Cyber Security Connection: August 2018

Get inside the latest trends in cyber security news, updates and industry threats from August in our monthly recap.

Industry Updates

Employee Buy-In is a Critical Component in Cyber Security

After hosting our second series of Cyber Security events late this month, a recurring topic around employee support and participation was one that organizations identified as critical when looking to better enhance their security. Understanding that most security breaches stem from an internal source, getting teams onboard is key to creating a successful cyber strategy.

As security specialists will share, making employees aware of necessary changes, new protocols, their impacts and the potential risks of not complying; is one of the first steps in a security program rollout.

Forbes recently highlights this in their article titled, “Four Ways to Encourage Employee Buy-In For Security Projects” that provides businesses and their management teams four steps towards getting employees onboard with security:

1. 1.) Security updates are for everyone, including executives.

• Setting an example throughout all level of employees and management is key. Although many executives may feel excluded from the day to day operations they are looking to secure, in fact they pose some of the greatest risks for attacks as noted in our July edition.

1. 2.) Understand employee resistance.

• Without understanding the potential resistance of employees ahead of time, management will be unable to address concerns and questions that may stand in the way of compliance.

1. 3.) Showcase security as a positive action.

• Highlighting new security measures as a solution that benefits the entire organization can mean the difference between gaining or losing support. If employees understand how they are contributing to the company in a positive way, they are more likely to adapt to the changes necessary that otherwise may be seen as an extra roadblock in daily responsibilities.

1. 4.) Give background on why the project is important.

• Laying the groundwork to why new security is being introduced will help bring employees up to speed with the risks faced throughout the organization and the role they play in preventing them.

As teamwork is critical to any successful business, the same can be said for introducing new security projects. Much of the responsibility will eventually fall on the employees running day to day activities but must ultimately start with management maximizing education and training.

News Worthy

Today’s Elite Businesses are Using Open Source Software

The open source model is gaining more attention as businesses are beginning to rely on the technology method to differentiate and advance themselves against the competition. Previously a practice used by those innovative industries and the businesses that operate in them, the transition towards a more transparent technology environment has been gaining momentum throughout markets.

This type of software leverages open source libraries that are unrestricted and allow access to users around the world who can review, contribute and test code repositories. This model benefits from taking advantage of an uncapped knowledge base to rapidly improve and develop a company’s technology with more flexibility and less overall costs.

Due to this, it is no surprise that in today’s highly competitive markets both traditional and agile development-driven teams are more frequently incorporating pre-built, reusable open source libraries into their technology applications. Though like many technology strategies that seem to be the way of the future, organizations are jumping on without understanding or protecting themselves from the associated security risks.

The vulnerabilities from open source software can expose an organization and their customers to serious threats that may ultimately lead to the compromise of data and put the accessibility of applications at risk.

The security bug Heartbleed is one example of this fact, where it created serious vulnerabilities in the OpenSSL cryptographic library that enabled hackers’ access to sensitive information, including usernames and passwords. However, as the need for faster software delivery increases open source libraries will play an even more critical role in today’s tech companies and their users; so starting with the proper security measures is critical.

Learn how Infonaligy is helping transform businesses to be more digital with the security to match with our Linux consulting services.

Latest Threats

T-Mobile Endures Hack to Entire Subscriber Base

After nearly 2 million customers were impacted by the T-Mobile data breach, both businesses and users of the cell phone provider are left curious and hesitant to continue use if exposed information is on the table.

Cyber Security Hub highlights the August breach on T-Mobile to be their latest feature where exploitation of user data was the focus.

According to T-Mobile, unauthorized access was identified by the company’s cyber security team where user information was being tapped into across the subscriber database and exposed. Due to the breach, both personal contact and location-based information was leaked including phone numbers, addresses and emails. Although the company claims financial information has not been exposed at this time, there was a leak of encrypted passwords which opens the door for a further breach. T-Mobile advises its customers to update their account usernames and passwords to avoid any potential risks.

The hack comes as one of many in the cell phone provider’s history including two late last year that targeted the company’s website.

In October of 2017 a critical breach was uncovered where an attacker could have run a script to scrape the data from all 50+ million T-Mobile customers to create and exploit a database with valuable user information. Additionally, in December of last year another breach enabled hackers the ability to login to the company’s website as any user to access and again exploit valuable information.

This string of attacks highlights the vulnerabilities facing even today’s top organizations, their operations and customer base. As T-Mobile reports they are taking

continued steps to add better security measures to their business, the endless production of security hacks will inevitably create an ongoing battle against cyber-attacks.

Amazon Doubles Down on Cloud Security

With the transformation of today’s enterprise technology environment now on the cloud, industry providers like Amazon’s web services, AWS, are remaining focused on introducing new security enhancements critical to keeping businesses safe from cyber-attack.

Using both cryptographic and a next generation of AI-based tools, the organization plans to double down its cloud-based security.

Though a critical part of the future business landscape, that has already transitioned thousands of businesses onto the cloud, the unknown risks of the digital infrastructure has created an unnerving doubt.

The risk for businesses who are leaving onto the cloud without proper security measures and personnel has created widespread loss across industries. Without the proper guidance, many companies have been left exposed by attackers who are after corporate intel and user information that later damaged or destroyed the business.

Amazon’s plan works to prove that cloud architectures can work better than the systems businesses use today. Addressing the rise of sophisticated cybercrimes that continue to attack cloud users as well, businesses looking to transition to the cloud must also equip themselves internally to handle the move.

Upcoming Events

Key Findings from Our August Lunch & Learn Sessions

Our second round of Cyber Security Events have wrapped where we hosted organizations and their financial executives from around the local DFW and Plano area. The key topics focused around the current state in cyber security and how businesses can get ahead of attacks targeting industries and companies of all sizes.

Some attendee feedback included:

• Employee education and protocol on internal cyber security measures is critical in today’s digital environment.
• Cyber security has become one of the leading organizational risks facing Dallas’ business owners and executives.
• Risk management has to consider the long-term losses a security breach can have company-wide.
• Internal IT support is most often not specialized to implement and manage security requirements across the business environment.

Interested in joining the discussion in our next event? Register now for our September Houston events.