Showing posts with label cybersecurity. Show all posts
Showing posts with label cybersecurity. Show all posts

May 4, 2023

World Password Day: May the cyberforce be with you?

The invention of passwords in the 1960s changed the digital world as we know it. Passwords are now an unconscious standard practice in our lives; from your first pet to the street you grew up on, they are deeply ingrained in our minds. Passwords today are the primary guardians of our privacy, personal data, and finances.

Despite this knowledge, passwords are often viewed complacently, even though simple, easy-to-guess passwords are insecure. Your dog’s name, spouse’s name, birthdate, and other words and phrases related to your life that are easily discoverable on your social media profiles are easy for attackers to discover.

While the onus of ensuring security and protecting data does lie on the companies that collect and store this data, there is quite a bit consumers can do on their end to secure their credentials. World Password Day 2023 is driven by the purpose of raising awareness about the importance of strong passwords and encouraging individuals and organizations to take steps to improve their password security. With the increasing prevalence of cyberattacks and data breaches, it is more important than ever to use strong and unique passwords to protect our online accounts and personal information.

Based on research, 91% of people know that using the same password on multiple accounts is a security risk, yet 66% continue to use the same password anyway. Steven Scheurmann, Regional Vice President for ASEAN at Palo Alto Networks, provides simple but effective measures to make passwords the primary guardian of your personal and professional

       Set guidelines for passwords that prevent password spraying: Ensure long passwords with a good mix of different character types—letters, numbers, and special characters. An 8-character password is easier to guess by a computer than a 16- or 24-character password.

       Avoid vulnerable passwords that are easily guessed or already compromised. If you go and Google ‘commonly used passwords," you’ll see a list that any attacker uses when trying to guess passwords. If there is a default password on an internet-facing device or even internally. Change it ASAP!

       Avoid reusing passwords: Everyone hates remembering passwords; some great options are using the passphrase options. We can use it to create unique passwords that are easy to remember. Be wary of password managers; several have been hit recently, and some of them multiple times. But they can also be an option.

       Require password updates at set frequencies: This is a pain, but consider it the standard operating procedure for business risk reduction. It doesn’t take that long to do and helps secure the organization if a set of credentials is stolen or phished somehow.

       Use multi-factor authentication methods: If a password is stolen or guessed, no matter how hard you’ve tried to be unique, having other methods to confirm it is you trying to get to a resource or a web service you use is vital. Many different cloud, security, and operating system vendors have a multi-factor authentication app that you can install on your phone to link to almost every website that supports it.

By taking these steps, individuals and organizations can help improve their password security and protect their online accounts and personal information. Learn more about how to create a stronger cybersecurity posture with an intelligent, automated, artificial intelligence (AI)-driven security operations center by checking out Palo Alto Networks’ World Password Day webinar.


 

----------------------------------

About Palo Alto Networks

Palo Alto Networks is the world’s cybersecurity leader. We innovate to outpace cyber threats so that organizations can confidently embrace technology. We provide next-gen cybersecurity to thousands of customers globally across all sectors. Our best-in-class cybersecurity platforms and services are backed by industry-leading threat intelligence and strengthened by state-of-the-art automation. Whether deploying our products to enable the Zero Trust Enterprise, responding to a security incident, or partnering to deliver better security outcomes through a world-class partner ecosystem, we’re committed to helping ensure each day is safer than the one before. It’s what makes us the cybersecurity partner of choice.

At Palo Alto Networks, we’re committed to bringing together the very best people in service of our mission, so we’re also proud to be the cybersecurity workplace of choice, recognized among Newsweek’s Most Loved Workplaces (2021), Comparably Best Companies for Diversity (2021), and HRC's Best Places for LGBTQ Equality (2022). For more information, visit www.paloaltonetworks.com.

