Posts tagged with "cybersecurity"

illustration bv Samantha Miduri for use by 360 Magazine

Android Apps

When a developer leaves a mistake in application code, it can create a security vulnerability that criminals may exploit. 

According to the data presented by the Atlas VPN team, 63% of Android applications had known security vulnerabilities in Q1 2021, with an average of 39 vulnerabilities per app. 

Gaming apps had the most vulnerabilities out of all Android app categories. A whopping

96% of top free games apps were found to contain vulnerable components. Additionally, 94% of top-grossing games apps and 80% of top paid games apps also had vulnerabilities. 

Despite the fact that financial apps require some of the most personally sensitive data, vulnerabilities were also discovered in 88% of banking apps, 84% of budgeting apps, and 80% of payment apps. 

Education apps have the most high-level vulnerabilities 

Not all vulnerabilities are equal. While some may just be minor issues that do not pose any active threat to the user, other vulnerabilities can cause serious repercussions. Let’s delve deeper into the different types of Android security vulnerabilities registered since 2018. 

Education apps had the highest number of exploitable Android vulnerabilities with possible fixes as of the first quarter of 2021 43%. Meanwhile, apps in the top games category had the biggest number of exploitable Android vulnerabilities with no available fixes 6%. 

Overall, 44% of the Android app vulnerabilities were classified as high-risk, meaning they represented a tangible threat. 

Ruth Cizynski, the cybersecurity researcher and writer at Atlas VPN, shares her thoughts on the situation: 

“Given that the Google Play store applications have been downloaded millions of times, it is safe to say they pose significant security risks to Android users. ”

To read the full article, click here.

Green Car by Mina Tocalini for 360 Magazine

Concentric Q×A

In the current age of digital technology, car owners are being forced to consider their vehicle’s susceptibility to ransomware attacks. These malicious cyber-attacks can expose your personal data to online hackers. However, there are certain measures that car owners can take to help prevent security breaches. Proactive car owners are utilizing services like Concentric to safeguard their technology and online identity. 360 Magazine spoke with Laura Hoffner, Chief of Staff at Concentric, and Sam Connour, Concentric Intern, about how to best practice car system security.

What steps can proactive car owners take to protect their vehicles from security threats and hackers?

First, understand that all digital property can be hacked.

Second, as a result, be conscious of what personal technology you connect to or tether with. Understand that if you connect your phone to your car via Bluetooth, someone hacking into your car will then result in vulnerability to your phone (and everything else connected to your phone such as your home Wi-Fi, addresses, credit cards.)

Third, ensure your vehicle’s software is up today. Car makers, like Tesla and Jeep, are known to push out patches for these potential holes hackers can access. Keeping your vehicle up to date will aid in that effort.

Finally, protect that vulnerability by being aware of the modifications you’re making to your vehicle’s software. Don’t let unknown devices connect to your car, and be wary of who has physical access to your vehicle

What makes a car susceptible to ransomware attacks?

Cars are now equal [in terms of susceptibility] to computers as a result of their connectivity capabilities both to the internet and to Bluetooth. If a car is connected to an insecure and unprotected internet connection, hackers are capable of installing malware into a vehicle’s operating or infotainment systems.

What models of cars are the most likely to encounter hacking/privacy issues?

Cars with self-driving capabilities, or features such as lane assist or automatic braking, are particularly at risk. But practically any vehicle made in the past 20 years can be hacked. Generally, vehicles [from] 2007 or newer run a higher risk of personal information being compromised. Car makers, with a warning from the FBI, are taking steps to beef up cybersecurity within their vehicles.

Should customers be weary of certain car brands when buying technology systems for their vehicles? How can consumers find quality retailers with safe car products?

Rather than it being a concern about specific car brands, consumers should instead educate themselves on the risk associated with these vulnerabilities and take proper protocol to mitigate those risks.

Can Concentric offer any services for car owners looking to safeguard their vehicles?

Concentric offers holistic security solutions for our clients. Included in that is a residential risk assessment that can identify specific concerns and vulnerabilities. This is where personal risk associated with property would be assessed, [as well as] physical and behavioral recommendations.

