Posts

Week 5: The Hidden Risks of IoT Devices

 With many devices today being connected to wifi, devices ranging from smart doorbells, thermostats, even refrigerators, IoT or the Internet of Things, have made life extremely simple. Although we would have loved for it to be just convenient to have IoT devices, it also opens up a whole other door for security risks. The article I read this week was by Fortinet, and they explained that IoT devices often lack proper security updates, strong passwords, encryption, and the list goes on. Not having these protocols makes it easier for attackers to target these devices. Once an attacker is able to get into one of these devices, they can sometimes use it to access the entire network that the IoT device is connected to, which is mindblowing. What is scarier than that is the fact that many people, including me before reading this article, are not aware of the fact that IoT devices need the same security care as their laptops and phones. I found this point interesting because it shows that ...
Post a Comment
Read more

Week 4: The Disturbance of Ransomware

 The article I read this week talked about ransomware and how ransomware has become one of the most disruptive and expensive cyber threats today. You may be surprised by the use of the word "expensive" in this scenario, but it all makes sense when you understand the meaning of ransomware and how attackers do these types of attacks. According to CrowdStrike, Ransomware is a type of malware that encrypts your files and locks the owner of those files out of it entirely until you pay a sum of money. Which seems insane, not being able to access your own files is a scary thing. These sums of money are mostly paid in cryptocurrency since it is hard to trace. One might assume that there are no risks other than the fact that they are unable to access their files, but most of the time, these attackers will dump all the data collected in the ransomware attack on leak sites and get paid for it. It is also different when an individual is affected and when a major organization is attacked....
Post a Comment
Read more

Week 3: Zero Trust in Cybersecurity

 Zero Trust is one of the newer ways of thinking in cybersecurity, and in all honesty, reasonably so. Instead of assuming everything inside a network is safe, the idea of Zero Trust is that you should never automatically trust anything. Whether that be the users, the devices connected to the network, or even the applications you use. The article I read today, and learned this information from, is called CrowdStrike, and they break it down well by explaining that implementing this model comes with a lot of perks. Implementing this mindset means constantly checking systems, stricting access control, and implementing the least privilege principle to keep systems secure. Now that many companies are switching to working remotely and having data in the cloud, relying on just firewalls to be the last barrier to your data is not enough anymore. Implementing Zero Trust ensures that when working with systems, to never trust the system and always verify instead of trusting the system, but sti...
Post a Comment
Read more

Week 2: Defending Against Phishing Attacks

 Phishing attacks to this day remain as a great threat in the cybersecurity world, it often exploits human vulnerabilities in order to gain unauthorized access to sensitive data. The article I read today, NCSC, outlines a comprehensive, multi layered defensive strategy that companies and corporations can implement to reduce such risks The approach discussed includes implementing anti-spoofing controls in order to prevent attackers from impersonating legitimate email addresses. While also educating users to recognize and report any suspicious email they may come across. The NCSC also recommends deploying technical measures such as filtering or blocking incoming phishing attempts. Ensuring that everyone is made aware of the necessity for incident response planning, making all the individuals in the company capable of acting quickly if any breaches are likely to occur. If the layers were to be enforced within an organization, then they would be capable of significantly enhancing their...
Post a Comment
Read more

Week 1: Enhancing Security with Multi-Factor Authentication (MFA)

 Multi-Factor Authentication which is also known as MFA, is a security process that requires users to verify their identity using two or more factors. As explained by the article I read this week, OneLogin explains factors as something they know such as a password, something they have which could be a smartphone. It can also be a security token or something they are, which can be a person's face or fingerprint. The way Multi-Factor Authentication works is in layers, and since it works in such a layered approach, it makes it significantly harder for attackers to gain unauthorized access. Even if one factor is compromised by attackers, as long as the other ones hold up attackers will not have access. As cybersecurity threats continue to grow, MFA stands in front of it as a simple yet powerful counter to enhance digital protection. It is best for all if not most companies to adopt Multi-Factor Authentication, as not only is it simple to implement, but it will help companies and busine...
Post a Comment
Read more