November 3, 2022

Don’t Get Fooled: Here’s How You Can Stay Safe Online Amid Scams and Frauds

Scams and frauds designed to gain access to your online profiles—including your digital banking accounts—have been around for years now. But they have noticeably been more frequent and aggressive lately. For instance, you have probably received SMS messages with suspicious-looking links. What’s scary is how these messages now have your name, making them look more legitimate. Others have gotten phishing emails that, at first glance, seem like formal communication from banks or other financial services. It’s becoming harder to distinguish what’s fake from what’s real.


And if you may think it’s easy to identify these schemes, you would be surprised to know that these scams are becoming more and more sophisticated everyday. For one, there are scams, specifically made to target you and your own online habits to better catch you off guard. As scammers evolve their tactics quickly, more and more people have fallen victim to these fraudulent online attacks. In this article, learn some tips and steps on how you can protect yourself from cyber fraud attacks.

Don’t give out personal info mindlessly
Cyber fraud attempts work by making you believe you are talking to a legitimate financial organization or a trusted institution. The email or messages they send will address you by name and often contain personal information no one else should be privy to aside from the companies and services you officially do business with. These scams collect your information beforehand by perusing your social media accounts and other public online forums. Sometimes, the attempts are more targeted: sending you supposed online forms you need to fill up or calling you directly to ask for your personal information in the guise of confirming it for a service or promo.

Treat your personal information as a valuable asset as it is the key that fraudsters use to trick you to unlock your account. Do not post your full name, birth date, address, and other information related to your digital accounts online. Be wary of strangers trying to add you as a contact on your social media accounts as well, as this could simply be a way to get information out of you for future, more specific fraud attempts. To be sure, financial organizations and trusted companies will not call to ask for your info. And they will not call you using an unofficial contact number unprompted.

Be cautious of who you talk to
Scams are made to make you lower your defenses and give out information that could allow fraudsters to access your financial accounts. Often, this is done through emails purportedly from official institutions designed to make you reveal important info such as bank account passwords, credit card details, and digital bank app details. And now, these frauds use SMS and video calls too.

You can detect a scam message by looking at some telltale signs. Scam emails, for instance, usually come from a public email domain account and not the official company email. Some fraud attacks have legitimate-looking email addresses but with a carefully placed misspelling to make it seem official. If you receive a supposed email from your bank that has some typographical errors, it’s a telltale sign.re more direct, asking for your password, card expiry date and CVV, or one-time password (OTP) via video call. A trusted company would never ask for such details via an email, SMS, phone, and video call.

Be mindful of your online—and offline—action and habits
The techniques today usually involve a link that scammers will entice you to click or visit through a promise of job offers or online shopping discounts, among others. These links can lead you to malicious websites that download viruses, ransomware, and other types of malware to your device. Malware is a software that can damage your device. At its worst, it can give scrupulous individuals unauthorized access to your device—and ultimately, all the information stored and saved there. Hence, you should be careful when you receive links from unknown or suspicious individuals. Don’t click links from unknown origins. With telecommunication services starting to ban links in SMS, scammers have used creative ways to include them in their text messages, such as playing with the typography or adding spaces in the website URL. It takes a bit more effort to access the link now, but it also means you still get disruptive spam messages.

But you need to be mindful of your offline actions, too. Scammers don’t just rely on online schemes to get your information. There have been reports, for instance, of scammers approaching you in public, asking to borrow your phone due to an emergency only to try to get your digital bank details and OTP. Others simply look over your shoulders when you make online transactions in public. The rule of thumb is to always keep sensitive information protected. Do not share it with anybody, and make sure your device is secured and out of the sight of other people when you make transactions online in a public place.

But cybersecurity is a shared responsibility between you and your financial service providers. As you take steps to make sure your financial accounts remain safe, your bank should take every step possible with its features, services, and even cyber security education to ensure your hard-earned money is secure and away from the hands of scrupulous online scammers.

RCBC’s fight against cyber fraud
As Rizal Commercial Corporation (RCBC) continues its thrust to accelerate digital adoption with secure and convenient digital services, it also carries on the fight against cybercrime. RCBC believes that the push for digital banking goes hand-in-hand with efforts to provide efficient and secure service.

