Monday, 15 June 2020

Top-4 Cybersecurity Threats Faced by Small Businesses And How You Can Prevent It

Be it a small business or an enterprise, cybersecurity threats possess the same amount of risk. There is a common myth that exists that a small business can’t become a potential target of any cybersecurity; however, this is not the case.

With an increasing number of automated cyberattacks rising every day, it has allowed small businesses to serve as soft-targets. When compared to larger enterprises, small businesses are low on resources and often don’t tend to invest quite extensively on security technologies. Due to the lack of dedicated and stringent cybersecurity measures, it makes them an easier target of cybercriminals.
A cyberattack can result in a damaged image for such business and its post-effects can be quite devastating. An online report states that a small business with an employee cap less than 500, tend to lose around $2.5 million after every cyberattack. Losing out such a huge amount of money can be financially demotivating for any small business. Keeping in mind all these reasons, small businesses must make sure that they’re aware of these threats and how they can stop them in the initial stages. 

Wednesday, 10 June 2020

WHAT DO YOU KNOW ABOUT BROKEN AUTHENTICATION AND SESSION BREACH?

As we are covering OWASP top 10 vulnerabilities,broken authentication is one of it. Broken Authentication itself suggests the breach in the authentication procedure of a web application. Session management is the rule which checks for the interactions amid a web application and end-users. A web session is actually a transactional chain of HTTP commands and responses made by the client to a server. HTTP/HTTPS is the protocol to communicate between the website and the browser.
So, in broken authentication, hackers find the exposures where the breach could be done to dodge or seize the authentication functions.
Following are the ways where the authentication breach could happen –
  • Probable login credentials.
  • Exposed session IDs in the URL (e.g., URL rewriting).
  • Vulnerable session IDs to fixation attacks.
  • Unprotected user authentication credentials.
  • Session IDs, passwords, and other identifications sent over unprotected and unencrypted connections.
  • Non-rotated or Unshuffled session IDs after successful login.
  • Undestroyed or not invalidated session values after logout.
Such attacks aim to get access to more than one account and gain all the privileges of the user which is attacked. These privileges let the attacker do whatever he wants.

Monday, 8 June 2020

How to Protect Your Organization’s Online Presence from Phishing Scams

The dawn of digital transformation has taken the internet by storm with the growing number and sophistication of phishing scams. Long back in 1996, phishing scams involved fooling people through messages pretending to be the authentic source. People those days fell prey to such scams and shared their account details and billing information. Though the strategies have become outdated today and we believe we can’t be fooled with such techniques, Phishing remains as popular as ever. 



Over the years, Phishing has transformed drastically from simple messaging to spooky emails. There is no end to the rising number of phishing scams through emails with fake IDs, driving to the malicious website that appears to be similar to the one it is imitating. The hackers are sneaking into your email conversations with previously compromised email accounts, replying to your mail threads with malicious links or attachments trying to acquire confidential information of your company.

With time the threat actors are turning out to be more precisewith their target audience. Spear Phishing targets known individuals to lure them, observing their online activities and imitating the websites they are accessing. Whaling is more precise, which targets executives at higher positions. Both techniques involve a huge amount of research and observation to entice the targets to open the fraudulent emails. There is a thin line of difference between Spear Phishing and Whaling. Spear Phishing is used to target an individual while Whaling targets an organization’s top level executives. Scammers popularly use whaling to acquire the organization’s valuable information which comprises of trade secrets and passwords credentials to administrative company accounts.

Though the digital era demands the use of advanced technologies like IoT, AI, Cloud Computing; security becomes a major concern here. In the present scenario, while we all are working in the extended perimeters of our homes, no one wants to fall prey to phishing scams.

Let’s have a look at the preventive measures to be taken to secure your organization’s online presence from phishing scams.

1.       Build a Cybersecurity Awareness Training Program:

The organizations Cyber security is as strong as the weakest employee of the company. A security breach is likely to occur due to human negligence rather than cyber-attack. Conduct Cyber security awareness training program and educate your employees about the phishing trends and tactics to spot them. The training session will ensure use of approved software and strong passwords in the organization. Enlighten the employees on the Cyber security strategies and multi-factor authentication to protect the business data from top 10 OWASP vulnerabilities.

