Organizations that fail to prevent attacks face severe consequences. The average ransomware cost in 2022 was $4.54 million, which does not include the cost of the ransom, and experts predict the total cost of ransomware attacks for 2023 will exceed $30 billion.

As organizations seek out reliable ways to thwart attacks, many are turning to engineering principles to reinforce their cybersecurity frameworks. This approach enables cybersecurity by design rather than deploying it as an add-on to core infrastructure, which results in a more systematic, proactive, and adaptable approach than that provided by other common security solutions.

Benefits of engineering-based security

One of the key benefits of an engineering-based approach to cybersecurity is that it addresses the vulnerabilities exploited by social engineering attacks. Statistics show these types of attacks, which focus on user failure rather than system weaknesses, are the most common. Phishing — a type of social engineering attack — is the most common cyberattack overall, accounting for more than 3.4 billion spam email messages daily.

Engineering principles can safeguard against these attacks by pursuing user-centered design, since analyzing systems from a human perspective during the engineering phase allows for the introduction of features that reduce unintentional vulnerabilities. Engineering can also proactively create user environments that maximize ease of use and reduce the risk of security failures.

Social engineering vulnerabilities can also be reduced by leveraging engineering to reduce the need for user interaction. Systems can be engineered to empower an enhanced zero-trust approach to cybersecurity in which processes are automated to remove the need for human involvement.

Applying engineering principles also boosts cybersecurity by empowering a systems-oriented view. Taking a holistic, system-wide view of cybersecurity provides insights that may be missed by strategies focused on isolated components, and allows for the identification of interconnections and emerging synergies that may lead to vulnerabilities.

Approaching cybersecurity as an engineering function results in more resilient systems. Rather than just empowering reactive controls designed to repel attacks, engineering principles can empower cybersecurity controls that are resilient to attacks, even when they succeed. Resilient systems limit the negative impact of breaches and increase the speed of recovery because they can adapt their security response once breaches occur, ensuring the negative impact of attacks is minimized.

Overall, bringing an engineering perspective to cybersecurity instills more structure into the security framework. It results in systems that are more rigorous and disciplined.

Methods of applying engineering principles to cybersecurity

One primary method of applying engineering principles to cybersecurity involves taking steps to increase automation while decreasing human involvement. As mentioned, human-induced vulnerabilities are one of the key causes of cybersecurity breaches, with statistics showing that nearly 75 percent of breaches are caused by human negligence such as the failure to install a patch.

Utilizing Infrastructure-as-Code (IaC) in the development and deployment process is one approach that leverages engineering to boost cybersecurity. IaC relies on codes and scripts to manage the infrastructure environment, rather than delegating management responsibility to human agents, which reduces the risk of social engineering attacks by removing access authority from the targets of those attacks.

IaC further reduces the risk of cyberattacks by using robot agents to increase the complexity of systems. Distinct runtime accounts utilized within network-isolated environments trigger automated processes, thwarting the effectiveness of attacks like spear phishing and lateral movement techniques.

Fail-safe defaults are another security measure that can be engineered into systems to address human weaknesses. Essentially, the defaults minimize the damage from security breaches by triggering failures that limit attacker access, ensuring a line of defense will stay in place after a breach. Multi-factor authentication (MFA) is a simple fail-safe device that has become a common cybersecurity feature. Safeguards that require administrator privileges to install programs are another form of fail-safe utilized to prevent damage from malware.

Taking an engineering approach to cybersecurity also allows organizations to build defense in depth. Security controls can be engineered into systems on multiple layers, leveraging tools like encryption, firewalls, and intrusion detection systems. With this approach, a failure at one level can be mitigated by controls engineered into the next.

Compartmentalization involves engineering strategies that segment systems and networks into different zones or compartments. By restricting access to system segments, organizations can reduce threats and contain damage when breaches occur.

Cybersecurity threats are higher than ever, forcing organizations to repel a never-ending barrage of attacks or suffer serious financial and reputational damage. By leveraging the synergy between engineering and cybersecurity, organizations can develop and deploy resilient and responsive systems that address some of today’s most prevalent cyber attack strategies.

The post How Engineering Principles Can Be Applied to Reinforce Cybersecurity Measures Against Evolving Threats appeared first on SiteProNews.

There is a widespread myth that cybercriminals rarely consider an e-book reader to be a desirable catch, with computers, tablets, and smartphones being the primary targets instead. This is not entirely true. Bookworms and their beloved e-book readers are also on the hacker radar because they store more valuable information than a book collection.

“An e-book reader is more like a computer than a traditional paper book, and like any other electronic device connected to the IoT network, they are also vulnerable to cyberattacks. Criminals are least interested in the e-book collection because readers, like Kindle, Nook, or Kobo, actually store much more valuable data,” says Marijus Briedis, CTO at NordVPN.

Confirmed Methods to Get into Your E-library

Creating malicious digital books and tricking readers into downloading and opening them is one of the most common ways to compromise e-book readers. A few years ago, cybercriminals already used this method and Kindle device vulnerabilities to cause privacy issues for users of the most popular e-book reader.

“There are three main categories of readers who usually become victims of this kind of malware attack. One is people who look for a book to download for free instead of buying it from a reputable e-bookstore. Another category is readers who want to read a book in their native language but cannot find it translated to buy and then look for the book on alternative and, usually, piracy websites. The third group of people are literature enthusiasts who are trying to discover new talented writers and download self-published e-books. Cybercriminals often play the curiosity card as well,” Briedis says.

Nevertheless, apart from the Amazon Kindle, dedicated e-book readers are pretty rare. Most people use devices with Android or other operating systems to read e-books. This exposes them to cybersecurity and privacy threats relevant to every tablet or smartphone and require certain security and privacy tools to protect themselves.

Threat to Much More Than Just books

While attackers could simply delete user e-books from compromised readers and cause severe financial loss, usually, pranks are not the main reason why readers become targets for criminals. There are a few reasons why cybercriminals are interested in hacking e-book readers.

First, the most popular book readers are connected to e-bookstores, like Kindle is with Amazon. By hacking into one of these devices, a threat actor could steal any information stored on the device, including Amazon account credentials to billing information. This information can be sold on the dark web and raise severe privacy and even financial issues for the owner of a compromised e-book reader.

Secondly, since most readers are connected to local internet networks, like home networks, cybercriminals can convert the reader into a malicious bot, enabling it to attack other devices in the local network, including computers, smartphones, or even smart home gadgets.

