Ransomware is making the news more and more, and I suspect this will continue to happen for the next few years at least. Attackers mostly exploit neglect and a lack of expertise, and it’s a sure bet that their sights will turn to the cloud in time.
One of the reasons we’re not seeing more attacks within public clouds is that they are well maintained and updated and have much better security than their on-premises counterparts. However, as most security experts will tell you, nothing is 100% secure, and cloud security still has some evolving to do before it’s close to optimized.
As a cloud architect, I am amazed that cloud security is still so hard. We’ve had identity access management (IAM) for more than a decade. Now we have deep encryption services, key management, and most recently, zero trust and secure access service edge (SASE). Note that zero trust and SASE are terms defined by Forrester Research and Gartner, respectively, and not by groups of security solutions providers.
Despite all this security technology, security solutions have become more complex and difficult to operate as cloud deployments themselves become more complex. As the technology and technology concepts (such as SASE) add more big ideas to the problem, the growth of cloud, Internet of Things, edge computing, and now work from anywhere quickly outpaces our ability to provide workable and cost-effective security. Our deployments become less secure rather than more.
Following CEO Tim Cook’s statements on security at a recent conference, Apple has come out fighting to protect the security of its App Store distribution model, publishing a white paper that argues enforced side-loading of apps would make the platform — and its users — far less secure.
Google has called quits on the notion of truncating URLs in Chrome, according to a note from earlier this month in the Chromium project’s bug database.
“This experiment didn’t move relevant security metrics, so we’re not going to launch it,” Emily Stark, a staff software engineer on the Chrome team, wrote in the June 7 entry.
Fake news is a false narrative that is published and promoted as if it were true. People (and organizations) create fake news to control and manipulate your thoughts and actions. Be skeptical of what you read on the Internet, use trusted sources that are vetted, check their motivations and funding.
Source: SANS Security Awareness
The first step to creating a cybersecure home is to start by securing your Wi-Fi Access Point. Change your Wi-Fi Access Points default administrator password to something only you know. Many Wi-Fi Access Points or Wi-Fi routers are shipped with default administrator passwords that are publicly known and posted on the Internet.
Source: SANS Security Awareness
Be very careful of any lost USB drives you may find (such as in the parking lot or local coffee shop) or USB drives you are given at public events, like conferences. It is very easy for these devices to be infected with malware. Never use such devices for work, use only authorized devices issued to you by work.
Source: SANS Security Awareness
Identity theft is when someone steals information about you and then uses that information to pretend to be you and commit crimes, such as credit card fraud. One of the key steps to protecting yourself is monitoring your financial, credit score and credit card accounts. The sooner you detect fraud in any of these accounts, the sooner you can minimize the damage.
Source: SANS Security Awareness
When a major news event happens, cyber criminals will take advantage of the incident and send phishing emails with a subject line related to the event. These phishing emails often include a link to malicious websites, an infected attachment or are a scam designed to trick you out of your money.
Source: SANS Security Awareness
Only install mobile apps from trusted places, and always double-check the privacy settings to ensure you are not giving away too much information. Does that mobile app really need access to contacts or need to know your location at all times?
Source: SANS Security Awareness