The Industry’s Only SaaS-Delivered Enterprise DLP
Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.
No-Compromise Data Protection is:
- Cross Platform
- Flexible Controls
Robotic process automation, vaccine scams, and key takeaways from the latest Security Awareness Report - catch up on all of the week's infosec news with the Friday Five!
1. The Robots Are Coming For Your Office by Nilay Patel
In this story, Kevin Roose and Nilay Patel have a fascinating conversation around automation in the workplace. Going beyond many people’s perception of automation only affecting factories, they address how RPA, or robotic process automation, will affect professions like accountants, lawyers, and journalists. Though automation might not be able to match the quality of a human doing the job, if it’s cheaper and faster at completing tasks, which seems likely, it will disrupt jobs across a significant portion of the economy. They also examine how RPA is perhaps more threatening to the overall economy than traditional automation, not because of its sophistication, but its banality, which does not spur new industry, but rather permanently eliminates jobs. Though that may sound like a downer, in their conversation, they discuss how automation might actually be an opportunity for us to reevaluate our skill set and how to tailor your career to this new reality.
2. COVID-19 vaccine scammers are still lurking by Shannon Vavra
As vaccines have become more available, vaccine-related phishing scams have increased proportionally. New research has found in the last two months that the number of these scams has increased by 530%. An example of such a scam is a group of hackers who created a fake vaccine registration page where users were asked to put in their Office 365 credentials to register for an appointment. The scams haven’t just targeted individuals, attackers have also tried to steal credentials from employees at Walgreens. The shift is the latest effort by cybercriminals to tailor their scams to the current needs and fears of the pandemic. One other interesting tidbit is that Microsoft has been the most popular brand for hackers to imitate in their attempt to steal credentials.
3. Microsoft: 92% of vulnerable Exchange servers are now patched, mitigated by Charlie Osborne
In a positive development this week, Microsoft has announced that 92% of vulnerable Exchange servers have been patched or had mitigations applied. The issue is far from over; systems that have been patched only prevent new exploitation, it doesn't remove malicious actors already in the system. It does however show how seriously companies are taking the warning from Microsoft. The high patch rate is also representative of the very impressive work being done by IT departments around the world. IT administrators who have patched and made necessary mitigations are encouraged to continue to check their systems for indicators of compromise and perform security audits, in case their systems were exploited.
4. Lack of Time Biggest Barrier for Security Awareness Programs by Chris Brook
In the latest Security Awareness Report from the SANS Institute, there were many interesting takeaways, notably that the biggest challenge facing a company building a maturity security model is not money, but time. The report, a summary of the behavior of over 1500 security awareness professionals worldwide, analyzed the various reasons that a security awareness program may slip through the cracks. Over 75% of professionals reported that they spend less than half of their time on security awareness, as their time is taken up by other tasks. Other top challenges include a lack of personnel (the cybersecurity skills gap is a source of constant consternation in the infosec community) and a lack of budget. To solve these problems, the report suggests having at least three full-time equivalent employees specialize solely in security awareness.
5. China-based hackers used front companies to hack Uighurs, Facebook says by Sean Lyngaas
Facebook has exposed a hacking campaign targeting Uighurs, which they say was supported by Chinese technology companies. The campaign was worldwide in scope and targeted journalists and those viewed as dissidents. The techniques used include phishing campaigns driven by fake Facebook personas and malicious Android and iOS software. Though the report does not directly tie the hacking to Beijing, the speculation is that the organizations involved in the hack are part of the Chinese Government’s surveillance of the Uighur, a Turkish speaking minority, many of whom live in the Xinjian province. It’s just the latest example of cyber policy playing a major role in the national security apparatus of nation-states.