How To Secure Your iPhone: 12 Experts Reveal 26 Essential Security Tips

– Just because you’ve invested in a smartphone that isn’t exposed to quite the same degree of malware and exploit issues as an Android device, that doesn’t mean you can safely ignore good practice when it comes to iPhone security. This is why I’ve asked 12 security experts to share their knowledge as far as keeping your iPhone secure is concerned. Here are their 26 tips to help you do just that.

Continue Reading

Access Denied, Just-In-Time: Protecting your organisation from internal threats

– We regularly read headlines about how employees are the biggest threat to company data, in fact, recent research found that 64% of organisations believe that they’ve likely had either a direct or indirect breach due to employee access in the last 12 months, and that 52% of businesses are very or fairly concerned about sabotage from a former employee. Take Tesla for example, who admitted to being a victim of a data leak due to an unhappy employee, who made changes to company source code and exported gigabytes of proprietary data to unknown third parties.

Continue Reading

CTO Sessions: Morey Haber, BeyondTrust

– With more than 20 years of IT industry experience, Morey Haber serves as the CTO and CISO for BeyondTrust. He joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition and currently oversees solutions for privileged account management.

Continue Reading

Cloud Security essentials - session monitoring

– "What is often overlooked is the potential sensitivity and security of recorded sessions, just like having cameras in your home. This is similar to the security of preventing an over-the-shoulder attack from occurring in the first place. The access needs to be restricted."

Continue Reading

#HowTo Combat the Insider Threat

– Insider threats pose a huge risk to business security, be it employees, both present and past, or freelancers and contractors. These users have an elevated level of access to privileged accounts and are armed with information capable of crippling a business.

Continue Reading

Suspected Iranian cybercriminals target universities for intellectual property

– Suspected Iranian nation-state threat group Cobalt Dickens has launched a new global attack campaign to steal intellectual property, discovered Secureworks Counter Threat Unit (CTU) researchers. ​The group, also known as Silent Librarian, has been using spoofed library services login pages as part of a campaign targeting academics in order to steal intellectual property.

Continue Reading

ECB takes blame for Bird website infection

– A malware infection which caused the shutdown of a European Central Bank (ECB) website should not be blamed on its third-party service provider, according to a spokesperson at the ECB, as the central bank is responsible for its upkeep.

Continue Reading

#HowTo Gain Visibility of Third Parties

– Today, organizations work with third parties for a variety of reasons. External vendors, outsourcers, and contractors play a vital and growing role within an organization, but when given access to an institution’s network and systems, they can be difficult to monitor and manage.

Continue Reading

Is Artificial Intelligence a massive con?

– Have you heard the one about the toothbrush that uses artificial intelligence to tell you to brush harder? Morey Haber of BeyondTrust has and it annoys him intensely. He's seen a company sued because it claimed basic pattern recognition was AI and it just wasn't - and he's had enough.

Continue Reading

Privileged Attack Vectors: Key Defenses

– Attackers crave insider-level access to IT infrastructure, and to get it, they regularly target insiders - and especially anyone with "super user" or admin-level access - to steal their credentials, says Karl Lankford of BeyondTrust.

Continue Reading

The trouble with enterprise IoT and its identity management problem

– The Internet of Things (IoT) encompasses a growing number of connected devices ranging from security cameras to smart thermostats. Many businesses use enterprise-level IoT devices to help workers get things done more efficiently or to assist with meeting facilities management needs. ​But, there's one area where enterprise IoT falls short — identity management ​

Continue Reading

64% of UK businesses have suffered an insider breach

– According BeyondTrust’s 2019 Privileged Access Threat Report, 64% of businesses globally believe they’ve likely had either a direct or indirect breach due to misused or abused employee access in the last 12 months, and 62% believe they’ve had a breach due to compromised vendor access.

Continue Reading

Majority have suffered employee access breach

– New research has revealed that 64 per cent of businesses globally believe they’ve likely had either a direct or indirect breach due to misused or abused employee access in the last 12 months, while 62 per cent believe they’ve had a breach due to compromised vendor access.

