Sunday, October 22, 2017

Surveying 17 Anti-Virus Firms on Their Security Practices

Surveying 17 Anti-Virus Firms on Their Security Practices

In Kaspersky Lab Saga's Wake, Here's How AV Firms Have Responded - Or Not
Surveying 17 Anti-Virus Firms on Their Security Practices
Photo: Blogtrepreneur, via Flickr/CC.
Allegations that Russian intelligence agents somehow co-opted Kaspersky Lab's anti-virus software, enabling them to search PCs for intelligence, raise questions not just about the security of the Moscow-based security firm's products, but all anti-virus products.
To recap: Israeli intelligence allegedly hacked into Kaspersky Lab's network and found Russian intelligence was already monitoring the company's communications with endpoints, as well as running searches for interesting-looking files on customers' PCs. Cue questions about whether Moscow-based Kaspersky Lab knew or abetted those intelligence efforts.
The allegations are a reminder that all anti-virus software is designed to run at a deep level on a PC, which is required to ensure it can excise malicious code. But such capabilities could be misused. Anti-virus software typically also sends copies of suspicious-looking files back to the vendor, so its malware researchers, often working with their peers in other security firms, can study the malware and create signatures. These signatures then get pushed out to all endpoints to better protect them.

All Software Has Flaws

Despite the allegations leveled against Kaspersky Lab, many security experts say that anti-virus software likely has enough exploitable vulnerabilities in it that a security firm would not need to be co-opted (see Yes Virginia, Even Security Software Has Flaws).
And as Dubai-based incident response expert Matt Suiche has noted, any security vendor might be targeted by intelligence agencies seeking easy access to targets' PCs.
When it comes to Kaspersky Lab, we'll probably never know what happened. "I don't think you can ever prove beyond a reasonable doubt that Kaspersky colluded as an organization with any government. It would have been much easier to simply breach Kaspersky, look for reports from the product that might contain material of interest to the intelligence community and then zero in on those machines," says Alan Woodward, a computer science professor at the University of Surrey.
If one takes Kaspersky Lab at its word - that it is innocent - that raises the question of how the company's ability to monitor and communicate with endpoints might be abused. It also raises the question of whether other security firms are similarly at risk - and what they're doing to protect their operations and customers.

What Defenses In Place?

To understand the defenses that anti-virus firms have in place to prevent these types of hack attacks or other misuse, Information Security Media Group reached out to 17 firms that develop anti-virus software for endpoints and posed detailed questions.
So far, seven firms have responded. Avira (Germany), Emsisoft (New Zealand), F-Secure (Finland), Kaspersky Lab (Russia) and Panda (Spain) offered detailed responses to my questions.
Meanwhile, Trend Micro (Japan) declined to field the questions. So did Webroot (United States), with the company saying that doing so would involve "giving away sensitive and competitive information or commenting on competitors in the space." But Chad Bacher, Webroot's senior vice president of product and technology alliances, lauded market competition. "All endpoint security companies utilize different approaches to keep their customers safe, which benefits consumers by bringing a healthy competition to the market."

The Sound of Silence

Since first querying the 17 firms - multiple times if necessary, beginning on Oct. 6, except for Malwarebytes and Sophos, first queried on Oct. 11 - the following firms have not responded to the posed questions:
  • Avast (Czech Republic)
  • Bitdefender (Romania)
  • Bullguard (United Kingdom)
  • ESET (Slovakia)
  • Malwarebytes (United States)
  • McAfee (United States)
  • Microsoft (United States)
  • Sophos (United Kingdom)
  • Symantec (United States)
  • VIPRE (United States)

6 Anti-Virus Questions

Here are the questions ISMG posed to all 17 anti-virus firms:
  • What steps do you take to secure suspicious file samples when they are transmitted from a user's PC to your researchers? For example, are all such communications encrypted?
  • Could outside attackers eavesdrop on those communications, and if so, how? What defenses are in place to prevent this?
  • Do you ever share copies of these files with VirusTotal, law enforcement agencies, or intelligence agencies domestic or foreign?
  • For a user, is sharing suspicious files with your researchers optional? If so, do users "opt in" - or must they "opt out"?
  • Do you anonymize the source of suspicious files, and if so, how (and at which point[s] in the submission chain)?
  • Has your firm engaged in any marketing that suggests that Kaspersky Lab products are not reliable, and does it have any hard evidence - aside from U.S. media reports - that cite anonymous sources) to back up these assertions?
"In view of the weaknesses we have seen in the supply chain in recent months, one might want to pay particular attention to what anti-virus software vendors say about how their back-end systems are protected," Woodward says.
Some firms, including Avira and F-Secure, note that they publish policies that spell out how they handle threat data and some of the above questions.
But here are the detailed responses received so far.

Avira's Response

Avira says it encrypts all communications between endpoints and its back-end systems, including encrypted file transfer to submit suspicious files for real-time analysis. Company spokeswoman Olivia Ciubotariu says all this analysis is done using "dedicated and secured networks for the analysis" because every file sample is presumed to be malicious, and that users can opt out of this analysis. Avira says it has never shared these files with VirusTotal, law enforcement agencies, or intelligence agencies domestic or foreign, and that all user data is anonymized.
"We anonymize all personal information before sending them to our database," Ciubotariu says. "The only purpose of Avira Protection Cloud is to protect our customers against widespread threats, and without violating data privacy."

Emsisoft's Response

Emsisoft says that by default, it does not transfer any suspicious files from a user's system to its cloud-based servers for analysis, but instead only transfers hashes of the file. This process is anonymous and active by default. "Any submissions of hashes are not linked with personal user information at any time, as the systems are separated," says Emsisoft's Holger Keller. "Users can opt out from participating in the Emsisoft Anti-Malware Network, which is our malware information cloud."
Users can, however, manually submit a suspicious file to Emsisoft, which triggers an SSL-only file transfer and creates a service ticket so that the company can respond to the user with its verdict on the file.
"[If] the user's computer is not compromised in the first place - i.e. with manipulated SSL certificate roots - we would consider transfers relatively safe," Keller tells Information Security Media Group. "Emsisoft intentionally does not make use of local SSL traffic interception, which seems to be a major security problem for a number of anti-virus vendors these days," he says (see Lenovo Slammed Over Superfish Adware).
File transfers are not anonymous, because Emsisoft needs to respond to the customer, although Keller says a user could provide fake contact details. "We have never shared any suspected malware files with any law enforcement or intelligence agencies," he adds.

F-Secure's Response

F-Secure says it makes heavy use of encryption and anonymization. "All queries regarding file (hashes) or URL reputation made to our 'security cloud' are encrypted," Sean Sullivan, security adviser at F-Secure, tells ISMG. "Files/samples uploaded/submitted to us by our customers are also encrypted. All customer submissions are flagged as confidential in our sample management system. They are only re-categorized if we can see through our partnerships and threat intelligence that the files are in the wild."
Sullivan says F-Secure does not submit files to VirusTotal, although it does share samples with "trusted partners," but only for samples "which are classified as nonconfidential." Information on a suspect file on a PC, meanwhile, pings the company's cloud security gateway, which will respond if the required information is in its cache. If not, a database handling ID gets dispatched and a back-end query made, thus obscuring the origin of the request.
Sullivan says that in general, one must "opt out" of sharing data with F-Secure, but says this is possible with all products, including its free online scanner. He also says the company does not save IP addresses, but discards this information immediately, localizing to the country level, to help analysts trace malware outbreaks and infection counts at a regional level. Before files get submitted, path names get normalized, usernames changed to "username" or the equivalent and file path metadata cleaned.
Some intelligence and analysis does get shared with CERT-FI - the computer emergency response team for Finland - that may disseminate the information to law enforcement agencies Sullivan says. "To my best knowledge, law enforcement agencies share with us, seeking our analysis, not the other way around," Sullivan says. He adds that says any information shared with CERT-FI is anonymized and tends to focus on malware command-and-control information and "analysis of malware targeting specific targets within a country," rather than sample sharing.

