Chinese-sponsored groups are using the popular Brickstorm backdoor to access and gain persistence in government and tech firm networks, part of the ongoing effort by the PRC to establish long-term footholds in agency and critical infrastructure IT environments, according to a report by U.S. and Canadian security offices.

The post China Hackers Using Brickstorm Backdoor to Target Government, IT Entities appeared first on Security Boulevard.

Security and developer teams are scrambling to address a highly critical security flaw in frameworks tied to the popular React JavaScript library. Not only is the vulnerability, which also is in the Next.js framework, easy to exploit, but React is widely used, including in 39% of cloud environments.

The post Dangerous RCE Flaw in React, Next.js Threatens Cloud Environments, Apps appeared first on Security Boulevard.

A threat group dubbed ShadyPanda exploited traditional extension processes in browser marketplaces by uploading legitimate extensions and then quietly weaponization them with malicious updates, infecting 4.3 million Chrome and Edge users with RCE malware and spyware.

The post ShadyPanda’s Years-Long Browser Hack Infected 4.3 Million Users appeared first on Security Boulevard.

The FBI says that account takeover scams this year have resulted in 5,100-plus complaints in the U.S. and $262 million in money stolen, and Bitdefender says the combination of the growing number of ATO incidents and risky consumer behavior is creating an increasingly dangerous environment that will let such fraud expand.

The post FBI: Account Takeover Scammers Stole $262 Million this Year appeared first on Security Boulevard.

The Russian state-sponsored group behind the RomCom malware family used the SocGholish loader for the first time to launch an attack on a U.S.-based civil engineering firm, continuing its targeting of organizations that offer support to Ukraine in its ongoing war with its larger neighbor.

The post Russian-Backed Threat Group Uses SocGholish to Target U.S. Company appeared first on Security Boulevard.

Working as a cybersecurity engineer for many years, and closely following the rapid evolution of the space ecosystem, I wholeheartedly believe that space systems today are targets of cyberattacks more than ever.

The purpose of this article is to give you a glimpse of cybersecurity threats and challenges facing the New Space economy and ecosystem, with a focus on smallsats in Low Earth Orbit (LEO), as well as some technologies to assess space cybersecurity risks.

The article series is divided into four parts: Introduction to New Space, Threats in the New Space, Secure the New Space, and finally New Space Future Development and Challenges.

Introduction

The Aerospace and Defense industry is a global industry composed of many companies that design, manufacture, and service commercial and military aircraft, ships, spacecraft, weapons systems, and related equipment.

The Aerospace and Defense industry is composed of different key segments: large defense prime contractors/system integrators, commercial aerospace prime contractors or system integrators, first-tier subcontractors, second-tier subcontractors, and finally third-tier and fourth-tier subcontractors.

The industry is facing enormous challenges that stem from the COVID-19 pandemic, concerns over sustainability, disruptions from new technologies, heightened regulatory forces, radically transforming ecosystems, and, above all, the cyber threats and attacks that are getting more and more worrisome.

The increase of space cyberattacks and cybersecurity risks is stemming from the evolution of the space ecosystem to the New Space Age.

In this first article of the series, we will focus on the New Space notion and the definition of space system architecture.

From Old Space to New Space

Earlier, the space industry was a nation-level domain — and not just any nation; the United States of America and the Union of Soviet Socialist Republics dominated the industry. Space was related to governments and defense departments, and the objectives were essentially political and strategic ones.

Now, there is more involvement in space globally than ever before in history. This new era, led by private space efforts, is known as “New Space Age” — a movement that views space not as a location or metaphor, but as well of resources, opportunities, and mysteries yet to be unlocked.

New Space is evolving rapidly with industry privatization and the birth of new ventures to achieve greater space accessibility for different parties.

Nevertheless, this development in technologies and the fast growth of New Space projects make the space attack surface larger and increase the threat risks in terms of cyberattacks.

Space and Satellite Systems

LEO and CubeSats

LEO is a circular orbit around the earth with an altitude of 2,000Km or less (1,200 miles).

Most LEO Space Vehicles (SV) are small satellites, also known as CubeSats or Smallsats.

