October 2, 2019
Something To Learn Before Another Zero-Day Strikes Again
“We have zero days to patch this vulnerability!”
This is something I get to hear in my nightmares. Luckily, bad dreams are only dreams. But dreams have a nasty habit of going bad when you're not looking.
When you think about it, zero-day is a lot like running a company.
People are working hard to fix something, and it’s already late. Nobody is immune to that nerve-racking roll of the dice.
As a cybersecurity specialist, I understand that to decrease the number of times we are forced to act reactionary, we all need to stay proactive. Based on my experience, few companies achieve that.
That concerns regular employees unfamiliar with security recommendations we are preaching to them daily. For example, employees use their own mobile devices to log into corporate accounts.
Knowing that some Xiaomi, Pixel, Oppo, Moto, Huawei and Samsung phone models are vulnerable to CVE-2019-2215, the possibility of the data breach is growing.
You can read more about CVE-2019-2215 in this blog post.
Bring Your Own Device policy has its flaws, but not a lot of companies can afford to supply all their users with corporate devices.
One way to resolve the issue is to make sure every worker follows cybersecurity basics I defined almost one year ago at the Digital Evolution Forum held by Microsoft.
- Data should always be encrypted in transit and at rest.
- Encryption should transpire on the client’s side.
- Only a client should have access to encryption keys.
- Sensitive data and files should not be transferred via unprotected communication channels.
- The company must be in full control of the storage with encrypted information and keys.
- Cybersecurity solutions must be legally compliant (GDPR, HIPAA, SOX).
When it comes to cybersecurity solutions, there are many good options to choose from. One of them is StealthTalk, and I encourage you to learn more about this messenger on its official website.
Update your devices when possible, keep your data and encryption keys under control, and make it harder for normal users to make a costly mistake.
I wish everyone a productive, zero-day-free week!