A much bigger concern is credential theft. We barely hear about ransomware these days. Generally speaking, when I talk to our customers, malware is not the top of their concerns. And there's a lot of good antimalware solutions out there. Sandboxing is becoming really commonplace. It was the biggest risk a couple of years back, but companies have gotten a lot better at stopping ransomware. Malware and ransomware are totally not the biggest risk. TechNadu: What do you consider to be the biggest threat to our cybersecurity? Is it some kind of malware, ransomware, or something else?Īsaf Cidon: By far, the biggest risk, in my opinion, is account takeover. So the breach wasn't on any corporate system, but once you start reusing passwords the company is at risk. Generally, our team and our company are focused more on business hacks, but I think there are differences but also similarities between businesses and consumer users - the way the attackers get in initially is because people will reuse passwords for Yahoo and their corporate email account, for example. A lot of time that's eye-opening for people and they'll realize that their credentials have been exposed multiple times in the past because of these recent hacks. So that's a free service that's a really good idea for people to try out and see. People can also use PWNED (Have I Been Pwned) where people put in their email addresses and it will tell them whether their credentials have been used, have been stolen in a prior hack. So, if you reuse your password on any of these platforms, your password right now is out in the open. All these major platforms have vulnerabilities. We had huge hacks from Yahoo a few years ago, Dropbox, Slack, LinkedIn, Facebook now. If you're using a weak password on a popular email system, or reusing your password, you will get hit. Especially if you're using weak passwords or reusing them. So how can we increase the awareness of the issue at hand and the safety steps everyone can take.Īsaf Cidon: It's just a matter of time. TechNadu: One major problem in security is awareness of the users about the problem that they're facing. I would say that small companies do get attacked a lot, so it's not like it's only a problem for big, multinational companies. At Barracuda we have 5-10 person companies that are customers of ours and it's not such a high cost since they're paying per user, so there are a lot of tools for small business as well, not just big companies. I would say, though, that all these security tools are priced on a per-user basis. Those are the basics.Įven if you are a small business and don't want to invest any money in security tools - that's where I'd start. TechNadu: What about the smaller companies that aren't exactly the ones that are going to invest a lot of money in security solutions?Īsaf Cidon: I think multifactor authentication and a strong password or passwords managers are the minimum to having a good password policy in the company will take companies a long way. More and more are implementing security training for their employees to make sure they simulate the attack scenarios, make sure that their employees have seen these attacks before and don't click on them. And then, finally, the last piece which is also more true for the business users is security awareness training. And then, for business users, there are products that can really help you be more secure from email security and filtering to products that actually use artificial intelligence to understand anonymous emails. So that's one step.Īnother one is setting up multifactor authentication which is also really important so that even if someone steals your password you have an extra layer of defense. A lot of times attackers hack into email systems because they steal a password from some other system that was attacked and they just reuse it. Specifically not reusing passwords so that the passwords to your email systems should really not be used anywhere else. The gist of things is general email security principles like setting a strong password, ideally using a password manager. So, for example, business email compromise attacks or account takeovers are more common with business users, and their goals are rather different as they usually try to get sensitive business information, something that consumers are less likely to do.īut there are some things that both as a consumer and as a business user you can do to be more secure. TechNadu: I'm angling more towards consumers because if you know how to protect yourself in your personal life, you can do that in your professional one tooĪsaf Cidon: It's interesting because we see the attacks that are hitting businesses are a little bit different than the attacks that are hitting consumers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |