Login
How do hackers hack phones? Several ways. Just as there are several ways you can prevent it from happening to you.
The thing is that our phones are like little treasure chests. They’re loaded with plenty of personal data, and we use them to shop, bank, and take care of other personal and financial matters—all of which are of high value to identity thieves.
However, you can protect yourself and your phone by knowing what to look out for and by taking a few simple steps. Let’s break it down by first taking a look at some of the more common attacks.
Whether hackers sneak it onto your phone by physically accessing your phone or by tricking you into installing it via a phony app, a sketchy website, or a phishing attack, hacking software can create problems for you in a couple of ways:
Some possible signs of hacking software on your phone include:
In all, hacking software can eat up system resources, create conflicts with other apps, and use your data or internet connection to pass along your personal information into the hands of hackers—all of which can lead to some of the symptoms listed above.
These are a classic form of attack. In fact, hackers have leveled them at our computers for years now too. Phishing is where hackers impersonate a company or trusted individual to get access to your accounts or personal info or both. And these attacks take many forms, like emails, texts, instant messages, and so forth, some of which can look really legitimate. Common to them are links to bogus sites that attempt to trick you into handing over that info or that install malware to wreak havoc on your device or likewise steal information. Learning how to spot a phishing attack is one way to keep yourself from falling victim to one.
Professional hackers can use dedicated technologies that search for vulnerable mobile devices with an open Bluetooth connection. Hackers can pull off these attacks when they are range of your phone, up to 30 feet away, usually in a populated area. When hackers make a Bluetooth connection to your phone, they can possibly access your data and info, yet that data and info must be downloaded while the phone is within range. As you probably gathered, this is a more sophisticated attack given the effort and technology involved.
In August of 2019, the CEO of Twitter had his SIM card hacked by SIM card swapping scam. SIM card swapping occurs when a hacker contacts your phone provider, pretends to be you, and then asks for a replacement SIM card. Once the provider sends the new SIM to the hacker, the old SIM card will be deactivated, and your phone number will be effectively stolen. This means the hacker has taken control of your phone calls, messages, and so forth. This method of hacking requires the seemingly not-so-easy task of impersonating someone else, yet clearly, it happened to the CEO of a major tech company. Protecting your personal info and identity online can help prevent hackers from impersonating you to pull off this and other crimes.
While there are several ways a hacker can get into your phone and steal personal and critical information, here are a few tips to keep that from happening:
The post How Do Hackers Hack Phones and How Can I Prevent It? appeared first on McAfee Blog.
McAfee’s Secure VPN now supports the WireGuard protocol, which gives you faster connection speeds plus enhanced stability and security.
WireGuard is the latest standard in Virtual Private Network (VPN) technology, and we’re rolling it out across McAfee Secure VPN for Windows which is included in our comprehensive online protection plans. And just as before, it offers smart protection that can be set to automatically turn on when you need it, so you can stay more private and more secure online.
If you’re new to using a VPN, let’s take a quick look at two of the big things a VPN can do for you.
The bank-grade encryption used by a strong VPN shields your data and information while it’s in transit, which makes it difficult for hackers to spy on your connection. (Think of your data and information traveling through a tunnel that no one else can use or see into.) In that way, a VPN makes all kinds of online activities more secure—like banking, shopping, and checking up on your finances, even using your apps.
By masking your whereabouts and your IP address, along with encryption that helps keep your activities private, a VPN reduces the personal information that others can collect and track. That includes internet service providers, social media companies, businesses, app developers, websites, and others who gather your data for marketing purposes or for resale to third parties.
A quick word about what WireGuard is in slightly more detail. It’s a VPN protocol, which is a series of technical rules that govern how your device can securely reach the VPN servers, validate your access to the requests you make online, and encrypt your browsing traffic so that only you can see what you are doing over the internet. WireGuard is one of several protocols that we support, such as the OpenVPN and IKEv2 protocols. While WireGuard improves upon OpenVPN and IKEv2 in many ways, both are still secure and safe ways in which a VPN can connect.
Now with the latest WireGuard standard in place, our VPN for Windows that comes with all our all-in-one plans offers faster speeds and improved stability compared to what previous standards offered. This gives you the security of a VPN with similar performance as if you were on a fully open connection—along with the added benefit of keeping your browsing and other activities private.
Taken together, the improved speed and stability give privacy-conscious people a further reason to use a VPN more often than before. Because a VPN can minimize the exposure of data as it transmits to and from your devices, companies and data brokers can potentially learn far less about you, your shopping, your travels, your habits, and any other information that they could possibly collect and otherwise profit from. The more often you use a VPN, the less they can potentially gather.
For more about VPNs and how ours can keep you more private and secure online, give us a visit here any time.
The post McAfee Secure VPN: Now with WireGuard for Faster Speeds and Enhanced Stability appeared first on McAfee Blog.
Optus, one of Australia’s largest telecommunications carriers, reported news of a data breach that may have compromised the information of current and former customers.
As of this writing, the company has not stated how many customers may have been affected, citing their ongoing investigation in conjunction with law enforcement and Australian government officials
According to Optus, the breach may have included the following:
“Information which may have been exposed includes customers’ names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses, ID document numbers such as driver’s license or passport numbers. Payment detail and account passwords have not been compromised.”
Optus is currently notifying customers who may have been affected by this breach with SMS and email messages. However, the company makes an important distinction here:
“We are not sending links in SMS or emails. If customers receive an email or SMS with a link claiming to be from Optus, they are advised that this is not a communication from Optus. Please do not click on any links.”
Often in the wake of such breaches, cybercriminals will send out phony communications that use the name of the company affected. These can include phishing attacks over email and SMS that solicit personal and account information or other tactics that attempt to capitalize on the announced breach.
Optus continues to keep its customers up to date on the latest developments on its website, which includes a comprehensive FAQ that details what happened, what steps are being taken, and what customers can do in the wake of this announcement.
Any time a data breach occurs, your exposed personal information may be used by those trying to commit identity fraud or theft. Different pieces of personal information can be more useful to them than others.
Some information is directly useful, such as a driver’s license or credit card information because they identify you right away. Others are indirectly helpful, like device IDs, browsing history, geolocation information, and internet protocol addresses. While they don’t identify you on their own, a cybercriminal could piece together your identity if they have enough indirect information about you.
In light of this, there are a few steps you can take to protect yourself in the aftermath of a data breach, which involve a combination of preventative steps and some monitoring on your part.