How did your experience as a Naval Intelligence Officer and in the Naval Reserves translate into your current role at Concentric?

Understanding the threat landscape both nationally and internationally– as well as the acknowledgement that we make both micro and macro decisions about risk daily– ultimately prepared me to understand the corporate security landscape. Holistically viewing a problem set and identifying creative solutions are [at] the core of Naval Intelligence, thus it wasn’t a large leap to bring that mindset over with me from the government side.

As Concentrics’ Chief of Staff, what is your best advice regarding car related security?

Car-related security advice is the same as all other security advice we have: educate yourself, your family, and your team to know what risk decisions you are making that have vast implications across your security vulnerability spectrum. Additionally, security is not something to think about when you’re in a crisis. Avoid or better prepare yourself for the crisis beforehand by taking steps to vastly reduce, or eliminate, your vulnerabilities to exploitation.

Heather Skovlund computer illustration for use by 360 Magazine

Global Commitment to Cybersecurity

According to a recent study by the Atlas VPN team, the United States, United Kingdom, and Saudi Arabia lead in commitment to cybersecurity.

As technologies continue to evolve, governments around the world must face the reality of cyber threats and adapt their security practices. A study reports on countries’ scores on the Global Cybersecurity Index (GCI), varying cybersecurity training and practices, and additional statistics which help to create a fuller picture of the global relationship to cybersecurity.

A GCI score is given by evaluating each country’s commitment to legal, technical, organizational, capacity development, and cooperation indicators. The United States earned a perfect score of 100, getting all 20 points in each GCI indicator. However, while the US has the most cybersecurity resources, the latest cyberattacks on Americans have shown room for improvement.

The United Kingdom follows behind, scoring 99.54 points in GCI. The score indicates that the UK has to employ more computer incident response teams, enabling a country to respond to incidents at the national level using a centralized contact point and promote quick and systematic action.

Saudi Arabia shares second place, getting the same score of 99.54 as the UK. While being one of the fastest developing countries, Saudi Arabia has placed great importance on cybersecurity.

Estonia takes the fourth slot as they scored 99.48, losing just half a point in the capacity development indicator. Estonia has become one of the heavyweights in cybersecurity with a high-functioning central system for monitoring, reporting, and resolving incidents.

The Republic of Korea, Singapore, and Spain all share fifth place, scoring 98.52 points. 

Cybersecurity writer and researcher at Atlas VPN William Sword shares his thoughts on the current cybersecurity landscape, “Beyond co-operating within countries, Global Cybersecurity Index leaders could help less developed countries address cybersecurity challenges. For example, creating a strategy or sharing good cyber practices can help reach more balanced and robust security against cyber threats.”

Lack of cybersecurity training 

One of the reasons why cyber attacks continue to increase is a lack of cybersecurity education and training.

Just 46% of countries provided specific cybersecurity training for the public sector and government officials. Employees in these fields usually work with a lot of sensitive or confidential information, which is why education on cybersecurity is essential. 

Meanwhile, 41% of countries provided cybersecurity training to small and medium enterprises or private companies. Businesses often become targets for hackers as the latter can easily profit off of stolen data or ransomware attacks. While more prominent private companies can afford cybersecurity experts, smaller businesses do not have such luxury.

Law enforcement agents received educational cybersecurity programs in only 37% of countries, while only 31% of countries provide training to judicial and legal actors. This training may help officers and executors of the law understand how hackers think, identify the tools that hackers use to commit attacks, and ultimately prevent and protect from future cybercrime.

Beyond co-operating within countries, Global Cybersecurity Index leaders could help less developed countries address cybersecurity challenges. Creating a strategy or sharing good cyber practices can help reach more balanced and robust security against cyber threats.

Graph via BeyondTrust.com for Atlas VPN for use by 360 Magazine

In 2020 Number of Vulnerabilities in Microsoft Products Exceeded 1,000 for the First Time

Microsoft products are used by billions of people worldwide. Historically, however, they are known to have many vulnerabilities that pose security risks to users of the software.

