Connect with us

Featured

Phishers focus on
faking 10 brands

Published

on

Fighting back

The Phishing and Fraud report stresses that the best first line of defence is a consistent education programme and creating a culture of curiosity. Tests by Webroot show that security awareness training can have a particularly ameliorative effect.

Companies that ran 11 or more training campaigns reduced employee phishing click-through rates to 13%. Six to ten sessions saw a 28% click-through rate, rising to 33% with one to five employee engagements.

In addition to awareness-raising, F5 Labs stresses the importance of organisations implementing access control protections, including multi-factor authentication and credential stuffing controls, to prevent phished credentials becoming a breach. Other report recommendations include the following defensive tactics:

·        Email labeling. Clearly label all mail from external sources to prevent spoofing. A simple, specially formatted message can alert users to be on guard.

·        Anti-virus (AV) software. AV software is a critical tool to implement on every system a user has access to. In most cases, up-to-date AV software will stop the malware installation attempt. Set your AV policy to update daily at a minimum.

·        Web Filtering. A web filtering solution helps block access to phishing sites. Not only will this prevent a breach (providing the phishingsite is known by your web filter provider), but it presents a valuable teaching opportunity by displaying an error message to the user

·        Traffic decryption and inspection. F5 Labs analysed malware domains from Webroot that were active in September and October 2018. 68% of them were phoning-home over port 443, which is the standard TCP port used for websites encrypting communications over SSL/TLS. If organisations do not decrypt traffic before inspection, the malware installed through phishing attacks will go undetected inside the network.

·        Single-Sign On (SSO). The fewer credentials users manage, the less likely they are to share them across multiple applications, create weak passwords, and store them insecurely.

·        Report phishing. Provide a means for employees to easily report suspected phishing. Some mail clients now have a built-in phish alert button to notify IT of suspicious activity. If your email client doesn’t have this feature, instruct all users to call the helpdesk or security team.

·        Change email addresses. Consider changing the email addresses of commonly targeted employees if they are receiving an unusually high number of phishing attacks on a continual basis.

·        Use CAPTCHAs. Use challenge-response technologies like CAPTCHA to distinguish humans from bots. However, users can find them annoying so use in cases where it’s highly likely a script is coming from a bot.

·        Access control reviews. Review access rights of employees regularly, especially those with access to critical systems. These employees should also be prioritised for phishing training.

·        Look out for newly-registered domain names. Phishing sites are often newly registered domains. When F5 reviewed the list of active malware and phishing domains collected by Webroot in September, only 62% were still active a week later.

·        Implement web fraud detection. Implement a web fraud solution that detects clients infected with malware. This stops cybercriminals logging into your systems and allowing fraudulent transactions to occur.

“Phishing is a big problem and we expect attacks to continue because they are so effective, especially during the winter period” added Warburton.

“As organisations get better at web application security, it will be easier for fraudsters to phish people than to find web exploits. Ultimately, there is no one-stop-shop security control for phishing and fraud. A comprehensive control framework that includes people, process, and technology is a critical requirement to reduce the risk of an attack becoming a major incident.”

2 of 2Next Page

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Featured

Samsung clears the table with new monitor

For those who like minimalism and tidy desks, Samsung’s new Space Monitor may just do the trick, writes BRYAN TURNER.

Published

on

The latest trends of narrow-bezels and minimalist designs have transcended smartphones, spilling into other designs, like laptops and monitors. 

The new Space Monitor line by Samsung follows in this new design “tradition”. The company has moved the monitor off the desk – by clipping it onto the edge of the desk.

It can be put into three configurations: completely upright, where it sits a bit high but completely off the desk; half-way to the desk, where it is a bit lower to put some papers or files underneath the display; and flat on the desk, where it is at its lowest.

3config.gif

The monitor sits on a weighted hinge at the edge of the desk, providing sturdy adjustment to its various height configurations. It also swivels on a hinge at the point where the arm connects to the display. This provides precise viewing angle adjustment, which is great for showing something on screen to someone who is standing.

Apart from form factor, there are some neat goodies packed into the box. It comes with a two-pin power adapter, with no adapter box on the midpoint between the plug and the monitor, and a single cable that carries HDMI-Y and power to prevent tangling. 