A CubeSat is a small, low-cost satellite that can be developed and launched by colleges, high schools, and even individuals. The 1U (Unit) size of a CubeSat is (10cm x 10cm x 10cm) and weighs about 1Kg. A CubeSat can be used alone (1U) or in groups (up to 24 U).

CubeSats represent paradigm shifts in developing space missions in the New Space Age.

Nowadays, CubeSats, and all the other SV types, are facing different challenges: environmental challenges, operational challenges, and cybersecurity challenges.

Space System Design

Any space system is composed of three main segments: ground segment, space segment, and link segment. In addition, we have the user segment.

Space System Design (Source: Space Security Info)

Ground segment: The ground segment includes all the terrestrial elements of the space systems and allows the command, control, and management of the satellite itself and the data coming from the payload and transmitted to the users.

Space segment: The space segment includes the satellites, tracking, telemetry, command, control, monitoring, and related facilities and equipment used to support the satellite’s operations.

Link/communication segment: The link or communication segment is the data and signals exchanged between the ground and space segments.

User segment: The user segment includes user terminals and stations that can launch operations with the satellite in the form of signal transmissions and receptions.

Conclusion

The New Space age makes the space field more accessible to everyone on this planet. It’s about democratizing access to space.

This new age was characterized by the increase of Smallsats development and especially CubeSats in LEO. These types of satellites are part of the space architecture in addition to the ground, communication, and user segments. Nevertheless, is this space system design threatened by cyberattacks?

In the next article in the series, we will explore the answer to this question.

The post Cybersecurity in the Next-Generation Space Age, Pt. 1: Introduction to New Space appeared first on Security Intelligence.

Over the years, endpoint security has evolved from primitive antivirus software to more sophisticated next-generation platforms employing advanced technology and better endpoint detection and response.

Because of the increased threat that modern cyberattacks pose, experts are exploring more elegant ways of keeping data safe from threats.

Signature-Based Antivirus Software

Signature-based detection is the use of footprints to identify malware. All programs, applications, software and files have a digital footprint. Buried within their code, these digital footprints or signatures are unique to the respective property. With signature-based detection, traditional antivirus products can scan a computer for the footprints of known malware.

These malware footprints are stored in a database. Antivirus products essentially search for the footprints of known malware in the database. If they discover one, they’ll identify the malware, in which case they’ll either delete or quarantine it.

When new malware emerges and experts document it, antivirus vendors create and release a signature database update to detect and block the new threat. These updates increase the tool’s detection capabilities, and in some cases, vendors may release them multiple times per day.

With an average of 350,000 new malware instances registered daily, there are a lot of signature database updates to keep up with. While some antivirus vendors update their programs throughout the day, others release scheduled daily, weekly or monthly software updates to keep things simple for their users.

But convenience comes at the risk of real-time protection. When antivirus software is missing new malware signatures from its database, customers are unprotected against new or advanced threats.

Next-Generation Antivirus

While signature-based detection has been the default in traditional antivirus solutions for years, its drawbacks have prompted people to think about how to make antivirus more effective. Today’s next-generation anti-malware solutions use advanced technologies like behavior analysis, artificial intelligence (AI) and machine learning (ML) to detect threats based on the attacker’s intention rather than looking for a match to a known signature.

Behavior analysis in threat prevention is similar, although admittedly more complex. Instead of only cross-checking files with a reference list of signatures, a next-generation antivirus platform can analyze malicious files’ actions (or intentions) and determine when something is suspicious. This approach is about 99% effective against new and advanced malware threats, compared to signature-based solutions’ average of 60% effectiveness.

Next-generation antivirus takes traditional antivirus software to a new level of endpoint security protection. It goes beyond known file-based malware signatures and heuristics because it’s a system-centric, cloud-based approach. It uses predictive analytics driven by ML and AI as well as threat intelligence to:

• Detect and prevent malware and fileless attacks
• Identify malicious behavior and tactics, techniques and procedures (TTPs) from unknown sources
• Collect and analyze comprehensive endpoint data to determine root causes
• Respond to new and emerging threats that previously went undetected.