How to Protect an E-book Reader from Being Hacked

Marijus Briedis, CTO at NordVPN, advises to take these preventive measures:

• Download books from official e-bookstores. You should always download e-books from recognized, reputable stores. While Amazon or Kobo are the most obvious choices, there are many smaller but reputable e-bookstores that are often managed by publishers. This will help to significantly reduce the risk of downloading an infected file.

• Update the software of your e-book reader. Software updates fix security flaws and protect your device data. Security updates often come at the wrong time, but you should install them as soon as possible to repair your device’s vulnerabilities.

• Use tools to monitor the dark web and receive warnings about your credential leak. For example, NordVPN’s dark web monitoring feature continuously scans dark web sites for your credentials, alerting you to each discovery so that you can take steps to protect the vulnerable account.

The post Curiosity Killed the Bookworm: Your E-book Reader Is on the Hacker Radar appeared first on SiteProNews.

NordVPN, a leading cybersecurity company, launches its new experimental product from the NordLabs platform. Link Checker is a manual URL-checking tool that enables users to examine a website’s safety before visiting by scanning it for different types of malware and getting a notification about whether it is fake or ridden with phishing scams.

“Malicious websites are becoming harder to spot with the naked eye. Well-known typography tricks, such as replacing ‘Amazon’ with ‘Arnason’ in a URL, which have worked for well-known domains, have now been upgraded to suspicious elements hidden under a URL shortener, often making phishing websites look legit. Link Checker is a response to the growing scale and intricacy of phishing attempts online,” says Vykintas Maknickas, head of product strategy at NordVPN.

While exiting the malicious web page without clicking any links may sometimes be enough to avoid jeopardizing the device and sensitive data, at other times, clicking on a malicious URL will open the device to a drive-by download attack, infecting it with malware or botnets that will, encrypt or steal personal data.

Designed as an everyday tool to help users avoid such scenarios, Link Checker scans the domains of the websites the user wants to visit and compares them against a list of websites known to contain scams or malware.

To collect information about malicious websites, Link Checker employs NordVPN’s own machine learning model, which was created to recognize zero-day phishing patterns planted within websites. In addition, this proprietary model uses Nord’s Intelligence Database to identify bogus websites that intend to lure users into phishing scams.

“Among the biggest advantages of the Link Checker is its two-fold nature. Combining proprietary machine learning techniques with the Nord Security Intelligence Database, Link Checker offers one of the most inclusive data sources to detect harmful URLs. In fact, Link Checker incorporates information on 95% of the most popular domains mimicked by cybercriminals, who often use phony variations to disguise online scams or malware,” says Vykintas Maknickas.

Link Checker is a free tool to use for both businesses and individuals, and it doesn’t require creating a special account or enrolling in a subscription. Link Checker is available on all browsers and devices here.

Link Checker is the second experimental product developed by NordLabs, a platform to explore emerging technologies and create new tools and services to ensure the security and privacy of internet users. The platform allows exclusive access to innovative projects developed by the NordVPN team of developers. In September, NordVPN presented its first experimental project named Sonar, an AI-enabled browser extension to help internet users detect phishing emails and protect themselves from cybercrime.

The post NordVPN Launches Link Checker to Protect Users from Malicious Websites appeared first on SiteProNews.

“AI will not steal jobs from hackers, at least soon. Cybercriminals are keen users of AI-driven tools, but it’s about improvement, not replacement. Hackers learned how to use AI to increase the capacity of their work and make their job easier, quicker, and more effective. The utilization of AI tools has facilitated the automation of a significant portion of phishing attacks, and it is anticipated that the frequency of such attacks will escalate in the future, posing a significant cybersecurity threat,” says Marijus Briedis, CTO at NordVPN.

There are several ways how hackers use AI to increase the success rate of their cybersecurity attacks.

Tailoring Spear-phishing Attacks 

The most common way cybercriminals use AI is to create personalized and convincing phishing attacks. Since AI can analyze vast amounts of publicly available data and better understand the target’s behavior and preferences, AI-generated personalized phishing emails can be highly effective at deceiving individuals. Moreover, public information is not the only thing that popular AI tools have at their disposal. 

“As AI systems become more prevalent, there is an increased risk of mishandling or misusing sensitive data. For example, if an employee of a certain company uses an AI tool to write a report from confidential information, the same data later could be used to create so-called spear-phishing attacks that are highly tailored to individual targets, increasing the likelihood of success. Once you get a phishing email with information that is supposed to be confidential, there is a big chance that you will fall into the trap,” explains Briedis.

Modifying Malware in Real-time

AI tools help hackers automate tasks like reconnaissance and crafting custom malware, making their attacks more efficient, difficult to detect, and large-scale. For example, AI-powered bots can conduct automated brute-force attacks, leading to an increased volume of attacks.

“Hackers also use AI to enforce malware attacks to evade traditional cybersecurity defenses. By using AI algorithms, attackers modify malware in real-time to avoid detection by antivirus and other security tools. With this kind of automation, hackers are seriously challenging traditional cybersecurity tools and exploiting their vulnerabilities,” says Briedis. 

How to Mitigate Cybersecurity Risks Posed by AI

While AI proved its effectiveness in improving cyberattacks, it could also be used to protect users, but it’s not a silver bullet. “Cybersecurity requires a multi-layered approach, including user education, regular software updates, strong passwords, and best security practices,” says Briedis.

Cybersecurity expert Marijus Briedis advises how to mitigate cybersecurity risks posed by AI-driven attacks:

• Check the destination URL before clicking. The most common way to lure victims into downloading malware is through phishing emails that hide spoofed URLs and malicious files. AI-generated tailor-made phishing emails might be hard to distinguish. But instead of clicking the link, hover your mouse on the button first to see the destination URL. Check if it looks legitimate and – this is important – if it contains the “https” part.

• Double-check the legitimacy of an email. If you receive an email from somebody you know, think twice before clicking any links. Is it typical of this person to send an email? If not, contact them via phone, social media, or other channels to confirm the legitimacy.

• Use a reliable antivirus. Users should choose an antivirus with advanced protection against malware, spyware, and viruses. An antivirus program will detect and neutralize malicious threats before they do any harm. For example, NordVPN’s Threat Protection feature neutralizes cyber threats, like malware-ridden files or malicious websites, before they can damage your device.

• Enable a firewall. A firewall protects the system by monitoring the network traffic and blocking suspicious connections. Users should have security settings and ensure the computer’s inbuilt firewall is running.

• Stay secure on public Wi-Fi using a VPN. Public Wi-Fi networks are highly vulnerable to hacking. Cybercriminals often target people at free hotspots and try to slip malware into their devices. Users should always use a VPN to secure their Wi-Fi connection and protect themselves from unwanted snoopers.

The post Hackers Teaming Up with AI: Expert Warns of New Ways You Can Get Hacked appeared first on SiteProNews.

Almost 22% of Canadian internet users avoid going online in public places and 60% of Canadians prefer their mobile internet for online activities in public, according to a survey conducted by NordVPN. Canadians use public Wi-Fi more frequently and less mobile internet than any other country that participated in the survey. Cybersecurity experts say that these measures help to mitigate cyberthreats, but issues raised by using public Wi-Fi can also be managed by other means.

Cyberthreat of Shopping Malls

In the new survey, most Canadian internet users mentioned shopping malls (57%), public event venues (51%), and cafeterias, bars, or restaurants (49%) among the places where devices are exposed to cybersecurity threats the most. Home (18%) and workplace (16%) are mentioned as the safest places from cybersecurity threats.

“Internet users should evaluate cybersecurity risks in every location because the scope of threats varies depending on a place. While universities or offices tend to put more effort into cybersecurity, it might not be the case with cafeterias and shopping malls,” says Marijus Briedis, CTO at NordVPN.

Canadians Trust in Themselves More Than in Technology

The survey reveals that Canadians tend to rely more on their behavior online to protect themselves from cybersecurity threats in public places rather than technology. 46% of respondents claim that they avoid entering or accessing sensitive information when they are connected to public Wi-Fi. At the same time, 40% of respondents go only to safe websites, and 37% verify if the public Wi-Fi is legitimate before joining.

Regarding the usage of cybersecurity and privacy tools, the numbers are more modest. Only 19% of Canadians use a VPN service, and 36% choose antivirus software. While a VPN is a more popular solution among younger generations, older generations tend to trust antivirus software. 

“Cybersecurity literacy is important, and it is great that internet users avoid entering or accessing sensitive information, like banking accounts, clicking on pop-ups, or going to suspicious websites. But a human mistake is an important factor in cybersecurity and even experts do them, so technological solutions should complement human efforts to minimize risks,” says Briedis. 

Americans Are More Eager to Use Internet in Public

In comparison, only around 16% of Americans do not use the internet in public at all. Americans use mobile internet more frequently and less public Wi-Fi than Canadians. Up to 39% of internet users in the United States use public Wi-Fi, and 70% use mobile internet.

In addition, Americans demonstrate slightly better use of cybersecurity and privacy software to protect their devices from cybersecurity threats: 27% of respondents said they use a VPN, and 33% use antivirus software.

How to Stay Secure on Public Wi-Fi?

There are several simple precautions to stay secure on public Wi-Fi. Marijus Briedis, cybersecurity expert and CTO at NordVPN, advises taking these actions:

• Use a reliable antivirus. Users should choose an antivirus with advanced protection against malware, spyware, and viruses. An antivirus program will detect and neutralize malicious threats before they do any harm. For example, NordVPN’s Threat Protection feature neutralizes cyber threats, like malware-ridden files or malicious websites, before they can damage your device.

• Enable a firewall. A firewall protects the system by monitoring the network traffic and blocking suspicious connections. Users should have security settings and ensure the computer’s inbuilt firewall is running.

• Stay secure on public Wi-Fi using a VPN. Public Wi-Fi networks are highly vulnerable to hacking. Cybercriminals often target people at free hotspots and try to slip malware into their devices. Users should always use a VPN to secure their Wi-Fi connection and protect themselves from unwanted snoopers.

The post Every Fifth Canadian Avoids Using the Internet in Public appeared first on SiteProNews.

Cybersecurity and privacy researchers at NordVPN analyzed the most popular mobile apps globally in 18 categories. Up to 14% of apps collect more unnecessary than necessary data for the apps’ performance and only 8% of apps collect no unnecessary data. On average, every fifth requested permission was not needed for the app’s functionality.

“A significant number of mobile apps that we use daily request access to device functions unrelated to their performance. And most users give the app license to spy without even reading the terms and conditions. Users should always consider whether the app needs certain data to do its job before tapping ‘Accept,’ because collected data could be used against our interest. It’s especially important to be more attentive to some categories of apps which are more intrusive, such as social media or messaging apps,” says Adrianus Warmenhoven, cybersecurity advisor at NordVPN.

The research revealed that 42% of all apps ask for permissions related to user activities outside the actual app, which means that they aim to collect data about users across other applications and websites. In addition, 37% of the studied apps request access to the user’s location, 35% to the camera, 22% to the photo gallery, and 16% to the microphone.

Social Media and Messaging Apps Raise the Most Concerns

Social networking, messaging, navigation, and dating apps require the most significant number of permissions compared to other categories. They are also in the lead by their requesting of unnecessary permissions. On average, social networking apps request ten unnecessary permissions, navigation apps ask for nine permissions, dating – six, and messaging – five.

Android users can be the least worried about gaming apps. They only request 10 permissions and ask for less than one unnecessary permission on average. While food and drink apps on iOS ask for less than three permissions on average, in terms of unnecessary permissions, productivity apps are in the lead because they almost do not collect unnecessary data.

The East Asia Region Is a Red Zone on the Privacy Map

While category is a stronger predictor of how many permissions and data apps ask for, there is also a geographical effect. On average, apps from East Asia ask for the biggest amount of permissions overall as well as unnecessary permissions — Hong Kong and Taiwan dominate both the Android and iOS charts. At the same time, Android apps from Japan and Singapore also make a strong showing.

“This likely stems from two aspects. On the one hand, different regions have different regulatory environments. But at the same time, these numbers are influenced by the nature of the popular apps studied. East Asian countries are worse in terms of permissions because of the blend of the wide use of social media tools as well as manga and other media apps,” says Warmenhoven.

On the flip side, apps from Mexico made the lowest number of unnecessary permission requests and even the lowest number of permission requests overall for Android. For iOS, apps from Spain and the US made the least overall requests, while apps from Spain, the US, Italy, and Poland made the least number of unnecessary requests.

How to Protect Your Privacy on Apps

To protect your privacy on apps, Adrianus Warmenhoven offers these preventive measures:

• Download from official stores. Unofficial app stores won’t always have systems to check whether an app is safe before it’s published and available to download. Moreover, getting an app from an unofficial source carries the risk of it being modified by criminals.

• Read the app’s privacy policy before downloading. Check what information the app will track and what it will share with third parties. If you’re not happy with the level of privacy, look for an alternative.

• Get to know your data permissions. When you download an app, you’ll be asked to give various permissions to access your data. Make sure they make sense to you. If you already have an app, review all the permissions and turn off the ones you don’t want or need, and consider deleting the apps that ask for many permissions (especially if they’re not needed for the app’s functionality). You should pay particular attention to permissions like camera, microphone, storage, location, and contact list.

• Limit location permissions. Many apps request access to your phone’s location services, so ensure you know which apps you’ve granted access to. It’s best to allow apps to track your location only when using the app, rather than all the time.

• Don’t automatically sign in with social network accounts. If you’re logging in to an app with your social media account, the app can collect information from the account and vice versa.

• Delete apps you don’t use. If an app is sitting unused on your screen and you’re not getting anything from it, delete it. Chances are it’s still collecting data on you even if you’re not using it.

The post Up to 74% of Apps Collect More Information About You than They Should appeared first on SiteProNews.

The Expanding Third-Party Ecosystem

Before we dive into the intricacies of third-party risk management, let’s first understand the scope of the issue. Over the past few decades, businesses have increasingly relied on third-party relationships. These relationships can encompass various activities, including outsourcing, procurement, and collaborative partnerships.

For example, a retail giant may rely on third-party logistics providers to handle its supply chain operations. A software company might partner with a third-party development team to accelerate product development. Even seemingly non-technical aspects, like office cleaning or catering services, can involve third-party vendors. All these relationships create a vast and complex third-party ecosystem.

The Importance of Managed Third-Party Risk

As businesses expand their networks of third-party relationships, they also expand their exposure to various risks. These risks can come in multiple forms: financial, operational, compliance, reputational, and even legal. Managed third-party risk becomes a critical component of overall risk management strategies.

Financial Risk

Third-party vendors’ financial health and stability can significantly impact your business. A vendor’s financial troubles can disrupt your supply chain, lead to project delays, or even result in contract disputes. According to a 2022 report by the Global Risk Institute, 43% of businesses surveyed experienced disruptions in their supply chain due to financial problems with third-party vendors in the past year. By managing third-party financial risk, you can identify potential issues before they escalate.

Operational Risk

Third-party partners play a vital role in your day-to-day operations. Any operational issues on their end can ripple through your organization. A logistics provider’s failure to deliver goods on time or a technology vendor’s system outage can disrupt your business. Effective risk management helps you anticipate and mitigate these operational disruptions.

Compliance Risk

Regulations and compliance requirements are continually evolving. When you engage with third parties, you share compliance responsibilities. Failure to ensure that your vendors adhere to relevant regulations can result in penalties and damage your reputation. Managed third-party risk includes compliance monitoring to reduce these risks.

Reputational Risk

The reputation of your business is a valuable asset. Any unethical or irresponsible behavior by a third-party vendor can tarnish your image. You can protect your brand’s reputation by carefully selecting and monitoring your partners.

Legal Risk

Contracts and legal agreements are essential components of third-party relationships. Inadequate contract management can expose your business to legal disputes and liabilities. Managed third-party risk includes robust contract management to mitigate legal risks.

The Process of Third-Party Risk Management

Effectively managed third-party risk program involves a systematic approach:

Identification

Begin by identifying all third-party relationships within your organization. This involves cataloging vendors, suppliers, contractors, and any other external entities you engage with.

Assessment

Evaluate the risks associated with each third-party relationship. This assessment should include financial health checks, compliance reviews, and operational risk assessments.

Risk Mitigation

Develop strategies to mitigate identified risks. This may involve renegotiating contracts, diversifying vendors, or setting up contingency plans.

Monitoring

Continuously monitor your third-party relationships to ensure ongoing compliance and performance. This includes regular audits and performance reviews.

Response and Recovery

Have a plan for responding to and recovering from third-party-related incidents. This might involve invoking contingency plans, legal action, or sourcing alternative vendors.

Documentation

Maintain thorough records of all third-party relationships, assessments, and risk mitigation efforts. This documentation is crucial for compliance and future reference.

The Benefits of Effective Third-Party Risk Management

Implementing a robust third-party risk management program offers several advantages to your business:

Risk Reduction

By proactively identifying and mitigating risks, you reduce the likelihood of disruptions to your operations and financial stability.

Cost Savings

Efficient risk management can lead to cost savings in the long run. For instance, renegotiating contracts with better terms or diversifying vendors can lower costs.

Reputation Protection

Protecting your reputation is invaluable. Effective risk management helps maintain your brand’s integrity in the eyes of customers and stakeholders.

Legal Compliance

Meeting legal and regulatory requirements is essential for avoiding costly penalties and legal disputes.

Competitive Advantage

Demonstrating third-party solid risk management practices can give your business a competitive edge. Many customers and partners prefer working with organizations that take risk seriously.

Resilience

A well-managed third-party ecosystem enhances your business’s ability to weather unforeseen challenges, such as economic downturns or global crises.

Conclusion

As businesses expand their third-party relationships, the importance of managed third-party risk cannot be overstated. Beyond cybersecurity concerns, companies must proactively identify, assess, and mitigate the myriad risks associated with their third-party partners. Organizations can protect their financial stability, reputation, and overall operational integrity by adopting a comprehensive third-party risk management approach. In today’s complex business landscape, it’s not enough to secure your fortress; you must also fortify the walls of your extended ecosystem.

The post Beyond Cybersecurity: Exploring Third-party Risk in Business Operations appeared first on SiteProNews.

“IT and cybersecurity budgeting are two different segments of financing. IT covers overall technology investments, including hardware, software, personnel, and cybersecurity. Because cybersecurity is just a fraction of the grand scheme, it explains why budgets can be tight and sometimes even non-existent,” says Carlos Salas, a cybersecurity expert at NordLayer. 

Additionally, the same research shows that the most prominent cyber attacks in Canada from the last year were phishing (42%), malware (33%), and data breaches (27%). As a result, financial damages vary from losses of up to 5,000 CAD for 45% of companies to over 10,000 CAD for 12% of surveyed Canadian companies. Numbers could be even higher because as much as 15% of companies could not disclose how much they lost due to cyber incidents.

What Cybersecurity Solutions Are Currently In Use Among Canadian Companies?

Research reveals that Canadian companies combine different measures to achieve security. More than 7 out of 10 companies utilize antivirus software (72%). Secure passwords (66%) and file encryption (65%) are the second-highest priority when creating security policies within organizations at the moment. 

Business virtual private networks (VPNs) maintain their popularity in securing organization network connections, with over half (65%) of companies using them. Cyber insurance (43%) is a relatively new solution making its way to business cybersecurity, although its focus is on covering the consequences of an incident rather than preventing it.