According to data presented by the Atlas VPN team, the total number of vulnerabilities in Microsoft products reached 1,268 in 2020—an increase of 181% in five years. Windows was the most vulnerability-ridden Microsoft product. It had a total of 907 issues, of which 132 were critical. However, Windows Server had the largest number of critical issues. In 2020, 902 vulnerabilities were detected in Windows Server, of which 138 were critical.

Issues were also found in other Microsoft products, such as Microsoft Edge and Internet Explorer. Together, these browsers had 92 vulnerabilities in 2020. In total, 61 or even 66% of these vulnerabilities were of critical level. Meanwhile, Microsoft Office had 79 vulnerabilities, 5 of which were critical. 

Ruth Cizynski, the cybersecurity researcher and author at Atlas VPN, shares her thoughts on the situation :

 “These numbers are a massive problem because every Microsoft product has millions of users. Therefore, it is important that consumers update their software applications on time. Software updates can include security patches that can fix vulnerabilities and save users from getting hacked.”

Elevation of privilege is the most common Microsoft vulnerability

A wide range of vulnerabilities was discovered in various Microsoft products last year.  However, some types of vulnerabilities were more common than others. Elevation of privilege was the most frequently detected issue in Microsoft products. It was discovered 559 times and made up 44% of all Microsoft vulnerabilities in 2020.

Next up is remote code execution. In total, 345 such vulnerabilities were found last year, putting it in second place on the list. Remote code execution accounted for 27% of the total number of Microsoft vulnerabilities in 2020.

Information disclosure occupies the third spot on the list. There were 179 such issues discovered in 2020. Together, they made up 14% of all Microsoft vulnerabilities that year.

To learn more, click HERE.

Cybersecurity illustration by Heather Skovlund for 360 Magazine

Amazon × MGM Studios Merger

Amazon announced that it will be acquiring MGM Studios for $8.45 billion, in an effort to bolster the already growing Amazon studios and making it the second largest acquisition on Amazon’s part, following its $13.7 purchase of Whole Foods in 2017.

According to cybersecurity expert Mark Stamford, CEO of OccamSec, a deal of this scale will require a complete review of its cybersecurity infrastructure, as the process of fully merging these entities are rarely completed in the expected timescale.

Mark continues:

  • The standard “merger” due-diligence template goes into great detail looking at financial & legal status issues, but rarely seems to consider the potential liability associated with linking into an organization with a seriously compromised infrastructure. 
  • Trying to coherently map risks or produce an enterprise security plan for this type of environment is incredibly challenging, when multiple systems are coming together
  • With such notable deals, most attackers reside within the organization’s network for over 100 days before discovery, so there is a very real risk of starting work on merging infrastructure, whilst being observed by an interested resident attacker, who will be keenly looking out for an opportunity to vector into the core organization’s networks

Mark says, “Exercising strategic due-diligence during a merger or acquisition, is the most effective what for any organization, like Amazon, to protect itself from cyber threats.”

We had the opportunity to ask Mark Stamford some questions as far as the merger and his expert opinion(s):

Q: What changes can be expected with a merger like the Amazon/MGM Studio merger?

MS: The merging of two different cultures always prompts a lot of changes. In this case, MGM is going to become more like Amazon than the other way round.

Q: Do the benefits outweigh the risks with this type of merger?

MS: Yes, I assume so, from a cyber perspective, the main risk is joining two networks together that have different structures, and probably issues. So, for example I was called in to help with some M&A work once, the new network was plugged in…and brought a heap of malware with it which quickly spread into the acquirers’ network.  It later transpired that some of the IP, which was the very reason for the merger, had been stolen.

Q: What challenges is Amazon, an online retailer, facing when merging with MGM Studio?

MS: Both operate in different ways. The majority of movie making companies seem to follow the “if it ain’t broke don’t fix it” mantra. So, technology tends to be a hodge podge, along with processes etc.… Amazon meanwhile is a tech company, and while primarily known as a retailer, has considerable presence in the cloud (with AWS) so has a lot of cutting-edge technology at its disposal.