Countering Modern Attacks

Today’s attackers know precisely where to find gaps and weaknesses in an organization’s network perimeter security, and they penetrate these in ways that bypass traditional antivirus software. These attackers use highly developed tools to target vulnerabilities that leverage:

• Memory-based attacks
• PowerShell scripting language
• Remote logins
• Macro-based attacks.

To counter these attackers, next-generation antivirus focuses on events – files, processes, applications and network connections – to see how actions in each of these areas are related. Analysis of event streams can help identify malicious intent, behaviors and activities; once identified, the attacks can be blocked.

This approach is increasingly important today because enterprises are finding that attackers are targeting their specific networks. The attacks are multi-stage and personalized and pose a significantly higher risk; traditional antivirus solutions don’t have a chance of stopping them.

Explore IBM Security QRadar Solutions  

Endpoint Detection and Response

Endpoint detection and response (EDR) software flips that model, relying on behavioral analysis of what’s happening on the endpoint. For example, if a Word document spawns a PowerShell process and executes an unknown script, that’s concerning. The file will be flagged and quarantined until the validity of the process is confirmed. Not relying on signature-based detection enables the EDR platform to react better to new and advanced threats.

Some of the ways EDR thwarts advanced threats include the following:

• EDR provides real-time monitoring and detection of threats that may not be easily recognized by standard antivirus
• EDR detects unknown threats based on a behavior that isn’t normal
• Data collection and analysis determine threat patterns and alert organizations to threats
• Forensic capabilities can determine what happened during a security event
• EDR can isolate and quarantine suspicious or infected items. It often uses sandboxing to ensure a file’s safety without disrupting the user’s system.
• EDR can include automated remediation and removal of specific threats.

EDR agent software is deployed to endpoints within an organization and begins recording activity on these endpoints. These agents are like security cameras focused on the processes and events running on the devices.

EDR platforms have several approaches to detecting threats. Some detect locally on the endpoint via ML, some forward all recorded data to an on-premises control server for analysis, some upload the recorded data to a cloud resource for detection and inspection and others use a hybrid approach.

Detections by EDR platforms are based on several tools, including AI, threat intelligence, behavioral analysis and indicators of compromise (IOCs). These tools also offer a range of responses, such as actions that trigger alerts, isolate the machine from the network, roll back to a known good state, delete or terminate threats and generate forensic evidence files.

Managed Detection and Response

Managed detection and response (MDR) is not a technology, but a form of managed service, sometimes delivered by a managed security service provider. MDR provides value to organizations with limited resources or the expertise to continuously monitor potential attack surfaces. Specific security goals and outcomes define these services. MDR providers offer various cybersecurity tools, such as endpoint detection, security information and event management (SIEM), network traffic analysis (NTA), user and entity behavior analytics (UEBA), asset discovery, vulnerability management, intrusion detection and cloud security.

Gartner estimates that by 2025, 50% of organizations will use MDR services. There are several reasons to support this prediction:

• The widening talent shortage and skills gap: Many cybersecurity leaders confirm that they cannot use security technologies to their full advantage due to a global talent crunch.
• Cybersecurity teams are understaffed and overworked: Budget cuts, layoffs and resource diversion have left IT departments with many challenges.
• Widespread alert fatigue: Security analysts are becoming less productive due to “alert fatigue” from too many notifications and false positives from security applications. This results in distraction, ignored alerts, increased stress and fear of missing incidents. Many alerts are never addressed when, ideally, they should be studied and acted upon.

The technology behind an MDR service can include an array of options. This is an important thing to understand when evaluating MDR providers. The technology stack behind the service determines the scope of attacks they have access to detect.

Cybersecurity is about “defense-in-depth” — having multiple layers of protection to counter the numerous possible attack vectors. Various technologies provide complete visibility, detection and response capabilities. Some of the technologies offered by MDR services include:

• SIEM
• NTA
• Endpoint protection platform
• Intrusion detection system.

Extended Detection and Response

Extended detection and response (XDR) is the next phase in the evolution of EDR. XDR provides detection and protection across various environments, including networks and network components, cloud infrastructure and Software-as-a-Service (SaaS).

Features of XDR include:

• Visibility into all network layers, including the entire application stack
• Advanced detection, including automated correlation and ML processes capable of detecting events often missed by SIEM solutions
• Intelligent alert suppression filters out the noise that typically reduces the productivity of cybersecurity staff.