Panda's Response

Panda says it makes extensive use of encryption, which should block any attempt to eavesdrop on communications with endpoints. "The information sent is encrypted, and all communications are encrypted (HTTPS)," says Luis Corrons, technical director of PandaLabs, the firm's anti-malware laboratory.
Customers can opt out of sharing malware samples. "It is important to mention that we only send files that are capable of being executed - i.e. we won't send Word, Excel or PDF files," Corrons tells ISMG. "Most of them are PE [portable executable] files and then scripts," including Visual Basic, JavaScript and batch files.
"We only share malware files with other security companies, but that does not include files that have been found at a customer," Corrons says. "We do not have any share agreements with law enforcement or any intelligence agencies."

Kaspersky Lab's Response

A Kaspersky Lab spokeswoman tells ISMG that its Kaspersky Security Network is "an advanced cloud-based system that automatically processes cyber threat-related data received from millions of devices owned by Kaspersky Lab users across the world, who have voluntarily opted to use this system." It says this cloud-based approach is the one typically taken by larger IT security vendors.
"All communications between clients and Kaspersky Lab infrastructure are reliably encrypted," the spokeswoman says. "The company uses strong encryption, including algorithm RSA 2048 handshake and AES 256 data encryption."
The company says it makes extensive use of encryption, digital certificates, segregated storage and strict data access policies. Anonymization is widespread. "Actions to achieve this include deleting account details from transmitted URLs, obtaining hash sums of threats instead of the exact files, obscuring user IP addresses, etc." The company says it regularly reviews these practices to ensure they comply with legal rules and privacy regulations, such as the EU's General Data Protection Regulation.
Users can opt out of at least some types of information sharing. "Depending on the product, users have the option to switch it off (for corporate solutions) or to limit the amount of data sent through the security cloud (for home solutions)," Kaspersky Lab says.
From a privacy standpoint, the security firm says that for any collected information:
  • "The information is used in the form of aggregated statistics;
  • "Logins and passwords are filtered out from transmitted URLs, even if they are stored in the initial browser request from the user;
  • "When we process possible threat data, by default we do not use the suspicious file. Instead we use hash-sum, which is a one-way math function that provides a unique file identifier;
  • "Where possible, we obscure IP addresses and device information from the data received;
  • "The data is stored on separated servers with strict policies regarding access rights, and all the information transferred between the user and the cloud is securely encrypted."
Kaspersky Lab says it "routinely assists law enforcement agencies and governments by providing technical expertise on malware and cyberattacks," and it may share malware samples gathered by KSN with law enforcement agencies, at their request. "The sharing of samples with law enforcement agencies is dictated by the local laws by which Kaspersky Lab strictly abides," it says. "We don't share user data with any third party; the industrywide exchange is limited to malicious samples and aggregated statistics."

VirusTotal Sharing

All but one of the security firms that offered answers to ISMG's questions say they do not share virus samples with Google's VirusTotal malware-scanning service.
Emsisoft says that "we exchange files and file information with VirusTotal if the source of a file doesn't generally object to that."

Comments: Allegations Against Kaspersky Lab

Avira, Emsisoft and F-Secure declined to comment on the allegations against Kaspersky Lab.
Panda, however, noted that "there is no real proof that Kaspersky Lab has been involved in any malicious activity" and said while Russia might attempt to security firm's product or cloud network, "it is a really unlikely scenario, although if there is some open conflict among both countries it could happen."
Emsisoft's Keller commented in more general terms, noting that "the conceptual problem of submitting files for deeper automated analysis doesn't only affect Kaspersky, but basically all anti-virus vendors." As malware grows more complicated, advanced analysis must typically be carried out on the server side. This can necessitate moving a copy of the file from a client onto a cloud-based server for analysis. "As those clouds are generally closed systems, nobody can tell for sure whether any files are redirected to intelligence services or just kept for statistical analysis as promised," he says.
To help mitigate any threats, Keller says, "sensitive data should be encrypted at all times" when interacting with cloud environments of any kind.

