Directive 20 Repealed – Beat the Cyber War Drums?

Directive 20 Repealed – Beat the Cyber War Drums?

Exposed by Snowden in his 2013 document dump, Presidential Directive 20 limits the U.S. in attacking/counter attacking with cyber weapons. Now it has been rescinded. Does that mean the gloves are off? We’ve been under attack for a long time. You see signs of it
A.I.: Confused? Worried? Try Finland!

A.I.: Confused? Worried? Try Finland!

Artificial Intelligence (A.I.) – They say it’s inevitable. Are you worried it will take your job? Do you even understand what it is? The Finns are taking the bull by the horns. Their first goal is that 1% of the entire population will become familiar

Cloud Apps Security

Today, more than ever before, employees are working while on-the-go. The ease with which a worker can enjoy a coffee-café latte in one hand and click “send” with the other is made possible by the explosion of mobile devices and mobile cloud-based applications. According to IDC, more than 96.2 million mobile employees are taking advantage of the mobility offered by today’s technologies.

Cloud-based Apps and the Mobile-Worker

To best protect these users while mobile, companies need to change their security strategy.

Traditionally, businesses have invested heavily in securing their infrastructure and endpoints— the security of the data lies within the four walls.

These walls quickly become ineffective when using cloud-based apps. Your firewall and network monitoring solutions? Traffic flies right through. Endpoint software? On a phone? Even if AV companies had software to install, will your users even install it?

Last, migration to cloud apps makes passwords (and related authentication solutions) the key to any security strategy. A loss of a password to an attacker can be detrimental. Regardless of whether they are using laptops, tablets, or phones, employees are using passwords that need to be protected. Passwords have become the key battleground for cloud-enabled organizations.

Mobile Worker Attack Methods

We’ve seen a sharp increase in two types of attacks focused on mobile workers that are trying to steal credentials. In addition, mobile devices continue to be prime targets for malware attacks.

Proximity-focused attacks: In this type of attack, a cybercriminal creates a fake wireless access point in a public area, such as an airport, in the hopes of tricking their victims into connecting. Mobile workers searching through the longlist of airport Wi-Fi options until they find one that doesn’t require a password may be susceptible to this attack method. Hackers will set up a fake network service in hopes a user will click on it, giving the attacker access to much of the sensitive information and credentials from the device.

Phishing attacks: With a phishing attack, a cyber-criminal usually generates a fake email pretending to be someone they’re not and requests money, passwords or account numbers to take over a victim’s finances, steal sensitive information or hold their account hostage until a ransom is paid. While mobile devices receive phishing attacks via email, they can also receive them from text messages, communications apps, social media and practically anywhere a mobile device can receive a message. This not only increases the number of phishing attacks on mobile devices but the susceptibility of users falling victim to this type of attack.

Malvertising and malware attacks: We have observed a sharp increase in attackers buying malicious ads and getting them placed on high-traffic websites. These ads find vulnerabilities in browser software and then exploit the system to install ransomware or more persistent malware. According to Nokia’s global Threat Intelligence Report, 2016 saw the highest level of mobile device malware infections since 2012 with smartphone malware infections rising nearly 400 percent.

The explosion of mobile workers is pushing companies to develop cloud-based security for their mobile devices. In the next article, I’ll talk about what those security strategies should look like.

By Todd O’Boyle

Todd O’Boyle

Todd is a co-founder and CTO at Strongarm, an Allied Minds company. Prior to Strongarm, Todd spent 15 years at The MITRE Corporation, providing technical support to the Department of Defense and the Intelligence Community. He also served as principal investigator for a project developing methods to improve how operators respond to adversaries.

Todd has a Bachelor of Science, Computer Science from Purdue University.

View Website

BRANDED COMICS FOR YOUR NEXT CAMPAIGN

Get in touch with us regarding our introductory rates!

Infosec thought leaders

Why you should add a connection broker to your suite of DevOps tools

DevOps Connection Broker When staring down the DevOps path, you have no lack of tools to help you pave the ...
Apcela

Why Enterprises Need Communication Hubs for Today’s WAN

Enterprise Communication Hubs As early as 2014, Gartner analysts were touting the benefits of communication hubs as a means to ...
Why Accept the Hype? Time to Transform How We Approach Emerging Technology

Why Accept the Hype? Time to Transform How We Approach Emerging Technology

Time to Transform How We Approach Emerging Technology It’s like a rite of passage – a new technology pops onto ...
Robo-Advisors vs. Financial Advisors: What Do Millennials Prefer?

Robo-Advisors vs. Financial Advisors: What Do Millennials Prefer?

Robo-Advisors vs. Financial Advisors For technology-loving millennials, robo-advisors may seem appealing. With a robo-advisor, a portfolio is managed online by ...
Why should SMEs embrace Cloud ERP solutions?

Why should SMEs embrace Cloud ERP solutions?

SMEs & ERP Solutions Remaining competitive in the market is the primary goal of every business. For SMEs, moving to ...

Manage Azure HDInsight clusters using .NET, Python, or Java

/
We are pleased to announce the general availability of the new Azure HDInsight management SDKs for .NET, Python, and Java. Highlights of this release More languages: In addition to .NET, you can now easily ...

AWS Glue is now available in the AWS GovCloud (US-East) Region

/
You can now use AWS Glue in the AWS GovCloud (US-East) Region. AWS Glue automates much of the effort to build, maintain, and run extract, transform, and load (ETL) jobs ...

Microsoft open sources Data Accelerator, an easy-to-configure pipeline for streaming at scale

/
This blog post was co-authored by Dinesh Chandnani, Principal Group Engineering Manager​, Microsoft. Standing up a data pipeline for the first time can be a challenge and decisions you make at the start of a ...