One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1690016 |
| Date de publication | 2020-05-04 12:00:00 (vue: 2020-05-04 13:01:32) |
| Titre | 5 defensive COVID-19 actions IT managers can take now |
| Texte | As if there wasn’t enough to worry about these days, cyber attacks have taken a sharp uptick since the COVID-19 pandemic began this year. From January to March, AT&T Alien Labs Open Threat Exchange (OTX) saw 419,643 indicators of compromise (IOC) related to COVID-19, including a 2,000% month-over-month increase from February to March. Cybercriminals are taking advantage of the shift to remote working, increasing their volume of attacks by nearly 40% in the last month. Home routers have been hijacked. COVID-19-themed phishing attacks have jumped 500%. And most of 4,000 new COVID-19 domains are suspected of criminal intent. Companies large and small are in a bad spot on this one. Asking staff to come to the office could worsen the health crisis. Having them work at home creates a vastly increased attack surface that cybercriminals can easily exploit. And in the meantime, trying to highly secure every employee’s home is about every IT Manager’s worst nightmare. I have the advantage of working for a large company, where there is not much difference between working at the office or at home. But for most, the new remote work environment ushers in an entirely new security landscape overnight. Long term, this means acceleration of cloud security and zero trust models. But for the short term, here are a few suggestions that I’d like to offer. These may be basic concepts, but in security, the basics matter most, and they are often easy to implement. 1. Teach staff how to “socially distance” their home networks. When you think about who is using a home WiFi network in an average American family, it is unlikely that many of them are particularly cyber-savvy. If one or more adult members of a typical family are connecting to the office by remote these days, that leaves gaps for children, visitors and non-working adults who may also be accessing the internet via that home network. The first and easiest “fix” that staff should do is to partition their home internet access. They should try to avoid children, their schoolmates, and even adult friends playing video games, checking email, and downloading movies on the same network connection that is used to log into the office. This opens the door to a tidal wave of unknown vulnerabilities. Staff should also avoid logging in on the same connection utilized by home IoT devices such as smart thermostats, wireless doorbell cameras, and virtual personal assistants. If you need any convincing of the vulnerability of those sorts of endpoints, read this article. Isolating a home network connection no longer requires particularly deep IT skills. There are many home and small office routers at around the $100 price point which offer VLAN support of one type or another. Most WiFi kits offer the ability to set up a “guest” network. IT departments can provide easy, step-by-step instructions to employees working remotely on how to set this up on common routers and impress upon all managers the import |
| Envoyé | Oui |
| Condensat | $100 419 “cure “keep “socially “tricks at&t’s highly keepyour read that 000 500 643 a ability able about above acceleration access accessing across actions activity addresses adoption adult adults advantage alien all allow alongside already also altogether american another any app applications apps are area aren’t around asking assistants at&t attack attackers attacks authentication available average avoid bad barriers basic basics basis been began behavioral benefits better between beyond block board—that break broadband but cameras can capabilities capability care cars cause ceo certain change checking children children’s clicked cloud collateral come comes common companies company company’s complex compromise compromises concepts confident configured connecting connection connections consider construction controls convincing costs could country covid create creates creative crews criminal crisis critical customer cyber cybercriminals damage days dedicated dedication deep defensive delete department departments designed develop device devices die difference difficult discovered distance” does doing domains don’t done door doorbell down download downloading drastically driving easiest easily easy either elementary eliminate else email emergency employ employee’s employees employees’ encrypting end endpoint endpoints enjoy enough entirely environment environments equally equivalents eroding even every everyone exchange exists experts exploit factor family february fight find firm’s first flexibility foolproof forcing forget free freeway friends from function games gaps gateway gateways get globe going gone good hackers harder has have having health help helping here high highly hijacked home hope how hygiene i’d ideal immediately implement implore importance important impress improve including increase increased increasing indicators individual infallible infiltrating infrastructure innovative insist install installed instructions intensive intent internal internet ioc iot isolating issues it’s january jumped just keeping keyboard kind kits knock know knows labs landscape laptops large last lately leading leaves let lightweight like links list log logging long longer loved maintain make making malicious malware manage managed management manager’s managers manufacturer manufacturers many march market matter may means meantime members mobile models monitor monitoring month more more most move moved movies much multiple must names nation nearly need network networks never new news nice nightmare noise non not note nothing notoriously now number numbers numerous off offensive offer offering office offline often once one ones only open opens operating operator order organization originates others otx out out” outperform over overnight own pandemic particularly partition party password passwords patch pc’s pcs people perimeter personal phishing phone place platforms playing point policy popular sources possible posture power premise pretty prevent price pricing productivity professional protecting protection; protective protocol provide providers put putting quite rapidly receptionist recognize records reduced regardless regular related relationship remain reminds remote remotely removed repairs requires resemble responsibile right routers saas safe same savvy saw schemes schoolmates second secure security seeing seem service services set setting sharp shift short should show simpler since sites skills small smart smartphones software solution solutions some someone sort sorts sound spot staff start state steadily step store stores strategy strong such suddenly suggestions support sure surface surprised suspected tablet tablets take taken taking target teach teaming teams term thank them themed then thermostats these things think third this article those thought threat through tidal time times too trade” traditional treatment tried trucks tru |
| Tags | Malware Vulnerability Threat Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.