...
Is automated Microsoft patching enough?
Microsoft have been releasing patches for 30 years. It’s easy to become blasé about them. Yes, Microsoft can automatically apply updates to Windows and Office. But that does not mean that you can rely on it. Any system is only as good as how well it is monitored....
Beware of “Pig-Butchering” – a new trend in Social Engineering
Where do these names come from? The latest trend is referred to as Pig-Butchering. The name comes from the Chinese underworld (shāzhūpán). The term refers to fattening up a pig, taking a longer-term view. They develop their target slowly, looking to get maximum...