Who to Trust?

To be clear, posing questions to anti-virus firms doesn't mean that their software or back-end servers might not be co-opted now or in the future.
But the willingness of some firms to answer these types of questions may well become a factor for consumers and businesses around the world as they research which anti-virus firms they will trust to secure their systems (see Anti-Virus: Don't Stop Believing).
This report will be updated as more security firms respond.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe
Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the Executive Editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, amongst other publications. He lives in Scotland.


Friday, October 20, 2017

Dark web: De opkomst van cybercrime-as-a-service

Dark web: De opkomst van cybercrime-as-a-service

De redactie - 16 okt 2017
Share this now:

Steeds meer organisaties zijn slachtoffer geworden van sluwe criminelen die uit zijn op financieel gewin. Vijf tips om je te wapenen tegen de moderne cybercrimineel
Cyberspionage, afpersing, ransomware, malware, phising: het zijn slechts enkele tactieken die de digitale onderwereld gebruikt om een organisatie aan te vallen. Voor ieder bedrijf, van groot tot klein, is het dan ook van belang om kennis te hebben van de tactieken, werkwijzen en technieken die cybercriminelen gebruiken. Op basis hiervan kan je relevante digitale risico’s in kaart brengen en de beveiliging erop aansluiten. 
Tijdens de Cyber Security Week, die op 25 september van start ging in Den Haag, nam Mark Tibbs van Digital Shadows de bezoekers mee in de onderwereld van het internet. In zijn rondleiding door het dark web kwam duidelijk naar voren dat cybercriminaliteit een enorm en professioneel ecosysteem is dat zich continu ontwikkelt.
Deep, dark en openbaar 
Het internet is grofweg op te delen in drie gebieden. Het openbare web, het deep web en het dark web. Het openbare web is indexeerbaar door zoekmachines en iedereen met een internetverbinding heeft toegang tot dit gedeelte van het internet. Echter staat naar schatting zo’n 90 procent van alle informatie juist op het deep en dark web. Hier kom je niet door even te googlen. 
Ondanks dat het deep en dark web op elkaar lijken, zijn er duidelijke verschillen. Het deep web is lang niet voor iedereen toegankelijk. Alleen met de juiste rechten en inlogcodes krijg je toegang tot specifieke informatie. Het gaat hierbij vaak om overheidsinformatie, onderzoeksgegevens, financiĆ«le gegeven en databases van bedrijven. Het dark web is daarentegen wel grotendeels openbaar. Om er te komen heb je alleen speciale software nodig die de verbinding versleutelt en anonimiseert. De meest bekende varianten zijn TOR (The Onion Router) en I2P. Juist doordat je op het dark web anoniem bent, is het een plek bij uitstek waar cybercriminelen goed gedijen. 
Professioneel ecosysteem
Tibbs laat in zijn tour door het dark web zien dat het tegenwoordig kinderlijk eenvoudig is om criminele zaken te doen op het dark web. Gestolen creditcardgegevens kopen? Het is een kwestie van een webshop bezoeken, een land en creditcardmaatschappij kiezen, afrekenen in Bitcoins en de gegevens downloaden. Een hacker inschakelen? Een simpele zoekopdracht op het dark web naar ‘rent a hacker’ levert al tientallen hits op. Een bedrijf aanvallen met DDos? Voor een tientje koop je al 90 seconden ‘attacking time’. De opkomst van cybercrime-as-a-service zorgt voor een laag instapniveau en evident meer aanvallen op het bedrijfsleven. Reden te meer dus om ook het dark web goed in de gaten te houden.
Digital Shadows monitort en analyseert met eigen software en team van analisten het openbare, deep en dark web. Dit om klanten te voorzien van relevante intelligentie waarmee zij de beveiliging kunnen versterken. Maar ook om trends, tactieken en werkwijzen van de gemiddelde crimineel te identificeren. Het bedrijf signaleerde in 2017 alleen al 1.600 datalekken voor zijn klanten. 