Q: What are some ways to help the process move along with ease?

MS: Again, in a cyber perspective there needs to be due diligence done on the MGM environment. At the same time, since both organizations probably have a range of security tools, seeing who has the best tool for the job can save money in the long term.

Also, not to be discounted is the human element in cyber security – any merger results in layoffs. So, the potential for a “disgruntled insider” increases. The way to help with that is communication – not more monitoring.

Q: How can Amazon prevent cyber-attacks during the process of the merger?

MS: MGM makes a nice target right now, since at some point their technology will be integrated into Amazon, and if I was a bad guy, I would assume they are the softer target of the two. Amazon should work with MGM to ensure their security is at a “good” level, and work on the integration aspects – two distinct cyber security teams need to become one, quickly.

Q: In your opinion, does Amazon face cyber risks from vendors or third parties with the onset of the merger?

MS: I think amazon always faces this risk, as does everyone. Since the organization is increasing in size, the “attack surface increases” so yes, they do face risks.

Q: What are the biggest cybersecurity threats at the moment?

MS: Motivated attackers, be that nation states, criminal groups, hacktavists, or others. Ransomware is getting a lot of press right now. However, I think the biggest threat is the endless cost spiral companies are trapped in trying to deal with this.

Q: What are some ways to ensure that the infrastructure is not compromised?

MS: Defense in depth continues to be the key. Layers of security, which work together, and consider the context of the organization (how it makes money or delivers its service) in order to support that mission.  I assume Amazon will expand their cyber security program across MGM fairly quickly, which checks a number of boxes and provides a good starting point.

One issue may be that a movie studio faces different kinds of attackers than Amazon. Movie studios are primarily about their IP, everything else always seemed to be secondary to that. Stealing a movie is a different attack then ransomware, which we have seen borne out in practice (various insider attacks to steal content for example).

Q: What are your certifications in the cybersecurity field?

MS: I have been involved in cybersecurity since I was 11. Was senior penetration tester for a global consulting company, ran a security program at a global investment bank, and have been running a security company for 10 years.

Q: What does effective cybersecurity look like to you?

MS: Cost effective, business aware, and layered.

Graph via Sophos for Atlas VPN for use by 360 Magazine

India, Austria, and US Most Hit with Ransomware

Ransomware attacks are one of the leading cyber threats that organizations have to face.

According to the data presented by the Atlas VPN team, organizations in India, Austria, and the United States are among the most hit with ransomware attacks. To compare, more than 50% of companies in the mentioned countries experienced such attacks in the past year, while the global average is 37%.

Out of 300 interviewees from India, 68% suffered from a ransomware attack. At the same time, 57 out of 100 respondents from Austria experienced a ransomware attack in the last year. Next up, in the United States, 51% of participants, out of 500 questioned, reported that they were hit with a ransomware attack.

Retail and Education Sectors Suffer the Most Ransomware Attacks

Some organizations in specific sectors are more susceptible to hacker attacks due to their lower security levels or valuable data. However, cybercriminals do not shy away from attacking even the biggest companies or government administrations.

Out of 435 respondents in the retail industry, 44% were hit with a ransomware attack last year. Hackers strike retailers when it could hurt them the most, for example, on Black Friday or Christmas seasons.

Retailers share first place with education organizations—out of 499 education interviewees 44% experienced such malicious attacks. Cybercriminals usually deploy ransomware attacks at the start of a school year to cause maximum disruption.

The business and professional services industry suffered the third most ransomware attacks, with a total of 42% out of 361 respondents stating they experienced a ransomware attack in the past year. Companies in this industry are usually smaller with less staff, meaning they might not have a dedicated person to ensure security. Out of 117 participants in the Central government and non-departmental public body (NDPB) sector, 40% reported being attacked with ransomware in the last year.

Conclusion

Cybersecurity writer and researcher at Atlas VPN Anton Petrov shares his advice on how to protect your organization against ransomware attacks.

