The growth of social media, coupled with the increasing adoption of BYOD (Bring Your Own Device) present new challenges for network security. This paper provides proof of concept on how a carefully crafted Reverse Social Engineering (RSE) attack, using social media platforms such as Facebook or LinkedIn, can compromise mobile devices used by professionals. As a result of BYOD, these compromised devices are readily given network access. Access is likely just as high as the user’s normal access using a company provided workstation that stays in the environment at all times. This allows an attacker to establish a foothold within the network to launch further attacks. We will also examine the best practices to defend against this growing threat. Read More
The adoption of cloud-based services has caused a rapid disruption that is changing the face of Information Technology. This leap forward comes with countless benefits but there is also a great cause for concern. The change is happening at a rate that isn’t properly allowing Information Security groups to properly gauge the security ramifications.
When I first entered this industry more than 20 years ago, networks were far easier to secure; they were largely flat with only a handful of entry points with all data and assets living in one or two physical environments with their own dedicated controls. Networks were very linear and far easier to scope and manage than the networks we support today.
Today, cloud connected services from tech giants like Amazon, Google, IBM and Microsoft offer low barriers to market entry, flexible costs, variable capacity, greater uptime, improved mobility and collaboration on robust network fabric. With so many benefits it’s easy to understand why there has been such a major push into the IaaS and SaaS space.