Klantgericht
Tibbs laat tijdens zijn tour zien dat er een enorme evolutie gaande is in cybercrime. Waar vroeger cybercrimineel een parttime baantje was dat je uitvoerde op je zolderkamer, is het uitgegroeid tot een fulltime baan waar serieus geld mee te verdienen is. Het criminele netwerk op het dark web is tegenwoordig professioneler dan een gemiddeld e-commerce-bedrijf. Reclames, banners, kortingsacties, promotievideo’s en voordeelacties zijn aan de orde van de dag en moeten zorgen voor meer klanten en omzet. Ook bieden de marktplaatsen een zeer klantgerichte service. De klant kan genieten van niet goed geld terug, ruilen binnen 30 dagen, reviews over handelaren, handleidingen en aftersales. Al met al een serieuze onderneming dus. 
Gespecialiseerd
Een andere ontwikkeling die gaande is op het dark web, is specialisatie en versnippering. Diensten en producten worden aangeboden in een hoeveelheid aan domeinen, denk aan malware, hacking, hosting, spam en carding. Er zijn criminelen die zich toeleggen op het ontwikkelen van een virus, het verspreiden, het verkopen, het hosten, en ga zo maar door. Kijkend naar de handel in gegevens, zie je dat criminelen zich hebben toegelegd op het verkrijgen van de data, denk aan afpersing, skimmen, malware en phising. Maar je hebt ook criminelen die gegevens juist alleen verhandelen of de daadwerkelijke fraude plegen (zoals account takeovers). Al deze losse schakels in de keten, zijn onderdeel van de totale cybercrime-economie. 
Tips van Tibbs
Een kijkje in de donkere steegjes van het dark web leert ons dat kennis van het cybercrime-systeem cruciaal is om een gedegen beveiliging op te werpen. Voor organisaties die zich goed willen wapenen tegen de digitale onderwerp heeft Tibbs nog een aantal tips:
1. Om te voorkomen dat je slachtoffer wordt, moet je zicht houden op je digitale voetafdruk. Medewerkers laten bij alles wat zij online doen een kruimelspoor achter. Hiermee kunnen cybercriminelen zwakke punten van organisaties, systemen en personen identificeren en zo heel gericht hun aanval uitvoeren. Zorg ervoor dat de bedrijven waar je mee samenwerkt ook strikte regels rondom cybersecurity volgen. 
2. Zet een bedreigingsintelligentieprogramma op, onderhoud deze en handel op basis van kennis. Door continu het openbare, deep en dark web te monitoren kom je erachter waar kwetsbaarheden zich voordoen. Het is enorm waardevol om te weten of jouw bedrijfsnaam ineens genoemd wordt door een crimineel, dat gegevens van jouw klanten worden verhandeld op een marktplaats, of dat bepaalde bedrijfsdocumenten ineens opdoemen. Met deze inzichten blijf je de crimineel altijd een stap voor.
3. Implementeer en houd je aan goede securitymaatregelen, zoals defense-in-depth. Kort gezegd houdt dit in dat geen enkel losstaand beveiligingsmechanisme in staat is om een systeem adequaat te beschermen. Er zijn fysieke beveiligingsmechanismen (zoals deursloten), technische beveiligingsmechanismen (zoals encryptie) en beheermechanismen (zoals beveiligingsregels). Combineer al deze principes voor de beste bescherming. 
4. Gebruik encryptie, verschillende wachtwoorden die je regelmatig update en programma’s die bepaalde mails met kritische informatie automatisch wissen. Zorg daarnaast dat je protocollen hebt. Ga ervanuit dat een beveiligingslek zich gaat voordoen en richt je plannen hierop in. Zorg ervoor dat je strategie, mensen en processen hier klaar voor zijn.
5. Cybersecurity is niet Ć©Ć©n ding dat je doet, het is een cultuur. Zorg daarom voor een plan. Wat doe je als je te maken krijgt met een datalek? Hoe ga je het oplossen? En hoe communiceer je het intern, naar klanten en de buitenwereld? Het moet vanuit de boardroom de organisatie in stromen.

