Vumetric https://www.vumetric.com Penetration Testing, Security Audit & Cybersecurity Thu, 19 Mar 2020 13:52:03 +0000 en-US hourly 1 Test https://www.vumetric.com/cybersecurity-news/test/ Wed, 18 Mar 2020 19:36:49 +0000 https://www.vumetric.com/?p=32412 Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat …

Test Read More »

The post Test appeared first on Vumetric.

]]>
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

The post Test appeared first on Vumetric.

]]>
9 Cybersecurity Best Practices for COVID-19 Remote Workers https://www.vumetric.com/blog/cybersecurity-best-practices-for-covid-19-remote-workers/ Mon, 16 Mar 2020 18:55:41 +0000 https://www.vumetric.com/?p=32348 Amidst the coronavirus pandemic, many organizations have opted for remote work for the next following weeks to prevent the spread of the virus. This way, they can limit the impact on their business and keep their business active even as many of their employees are isolating. With remote work, comes various cybersecurity challenges for which …

9 Cybersecurity Best Practices for COVID-19 Remote Workers Read More »

The post 9 Cybersecurity Best Practices for COVID-19 Remote Workers appeared first on Vumetric.

]]>
Amidst the coronavirus pandemic, many organizations have opted for remote work for the next following weeks to prevent the spread of the virus. This way, they can limit the impact on their business and keep their business active even as many of their employees are isolating. With remote work, comes various cybersecurity challenges for which companies are not prepared to deal with. Hackers will take advantage of the Coronavirus, as shown by recent attacks on healthcare agencies, so it’s important for organizations and employees to be prepared to prevent any potential incidents.

Here are 9 cybersecurity best practices for remote workers who are self-isolating for COVID-19:

1. Use a VPN (Virtual Private Network)

A VPN (Virtual Private Network), while useful for online privacy, can also protect your traffic from being intercepted by hackers. This virtual internet tunnel encrypts all of your internet traffic to ensure that any data shared with your company’s network and technologies are safe from attackers. It is recommended to use a paid version of a VPN, as a high volume of users will be using free VPN’s for work, which will slow down internet speeds considerably and lower your productivity.

2. Use Good Password Hygiene

Good password management is often neglected when it comes to mitigating cybersecurity risks, but all it takes is one compromised password for a hacker to take over your accounts and gain access to critical systems for your organization. When a database is breached, such as the Linkedin data breach, attackers will incorporate leaked passwords and user names into their tools to perform advanced types of attacks, such as brute force attacks, attempting millions of password and username combinations in a matter of seconds. According to statistics, nearly 1/3 of adults re-use passwords for their accounts. Should their password be leaked on the dark web following a data breach, they will put their entire company at risk. Working remotely should not be an excuse to neglect password best practices, as employees will be surrounded by their relatives. It is inadvisable to leave password hanging around their computers with passwords that allows anyone to connect into critical company accounts.

While working from home, employees should use password managers such as Lastpass, to generate strong passwords and to ensure that no password is being re-used. This will remove the need to remember each password used for work and will allow them to remain productive. Now is the best time to reset all passwords and to start practicing good password hygiene.

3. Setup Two-factor Authentication

Having a strong password often isn’t enough to mitigate cybersecurity risks, for example, if your credentials are not properly encrypted within your company’s systems or if an attacker is able to “guess” using advanced hacking tools. Two-factor authentication (2FA) provides an extra layer of protection to your accounts and validates the employee’s identity more efficiently. The extra step could be an email, a text message, a randomly generated PIN, which only the employee would be able to provide. While two-step authentication is not hacker-proof, it will add yet another protection to prevent an unauthorized intrusion into your company accounts and systems. Many distant connection alerts will be disregarded by your IT teams in these following weeks. Two-factor authentication will help limit the risks that an unauthorized connection is being ignored.

4.  Use Strong Anti-virus Software

Although Windows has decent built-in virus protection (Windows Defender), it is not sufficient to protect your computer. Remote workers should be vigilant and install strong anti-virus software, such as Bitdefender, and perform regular scans to identify and malware that could be lurking on their devices.

5. Beware of Phishing Scams

Hackers are taking advantage of the pandemic to send phishing emails in mass. They will often take advantage of the fear around the virus to create convincing scenarios that will coerce employees into submitting their authentication information or to download malware that will allow hackers to perform further malicious acts. Some recent phishing campaigns are attempting to replicate official government documents regarding the COVID-19 virus, allowing hackers to infiltrate malware onto the user’s computer. Some types of malware can be used to spy on the users, capture sensitive information and data.  Since a majority of communications are now performed through emails for COVID-19 remote workers, they are much more susceptible to fall for these attacks.