If you become the victim of fraud or theft after a data breach, a licensed recovery pro can help you restore your credit and identity. If you’ve ever dealt with fraud or theft before, or know someone who has, recovery can be a time-consuming and stressful process if you undertake it alone. With McAfee+ Advanced, you have around-the-clock support from a restoration expert with limited power of attorney who can take the steps that can help restore your credit and identity.
Working with an expert can lend you extra peace of mind, particularly in a time where there’s plenty of uncertainty. First, you’ll know that a professional is working on your case—a person who knows exactly where to start and what needs to happen for the best possible outcome. Second, you’ll get precious time back, time you’d otherwise have to spend if you took on the process yourself.
As mentioned above, with some personal information in hand, cybercriminals may seek out more. They may follow up a breach with rounds of phishing attacks that direct you to bogus sites designed to steal your personal information—either by tricking you into providing it or by stealing it without your knowledge. So, it’s always wise to keep a skeptical eye open for unsolicited messages or phone calls that ask you for information in some form or other, often in ways that urge or pressure you into acting.
An identity monitoring service can monitor your information from email addresses to IDs and phone numbers for signs of breaches so you can take action to secure your accounts before they’re used for identity theft. Personal information harvested from data breaches can end up on dark web marketplaces where it’s bought by other cyber criminals so they can launch their own attacks. McAfee monitors the dark web for your personal info and provides early alerts if your data is found, an average of 10 months ahead of similar services. We also provide guidance to help you act if your information is found.
While it does not appear that login information was affected, a password update is still a strong security move. Strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager will help you keep on top of it all, while also storing your passwords securely. Moreover, changing your passwords regularly may make a stolen password worthless because it’s out of date.
While a strong and unique password is a good first line of defense, enabling two-factor authentication across your accounts will help your cause by providing an added layer of security. It’s increasingly common to see nowadays where banks and all manner of online services will only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone. If your accounts support two-factor authentication, enable it.
Mentioned earlier, information stolen in a data breach may indirectly identify you. Yet when pieced together with other information, it can then directly identify you. One way cybercriminals complete this identity picture puzzle is with information provided by data brokers that buy and sell personal information online. However, you can take some control over this. Our Personal Data Cleanup service scans high-risk data broker sites for your personal information and then helps you remove it—which denies cybercriminals the information they may need to commit identity theft.
When personal information gets released, there’s a chance that a hacker, scammer, or thief will put it to use. This may include committing fraud, where they draw funds from existing accounts, and theft, where they create new accounts in a victim’s name.
Even though it’s believed that no payment information was involved in this breach, customers should still take steps to monitor their statements and their overall credit report so that they can spot and address any unusual activity. Optus has announced that it will offer affected customers 12 months of credit and identity monitoring through Equifax, one of the major global credit agencies, at no cost.
Another step that customers can take is to place a credit freeze on their credit reports with the major credit agencies in Australia— Equifax, illion, and Experian. This will help prevent cybercriminals from opening new lines of credit or taking out loans in a victim’s name by “freezing” their credit report so that potential creditors cannot pull it for reference. Terms of freezing a credit report will vary, so check with each agency for details.
A complete suite of online protection software can offer layers of extra security for future protection. In addition to more private and secure time online with a VPN, identity monitoring, and password management, protection like McAfee+ Advanced includes web browser protection that can block malicious and suspicious links that could lead you down the road to malware or a phishing scam—which antivirus protection can’t do alone.
Per Optus, a subset of those affected may have had their driver’s license and/or passport ID number affected by the breach. Given that license and passport ID numbers are such unique pieces of personally identifiable information, anyone notified by Optus that theirs may have been affected should strongly consider changing them.
The process for replacing either document will vary depending on your state or territory. Given the scope of the attack, some states and territories have proposed making exceptions to the rules for attack victims. As of this writing, that picture continues to evolve, so look to your local government for guidance.
Not all data breaches make the news. Businesses and organizations, large and small, have all fallen victim to them, and with regularity. The measures you can take here are measures you can take even if you don’t believe you were caught up in the Optus breach. As you can see, several of them are preventative, which is important because word of data breaches tend to reach customers days, weeks, or even months after they’ve been discovered—leaving cybercriminals plenty of opportunity to commit all kinds of identity crime in the meantime.
In this case, the breach certainly made the news due to its apparent size and scale. And as Optus works with law enforcement and government officials, more details into the attack and who has been affected will arise.
However, you have every reason to act now rather than wait for additional news. Staying on top of our credit and identity has always been important, but given all the devices, apps, and accounts we keep these days leaves us more exposed than ever, making protecting ourselves a must.
The post The Optus Data Breach – Steps You Can Take to Protect Yourself appeared first on McAfee Blog.
Are you hoping to buy a house or apply for a car, personal, or business loan at some point? A great credit score helps to achieve all those things. You never know the twists and turns life might take you, so even if these financial milestones aren’t on your radar now, it’s nice to know that a great credit score will open many doors for you when you’re ready. The better your credit score, the more likely you are to get the loan you want at the best interest rate. People spend years (even decades!) working to improve their credit scores to unlock numerous opportunities. In the blink of an eye though, a credit fraudster can erase all that hard work and inflict long-term credit damage. It can cost huge sums to repair and take years to correct.
Many people feel lost on how to prevent these problems or what to do if they suspect identity theft. Luckily, new McAfee services called credit lock and security freeze, which includes credit freeze, are great tools to add to your credit protection toolbelt. They’ll help protect your most personal information from thieves, and both services will help give you the peace of mind you need to confidently go about your day.
Keep reading to learn more about McAfee’s credit lock and security freeze and find out how you can use them to help you from the negative consequences of identity theft.
Credit fraud is a type of identity theft where a criminal uses your information to borrow money, open a new credit or debit card, or uses your card to make purchases that they never intend to pay off. Then, when the loan defaults and the bills stack up, the victim is often left with their credit score in shambles.
According to the FTC, credit fraud is the most common type of identity theft in 2020 and 2021, receiving nearly 18,000 reports from people saying that someone used their information to gain illegal access to their credit card accounts.1
To make sure we’re all on the same page, here are quick definitions of McAfee’s credit lock and security freeze services.
A credit lock and a credit freeze both stop companies from accessing your credit information without your consent when an application for a loan or credit card is submitted. The main difference lies in their speed and credit bureau coverage. By toggling a switch in the McAfee Protection Center, turning on a credit lock is almost instantaneous. A credit freeze can take up to a day to enable or remove; however, it may offer stronger financial loss protection in most U.S. states if an unauthorized line of credit goes through while all three credit bureaus are frozen. Also, McAfee’s credit lock stops one credit bureau from accessing your account, while a credit freeze enables you to halt all three.
