What is the risk of retaliation for taking a corporate stance on Russia?

Read Time:43 Second

Will your company’s decision and position on the Russian invasion of Ukraine or their continued presence in the Russian market (or exit from this market) carry with it the prospect of retaliation? The answer, unfortunately, is yes. Decisions, even to decide to do nothing and straddle the fence, carry  consequences. Even if the consequences are wrong-headed, unjust and unwarranted, individuals, governments and organizations will make their own interpretations.

I’ve spoken to the disruption in supply chains, to threading the needle on exiting or not exiting the Russian market due to Russia’s invasion of Ukraine. In addition, the U.S. government’s effort at outreach to ensure companies have the opportunity to digest and implement advisories being issued by CISA has reached a new level of both urgency and frequency.

To read this article in full, please click here

Read More

Three Years of Pay Parity: Lessons in Maintaining Equality

Read Time:3 Minute, 26 Second

This month, McAfee celebrates three years of maintaining pay parity. Compensating employees equally for their contributions, regardless of gender or ethnicity, is one of the many ways we create a culture where all can belong and an environment where everyone is valued.

But equal pay sounds like a given, right?

It absolutely should be. However, unconscious bias and a slew of contributing factors, such as differences in how men and women negotiate pay raises and starting salaries, means inequality can slowly creep in across a business and become pervasive unless actively monitored. This means maintaining pay parity requires constant work and attention.

As the first cybersecurity company to achieve pay parity, we know first-hand the commitment involved in such an undertaking. We also know the overall impact for our employees, including greater trust, engagement, and loyalty. More than this, we believe simply, that pay parity is the right thing to do.

Today, I’m sharing more about our journey, our process, and our work to maintain pay parity.

How we began

Our pay parity journey began in 2018. Few companies had achieved pay parity at the time, but we realized it was an essential part of ‘walking the walk.’ It’s well documented that diverse teams perform higher, and when employees feel seen and valued for their contributions, they are more productive and increasingly innovative.

We developed a framework and conducted our first annual audit in 2018. When results revealed pay disparities across nine of our 45 countries, we were unwavering in our commitment to resolve swiftly and to put measures in place to maintain any pay parity drift over time.

Within six months, we spent $4 million adjusting salaries to achieve pay parity – this is something most companies undertaking this exercise take years to achieve.

Our process

In its simplest form, we adhere to the following framework for achieving and maintaining pay parity:

We define. Pay parity means fair and equal pay for employees in the same job code, grade level and location, regardless of gender or ethnicity.
We analyze. We first audit employee job codes for accuracy and then group employees by job code. We apply controls for pay differentiators such as performance, tenure, and experience.
We adjust. After meticulous evaluation with the business, we make any pay adjustments.
We uphold. In addition to annual analysis, we keep parity at the forefront throughout the year—from our hiring practices to how we promote and reward our employees.

Staying the course

Maintaining pay parity is a year-long exercise and is now part of our culture. At McAfee, we regularly run audits and use a third-party vendor to help remove any bias and subjectivity. If discrepancies are identified, we address them quickly.

We also work hard to keep pay parity front of mind for people leaders and hiring managers. Through regular training on diversity topics, we remind people leaders of the science behind unconscious bias and how to overcome it. To further remove any bias, we overlay promotions, awards, and relevant employee programs with a Diversity Impact Analysis to ensure allocation of awards is statistically aligned to the diverse population of that team or organization.

It’s the combination of these efforts that resulted in an exciting milestone: our latest independent audit revealed no disparity. This tells us our commitment to equality permeates our culture. The absence of any discrepancies did not happen by accident – it’s the result of intentional focus from our leaders, recruitment team, and hiring managers.

What the future holds

Since we began our journey three years ago, the world has experienced tremendous change and challenging times – some may feel more divided than united. This makes our commitment to pay parity and building an inclusive culture even more important.

We will continue to maintain parity, ask what we can do better, and share the best practices we continue to follow, as well as learnings along the way.

Ready to join a company that stands for equality? Search our openings at Careers.McAfee.com.

 

 

The post Three Years of Pay Parity: Lessons in Maintaining Equality appeared first on McAfee Blog.