Benefits of XDR include:

• Improved analysis to help organizations collect the correct data and transform that data with contextual information
• Identify hidden threats with the help of advanced behavior models powered by ML algorithms
• Identify and correlate threats across various application stacks and network layers
• Minimize fatigue by providing prioritized and precise alerts for investigation
• Provide forensic capabilities needed to integrate multiple signals. This helps teams to construct the big picture of an attack and complete investigations promptly with high confidence in their findings.

XDR is gaining in popularity. XDR provides a single platform that can ingest endpoint agent data, network-level information and, in many cases, device logs. This data is correlated, and detections occur from one or many sources of telemetry.

XDR streamlines the functions of the analysts’ role by allowing them to view detections and respond from a single console. The single-pane-of-glass approach offers faster time to value, a shortened learning curve and quicker response times since the analysts no longer need to pivot between windows. Another advantage of XDR is its ability to piece multiple sources of telemetry together to achieve a big-picture view of detections. These tools are able to see what occurs not only on the endpoints but also between the endpoints.

The Future of Antivirus Software

Security is constantly evolving, and future threats may become much more dangerous than we are observing now. We cannot ignore these recent changes in the threat landscape. Rather, we need to understand them and stop these increasingly destructive attacks.

The post The Evolution of Antivirus Software to Face Modern Threats appeared first on Security Intelligence.

Organizations must grapple with challenges from various market forces. Digital transformation, cloud adoption, hybrid work environments and geopolitical and economic challenges all have a part to play. These forces have especially manifested in more significant security threats to expanding IT attack surfaces.

Breach containment is essential, and zero trust security principles can be applied to curtail attacks across IT environments, minimizing business disruption proactively. Microsegmentation has emerged as a viable solution through its continuous visualization of workload and device communications and policy creation to define what communications are permitted. In effect, microsegmentation restricts lateral movement, isolates breaches and thwarts attacks.

Given the spotlight on breaches and their impact across industries and geographies, how can segmentation address the changing security landscape and client challenges? IBM and its partners can help in this space.

Breach Landscape and Impact of Ransomware

Historically, security solutions have focused on the data center, but new attack targets have emerged with enterprises moving to the cloud and introducing technologies like containerization and serverless computing. Not only are breaches occurring and attack surfaces expanding, but also it has become easier for breaches to spread. Traditional prevention and detection tools provided surface-level visibility into traffic flow that connected applications, systems and devices communicating across the network.  However, they were not intended to contain and stop the spread of breaches.

Ransomware is particularly challenging, as it presents a significant threat to cyber resilience and financial stability. A successful attack can take a company’s network down for days or longer and lead to the loss of valuable data to nefarious actors. The Cost of a Data Breach 2022 report, conducted by the Ponemon Institute and sponsored by IBM Security, cites $4.54 million as the average ransomware attack cost, not including the ransom itself.

In addition, a recent IDC study highlights that ransomware attacks are evolving in sophistication and value. Sensitive data is being exfiltrated at a higher rate as attackers go after the most valuable targets for their time and money. Ultimately, the cost of a ransomware attack can be significant, leading to reputational damage, loss of productivity and regulatory compliance implications.

Organizations Want Visibility, Control and Consistency

With a focus on breach containment and prevention, hybrid cloud infrastructure and application security, security teams are expressing their concerns. Three objectives have emerged as vital for them.

First, organizations want visibility. Gaining visibility empowers teams to understand their applications and data flows regardless of the underlying network and compute architecture.

Second, organizations want consistency. Fragmented and inconsistent segmentation approaches create complexity, risk and cost. Consistent policy creation and strategy help align teams across heterogeneous environments and facilitate the move to the cloud with minimal re-writing of security policy.

Finally, organizations want control. Solutions that help teams target and protect their most critical assets deliver the greatest return. Organizations want to control communications through selectively enforced policies that can expand and improve as their security posture matures towards zero trust security.

