Are you an online oversharer? Do you give your full birthday to all your online shopping accounts? Have a few companies you have accounts with been breached but you didn’t take any action at the time? If you have bad digital habits, now is an excellent time to reset your digital presence. 

In isolation, these small digital transgressions don’t seem like a problem; however, cybercriminals can gather the bits and pieces of information you release into the world and Frankenstein them together to create believable impersonations or entirely new identities. 

To protect your identity, here are a few ways to limit the amount of personally identifiable information (PII) you share online, plus a few tools that can help you identify and close your current security holes. 

Bad Online Habits That Put Your PII at Risk 

Most digital bad habits seem insignificant; however, the more bad habits you have that pile-up, the more at risk your PII and your identity can be. Check out this list of three common habits that you should consider breaking today and why. 

1. Volunteering too much information.

When you sign up for new online shopping accounts, some companies ask for your birthday, your age, your middle name, and primary and secondary phone numbers and email addresses. While it might be nice to receive a special coupon on your birthday, you may want to reconsider volunteering unnecessary private details. To compromise you can sign up with a nickname and leave your birth year blank. That way, if a cybergang ever breaches the company, the criminals won’t get far with your personal details. To steal an identity and ruin someone’s credit, sometimes all it takes it a full name, birthday, and phone number. 

2. Oversharing on social media.

Do you post your every thought and movement on social media? While curating the perfect online profile can be fun, it can also be dangerous to your online safety. For instance, posting “get to know you” quizzes are a gold mine for social engineers and cyber criminals, as the results often reveal potential password inspiration, security question answers, and your likes and dislikes. From here, criminals can take educated guesses at your passwords or tailor a social engineering scheme that’s most likely to fool you. Consider setting your social media profiles to private and blocking followers you don’t know personally. Or, just keep parts of your life a mystery to the wider world. 

3. Reusing passwords.

We can all agree that increasingly strict password requirements are leading to longer and more complex passwords that are confusing to cyber criminals and to the rightful account holders, too! It’s tempting to reuse passwords to reduce the burden on your memory, but this puts your valuable PII in danger. Password and username combinations are often information that’s leaked in company breaches. In what’s called a brute force attack, a cybercriminal can plug that same pairing into hundreds of websites and wait for a hit. Since unique passwords for all your dozens of accounts is imperative, entrust their safekeeping to a password manager.  

Grade Your Online Safety With McAfee Protection Score 

If you’re feeling uneasy about your online habits and the effect they may have had on your online safety, McAfee Protection Score gives you the information you need to take charge and make changes. Protection Score not only tells you how safe (or unsafe) you are, but the tool also offers suggestions on how you can raise your score, and thus be safer online. The service monitors data breaches and indicates when your email was part of a leak. Protection Score also dives into the dark web so you don’t have to. If your government ID or financial information appears, your score will take a large hit. 

Protection Score not only tells you how safe (or unsafe) you are, but the tool also offers suggestions on how you can raise your score, and thus be safer online. The sooner you know your weak points, the quicker and more completely you can fortify your defenses and clean up after months (or years) of bad habits. Knowledge is power in the right against cyber criminals, so Protection Score is an excellent partner to help adopt smarter habits on the path to better online security. 

Get the Whole Package With McAfee+ Ultimate 

With McAfee+ Ultimate, you not only get a Protection Score but a host of other top-rate tools to protect your identity, retain your online privacy, and help you recover from an identity theft. Running an antivirus, connecting to a VPN and installing web protection on your browser are all ways to increase your Protection Score, and these features are available with McAfee’s most thorough privacy, identity, and device protection service. 

Make 2023 the year of living online confidently and safely! 

The post New Year, New You: Start Fresh With McAfee Protection Score appeared first on McAfee Blog.

Read More

In this January 2023 update, we review the CIS Benchmarks we updated and released along with the CIS Benchmarks Communities that are seeking volunteers.

Read More

I don’t know how much of a thing this will end up being, but we are seeing ChatGPT-written malware in the wild.