Just make sure that you unlock and unfreeze your credit before you do the following:
These are all situations where a bank or creditor will need to access your credit files. Luckily, with significant purchases and financing opportunities like these, you usually plan ahead, so you should have plenty to time to enable access to your credit. To unlock your credit, just click the credit lock toggle. To unlock a freeze, use the same provided links, sign into your account, and follow the instructions from there.
To further help you decide which service may be best for your needs, here are the situations where credit lock and credit freeze would be most helpful.
McAfee credit lock lets you simply toggle on and off one credit bureau’s ability to access your credit report. Usually, filing a lock on your credit with a bureau requires filling out forms and remembering a PIN to apply or remove a lock. Not with McAfee’s credit lock! You can turn a lock on and off at will through the McAfee Protection Center.
Convenience and blazing speed are ideal in situations where you’re worried that a criminal has your personal information and may use it to open accounts in your name that could then damage your well-earned great credit. Some people may choose to always have the credit lock enabled and only unlock it when they’re applying for a credit card or loan. That way, they can feel better about the safety of their credit score.
Credit freeze provides protection and peace of mind just like credit lock; however it enables you to freeze your account at all three major credit bureaus. When creditors check your credit score, they could do so with any credit bureau. If you only freeze one bureau’s access to your information, that still leaves the other two to make inquiries, so it’s important to set up a freeze for each one to cover all your bases.
As mentioned, a credit freeze is just one type of security freeze offered by McAfee. If you’re worried about an identity thief opening not just credit cards, but also utility and/or bank accounts in your name, McAfee’s utility freeze and bank freeze may be additional services for you. Security freeze helps stop unauthorized fraud attempts by giving you quick links and phone numbers. Having all these contact details in one place really speeds up the process and takes the guesswork out of if you’re contacting the correct offices.
Dealing with identity theft or credit fraud is a scary and stressful situation. That’s why McAfee is here with tools that help you protect you. Credit lock and credit freeze may help you feel calmer in a situation of suspected or real identity theft and gives you peace of mind to help prevent credit fraud from happening in the first place. Speed is of the utmost importance when foiling a criminal, so both solutions are easy to use with intuitive design so you’re not wasting time trying to figure out how they work. Plus, neither will affect your credit score. They just stop creditors from looking at your credit files, while you continue to boost your credit with your smart habits.
With both credit lock or credit freeze in your back pocket, you can feel more secure knowing you’re better protected from credit fraud.
1Fortunly, “20 Worrying Identity Theft Statistics for 2022”
The post Credit Lock and Credit Freeze: Which Service Is Best for You? Both! appeared first on McAfee Blog.
Online predators increasingly trick or coerce youth into sharing explicit videos and photos of themselves before threatening to post the content online
The post Protecting teens from sextortion: What parents should know appeared first on WeLiveSecurity
In the fall of 2021, cryptocurrency value skyrocketed. Ethereum and Bitcoin had their highest values ever, causing a huge stir in interest in online currencies from experts, hobbyists and newbies alike … and in cybercriminals seeking huge paydays. Since then, cryptocurrency value has cooled, as has the public’s opinion about whether it’s worth the risk. Huge cryptohacking events dominate the headlines, leaving us to wonder: Is cryptocurrency losing its credibility?
In this article, you’ll learn about recent unfortunate crypto hacks and a few cryptocurrency security tips to help you avoid a similar misfortune.
A crypto wallet is the software or the physical device that stores the public and private keys to your cryptocurrency. A public key is the string of letters and numbers that people swap with each other in crypto transactions. It’s ok to share a public key with someone you trust. Your private key, however, must remain private — think of it like the password that secures your online bank account. Just like your actual wallet, if it falls into the wrong hands, you can lose a lot of money.
A malware called Mars Stealer infiltrated several crypto wallet browser extensions, including the popular MetaMask. The malware stole private keys and then erased its tracks to mask that it had ever gained entry to the wallet.1
One way to completely avoid a breach to your software crypto wallet is to opt for a hardware wallet. A hardware wallet is a physical device that can only be opened with a PIN. But there is some risk involved with a hardware wallet: if you drop it down the drain, all your crypto is gone. If you forget your wallet PIN, there is no customer service chatbot that can help you remember it. You are solely responsible for keeping track of it. For those who are confident in their hardware’s hiding spot and their personal organizational skills, they can benefit from its added security.
For anyone less sure of their ability to keep track of a hardware wallet, a software wallet is a fine alternative, though always been on alert of software wallet hacks. Keep an eye on crypto news and be ready to secure your software at a moment’s notice. Measures include un-downloading browser extensions, changing passwords, or transferring your crypto assets to another software wallet.
In the case of the Mars Stealer malware that affected MetaMask, being careful about visiting secure sites and only clicking on trustworthy links could’ve helped prevent it. Mars Stealer made its way onto people’s devices after they clicked on an infected link or visited a risky website. Stick to websites you know you can trust and consider springing for well-known streaming services and paying for software instead of torrenting from free sources.
Cryptocurrency enthusiasts often spread their crypto investments across various currency types and blockchain environments. Software known as a bridge can link numerous accounts and types, making it easier to send currency.
The cross-chain bridge Horizon experienced was on its Harmony blockchain, where a hacker stole about $100 million in Ethereum and tokens. The hacker stole two private keys, with which they could then validate this huge transaction into their own wallet. To hopefully prevent this from happening in the future, Horizon now requires more than just two validators.2
According to one report, in 2022, 69% of all cryptocurrency losses have occurred in bridge attacks.3 If you exchange cryptocurrencies with other users and have various accounts, it’s almost inevitable that you’ll use bridge software. To keep your assets safe, make sure to extensively research any bridge before trusting it. Take a look at their security protocols and how they’ve responded to past breaches, if applicable.
In the case of Horizon, the stolen private keys were encrypted with a passphrase and with a key management service, which follows best practices. Make sure that you always defend your private keys and all your cryptocurrency-related accounts with multi-factor authentication. Even though it may not 100% protect your assets, it’ll foil a less persistent cybercriminal.
Phishing attacks on bridge companies in conjunction with software hacks are also common. In this scenario, there’s unfortunately not much you can control. What you can control is how quickly and completely you respond to the cybercrime event. Remove the bridge software from your devices, transfer all your assets to a hardware wallet, and await further instructions from the bridge company on how to proceed.
Decentralized finance, or DeFi, is now one of the riskiest aspects of cryptocurrency. DeFi is a system without governing bodies. Some crypto traders like the anonymity and autonomy of being able to make transactions without a bank or institution tracking their assets. The drawback is that the code used in smart contracts isn’t bulletproof and has been at the center of several costly cybercrimes. Smart contracts are agreed upon by crypto buyers and sellers, and they contain code that programs crypto to perform certain financial transactions.
Three multi-million-dollar heists – Wormhole, Beanstalk Farms and Ronin bridge – occurred in quick succession, and smart contracts were at the center of each.4 In the case of Wormhole, a cybercriminal minted 120,000 in one currency and then traded them for Ethereum without putting up the necessary collateral. In the end, the hacker cashed out with $320 million. Beanstalk Farms lost $182 million when a hacker discovered a loophole in the stablecoin’s flash loan smart contract. Axie Infinity’s Ronin bridge was hit for $625 million when a hacker took control over and signed five of the nine validator nodes through a smart contract hole.4
To be safe, conduct all crypto transactions on well-known and trustworthy software, applications, bridges, and wallets that are backed by a governing body. What you lose in anonymity you gain in security by way of regulated protocols. Hackers are targeting smart contracts because they do not have to depend on large-scale phishing schemes to get the information they need. Instead, they can infiltrate the code themselves and steal assets from the smartest and most careful crypto users. Because there’s almost no way you can predict the next smart contract hack, the best path forward is to always remain on your toes and be ready to react should one occur.
Don’t let these costly hacks be what stops you from exploring crypto! Crypto is great as a side hustle if you’re committed to security and are strategic in your investments. Make sure you follow the best practices outlined and arm all your devices (mobile included!) with top-notch security, such as antivirus software, a VPN, and a password manager, all of which are included in McAfee +.
Privacy, excellent security habits, and an eagle eye can help you enjoy the most out of cryptocurrency and sidestep its costly pitfalls. Now, go forth confidently and prosper in the crypto realm!
1Cointelegraph, “Hodlers, beware! New malware targets MetaMask and 40 other crypto wallets”
2Halborn, “Explained: The Harmony Horizon Bridge Hack”
3Chainalysis, “Vulnerabilities in Cross-chain Bridge Protocols Emerge as Top Security Risk”
4Protocol, “Crypto is crumbling, and DeFi hacks are getting worse”
5Cointelegraph, “Beanstalk Farms loses $182M in DeFi governance exploit”
The post Cryptohacking: Is Cryptocurrency Losing Its Credibility? appeared first on McAfee Blog.
Ransomware is one of the most dangerous threats organizations face today, so it’s no wonder that Cisco Talos Incident Response named it the top threat of the year in 2021. These attacks continue to grow and become more advanced, with ransomware attacks growing by 13% over 2021 and a whopping 79% over 2020 so far this year (see Figure 1 below).1 Stopping ransomware attacks isn’t easy either, as adversaries continue to change their techniques and attacks become increasingly sophisticated.
Fortunately, Cisco Secure Endpoint defends your organization from ransomware by delivering security outcomes that enable you to radically simplify your security, maximize your security operations, and achieve peace of mind. Let’s dive deeper into each of these areas to better understand how Secure Endpoint can help your organization defend against ransomware attacks.
Cybersecurity has become increasingly complex due to the numerous security solutions deployed by organizations today. These disparate point-products increase complexity while creating security gaps because they require additional management overhead and typically don’t communicate with each other. This increases the burden on security operations teams since they must spend time managing these different solutions and filling in the gaps between tools rather than using their time to investigate and respond to threats
Cisco takes a very different approach to cybersecurity by looking at ransomware endpoint protection holistically, as part of an integrated security solution. For instance, Secure Endpoint includes built-in extended detection and response (XDR) capabilities from the Cisco SecureX platform that centralizes visibility in a single console, creates high-fidelity detections by correlating threats, and coordinates threat response across your entire security environment. In addition, Secure Endpoint unifies your security stack, simplifies management, and reduces agent fatigue because we’ve consolidated endpoint protection, cloud security, and remote access agents into a single agent.
Learn more about how Secure Endpoint helps you simplify your security while defending your organization from ransomware attacks by watching this video:
One of the common themes we’ve heard from our customers is that their security operations teams are frequently overstretched. The ongoing cybersecurity skills shortage means that security teams have to do more with less and a vast number of security tools to manage along with inefficient security operations processes, often leading to burned-out security teams.
Cisco addresses these challenges by allowing you to get the most out of your security operations. For example, you can accelerate investigation and incident response with valuable vulnerability context since we’ve integrated risk-based vulnerability management from Kenna Security into Secure Endpoint. Moreover, Secure Endpoint includes advanced endpoint detection and response (EDR) capabilities via Orbital Advanced Search and built-in XDR from SecureX that enable you to rapidly detect, respond to, and contain ransomware attacks. Lastly, you can get the security expertise you need with proactive threat hunting from SecureX Threat Hunting, which uses an analyst-centric process to quickly spot hidden ransomware.
Check out how Secure Endpoint helps you maximize your security operations while defending your organization from ransomware attacks by watching this video:
Keeping up with the latest ransomware attacks can seem like an impossible challenge due to Ransomware-as-a-service (RaaS) kits which make it simple and lucrative to target organizations with ransomware and the evolving threat landscape, where attackers are continuously changing their methods to evade detection.
Cisco helps you stay ahead of the newest ransomware attacks and gives you the peace of mind you deserve by taking a comprehensive approach to ransomware endpoint protection. This means ensuring that you never have to go it alone with always-on security operations from Cisco Secure Endpoint Pro, a managed service that uses a team of Cisco security experts to perform the heavy lifting of securing your endpoints. It also includes offering advanced EDR and integrated XDR capabilities such as Orbital and SecureX to speed detection and response, simplify investigations, and quickly contain ransomware attacks before it’s too late. Finally, Secure Endpoint prevents initial ransomware infections with multifaceted prevention techniques such as machine learning, exploit prevention, and behavioral protection as well as actionable threat intelligence from the Cisco Talos research team.
Learn more about how Secure Endpoint helps you achieve peace of mind while defending your organization from ransomware attacks by watching this video:
All these capabilities in Cisco Secure Endpoint enable you to defend against ransomware attacks from compromising your endpoints while ensuring you stay resilient against threats. For more information on how Secure Endpoint can defend your organization from ransomware attacks, please watch the Cisco Secure Endpoint Ransomware Series.
1 BlackFog The State of Ransomware in 2022: https://www.blackfog.com/the-state-of-ransomware-in-2022
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Our all-new ransomware coverage is now available, ready to help just in case—all backed by expert advice to help you find the quickest and best possible path to recovery.
Ransomware coverage from McAfee can reimburse you up to $25,000 for losses resulting from a ransomware threat, including financial losses and ransom fees. You’ll find this ransomware coverage included with our McAfee+ Ultimate plan.
As well as eligibility for ransomware reimbursement, our team of experts can help you:
However, it’s important to realize that ransomware is unlike any other attack. When ransomware locks someone out of their device or encrypts their data and files so they can’t use them, a demand is usually made for money. Sometimes, paying the ransom results in the device being made accessible again or the files being decrypted. Yet like any ransom case, this result is not always guaranteed. There are plenty of cases where people pay the ransom but never get their data or access to their devices back.
Again, our coverage includes guidance from our expert advisers to help walk you through your options should the worst happen to you. You won’t be in it alone—particularly as you look to recover from what can be a complicated attack.
As the name implies, ransomware is a type of malware that holds your device or information for ransom. It may lock your computer or smartphone entirely or it may you out of your files by encrypting them so that you can’t access them. Whether it’s a hacker or a cybercrime organization behind the attack, the bad actor involved holds the key to unlock those files—and promises to do so. For a price. And as mentioned above, sometimes that doesn’t happen, even if you pay.
Ransomware can infect your devices several different ways:
Ransomware has seen quite the evolution over the years. Its origins date back to the late 1980s, where malware-loaded floppy disks were sent to users who installed them under false pretenses. There the malware would lie in wait until the user rebooted their computer for the 90th time and presented with a digital ransom note.
From there, ransomware attacks on individuals became more sophisticated, and more lucrative, with the advent of the internet and the millions of everyday users who flocked to it. Using phishing emails, malware downloads from phony sites, and compromised software and networks, hackers rapidly expanded their ransomware reach.
However, yet more lucrative for hackers and organized cybercriminals were public and private organizations. Shifting their attacks to so-called “big game” targets, hackers and organized cybercriminals have used ransomware to extort money from hospitals, city governments, financial institutions, and key energy infrastructure companies, to name just a few. Seeing further opportunity, ransomware attackers then began targeting smaller and mid-sized businesses as well. While the ransom demands account for lower amounts, these organizations often lack dedicated cybersecurity teams and the protections that come along with them, making these organizations easier to victimize.
Meanwhile, the body of malicious code and attack packages used to launch ransomware attacks has only grown. As a result, small-time hackers and hacking groups can find the tools they need to conduct an attack for sale or for lease as a service (Ransomware as a Service, or RaaS). In effect, these bad actors can simply access a dark web marketplace and figuratively pull a ready-to-deploy attack off the shelf.
As a result, ransomware remains a concern for individuals, even as businesses and governmental bodies of all sizes deal with its threat.
What makes ransomware so damaging is just how much effort it can take to undo. Setting aside the sophisticated attacks on businesses and governments for a moment, even those “off-the-shelf” attacks that some hackers will launch against individuals go beyond the average user’s ability to undo. For example, there are some known attacks with known methods of decrypting the data, however, that requires knowing specifically which attack was used. Attempting to undo the encryption with the wrong solution can potentially encrypt that data even more.
So without question, the best defense against ransomware is prevention. Comprehensive online protection software gives you the tools you need to help avoid becoming a ransomware victim. A few include:
Moreover, you can protect yourself further by backing up your files and data. A cloud storage solution,121cwdv 1765ujb n4yh that’s secured with a strong and unique password, offers one path. Likewise, you can back up your files on an external disk or drive, making sure to keep it disconnected from your network and stored in a safe place.
Also as mentioned in the bullets above, keep your operating system and apps current with the latest updates. Beyond making improvements in your operating system and apps, updates often also address security issues that hackers often use to compromise devices and apps.
Lastly, stay alert. Keep an eye out for sketchy links, attachments, websites, and messages. Bad actors will pull all kinds of phishing tricks to lure you their way, places where they try to compromise you, your devices, and data.
Taken together, the combination of online protection software and a few preventative steps can greatly reduce the chance that you’ll fall victim to ransomware. From there, you also have the assurance of our ransomware coverage, ready to get on the path to recovery, just in case.
The post All-New Ransomware Coverage Opens Up the Path to Recovery appeared first on McAfee Blog.
Written by Martin Lee and Richard Archdeacon.
Lloyds of London have recently published a Market Bulletin1 addressing the wording of cyber insurance policies to exclude losses arising from:
“state backed cyber-attacks that (a) significantly impair the ability of a state to function or (b) that significantly impair the security capabilities of a state.”
The concern raised is that this sort of attack will produce losses that the market cannot absorb. Most insurance policies already include provisions that exclude the consequences of armed conflict. Applying these to potential cyber warfare is a logical step.
The bulletin includes the tenet to:
“set out a robust basis by which the parties agree on how any state backed cyber- attack will be attributed to one or more states.”
What should the CISO be thinking of when reviewing such an exclusion clause, how can we clearly define this key term and what issues may arise?
Attribution is the science of identifying the perpetrator of a crime. In cyber attacks, this is arrived at by comparing the evidence gathered from an attack with evidence gathered from previous attacks that have been attributed to known perpetrators to identify similarities.
In practice, statements of attributions are carefully phrased. Rarely is evidence clear-cut. Frequently attribution is labelled as being ‘consistent with’ a threat actor, or wrapped in words of estimative probability such as ‘highly likely’, ‘probably’, ‘possibly’ etc.
The malicious actors who conduct cyber attacks are referred to as threat actors. The cyber research community identifies and keeps track of the actions of these threat actors, publishing compendia of known actors such as those made available by MITRE2 or Malpedia3.
Rarely do threat actors identify their true identities, they may actively try to confuse or frustrate attribution. Many of the named groups may be synonyms of other groups, equally many of the chains of evidence used to attribute groups may be incorrect. The compendia of threat actors should not be considered as reaching the evidence threshold of “beyond reasonable doubt”.
Some identified threat actor groups are assumed to be criminal gangs due to the nature of their activity. Others appear to be conducting attacks solely to further the geopolitical aims of a nation state and are assumed as being state sponsored or state backed. Some of these groups have been able to be associated with specific national intelligence agencies or state apparatus.