Read More

APT10 (Cicada) Campaign Expands on Further Global Interests

Read Time:2 Minute, 6 Second

FortiGuard Labs is aware of a new campaign from the APT10/Cicada threat actors. Reported by researchers at Symantec, this latest campaign highlights the various tools and custom malware used by Cicada to perform espionage activity, which we covered in our blog post from 2019, which used different TTPs. APT 10 is also referred to as:CicadaCVNXHOGFISH menuPassPOTASSIUM Stone Panda Red Apollo This group focuses specifically on the following verticals:GovernmentLegalPharmaceuticalReligiousTelecomNon-Governmental Organizations (NGOs)and targets multiple countries around the world, including in Europe, Asia, and North America. First seen attacking Japanese interests, Cicada has been observed targeting various managed service providers globally as well. Campaigns have been attributed to the government of China.As part of our membership with the Cyber Threat Alliance, all indicators of compromise (IOCs) were provided to us in advance before publication to ensure Fortinet protections were in place during the time of announcement.What are the Technical Details of Cicada?Cicada has been observed to use a custom loader and malware to perform their attacks. Various activities observed included attacks on Microsoft Exchange Servers. The report suggested that potential zero day exploits were likely used to gain access. Once inside, the attackers would deploy a loader and a custom backdoor known as Sodamaster.Sodamaster is fileless and evades sandbox detection, and enumerates various operating system parameters such as username, hostname, and OS of the targeted systems. It can also download and execute additional payloads. According to the report, the TTPs (Tactics, Techniques and Procedures) used by Cicada were in operation since 2020.Various tools used by Cicada are Mimikatz, rar archiving (file compression), system/network discovery (to determine what systems and services are running) , WMIExec (cmd line to execute commands remotely), and NBTscan (open source for network reconnaissance) tools. Other observations were the usage of VLCplayer that was exploited to act as a custom loader, and WinVnc for remote control of compromised machines.How Widespread is this?This is limited to targeted attacks.Who is Behind this Attack?This has been attributed to APT10 and is state sponsored. For further details on APT10, please refer to “Two Chinese Hackers Associated With the Ministry of State Security Charged with Global Computer Intrusion Campaigns Targeting Intellectual Property and Confidential Business Information” in the APPENDIX.What Operating Systems are Affected?Windows Operating Systems.What is the Status of Coverage?FortiGuard Labs has coverage in place for publicly available samples as:Riskware/MimikatzW64/HUILOADER.ZYJB!trW64/Ecipekac.M!trAll network IOCs are blocked by the WebFiltering client.

Read More

Cash App customer investment data hacked

Read Time:34 Second

In an SEC filing made on Monday, Cash App parent company Block, Inc., said that it was working to contact roughly 8.2 million past and present customers of its investment services, as names, brokerage portfolio values and account numbers were compromised in a data breach.

According to Block’s form 8-K, a employee who had regular access to the records during their employment downloaded customer records after leaving the company. The reports didn’t contain Cash App usernames or passwords, and the company said that Social Security numbers, birthdays, payment card info and most other types of personally identifiable information weren’t accessed.

To read this article in full, please click here

Read More

Smarter Homes & Gardens: Protecting the Smart Devices in Your Home

Read Time:8 Minute, 31 Second

Outfitting your smart home could get a whole lot easier this year. 

A new industry standard called Matter aims to remove a big barrier in smart home technology, one that makes different smart home devices compatible with any smart home platform—something that wasn’t possible until now. 

For years, different smart home devices have run on several different competing platforms, such as Amazon Alexa, Apple HomeKit, Google Assistant, or Samsung SmartThings. And put plainly, those different platforms didn’t work with each other. And that was unfortunate. After all, the vision for the smart home was to run everything from lights, appliances, doorbell cameras, and all kinds of connected things in your home from a central set of controls, regardless of device manufacturer or platform. 

But that hasn’t been the case, and this lack of compatibility created some headaches for homeowners. They’ve had to choose between one smart home platform over another and then only use smart devices built for that platform. For example, if you’re running a bunch of devices on Apple HomeKit and find a great deal on a new Samsung smart refrigerator with Alexa built-in, you’re pretty much out of luck if you want those devices to all work together as one in your smart home. The result is that consumers have had to check the fine print to see what’s compatible with what when shopping for smart devices. Again, a real headache. 

Matter aims to take care of that. It’s hailed as a unifying technology that will make all those devices work together. Right now, the first wave of Matter-enabled devices is on track for a mid-year launch, which means we may finally see that vision of a smart home come true—a place where all your connected stuff works together with just the sound of your voice or a tap on your phone. 

With that, let’s take a closer look at the new Matter protocol and what it offers, along with a look at security and privacy for smart home devices in general. 

How does Matter work with connected homes? 

A smart device featuring the Matter logo

Without getting too technical about it, Matter is designed to create a more energy-efficient, secure, and reliable network for your smart home devices. Additionally, it’s designed to run independently of your internet connection, so if your internet goes out, you can still control your smart devices locally—from the app or device of your choice. 

The tech industry looks like they’re very much on board. Matter is led by the Connectivity Standards Alliance, a body of more than 200 technology companies working together to create this new standard. And if you’re wondering Amazon, Apple, Google, and Samsung are among the many members of this alliance. If the launch goes as planned, you can expect to see Matter-enabled devices and the Matter logo on several new products by the middle of the year. 

Additionally, several companies have announced that they will provide an upgrade path for existing products so that their existing customers don’t have to scrap their current smart home devices to take advantage of Matter. 

