- March 24th, 2017
One thing that troubles me when speaking to clients, from SMBs to truly global enterprises, is a number of times I see technology driving security strategies and not the business requirements. So many organizations work in silos and not co-ordinating their IT security strategy. It is important to understand WHY you are embarking on a particular security project and how this fits with the wider strategic goals of your company. This, of course, takes longer to start with but significantly shortens deployment life cycles and wasted effort.
- November 28th, 2016
Social engineering is the use of psychological tools such as deceit, misdirection, manipulation and flattery to elicit unauthorised information or access to systems. Social engineering is an increasingly common way for criminals to attack organisations as it does not always rely on cyber vulnerabilities but rather takes advantage of the weakest element in an organisation, human beings. People are susceptible to social engineering because these attacks exploit social norms and human nature, including reciprocity, curiosity, and pride. As we become increasingly connected – at work, at home and intertwining the two – the opportunities and impacts of social engineering are increasing.
- November 23rd, 2016
Recently, the Avecto team travelled to the Middle East for a four-country roadshow, hopping from KSA to UAE, Jordan and finally Lebanon. We travelled with the esteemed Microsoft MVP, Sami Laiho and our partners in the region Crestan, in a bid to spread the message of the importance of back to basics security and for Sami to showcase the simplicity of breaking Windows without the right security foundations in place.
- November 8th, 2016
Throughout history humans have sought to socially engineer each other, exploiting social norms and applying pressure to reveal information or gain advantage. From travelling conmen and master spies to cyber threats and phishing emails the fundamental problem is the same, humans can be manipulated.
- November 2nd, 2016
Security researchers at enSilo recently released a novel code injection technique for Windows known as ‘Atom Bombing’. This is so called because it exploits Windows atom tables and Async procedure calls (APC) to evade detection by many common security solutions.