A Quarter of Canadian Companies Plan to Allocate up to 24% of Their Organizational Budget for IT Needs in 2023

Spending on cybersecurity solutions, services, and applications will remain a priority (55%) in the 2023 budget. Besides cybersecurity training for employees (51%), Canadian companies will devote slightly less budget to hiring dedicated staff for cybersecurity questions (43%) and external cybersecurity audits (38%).

The research shows that 39% of surveyed companies plan to allocate up to 24% of their organizational budget for IT needs in 2023, and another 37% of respondents plan to invest up to 49% of their budget. Only 4% of companies said they don’t plan to invest in cybersecurity in 2023, out of which the majority are small companies.  

“Business budgeting tendencies show that cybersecurity investments receive only a small part of the allocated IT budget. Cybersecurity funds must be distributed wisely to ensure valuable outcomes, prove the chosen security direction effective, and minimize resources’ waste,“ says Salas.

What Cyberattacks Are Experienced in Small, Medium, and Large Companies?

NordLayer surveyed organizations of various sizes, revealing some similarities and differences between cyberattacks and company size. Speaking of similarities among all sizes, phishing (39%) is the overall most prominent, followed by malware (34%).

Small businesses are more likely to experience identity theft (12%) or data breaches (11%) than insider threats (2%) or social engineering attacks (5%). Also, small businesses experience the lowest number of cyberattacks — 42% of respondents did not face them.

Medium enterprises tend to suffer from malware (43%), social engineering (30%), and insider threats (29%). Compared with the other two categories, medium-sized businesses were exposed most to data breaches (34%) and DDos/DoS attacks (27%).

Large companies experienced the most cyberattacks — as much as 92%. Organizations of such size experience malware (43%) slightly more often than phishing (42%). They experience the same amount of data breaches and identity theft (27%) attacks, while ransomware is the least expected (19%).  

Companies Should Allocate a Budget for Cybersecurity 

The mantra “cybersecurity keeps evolving — so do cyber threats” remains relevant today, emphasizing the need for strengthening business protection measures. Choosing comprehensive cybersecurity tools and solutions helps to achieve the flexibility needed to adapt to dynamic technological and risk change. A sufficient budget is key. 

Salas also shares his tips on securing organizations: “No business is too small to experience a cyberattack. My recommendation for organizations of all sizes is to have a strong cybersecurity strategy. It should have the mindset that every employee is responsible for cybersecurity, not only the IT department. Speaking of concrete tools within the strategy, the company should have cyber mitigation and remediation solutions as well as backup plans for threat scenarios. Also, invest in employee training and dedicated staff for cybersecurity matters.”

Methodology: NordLayer surveyed 500 companies in three countries: the United States, the United Kingdom, and Canada. The external agency SAGO conducted the surveys between March 15 and 25, 2023. Respondents were asked a set of questions about cyber incident costs and allocated budgeting for IT and security in the period of 2022-2023. The samples were taken from non-governmental organizations operating in the services industry, and the target respondents were decision-makers (sole or partial) for IT-related acquisitions. Companies were divided into three main groups regarding size: 1 – 10 employees (small), 11-200 employees (medium), 201+ employees (large). 

The post Purchase of Cybersecurity Solutions Is the Most Popular IT Investment Among Canadian Companies this Year appeared first on SiteProNews.

Two out of three people are worried about criminals tracking them online, according to research by NordVPN. This fear is not irrational — in fact, one of the most common cybersecurity crimes is camera hacking. Criminals can secretly spy on users, record videos of them, and then blackmail the victim by threatening to release the footage publicly. Moreover, unwanted fame is not the only negative effect that “camfecting” can have.

“A camfecting attack is not hard to perform. To hijack your device camera, hackers need to slip remote-control malware into your laptop or smartphone. A cybersecurity attack can be performed by sending infected emails, luring in users into malicious sites, or infecting torrent downloads, or downloads from unauthorized sites. Luckily, it’s easy to spot the warning signs or enhance your computer or smartphone camera security,” says Adrianus Warmenhoven, a cybersecurity expert at NordVPN.

What Are the Signs of Camfecting?

Many signs can give away a hacked camera. For example, if your camera’s indicator light is on or blinking even though you haven’t turned the camera on, it might be a sign that it has been camfecting. Nevertheless, it might not always be the case: an abnormally acting camera light could result from an application running in the background.

There are other signs of potential camfecting, such as faster battery draining, random apps installed without user’s knowledge, device freezing and crashing. It is also advisable to install or run a malware-detecting software, such as Threat Protection or antivirus. If a user notices any of these signs, experts advise to speak to IT professionals.

How to Protect the Device from Camfecting?

“Putting a piece of tape or a camcover over your device’s camera is perhaps the easiest and most reliable way to prevent someone from watching you through your computer camera and improve your home security. However, by putting this physical blocker in place you simply restrict the attacker’s view, but don’t solve the actual issue. Keep in mind that the same malware that allows cybercriminals to access your camera, also can provide access to your personal files, messages, and browsing history,” says Warmenhoven.

To protect yourself from malware, Adrianus Warmenhoven recommends to take the following steps:

• Enable firewall. A firewall protects the system by monitoring the network traffic and blocking suspicious connections. Users should have security settings and ensure the computer’s inbuilt firewall is running.

• Use a reliable antivirus. Users should choose an antivirus with advanced protection against malware, spyware, and viruses. An antivirus program will detect and neutralize malicious threats before they do any harm. For example, NordVPN’s Threat Protection feature neutralizes cyber threats, like malware-ridden files or malicious websites, before they can damage your device.

• Don’t fall into a phishing trap. Hackers may disguise themselves as support agents and contact users, saying there’s an issue with the device or software and they have to take care of it. It’s a common phishing technique cybercriminals use to slip remote-access software onto a device. Such software then allows them to access your camera and manage its permissions.Another way to lure victims into downloading malware is through phishing emails that hide spoofed URLs and malicious files.

• Stay secure on public Wi-Fi using VPN. Public Wi-Fi networks are highly vulnerable to hacking. Cybercriminals often target people at free hotspots and try to slip malware into their devices. Users should always use a VPN to secure their Wi-Fi connection and protect themselves from unwanted snoopers.

The post Your Camera Might Be Secretly Filming You – How to Stop That? appeared first on SiteProNews.

Half of Americans (53%) say they have seen an ad for a product or service pop up on their phones soon after talking about it or watching it on TV, new research by cybersecurity company NordVPN reveals.

Two in four (50%) consumers admit they have no idea how to prevent this from happening and one in ten (10%) who noticed the adverts said it scared them.

Rather than devices reading your mind, this personalised product placement is due to a type of data monitoring called ultrasonic cross-device tracking. This is where apps on your smartphone listen in to background noise — including conversations — to gather more information about you.