The following are four practical factors to consider when setting out a robust basis for attribution of attacks in a contractual basis.
Step 1 – Collect forensic evidence.
No attribution of an attack can be made without forensic evidence. CISOs should ensure that they are able to gather forensic evidence from attacks to identify as much information as possible regarding how an attack was carried out, and the infrastructure used by the attacker. This requires a basic level of security telemetry gathering with the ability to secure and query this data.
This forensic capability, how evidence will be gathered and preserved, should be agreed with the insurer. However, both parties must bear in mind that attackers may destroy or tamper with evidence, and in the urgency of halting an attack, forensic evidence may be compromised or omitted.
The CISO should be prepared to discuss internally with senior executives the possibly competing priorities of stopping an attack versus collecting good forensic evidence.
Step 2 – Define how attribution will be made.
The attribution of a specific attack must be made by comparing evidence gathered from the attack with that of previous attacks. CISOs should agree the process by which forensic artifacts are used to attribute attacks and the degree of certitude necessary to declare an attack as having been carried out by a specific group.
The set of organisations trusted to assert attribution should be agreed. Attribution made by national bodies such as NCSC, CISA or ENISA may be assumed to be reliable, as may those made by major security vendors (such as Cisco) with expertise and resources that a CISO will never have inhouse. However, anyone can suggest attribution. CISOs should be certain to insist on the exclusion of assertions that have not been confirmed by a trusted entity.
This raises the question as to whether a trusted organisation would be prepared to support their attribution in a scenario where they would have to expose their intelligence sources and methodologies to examination. Attribution may be based on classified intelligence, or made according to ‘fair efforts’ that fall below the legal threshold of “on the balance of probabilities.”
Step 3 – Consider the volatility of attribution.
The gathering of evidence and intelligence is a continuing process. Information previously assumed to be fact may be subsequently identified as incorrect or a purposeful red herring. New evidence may be identified months or years after an attack that changes the estimated attribution of prior attacks.
CISOs must determine a period after which the attribution of attack (if made) will not be changed even if subsequent evidence is uncovered.
Step 4 – Define the nature of state backing.
CISOs should agree what constitutes state backing. Ideally CISOs should agree with their insurers the set of threat actor groups (and their synonyms) which are considered to be ‘state backed’.
State involvement in cyber attacks is a spectrum of activity. Criminal threat actors may be under various degrees of state tolerance or encouragement without being fully backed by a nation state. Some criminal groups may be under partial state direction, acting in a manner akin to privateers. Some state backed actors may indulge in criminal style attacks to boost their coffers.
In any case, criminal and state sponsored actors can easily be confused. They may choose to use the same tools or apply the same techniques to conduct their activities. Non-state threat actors may come into possession of state developed tools which may have been stolen or traded without permission.
Some threat actors may actively resort to influence attribution, either through choice of tooling, or through sock puppet accounts attesting attribution, to increase pressure on CISOs to pay ransoms by influencing if insurance is paid out or not.
The decision line where an attack can be referred to a ‘state backed’ is a fine one that requires consideration and agreement.
Changes bring opportunities, the need for this robust process may cause complications for CISOs. But it is an opportunity for CISOs to review the details of cyber insurance contracts and to hammer out the details of how issues of attribution will be determined.
Lloyd’s Market Association provide sample clauses for insurers4, we intend to consider these in a subsequent blog.
One thing is certain, there will be many opportunities for the legal profession.
The information provided here does not, and is not intended to, constitute legal advice. When negotiating a specific matter, readers should confer with their own legal adviser to obtain advice appropriate for a specific insurance contract issue.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Explore the nature of vulnerabilities in this episode of ThreatWise TV.
It’s shaping up to be another big year for vulnerability disclosure. Already the number of Common Vulnerabilities and Exposures (CVEs) disclosed has crossed 18,000 and it’s on track to make this another record-breaking year.
With new CVEs being disclosed daily, it has become increasingly difficult for security teams to stay abreast of the latest risks, let alone quickly determine which ones apply to their network environment. From those, prioritizing which CVEs to patch first adds an additional wrinkle to the process.
If this wasn’t challenging enough, a curve ball that’s often lobbed at security teams are the “breaking news” vulnerabilities— vulnerabilities picked up by the security media, often with much fanfare. The stories surrounding these high-profile vulnerabilities generally carry an implied threat that the CVE in question will throw the doors wide open to attackers if not addressed immediately. What security team hasn’t had someone from the C-suite share an article they’ve read, asking “are we protected from this?”
On the surface, CVEs that appear severe enough to garner media attention do seem like a good place to start when addressing vulnerabilities in your environment. But vulnerabilities are complicated, and what a security researcher manages to do within a controlled environment doesn’t always translate into real-world attacks. In fact, most disclosed vulnerabilities never see active exploitation. And of those that do, not every vulnerability ends up becoming a tool in an attacker’s arsenal. Bad actors generally follow the path of least resistance when they compromise a network, relying on tested exploits long before trying something new and unproven.
This begs the question: how much overlap is there between the most talked about vulnerabilities and those that are widely used in attacks? Moreover, if media attention isn’t a reliable indicator, what else might predict if a vulnerability will be used in an attack?
To answer these questions, we used intelligence tools available from Cisco’s Kenna Security risk-based vulnerability management (RBVM) software. In particular, Kenna.VI+ consolidates a variety of vulnerability intelligence, where a CVE ID lookup can pull back a wealth of information. In addition to this, Kenna.VI+ includes an API that brings in an additional layer of external threat intelligence, enabling further analysis.
We started with a direct comparison of Successful Exploitations and Chatter Count from within Kenna.VI+. The former is a full count of confirmed exploits within the dataset, while the latter is a count of mentions in the news, social media, various forums, and the dark web.
Our first pass at the data included a comparison of the top 50 CVEs in both Successful Exploitations and Chatter Count. However, there were only two CVEs that overlapped. The data showed that many of the top exploited CVEs were old and predated the data in Chatter Count. We quickly decided that this wasn’t a fair comparison.
To get a better look at more relevant CVEs, we limited the dataset to a range of 10 years. Unfortunately, this did not do much to improve things—only three CVEs showed up in both lists.
A more effective approach was to look at CVEs that we know are actively being exploited. The Cybersecurity and Infrastructure Security Agency (CISA) happens to maintain such a list. The Known Exploited Vulnerabilities (KEV) catalog is considered an authoritative compilation of vulnerabilities identified as being actively exploited in the wild.