During RCBC’s #DontGetFooled: Staying Safe Online webinar on security awareness held on October 12, 2022, RCBC Chief Information Security Officer Carlos Tengkiat reiterated how successful online fraud has been in targeting individuals, but has yet to successfully infiltrate organizations, particularly banks and other financial services. “The banking industry is constantly evolving, not only to cater to your needs but also to deliver these convenient services in a secure manner,” Tengkiat said, noting that RCBC is constantly working with other banking institutions, telecommunication companies, and government services to help provide this security. He reiterated RCBC’s digital banking app offers many security features such as two factor authentication, support of biometrics, mandatory change of password for online banking, card locking for lost and misplaced cards, and real-time SMS and email notification for banking transactions, among others. “This is part of our thrust as we aim to educate our customers on how to conduct electronic banking safely.”

He added, “Security, like banking, is a partnership. And we at RCBC are dedicated to be your partner in your journey.”


August 23, 2022

Learn the A-Z to stop cyberbullying; go to www.makeitsafe.ph

A is for apple? Think again. In cyber lingo, as these parents have experienced, the alphabet takes a whole new meaning, but not necessarily all good.
These cyber expressions could range from AMP, a shorter version of a Filipino cuss word, to other derogatory terms.

Or you might have heard someone say “Go KYS” or “Reincarnate.” These are simple but disturbing terms with the harmful intention of telling a person to “kill yourself.”

And sometimes, cyberbullying does not even use letters or words. Instead, people resort to emojis such as a pig face or snout to shame a person for being fat, or a clown to denote stupidity.

Offensive language and emojis, which often victimize users of social media and social messaging apps, do not stop at inflicting emotional pain. It may cause anxiety, fear, and depression that could prove damaging to mental health, especially among kids and young adults. Cyberbullying is also known to lead to negative self-talk and low self-esteem among children.

“To stop cyberbullying, we start with understanding how and where it happens. Parents can protect their children better if they know how young people communicate. Globe is sharing helpful tips on how parents can guide their kids in this new digital environment,” said Yoly Crisanto, Chief Sustainability and Corporate Communications Officer at Globe.

Explore the new language of the youth and learn the A-Z of cyberbullying prevention through Globe's new portal, www.makeitsafe.ph, accessible via mobile and desktop browsers. You can talk about the alphabet on the site and how each corresponds to lessons on cyberbullying.

You may even add words you may have heard used in cyberbullying to help expand the glossary.

The portal is part of Globe’s cyber safety advocacy, which runs parallel to its support for the United Nations Sustainable Development Goals, which fosters innovation towards economic development under SDG No. 9, and inclusive and equitable quality education under SDG No. 4.

The country’s leading digital solutions platform has various initiatives to protect people, particularly, minors and the youth, from cyberviolence, which includes bullying, and online sexual abuse and exploitation of children (OSAEC).

Globe also implements the Digital Thumbprint Program (DTP), a series of workshops and modules that teaches students, parents, and teachers about online responsibility and safety. It has been rolling out initiatives under the #makeITsafePH campaign to raise awareness about cybersecurity, partnering with various local and international organizations to block sites that promote OSAEC.

To learn more about Globe, visit www.globe.com.ph.

September 2, 2020

Bridging the Cybersecurity Skills Gap Through Artificial Intelligence

By Sandra Wheatley, Sr. Vice President, Marketing, Threat Intelligence and Influencer Communications, Fortinet 


Executive Perspectives 
Perhaps the most resource-intensive task required of security teams is the correlation and analysis of the massive volumes of data being produced by security devices and network sensors. This challenge is probably most apparent in the fact that network breaches often remain undetected for months, allowing cybercriminals to plant time-bombs, establish elaborate botnets, and slowly exfiltrate millions of records containing customer information and intellectual property. This challenge is compounded with the growing skills shortage the cybersecurity industry is facing globally, further adding to organizations’ risks. In fact, a recent Fortinet survey found that 73% of organizations had at least one intrusion or breach over the past year that can be partially attributed to a gap in cybersecurity skills.



