Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Avecto warns of Halloween malware menace

April 23, 2014

  • Blog
  • Archive

Responding to a report that predicts a significant increase in malware and phishing in the weeks ahead, Avecto says that companies need to revisit and refine their strategies for dealing with the problem - before it is too late.

"Whereas before they would wait until the end of the daylight period before checking their social emails - from home - staff are now starting to check their social emails soon after the afternoon coffee break. It's all down to human nature, and with social events such as Halloween and Bonfire Night on the horizon, they will be getting a variety of fun attachments into their mailboxes," he said.

"This is what we call a malware flashpoint in the IT security industry - the times of the year when the risk of staff clicking through onto something that they would normally avoid suddenly rises. This is exactly why our colleagues at GFI have been observing a surge in malware in recent weeks, and are predicting that this trend will increase in the weeks ahead," he added.

Kenyon went on to say that the fact the research highlights the ability of cybercriminals and scammers to quickly respond to high-profile events and exploit Internet users' online search behaviour should send IT security professionals scrambling to review their security defence strategies.

The Internet world, with all its threats, has moved on significantly in the last 12 months to the point where scammers are using every trick in the book - and a lot of new ones too - to persuade users to `click through' on links when they really should know better, he explained.

The Avecto COO says that these issues are the reason why October has been designated National Cyber Security Awareness month in the US, and why UK private and public sector organisations will be hosting the National Identity Fraud Prevention Week between the 17th and 24th of this month.

This, he adds, is the time when the threat that the Internet poses both to consumer and business users starts to rise as the world - and his/her spouse - gets ready for the winter celebrations that culminate in Christmas. And that's why these Internet security campaigns are timed to help educate users about the real risks they are likely to encounter.

So what, says Keynon, can the forward-thinking IT security professional do to help prepare for the weeks ahead?

The solution, he says, is to plan ahead on the basis that, while your existing IT security defences will help to stop most of these threats, there is a real risk that some of the threats will be successful. It is therefore crucial to prepare an updated security strategy to account for a worst-case scenario.

This means, he adds, that IT security managers need to be able to lock down their internal IT systems and reduce the risk profile of all their systems. For most organisations, he notes, this involves reducing the risk that a member of staff will cross-infect another user or systems if their terminal is compromised.

"Put simply, this means limiting each member of staff to those IT functions that they truly need to carry out their job effectively, and locking down all the other functions, as they only serve to increase the risk of something going wrong - and for no good reason," he said.

"This is where effective privilege management enters the frame. Good Windows privilege management means allowing, for example, IT management access to those elements of the supervisory computer systems that they need access to. Equally, the nice-to-have - but not essential - `side system' access that many IT professionals often have from their accounts should be locked down," he added.

"Privileged account management is all about balancing the technology requirements of each member of staff with the risk that allowing access to that technology entails. This is all part of the GRC - governance, risk management and compliance - balancing act that is modern IT security management."

Kevin Franks, Marketing Communications Manager

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Mapping BeyondTrust Solutions to the Qatar National Information Assurance Policy v2.0

Whitepapers

KuppingerCole Executive Review - BeyondTrust Endpoint Privilege Management

Webcasts

Tech Talk Tuesday: Managing Vendor Access

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.