…within a few weeks of ChatGPT going live, participants in cybercrime forums—­some with little or no coding experience­—were using it to write software and emails that could be used for espionage, ransomware, malicious spam, and other malicious tasks.

“It’s still too early to decide whether or not ChatGPT capabilities will become the new favorite tool for participants in the Dark Web,” company researchers wrote. “However, the cybercriminal community has already shown significant interest and are jumping into this latest trend to generate malicious code.”

Last month, one forum participant posted what they claimed was the first script they had written and credited the AI chatbot with providing a “nice [helping] hand to finish the script with a nice scope.”

The Python code combined various cryptographic functions, including code signing, encryption, and decryption. One part of the script generated a key using elliptic curve cryptography and the curve ed25519 for signing files. Another part used a hard-coded password to encrypt system files using the Blowfish and Twofish algorithms. A third used RSA keys and digital signatures, message signing, and the blake2 hash function to compare various files.

Check Point Research report.

ChatGPT-generated code isn’t that good, but it’s a start. And the technology will only get better. Where it matters here is that it gives less skilled hackers—script kiddies—new capabilities.

Read More

The NCSC’s new Funded Cyber Essentials Programme will support SMEs as well as charities

Read More

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Identity and access management has emerged as an essential security element for organizations. A study reveals that 80% of global IT decision-makers have already adopted or are planning to adopt an IAM solution in the upcoming years.

IAM refers to business policies, processes, and technologies to control unauthorized data and digital systems access. Two IAM approaches are widely known, one for the cloud and the other for on-premises. The cloud based IAM practices are fast-growing because the demand for cloud adoption has increased over time.

With the right IAM solutions and techniques, IT managers and businesses control users’ access to sensitive business data within their networks. In addition, these solutions help protect organizations from cyber-attacks; they become more efficient, reduce IT operational costs, and improve user experience.

Six best IAM practices that organizations must not neglect

The IAM framework means using the right solution to implement user authentication and privileges policies. In addition, with IAM, companies demonstrate that any data is not misused, and they comply with government regulations.

For all these characteristics, businesses are increasingly adopting IAM solutions, and their demand will undoubtedly be high in the upcoming time. It’s also estimated that the IAM market will grow to $15.3 billion by 2025.

The organization needs to use the right IAM tools and practices to reap the most benefits from the IAM solution. The six best IAM practices that every business should incorporate into its security strategy are as follows:

Adopt passwordless authentication

Many data breaches occur because of weak or stolen credentials. Threat actors can use advanced tools and tactics to steal and break passwords.

Organizations need a secure identity management system to prevent bad actors from breaking in and stealing credentials that can result in breaches such as the Lapsus$ attack or the Colonial Pipeline ransomware attack. Organizations eliminate password issues by choosing passwordless authentication to protect vital business data and ensure that only authentic people access it.

Passwordless authentication enables users to authenticate their identity without entering a password. There are various benefits for organizations to become passwordless- it enhances the overall efficiency, saves time and productivity, and provides greater ease of access. But, most importantly, passwordless authentication allows IAM leaders and users to access the cloud environment safely and securely.

Implement a Zero-Trust approach

The zero-trust approach is not new but has gained popularity as the threat landscape is evolving. Organizations cannot have a robust IAM policy without a function zero-trust architecture. The average cost of a data breach is $4.24 million, but the zero-trust model helps reduce the cost of a data breach by $1.76 million. Moreover, Gartner also predicts that the ZTNA solutions will grow to $1.674 billion in 2025.

Zero-trust means continuously verifying authorized users as they move into the network and giving them the lowest privileges while accessing crucial documents and files. Zero trust within the cloud creates access measures to protect sensitive data and applications from unwarranted access.

The zero-trust architecture ensures that IAM policies are followed whenever the user accesses the organization’s network and protects the cloud data. Successful zero-trust implementation for the cloud must begin with passive application observation. Companies must first monitor and determine the relationship between the apps and then enforce rules. In addition, enterprises consider using other technologies like MFA, endpoint protection, micro-segmentation, and visibility and analytics to execute zero-trust systems.

Ensure compliance

IAM is designed to control users and protect their data, which can be achieved by meeting standard compliance requirements. Businesses often have regulatory requirements connected to the data they store either in the data warehouse or cloud data warehouse. They must report on their data access and use processes while complying with specific laws and regulations.

They must face hefty fines, lawsuits, and penalties if they fail. For example, Twitter agreed to pay $150 million to settle allegations of its data privacy practices when the US alleged Twitter for collecting users’ contact information to show targeted ads.

Organizations that haven’t yet must strictly follow compliance regulations, including GDPR, SOX, HIPAA, and PCI-DSS, to ensure that data is not misused. Besides this, businesses must audit each user role and assign them to the appropriate data owner, to keep a check and balance on the following compliance. In this way, companies can ensure compliance regulations and surveillance of data access.

Use appropriate DevOps tools

A data breach occurs because of human error or when application flaws occur. Businesses also forget to maintain a record of unstructured or dark data, including files and documents downloaded and used for different purposes, credit cards, and social security numbers. Cyber-criminals take complete advantage of such vulnerabilities and data that can eventually result in a data breach.

Such events not only cause significant financial loss to the business but also result in loss of customers and brand reputation. DevOps teams and tools greatly help enterprises prevent data breaches and ensure no one can access sensitive data. By using various DevOps tools, businesses keep track of the unstructured data from the initial stage and boost the overall security level.

Deploy artificial intelligence

Cybercriminals have become more advanced and sophisticated than before. They are using new approaches and tactics to access the organizational network. Because of their progressive nature, even the security teams sometimes fail to recognize them. Hence, organizations have adopted Artificial Intelligence and Machine Learning technologies to implement IAM and reduce the threat vector effectively.

AI ensures improved security and maintains business integrity. Using AI technology like Robotic Process Automation (RPA) deeply monitors and reveals the abnormalities in user behavior. Though an organization produces trillions of primarily unstructured data, the ML system scans all the data efficiently and prevents data leaks and breaches. Moreover, the AI system constantly monitors all behavior and ensures that verifying workers’ access to network resources is continuous.

If, by any chance, threat actors gain access to the network by any backdoor, the AI system sends a quick alert to the IT department so they can take appropriate measures. Also, the system denies the access request and ensures the complete safety of the business data.

Centralize the organization’s systems

Another best practice businesses can adopt to improve IAM is centralizing all network systems. It is an effective approach that provides more visibility and allows the security teams to detect and respond to cyber threats by letting all the users sign into a single authentication provider, which then propagates identity access across the apps and resources within the organization.

Moreover, with the centralized management system, it is easier to enforce policies like using secure passwords or multi-factor authentication to access the resources.

Additional best practices

Apart from the practices mentioned above, listed below are some common IAM practices businesses should not ignore. These includes:

Ensure new applications from all sources are securely developed and onboarded. For this purpose, deploy API access control (authentication and authorization of APIs) as it is a crucial part of API security.
Authentication is vital for IAM; hence, use multi-factor authentication tools to authenticate the identity.
Remove unnecessary users from the network to reduce the risks of unauthorized access.
Regularly review and audit the IAM policies to ensure they are granted the least privilege.
When an IAM account is not used, immediately de-provisioned it. This prevents any hackers from stealing and misusing those credentials.

Final thoughts

Making a business compliant with identity and access management requires an in-depth understanding of who can access the sensitive data and which data is necessary for the workers. Staying informed and updated about the latest technological trends and IAM practices will further help improve the IAM infrastructure.

Read More

A Ukrainian official revealed that evidence of Russian cyber-attacks are being gathered to support potential war crime prosecutions

Read More

A new draft of India’s data protection bill is set to be debated in Parliament, but even before discussion begins, privacy and security experts are saying that the proposed legislation lacks clarity on key issues.

The Ministry of Electronics and Information Technology has prepared a draft of the Digital Personal Data Protection Bill 2022 and invited public feedback as part of its public consultation exercise. The government is expected to introduce the bill in Parliament in the budget session of 2023, though the precise date for discussion of the draft has not been set.

To read this article in full, please click here

Read More