If you don’t where it is, you can’t protect it.
Do you know where ALL your organisation’s data is – not physically, but on which web and cloud services?
Here’s the problem. If you don’t where it is, then you can’t protect it. The secondary problem is finding out, because not everyone in your organisation will be onboard. It is common for people to sign up to web services because they offer something useful that helps them do their job.
They sign up using their email address and creating a password. There is the first headache – how does anyone track what has been signed up to across your organisation, let alone who has access to it? If that person leaves, no one will change the account credentials if they don’t know about it, but your ex-colleague still has access.
Secondly, what data do they upload? Is that data that you have a legal or moral responsibility for?
There’s nothing noble about Nobelium.
This isn’t theory – it’s real. USAID is a pretty important US organisation – promoting democracy and human rights around the world. Turns out, someone there was using a well-known email database tool called Constant Contact. But their account wasn’t well protected. Worse still, their account had a huge mailing set up, and of course, it had all the official USAID templates.
So, these Nobelium people, allegedly a Russian state-sponsored hacker group, compromised the Constant Contact account and sent a bulletin out. The bulletin contained malware that allowed the hackers to take command and control over victims computers. Ironically the fake email alleged interference in the US federal elections.
So, what can you do?
The first step is knowing what SaaS tools your people are using. We call this SHADOW IT and it is inevitable. Rather than stopping it, the job IT has is to identify it and manage it. The second step is to secure those platforms. That’s why our KARE for Security S2 plan contains a useful tool to help you identify what services your people are using.
Refer : What We Know About The Apparent Russian Hack Exploiting USAID : NPR
What level of cyber-security is right for my organisation?
The world is changing. Your company's cyber security is increasingly under threat and the costs of mitigation are often unwelcome. The first question organisations need to ask is whether they are exposed, and to what level. All the available data from sources like...
How many of these 10 layers of cyber protection do you use?
"A cybercriminal only has to be lucky once, while a defender has to be lucky every minute of every day.” - Combating Ransomware - A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force. The message we hear from governance boards over...
The scammers are closing in on us.
Hacks don’t just happen to other people. The hackers are targeting all of us, every day. Every day, we have to defend them successfully. They only have to be successful onceWe all read about stories in the newspaper and there might be a sense of smugness that we...
What do YOU need to know about Juice Jacking?
You might get more than you bargained for. That sense of relief when you see a public USB charging point might be misplaced. There are increasing numbers of public USB charging points around. From aircraft and buses to fast-food restaurants, cafes, shopping malls and...
Is your licensing legit? Don’t be scammed
Don't get fooled! One of the great advantages of subscription software is that the licensing is easier to verify. The days of people copying license codes are over. That makes this scam even more interesting, simply because the product they refer to is subscription...
Webinar Replay : Updating what is ‘reasonable’ to protect your organisation from cyber-crime.
Cyber-security gets harder, so we make it easier. Much as the heading may sound 'double-dutch', it isn't. Simply, the levels of protection that are 'reasonable' to protect your organisation have changed. We need to do more, and at Kinetics we know that...
Even chatGPT gets cyber-security!
When I asked chatGPT for a poem about cyber-security, here's what it said: (wish I could be as original!) In the land of Aotearoa, where the kauri trees grow tall, Cybersecurity is vital, we must protect our digital all. Patching our systems is the first line of...
Is Cyber-insurance worth it?
Every day we see stories in the newspaper about cyber-attacks. Years agio they seemed a bit remote, but lately they've been getting closer to home. Many businesses are responding by taking on cyber-insurance. But is it worth it? When you sign up, you are asked...
Is Ignorance Bliss?
Are there things you would rather not know? If those things were about you, and could impact you, would that change your answer?Sometimes a regular check-up can reveal information that you would rather not know – whether it’s getting your car serviced, and finding out...
Should we worry about DeepFake?
What can you believe? For years we've told you that you can't believe every email you read. But now we can't believe every photo or video you see. Deepfake is the term for when a picture, video or audio file is altered to put a different person into the content,...