“Later, they share this data across other devices,” says Adrianus Warmenhoven, a cybersecurity advisor at NordVPN.

Smartphones were by far the most common place to find these tailored ads. Four in five (77%) Americans who recognised the phenomenon first spotted it on their handset, with half (52%) seeing it on their computer and a fourth (39%) on their tablet.

Information showing people’s behaviour across devices is extremely valuable to companies, but this type of tracking is controversial because of its lack of transparency and security concerns around consumers’ data.

A key part of cross-device tracking is the use of audio beacons, which are embedded into ultrasound — frequencies above the level that can be heard by humans — and can connect with the microphone on our devices without us knowing. This is one reason many apps ask for permission to access your smartphone’s microphone, even if they don’t involve using your voice.

“While it’s impossible to stop the ultrasonic beacons working, you can reduce the chance of your smartphone listening for them by simply restricting unnecessary permissions you have granted to the apps on your device,” says Warmenhoven.

Ultrasonic Cross-device Tracking — How Does It Work?

Ultrasonic cross-device tracking is used as a method to link all the devices you own to track your behavior and location. These ultrasonic audio beacons can be embedded in many things we interact with daily: TV shows, online videos or websites, or apps on our phones.

Imagine you are watching TV and you see chocolate being advertised. You pick up your phone, and the same chocolate ad appears on your screen. By using ultrasounds, audio beacons can detect when your phone is nearby, and apps on your phone can listen for approximate audio beacons to track what you are doing.

How Can You Reduce Cross-device Tracking?

NordVPN cybersecurity advisor Adrianus Warmenhoven has some top tips to keep snooping devices at bay:

• Change app permissions. The apps on your smartphone may have some permissions that are not required. For instance, why would a photo-editing app need access to your microphone? If apps on your phone have such non-required permissions, you should revoke these permissions. Apple now requires apps to ask your permission before tracking you or your iPhone across websites or apps owned by other companies, and you can turn this off for all apps. All changes to app permissions can usually be done in the privacy settings on your device.
• Use a private browser. If you want to keep yourself from tracking, it is best to use a private browser like Tor or DuckDuckGo rather than the incognito mode in Google Chrome. These browsers do not profile you or save any of your personal data for sharing with marketers.
• Use a VPN. One of the best ways to protect yourself from being tracked is by using a VPN. A VPN is a tool that encrypts every bit of information about your internet activity. It also stops IP-based tracking because it masks your IP address.

The post Yes, Your Phone is Eavesdropping on You – and Most Americans Don’t Know How to Stop It appeared first on SiteProNews.

Carlos Salas, an engineering manager at NordLayer, shares 10 social engineering techniques that hackers may use to target both individuals and organizations. According to Salas, “Social engineering is one of the easiest ways to get access to sensitive data, especially when employees haven’t been trained on how to recognize and combat it. Because every member of the organization is a potential target, with interactive and informative training, such attacks can be stopped.” Below, he shares his expertise on how to avoid any potential loss and examples of such attacks.

1. Baiting

Baiting attacks use a false promise to rouse a victim’s greed or curiosity. Social engineers use bait to lure users into a trap that steals their personal information or infects their systems with malware. For example, infected USB memory sticks are left in parking lots or offices, tempting people to see what’s on them. Don’t ever try to check what is inside the unattended USB devices, and make sure to report it to the security team if you see them lying around.

2. Pretexting

An attacker uses a made-up scenario (a pretext) to provoke an employee to disclose sensitive information, for example, login details to IT systems or personal information about other employees. It often requires researching the target prior to the attack to make the scenario plausible and to gain the trust of the victim. If that happens, the most important thing is to verify the identity, avoid sharing personal details and report the incident to the IT team.

3. Watering Hole

In a watering-hole attack, the attacker infects an existing website or creates a fake website that mimics an existing website often used by a certain group of people, for example, employees of a company. The goal is to infect a targeted user’s computer and gain access, for instance, to the network at the target’s workplace. To protect yourself, only access websites that have HTTPS in the URL code, update your software, and use malware-detection tools.

4. Quid Pro Quo

Quid pro quo attacks rely on people’s sense of reciprocity. Attackers offer services, assistance, or other benefits in exchange for information. For example, someone pretending to be an IT expert might ask for your device’s login credentials in order to make that device run faster. In order to prevent information loss, verify the identity of IT technician, question methods and tools, and use anti-malware software.

5. Scareware

Scareware is a form of malicious software, usually a pop-up that warns that your security software is out of date or that malicious software has been detected on your machine. It fools victims into visiting malicious websites or buying worthless antivirus software. Use an ad-blocker and reputable antivirus and avoid clicking on pop-ups.

6. Tailgating and Piggybacking

Tailgating and piggybacking involve an attacker accessing a secure or restricted area. For instance, a person might tailgate an employee into the office, claiming to have lost their access card, pretending to be a repair technician, or holding coffee cups in both of their hands and asking for your help with the door.

7. Vishing

Vishing, also known as “voice phishing,” is a practice of eliciting information or attempting to influence someone via the telephone. In 2021 alone, TrueCaller reports that Americans lost $29,800,000 to phone scams. Avoid responding to emails or social media messages that ask for your phone number. Remember that your colleagues will never call you at home asking you to transfer funds or any other sensitive information.

8. Shoulder Surfing

Shoulder surfing is the bad actor watching their unsuspecting victim while they’re entering passwords and other sensitive information. But this technique doesn’t have to be used at close range, literally looking over their shoulder. It could be employed by the hacker from a distance if they use binoculars or hidden cameras, for example. In order to eliminate the risk of being snooped on this way, make sure to use strong, single sign-on passwords, biometrics, and 2-factor authentication.

9. Dumpster Diving

Dumpster diving is when attackers go through your company’s trash looking for documents containing sensitive or confidential information. Always use a file shredder to prevent information leakage.

10. Deep Fakes

Deepfakes (“deep learning” + “fake”) are synthetic media in which a person in an existing image, audio, or video is replaced with someone else’s likeness. It is possible to detect deep fakes. Make sure to check for shadows appearing on the face, notice if eyes are blinking and try to detect wrinkles. Beware of poor-quality phone call recordings and pay attention to how letters like f, s, v, and z are pronounced — software has trouble differentiating them from noise.

The post 10 Intricate Social Engineering Techniques that Can Harm Anyone and Ways to Prevent Them from Happening appeared first on SiteProNews.

“The online world is challenging people in every single move they make. Want to read an article? Dozens of ads and pop-ups are ready to immediately cover your screen. Another privacy threat – malware – is lurking for you on websites and in files you are about to download. Websites you browse are also full of third-party trackers that analyze your browsing history to find out what you do online. It depends on you to stop it,” says Adrianus Warmenhoven, a cybersecurity advisor at NordVPN.