Continue Reading

A Better Mouse Trap

– While some may argue it is more humane to trap and release a mouse versus creating a literal mess of the rodent, the goal is the same: to keep the mouse out of the house. This is a crude analogy for cybersecurity, but it works — you have to consider the appropriate action to keep a threat actor out of your environment. Should you terminate them or practice catch and release? Both have merits, and both have serious concerns that Morey Haber, BeyondTrust's CTO and CISO, covers in this article.

Continue Reading

Windows 10 Migration: Getting It Right

– The transition to Windows 10 doesn't need to be a sprint. BeyondTrust's Kevin Alexandra describes how organizations can still take advantage of the security in Windows 7 while gaining added management flexibility from the newer OS.

Continue Reading

Safeguarding Your Organization from Attacks Via Your Third-Party Vendors

– Realizing that most large organizations today have sophisticated security defenses, bad actors are beginning to target third-party vendors, as a means to gain access to an enterprises’ network. In this article written by Morey Haber, BeyondTrust CTO and CISO, Haber describes how threat actors are exploiting organizations via third parties and what can be done to seal this vulnerability.

Continue Reading

DevSecOps: Can JIT PAM Bring Relief?

– The concept of JIT PAM, which is being promoted by security vendors such as Beyond Trust, is one of controlling access based upon a number of different policies that are further enhanced with behavioral data.

Continue Reading

Security Vulns in Microsoft Products Continue to Increase

– A new analysis of Microsoft's security updates in 2018 suggests the company's long-standing efforts to build more secure products continue to be very much a work in progress. But the good news is that removing admin privileges can mitigate most Microsoft security vulnerbilities, a new study by BeyondTrust shows.

Continue Reading

Going those extra lengths to protect consumer data

– With the amount of data dominating the current tech landscape, CIOs and business leaders must prioritise how they manage consumer data to avoid the repercussions. Morey Haber, CTO of BeyondTrust, gives his views on how companies should be approaching it correctly.

Continue Reading

Four hidden costs and cyber security risks of sudo

– It is always a philosophical debate as to whether to use open source software in a regulated environment. In the case of ‘sudo’—a package designed to provide privileged access included in many Linux distributions—the debate is whether it meets the requirements of an organization, and to what level it can be relied upon to deliver compliance information to auditors. While every organization is different, BeyondTrust CTO Morey Haber says there are four specific risks/costs that you should consider before deciding if sudo is right for your organization.

Continue Reading

Cutting Through the Hype―The Realistic Flaws of a Zero Trust Security Model

– A zero-trust security model redefines the architecture of a trusted network inside a defined corporate perimeter. This is relevant today since technologies and processes like the cloud, DevOps, and IoT have either blurred, or completely dissolved, the idea of a traditional perimeter. But, as BeyondTrust CTO Morey Haber explains in this byline article, while zero trust has become a trendy catchword in IT, in practice, it remains more of a theoretical concept as opposed to one that organizations can implement, for a couple of reasons.

Continue Reading

Security Best Practices For Conversation Marketing And Chatbots

– Vendors, service providers and even government agencies have been rapidly deploying chat-based features to field requests from sales to support. It is typically unknown to the user if they are getting a real person or a machine. With a little social engineering, a threat actor can determine which one is behind the scenes. Regardless of human or machine, there are some interesting security risks to chat-based services.

Continue Reading

Cyberattacks are putting lives at risk

– Karl Lankford, for BeyondTrust, explores previous attacks to industry and draws on findings from an access threat report: Cyberattacks are putting lives at risk via administrative back doors left open.

Continue Reading

BeyondTrust Review

– BeyondTrust, formerly known as Bomgar, is great software for remote PC access support around the world. The software allows cross-platform access and can integrate with multiple platforms. It is accessible via your own device or the cloud, depending on the plan you purchase. Each plan allows unattended access, screen sharing and collaboration.

Continue Reading

Four Corporate Email Oversights That Put Your Organization At Risk

– If you travel frequently for work or are responsible for purchasing merchandise or services for your employer, is it acceptable to use your work email address to complete a transaction, or should you use your personal email? This question, and your departure from an organization for not making the right choice, can create a complicated situation and security risk that most employers are ignoring. Morey Haber explores the ramifications in this Forbes article.

Continue Reading

Using PAM for Cyber Forensics

– Privileged access management should not only be considered for new projects and legacy systems to stop privileged attack vectors. It should be considered for forensics and remediation control after an incident or breach.

Continue Reading