• Home
  • Advertising
    • Why Advertise
    • Create Your Campaign
  • About
    • About Security on Screen
    • Privacy Policy
  • Webinars
  • Social Wall
  • Contact Us
Saturday, July 2, 2022
No Result
View All Result
  • Login
  • Register

No products in the basket.

Submit News
Submit video
  • Create Your Campaign
  • Product Groups
    • Access Control
    • Biometrics
    • Physical Security
    • Smart City
    • Surveillance
    • Systems Integration
  • Cyber-Security
  • Industry sectors
    • Banking
    • Casinos
    • City Surveillance
    • Data Centres
    • Government
    • Healthcare
    • Leisure
    • Manufacturing
    • Retail
    • Schools and Campus Security
    • Transport
    • Utilities
  • Business News
    • New Technology
    • Opinion
    • People
    • Education & Events
  • Create Your Campaign
  • Product Groups
    • Access Control
    • Biometrics
    • Physical Security
    • Smart City
    • Surveillance
    • Systems Integration
  • Cyber-Security
  • Industry sectors
    • Banking
    • Casinos
    • City Surveillance
    • Data Centres
    • Government
    • Healthcare
    • Leisure
    • Manufacturing
    • Retail
    • Schools and Campus Security
    • Transport
    • Utilities
  • Business News
    • New Technology
    • Opinion
    • People
    • Education & Events
No Result
View All Result
No Result
View All Result

Obrela | Cybersecurity tips from the front lines

by Zoe Deighton Smythe
21/07/2021
in Cyber Security, Opinion, PRESS RELEASE
Obrela | Cybersecurity tips from the front lines

Athanasios Nikologiannis, Labs Director at Obrela Security Industries provides security advice from a pen tester based on the most common security mistakes they encounter in their jobs

When people think about a career as a hacker, they will often associate it with something illegal, but today there are hackers on both sides of the fence. Those on the criminal side are constantly developing new ways to breach the digital worlds of consumers and businesses, and those that hack into businesses for good, to ascertain a business’s risk profile and spot weaknesses so they can be resolved and mitigated before the bad guys have a chance to exploit them.

The ethical hacking industry can be broken into three key categories: pen testers who are hired by organisations to carry out point in time security tests; bug bounty hunters who are registered on specific online platforms and perform focused security testing (usually on web/mobile applications) on a bounty per vulnerability basis; and red teams, who work in groups and are hired to act as the enemy or competitor of an organisation and test its security parameters, and provide feedback for improvements, with a specific focus on organisation’s detection and response capabilities.

Each of these ethical hacking groups play a vital role in keeping internet users and organisations across the world secure, and because of the seemingly adversary role they play, they can offer unique insight into the mindset of criminal hackers.

Ethical hackers can help organisations understand how attackers get in, what techniques they use to get past defences and, most importantly, utilise their knowledge of the common security pitfalls that appear within organisations in order to prevent cybercriminals from taking advantage of to break into systems.

So, what are the most common security mistakes pen testers continue to witness and how can they be addressed?

Unpatched vulnerabilities

Cybercriminals understand no piece of software is perfect and that each tool businesses use online will possess vulnerabilities which can be exploited. They are therefore constantly on the lookout for unpatched vulnerabilities that can provide them with a foothold within an organisation.

It is critical that organisations apply patches to vulnerabilities as soon as they are released, because any gaps in applying them is an opportunity for a cybercriminal.

However, pen testers rarely find organisations that are fully up to date with all the latest patch cycles, and well-executed social engineering techniques tend to create nasty pitfalls for employees without proper security awareness training.

A golden piece of advice from all ethical hackers is to keep up to date with the latest patch cycles, as vulnerabilities provide cybercriminals with an easy loophole to get into systems.

Social engineering

Red teams will often carry out social engineering techniques on organisations, and one of the most frequent scenarios that catch organisations out is when they turn up at a physical office pretending to need access for a maintenance issue.

The red teams are often given access to offices without any security clearance or checks and when they are inside, they can essentially do as they please. This is a technique some of the bolder cybercriminals will use and it is one that is often overlooked by organisations, but its impact could be devastating. Having physical access to an office and its IT could allow attackers to install key loggers or spyware on machines to eavesdrop on all future activity, therefore creating significant security risks.  

Verifying who a person is before giving them physical or virtual access to an organisation is vital and this needs to be reinforced to all employees, regardless of their authorisation level.

Password management

Not surprisingly poor password hygiene has created multitudes of headaches for IT help desks and pen testers alike. Whether it be reusing passwords across multiple systems and applications, using easy-to-guess passwords, or having passwords written on post-it notes stuck to machines, each instance could be the difference between security and a high-profile data breach. Pen testers face these security faux pas daily.

Cybercriminals know humans are lazy when it comes to passwords and using a brute force attack, or some low-level social engineering is enough to give them the keys to the kingdom. Pen testers therefore always recommend that their clients utilise the security benefits of multi-factor authentication and password management software (password vaults) to improve the security of passwords. The standard rules also apply – avoid easy to guess passwords, never write them down and never use the same password across multiple systems and applications.

Pen testers and ethical hackers are today’s defenders of the web, and they can provide unique insight into malicious hacker techniques, while offering important advice to improve defences. Organisations should take their advice on patching, social engineering and password management and apply it in the real world across their systems, otherwise it will not be long before they find their confidential data in the hands of the malicious hackers operating on the other side of the fence.

Athanasios Nikologiannis, Labs Director at Obrela Security Industries

Tags: Cybersecurityfront line workersObrela Securityonline vulnerabilitiesorganisational securitysecurity advice
ShareTweetShare

Related Posts

British Security Awards announces 2022 winners
Education & Events

British Security Awards announces 2022 winners

OneQode teams with up Corero Network Security to protect customers from malicious DDoS attacks
Cyber Security

OneQode teams with up Corero Network Security to protect customers from malicious DDoS attacks

Seagate and Secure Logiq release recording of surveillance industry storage webinar
PRESS RELEASE

Seagate and Secure Logiq release recording of surveillance industry storage webinar

Euralarm releases revised study on False Fire Alarms in Europe
PRESS RELEASE

Euralarm releases revised study on False Fire Alarms in Europe

KnowBe4 kicks off ransomware awareness month with resource kit
Cyber Security

KnowBe4 kicks off ransomware awareness month with resource kit

Panasas teams up with MLCommons for advanced machine learning
PRESS RELEASE

Panasas teams up with MLCommons for advanced machine learning

Load More

The Tannery, 3a John Street, Tunbridge Wells,
Kent TN4 9RU
All enquiries: +44 (0)1892 525141

  • Home
  • Advertising
  • About
  • Webinars
  • Social Wall
  • Contact Us
No Result
View All Result
  • Login
  • Sign Up
  • Cart
  • Home
  • Why Advertise
  • Create Your Campaign
  • About Security on Screen
    • Privacy Policy
  • Webinars
  • Social Wall
  • Contact Us
  • Business News
    • New Technology
    • Opinion
    • People
    • Education & Events
  • Product Groups
    • Access Control
    • Biometrics
    • Cyber Security
    • Physical Security
    • Smart City
    • Surveillance
    • Systems Integration
  • Industry Sectors
    • Banking
    • Casinos
    • City Surveillance
    • Data Centres
    • Government
    • Healthcare
    • Leisure
    • Manufacturing
    • Retail
    • Schools and Campus Security
    • Transport
    • Utilities

© 2020 SecurityOnScreen.com

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.