Microsegmentation Restricts Lateral Movement to Mitigate Threats

Microsegmentation (or simply segmentation) combines practices, enforced policies and software that provide user access where required and deny access everywhere else. Segmentation contains the spread of breaches across the hybrid attack surface by continually visualizing how workloads and devices communicate. In this way, it creates granular policies that only allow necessary communication and isolate breaches by proactively restricting lateral movement during an attack.

The National Institute of Standards and Technology (NIST) highlights microsegmentation as one of three key technologies needed to build a zero trust architecture, a framework for an evolving set of cybersecurity paradigms that move defense from static, network-based perimeters to users, assets and resources.

Suppose existing detection solutions fail and security teams lack granular segmentation. In that case, malicious software can enter their environment, move laterally, reach high-value applications and exfiltrate critical data, leading to catastrophic outcomes.

Ultimately, segmentation helps clients respond by applying zero trust principles like ‘assume a breach,’ helping them prepare in the wake of the inevitable.

IBM Launches Segmentation Security Services

In response to growing interest in segmentation solutions, IBM has expanded its security services portfolio with IBM Security Application Visibility and Segmentation Services (AVS). AVS is an end-to-end solution combining software with IBM consulting and managed services to meet organizations’ segmentation needs. Regardless of where applications, data and users reside across the enterprise, AVS is designed to give clients visibility into their application network and the ability to contain ransomware and protect their high-value assets.

AVS will walk you through a guided experience to align your stakeholders on strategy and objectives, define the schema to visualize desired workloads and devices and build the segmentation policies to govern network communications and ring-fence critical applications from unauthorized access. Once the segmentation policies are defined and solutions deployed, clients can consume steady-state services for ongoing management of their environment’s workloads and applications. This includes health and maintenance, policy and configuration management, service governance and vendor management.

IBM has partnered with Illumio, an industry leader in zero trust segmentation, to deliver this solution.  Illumio’s software platform provides attack surface visibility, enabling you to see all communication and traffic between workloads and devices across the entire hybrid attack surface. In addition, it allows security teams to set automated, granular and flexible segmentation policies that control communications between workloads and devices, only allowing what is necessary to traverse the network. Ultimately, this helps organizations to quickly isolate compromised systems and high-value assets, stopping the spread of an active attack.

With AVS, clients can harden compute nodes across their data center, cloud and edge environments and protect their critical enterprise assets.

Start Your Segmentation Journey

IBM Security Services can help you plan and execute a segmentation strategy to meet your objectives. To learn more, register for the on-demand webinar now.

The post Contain Breaches and Gain Visibility With Microsegmentation appeared first on Security Intelligence.

The need to achieve responsible enterprise security has taken center stage in enterprise IT management in recent years, precipitated by a deluge of public data breaches that damaged company reputations. However, lacking information on the most critical modern attack vectors, many organizations continue to rely solely on traditional virus scanning tools as their sole method of enabling endpoint security.

Many business professionals seem to cling to a common misconception that the implementation of a malware protection tool provides blanket protection against all potential security risks. The broad availability of free scanning tools and Window’s native Defender software has lulled individuals who are not particularly risk-conscious into a false sense of security when it comes to protecting their IT resources.

To be clear, it is certainly true that scanning and remediation tools for malware — including viruses, Trojans, ransomware and adware — continue to be critical components of any security arsenal. According to Enterprise Management Associates (EMA) research, 73 percent of surveyed organizations indicated they have been affected by a malware attack, and only 58 percent reported a high level of confidence that they can detect a malware incident before it causes a business-impacting event.

These challenges are only accelerating due to a new generation of advanced malware attacks that are designed to target specific environments or conditions and are more resistant to removal or cleanup. However, it is important to recognize that these threats represent only a portion of the total risks posed by the use of endpoint devices in modern business environments.

Learn more about endpoint security and mobile threat defense

Modern Endpoint Security Attack Vectors

Beyond the threat of malware infection, the broad reliance on distributed endpoint devices — including desktops, laptops, tablets, smartphones and wearables — poses a number of challenges to enterprise security assuredness. In traditional environments, endpoint devices (primarily desktops) and the applications and data they utilized were kept contained on controlled business networks.

