Ransomware, a serious form of extortion is a malware attack in which the attacker encrypts the victim’s data, making it unavailable to the victim and demands ransom for revealing the decryption key. This cyber-attack has gained prominence as reputed organizations are being victimized.
The following are certain proactive measures that can help you secure your data from cyber criminals.
1. Regular Data Backup
Regularly updated backup is one act that can help an organization to refrain from giving up to ransomware attacks. It has been observed that ransomware has the capability to encrypt drives that are mapped. Hence, backup has to be planned regularly to an external drive which is not assigned a drive letter. Refrain from being connected to backup service post backup activity. Connect only when it’s required.
DROWN stands for "Decrypting RSA with Obsolete and Weakened Encryption." You should not panic from DROWN attack but treating of the vulnerability is necessary for affected applications. It is a serious vulnerability and affects HTTPS that relies on SSL and TLS. Everyone on the Internet uses these protocols to browse the web, email etc and send instant messages by preventing third-parties being able to read the communication. This attack allows attacker to read or even steal sensitive communications, which may include passwords, credit card information, trade secrets etc by breaking encryption.
The attack is not insignificant and can be launched against high-value targets. Before you strive for its remediation, you should first ensure that your systems are not vulnerable. Fortunately, it's remediation is very simple and straightforward: just disable SSL v2 on all servers you have.
Data Collection is most important and critical part of all the e-Discovery phases because collection involves direct interaction with live or archival data. Usually, all relevant data searched in various sources like live servers, Backups, workstation hard disk, file servers, mobile, windows file system and other sources.
Data collection is a multifaceted job in all e-discovery processes. Solid technical resources and expertise are required to collect the exact and correct data.
Who are the part of Collection Team?
e-Discovery specialist, paralegals, legal assistance, data processor, IT consultant, IT experts, or Vendor are part of data collection team and before starting the collection part, lots of planning is required.
Authentication is the process of validating the identity of someone or something. In most of the web applications authentication is done using user names and passwords. However this method of authentications does not provide adequate security to the application because of guessable passwords and common user names like combination of first and last name of the user.
1. Something you know- PIN numbers, Passwords etc
2. Something you have- Tokens, Soft cards, Digital certificates etc
3. Something you are- Fingerprint, Facial/Voice pattern etc
With mobile technology advancement and affordability to possess smartphones and tablets by people, high-speed internet at better cost drives work from anywhere and anytime opportunity. This thrives an Enterprise to introduce Bring Your Own Device (BYOD) culture across the globe. This article narrates the risk elements while using BYOD and describes a set of governance and policies to be implemented and list of controls to be deployed before implementing the BYOD.
The capability of an enterprise has increased to handle its business risks and technology risks over a period of time by vast experience, lessons learned during their daily operations and also adopted to new technologies. With the introduction of BYOD (Bring Your Own Device) has increased an enterprise’s boundaries and bringing work to personal device creates storms and anxious around.
When an enterprise outsource its software development, maintenance and production support activities, it is very important to protect enterprise’s customer data to avoid any legal action and penalty for primary enterprise. For any customer data disclosure or modification or non-availability of data when it is required may put the enterprise responsible at the end. This article discuss about some critical challenges faced by enterprises and some important security controls that can help deter users to conduct any malicious activity and reduce the risks related to customer data.
Enumerating a database, making the resource unavailable are not pretty much difficult for a skilled hacker by abusing the loopholes present in the application.
This results in reputation damage and degrading the brand value of the Organizations.
To avoid such disastrous scenario organizations should adopt defense-in-depth strategy for the web applications by eradicating all the vulnerabilities present in any application irrespective of their severity.
Now the point is how to achieve this?
According to industry standards one way to achieve this is by detecting the vulnerabilities using commercial scanners in parallel to manual efforts of skilled security analysts.
According to 2015 Gartner Magic Quadrant for Application Security Testing (AST) Static AST (SAST), Dynamic AST (DAST), and Interactive AST (IAST) are various types of security testing methods provided by top vendors.