Tuesday, October 17, 2017

PKI changes and uncertainty due to new applications

PKI changes and uncertainty due to new applications



New research by the Ponemon Institute reveals the Internet of Things (IoT) is playing an increasingly important role in influencing public key infrastructure (PKI) planning and usage. PKIs, widely used for authentication, digital signing, and encryption, are considered a core service supporting many different use cases and applications.
The most important trends driving the deployment of applications using PKI
PKI changes
While a majority (54 percent) of respondents believe cloud-based services is the most important trend driving the deployment of applications using PKI, 40 percent also cited the IoT – a number that has doubled in the past three years.

Technological evolution, uncertainty, and opportunity

The findings, which reflect the responses of over 1,500 IT security practitioners worldwide, paint a picture of technological evolution and some uncertainty, but also opportunity:
  • In the next 2 years, almost half (43%) of IoT devices will use digital certificates for authentication
  • 43% of respondents believe PKI deployments supporting the IoT will be a combination of cloud-based and enterprise-based PKIs – a number that reflects the scale of the IoT and resulting scale of PKIs issuing certificates for it
  • Over one-third of respondents (36%) cite new applications like the IoT as the fastest growing area of PKI evolution (a number that has almost tripled since 2015)
  • On average, PKIs support more than 8 different applications within a business; SSL tops the list, followed by VPNs, public cloud apps, and device authentication
  • Almost two-thirds of organizations now report having a PKI and 36% of respondents use hardware security modules (HSMs) to protect their PKI.

Building trust

Dr. Larry Ponemon, chairman and founder of The Ponemon Institute, said: “Last year, we underscored that it is hugely important PKIs be future proofed – and we still stand by that recommendation. Not only are PKIs a core enterprise asset, but they are playing an increasingly important role supporting certificate issuance needs for cloud applications and the IoT. Smart organizations have determined that successful IoT deployment rests on trust being established from the beginning, and they’re leaning on their PKI as one component for building that trust.”
How will PKI be deployed for IoT device credentialing as the IoT continues to grow?
PKI changes
“While the sheer number and types of IoT devices pose security and interoperability challenges, authentication is a critical building block in transforming trust from an IoT barrier to an IoT enabler. One way a root of trust can be accomplished is through HSMs, which are high-assurance sources of credentials for both IoT and non-IoT applications. In the years to come, we expect to see even more HSM deployment and other indicators of higher PKI security maturity to help underpin the digital transformation of enterprises,” said John Grimm, senior director security strategy, Thales e-Security.

Wednesday, October 4, 2017

How cyber threats are changing the makeup of IT departments

How cyber threats are changing the makeup of IT departments

Historically, IT roles for disaster recovery (DR) and cybersecurity have covered their respective specialties and seldom have intermingled. But the evolving cyber threat landscape is bringing them increasingly together.

When I look back over the past decades and consider how the roles in IT have shifted to accommodate new and emerging technologies, I’m amazed at how far we’ve come. Do you remember the old punch cards, dumb terminals and greenbar paper? What about how the cloud impacted IT just ten years ago?
Fast forward to today and it’s no surprise that major changes are still occurring. But this time we are also seeing a faster-paced shift in the cyber threat landscape, as new forms of malware, ransomware, phishing, DDoS, SQL injections, cross-site scripting, etc. are becoming more damaging and commonplace.
Historically, IT roles for disaster recovery (DR) and cybersecurity have covered their respective specialties and seldom have intermingled. But the evolving cyber threat landscape is bringing them increasingly together. Nowadays, given that security professionals have long been known for their quick incident responsiveness and DR professionals are committed to avoiding data loss, companies are recognizing the value both realms have in common in preserving overall business continuity. More companies are formally considering security incidents disasters—and rightly so, given the similar impacts on data loss, downtime, reputation, etc.
Since cybersecurity and DR both have a hand in meeting availability demands, many companies are incorporating their DR into their wider cybersecurity strategies, weaving them into a single response plan for effectiveness. In a recent IDG Research survey commissioned by Bluelock, 64% of respondents claimed that DR and security plans should be aligned.
This means that company leadership is increasingly asking DR and security professionals to join forces for full IT resiliency – and this doesn’t just mean working cooperatively. IT security must have a two-pronged approach to risk mitigation: a balance of preventative and restorative measures.
Take the threat of ransomware for instance, where a single attack can halt an organization with its sophisticated encryption methods that locks data from users. There are a number of things businesses can do to prevent such an attack, such as employee education, firewalls, antivirus, dedicated network scanning, two-factor authentication, etc., but at the end of the day it only takes one wrong click to invite an intrusion. In a ransomware scenario, companies have two choices: 1) Pay the ransom to release the data, or 2) replace the infected data with new copies.

