Welcome!

@CloudExpo Authors: Elizabeth White, Yeshim Deniz, Pat Romanski, Aruna Ravichandran, Liz McMillan

Related Topics: @CloudExpo, Agile Computing, Cloud Security

@CloudExpo: Blog Post

How to Combat Security Cracks Created By Collaboration | @CloudExpo #Cloud #Cybersecurity

The number of cyberattacks will grow as employees increasingly use collaboration tools to maximize their company’s productivity.

How to Combat Security Cracks Created By Collaboration
By Ram Vaidyanathan, ManageEngine

Cybercrime costs the global economy as much as $450 billion each year. And, the median cost of cybercrime has increased by nearly 200% in the last five years.

Meanwhile, collaboration has become the cornerstone of successful organizations. But collaboration often comes with a risk. The number of cyberattacks will grow as employees increasingly use collaboration tools to maximize their company's productivity. This is because these tools can provide new points of entry for hackers looking to cause damage. This issue could become more serious as we will see more radical collaboration tools in the days to come. Fortunately, there are always going to be readily available solutions.

Here are three ways in which an organization's security can be compromised due to increased collaboration.

1. A wolf in sheep's clothing: Companies collaborate with suppliers, vendors and customers in the cloud every day. Consider this scenario: A supply chain executive receives an automated weekly email with an MS Excel file from their logistics partner, giving the estimated time of arrival for products. A cybercriminal somehow discovers this practice. The criminal then impersonates the logistics partner by using a similar email address. The executive doesn't notice and downloads the attachment - an executable (.exe) file masked as an MS Excel file. When the executive opens the file, a wolf in sheep's clothing enters the company's network to steal trade secrets, financial data, and customer information. This modus operandi, called spear phishing, is popular globally. By some estimates, 91% of all attacks begin with spear phishing.

2. A betrayal: With the advent of bring your own device (BYOD), collaboration has become fairly common. Employees can now access work files while away from the office and increase their productivity. On the other hand, disgruntled employees can easily expose information or even sabotage company files. What if an employee who is about to join a competitor were to print customer contact details from a remote location? And what if this employee took this information to the new workplace? This betrayal could lead to the company losing its competitive edge.

3. A foreign adversary: Even governments are not immune to cyberattacks from foreign state-sponsored adversaries. Government employees may visit certain websites frequently to collaborate with employees from other departments or with their citizens. Malware placed on these sites could exploit vulnerable endpoints and compromise the devices of any visitors. Malware can also morph into more serious advanced persistent threats (APTs) that can lurk in the victim's system for a long time. This way, these adversaries could secretly keep a tab on issues of national security and international policy. When governments can face such threats, businesses are all the more at risk.

To fight data breaches and defend their business, organizations must protect all entry points. Here are few ways in which organizations can defend against each of the threats identified above.

1. Guarding the door: Application white listing, a method of checking applications against an approved list, is effective against criminals in disguise looking for an entry point. If an unknown program tries to run, it will be barred. This is very effective against spear phishing attacks. In addition, a log management system would help to collect logs on failed access attempts and decipher whether or not they are attacks.

2. Guarding from inside: A privileged password management process can help organizations protect against insider threats. All privileged identities and passwords are stored in a centralized vault and only approved devices are allowed to access information from remote locations. Furthermore, companies can video record all sessions, whether on-premise or remote, for a complete record of all actions.

3. Defending against international threats: Software applications that analyze packet flow can detect malicious traffic hitting the network in real time. In case of a sophisticated attack, the company can immediately view the offender's IP, the severity of the attack and the time of the attack. A detailed forensic investigation will enable the company to detect patterns and identify the source of unwanted intrusions.

In the present age of heightened collaboration, the risk of cybercrime is very high. Organizations need to defend against techniques such as spear phishing, malware and APTs, among others. Application white listing, privileged password management and network behavior anomaly detection are just three modes of defense.

And what happens in a future of radical collaboration tools?

Future collaboration tools will be even more powerful. For example, the combination of holography and brain decoding technology may create a society in which people have meetings between their virtual selves in the office. What if a cybercriminal impersonates a CEO's virtual self and compromises the business by giving wrong instructions during a meeting?  In a scenario like this, even if a criminal were somehow able to project the CEO's hologram inside the office, the ICT team could detect the deviation if there were inconsistencies with the CEO's known logic. There is no doubt that the future holds endless possibilities for collaboration, which we know to be integral for business success. We just need to make sure our security technology is well equipped to handle it. However sophisticated the attacks in an age of increased collaboration, a proactive ICT team will always prevail.


Ram Vaidyanathan is an IT evangelist at ManageEngine, the real-time IT management company. Ram closely follows emerging industry trends and is a frequent blogger on technology topics. His main interest is in the impact of the Internet of Things on IT management. He has an MBA from the Schulich School of Business.

More Stories By ManageEngine IT Matters

ManageEngine believes IT management can be simple and affordable. Our authors share insights and how-to tips for SMBs and large enterprises. Over 120,000 companies around the world – including three of every five Fortune 500 companies – trust our products to manage their networks, data centers, business applications, and IT services, and security. We take a straightforward, customer-centric approach to IT management software. Our customers' needs drive our product philosophy. And we've built a strong, in-house R&D team to support our product team and turn customer requests into product realities. We look forward to hearing from you.