Today, however, critical business IT services are distributed across numerous public and private cloud, web, and server-hosting environments. Additionally, the “mobile revolution,” which began a decade ago, introduced more portable endpoint devices, allowing users to access business IT services from any location at any time. The consequence of these foundational changes to IT service delivery is that there is no longer a secure perimeter within which business devices, applications and data can be protected. Instead, all IT services must be considered continuously at risk.

Unfortunately, many bad actors are far ahead of the curve in figuring out how to exploit a world of interconnected and poorly secured software and devices. Cryptojacking is a prime example of this. It occurred to some resourceful individuals that it would be much cheaper and easier to secretly leverage the processing power of millions of end-user devices by embedding code in common websites to perform free cryptocurrency mining activities, rather than to purchase and manage a dedicated server farm for this purpose.

As a result, the performance of business devices and, by extension, the productivity of business workers are being diminished to line the pockets of clandestine entrepreneurs. Additionally, the eminent portability of the most commonly used endpoint devices (tablets and smartphones) further reduces their inherent security. EMA research indicated that one out of every eight mobile devices and one out of every 20 laptops containing business data ends up lost or stolen.

These are only two examples of rapidly evolving endpoint security challenges that plague enterprise operations teams, and this trend is expected to accelerate with cyberterrorists leveraging the power of intelligence technologies such as machine learning to identify new weaknesses they can exploit.

The Biggest Threat to Endpoint Security

EMA recently noted that the most frequent consequence of a security breach is not a malware infection, but compromised business data. We live in an age when information is a commodity that can be bought and sold through both legal markets and shadowy outlets. The latter, of course, is the greater concern with critical data — such as user access credentials, Social Security numbers, bank account information and other sensitive information — regularly being auctioned on the dark web. Cyberattacks are no longer designed just to be a nuisance; they are the cornerstone of a high revenue-generating industry.

There are three principal methods through which data is compromised on an endpoint:

1. The first is through the use of invasive software, such as hidden code in applications and websites that collect and distribute data to remote systems without the knowledge of the users.
2. The second involves manipulating users into unwittingly granting nefarious actors’ access to devices and IT resources. This is most frequently accomplished with the use of phishing schemes that employ psychological inventiveness rather than technological proficiency.
3. The final method for compromising data on endpoint devices occurs when the user distributes the information themselves in an unsecure manner.

A Responsible Approach to Endpoint Security

Antivirus and other malware protection solutions can certainly help protect endpoint devices from related attacks, but they do very little natively to prevent data loss from other attack vectors. To responsibly ensure endpoint devices can securely perform business tasks, organizations must adopt a multifaceted approach to security that continuously monitors for inappropriate device activities and effectively controls access to enterprise data and resources.

To enable holistic visibility, configuration, status and contextual information should be collected on devices, processes and network activities. Intelligence technologies, such as analytics, language processing and machine learning, should be applied to collected details so that any potential security risks can be rapidly identified, and policy-based automated responses can be immediately implemented.

Of course, enterprise data is not a risk at all if it is never removed from secured locations in the first place. This can be accomplished with the use of resource isolation technologies, such as containerization, app wrapping, virtualization and browser isolation solutions. Data access and distribution controls are also enhanced with the introduction of strong identity and access management (IAM) capabilities. IAM platforms that are risk-based and governed by policy controls provide a strong first line of defense in any security implementation, particularly if they holistically leverage device information collected by endpoint and security management tools, as well as common intelligence technologies to accurately determine the level of risk associated with allowing an access event to occur.

Unified endpoint management (UEM) solutions designed to support all endpoints across an entire IT ecosystem offer the optimal platform from which to manage a diverse range of security processes. Comprehensive UEM solutions centrally support capabilities for data collection, reporting and alarming, data analysis, and automated response that are the hallmark of a responsible endpoint security approach. Solutions in this field are greatly advantaged if they can extend their security management capabilities through direct integrations with related platforms or by enabling integrations with the use of an API.

Effective endpoint security management requires a broad spectrum of key functionality that goes far beyond just malware detection, but with the right resources in place, organizations can ensure the secure utilization of enterprise IT services without unnecessarily limiting workforce productivity.

Discover new approaches to endpoint security

The post What Is the Biggest Challenge Facing Endpoint Security? Hint: It’s Not Malware appeared first on Security Intelligence.

