What is the risk of retaliation for taking a corporate stance on Russia?

Read Time:43 Second

Will your company’s decision and position on the Russian invasion of Ukraine or their continued presence in the Russian market (or exit from this market) carry with it the prospect of retaliation? The answer, unfortunately, is yes. Decisions, even to decide to do nothing and straddle the fence, carry  consequences. Even if the consequences are wrong-headed, unjust and unwarranted, individuals, governments and organizations will make their own interpretations.

I’ve spoken to the disruption in supply chains, to threading the needle on exiting or not exiting the Russian market due to Russia’s invasion of Ukraine. In addition, the U.S. government’s effort at outreach to ensure companies have the opportunity to digest and implement advisories being issued by CISA has reached a new level of both urgency and frequency.

To read this article in full, please click here

Read More

Three Years of Pay Parity: Lessons in Maintaining Equality

Read Time:3 Minute, 26 Second

This month, McAfee celebrates three years of maintaining pay parity. Compensating employees equally for their contributions, regardless of gender or ethnicity, is one of the many ways we create a culture where all can belong and an environment where everyone is valued.

But equal pay sounds like a given, right?

It absolutely should be. However, unconscious bias and a slew of contributing factors, such as differences in how men and women negotiate pay raises and starting salaries, means inequality can slowly creep in across a business and become pervasive unless actively monitored. This means maintaining pay parity requires constant work and attention.

As the first cybersecurity company to achieve pay parity, we know first-hand the commitment involved in such an undertaking. We also know the overall impact for our employees, including greater trust, engagement, and loyalty. More than this, we believe simply, that pay parity is the right thing to do.

Today, I’m sharing more about our journey, our process, and our work to maintain pay parity.

How we began

Our pay parity journey began in 2018. Few companies had achieved pay parity at the time, but we realized it was an essential part of ‘walking the walk.’ It’s well documented that diverse teams perform higher, and when employees feel seen and valued for their contributions, they are more productive and increasingly innovative.

We developed a framework and conducted our first annual audit in 2018. When results revealed pay disparities across nine of our 45 countries, we were unwavering in our commitment to resolve swiftly and to put measures in place to maintain any pay parity drift over time.

Within six months, we spent $4 million adjusting salaries to achieve pay parity – this is something most companies undertaking this exercise take years to achieve.

Our process

In its simplest form, we adhere to the following framework for achieving and maintaining pay parity:

We define. Pay parity means fair and equal pay for employees in the same job code, grade level and location, regardless of gender or ethnicity.
We analyze. We first audit employee job codes for accuracy and then group employees by job code. We apply controls for pay differentiators such as performance, tenure, and experience.
We adjust. After meticulous evaluation with the business, we make any pay adjustments.
We uphold. In addition to annual analysis, we keep parity at the forefront throughout the year—from our hiring practices to how we promote and reward our employees.

Staying the course

Maintaining pay parity is a year-long exercise and is now part of our culture. At McAfee, we regularly run audits and use a third-party vendor to help remove any bias and subjectivity. If discrepancies are identified, we address them quickly.

We also work hard to keep pay parity front of mind for people leaders and hiring managers. Through regular training on diversity topics, we remind people leaders of the science behind unconscious bias and how to overcome it. To further remove any bias, we overlay promotions, awards, and relevant employee programs with a Diversity Impact Analysis to ensure allocation of awards is statistically aligned to the diverse population of that team or organization.

It’s the combination of these efforts that resulted in an exciting milestone: our latest independent audit revealed no disparity. This tells us our commitment to equality permeates our culture. The absence of any discrepancies did not happen by accident – it’s the result of intentional focus from our leaders, recruitment team, and hiring managers.

What the future holds

Since we began our journey three years ago, the world has experienced tremendous change and challenging times – some may feel more divided than united. This makes our commitment to pay parity and building an inclusive culture even more important.

We will continue to maintain parity, ask what we can do better, and share the best practices we continue to follow, as well as learnings along the way.

Ready to join a company that stands for equality? Search our openings at Careers.McAfee.com.

 

 

The post Three Years of Pay Parity: Lessons in Maintaining Equality appeared first on McAfee Blog.

Read More

APT10 (Cicada) Campaign Expands on Further Global Interests

Read Time:2 Minute, 6 Second

FortiGuard Labs is aware of a new campaign from the APT10/Cicada threat actors. Reported by researchers at Symantec, this latest campaign highlights the various tools and custom malware used by Cicada to perform espionage activity, which we covered in our blog post from 2019, which used different TTPs. APT 10 is also referred to as:CicadaCVNXHOGFISH menuPassPOTASSIUM Stone Panda Red Apollo This group focuses specifically on the following verticals:GovernmentLegalPharmaceuticalReligiousTelecomNon-Governmental Organizations (NGOs)and targets multiple countries around the world, including in Europe, Asia, and North America. First seen attacking Japanese interests, Cicada has been observed targeting various managed service providers globally as well. Campaigns have been attributed to the government of China.As part of our membership with the Cyber Threat Alliance, all indicators of compromise (IOCs) were provided to us in advance before publication to ensure Fortinet protections were in place during the time of announcement.What are the Technical Details of Cicada?Cicada has been observed to use a custom loader and malware to perform their attacks. Various activities observed included attacks on Microsoft Exchange Servers. The report suggested that potential zero day exploits were likely used to gain access. Once inside, the attackers would deploy a loader and a custom backdoor known as Sodamaster.Sodamaster is fileless and evades sandbox detection, and enumerates various operating system parameters such as username, hostname, and OS of the targeted systems. It can also download and execute additional payloads. According to the report, the TTPs (Tactics, Techniques and Procedures) used by Cicada were in operation since 2020.Various tools used by Cicada are Mimikatz, rar archiving (file compression), system/network discovery (to determine what systems and services are running) , WMIExec (cmd line to execute commands remotely), and NBTscan (open source for network reconnaissance) tools. Other observations were the usage of VLCplayer that was exploited to act as a custom loader, and WinVnc for remote control of compromised machines.How Widespread is this?This is limited to targeted attacks.Who is Behind this Attack?This has been attributed to APT10 and is state sponsored. For further details on APT10, please refer to “Two Chinese Hackers Associated With the Ministry of State Security Charged with Global Computer Intrusion Campaigns Targeting Intellectual Property and Confidential Business Information” in the APPENDIX.What Operating Systems are Affected?Windows Operating Systems.What is the Status of Coverage?FortiGuard Labs has coverage in place for publicly available samples as:Riskware/MimikatzW64/HUILOADER.ZYJB!trW64/Ecipekac.M!trAll network IOCs are blocked by the WebFiltering client.

Read More