To spot a phishing email, check the sender’s email address for spelling errors and look for poor grammar in the subject line and email body. Hover over links to see the URL and don’t click links or attachments unless you trust the sender 100 percent. If in any doubt, contact the alleged sender using a phone number or email address that you find somewhere other than in the suspicious email.

6. Install Updates Regularly

Updates can often be seen as an annoyance for many, causing downtimes and delays for remote workers. But they are crucial, as updates are often released to patch security vulnerabilities that have been uncovered since the last iteration of the software was released. For instance, Microsoft recently released a security update to patch a vulnerability that could allow hackers to gain full access to any systems that were not updated. It is even more important now that many employees are connecting to their company’s systems and accounts through their personal computers, as they could pose an important risk to the confidentiality of their company’s information.

7. Keep Work Data on Work Computers

If you work at an organization with an efficient IT team, they may be installing regular updates, running antivirus scans, blocking malicious sites, etc., and these activities may be transparent to you. There is a good chance you have not followed the same protocols with your personal computer as are mandatory at work. Furthermore, your company can likely afford higher-end technical controls that you can personally. Without those running in the background, your personal computer is generally less safe for work because it could be compromised by a third party. When possible, employees should limit the use of their personal devices for work and refrain from downloading any sensitive information to their computer, as those files could easily be compromised by a malicious file that has been roaming on your computer without your knowledge.

8. Secure Your Personal Network

In most cases, home routers are left with default passwords since their first installation. Default credentials for every type of devices are well known by modern cybercriminals and will be one of the first things they will attempt when hacking into your network. Changing your router’s password is an important step to protect your personal network to prevent malicious intrusions into any connected devices, such as the computer used for remote working. You should also make sure that your router’s firmware is up to date, for the same reasons mentioned previously. Hackers are well aware of vulnerabilities available within outdated versions of various technologies, which only acts as another part of their toolset they will use when attempting to attack personal networks. These vulnerabilities will be exploited much more frequently with many companies now opting for remote work to prevent the spread of COVID-19. Another easy step you can take to keep hackers at bay is to make sure that your network’s encryption is set to WPA 2 or 3, which is much harder to crack than traditional WEP encryption.

9. Beware of remote desktop tools

Many employers will allow their employees to connect remotely to their internal networks in the following weeks to keep working from home, considering that they have no other ways to access their systems. While there are many secure options for remote access, such as LogMeIn or Teamviewer, there is a multitude of malicious remote access software trying to benefit from the COVID-19 pandemic to infiltrate corporate networks. From internal networks, cybercriminals will attempt to infiltrate deeper layers of security to exfiltrate sensitive information or to infect the network with ransomware.

 

The post 9 Cybersecurity Best Practices for COVID-19 Remote Workers appeared first on Vumetric.

]]>
20 Cybersecurity Statistics You Should Know https://www.vumetric.com/blog/20-cybersecurity-statistics-you-should-know/ Mon, 09 Mar 2020 14:12:07 +0000 https://www.vumetric.com/?p=32143 Cybersecurity has become increasingly important across every industry due to the massive transition to digital operations. Businesses can no longer afford to ignore the looming cybersecurity threat. Here are 20 key cybersecurity statistics you should be aware of to be better prepared: Transport Cybersecurity Statistics The global transport and logistics industry is targeted by 116 …

20 Cybersecurity Statistics You Should Know Read More »

The post 20 Cybersecurity Statistics You Should Know appeared first on Vumetric.

]]>
Cybersecurity has become increasingly important across every industry due to the massive transition to digital operations. Businesses can no longer afford to ignore the looming cybersecurity threat.

Here are 20 key cybersecurity statistics you should be aware of to be better prepared:

Transport Cybersecurity Statistics

Data Cybersecurity Statistics

  • Across all industries, the average cost of a data breach is set to exceed 150 million in 2020. Data leaks have become an incredibly lucrative avenue for hackers in the past years, as they can sell data on the dark web to other attackers looking to perform further malicious acts. Companies who face a data-related incident must spend large sums on incident response and technical resources to fix the vulnerability that allowed the data breach to occur, which can sometimes lead to inefficient use of resources to limit the impact on the organization and their customers as quickly as possible.
  • Reputation losses and customer turnover following a data breach cost U.S organizations over $4 million on average per breach.Recent studies found that the loss of business and reputation following a data breach caused more than $4 million in losses on average. Existing customers will look for different providers to work with following a breach, as they are no longer seen as reliable and feel that they have not been compensated for the incident. Potential customers will also be less inclined to work with an organization that has been breached.
  • 90% of breaches occur due to human error. Regardless of how strong your cybersecurity measures are, your employees remain the primary line of defence between your company and an incident. Some of the biggest data incidents, such as the Equifax breach, occurred due to human error. Equifax’s IT team had left multiple critical domains unpatched for months and some even for years due to poor management, which left them vulnerable to exploitation of critical vulnerabilities within these outdated versions. Had they applied the patches rigorously, the incident could have been prevented.

Healthcare Cybersecurity Statistics

  • By 2021, ransomware attacks on healthcare organizations are forecast to increase by 5 times the current rate. One of the biggest cybersecurity incidents in history occurred in a healthcare organization, when a ransomware infection spread across the NHS (National Health Service) in the UK and paralyzed patient care for a week. Due to the critical nature of healthcare, these organizations are often targeted by attackers looking to profit from ransoms and steal patient data.
  • Over 75% of the healthcare industry suffered a malware infection over the course of the last year. The healthcare industry is often filled with legacy systems and outdated operating systems. Much of the equipment used throughout the industry is incompatible with newer operating systems like Windows 10 and relies on those legacy systems to function. Unfortunately, this leaves them vulnerable to many types of attacks and malware infections which makes them an easy target for attackers.
  • One in seven phishing emails is opened by hospital employees. Phishing emails are one of the most common attack vectors used by hackers because they are easy to execute and often have a high rate of return. Unfortunately, healthcare employees aren’t receiving the training they need to avoid those scams and often lack the time to be vigilant in the face of these attacks. This gives hackers opportunities to infect critical systems, as malware is almost entirely delivered by phishing emails.

Phishing Cybersecurity Statistics

  • 94% of malware is delivered through email. Hackers take advantage of publicly-available information and trusted sources to coerce employees into downloading malicious attachments or clicking on malicious links, allowing them to gain access to critical systems or to paralyze operations. For instance, an American gas pipeline was recently forced to shut down operations entirely for two days after an employee mistakenly clicked on a phishing link which allowed the ransomware to infiltrate the OT network to encrypt all devices and demand a ransom.
  • 65% of hacker organizations and groups use spear-phishing as the primary vector to inject malware into a system. Spear phishing is dangerously effective, as it is highly targeted and leverages personal information on the employees to convince them. These attacks are often delivered directly to users who are more likely to have administrative access or those who can provide credentials that will allow hackers into IT systems. A recent example of spear-phishing, is a police department in Florida who had to let 6 suspects facing a total of 28 charges walk free after a ransomware, which was delivered through spear-phishing, wiped the evidence.
  • 56% of IT organizations feel that phishing is the biggest threat to their cybersecurity. Unfortunately, all too often, phishing is overlooked when it comes to cybersecurity risk management, as it seems like an uncommon threat. Failing to properly train employees to recognize phishing emails and other dangers can significantly increase the risk to the organization, as shown by recent incidents.

Vulnerabilities Statistics

Manufacturing Cybersecurity Statistics

  • There has been a 78% increase in supply chain cyberattacks. Following the damaging cyberattack on Norsk Hydro’s supply chain, manufacturers have become prized targets for hackers. If they can compromise large manufacturing operations, they can then demand a ransom to return vital data and to restore production lines, making these attacks potentially profitable. Hackers may also seek out intellectual property in an effort to resell them on the dark web.
  • 48% of UK manufacturers have faced verified cyberattacks. Manufacturers are constantly being scanned by bots looking for exploitable vulnerabilities to infiltrate their OT network. An attack on a manufacturer can be very profitable for hackers, as most of them cannot afford to interrupt their production lines. They will be more likely to pay the ransom following a successful ransomware attack, as it will often be the most efficient way they limit the impact on their production lines.
  • 21% of sensitive files in the manufacturing and finance industries are publicly exposed. It is nearly impossible for organizations to secure all their files, simply because of the resources it would require. This is why it is important for companies to perform penetration tests so they can identify which sensitive files are publicly exposed and get prioritized recommendations to secure them, using their resources as efficiently as possible to protect their most valuable assets.

