The National Cyber Security Centre (NCSC) this week marked its first year of operation by revealing a snapshot of its findings from the past 12 months.
The credit monitoring company Equifax has revealed a breach exposed the personal details of up to 143 million Americans.
I speak to many IT professionals who don’t have visibility over the endpoints and don’t really understand the day to day work behaviors of their staff. When asked to “secure the endpoint” by their management, there are many misconceptions about the effectiveness which naturally arise.
One thing that troubles me when speaking to clients, from SMBs to truly global enterprises, is a number of times I see technology driving security strategies and not the business requirements.
Social engineering is the use of psychological tools such as deceit, misdirection, manipulation and flattery to elicit unauthorised information or access to systems. Social engineering is an increasingly common way for criminals to attack organisations as it does not always rely on cyber vulnerabilities but rather takes advantage of the weakest element in an organisation, human beings.
Recently, the Avecto team travelled to the Middle East for a four-country roadshow, hopping from KSA to UAE, Jordan and finally Lebanon. We travelled with the esteemed Microsoft MVP, Sami Laiho and our partners in the region Crestan, in a bid to spread the message of the importance of back to basics security and for Sami to showcase the simplicity of breaking Windows without the right security foundations in place.
Throughout history humans have sought to socially engineer each other, exploiting social norms and applying pressure to reveal information or gain advantage. From travelling conmen and master spies to cyber threats and phishing emails the fundamental problem is the same, humans can be manipulated.
Security researchers at enSilo recently released a novel code injection technique for Windows known as ‘Atom Bombing’. This is so called because it exploits Windows atom tables and Async procedure calls (APC) to evade detection by many common security solutions.
Over the past 30 years we’ve seen business technologies come and go in a rapidly evolving landscape of innovation and ingenuity. You could be forgiven for thinking that in the time we shrunk a computer down to the size of a wristwatch and established high speed connectivity to every corner of the globe that we would have also revolutionized information security.
A recent survey conducted by the Financial Times (FT) revealed that just four FTSE 100 companies had board members under the age of 40. Though perhaps this is unsurprising when we think about a traditional corporate hierarchy, the implications of an older board that does not have the digital threat landscape at the top of their agenda could result in a security headache.