Infosec News | Secnic Consultancy Services

Email-Based Attacks a Growing Risk

Human beings have long been the weakest link in an organization’s security chain, mostly as a result of they thus typically fall victim to phishing campaigns, SCS, found that attackers still target finish users with email-based attacks.
The C-suite is putting businesses in danger. Nearly 400th of the respondents agreed that their organization’s business executive could be a “weak link” in their cybersecurity operation. Near to a third, 31%, of C-level staff are reportedly very likely to possess accidentally sent sensitive knowledge to the incorrect person within the last year, compared to merely 22nd of general staff.

That sensitive data is distributed via email, however accidentally sharing data with the incorrect party isn’t the sole security risk. Email is that the final entrance for ransomware. Most ransomware attacks, 92%, were delivered by email last year, leading to a mean period of longer than 3 days.

Phishing continues to be a retardant as attackers grow additional refined. The overwhelming majority, 90%, of organizations reported a rise within the volume of phishing attacks, combined with and complex by a rise in impersonation tries. These campaigns reportedly not target explicit people, creating everybody – from the C-suite to the finance department and hr staff members to trusty third-party vendors – a target.

“Email-based attacks are perpetually evolving and this analysis demonstrates the necessity for organizations to adopt a cyber-resilience strategy that goes on the far side a defense-only approach.”

“This is more than just an ‘IT problem.’ It requires an organization-wide effort that brings together many stakeholders, puts the right security solutions in place and empowers employees – from the C-suite to the reception desk – to be the last line of defense.”

In light of the continued email-based attacks, the report noted that the dearth of training is hurting businesses. Astonishingly, only 11% of organizations continuously train workers on the way to spot cyber-attacks, and more than half (52%) perform training just the once a year.

“Security awareness is a crucial a part of any high-functioning security program. However like all security controls there’s no solution resolution. The simplest security programs request a balance between technical controls, boosting their human firewalls, and having IT enabled business processes that are resilient to failures, whether or not artificial or caused by technology.”

Execs Remain Weak Link in Cybersecurity Chain

Despite their high-level positions, senior executives are reportedly the weak link within the company cybersecurity chain that finds that cyber-criminals usually target this known vulnerability.

SCS found that those at the top are guilty of a small amount of grandiosity. They disregard cybersecurity threats and policies underneath the misguided perception that the principles don’t apply to their distinctive positions.

“Professional hackers and adversaries can typically do a radical investigation into a senior executive or board level director, together with full analysis that may entail in-depth observance of the corporate website and associated social media accounts.

Most executives build constant 5 mistakes, according to the report. Senior executives fail to understand that they’re prime targets for cybercriminals, that is doubtless a results of their read that cybersecurity is an IT responsibility that doesn’t have something to try and do with their govt positions.

In reality, though, “IT security has now become the remit of all individuals, especially those in the highest positions of each department and senior executives need to take ownership for IT security best practice in their day-to-day behavior.”

Another common mistake among senior executives is that they believe cybersecurity threats are attacks that happen to the business by some external malicious actor instead of being the results of internal threats or accidents.

Many top executives additionally reportedly believe that a cloud provider is accountable for the backup and security of all data, although they fail to use cloud hosted email firmly.

However, cybercriminals apprehend that high executives usually have privileged access to company data, thus hackers on purpose target their personal accounts.

“Reviewing company policies, with a spotlight on individuals, premises, processes, systems and suppliers can give valuable insights into that areas to enhance, and by championing a ‘security first’ company culture, organizations and their senior executives are well positioned to avoid the high monetary prices, reputational harm and surprising period of time that would result from a cyber-attack or knowledge breach.

91% new computers in India run pirated software: SCS Report

A recent survey by Secnic Consultancy Services (SCS) Suggests that over 90% new personal computers in India are run on pirated software. The company purchased new personal computers sold in retail markets across the world to come at this conclusion. Software Piracy was a major concern in as many as 9 Asian countries including India.