Adult Content Sites contain the Biggest Amount of Malware

Malware is malicious software that seeks to damage or compromise a device or data. Malware’s scope varies from relatively harmless to extremely dangerous. Malicious software can track people’s data, steal sensitive information, or even delete it without your consent.

NordVPN research shows that adult content sites (21%), as well as cloud storage providers (14%) and entertainment sites (11%), contain the biggest amount of malware. In December, Threat Protection blocked 60.4K, 40.1K, and 30.9K domains of these categories respectively.

Among the most common types of malware are viruses, spyware, worms, trojans, adware, scareware, ransomware, and fireless malware.

Streaming Media Sites have the Most Intrusive Ads

Intrusive advertising refers to pushing invasive and irrelevant ads in front of consumers. They irritate users by popping up unexpectedly, blocking the host page, opening new pages and windows, or playing video and audio at inopportune times.

As for intrusive ads, the majority of them were found on streaming (23%), adult content (16%), and online shopping (9%) sites. Threat Protection detected and blocked millions of them: 552M, 389M, and 226M respectively.

“Today, ad blockers are essential for both security because they block ads that can infect people’s devices and privacy because annoying ads rely on collecting data from web activity and violating people’s privacy. Also, if a website is loading slower than usual, you can blame intrusive ads. Free apps filled with unwanted ads could also drain your device’s battery faster,” explains Adrianus Warmenhoven.

Video Hosting Sites have the Biggest Number of Trackers

While many trackers are a tool for advertising and improving user experience, they may also become handy for online spies. Internet service providers (ISPs), marketing agencies, social media companies, and governments can access your online actions and breach your privacy.

NordVPN’s Threat Protection showed that video hosting sites (22%), cloud storage providers (16.31%), web email (16.25%), and information technology sites (12%) have the most trackers. Video hosting sites alone had 239 billion trackers blocked by Threat Protection in December 2022.

It’s worth adding that earlier NordVPN research showed that the average number of trackers per website is highest in Hong Kong (45.4 trackers), Singapore (33.5), the United States (23.1), and Australia (18.6).

“You can become less trackable online by declining third party cookies, because the website can sell your browsing data to third parties; using a VPN, which will hide your real IP address and location; installing a tracker blocker, which will stop your browsers from collecting information about you; and using privacy browsers, which can obfuscate your browser fingerprint, or ditching Google, which tracks a lot of data about you,” says Adrianus Warmenhoven.

Threat Protection scans your files before you download them, identifies threats, and blocks them before they can harm your device. The feature is free with every NordVPN subscription – and it allows you to go online without leaving a trace, protecting your privacy and improving your digital security.

The post Adult Content, Streaming, and Video Hosting Sites have the Most Security Threats appeared first on SiteProNews.

At least five million people have had their online identities stolen and sold on bot markets for 8 CAD on average. Out of all the affected people, 16 thousand are from Canada.

This data comes from research by the cybersecurity company NordVPN, which looked into three major bot markets. The word “bot” in this situation does not mean an autonomous program – in this case, it refers to data-harvesting malware. Bot markets are online marketplaces hackers use to sell data they have stolen l from their victims’ devices with bot malware. The data is sold in packets, which include logins, cookies, digital fingerprints, and other information — the full digital identity of a compromised person.

“What makes bot markets different from other dark web markets is that they are able to get large amounts of data about one person in one place. And after the bot is sold, they guarantee the buyer that the victim’s information will be updated as long as their device is infected by the bot,” says Marijus Briedis, CTO at NordVPN. “A simple password is no longer worth money to criminals, when they can buy logins, cookies, and digital fingerprints in one click for just eight Canadian dollars.”

Researchers analyzed three major bot markets: the Genesis Market, the Russian Market, and 2Easy. All of the markets were active and accessible on the surface web at the time of analysis. The data on bot markets was compiled in partnership with independent third-party researchers specializing in cybersecurity incident research.

The most popular types of malware that steal data are RedLine, Vidar, Racoon, Taurus, and AZORult.

What Information Do Hackers Sell on Bot Markets?

• Screenshots of a device. During a malicious attack, a virus might take a snapshot of the user’s screen. It can even take a picture with the user’s webcam.
  
  
• Logins and other credentials. When a virus attacks the user’s device, it may grab logins saved to their browser. The research found 26.6 million stolen logins on the analyzed markets. Among them were 720 thousand Google logins, 654 thousand Microsoft logins, and 647 thousand Facebook logins.
  
  
• Cookies. These are also usually stolen from a user’s browser and help criminals bypass two-factor authentication.The research found 667 million stolen cookies on the analyzed markets.

• Digital fingerprints. A person’s digital fingerprint includes screen resolution, device information, default language, browser preferences, and other information that makes the user unique. Many online platforms track their users’ digital fingerprints to make sure they properly authenticate them. During the research, 81 thousand stolen digital fingerprints were found on the analyzed markets.
  
• Autofill forms. Many people use the autofill function for their names and emails as well as for their payment cards and addresses. All of these details can be stolen by malware. During the research, 538 thousand autofill forms were found on the analyzed market.

You can learn more about how bot markets work by watching this video: https://youtu.be/dAyl1xBgTUg

A Perfect Crime Using Bots

The scariest thing about bot markets is that they make it easy for hackers to exploit the victim’s data. Even a rookie cybercriminal can connect to someone’s Facebook account if they have cookies and digital fingerprints in place, which help them bypass multi-factor authentication.

After logging in to a user’s account, a cybercriminal can try contacting people on a victim’s friends list and send malicious links or ask for a money transfer. They can also post fake information on the victim’s social media feed.

Information stolen from autofill forms or just by taking a device screenshot can help these actions look more believable and trustworthy. And you will have no way to detect who used your data.

“Some tactics are even simpler. A hacker can, for example, take control of a victim’s Steam account by changing the password. Steam accounts are sold for up to $6,000 per account and can be easy money for a criminal,” says Marijus Briedis.

More sophisticated criminals buy this information and target businesses with phishing attacks, trying to impersonate the company’s employees.

“To protect yourself, use an antivirus at all times. Other measures that could help – a password manager and file encryptions tools to make sure that even if a criminal infects your device, there is very little for them to steal,” adds Marijus Briedis.

The methodology, together with more information about the three analyzed markets, can be found here: https://nordvpn.com/research-lab/bot-markets/

The post Thousands of Canadians Have Their Data Sold on Bot Markets appeared first on SiteProNews.

