CYBR332 Blog

 With many devices today being connected to wifi, devices ranging from smart doorbells, thermostats, even refrigerators, IoT or the Internet of Things, have made life extremely simple. Although we would have loved for it to be just convenient to have IoT devices, it also opens up a whole other door for security risks. The article I read this week was by Fortinet, and they explained that IoT devices often lack proper security updates, strong passwords, encryption, and the list goes on. Not having these protocols makes it easier for attackers to target these devices. Once an attacker is able to get into one of these devices, they can sometimes use it to access the entire network that the IoT device is connected to, which is mindblowing. What is scarier than that is the fact that many people, including me before reading this article, are not aware of the fact that IoT devices need the same security care as their laptops and phones. I found this point interesting because it shows that ...

 The article I read this week talked about ransomware and how ransomware has become one of the most disruptive and expensive cyber threats today. You may be surprised by the use of the word "expensive" in this scenario, but it all makes sense when you understand the meaning of ransomware and how attackers do these types of attacks. According to CrowdStrike, Ransomware is a type of malware that encrypts your files and locks the owner of those files out of it entirely until you pay a sum of money. Which seems insane, not being able to access your own files is a scary thing. These sums of money are mostly paid in cryptocurrency since it is hard to trace. One might assume that there are no risks other than the fact that they are unable to access their files, but most of the time, these attackers will dump all the data collected in the ransomware attack on leak sites and get paid for it. It is also different when an individual is affected and when a major organization is attacked....

 Zero Trust is one of the newer ways of thinking in cybersecurity, and in all honesty, reasonably so. Instead of assuming everything inside a network is safe, the idea of Zero Trust is that you should never automatically trust anything. Whether that be the users, the devices connected to the network, or even the applications you use. The article I read today, and learned this information from, is called CrowdStrike, and they break it down well by explaining that implementing this model comes with a lot of perks. Implementing this mindset means constantly checking systems, stricting access control, and implementing the least privilege principle to keep systems secure. Now that many companies are switching to working remotely and having data in the cloud, relying on just firewalls to be the last barrier to your data is not enough anymore. Implementing Zero Trust ensures that when working with systems, to never trust the system and always verify instead of trusting the system, but sti...