@CloudExpo Stories
SYS-CON Events announced today that SourceForge has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. SourceForge is the largest, most trusted destination for Open Source Software development, collaboration, discovery and download on the web serving over 32 million viewers, 150 million downloads and over 460,000 active development projects each and every month.
SYS-CON Events announced today that Nihon Micron will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Nihon Micron Co., Ltd. strives for technological innovation to establish high-density, high-precision processing technology for providing printed circuit board and metal mount RFID tags used for communication devices. For more inf...
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities – ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups. As a result, many firms employ new business models that place enormous impor...
SYS-CON Events announced today that MIRAI Inc. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MIRAI Inc. are IT consultants from the public sector whose mission is to solve social issues by technology and innovation and to create a meaningful future for people.
Widespread fragmentation is stalling the growth of the IIoT and making it difficult for partners to work together. The number of software platforms, apps, hardware and connectivity standards is creating paralysis among businesses that are afraid of being locked into a solution. EdgeX Foundry is unifying the community around a common IoT edge framework and an ecosystem of interoperable components.
SYS-CON Events announced today that Dasher Technologies will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Dasher Technologies, Inc. ® is a premier IT solution provider that delivers expert technical resources along with trusted account executives to architect and deliver complete IT solutions and services to help our clients execute their goals, plans and objectives. Since 1999, we'v...
SYS-CON Events announced today that TidalScale, a leading provider of systems and services, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. TidalScale has been involved in shaping the computing landscape. They've designed, developed and deployed some of the most important and successful systems and services in the history of the computing industry - internet, Ethernet, operating s...
SYS-CON Events announced today that Massive Networks, that helps your business operate seamlessly with fast, reliable, and secure internet and network solutions, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. As a premier telecommunications provider, Massive Networks is headquartered out of Louisville, Colorado. With years of experience under their belt, their team of...
SYS-CON Events announced today that IBM has been named “Diamond Sponsor” of SYS-CON's 21st Cloud Expo, which will take place on October 31 through November 2nd 2017 at the Santa Clara Convention Center in Santa Clara, California.
Infoblox delivers Actionable Network Intelligence to enterprise, government, and service provider customers around the world. They are the industry leader in DNS, DHCP, and IP address management, the category known as DDI. We empower thousands of organizations to control and secure their networks from the core-enabling them to increase efficiency and visibility, improve customer service, and meet compliance requirements.
In his session at 21st Cloud Expo, Michael Burley, a Senior Business Development Executive in IT Services at NetApp, will describe how NetApp designed a three-year program of work to migrate 25PB of a major telco's enterprise data to a new STaaS platform, and then secured a long-term contract to manage and operate the platform. This significant program blended the best of NetApp’s solutions and services capabilities to enable this telco’s successful adoption of private cloud storage and launchi...
SYS-CON Events announced today that TidalScale will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. TidalScale is the leading provider of Software-Defined Servers that bring flexibility to modern data centers by right-sizing servers on the fly to fit any data set or workload. TidalScale’s award-winning inverse hypervisor technology combines multiple commodity servers (including their ass...
As hybrid cloud becomes the de-facto standard mode of operation for most enterprises, new challenges arise on how to efficiently and economically share data across environments. In his session at 21st Cloud Expo, Dr. Allon Cohen, VP of Product at Elastifile, will explore new techniques and best practices that help enterprise IT benefit from the advantages of hybrid cloud environments by enabling data availability for both legacy enterprise and cloud-native mission critical applications. By rev...
Join IBM November 1 at 21st Cloud Expo at the Santa Clara Convention Center in Santa Clara, CA, and learn how IBM Watson can bring cognitive services and AI to intelligent, unmanned systems. Cognitive analysis impacts today’s systems with unparalleled ability that were previously available only to manned, back-end operations. Thanks to cloud processing, IBM Watson can bring cognitive services and AI to intelligent, unmanned systems. Imagine a robot vacuum that becomes your personal assistant tha...
As popularity of the smart home is growing and continues to go mainstream, technological factors play a greater role. The IoT protocol houses the interoperability battery consumption, security, and configuration of a smart home device, and it can be difficult for companies to choose the right kind for their product. For both DIY and professionally installed smart homes, developers need to consider each of these elements for their product to be successful in the market and current smart homes.
Companies are harnessing data in ways we once associated with science fiction. Analysts have access to a plethora of visualization and reporting tools, but considering the vast amount of data businesses collect and limitations of CPUs, end users are forced to design their structures and systems with limitations. Until now. As the cloud toolkit to analyze data has evolved, GPUs have stepped in to massively parallel SQL, visualization and machine learning.
In his Opening Keynote at 21st Cloud Expo, John Considine, General Manager of IBM Cloud Infrastructure, will lead you through the exciting evolution of the cloud. He'll look at this major disruption from the perspective of technology, business models, and what this means for enterprises of all sizes. John Considine is General Manager of Cloud Infrastructure Services at IBM. In that role he is responsible for leading IBM’s public cloud infrastructure including strategy, development, and offering ...
SYS-CON Events announced today that N3N will exhibit at SYS-CON's @ThingsExpo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. N3N’s solutions increase the effectiveness of operations and control centers, increase the value of IoT investments, and facilitate real-time operational decision making. N3N enables operations teams with a four dimensional digital “big board” that consolidates real-time live video feeds alongside IoT sensor data a...
In his session at 21st Cloud Expo, Raju Shreewastava, founder of Big Data Trunk, will provide a fun and simple way to introduce Machine Leaning to anyone and everyone. Together we will solve a machine learning problem and find an easy way to be able to do machine learning without even coding. Raju Shreewastava is the founder of Big Data Trunk (www.BigDataTrunk.com), a Big Data Training and consulting firm with offices in the United States. He previously led the data warehouse/business intellige...
In a recent survey, Sumo Logic surveyed 1,500 customers who employ cloud services such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). According to the survey, a quarter of the respondents have already deployed Docker containers and nearly as many (23 percent) are employing the AWS Lambda serverless computing framework. It’s clear: serverless is here to stay. The adoption does come with some needed changes, within both application development and operations. Tha...