The Netflix hack: A chat about securing your company
|Richard Harris in Security Wednesday, May 10, 2017|
Securing your business across all the possible different avenues of threats.
ADM: What do businesses need to do to ensure their vendors are secure?
Ginevan: If you're allowing vendors to interact with your enterprise systems or data, you should make sure that you're not providing broad based network access. Now is the time to ensure your network is properly segmented - your HVAC maintenance vendor that's connecting a smart air conditioning system should only be able to access that AC, not your broader set of enterprise systems. Where possible, use penetration tools that validate your organizations' minimum set of security criteria are met by your partners and manage the connected devices that vendors' may want to use on your network.
ADM: Attackers are becoming increasingly aware of corporate extortion. How do you expect this trend to continue, especially with IoT devices?
Ginevan: Hackers will always look for the weakest leak, not just in your organization but also with those you partner with as well. So that's why you should be ensuring that your enterprise devices are trusted, secured and managed, and any devices your partners bring are segmented to have only the access they absolutely require. And, where possible, manage and secure the devices your partners bring as well.
Strategy at MobileIron
ADM: Some say these leaked episodes could be a great time for malware authors to load malicious content under the guise of being a leaked episode - can you talk about the threat at an enterprise level?
Ginevan: Sites with pirated content have been notorious for harboring viruses and malware. So, organizations need to be on the lookout for users accessing sites and ensure that anti malware solution is monitoring for cases where the user has potentially downloaded a trojan episode.
ADM: What is the biggest thing companies should learn from this type of attack?
Ginevan: The Netflix hack, like the Target hack back in 2013, proved again that no matter how secure your own organization is, your partners can still leave you vulnerable. So set your own security criteria, make sure you're partners are meeting it, and protect your own network by limiting access when partners access your systems.
Are you paying more taxes than you have to as a developer or freelancer? The IRS is certainly not going to tell you about a deduction you failed to take, and your accountant is not likely to take the time to ask you about every deduction you’re entitled to. As former IRS Commissioner Mark Everson admitted, “If you don’t claim it, you don’t get it.
Get hands-on experience in performing simple to complex mobile forensics techniques Retrieve and analyze data stored not only on mobile devices but also through the cloud and other connected mediums A practical guide to leveraging the power of mobile forensics on popular mobile platforms with lots of tips, tricks, and caveats.
Write and run code every step of the way, using Android Studio to create apps that integrate with other apps, download and display pictures from the web, play sounds, and more. Each chapter and app has been designed and tested to provide the knowledge and experience you need to get started in Android development.