Happy Thursday!
Last month we announced our new website and along with this, added some invaluable content that we think would be powerful for your organization.
One of the articles covered how to introduce secure collaboration seamlessly using Zero Trust (more on this in the coming weeks and months), including an overview of secure collaboration governance planning and how to facilitate this. But what is governance planning anyway?
Governance planning is about developing a company strategy to ensure your valuable information is secured whilst minimizing risk and costs to the business. This involves various stakeholders of the business collaborating in a coordinated response to align and adapt with the overall evolution of the technology through:
- Information Assurance
- Operational Assurance
- Outcomes Assurance
We can’t give it all away though!
Cybersecurity news is ramping up and what a HOT month September has been, right before Cybersecurity Awareness Month.
Here are the top three news pieces:
Tik Tok: high-severity vulnerability found that could compromise users’ accounts in one click! August 31, 2022
Key Takeaways:
- TikTok’s coding language (JavaScript) had a vulnerability that was exploited within Android OS.
- Microsoft performed vulnerability assessment of TikTok; TikTok swiftly responded and remediated the issues.
- Attackers could have leveraged the vulnerability to hijack an account without users’ awareness if a targeted user simply clicked a specially crafted link.
iOS 16 Rolls Out With Passwordless Authentication, Spyware Protection September 13, 2022
Key Takeaways:
- Together with Google and Microsoft, Apple promoted passworldess sign-ins, it pledged to adopt FIDO’s passkey (a credential that is stored on the phone and which will be needed for signing in on websites that have adopted passkey).
- Introduced a host of security and privacy improvements meant to keep users protected from malware, state-sponsored attackers
- One new feature, named ‘Lockdown Mode’, works by essentially shutting down certain device functionality, to reduce attack surface and prevent attackers from exploiting potential vulnerabilities.
Microsoft Detection and Response Team (DART) led an investigation into Albanian cyberattacks. September 8, 2022
Key Takeaways:
- Microsoft assessed that on July 15, 2022, actors sponsored by the Iranian government conducted a destructive cyberattack against the Albanian government, disrupting government websites and public services.
- The geographic profile of these victims—Israel, Jordan, Kuwait, Saudi Arabia, Turkey, and the UAE—aligns with Iranian interests and have historically been targeted by Iranian state actors, particularly MOIS-linked actors.
- The Iranian sponsored attempt at destruction had less than a 10% total impact on the customer environment.
- Iran is an active enemy of the US and future attacks on our infrastructure are possible that may impact businesses of all sizes. We must stay vigilant to their activities elsewhere in the world.
October is Cybersecurity Awareness Month!!!
Microsoft defines cybersecurity as:
Cybersecurity is a process that is a necessary component to include in your business operations. This is because all workplaces are modernizing their work environments to align with the rapidly transforming digitized world.
Also, businesses now have a legal obligation to keep their employee, client and company data secure from internal and external threats. Governments around the world are enacting stricter regulations and systems to enforce compliance.
3 Pillars of Cybersecurity
Below are the three pillars of cybersecurity showing the elements that together create the essence and importance of cybersecurity:
Confidentiality: Keeping your secrets and ensuring that only authorized people can access your files and accounts.
Integrity: Making sure that your information is what it’s supposed to be and that nobody has inserted, modified, or deleted things without your permission. For example, maliciously changing a number in a spreadsheet.
Access: Ensuring that you can access your information and systems when you need to. An example of an access issue would be a denial-of-service attack, where attackers flood your system with network traffic to make accessing it nearly impossible; or ransomware that encrypts your system and prevents you from using it.
The numbers
The rapidly increasing volume and sophistication of cyberattacks across organizations is alarming.
The cost of cybercrime has exploded with damages reported by the FBI growing over 392% since 2017 or an average annual growth rate of 78% over the past 5 years.
Below is an outlook on the last 5 years’ that the FBIs Internet Crime Complaint Centre (IC3) has received. These complaints address a wide array of Internet scams affecting victims across the globe which average 552,000 complaints per year.
Note: There are significantly more incidents that are never reported to the FBI, so actual figures are likely much higher than what is reported above.
Due to the alarming amount of data stolen each month, new levels of collaboration across borders and organizations are needed to protect against these threats and meet this ransomware challenge.
Cyber threats are only increasing and becoming more complex. Therefore, it is imperative that your organization protects its digital estate across in the following six areas:
- Identity
- Devices/Endpoint
- Applications
- Data
- Networks
- Infrastructure
Understanding where the gaps are within your estate, not only reduces the risk of an attack but allows your clients to rest assured knowing their confidential information is protected and that your organization is complying with data protection laws like the California Consumer Privacy Act (CCPA) or the EU GDPR and UK GDPR, that is if you have clients within those territories!
The most common cybersecurity threats that your organization may encounter are:
- Account break-ins
- Data exfiltration
- Email compromise
- Internal threats/Insider Risk
- Malware and viruses
- Phishing attacks
- Ransomware attacks
- Shadow IT
In the coming weeks we will explore how best to mitigate these cyber threats and why doing so is integral for business continuity.
Watch your inboxes 
Next month we will be sharing several pieces of information on cybersecurity and how to make your organization’s IT infrastructure more robust. The key topics will cover:
- Week one: data governance: best practices for legal compliance (including insurance) and data protection; and the importance of cybersecurity in protecting your organizational data whilst complying with regulations
- Week two and three: All about Zero Trust; a deep dive into what the Zero Trust framework is, its benefits and some valuable tips on how to implement it across your organization
- Week four: Passwordless security – what does this even mean?!
So, if you’re feeling a bit confused about all this cybersecurity jargon, don’t worry we have you covered! Just keep an eye out on your inboxes weekly on a Thursday throughout October.
If you want to schedule a call with one of our team to discuss this further, please do so here: Book a time with Matt
Warm Regards,
Team Aegis
Don’t forget – follow us on our socials!