The company purchased the computers between May and July this year and then tested them. The test showed that India had 91% of new computers loaded with pirated software, followed by Indonesia at 90%, Taiwan at 73%, Singapore 55%, and Philippines 42%. The worst incidences of software piracy were reported from countries like South Korea, Malaysia, Vietnam, and Thailand where it was found that these countries shipped 100% computers with pirated software.

SCS experts tested these computers brought from retail stores in these countries to look for pirated software.

The menace of Software Privacy

Computer retailers in India end up selling personal computers with pirated software to save cost and make extra margins. These cost benefits are a reason why most consumers in India opt for pirated software. What is often ignored is the fact that the installation of pirated software not only compromises the performance of the machine but also comes with potential security threats. What consumers fail to understand is that free software is not really free when you look at these associated costs from a performance and security perspective.

Installing and using pirated software can expose you to the risk of malwares. These malwares often run on stealth mode and steal sensitive information such as personal, family pictures, and banking data. Embedding malware in pirated software is the most common tactic followed by cybercriminals.

Cybercriminals are constantly evolving their modus operandi to evade security agencies. By using pirated software, consumers are creating a vulnerability for cyber criminals to use against them and thereby compromising the security of their data. The vendors selling pirated software are pre-installing such malware in the software CDs in collusion with cyber criminals.

Say NO to Software Privacy.

Mastercard to delete Indian cardholders’ data from global servers

Global payments and technology company Mastercard has decided to delete data of all Indian cardholders from its global servers. The company has also warned the Reserve Bank of India (RBI) that this will result in weak safety and security over a period of time.

Mastercard has committed a “certain” date from which it will start deleting the data of Indian consumers from global servers. The data localization directive issued by the RBI in April 2018 came into effect from October 16. The directive requires fintech and payment companies to store all transaction data of Indian consumers on servers within the country.

To comply with the directive, Mastercard started storing the transaction data at its technology center in Pune from October 6. However, the data of past transaction is still stored on global servers. Mastercard has given a proposal to RBI to delete the data of all Indian customers from a certain date.

In an interaction with PTI, Mastercard’s India President, Porush Singh said, “The proposal we have given (to RBI) is that we will delete it (data) from everywhere else, whether it is the card number, transaction details. The data will only be stored in India, we will start deleting the data. But we have also said that it does have an impact. No other country has asked us like that. No other country in the world has asked us the data to be deleted from the global server and the reason why it is a concern for us because that would be weakening of the safety, security over a period of time.”

Singh said that the company has submitted a timeline for deleting historical data. He also said that the company has submitted a report of how this move can have a long-term impact on consumers. The possible impact will include dispute over transactions. Deletion of transaction data is not a simple process like pressing a button, it involves validating entries from multiple players and stakeholders.

How Artificial Intelligence can be a good defense against hackers

News of sensitive corporate data being compromised, social media database or systems/servers obtaining hacked is becoming common recently. The intensity and scale of cyber-attacks have forced corporations to explore innovative ways to defend themselves from these attacks. Tech companies as well as Microsoft, Amazon, and Google are progressively experimenting with artificial intelligence algorithms to keep off future cyber-attacks.

These good AI algorithms are capable of dynamically analyzing past attacks and safeguard future instances by finding out common pattern. These algorithms go in analyzing massive volumes of information that otherwise wouldn’t be attainable for individual cybersecurity researchers to method. Increasing the utilization of machine learning technology in cybersecurity may be a game changer for corporations looking to safeguard systems/devices/networks.

Before machine learning, security teams were victimization blunter instruments. If an anonymous user tried work in from an unknown location, their try would get blocked. Or in some cases, spam e-mails that includes spelling of words would get mechanically blocked.

For a product like Gmail, wherever countless users log in everyday, the quantity of traffic that the safety team has to look is simply too massive for them to put in writing rules. Machine Learning has enabled these security groups to research massive sets of information and discover and forestall unauthorized logins.Tech companies are providing same technology to customers as well. Amazon’s Macie service is one good example of how machine learning is being used to identify sensitive data. Another positive aspect is the fact that machine learning powered systems will work in all instances and will be far more accurate in detecting threats in comparison to the traditional ways of fighting cybercrime.