News &
Information

Failure To Timely Report Data Breaches Leads To Loss And Blunts Mitigation Efforts

SEC rules require prompt reporting of data breaches. Learn about a $10 million fine, and why timely notification is important.

Medusa Ransomware Is Turning Unpatched Systems To Stone

Cybercriminals can exploit a single unpatched device to infect the entire organization with Medusa ransomware. We examine.

Ransomware Attacks Increase, Forcing Organizations To Respond

Emails remain cybercriminals' chosen method of delivering ransomware. We discuss tips on combatting the risk.

Authenticator Software: Being Exploited By Cybercriminals

Users seeking stronger security are duped into downloading fake security apps.

More Malware, Targeting macOS And Phone Apps, Spawns New Employer Cyber Risks

A new report from U.S. tech company Jamf reveals that it has tracked 300 malware families on macOS and found 21 new ones in 2023.

Jamf's latest Security 360 report examined a sample of the 15 million desktop computers, tablets, and smartphone devices it protects, across 90 countries and multiple platforms, such as macOS, iOS/iPad, Android, and Windows.

The report finds that 40 percent of mobile users and 39 percent of organizations are running a device with known vulnerabilities, while 20 percent of organizations were impacted by malicious network traffic.

There are also alarming statistics about the use, or nonuse, of security features. FileVault, a basic feature in macOS that provides critical protection for user data by encrypting it within the volume, was found disabled on 36 percent of devices, while 55 percent of Macs had the firewall feature disabled.

Mobile phones have historically been the devices on which users did only email, calling, calendaring, and instant messaging. However, more business-critical applications are in use on mobile operating systems, making them a higher-profile target for cybercriminals. Ian Barker "21 new malware families for Mac systems discovered in 2023" betanews.com (Feb. 26, 2024)

Commentary

The risks for an organization's network are increased when it allows non-company-owned devices to access the network. Doing so allows non-vetted applications access to the network.

Moreover, as the survey above shows, even the more secure iOS or macOS universe can be at risk if users have sideloaded or "bricked" their personal device, and yet have access to an organization's network.

Organizations should know who has access to their computers, laptops, or smart devices that are connected to the network. Ideally, an organization should issue phones, laptops, or other devices to employees for exclusive business use only. These devices can be set up in such a way as to be limited to authorized programs only and to access only necessary and approved websites. This gives an organization the greatest control against unauthorized apps, unpatched programs, or drive-by malware.

Finally, your opinion is important to us. Please complete the opinion survey: