Security roundup: Top tips for improving IoT security, scammers impersonating cyber security brands - PC Retail

Security roundup: Top tips for improving IoT security, scammers impersonating cyber security brands

PCR takes a look at the latest security news in the channel
Author:
Publish date:
2-pcr-security-shield-web.jpg

This week, we look at how businesses and individuals can improve security and manage the risks of IoT, how scammers are impersonating cyber security brands, and more.

TOP TIPS FOR IMPROVING SECURITY WHEN IT COMES TO INTERNET OF THINGS

Experian has offered advice for both businesses and individuals to help them improve security and manage the risks that come with using internet-enabled products, also known as the Internet of Things (IoT).

Tips for individuals:

– Make sure that the products and services you are buying and connecting to are from reputable companies.

– Ensure that the providers of those products and services have clear privacy and data usage policies.

– When setting up the products, ensure that passwords and keys are changed from the factory settings.

– Before connecting to any wireless network, make sure it is secured.

– Be aware of how providers use data from your smart device and check their policies to see if it could end up in the hands of third parties.

– Any access to systems connected to your smart device should always be closely guarded.

– When downloading apps for your device make sure it is only from reputable platforms, such as Google Play or the iTunes Appstore. Apps that are downloaded should also be only created by trusted entities, check customer reviews as a way of making sure.

Tips for businesses:

– Understand who has access to systems and clarify why they need it. It is also important to understand the normal access behaviour of those logging into these systems, so that when anomalies occur, immediate preventative action can be taken.

– Clearly outline roles and responsibilities in terms of access monitoring. This can be segmented by factors such as channel or line of business.

– Share intelligence across the consumer and enterprise side of your business. Many businesses have strong authentication requirements for their customers, but most data breach activity happens as the result of employee credentials being compromised and used to gain access.

– Businesses should also apply robust privacy policies and practices. Doing so will ensure that the data they are collecting is actually required for the services they offer, and that the data collection practices are easily understood by their customers.

– Any data that is collected must be treated as highly sensitive information. It is important to note that even seemingly uninteresting data can be used by fraudsters to build robust and accurate stolen identities, which can be used for online impersonation, social engineering, phishing attacks and more.

SCAMMERS IMPERSINATING CYBERSECURITY BRANDS

High-Tech Bridge has analysed domains of the leading cybersecurity companies from the NASDAQ’s NQCYBR index, as well as few private but well-known cybersecurity companies.

The statistics within the research show how each company fares under categories of domain squatting; traffic theft – the highest percentages were reported under this category; brand theft; malicious activity and unknown (other).

Among numerous cybersquatted and typosquatted domains the firm found, High-Tech Bridge can distinguish five main categories of domains:
– Domain Squatting: Domain is registered, but is not used, or hosts an empty website.
– Traffic Theft: Domain is registered and is being used to redirect visitors to third-party website(s).
– Brand Theft: Domain is registered, website leverages or simulates the original brand, or a part of it, to associate with the legitimate brand, while offering its own goods and services.
– Malicious Activities: Domain is registered and is being used for phishing, redirection to competitor’s website, malware delivery or any other harmful or unlawful activities.
– Unknown: Purpose of the domain registration is not clear or cannot be confirmed.

“Unfortunately, lack of international cooperation and jurisprudence enable fraudsters to make easy money on various illegal or at least unethical operations with domains. Even cybersecurity companies are being targeted these days, not only financial institutions or luxury brands,” said Ilia Kolochenko, High-Tech Bridge’s CEO.

“The biggest concern is that relatively harmless techniques such as typosquatting and cybersquatting are now being aggressively used in pair with phishing and drive-by-download attacks.”

IN OTHER NEWS

– New CompTIA research has found that over two thirds of organisations were hit by security breaches in the last year.

– Kaspersky has found a significant increase in malicious spam emails in Q1 2016.

– NTT Com Security has reported that 77 per cent of organisations are underprepared for cyber security incidents.

– 70 per cent of UK employees use unauthorized cloud services at work, according to new research from Cloudstanding.

Related