Running the KEV catalog though Kenna.VI+ resulted in six CVEs that appeared in the top 50 for both lists, with a single overlap in the top 10. This leads us to conclude that the vulnerabilities with the most discussion are not the same as those being actively exploited in the majority of cases.
| CVE | Brief description | |
| 1 | CVE-2017-9841 | PHPUnit vulnerability (used to target popular CMSes) |
| 2 | CVE-2021-44228 | Log4j vulnerability |
| 3 | CVE-2019-0703 | Windows SMB information disclosure vulnerability |
| 4 | CVE-2014-0160 | Heartbleed vulnerability |
| 5 | CVE-2017-9805 | REST plugin in Apache Struts vulnerability |
| 6 | CVE-2017-11882 | Microsoft Office memory corruption vulnerability |
| 7 | CVE-2017-5638 | Apache Struts vulnerability (used in Equifax breach) |
| 8 | CVE-2012-1823 | 10-year-old PHP vulnerability |
| 9 | CVE-2017-0144 | EternalBlue vulnerability |
| 10 | CVE-2018-11776 | Apache Struts RCE vulnerability |
| CVE | Brief description | |
| 1 | CVE-2021-26855 | Microsoft Exchange vulnerability (used in Hafnium attacks) |
| 2 | CVE-2021-40444 | Microsoft MSHTML RCE vulnerability |
| 3 | CVE-2021-26084 | Confluence Server and Data Center vulnerability |
| 4 | CVE-2021-27065 | Microsoft Exchange vulnerability (used in Hafnium attacks) |
| 5 | CVE-2021-34473 | Microsoft Exchange vulnerability (used in Hafnium attacks) |
| 6 | CVE-2021-26858 | Microsoft Exchange vulnerability (used in Hafnium attacks) |
| 7 | CVE-2021-44228 | Log4j vulnerability |
| 8 | CVE-2021-34527 | One of the PrintNightmare vulnerabilities |
| 9 | CVE-2021-41773 | Apache HTTP Server vulnerability |
| 10 | CVE-2021-31207 | One of the ProxyShell vulnerabilities |
Despite the lack of overlap, there are many well-known vulnerabilities at the top of both lists. Heartbleed and EternalBlue appear on the top 10 exploited list, while Hafnium, PrintNightmare, and ProxyShell make the top 10 most talked about CVEs.
The Log4j vulnerability is the only CVE that appears in both lists. This isn’t surprising considering the ubiquity of Log4j in modern software. It’s the second-most exploited vulnerability—far outpacing the CVEs directly below it. This, coupled with its appearance in the chatter list, puts it in a class of its own. In a brief period, it’s managed to outpace older CVEs that are arguably just as well known.
The CVE that recorded the most successful exploitations is a five-year-old vulnerability in PHPUnit. This is a popular unit-testing framework that’s used by many CMSes, such as Drupal, WordPress, MediaWiki, and Moodle.
Since many websites are built with these tools, this exploit can be a handy vector for gaining initial access to unpatched webservers. This also lines up with research we conducted last year, where this vulnerability was one of the most common Snort detections seen by Cisco Secure Firewall.
All four of the Microsoft Exchange Server vulnerabilities used in the Hafnium attacks appear in the most talked about list of CVEs. However, even when you add all four of these CVEs together, they still don’t come anywhere close to the counts seen in the top exploited CVEs.
If media attention is not a good predictor of use for exploitation, then what are the alternatives?
The Common Vulnerability Scoring System (CVSS) is a well-known framework for gauging the severity of vulnerabilities. We looked for CVEs from the KEV catalog that were ranked as “critical”—9.0 and above in the CVSSv3 specification. Examining the entire KEV catalog, 28% of the CVEs have a score of 9.0 or higher. Of the top 50 successfully exploited, 38% had such scores.
This is an improvement, but the CVSSv3 specification was released in 2015. Many CVEs in the KEV catalog predate this—19% of the entire catalog and 28% of the top 50—and have no score.
Using the previous CVSS specification does fill this gap—36% overall and 52% of the top 50 score 9.0 or higher. However, the older CVSS specification comes with its share of issues as well.
Another indicator worth exploring is remote control execution (RCE). A vulnerability with RCE grants an attacker the ability to access and control a vulnerable system from anywhere. It turns out that 45% of the CVEs in our dataset allow for RCE, and 66% of the top 50, making it the most worthwhile indicator analyzed.
Let’s summarize how we’ve honed our approach to determine if media attention and exploitation line up:
| Data set | Exploitation and Chatter lists | Number of CVEs |
| All CVEs | Appears in both top 50 | 2 |
| Appears in both top 50 (last 10 years) | 3 | |
| KEV Catalog | Appears in both top 50 | 6 |
| Appears in both top 10 | 1 |
And here’s a summary of our look at other indicators:
| KEV Catalog | Top 50 exploited | |
| CVSSv3 (9.0+) | 28% | 38% |
| CVSS (9.0+) | 36% | 52% |
| Allows for RCE | 45% | 66% |
All of this analysis provides a clear answer to our original question—the most regularly exploited CVEs aren’t the most talked about. Additional work highlights that monitoring variables like RCE can help with prioritization.
For illustrative purposes we’ve only looked at a few indicators that could be used to prioritize CVEs. While some did better than others, we don’t recommend relying on a single variable in making decisions about vulnerability management. Creating an approach that folds in multiple indicators is a far better strategy when it comes to real-world application of this data. And while our findings here speak to the larger picture, every network is different.
Regardless of which list they appear on, be it Successful Exploitations or Chatter Count, it’s important to point out that all these vulnerabilities are serious. Just because Hafnium has more talk than Heartbleed doesn’t make it any less dangerous if you have assets that are vulnerable to it. The fact is that while CVEs with more talk didn’t make the top of the exploitation list, they still managed to rack up tens of thousands of successful exploitations.
It’s important to know how to prioritize security updates, fixing those that expose you to the most risk as soon as possible. From our perspective, here are some basic elements in the Cisco Secure portfolio that can help.
Kenna Security, a pioneer in risk-based vulnerability management, relies on threat intel and prioritization to keep security and IT teams focused on risks. Using data science, Kenna processes and analyzes 18+ threat and exploit intelligence feeds, and 12.7+ billion managed vulnerabilities to give you an accurate view of your company’s risk. With our risk scoring and remediation intelligence, you get the info you need to make truly data-driven remediation decisions.