When IT departments and business leaders don’t act fast in breach, they risk losing critical data forever and ending up with a reputational fallout if news leaks to the public. For this reason, it’s imperative to make your organization’s restorative capabilities just as strong, if not stronger, than your preventative cybersecurity measures. Accommodating these initiatives is yet another motive for business leaders to have IT departments shift their day-to-day roles.
Bridging these two important focuses of prevention and restoration, threat detection is also a critical component, since it helps to identify when a breach has occurred. After all, there’s no point in having a cybersecurity plan if there’s no capability of measuring the effectiveness of your prevention or knowing when to execute your recovery process.
Especially susceptible to cybersecurity incidents, industries with sensitive data are at the center of IT department evolution—since wherever there is sensitive information, there are usually compliance responsibilities as well. For example, the legal industry is subject to a code of conduct that requires firms to allocate their resources appropriately to manage risks and protect their clients’ assets. If a breach compromises client data under compliance, law firms may need to pay regulatory fines too.
For this reason, IT departments must go beyond simply having a mitigation strategy for cyber threats. They must prove its effectiveness to constituents, like auditors, board members, clients and insurers. To solve for this aspect, comprehensive documentation is critical.
Companies have long been using Disaster Recovery-as-a-Service (DRaaS) to solve for downtime and data loss. With IT’s shifting roles surrounding the mitigation of cyber threats, it should come as no surprise that people are now looking at DRaaS as a solution for cybersecurity as well. Given the reputation DRaaS has gained in the marketplace as being a reliable form of fast response during an event, it’s increasingly popular to offload burdensome DR maintenance tasks in favor of a streamlined IT department, which means an amplified focus on revenue generating projects.
The best advice I can give IT departments during this transformative time is to stay nimble. Your role, whether it has historically leaned toward DR or cybersecurity, will likely continue to evolve and it’s critical to adapt with the times. Embrace change as an opportunity and you’ll gain recognition as a key individual not only within your IT team, but also in the eyes of your company.

"Mkb kan meer doen tegen digitale fraude"

"Mkb kan meer doen tegen digitale fraude"

De redactie - 3 okt 2017
Share this now:

De Kamer van Koophandel (KvK) vindt dat de preventie van digitale fraude bij midden- en kleinbedrijven (mkb) beter kan.
Volgens een onderzoek door de KvK heeft een derde van de mkb'ers weinig of helemaal geen kennis als het gaat om voorkoming van bijvoorbeeld identiteitsfraude, faillissementsfraude en malware.
Bijna twee op de vijf mkb'ers zouden in het afgelopen jaar te maken hebben gehad met vormen van digitale fraude. Een kwart van de ondernemers heeft ook financiƫle schade geleden, aldus de KvK. Gemiddeld lijden mkb'ers de meeste schade door datalekken. De meest voorkomende preventieve maatregelen die ondernemers treffen tegen digitale fraude zijn virusscanners op alle bedrijfscomputers, goede controle van facturen en regelmatige back-ups.
In de ICT en media worden de beste scores behaald als het gaat om kennis en preventie van digitale fraude en zijn er dan ook relatief weinig slachtoffers. Bij gezondheidszorg is de kennis het laagst en daar worden ondernemers dan ook veel vaker dan gemiddeld het slachtoffer van digitale fraude.

Share this now: