Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Thursday, 23 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Overcoming hurdles: Businesses need to up their game if they are to maintain productivity this August

by The Gurus
July 29, 2016
in News, This Week's Gurus
Share on FacebookShare on Twitter

As the biggest sporting event of the summer begins, IT and security leaders need to make sure they refocus their cyber security efforts, to assess the risks associated, and their ability to respond if needed. Vigilance should be at the forefront for business leaders globally. Cybercriminals are aware that users will be looking for convenient ways to keep up-to-date with the sporting action. This is forcing organisations to roll out revised policies that ensure the security of users watching, searching for and downloading sporting coverage.
Considering the business exposure to phishing and malware attempts, exploitation of mobile applications and how this will impact business continuity is critical for organisations. In fact, at previous Games, ThreatLabZ research found that 80 per cent of “Olympic” web domains were found to be scams and spam.
Experience tells us that cybercriminals will use similar tactics to lure unsuspecting users to click on spam emails and visit scam websites that mirror legitimate sites, in order to exploit them to download malicious files.
In considering their ‘risk profile’, businesses need to be ‘enterprise ready’ across three key areas – productivity, cyber treats and approved applications – when preparing for the sporting season.
Enabling business productivity
As businesses shift to the cloud, cyber security and prioritisation of web traffic is hugely important. Online streaming of events runs the risk of diverting employee attention and saturating network bandwidth that is required for access to business applications.
While it may seem easier to simply blanket ban any live coverage during working hours, this will only leave employees feeling demotivated and encourage them to look for other means of viewing events. In turn, this could result in an increase in absence from the office and leave employees open to social engineering attacks, as their vigilance is lowered as they look for alternative means to stream events. Organisations need to take a proactive approach when it comes to preserving bandwidth such as conducting a survey to understand which events are likely to be the most popular will ensure staff levels can be maintained and bandwidth appropriately provisioned.
Threats: Phishing and malware
Phishing can take multiple forms – from spam email messages, social media, Typo Squatting and over the phone social engineering – yet, all have the same end-goal to make money by harvesting usernames and passwords, personally-identifiable information and/or payment card information.
Criminals use international events to capitalise on customer excitement and demand, often creating bogus ticket purchasing sites, offering discounted tickets or even tickets to sold out events. Falling for one of these scams not only leaves customers disappointed when tickets fail to arrive, but they have also left their personal information exposed, as these sites are rarely protected with at-rest and in-flight encryption technology.
Directing user traffic to bogus domains allows cybercriminals to leverage readily available exploit kits which look for vulnerabilities to load arbitrary malware onto, whilst also allowing criminals to offer seemingly free streaming of events. When the site owners have malicious intentions, there is often some form of browser plugin or executable download associated with the viewing. These files generally contain malware. If something looks too good to be true, it generally is.
We have already found cases of exploit kit traffic coming from “Olympics”-related content and predict that more attacks will target users with emails and attachments around further “Olympics”-related content, discounts and schedules.
Organisations need to ensure that they can identify phishing sites and detect scripts which are running in webpages that could be malicious. Relying on URL Filtering is no longer an appropriate cyber security defence framework. Streaming sites should be enabled on a whitelist-only approach: if the site has not been explicitly approved by your IT team, it should be blocked.
Mobile apps and app stores
We are already seeing examples of malware disguising itself by mirroring a similar login screen to the original app so that it can steal user credentials when the victim tried to authenticate. While Trojan malware that uses mobile applications as a delivery mechanism is not new, during major sporting events, cybercriminals will be looking to exploit the fact that millions of users will be looking for convenient methods of keeping up-to-date with the sporting action and will write mobile-applications that mirror their official equivalents.
The best defense against mobile malware is for organisations to block access to third-party app stores. Allow only access to the Play Store and Apple App Store (for Android and IoS respectively). Whilst there are isolated instances of rouge applications finding their way to approved stores, the risk is significantly lower. Organisations should also consider sandboxing technologies to detonate and inspect unknown Android APK files being downloaded to corporate devices.
While the business and security implications around the Games should not be taken lightly, many of the tactics cybercriminals will be using to target unsuspecting users are unlikely to be anything new. Defence in depth is of the upmost importance and businesses need to be extra vigilant when it comes to advanced security threats this August.

FacebookTweetLinkedIn
Tags: AndroidapklesAppappsAuthenticationcybersecurityhurdlesiOSolympicsResponsesecurityzscaler
ShareTweetShare
Previous Post

New Crowdsourced Threat Intelligence Solution to Secure Access to Data Stored in Cloud Apps

Next Post

Safety of Our Data is 'Unknown'

Recent News

Ferrari Data Breach: The Industry has its say

Ferrari Data Breach: The Industry has its say

March 22, 2023
security

What Is Observability, And Why Is It Crucial To Your Business?

March 21, 2023
Organisational Cybersecurity.jpg

How Emerging Trends in Virtual Reality Impact Cybersecurity

March 21, 2023
Nominations are Open for 2023’s European Cybersecurity Blogger Awards

Nominations are Open for 2023’s European Cybersecurity Blogger Awards

March 20, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information