Don't Forget to Share this Post

Advanced Security Strategies and Solutions for the Digital Age + Webinar Replay

By Amisha Shah | Thursday, November 5th, 2020
Whether the coronavirus pandemic has sped up the evolution of remote working, or working from home continues to be the indefinite new reality for investment firms around the globe, one thing is for certain, the digital workplace is here to stay. Which means that whilst focusing on ensuring the digital working environment remains efficient, firms must also pay close attention to keeping it secure, with valuable corporate assets online and at risk.

With October being cybersecurity awareness month, experts from Eze Castle Integration and leading industry firms Eversheds Sutherland and Blackpanda explored digital strategies, tools and cyber technologies to maintain a robust security posture in today’s fast evolving digital landscape, in a recent webinar.

In today’s blog, we will roundup key suggestions to ensure your security measures are advanced and protect your digital workplaces. You can also catch the full webinar replay here.

How the Threat Landscape Has Changed with Covid-19

Top risks in the current landscape include phishing, ransomware, and business email compromise. Each of these methods are becoming more sophisticated to hook firms and their employees. 

Security experts from Eze Castle Integration advise that the following behavioural and environmental factors make us more prone to falling into the trap of malicious hackers, and thus we should be mindful of the role that the human element of cybersecurity plays.

•    Context
•    Time 
•    Behaviour

In a step by step sequence, you can see just how easy it is for a hacker to target employees:

1.    Hacker visits your website to learn about organisational structure and email naming conventions.

2.    Next, they source industry events where your company CxO is speaking on a panel discussion, webinar etc.

3.    Utilises LinkedIn as a discovery tool to find out more about an individual’s role and career moves.

4.    New employees targeted (more vulnerable).
 
5.    A spoof email domain is set up based on learnings in step 1.

6.    An urgent request is sent to an employee, asking them to purchase a gift card for other panellists of event sourced in step 2.


Now, let’s take a look at how you can go about minimising these risks.

24x7 Dark Web Monitoring is Recommended to Reduce Account Takeover Risks

User credentials (i.e. username/password) are for sale across the Dark Web - going to the highest bidder. As a result, account takeover (ATO) instances are increasing at an alarming rate. To stop this threat, firms must monitor the Dark Web and respond. Dark Web Monitoring is a cost-efficient deterrent to ATO activities, in which cybersecurity intelligence analysts monitor the dark web 24x7 to deliver these benefits:

•    Reduced account takeover risk
•    Regulatory due diligence requirements
•    Deep “after the breach” scrutiny avoided
•    Business reputation and relationships remain untarnished

Firms are advised to have Dark Web monitoring in place to practice proactive cybersecurity.

Identify Attackers in Real Time with SIEM

SIEM (security information and event management) provides real-time analysis of security alerts generated by applications and network hardware. Here are some key reasons on why you need to deploy SIEM.

•    Regulatory standards (GDPR, NYDFS, OCIE, etc.)
•    Cybersecurity guidelines (such as ISO27001, NIST, CIS)
•    Log management and retention
•    Continuous monitoring and incident response

To listen in on the full discussion, watch the full discussion below. You might also be interested in taking a look at our SIEM Guidebook for more on this topic.
 


 
Don't Forget to Share this Post

Related Posts

How Can Eze Castle Integration help you?Contact us today!

Contact Us