“Prepare a plan in case you… get hacked. Always have a backup of your data so you don’t have to pay a ransom. Investing in cybersecurity will cost you less than having to deal with the aftermath of a ransomware attack.”

Like with everything else, there’s a way to protect your data in order to make sure hackers don’t get to it and cause serious financial damage.

Purdue × Abu Dhabi work on cybersecurity of drones

By Jim Bush

Abu Dhabi has intentions of making the city a leading hub for technology and innovation in the Middle East.

Part of that evolution is utilizing unmanned aerial vehicles (UAVs), or drones, to assist with as many tasks as possible, from delivering packages to aiding in police operations to helping investigate crashes on highways to delivering high-value transports, like organs for transplant.

With autonomy, though, comes risks of hackers and complications between interacting agents.

A group of Purdue University researchers have been tasked to make sure drones and their systems could operate securely, safely and efficiently in the United Arab Emirates capital. Inseok Hwang, a professor in the School of Aeronautics and Astronautics, is principal investigator on a three-year, $2.3-million grant from the Technology Innovation Institute in Abu Dhabi to study the application of secure drone swarms in urban environments.

The project requires expertise in autonomous vehicles, control, sensing, virtual reality and security. James Goppert, a visiting assistant professor in the School of Aeronautics and Astronautics and managing director of the UAS Research and Test Facility, and Dongyan Xu, the Samuel D. Conte Professor of Computer Science and director of CERIAS (Center for Education and Research in Information Assurance and Security), Purdue’s cybersecurity research and education center, are co-principal investigators on the project.

“We will address this problem in a highly integrated, interdisciplinary way,” Hwang said. “We will consider it from the program level to the high-level network of systems, so we accomplish the hierarchic way from the very detailed lower level, the software and hardware level, to the large network of vehicles and from the single vehicle to multivehicle. So it’s multidimensional. That’s one of the unique pieces of this project.”

The project will utilize one of Purdue’s unrivaled assets, the UAS Research and Test Facility. The 20,000-square-foot, 35-feet high facility, located at Hangar 4 of the Purdue University Airport, features the largest indoor motion capture system in the world and offers unique capabilities for novel research.

Goppert will build a mixed reality environment, combining a virtual reality urban environment with a scaled physical model of the city. The drones will fly and navigate the city, and the environment can be programmed to simulate a wide range of settings, including weather, traffic and urban development, to test the drones’ applicability and agility. The testing will be done with single vehicles as well as swarms, which could include 10 drones.

Hwang said he hasn’t seen any research done using mixed reality to this scale. Neither has Goppert.

“Our unique capability is that we have such a large environment to do it,” Goppert said. “Just running so many vehicles at once is going to be a challenge. In the past, several vehicles have been used. But if we’re going to be running swarms where each vehicle needs a rendered virtual mixed reality image, that’s going to be really computationally challenging. That’s what we’re pushing forward.

“We thought we could try to bring it as close to real-life as possible to get as many of the bugs worked out before they actually deploy such a system. We can do it all in software, but there’s an added advantage in bringing it closer to reality by making some of it actual robots.”

Hwang and Xu will have a multitiered approach from the cybersecurity and robustness standpoint. Xu will investigate from the cyber perspective of security, encryption, authentication and peer-to-peer communications. Hwang will develop a mathematical model and use the control theoretical solution approach, assessing potential cyberattacks on the systems and working to design a controller in such a way that the system becomes more resilient to attacks.

“This project reflects exciting synergies between two areas of technical excellence at Purdue: aeronautics and astronautics, and cybersecurity,” Xu said.

Ultimately, all of the research will be integrated and pieced together around the state-of-the-art test bed, which could happen toward the end of the second year of the three-year grant.

With a variety of drones tasked with different assignments, “how do we make sure they play well together?” Goppert said. “We’re trying to simulate that within our facility.”