To responsibly protect a network, it’s important to monitor all assets that connect to it and ensure they’re kept up to date. Duo Device Trust can check the patch level of devices for you before they’re granted access to connect to corporate applications or sensitive data. You can even block access and enable self-remediation for devices that are found to be non-compliant.
How about remote workers? By leveraging the Network Visibility Module in Cisco Secure Client as a telemetry source, Cisco Secure Cloud Analytics can capture endpoint-specific user and device context to supply visibility into remote worker endpoint status. This can bolster an organization’s security posture by providing visibility on remote employees that are running software versions with vulnerabilities that need patching.
Lastly, for some “lateral thinking” about vulnerability management, take a look at this short video of one of our Advisory CISOs, Wolfgang Goerlich. Especially if you’re a fan of the music of the 1920s…
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
As Technology Audit Director at Cisco, Jacob Bolotin focuses on assessing Cisco’s technology, business, and strategic risk. Providing assurance that residual risk posture falls within business risk tolerance is critical to Cisco’s Audit Committee and executive leadership team, especially during the mergers and acquisitions (M&A) process.
Bolotin champions the continued advancement of the technology audit profession and received a master’s degree in cybersecurity from the University of California Berkeley. After completing the program in 2020, he spearheaded a grant from Cisco to fund research conducted by the university’s Center for Long-Term Cybersecurity, which included identifying best practices around cybersecurity risk and risk management in the M&A process, captured in this co-authored report.
When asked about his approach to evaluating risk management, Bolotin likens the corporate dynamics to a Formula One racing team, whose success depends on the effective collaboration of experts to meet the challenges of the most demanding racecourses. In Bolotin’s analogy, a corporation (say, Cisco) is the Formula One vehicle, and the business (i.e., executive and functional leaders) races the car on the track. In the pit, you have IT and technology support, which maintains operations and optimizes efficiencies to ensure the vehicle’s peak performance. Meanwhile, InfoSec is the designer and implementor of risk management capabilities (for instance, ensuring the latest technology is deployed and within expected specifications). These groups converge to help keep the business running and help ensure the vehicle is race-day-worthy.
An M&A deal is a significant business opportunity and represents the transition to a new Formula One race car. In this scenario, the business cannot physically get behind the wheel and test drive it. Frequently, the car cannot be inspected, and critical data is not available for review before the deal. The competitive balance and sensitive nature of M&A deals require the business to trust that the car will perform as expected. “Laser-focused due diligence enables you to understand where the paved roads [the most efficient paths to data security, for example] may lie. This is where the Cisco Security and Trust M&A team plays an integral role,” says Bolotin. “They can look down those paved roads and determine, from a cybersecurity perspective, which capabilities Cisco should own, and which ones are better for the acquired business to manage. This team understands what to validate, so the audit committee and key stakeholders can be confident that the business will be able to drive the new Formula One car successfully and win the race.”
Risk management, assessment, and assurance are vital to establishing this confidence. The technology audit team conducts risk assessments across all of Cisco, including M&As, for key technology risk areas, including product build and operation. In addition to risk management oversight, Bolotin and the technology audit team are responsible for assuring the Audit Committee that the acquired entity can be operationalized within Cisco’s capabilities without undermining the asset’s valuation.
“We don’t want to run duplicate processes and systems, especially when we have bigger economies of scale to leverage,” Bolotin says. “We must operationalize the acquisition. That is table stakes. And we must do it while maintaining the integrity and security of the entity we are acquiring.”
In 2019, Bolotin resurrected a working group of technology audit director peers from companies, including Apple, Google, Microsoft, ServiceNow, and VMware, called the “Silicon Valley IT Audit Director Working Group”. The directors meet regularly to share insights and explore issues around technology risk, risk management, and business risk tolerance. “I wanted to get with my peers and understand how they do their job,” he says. “We collaborate on defining ‘what good looks like,’ as we co-develop audit and risk management programs to help move the industry forward”.
Bolotin, along with a few other members of the working group, was selected to participate in a separate research study conducted by the Center for Long-Term Cybersecurity, aimed at developing a generalized framework for improving cybersecurity risk management and oversight within M&A. Among the research questions, the working group members were asked to identify their key cybersecurity risks and where those risks sit in the M&A process.
“In my opinion, the biggest cybersecurity risks today are cloud security posture and third-party software inventory and bill of materials, or SBOM,” says Bolotin. “These risks impact not only product acquisitions but our ability to secure and operationalize business capabilities within Cisco. Whether we transition capabilities to run within Cisco or leave them for the acquired company to operate, we must have a thorough understanding of any third-party risks that may exist in IT, in the technologies and systems used by the acquired company, or anywhere else. Especially those that may impact the broader Cisco enterprise as the new entity is integrated.”
Cybersecurity risk is attached to talent management and moral hazards as well. “It’s not uncommon to lose talent in acquisition deals,” Bolotin says, “and these days, much of this talent is cybersecurity focused. This potential loss is a huge risk for us and can sometimes be due to cultural differences between Cisco and the acquired entity. People who would rather be on a swift and elegant sailboat do not readily choose to be a passenger on a massive cruise ship, no matter how grand or impressive.”
Moral hazards are always a concern in M&A. Red flags can include ongoing data breaches and either downplaying or providing misleading information about a security incident. The Cisco Security and Trust M&A team does a tremendous amount of due diligence around these hazards, sometimes augmented by investigative techniques from a Cisco security partner, such as trolling the dark web. Companies can protect themselves against the risk of moral hazards through clauses inserted in the acquisition contract.
Concerning contracts, Bolotin advises companies to ensure the risk management commitments they set down are realistic. “Companies need to be very sure they have received the right inputs to enable them to manage every relevant cybersecurity vulnerability, whether it is a misconfiguration on the acquisition’s security firewall, within their network, their product in the cloud, or any other significant vulnerability, based on contractual obligations. You need to be sure you can commit to privacy investigation and breach event readiness, and notification process the acquired entity needs and have a clear sense of how fast you can meet these requirements.”
Bolotin ardently reminds companies that risk management in cybersecurity is not owned by a solitary group. Managing risk is a collective effort that transcends different organizations, each of which should understand its role in helping to mitigate the risks.
“Risk management begins in the production environment, with the engineers building code and downloading software to help them create new products and capabilities,” says Bolotin. “It’s essential that everyone understands how to identify and properly manage cybersecurity risks in their everyday work, including the tools and services used to enable the business, and work to mitigate applicable risks, especially in these critical areas.”
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
FreshRSS 