Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Guest Blog Post

 

GUEST ESSAY: How stealth, persistence allowed Wipro attacker to plunder supply chain

By Chris Gerritz

The recent network breach of Wipro, a prominent outsourcing company based in India, serves as a stunning reminder that digital transformation cuts two ways.

Our rising dependence on business systems that leverage cloud services and the gig economy to accomplish high-velocity innovation has led to a rise in productivity. However, the flip side is that we’ve also created fresh attack vectors at a rapid rate – exposures that are not being adequately addressed.

Related: Marriott suffers massive breach

We now know, thanks to reporting from cybersecurity blogger Brian Krebs, that the Wipro hack was a multi-month intrusion and likely the work of a nation-state backed threat actor. What’s more, the attackers reportedly were able to use Wipro as a jumping off point to infiltrate the networks of at least a dozen of Wipro’s customers.

Wipro issued a media statement, via its Economic Times division, acknowledging “potentially abnormal activity in a few employee accounts on our network due to an advanced phishing campaign . . . Upon learning of the incident, we promptly began an investigation, identified the affected users and took remedial steps to contain and mitigate any potential impact.”

Wipro did not provide many additional details. However, one has to wonder whether, beyond its customers, …more

GUEST ESSAY: Six risks tied to social media marketing that all businesses should heed

By Mike James

While the internet and social media have been very positive for businesses, there remains an inherent risk when it comes to how brands manage their Facebook, Twitter, and Instagram accounts.

Related: Defusing weaponized documents

While social media on every platform has benefits, there remains risks that must be addressed so as to keep your companies’ image and data safe.

No matter how large or small your business may be, the ability of social media to help you reach new customers and interact with consumers is unparalleled; however, there are danger areas. Here are five potential pitfalls of social media marketing.

Risk no. 1: Cybercrime

Businesses should always be very aware of the threat of cybercriminals, and social media also poses very real cyber-security risks.

Hackers use social media to learn more about you, and they can be very skilled when it comes to working out your passwords thanks to your posts about your pets, family, or even birthday plans.

When your social media accounts are shared between your personal account and your business pages, then even your own profile pages may be a way for hackers to gain access to company data.

In order to minimize the risks, you need to establish a strong online security culture across every level of your company. Teach your employees about the need for stronger passwords, and how to make use of both password generators and password management systems.

Risk no. 2: Trolls

There are some people online who enjoy attacking strangers on social media, and businesses are not exempt from this unpleasant attention. Whether it’s online bullying on Facebook, attacks to your brand on Twitter, or even leaving unfounded negative reviews online, those trolls cost UK businesses as much as £30k a year. …more

Cloud computing 101: basic types and business advantages of cloud-delivered services

By Mike James

If you are looking for a simpler method of managing issues such as storage, software, servers and database, cloud computing could have the answers that your business needs. The cloud is becoming increasingly popular around the world, as organisations are starting to understand the organisational and cost benefits to using them.

Related: Using a ‘zero-trust’ managed security service

In this article we will take a look at the different types of cloud computing services available to see whether this might be something suitable for your business.

Four types

Before you can establish whether or not cloud computing is right for your business, it is necessary to understand the differences between the forms of cloud computing that are available to you. Known by the …more

GUEST ESSAY: Why there’s no such thing as anonymity it this digital age

By Goddy Ray

Unless you decide to go Henry David Thoreau and shun civilization altogether, you can’t — and won’t — stop generating data, which sooner or later can be traced back to you.

Related: The Facebook factor

A few weeks back I interviewed a white hat hacker. After the interview, I told him that his examples gave me paranoia. He laughed and responded, “There’s no such thing as anonymous data; it all depends on how determined the other party is.”

App developers, credit card, telecommunication companies, and others use the term “anonymous data” because it sells. But anonymous data really doesn’t exist anymore

Every step online is recorded and stored – our interactions with devices, geolocation, voter registration, time stamps, etc. Machine learning (ML) is currently the leading technique to re-identify any data. Specifically-designed algorithms make pattern-recognition much faster and more efficient. Sometimes the accuracy of identifying is 90% and more.

De-anonymization

Actually, 63% of the population can be identified just by the combination of their gender, date of birth, and zip code.

“Anonymous” or “aggregated” large datasets are often released publicly. As a result, the development of de-anonymization tools is becoming increasingly more advanced. Here are a  few unexpected examples of supposedly anonymous data reversal: …more

BEST PRACTICES: 6 physical security measures every company needs

By Mike James

It has never been more important to invest in proper security for your business. Laws surrounding the personal data of individuals such as the General Data Protection Regulation (GDPR) put the onus on companies to ensure that both digital and physical copies of data are secure at all times.

Related: Shrinking to human attack vector

Gaining access to your property can provide criminals with the ability not only to steal physical items from your premises, but also to potentially infect computers with malware or access data through your IT infrastructure. Here are six physical security measures that you can put in place to help keep your company secure.

Access controls

Clearly your business needs to have some method of access control …more

GUEST ESSAY: Repelling social engineering attacks requires shoring up the weakest link: humans

By Cynthia Lopez

The problem with social engineering attacks is that they capitalize on the weakest link on any computer or network system: You! Avoiding social engineering attacks requires you to understand what they are and how they work.

Related: Why diversity needs to be part of security training

Social engineering takes advantage of human psychology to attack using deception and manipulation. Hackers know that humans are:

•Easily distracted. They usually don’t check links that they click on in an e-mail if it’s from somebody they trust. It could be an e-mail that looks like it came from their bank, from an online service they use, or even their boss.

Once they see that level of trust, they may unknowingly hand over their passwords or vital company information because they did not bother to verify the link – or sender – before clicking. For instance, an e-mail may come from paypa1.com instead of paypal.com (the number 1 in place of the letter l).

•Forgetful. Other social engineering attacks do not come via e-mail, but from plain stealing. Many people check their work e-mails and other office-related stuff from their phones. Often, they just save their password. If that device is left in a taxi or other public place, whoever picks up that phone is just a few taps away from learning your company’s secrets. …more

GUEST ESSAY: Australia’s move compelling VPNs to cooperate with law enforcement is all wrong

By Bogdan Patru

The moment we’ve all feared has finally come to pass. When government agencies and international intelligence groups pooled together resources to gather user data, the VPN’s encryption seemed like the light at the end of the tunnel.

Related: California enacts pioneering privacy law

However, it looks like things are starting to break apart now that Australia has passed the “Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018”. On the 6th of December 2018, a law that is a direct attack on internet users’ privacy was agreed to by both the House of Representatives and the Senate.

The amendment forces all companies, even VPN providers, to collect and give away confidential user data if the police demand it. All telecoms companies will have to build tools in order to bypass their own encryption.

If suspicions appear that a crime has been or will be committed by one of their users, the law enforcement agencies are in their right to demand access to user messages and private data.

This Orwellian Thought Police is to be the judge, jury, and executioner in a digital world that shelters our personal lives and secrets. All the things we’d like to keep hidden from others. You know, this revolutionary idea called “privacy” Anyone?

Tech companies all over the world are unsure how this can be achieved without installing backdoors into their own security systems. These vulnerabilities are just like a stack of powder kegs ready to blow up at any moment. This is because anyone with knowledge of their existence could theoretically use those security holes to gain access to the user data. …more