About Purdue University

Purdue University is a top public research institution developing practical solutions to today’s toughest challenges. Ranked the No. 5 Most Innovative University in the United States by U.S. News & World Report, Purdue delivers world-changing research and out-of-this-world discovery. Committed to hands-on and online, real-world learning, Purdue offers a transformative education to all. Committed to affordability and accessibility, Purdue has frozen tuition and most fees at 2012-13 levels, enabling more students than ever to graduate debt-free. See how Purdue never stops in the persistent pursuit of the next giant leap at https://purdue.edu/.

Note to journalists: Journalists visiting campus should follow visitor health guidelines.

  • Campus is open, but the number of people in spaces may be limited. We will be as accommodating as possible, but you may be asked to step out or report from another location.
  • To enable access, particularly to campus buildings, we recommend you contact the Purdue News Service media contact listed on the release to let them know the nature of the visit and where you will be visiting. A News Service representative can facilitate safe access and may escort you on campus.
  • Correctly wear face masks inside any campus building, and correctly wear face masks outdoors when social distancing of at least six feet is not possible.
Rita Azar Illustrates an Eyewear Article for 360 MAGAZINE

Luxottica Hacked

By Justin Lyons

According to Italian press sources, Luxottica was the victim of a cyberattack Saturday.

Luxottica owns eyewear brands like Oakley, Ray-Ban, Coach, Chanel and Versace as well as retail brands like LensCrafters, Sunglass Hut and Target Optical. It is the largest eyewear company in the world with more than 80,000 employees.

SecurityOpenLab, an Italian cybersecurity site, said its sources confirmed Luxottica offices suffered a complete system failure due to ransomware attacks, shutting down operations in Italy and China

SecurityOpenLab also said union sources confirmed that workers received an SMS message saying the second shift on Sept. 21 had been suspended.

Users began reporting an inability to reach sites for LensCrafters, Sunglass Hut, Ray-Ban and other Luxottica brands on Saturday. It was also reported that One Luxottica, a user portal for the company, was down, but it appears to be up again at the time of writing.

BleepingComputer spoke to Bad Packets, a cybersecurity firm, who told them Luxottica used a Citrix ADX controller device, which is vulnerable to CVE-2019-19781, a flaw in Citrix devices.

This flaw is exploited by ransomware actors as it provides network access and credentials used to deeper infiltrate a network.

Luxottica took the servers to its eyewear brand websites offline. While websites for Oakley, Ray-Ban, Coach and more are accessible now, a manager at LensCrafters storefront told 360 MAGAZINE that the Ciao operating system crashed Saturday and that they still have little to no ability to process insurance or complete transactions.

Though Luxottica has not made a public statement, the same source told 360 MAGAZINE that IT support was unavailable while systems were down. LensCrafters is currently logging orders for a later date when systems are back up.

360 was also told that LensCrafters will offer 50% off frames and lenses for the inconvenience to customers.

Highest Cybercrime Risk Countries

Although developed countries are better prepared to tackle statewide cybersecurity challenges and have better IT education, that has little impact on cyber threats on an individual level. According to the new global Cyber Risk Index, cybercriminals tend to target people who have higher incomes and spend more time online.

According to the Cyber Risk Index, if you live in one of these countries – you are a more attractive target for cybercriminals:

1. Iceland
2. Sweden
3. United Arab Emirates
4. Norway
5. The United States
6. Singapore
7. Ireland
8. New Zealand
9. Denmark
10. The United Kingdom

NordVPN lists ten countries whose residents are the most enticing targets for cybercriminals according to the Cyber Risk Index, which covers 50 countries.

smartphones, cell, tech, app, illustration, 360 MAGAZINE, sara sandman

IAITAM: Cybersecurity Risks for Companies

IAITAM: TOO MANY COMPANIES, AGENCIES WITH VULNERABILITIES “WIDE OPEN TO ATTACK”  FROM BREACHES DURING COVID-19 STAY-AT-HOME SHUTDOWNS

After Issuing Repeated Warnings, IAITAM Highlights 4 Biggest Problems Happening Now.