Finance Cybersecurity Statistics

  • Out of the top 100 banks, 65 failed web security testing. The majority of financial transactions are now performed through web applications. These applications may hold extremely critical data belonging to their users and their development teams are often too focused on innovation and new features to keep up with their competitors, which leaves vulnerabilities that can be leveraged by hackers. This is why it is crucial for development teams to perform web app penetration tests (web application security assessments) as part of their development cycle, before a new feature or strategic application is released publicly. This will allow them to identify and fix potentially critical vulnerabilities, rather than waiting for hackers to exploit them.
  • Financial institutions are 47% more likely than other industries to experience a cyberattack. Because of the high potential profit from these attacks, hackers are more likely to target the financial services industry, as it is often a profitable avenue for fraud and the data that can be obtained in these attacks is much more valuable than any other industries.
  • In the banking industry, cybercrime costs for 2018 hit $18.3 million. This industry is faced with the most regulatory compliance requirements and the regulations are getting much more strict, which can lead to hefty fines when an incident occurs. Furthermore, as they are more targeted than any other industry, they must deal with the highest cost in technical restoration and incident response to recover from or mitigate any potential attacks.

 

Are you concerned about the possibility of a cyberattack and its impact on your business? Reach out to a team of certified specialists to discover your risks and to learn what are the next steps you should take to protect your business.

 

The post 20 Cybersecurity Statistics You Should Know appeared first on Vumetric.

]]>
We expect deepfakes to make a notable impact across all aspects of our lives in 2020 as their realism and potential increases https://www.vumetric.com/cybersecurity-predictions/we-expect-deepfakes-to-make-a-notable-impact-across-all-aspects-of-our-lives-in-2020-as-their-realism-and-potential-increases/ Mon, 02 Mar 2020 21:13:58 +0000 https://www.vumetric.com/cybersecurity-predictions/we-expect-deepfakes-to-make-a-notable-impact-across-all-aspects-of-our-lives-in-2020-as-their-realism-and-potential-increases/ We expect deepfakes to make a notable impact across all aspects of our lives in 2020 as their realism and potential increases. We will see Deepfakes-As-A-Service move to the fore in 2020 as deepfakes become widely adopted for both fun and malicious reasons

The post We expect deepfakes to make a notable impact across all aspects of our lives in 2020 as their realism and potential increases appeared first on Vumetric.

]]>
We expect deepfakes to make a notable impact across all aspects of our lives in 2020 as their realism and potential increases. We will see Deepfakes-As-A-Service move to the fore in 2020 as deepfakes become widely adopted for both fun and malicious reasons

The post We expect deepfakes to make a notable impact across all aspects of our lives in 2020 as their realism and potential increases appeared first on Vumetric.

]]>
NIST recently released a draft form in order to standardize the language used in Adversarial Machine Learning https://www.vumetric.com/cybersecurity-predictions/nist-recently-released-a-taxonomy-and-terminology-of-adversarial-machine-learning-in-draft-form-in-order-to-standardize-the-language-used-in-the-nascent-field-of-adversarial-machine/ Mon, 02 Mar 2020 21:13:57 +0000 https://www.vumetric.com/cybersecurity-predictions/nist-recently-released-a-taxonomy-and-terminology-of-adversarial-machine-learning-in-draft-form-in-order-to-standardize-the-language-used-in-the-nascent-field-of-adversarial-machine/ NIST recently released ‘A Taxonomy and Terminology of Adversarial Machine Learning’ in draft form in order to standardize the language used in the nascent field of Adversarial Machine Learning. There are many unknowns for how attackers can manipulate machine learning through training data poisoning or evasion attacks. It feels a bit like when we were …

NIST recently released a draft form in order to standardize the language used in Adversarial Machine Learning Read More »

The post NIST recently released a draft form in order to standardize the language used in Adversarial Machine Learning appeared first on Vumetric.

]]>
NIST recently released ‘A Taxonomy and Terminology of Adversarial Machine Learning’ in draft form in order to standardize the language used in the nascent field of Adversarial Machine Learning. There are many unknowns for how attackers can manipulate machine learning through training data poisoning or evasion attacks. It feels a bit like when we were building web applications and didn’t know about SQL injection attacks. Processes and methodologies get put into place that don’t account for the way AI can be attacked

The post NIST recently released a draft form in order to standardize the language used in Adversarial Machine Learning appeared first on Vumetric.

]]>