Today’s Tools Only Begin to Close the Cybersecurity Skills Gap 

There are steps organizations can take to close the cyber skills gap. The first is to ensure that security tools don’t operate in isolation. If a security tool or sensor detects an anomalous behavior, it needs to be able to share that with other tools so that data can be correlated and compared against other data, as well as be cross-referenced against external threat intelligence feeds. This process is accelerated and suspicious activity can be detected faster when these tools are, by design, tightly integrated together. 
Of course, data also needs to be gathered from network devices, access control points, and other sensors to see the bigger picture. SIEM and SOAR solutions are designed to bridge the gap between these non-integrated solutions, helping to identify indicators of compromise and respond to identified threats. Behavioral analytics can baseline normal traffic to identify abnormal activities, such as data moving upstream out of the data center, or devices or applications probing the network looking for ways to connect to other devices or services that are not part of their usual domain of activity. 


While these solutions can help assess large volumes of data from a variety of locations, they still have their limitations. This is because today’s networks are in a state of constant flux. Dynamic cloud environments, remote offices, mobile workers, SaaS applications, DevOps projects, and shadow IT complicates the ability to monitor and process data. The network is not only constantly reconfiguring itself to optimize connectivity or support complex workflows, many of those connections – especially in hyperscale environments – are temporary, which means there isn’t enough time to baseline traffic and behavior or provide deep SIEM and SOAR analysis.

And none of this eliminates the need for having human analysts to supervise, review, manage, and respond to events detected by this collection of distributed solutions. The cybersecurity skills gap is part of the problem. There simply aren’t enough cybersecurity professionals to fill critical roles.  

Using AI to Build a Virtual Security Analyst 

Fortunately, artificial intelligence (AI) and machine learning (ML) are poised to help resolve these issues. ML already supports things like behavioral analytics, the detection of zero day threats, and the detection of threats hidden inside correlated data. The advent of deep neural networks has improved the detection of threats comprised of billions of nodes with its mature AI capabilities. Fortinet’s FortiGuard Labs threat research team has been leveraging mature AI for years to not only detect threats in the wild, but also provide deep insights into its origins and threat vectors. 

As organizations are forced to operate exclusively in reactive mode, they position broad-brush security tools to close the most common avenues of known attacks. Sometimes having to wait until an attack was actively targeting their devices and systems in order to repel them, or far too often, clean up the mess after a stealthy attack was able to break into their system and get out with the data it was looking for.  

Address Your Skills Gap Challenges Now While Preparing for the Future 

The skills gap remains a growing challenge for organizations. One way organizations are tackling this is by having all employees, not just IT professionals, take cybersecurity training. It’s important for everyone to have cybersecurity awareness and understand the threat landscape to minimize risks. 

In addition to having a trained and knowledgeable workforce, AI-based security stands to play an increasingly critical role in supporting the skills required by digital innovation efforts. The smart businesses, cities, and infrastructures of tomorrow will all require AI-based security analysis and response to fend off the speed and sophistication of the threats of tomorrow.  

July 10, 2018

Cybersecurity in APAC: The art of simplicity and being on the right side of history - Michael Montoya, Chief Cybersecurity Officer, Microsoft Asia


We all have “a-ha” moments when that lightbulb above our heads is just too bright to ignore. One came to me when I was in a previous IT operations role. It happened on a day when I had two meetings: first with an endpoint agent team and another with a security operations team.

The endpoint team gave me detailed guidance on the possible performance degradation and alerts we could expect from another agent we were placing on user devices in the pursuit of greater security. Later, the security operations team asked for more resources to address an increasing number of incoming alerts caused by our large security footprint.

The irony raised by these back-to-back meetings struck me, and so I asked myself: “How many security tools do we have to protect our environment?”

