Tag Archive for: Assets

The Critical Role of Cybersecurity in Protecting Remote Workers and Business Assets

/in



The Critical Role of Cybersecurity in Protecting Remote Workers and Business Assets


December 17, 2021

Featured article by Jeff Broth

tattoo 300x199 The Critical Role of Cybersecurity in Protecting Remote Workers and Business Assets

During the early days of the pandemic, the business community scrambled to find ways to prevent closing their offices. Finally, after some time, they settled for a work-from-home scheme to allow most of their employees to continue working and keep their businesses alive.

As organizations quickly adapt to the remote working situation, cyber actors likewise adapt their strategies rapidly.

The pandemic forced most IT administrators of various organizations to expose apps for internal use to the public internet. They had to do this so that remote workers could access these apps. While it is necessary, the situation opened new courses of vulnerability to an increase of cyberattacks.

The current state of cyberattacks

While the pandemic continues, cybercriminals are escalating their attack activities on web apps. However, according to some tech experts, some attacks are not institutional hacking but caused by people with too much time on their hands and knowledge to install and use basic tools for hacking.

Considering the increased attack surface brought about by remote working, it is incumbent upon businesses and IT managers to utilize tools and implement strategies that will mitigate the risks of cyberattacks.

This can include providing adequate training, so that users will be educated enough not to fall victim to social engineering attacks such as phishing, spoofing, and the like. It can also include deploying a WAF or web application firewall, which can provide additional access controls and protection for a company’s digital assets like business applications and company data. One other strategy is to tighten the controls in terms of which devices can access business data, instead of allowing employees to utilize their personal devices.

Perils of remote access by work from home employees

Working remotely became the new normal as it is the most convenient method to keep on working and continuing business operations. Most employees are now used to the setup. What became a big concern…

Source…

Chinese-controlled company fights Ottawa’s order to divest assets on security grounds

/in


OTTAWA —
The Liberal government has directed a state-owned Chinese telecommunications firm to divest its stake in a Canadian subsidiary over national security concerns, prompting a court challenge of the order.

China Mobile International Canada is asking the Federal Court to set aside the recent decision, saying the government has no grounds to believe the company would compromise security or engage in espionage on behalf of Beijing.

CMI Canada says the Trudeau government was motivated, at least in part, by “the current political socioeconomic climate and the general biases against Chinese state-owned companies.”

The case unfolds amid high tensions between Ottawa and Beijing over China’s prolonged detention of Canadian citizens Michael Kovrig and Michael Spavor for alleged spying.

China’s actions against Spavor and Kovrig are widely seen in the West as retaliation for the late 2018 arrest by Canadian authorities of Meng Wanzhou, an executive with Chinese firm Huawei Technologies, so she can be extradited to the U.S. to face fraud charges.

CMI Canada’s application filed this week in Federal Court reveals details of an investment screening case that has quietly unfolded outside the public eye over the last year.

The company, established in 2015, provides mobile communication services, including prepaid call plans, but does not itself own or operate any telecommunications network facilities. Instead, it has partnered with Telus Communications Inc. for provision of wireless services through the Telus network.

CMI Canada says it inadvertently neglected to inform the federal government of its presence as a new Canadian business until October of last year. A series of requests for information from federal officials soon followed.

The Investment Canada Act and the National Security Review of Investments Regulations allow the federal government to scrutinize an investment in Canada by a foreign enterprise.

In January, the government informed CMI Canada of a review on security grounds, saying the investment could result in the Canadian business being leveraged by the Chinese state “for non-commercial purposes, such as the compromise of critical…

Source…

IT security starts with knowing your assets: Asia-Pacific

/in


A perfect example of remote-work security challenges occurred when an NTUC employee accidentally downloaded malware onto a laptop he was using to access corporate files by plugging in a personal USB drive. “We received a security alert right away, but the remediation was tough,” recalls Loe. “We actually had to send a cybersecurity staffer to the employee’s house on a motorbike to retrieve the computer for investigation. In the past, we could protect the network by simply cutting off the employee’s laptop access. But when an employee is working from home, we can’t take the chance of losing any data over the internet.”

Welcome to the new cybersecurity threat landscape, where 61% of organizations are increasing cybersecurity investment in the work-from-home pandemic era, according to a 2021 Gartner CIO Agenda survey. Remote workers rely on cloud computing services to do their jobs, whether it’s corresponding with co-workers, collaborating on projects, or joining video-conferencing calls with clients. And when information technology (IT) teams, now at a physical remove, are not responsive to their needs, remote workers can easily shop for their own online solutions to problems. But all that bypasses normal cybersecurity practices—and opens up a world of worry for IT.

Yet for many regions of the world, remote work is just one of many factors increasing an organization’s exposure to cybersecurity breaches. The Asia-Pacific region is no exception, where 51% of organizations surveyed by MIT Technology Review Insights and Palo Alto Networks report having experienced a cybersecurity attack originating from an unknown, unmanaged, or poorly managed digital asset.

Conducting a full inventory of internet-connected assets and rebooting cybersecurity policies for today’s modern remote work environment can mitigate risks. But organizations must also understand the cybersecurity trends and challenges that define their markets, many of which are unique to organizations operating in the Asia-Pacific.

To better understand the challenges facing today’s security teams in this region, and the strategies they must embrace, MIT Technology Review Insights and Palo Alto…

Source…

What Can Contractors Do to Protect Company Data, Assets From Hackers? : CEG

/in


Though people want to be able to access data from anywhere, in reality the fewer places data lives the safer it is.

Though people want to be able to access data from anywhere, in reality the fewer places data lives the safer it is.

Challenge-junkie cybercriminals have moved on from hacking personal information. Now corporate intelligence, infrastructure and even heavy equipment are targets. Though currently cybersecurity threats are incidental in the construction industry, the potential for widespread damage exists. What can contractors do to protect their company data and heavy machinery assets?

“We’ve crossed the rubicon,” said Erol Ahmed; director of communications of Built Robotics, San Francisco. Cybercrime is “now moving on to critical infrastructure, pipelines and potentially heavy equipment.”

Ahmed believes these large-scale operations make more attractive targets because the software used to run them is easy and accessible to criminals.

“So, it’s important to provide the right protection for users as much as possible.”

The bottom line, said Ahmed is yes, “we’re seeing an increase in ransomware and hacking, but we have the capabilities to fight back and keep our equipment running smoothly and safely.”

How It Happens

In early May, Colonial Pipeline suffered a ransomware cyberattack that impacted computerized pipeline management equipment.

The pipeline originates in Houston, Texas, and carries gasoline and jet fuel mainly to the southeastern United States.

Colonial Pipeline Company halted all of the pipeline’s operations and paid the requested ransom of nearly $5 million within several hours after the attack.

The hackers then sent Colonial Pipeline a software application to restore their network.

It was determined to be the largest cyberattack in U.S. history on oil infrastructure.

In 2019, two white-hat hackers selling security software from Japan-based Trend Micro proved how easy it would be to hack a construction crane.

With permission from machinery owners, while sitting in their car, the two hacked cranes and other construction machinery at 14 different sites in Italy.

The cranes’ vulnerability lies in their communication systems, which connect machine to controller.

According to…

Source…