Why you need to know all the cloud services that your organisation uses

29 May 2021 | News, Security

If you don’t where it is, you can’t protect it.

Do you know where ALL your organisation’s data is – not physically, but on which web and cloud services?

Here’s the problem.  If you don’t where it is, then you can’t protect it. The secondary problem is finding out, because not everyone in your organisation will be onboard.  It is common for people to sign up to web services because they offer something useful that helps them do their job.

They sign up using their email address and creating a password.   There is the first headache – how does anyone track what has been signed up to across your organisation, let alone who has access to it? If that person leaves, no one will change the account credentials if they don’t know about it, but your ex-colleague still has access.

Secondly, what data do they upload?  Is that data that you have a legal or moral responsibility for?

 

There’s nothing noble about Nobelium.

This isn’t theory – it’s real.    USAID is a pretty important US organisation – promoting democracy and human rights around the world.  Turns out, someone there was using a well-known email database tool called Constant Contact.  But their account wasn’t well protected. Worse still, their account had a huge mailing set up, and of course, it had all the official USAID templates.

So, these Nobelium people, allegedly a Russian state-sponsored hacker group, compromised the Constant Contact account and sent a bulletin out.  The bulletin contained malware that allowed the hackers to take command and control over victims computers.  Ironically the fake email alleged interference in the US federal elections.

So, what can you do?

The first step is knowing what SaaS tools your people are using.  We call this SHADOW IT and it is inevitable.  Rather than stopping it, the job IT has is to identify it and manage it.  The second step is to secure those platforms.  That’s why our KARE for Security S2 plan contains a useful tool to help you identify what services your people are using.

Refer : What We Know About The Apparent Russian Hack Exploiting USAID : NPR

Bad news email attachments

Bad news email attachments

Some emails are more than just bad news No one likes bad news! But sometimes it can’t be helped. Sometimes it sneaks up on you. One of the most common ransomware attacks is through a compromised attachment in an email. It’s easy to say “only open stuff you expect” but...

“LOCK ‘EM UP AND THROW AWAY THE KEYS”

“LOCK ‘EM UP AND THROW AWAY THE KEYS”

   Password Vaults and You With more and more websites necessary for our everyday activities, it’s getting harder and harder to manage passwords. By now, you will know not to write passwords on post-it notes and paste them on your screen. Its not uncommon for...

Google Releases Security Updates

Google Releases Security Updates

 Chrome security fixes Google has released Chrome version 91.0.4472.101 for Windows, Mac, and Linux. This update includes 14 security fixes. Out of the 14 fixes, 1 is considered to be critical in nature. If you are supported by KARE Core Fundamentals or Premium KARE...

Should it be illegal to pay ransomware in NZ?

Should it be illegal to pay ransomware in NZ?

The Trillion dollar industry At the time of writing, the Waikato DHB cyber-attack is ongoing. The government is refusing to pay the ransom as a point of principle, and it looks like every possible tool at their disposal is being used to try to recover the situation....