Finding the answer was not as simple as I had hoped. But when I was eventually told the approximate number, it was clear to me that we had a problem – and I was part of that problem. People like me have been in the industry long enough to have dealt with server sprawl and application sprawl. Now, we were witnessing security sprawl.

It seems very logical in this world of rapid digital transformation – where businesses and organizations face constant and evolving digital threats – to deploy as many defenses as possible to ward off cyberattacks. The more barriers in place, the more protected you are, right?

Well, I don’t believe I am alone when I say that it is a logical fallacy to think that having more security tools means better security. In fact, they could have the opposite effect, according to new research by IT analyst firm, Frost & Sullivan.

“Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World” surveyed 1,300 respondents from 13 countries. This Microsoft-commissioned study drilled down into how organizations in our region view, approach, and practice cybersecurity.

One facet of the Study examined the experiences of organizations with different levels of security in place. What it found might, at first glance, seem counter-intuitive: Those that had gone to a lot of expense and trouble to put a wide array of security measures in place often encountered more security incidents than those with fewer defenses.


Moreover, they often took longer to recover from attacks. Of the surveyed organizations set up with more than 50 cybersecurity solutions, only 23% said they had been able to bounce back within an hour of a breach. For the organizations with less than 10 cybersecurity solutions, the figure was 40%.

The truth of the matter is simple: The number of security solutions you have won’t necessarily guarantee the safety of your data or protect your business reputation. The reasons can vary, but often over-complicated layers of complexity can make cybersecurity issues too hard for some companies to handle effectively.

These are just a few of the things that can open the door to threats, including the four this Study identified as being high-impact in Asia Pacific: 
  • fraudulent wire transfers; 
  • data corruption; 
  • online brand impersonation, which is when a cyber fraudster creates a bogus webpage or a social media account, either to harm your brand or simply to gain the confidence of your trusting customers; 
  • and data exfiltration, whereby cybercriminals use various malicious ways to copy, transfer, or retrieve data from computers or servers. 
Most of the Study’s respondents knew about the dangers out there and regarded them as real threats – with 59% saying cybercrime threats had hindered them on their digital transformation journeys. But it is problematic to learn what many were doing, or not doing, to manage the risks and why.

Firstly, let’s look at the reasons why the organizations surveyed thought it was a good idea to have a cybersecurity strategy in place. Only 20% regarded cybersecurity as a powerful enabler of digital transformation and the key to future business growth and success. In contrast, 41% simply cited traditional and tactical reasons, like protection from attacks and differentiating themselves from their competitors.

Most also said that when it came to creating new projects, security issues were usually considered after – not before – launch.

In this regard, the Study supports an uncomfortable notion that many of us know to be true: Many business decision-makers in our region still cling to outmoded ways of managing risks, and this is leaving them ill-informed and unprepared for mounting cybersecurity challenges that can ultimately erode their growth prospects.

Digital transformation has made the need for safe and trusted technology a front-and-center factor for business success. But too many organizations still regard security as an add-on, or even an afterthought. Some businesses resist the need to tackle security issues – even as cybercriminals become more sophisticated and as traditional IT boundaries disappear with new devices, apps, and data entering the workplace.

To succeed and thrive as digital enterprises in the years to come, organizations must make security part of the natural flow of their business processes and cycles. And, to ensure security, privacy, and compliance, the protection of company data requires a new approach.

That is why Microsoft has a platform that looks holistically across all the critical end-points of today’s cloud and mobile world. It acts on the intelligence that comes from our security-related global threat monitoring and insights. And, we have a vibrant ecosystem of partners who help us raise the bar across the industry – helping to securely enable our customers’ digital transformations.

Finally, there is the need for cultural change. The boards of too many companies still pick up most of their information about what is happening in cyber from what they read in the media. That’s just not detailed enough to inform them of their specific risks and the mitigation strategies they should be supporting. Increasing the dialogue on this topic amongst board members and IT executives is critical for businesses to thrive in the era of digital transformation and the inevitable consequences of cyberattacks.

The value proposition of cyber defense is changing. Traditionally, it has been regarded as a cost. Now it should be seen as an asset, simply because customers are demanding a level of security and trust. The more companies digitize, and the more an economy becomes digitally led, the more cybersecurity becomes a business enabler.

As security professionals, our jobs continue to get more complicated and vital to our company’s survival. Use this study as a reminder to ask you yourself two questions: How many security tools do I have to protect my company? And, what role should security play in my company’s digital transformation?

As Microsoft CEO Satya Nadella so eloquently states: “right now Microsoft is probably on the right side of history”. Well, I believe we security and IT professionals are also on the right side of history.

April 29, 2017

Technology alone can’t protect your business against cyber threats – ePLDT

Due to the rise of the Internet of Things (IoT), information is being collected at an unprecedented rate, with much of it being highly personal and confidential. It is because of this that cybersecurity is of much greater importance today.

ePLDT, an industry-leading provider of digital business solutions to enterprises in the Philippines, is warning local companies that employing data security software and hardware is not enough to combat cyber-threats. This is according to its newly appointed head of cybersecurity.

Angel Redoble
“Companies that focus on data security technology alone unfortunately do not understand cybersecurity,” said Angel Redoble, Chief Information Security Officer of ePLDT. 

“Because a single attack can affect every department of a company, cybersecurity therefore should be approached holistically by integrating it in every aspect, not just in technology. To do this, a company must first focus on having a strict protocol or process and must have the right people who are skilled to combat different kinds of threats. Once these are integrated with the appropriate technology, a company can achieve business resiliency.”

This crucial insight follows on the heels of Ernst & Young’s Global Information Security Survey of 2016 and 2017 which reveals that 64% of 1,735 firms surveyed, which includes Philippine companies, admitted that they have zero or mere informal threat intelligence programs. Moreover, 42% do not have an agreed communications strategy or plan in place in the event of a significant attack.

A security process or program provides the framework for keeping a company at a desired security level by assessing the risks, deciding how to mitigate them, and planning on how to keep programs and practices up to date. ePLDT notes that this is where most companies fail because they only treat cybersecurity as technology or software.

“The hundreds of thousands of vulnerabilities that are recorded every day plus the evolving hacking methods just goes to show that like a process, cybersecurity is a never-ending journey and should be evolved to mitigate & manage new threats,” said Redoble.

Data security skills on the other hand are also crucial since a skilled workforce can identify and therefore understand how to handle the vast majority of threats to data, like malware or hackers seeking confidential information.

Redoble recognizes that some institutions do not employ cybersecurity because of financial constraints but also notes that this should not stop them because the tradeoffs are more than beneficial for a company’s performance and existence. 
“Thanks to growing trends, not deploying cybersecurity is and will become more costly in the future. Companies who are serious about surviving must place it as a business imperative as a single attack can break any business.”
Fortunately due to the current trends and developments in cybersecurity, businesses can now achieve the process, technology, and skills to uphold security through inexpensive means. By administering an assessment of their current capabilities, a company can already set certain protocols while the lack of skills problem can be addressed by teaching the staff how to recognize an attack.

With regards to technology, Redoble notes that there are various data security measures that are being offered subscription-based. However, applying these three may leave a company’s in-house I.T. department drained and will lead them to focus on security rather than boosting productivity. As a solution, Redoble recommends to partner with an end-to-end data security provider.

As a leader in data security services in the country, ePLDT’s Cyber Security portfolio is a suite of services that cover devices, systems, processes, and expertise, designed to defend enterprises from multiple security risks, evolving threats, and malicious software attacks. The portfolio is further boosted by ePLDT’s vast infrastructure network due to its 9 state-of-the art data centers and is recognized internationally through its ISO 27001:2005 Information Security Management System (ISMS) certification.

To know more about ePLDT’s cybersecurity offerings, visit www.epldt.com/solutions/cyber-security/.

LinkWithin

Related Posts Plugin for WordPress, Blogger...
enjoying wonderful world