Today, the International Association of IT Asset Managers (IAITAM) is warning that breaches of corporate and government data appear to be running at a level even higher than experts had feared going into stay-at-home orders due to COVID-19.

Last month, IAITAM repeatedly warned of “nightmare data risks” for unprepared government agencies & companies, especially as end-of-the month billing procedures were being carried out remotely.

IAITAM President and CEO Dr. Barbara Rembiesa said: “We anticipated that things would get bad. Companies and agencies may be hoping and praying they are safe, but the work-from-home environment has created a multitude of opportunities for leaks. Too many organizations have left themselves wide open for attack. Understanding the pathways for access within a company’s data network is a valuable lens for businesses and agencies to avert leaking their own assets.”

Based on its preliminary analysis of early published reports, IAITAM is breaking down the biggest problems into four categories:  

1. Assets left unsecure  –  An intentional decision to make devices less secure to allow for work from home (WFH) use.  One example would involve removing admin permissions so that employees can complete the task without administrator oversight. Another would be allowing the use of “unpatched” business computers that allow hackers to load malicious files with admin privileges.  In some cases, companies with high-end virtual private networks (VPNs) pre-loaded on business computers are allowing people to work from home on personal devices either with no VPN or with a lower-end virtual private network that may be less hacker resistant.

2. “New” assets created –  More and more reports are emerging of companies purchasing new devices or technology to account for employees working from home.  In one case reported directly to IAITAM a national health care company ordered 9,000 new laptop computers from a major online company and gave its IT department less than a week to prep the new machines and deliver them to users, who had little or no time for training and other security-related instructions. The concern:  The more corporate assets that you have, the higher risk of intrusion. Each asset becomes a doorway or entry point for a breach, particularly when it (or its user) are underprepared. IT Asset Managers help with this by providing the data necessary for corporate security teams to know what exists, where it exists, and what is on the device.

3. Assets now unsecure in at-home environments –  Many company devices were deployed into a WFH situation quickly, leaving little time to ensure that they would be secure via a virtual private network (VPN) or other means. Just last week, school districts in Oakland and Berkeley, California unwittingly became an accomplice in their own data breach by accidentally making Google Classroom documents public, which contained access codes and passwords for Zoom meetings, as well as student’s names and comments.

4. Employees unwittingly inviting in the intrusion –  Human error allows for mistakes and creates a vulnerability (i.e. clicking on phishing emails or downloading malware). Google reported last week that it is stopping 18 million coronavirus scam-related emails every day, many of them targeting cash strapped businesses looking for loans or other capital. An internal memo from NASA on April 6th revealed that increased cybersecurity attacks had been directed at their employees working remotely. These phishing attempts were disguised as appeals for help, disinformation campaigns or new information about COVID-19, to gain login credentials or install malicious software. This is a prime example of how an employee could unwittingly invite in an intrusion. IT Asset Managers are at the forefront of education and communication campaigns within organizations to help teach end users what they should and should not be doing.

Even companies that do not make a mistake themselves could still find themselves the victim of a coronavirus-related breach. Earlier this month, The Small Business Administration experienced a glitch with a coronavirus loan relief fund platform that publicly leaked the personally identifiable information of business owners across the nation.

The good news is that most or all of these issues can be mitigated with proper IT asset management (ITAM). Professionals in the ITAM industry facilitate corporate asset protection. Uncovering the vulnerabilities now, and then putting an action plan into place will save companies money in the end. If companies and businesses act now, they can turn today’s crisis into tomorrow’s opportunity.

IAITAM President and CEO Dr. Barbara Rembiesa recently went on camera
to share more about what companies and government agencies should be doing.

ABOUT IAITAM

The International Association of Information Technology Asset Managers, Inc., is the professional association for individuals and organizations involved in any aspect of IT Asset Management, Software Asset Management (SAM), Hardware Asset Management, Mobile Asset Management, IT Asset Disposition and the lifecycle processes supporting IT Asset Management in organizations and industry across the globe. IAITAM certifications are the only IT Asset Management certifications that are recognized worldwide. For more information, visit www.iaitam.org.