From the moment any data system comes online, it is […]
Of all the threatening hacker groups out there, one of the […]
As we continue our series of articles on state-sponsored cyberattack groups, […]
See how securing your environment with Ntirety’s Comprehensive Compliant Security solution can save you money with our ROI Calculator.
Overview This event technology company provides customers with best-in- class […]
OVERVIEW What started as a niche company to bridge two […]
Michigan Mutual is a mortgage broker founded in 1992 by […]
In this episode, we talk with Tony Scribner of Ntirety, […]
Emil Sayegh is a well established executive in product and […]
Today we’ll be talking about hybrid cloud, security, and Maslow’s […]
The Example of European Energy Cyberthreats
Despite all the regulatory structure in Europe, the subject of recent discussions was the Luxembourg-based Energy Supplier Encevo, and its European-based subsidiary electricity operator Enovos. In a post-facto review of the situation, the company shared that their customer contact portals were hacked in mid-summer. A malware infection led to escalated access to customer information, something that none of us should be comfortable about being in the hands of nefarious actors. Ransom demands were made. Payments in this case were not made because Enovos worked to restore the systems through a disaster recovery plan and neutralize further infections. The threat actor ALPHV, also known as BlackCat, appears to be the very same threat that attacked the Colonial Pipeline in the US with ransomware back in 2021.
These ransomware threats are built with a purpose: to exploit global targets throughout the energy industry. And not only are there existing unidentified infections out in the wild, but new ransomware is emerging on to the scene faster than many IT teams can handle.
Manage Yourself as a Threat
Top security organizations protect against risks posed from endpoints by managing security through devices, identity, and at the application level. Whether it is a workstation, laptop, mobile device, or application, security protocols force access through secured controls such as Multi-Factor Authentication, confirmed device protections, and application protections.
Outside of those protections, there’s a lot that we can do to protect ourselves when we use our own devices. Security and privacy can be hard to manage, but there are some best practices you should follow.
Defaults can be Dangerous
Let’s walk down a reasonable, relatable scenario. You get a new phone and don’t have time to read through all the conditions, legal terms, data terms, and all the other fine print that comes with it when you are setting it up. So, you click ‘Yes’ and ‘Accept’ to everything that comes on your screen. Sounds reasonable, each of those things should help quality and experiences. We’ve all done it. Almost no one reads all the terms and conditions, but there’s a terrible assumption here and it’s one of the biggest problems when it comes to smartphones, websites, and apps.
Apps – You have got to be careful about where you get them from. Many popular, even well-reviewed applications have been found to have access to too much information and in some cases, stealing personal data. Banking information, private emails, and other sensitive information are found on your phone, so it makes sense to review the sources to be as trusted as possible. Even then, major well-known companies such as TikTok have faced scrutiny about the levels of data access their application enjoys and the residency of where that identifiable data winds up. Just because an application asks for rights to your camera, location, network information, or whatever doesn’t mean you should automatically grant it.
Permissions – Depending on your phone platform, you can audit what applications are accessing sensitive components on your phone. In addition to a selective trusted app source status, you can review apps considering what they are meant to do in the first place. You are going to want to select access to sensitive components including:
Review these items honestly because sometimes you might install an app that accesses more than it needs to function as you intend to use it. That fitness app that seemed like a great idea may be invasive to your private data. Does it really need to know your location all the time? Probably not. And you might not use that app all the time anyway, or ever. It never hurts to review the permissions you grant an app to make sure you aren’t oversharing.
By now, you should know what this is even if you don’t recognize it by name. Multifactor Authentication (MFA) is the phone-based authentication that many modern security systems have in place to protect access to platforms, web pages, and more. With all the constant threats that we face, simple usernames and passwords are simply not enough to protect even the most simple applications anymore.
Adopt MFA and if given the choice, it’s best to select non-SMS/text methods to validate if possible. MFA applications for your phone feature device-driven authentication features, biometrics, and recovery methods in case of emergency. Whereas simple text messages can be compromised but are better than nothing if it’s unavoidable.
The bottom-line is that our personal devices have become an extension of ourselves, and like any other technology it can be optimized to improve our lives. We live in a volatile world when it comes to the evolving threats faced within cybersecurity. And being aware enough to take these necessary precautions before installing any app onto your phone or tablet can be a difference maker when it comes to staying safe from unseen threats—even if you think your apps seem secure.
This article was originally published in Forbes, please follow me on LinkedIn.