Story image

Palo Alto Networks offers business tips for Cyber Smart Week

01 Dec 2017

As Cyber Smart Week wraps up, Palo Alto Networks is highlighting some of key factors that introduce risk into an organisation.

The company says that to gain maximum benefit from IoT, augmented and virtual reality,  users need to understand the risks and protect themselves.

According to Palo Alto Networks regional vice president A/NZ Ian Raper, the first step is to enlist people in the fight against cybercrime.

“Many breaches occur because of human factors, including mistakes and malicious action. People don’t usually want to harm the business they work for but it is human nature to make mistakes, or to misunderstand the level of risk. Businesses need to educate employees and ensure they’re taking simple steps to stay cyber safe.”

According to Palo Alto, the four risk factors in an organisation are a remote workforce; malware; phishing and credential theft; and human error.

1. Remote workforce With more employees working remotely, there is an increased risk of attack because, in many cases, an employee’s home network is nowhere near as secure as the corporate network. This vulnerability can be particularly lucrative if the employee accesses sensitive or commercially-valuable information remotely.  So businesses must:

  • protect remote devices by implementing security software and installing the latest versions of applications and security patches immediately. Mobile devices should be remotely wipeable in case they fall into the wrong hands
  • require employees to use strong passwords and two-factor authentication
  • prohibit employees from storing information on their personal desktop
  • use a virtual private network (VPN) to protect traffic and prevent tampering with data.

2. Malware

In 2015/16 global information security providers reported they were identifying new malware variants of a rate of more than 200,000 new samples every day. The form of malware most commonly reported is ransomware.

To stay ahead of cybercriminals, it is important to analyse malware more effectively. This includes implementing multiple analysis methodologies, in the right order, to give security teams a higher probability of preventing malware from penetrating the network.

When implemented in series, malware analysis lets security teams handle most threats automatically, freeing up team resources to actively hunt more advanced threats. 3. Phishing and credential theft

Stealing people’s passwords and credentials is easy and fast, making it one of the most prevalent tools for attacks against businesses and individuals. By disguising malicious intent in seemingly-legitimate emails, cybercriminals can obtain the credentials they need to infiltrate a network. After that, they can move around inside the network at will to either sabotage it or steal information.

There are three key components to blocking phishing attacks:

  • educating employees so they understand what a phishing attack looks like and what to do if they suspect they are being targeted
  • creating processes that reduce the chances of employee errors resulting in credential-based attacks. This can include measures such as flagging phishing attempts, resetting passwords, automatically blocking suspect sites and emails, and understanding how sensitive resources can be protected
  • implementing technology such as threat intelligence tools to identify phishing sites and prevent employees from visiting them.

4. Human error

People will always be the weakest link in the cybersecurity chain but it is possible to reduce the risk of error. This includes:

  • incorporating security awareness into the organisational culture through relevant, frequent training (perhaps using gamification to increase engagement)
  • moving beyond a compliance-driven approach and showing employees how to protect their personal data, which can then extend to protecting the organisation
  • limiting the number of employees with administrative access, which shrinks the risk footprint.

“Businesses need to focus on ways to prevent a successful cyberattack. By strengthening their employees’ awareness of and commitment to cybersecurity, businesses can dramatically reduce the chances of a breach occurring at all,” Raper concludes.

Secureworks Magic Quadrant Leader for Security Services
This is the 11th time Secureworks has been positioned as a Leader in the Gartner Magic Quadrant for Managed Security Services, Worldwide.
Google puts Huawei on the Android naughty list
Google has apparently suspended Huawei’s licence to use the full Android platform, according to media reports.
Using data science to improve threat prevention
With a large amount of good quality data and strong algorithms, companies can develop highly effective protective measures.
General staff don’t get tech jargon - expert says time to ditch it
There's a serious gap between IT pros and general staff, and this expert says it's on the people in IT to bridge it.
ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."
Forget endpoints—it’s time to secure people instead
Security used to be much simpler: employees would log in to their PC at the beginning of the working day and log off at the end. That PC wasn’t going anywhere, as it was way too heavy to lug around.
DimData: Fear finally setting in amongst vulnerable orgs
New data ranking the ‘cybermaturity’ of organisations reveals the most commonly targeted sectors are also the most prepared to deal with the ever-evolving threat landscape.
IXUP goes "post-quantum" with security tech upgrade
The secure analytics company has also partnered with Deloitte as a reseller, and launched a SaaS offering on Microsoft Azure.