Better personal security in everyday life isn’t something everyone considers — at least, not until something goes wrong. Securing home devices and personal accounts can be daunting for those who just aren’t that interested in the devices or cybersecurity. Learning the basics of personal cybersecurity is not the most appealing activity to everyone, and getting lectured by tech-savvy family members isn’t either.

Fortunately, there is a better way to teach cybersecurity. Giving the gift of better security can grant you an opportunity to discuss broader security topics in terms that specifically relate to your loved ones’ daily lives.

Here are six security awareness gifts for the person in your life who just isn’t that into security.

1. A New, More Secure Router

Home Wi-Fi security is an important part of overall personal cybersecurity that’s commonly overlooked. Default device passwords are often left unchanged after purchases, and owners aren’t always on the lookout for firmware updates. Older router models may also use outdated security protocols, so a new router can be a security awareness gift that secures the home network.

Gifting a new router may also mean spending part of your visit as a family tech support representative who reconnects devices and updates software. As painful as change might seem to your family members, a more secure home network will be worth the effort.

2. A Password Manager Subscription

Password reuse remains a gateway to multiple types of account information, especially as more personal record caches are being exposed online or sold on the dark web. Building better password habits and eliminating reuse can go a long way toward better personal security, and a password manager subscription can be a step in this direction.

As we all know, more secure passwords are but one of the many habits required to secure your digital world. Learning a new login workflow may not be for everyone, and new users may not like the change initially, but they may feel compelled to keep going if they understand how it can help them protect their accounts.

While risk and security vulnerabilities still exist, password managers are still a better tool than weak or reused passwords.

3. Encrypted File Storage/Backups

Ransomware gets a lot of press for good reason. A ransomware attack can result in total data loss when no backup exists, but secure file storage held locally or in the cloud can help eliminate much of the dread associated with data loss after a ransomware attack.

Giving the gift of an external encrypted storage device or a cloud-based encrypted backup service can grant your family members peace of mind. Knowing that important data will be secured even if your machine is overtaken by ransomware can ease worries over potential data loss.

4. Computer Monitor Privacy Filters

Privacy filters for monitors and laptop screens help protect your on-screen activity from prying eyes. They make it nearly impossible for someone to make out what’s on your screen unless they’re sitting right in front of it. Commuters and other travelers can benefit from this kind of physical barrier to their private information being displayed in public. Filters can also serve as a physical reminder to employ better personal security practices.

Privacy filters can be removed and may not protect against unauthorized access in cases where devices are stolen. If they’re used as part of an overall better approach to physical security and cybersecurity, however, they can decrease the likelihood of data loss during travel.

5. Anti-Malware and Ransomware Protection

Protecting against known malware threats and ransomware attacks is a must for personal devices. Not all family members are aware there are solutions to help prevent ransomware attacks. Coupled with an external or cloud-based encrypted backup, an anti-malware and ransomware service subscription can help protect your loved ones’ devices from attacks. Gifting several small security awareness gifts in this way can effectively build up defenses across a variety of otherwise vulnerable channels.

Bear in mind that false positive scan results and software bugs are possible when new definitions are installed, and this could be alarming to a user unfamiliar with anti-malware software. Teaching new users what to expect from their software (including potential bugs) may help to ease their minds.

6. A Virtual Private Network (VPN) Subscription

Virtual private networks (VPNs) can be a good way to separate and encrypt your own traffic away from everything else traveling with your data. They offer significantly more privacy and security compared to a standard internet connection.

As I’m sure you know, some security awareness gifts may require a little extra work. Finding an appropriate VPN service that is maintained by a reputable company might be a challenge. Also, VPNs can be very helpful but no device can be secured from every possible attack. Understanding a VPN’s role in overall security habits could help new users as they learn a new network connection workflow.

Teaching Better Security Through Useful Tech Gifts

Each of these gifts could include discussion around their purpose, which may provide a better way to teach cybersecurity. They all reinforce better security through physical means or by encouraging new habits, and they offer the new user an opportunity to learn more about cybersecurity, a topic they might otherwise neglect.

The post 6 Security Awareness Gifts for the Cybersecurity Unaware appeared first on Security Intelligence.