2.       Install an Anti-Phishing Toolbar:

According to experts, 97% of Internet consumers within an organization fail to identify sophisticated phishing emails. Deploying anti-phishing tool is a comprehensive anti-phishing solution that delivers detailed information of the website you are browsing on the internet preventing such scams. The toolbar secures your business information with routine checks of the visited sites comparing them with the known phishing sites in their database.

While browsing through the internet, if the user accidentally lands to a malicious site, the toolbar sets an alert.

These toolbars are offered by most of the popular browsers with no extra cost. To secure your organization’s confidential information, the decision makers should install the anti-phishing toolbar to keep a track of your website security. It verifies the email content, attached files, and other information securing your online presence from web spoofing or phishing.

ESDSVTMScan is a vulnerability scanning tool regularly notifying you of the security lapse, thus Securing your organization from a security breach. 

1.       Use Web Application Firewalls:

The web application firewalls act as a barrier to phishing scams. Most of the organizations use Web Application Firewall as a defense tool between their business website and the internet traffic, safeguarding the online presence against malicious intruders. The internet traffic consists of malicious requests which might be spoofed emails, messages, requests from fraudulent websites. So, deploying a WAF secures your online presence from these Cyber security attacks and malicious actors.

This indispensable part of the web application security strategy identifies and patches the vulnerabilities in applications and servers, blocking malicious actors from finding these loopholes. ESDS eNlight WAF is a specially engineered intelligent Cloud Hosted Web Application Firewall that protects your web applications from threats/attacks. Protect your online presence against these spoofed requests with ESDS eNlight WAF.

1.       Detect Potential Threats with AI and ML:

With sophistication of cyber threats, Cyber security is also evolving at a rapid pace. AI and ML can analyze the user behavior and proactively detect the threats thus assisting your organization in Cyber security war. The advanced technology solutions like AI and ML trace the anomalies and warning signals for phishing throughout the email. AI examines the email message based on the context comparing it with previous phishing scams.

2.       Endpoint Monitoring and Protection:

No doubt at workplace employees tends to make use of their personal devices. The rising use of these devices introduces a number of fresh endpoints which need to be protected under IT security system. At workplace there are certain devices with compromised security, monitoring and protecting them becomes a crucial task. Monitor such endpoints and offer remediation for compromised devices to prevent the explosion of attack through these unmanaged devices.

Wrap Up

The dawn of the digital era has taken the internet by storm with the rising number of Internet consumers and sophistication of phishing scams. The scammers are innovating unique strategies to sneak into your email conversation and India ranks 3rd after Canada and the United States for Phishing scams. The above-mentioned techniques will help you secure online presence of your organization from Phishing Scams.

Companies like ESDS – The Digital Transformation Catalyst are finding new ways to defend your online presence with the help of advanced technological solutions to fight against the sophisticated scammers. ESDS eNlight WAF, ESDS eNlight WebVPN, and VTMScan are the Made in India security tools to guard your online presence.

For further queries, you can connect to us at getintouch@esds.co.in | 1800 209 3006

Thursday, 4 June 2020

Are you aware of all types of online scams prevalent nowadays?

The general rule of thumb when working on the Internet is If you feel suspicious about any email at all, do not open it, and for sure don’t open any link provided inside it. 

Online phishing scams have been around a while and as we turn more towards Digital Technology for almost everything. Right from social interaction to banking and shopping online, Identity and banking information thefts are running rampant. 

The problem seems to be growing even more like a lot of our personal information is publicly available on Social media channels and other data collecting websites. 

The problem is only growing, as more personal information is now publicly available on social media channels and websites, and hackers can easily craft personalized phishing attacks for their preys and be very convincing and easily bypass many Security systems. In recent years we have also witnessed an increase in bank fraud cases where using stolen identities, and Aadhaar information scammers have stolen money from individual bank accounts. 

Kaspersky Lab a cybersecurity firm investigated the Dark Web Market and found out that personal data of any person, their complete digital life is worth even less than $50 nearly just Rs 3500.