CS Nov-Dec 2023

news
Daniel Hofmann, Hornetsecurity.
HORNETSECURITY UNVEILS ITS
NEW 'ESSENTIAL COMPANION'
Cybersecurity provider Hornetsecurity has
published 'Microsoft 365: The Essential
Companion Guide', designed for IT administrators
who manage a Microsoft 365
environment. The guide can be accessed
here. It is also aimed at decision-makers
looking to gain an overview of what to
expect when migrating to the cloud and
ways they can adopt services in Microsoft
365 (M365). It complements Hornetsecurity's
recent launch of Plan 4 'Compliance &
Awareness' of its flagship solution 365 Total
Protection.
"The new Plan 4 of Hornetsecurity's cloudbased
solution is its most comprehensive,
taking M365 security management and data
protection to the next level by encompassing
email security, backup and recovery, compliance,
permission management and security
awareness," says the company.
Comments Hornetsecurity CEO Daniel
Hofmann: "Administrators have a big, and
often complex, job on their hands that can
become overwhelming, given the pace
at which technology and business needs
continue to advance." The guide will play
an important role in delivering a thorough
understanding of Microsoft 365 and how
to use it to the best of its abilities, he adds.
"With this guide, we want to save time and
hassles for M365 administrators, helping
them work smarter and not harder."
HOW ATTACKERS EXPLOIT EMAIL TO BREACH AN ACCOUNT
Anew Threat Spotlight by Barracuda researchers shows
how attackers can misuse inbox rules in a successfully
compromised account to evade detection. Meanwhile,
amongst other things, they quietly move information out of
the corporate network via the breached inbox. Not only this,
but attacks can also ensure that the victims don't see security
warnings, filing selected messages in obscure folders, so the
victim won't easily find them or delete messages from the
senior executive they are pretending to be, in an attempt
to extract money. Says Prebh Dev Singh, manager, email
protection product management, at Barracuda: "Malicious
rule creation poses a serious threat to the integrity of an organisation's
data and assets. Because it is a post-compromise
technique, it's a sign that attackers are already in your
network. Immediate action is required to get them out."
THE STRUGGLE TO ALIGN CYBERSECURITY WITH BUSINESS OUTCOMES
Aworrying 97% of respondents' organisations face
challenges in trying to align cybersecurity priorities with
business outcomes. That is one finding a study conducted by
Forrester Consulting on behalf of WithSecure (formerly
F-Secure Business). WithSecure chief information security
officer Christine Bejerasco says it requires cybersecurity
professionals to develop a different strategic approach to how
they think about their jobs. "It can be difficult for security
practitioners to see their work in relation to a business'
purpose or objectives, but that's really how many boards
or executives view security work," she states. "However, the
transition to outcome-based security doesn't necessarily
involve abandoning traditional metrics. It means explicitly
recognising the value of those metrics in relation to how
they benefit the organisation and its objectives."
Prebh Dev Singh, Barracuda.
Christine Bejerasco,
WithSecure.
ALMOST 340 MILLION PEOPLE HIT BY DATA BREACHES IN FOUR MONTHS
The 'Independent Advisor' has just launched
a new Company Data Breach Tracker for 2023.
A regularly updated, month-by-month timeline
of the latest such breaches and hacks in 2023, it
also tracks overall business breach statistics for the
year. With almost 340 million people affected by
business data breaches in the first four months
of 2023 alone, staying secure online remains a
growing concern for companies. More and more
fall victim to cyber-attacks, phishing scandals and
ransomware, leading to data leaks, huge payouts and often lawsuits. Lead writer and researcher
Camille Dubuis-Welch comments: "Like it or not, cybercrime is prolific."
6
computing security Nov/Dec 2023 @CSMagAndAwards www.computingsecurity.co.uk