Security and privacy in your smart home 

In all, the idea is exciting. What remains to be seen is how security and privacy matters are handled, not only by the network but by the devices on it. 

As far as security goes, Matter uses a combination of encryption and blockchain technology to secure transmitted data and ensure that only the devices you trust can use the network. Considering that you may be heating your home, warming up your oven, or even locking your front door, security features like these only make sense.  

Yet looking beyond Matter and thinking about connected homes more broadly, there are a few question marks when it comes to privacy.  

Imagine for a moment what a highly connected home might look like—and all the data those connections will generate. That data will show what time of day your front door tends to unlock and lock when family members go to and from work, school, or what have you. It’ll also show when you tend to turn on your lights, cook your dinner, or turn on the house alarm for the night.  

Over time, all this data can piece together a picture of your comings and goings during a typical week. Shy of a bad actor physically casing out your home over several days, data like this simply hasn’t existed until the age of the connected home. If that data goes unprotected or if the devices creating it don’t give you some control over it, the privacy risks will run high.  

Moreover, data privacy policies come into play here as well. As consumers like us are very much aware these days, not every company treats your data the same way. Some companies have different policies around what data they may collect and then what they do with that data—like cloud sites for other smart devices, government agencies, insurance companies, law enforcement, data aggregators, data banks, social media sites, and others according to findings published by some industry groups. In a smart home that’s kitted out with devices from five, seven, or even more different manufacturers, that are multiple privacy policies in play—each of which may view and treat your private data in their own way. That’s potentially volumes of your data circulating out there, potentially in ways you aren’t aware of or that give you any control over its use. 

Of course, the issue of data privacy is nothing new and certainly not specific to smart devices. Already, the dozens of different apps and services we use as we go about our day have their own data privacy policies as well. Devices in a smart home only add to that mix, which is worth considering in our already highly connected lives. 

Protecting your smart home 

As I write this, Matter has yet to be released. Yet if you already have some smart devices in your home, you may be wondering how to make your connected home safer. Let’s take a look at a few of the things you can do to protect your smart devices and the home network they’re running on. 

Grab online protection for your smartphone 

Many smart home devices use a smartphone as a sort of remote control, not to mention as a place for gathering, storing, and sharing data. So whether you’re an Android owner or iOS owner, protect your smartphone so you can protect the things it accesses and controls—and the data stored on it too.  

Set strong, unique passwords for your smart home devices 

Early on when the first sets of smart home devices rolled out, some found themselves open to attack because they come with a default username and password, which hackers often publish on the internet as part of massive listings. (Baby monitors are a classic example.) And it remains an issue today. When you purchase any IoT device, set a fresh password using a strong method of password creation. Likewise, create an entirely new username for additional protection as well.  

Secure your internet router too 

Another device that needs good password protection is your internet router. Make sure you use a strong and unique password there as well to help prevent hackers from breaking into your home network. (A password manager as part of comprehensive online protection can help.) Also, consider changing the same of your home network so that it doesn’t personally identify you. (I’ve seen some fun alternatives to using your name or address, everything from movie lines like “May the Wi-Fi be with you” to old sitcom references like “Central Perk.”) Also check that your router is using an encryption method, like WPA2, which will keep your signal secure. If you haven’t done this sort of thing before, check the documentation that came with your router or with the internet provider if you rent or purchased it from them. 

Use multi-factor authentication 

Online banks, shops, and other services commonly offer multi-factor authentication to help protect your accounts—with the typical combination of your username, password, and a security code sent to another device you own (often a mobile phone). If your IoT device supports multi-factor authentication, consider using it there too. It throws a big barrier in the way hackers simply try and force their way in with a password/username combination, which will make your device tougher to crack.  

Update your devices regularly 

In addition to fixing the odd bug or adding the occasional new feature, app and device updates often address security gaps. Out-of-date apps and devices may have flaws that hackers can exploit, so regular updating is a must from a security standpoint. If you can set your smart home apps and devices to receive automatic updates, even better. 

Looking ahead to your connected home 

Smart homes show plenty of promise. Seeing a new and broadly adopted industry standard like Matter on the horizon may make them even more promising. Ideally, Matter will make it easier for people to bring more smart devices in their homes, and in a way that’s reliable and secure. Moreover, there are steps you can take now to help keep your smart home devices, and smart home in general, more secure as well. 

Yet when it comes to thinking about a home full of smart devices, questions around privacy remain. Smart home devices offered by different manufacturers will have different privacy policies and thus use people’s data in different ways, which puts consumers like us in a position to understand the terms, conditions, and implications of each one. Yet with data privacy being such a hot topic for consumers, the industry, and regulators already, it remains to be seen what consumer-friendly standards are set for data collection in the years to come—both in and out of the smart home. 

The post Smarter Homes & Gardens: Protecting the Smart Devices in Your Home appeared first on McAfee Blog.

Read More