This is why establishing a cybersecurity budget is essential for any business and a crucial job for IT leaders is to work out how to spend that budget in a way that best serves the business and offers it sufficient protection. Getting this task right can be challenging, especially with threats evolving daily, but the best approach is first establishing where your unique risks lie as an organisation and focusing your budget here.

So how do you assess this risk and quantify it?

To understand your risk areas, you’ll want a comprehensive overview of your current situation – what data is there, where is it located and who has access to it? Classifying data into groups and identifying how sensitive it is will ensure your budget goes towards protecting the biggest sources of vulnerability. For more quantitative data, you can work out the probability of an attack and what the business losses would be as a result of it. Financial losses can occur due to operational downtime, loss in sales, repairing reputational damage or even legal and regulatory fines. Once you’ve established what the business impact would be for each bit of data if compromised, you’ll have a clearer idea of how to apply your budget. This quantitative data can also be very helpful when looking to secure your cybersecurity budget from the C-Suite and other stakeholders in the first place, as you can demonstrate what level of investment would be optimal for the company.

Your organisation’s risk exposure will largely guide the way with your budget spend, but it’s important to also have an understanding of the general threat landscape as there are usually common trends and threats on the rise at any given time. For example, 2021 saw a massive 105% surge in ransomware attacks, so a focus on malware protection would have been logical when distributing your security spend. CISOs and IT leaders can also look to industry frameworks like NIST, Cyber Essentials or ISO, which provide clear models for good cybersecurity and allow businesses to identify their gaps and weaknesses. This can be an effective place to start for businesses needing firmer security foundations and a bit more direction as they shape their priorities.

There are arguably key aspects of security that there will always be a need for as evidence continually points to these being critical areas of vulnerability for companies, and as such they should be included in every budget. Unpatched devices are regularly exploited by hackers, so investing in a good patch management solution is likely a wise spending decision. Similarly, with human error still the number one cause for cyber attacks, security awareness training is another sensible investment for businesses. If employees can identify key threats and understand security best practices, the risk that they will unwittingly facilitate a cyber incident can be largely reduced.

Of course, not everything has to cost money. Building this culture of cybersecurity awareness in the workplace can be as simple as encouraging your workforce to report suspicious activity, be wary of phishing links and, wherever possible, confirm any big payments to avoid fraud – all this can reduce a lot of risk and potential damage for your business. With credential leaks often a big part to play in cyber breaches, good password health is also crucial and doesn’t need to cost a lot. Creating a password policy to guide employees, enabling multi factor authentication on devices and applications and using a password manager (there are many free options available) are all things that can benefit your security strategy.

There is no perfect solution for spending your budget effectively but being smart with your approach and considering all angles with key business goals in mind will set you on the right course. A thorough risk assessment and identification of all your company assets can give you the bird’s eye view you need to help determine your priorities, but keeping an eye on current trends and threats should also inform your spending decisions. As your business and the threat landscape changes, regular monitoring and reevaluation will be necessary so you are always spending in line with business requirements, and of course if you are the unfortunate victim of an attack, it can be treated as a learning opportunity. Reflecting on causes and investing in solutions to address them so an attack doesn’t happen again is at least one positive outcome of any incident.

The post How to Spend Your Security Budget Effectively appeared first on SiteProNews.

However, knowledge is power, and knowing what you’re up against can enable you to take the appropriate steps to protect your company. This has become especially crucial in a time where eCommerce and digital marketing have become a staple in doing business of all kinds.

This post will talk about the most common security vulnerabilities, so you’ll recognize red flags to avoid or spot them before they cause any damage.

1. Phishing

Phishing scams are the most dangerous and widespread threat to small company websites. 90 percent of all security breaches that organizations face are caused by phishing. Not to mention, it affects even vulnerable individuals that have no huge businesses.

Phishing attacks have existed since the internet’s inception. They occur when a hacker poses as a trustworthy contact and entices victims to provide personal information. Remember when someone sent emails about an inheritance they wanted to share with you?

However, these days phishing is becoming harder to spot. Some scammers will try to replicate official emails and layouts from banks, social media, and Amazon accounts.

The best approach to prevent these attacks is to train your personnel to be on the lookout for them. Some of these emails might try to pretend they’re your company’s bank, a member of the board, or a hosting site where you run your website.

2. Malware

Malware is a harmful program that is designed to harm and infect a computer system. The malware carries a wide range of website security hazards, from adware to infections.

A web server infected with malware might be exposed to information theft, privacy attacks, and website hijacking. Make sure you avoid shady emails, suspicious ads, and malware-flagged websites.

3. Ransomware

Cyberattacks, including ransomware, are also common security vulnerabilities. In a ransomware attack, the software prevents you from accessing sensitive data unless you pay the hackers money. These hacks happen on a daily basis to a wide range of businesses.

You may, however, prevent attacks by keeping your systems up to date and employing high-quality site security software. Also, backup your company data and use caution while opening new files on a computer. Before you may open a file, your anti-virus software must validate its contents.

4. Vulnerabilities in Passwords

Many hackers can crack passwords or use programs to attempt different combinations until they gain access to your devices and websites. They also employ keylogging to gain access to user accounts in other circumstances.

A computer user’s keystrokes are logged using keylogging software. It then sends a message to the cybercriminals who installed the dangerous program. To protect your website against this, take the following steps:

• Creating a strong and unique password
• Require users to reset their passwords on a regular basis
• Verifying user access with two-factor authentication
• Never use your login or personal information as a password

Hackers might swiftly gain access to your system if your website does not have sufficient password protection.

If your website allows customers to sign in, make sure to apply these steps and constantly impose these reminders. For example, some websites will require their users to create strong passwords with capitalization variety, special symbols, and numbers upon sign up. You can also regularly remind them to change their passwords every now and again.

5. Vulnerabilities in Cross-Site Scripting

Cross-site scripting (XSS) is a different type of security vulnerability in website design. When JavaScript codes are added to a website, they can target and tamper with client scripts, resulting in XSS.

Users’ sessions are hijacked by these scripts when they utilize a website’s search function or leave comments. As a result, it has the potential to smear the website and redirect users to a website that may steal their personal information. Utilize HTTP, use suitable headers, filter your input on arrival, and use Content Security Policy to avoid this.

Bottom-line

Business has migrated and evolved to adjust to the changes brought by the internet. This means new problems and vulnerabilities, which you should already be looking out for.

So, as your business grows, make sure your data, websites, and your customer’s data are safe from malicious entities.

The post Cybersecurity Vulnerabilities You Need To Address ASAP appeared first on SiteProNews.