DT-FB4-Concealed-Cables-27-32inch-121918.gif

However, it’s slightly disappointing that there isn’t a Mini Display Port and power cable “in one cable” option for Mac and newer graphics card users, who will have to run two cables down the back of the screen. Even worse, the display doesn’t have a USB Type-C display input; a missed opportunity to connect a Samsung device to the panel.

A redeeming point is the stunning, Samsung-quality panel, which features a 4K UHD resolution. The colours are sharp and the viewing angles are good. However, this display is missing something: Pantone or Adobe RGB colour certification, as well as IPS technology. 

The display’s response rate comes in at 4ms, slightly below average for displays in this price range. 

These negatives aside, this display has a very specific purpose. It’s for those who want to create desk space in a few seconds, while not having to rearrange the room. 

Final verdict: This display is not for gamers nor for graphic designers. It is for those who need big displays but frequently need to clear their desks.

Continue Reading

Featured

Can mobile fix education?

Published

on

By Ernst Wittmann, global account director for MEA and country manager for Southern Africa, at TCL Communications

Mobile technology has transformed the way we live and work, and it can be expected to rapidly change the ways in which children learn as smartphones and tablets become more widely accepted at primary and high schools. By putting a powerful computer in every learner’s schoolbag or pocket, smartphones could play an important role in improving educational outcomes in a country where so many schools are under-resourced.

Here are some ways that mobile technology will reshape education in the years to come:

Organisation and productivity

For many adults, the real benefit of a smartphone comes from simple applications like messaging, calendaring and email. The same goes for schoolchildren, many of whom will get the most value from basic apps like sending a WhatApp message to friends to check on the homework for the day, keeping track of their extramural calendar, or photographing the teacher’s notes from the blackboard or whiteboard. One study of young people’s mobile phone use in Ghana, Malawi and South Africa confirmed that many of them got the most value from using their phones to complete mundane tasks.

Interactivity

One of the major benefits smartphones can bring to the classroom is boosting learners’ engagement with educational materials through rich media and interactivity. For example, apps like Mathletics use gamification to get children excited about doing mathematics—they turn learning into a game, with rewards for practicing and hitting milestones. Or teachers can set up a simple poll using an app like Poll Everywhere to ask the children in a class what they think about a character’s motivation in their English set-work book.

Personalisation

Mobile technology opens the doors to more personalised and flexible ways to teach and learn, making more space for children to work in their own style and at their own pace. Not very child learns in the same way or excels at the same tasks and subjects – the benefit of mobile phones is that they can plug the gaps for children seeking extra enrichment or those that need some additional help with classroom work.

For example, teachers can provide recommended educational materials for children who are racing in ahead of their peers in some of their subjects. Or they can suggest relevant games for children who learn better through practical application of ideas than by listening to a teacher and taking notes. 

In future, we can expect to see teachers, perhaps aided by algorithms and artificial intelligence, make use of analytics to track how students engage with educational content on their mobile devices and use these insights to create more powerful learning experiences. 

Access

South Africa has a shortage of teachers in key subjects such as mathematics and science, which disproportionately affects learners in poor and rural areas. According to a statement in 2017 from the Department of Basic Education, it has more than 5,000 underqualified or unqualified teachers working around the country. Though technology cannot substitute for a qualified teacher, it can supplement human teaching in remote or poor areas where teachers are not available or not qualified to teach certain subjects. Video learning and videoconferencing sessions offer the next best thing where a math or physical science teacher is not physically present in the classroom.

Information

Knowledge is power and the Internet is the world’s biggest repository of knowledge. Schoolchildren can access information and expertise about every subject under the sun from their smartphones – whether they are reading the news on a portal, watching documentaries on YouTube, downloading electronic books, using apps to improve their language skills, or simply Googling facts and figures for a school project.

Take a mobile-first approach

Technology has a powerful role to play in the South African school of the future, but there are some key success factors schools must bear in mind as they bring mobile devices into the classroom:

  • Use appropriate technology—in South Africa, that means taking a mobile-first approach and using the smartphones many children already know and use.
  • Thinking about challenges such as security – put in place the cyber and physical security needed to keep phones and data safe and secure.
  • Ensuring teachers and children alike are trained to make the most of the tech – teachers need to take an active role in curating content and guiding schoolchildren’s use of their devices. To get that right, they will need training and access to reliable tech support.

Continue Reading

Trending

Copyright © 2018 World Wide Worx