DARKReading: Seeing Your Attack Surface Through the Eyes of an Adversary (Dec. 8th)
IT - Security

Gartner: Privileged Access Management A Must In 2020
SearchSecurity, September 15th, 2020
Gartner's 2020 Security & Risk Management Summit focused on the importance of privileged access management to cybersecurity as threat actors increasingly target admin credentials

"Several sessions at Gartner's 2020 Security & Risk Management Summit this week focused on the importance of privileged access management to cybersecurity, and how threat actors have increasingly focused efforts to hijack or obtain privileged accounts. In a Monday session titled "Outlook for Identity and Access Management," Gartner senior research director David Mahdi discussed what a successful identity and access management (IAM) program looks like in 2020, as well as the growing importance of privileged access management and other topics..."

Banks Report Surge In Impersonation Scams
ComputerWeekly, September 16th, 2020
Fraudsters are using the COVID-19 crisis to trick people into transferring money to them

"According to banking trade group UK Finance, banks reported about 15,000 impersonation scans during the period, resulting in the theft of 58m IK pounds.

Impersonation scams involve consumers receiving an email, text or telephone call from a scammer claiming to be from an organisation such as a bank, the police or government, and asking them to make payment.

In addition, UK Finance identified that, as a result of home working, there had also been an increase in fraudsters impersonating IT departments or software companies demanding payments to fix problems with people's internet connection or broadband or attempting to gain remote access to the victim's computer..."

Organizations will have to adapt quickly to survive when digital and physical worlds collide

"The digital and physical worlds are on an irreversible collision course. By 2022, organizations will be plunged into crisis as ruthless attackers exploit weaknesses in immature technologies and take advantage of an unprepared workforce. At the same time, natural forces will ravage infrastructure.

Over the coming years, organizations will experience growing disruption as threats from the digital world have an impact on the physical. Invasive technologies will be adopted across both industrial and consumer markets, creating an increasingly turbulent and unpredictable security environment. The requirement for a flexible approach to security and resilience will be crucial as a hybrid threat environment emerges..."

The ConversationPasswords have been used for thousands of years, as a means of identifying ourselves to others and in more recent times, to computers

"It's a simple concept," writes Paul Haskell-Dowland in 'url "https://gcn.com/articles/2020/09/15/password-security.aspx" "GCN"' " - a shared piece of information, kept secret between individuals and used to 'prove' identity.

Passwords in an IT context emerged in the 1960s with mainframe computers (large centrally operated computers with remote 'terminals' for user access). They're now used for everything from the PIN we enter at an ATM, to logging in to our computers and various websites..."

About Your Remote Access Policy: It's Time For An Update
Network Computing, September 18th, 2020
Times have changed, with more employees working from home. Has your enterprise's remote access policy kept pace with the arrival of new users, tasks, access technologies, and threats?

"With more employees than ever working from home, it's important to examine your organization's remote network access policy to ensure that it's still meeting its goal of protecting the enterprise network from misuse and attacks.

The biggest mistake organizations make when creating or updating their remote access policy is not taking enough time to understand the current threat landscape, said Tim Singleton, president of Strive Technology Consulting, a Denver-area IT services provider..."

Gartner: Securing Remote Workforce A Top Priority
SearchSecurity, September 16th, 2020
In a COVID-19 pandemic world with new security threats and risks emerging, Gartner analysts discussed the urgency of securing access and devices for remote employees

"After Gartner re-examined its 2020 forecast in the wake of the global COVID-19 pandemic, analysts now recommend securing the remote workforce as a top priority for enterprises.

Several sessions at Gartner's 2020 Security and Risk Management Summit this week featured pandemic-related topics, including Monday's presentation, titled "Top Projects for 2020-2021," with Gartner senior director and analyst Brian Reed, which outlined how organizations can build projects to secure remote workers. Other sessions included "The Future of Endpoint Management and Security in a Post-COVID-19 World" with Gartner research director Rob Smith..."

The pandemic-related shift to remote work and the growing availability of ransomware-as-a-service were two major drivers, CrowdStrike says

"A study by CrowdStrike of recent threat activity on networks belonging to its customers showed more intrusion attempts in the first six months of this year than in all of 2019.

The security vendor's threat-hunting team blocked some 41,000 potential intrusions just between Jan. 1 and June 30 this year compared with 35,000 for all of last year. Incidents of hands-on-keyboard intrusions in the first six months of 2020 - where a threat actor is actively engaged in malicious activity - was some 154% higher than the number of similar instances that CrowdStrike's researchers observed in 2019..."

Securing The Edge: 5 Best Practices
CSO Online, September 14th, 2020
Considering how much is at stake in terms of data and infrastructure exposure, companies looking to take advantage of edge computing's promise will need to take steps to mitigate the risks

"For a growing number of companies, the 'edge' of the enterprise network is an increasing focal point of IT investments. This is where they are aiming to bolster data storage, processing, and analytics capabilities to generate business insights from data gathered from connected devices and systems.

Optical and photonic products manufacturer Lumentum has employed an edge strategy with local compute and storage arrays to deal with the large volume of data generated during the manufacturing and testing process..."

Why VPNs Alone Won't Secure Your Remote Employees
techradar.pro, September 15th, 2020
Hackers have begun to exploit VPN services to gain access to corporate networks

"As organizations were forced to let their employees work from home during the pandemic, many turned to VPN services as a means to allow them to connect to their corporate networks remotely. Cybercriminals were well aware of this and they began exploiting VPNs to gain access to corporate networks. Outdated software and poor security practices were used to gain access to organization's VPNs but attackers have also begun to use voice phishing or vishing to steal VPN credentials from remote workers..."

10 steps companies can take to protect employees and digital assets during the COVID-19 crisis

"As we all adapt to our 'new normal' of increased digitization amid the coronavirus pandemic, cybercriminals have not relented from seeking ways to exploit the crisis and find cracks in our digital systems. Millions of Americans have shifted to remote working, presenting a unique threat to personal data and company-wide systems and threatening collapse for organizations that are ill-prepared..."

What Are The Habits Of Highly Effective CISOs?
ComputerWeekly, September 17th, 2020
Data crunched by Gartner analysts reveals the behaviours that differentiate the top-performing chief information security officers from the pack

"The most effective chief information security officers (CISOs) demonstrate exceptional ability to execute against four key metrics - functional leadership, information security service delivery, scaled governance and enterprise responsiveness - but only 12% of them meet the grade against all four criteria, according to new data presented by Gartner at its annual Security and Risk Management Summit..."

See all Archived IT - Security articles See all articles from this issue