BizTech Brief #25

Week commencing 13th February 2017.

Once again this weeks IT news is flooded with articles about a new malicious cyber attack or about another business that has been hit by one. This weeks article highlights the news stories I found interesting. I have read and summarised these articles below. 

To see my other BizTech Brief articles, click here.

Small Businesses hit harder in cyber battle

Hiscox asked the key question 'How well prepared are businesses when it comes to fendig off a cyber threat?'and after having interviewed 3000 businesses of all sizes and from a wide range of sectors in the UK, Germany and the US, we found that more than half of all businesses (53%) are ill-prepared to deal with cyber-attacks, while more than half (57%) have also experienced a cyber-attack over the past year and 42% have had at least two incidents in that period.

This led the company to ask further questions such as 'Is the government doing enough?' and draw some conclusions such as the cost of cyber attacks on small businesses, the recovery time for small businesses to get their data back and all their systems up and running and of course the detrimental effect a cyber attack could have on your business. 

To Defend Against Insiders, Think Bigger Picture

If you were to ask the average computer user about which one poses the greatest threat to the data security of a business - employees or hackers - they would almost instinctively answer the latter.

Yet organizations tend to underinvest in rebuffing the insider threat - both of the accidental and deliberate variety - choosing instead to primarily invest in perimeter-based defenses designed to deter outside intruders. This is often attributable to a lack of adequate in-house resources, similar to most of the security challenges you face.

The conversation shouldn't be as much about insiders versus outsiders, but about building a holistic security program that treats both parties as similar threats - or better yet, one that really makes no distinction between them. While the insider threat necessitates certain controls that wouldn't be necessary for hackers - such as background checks, security education awareness and an employee termination plan - much of what will help you with the insider threat problem is something that will also help you to negate outside attacks.

Security researchers at Bitdefender find evidence of X-Agent malware variant for macOS

The malware that may have swung the U.S. presidential election could be on its way to a Mac near you.

Security researchers have discovered a macOS malware program that’s likely part of the arsenal used by the Russian cyberespionage group blamed for hacking into the U.S. Democratic National Committee last year.

It’s currently unknown as to how the malware is being distributed, as Bitdefender researchers have only obtained the malware sample and not the full attack change.

Amazon WorkSpaces now supports interforest trusts with AWS Microsoft AD for easier user and directory management

Amazon WorkSpaces now allows you to integrate with your on-premises Microsoft Active Directory using an interforest trust with the AWS Directory Service for Microsoft Active Directory (Enterprise Edition), also called AWS Microsoft AD.  You can assign Amazon WorkSpaces for users in any of your on-premises domains. AWS Microsoft AD automatically discovers and routes authentication requests to the correct domain controller, which means that your users can use their existing Microsoft Active Directory credentials to log in to their WorkSpaces, without having to specify their domain name.

This feature is available now in all AWS regions where Amazon WorkSpaces is offered.