31 August 2021

Kaspersky warns companies over discarded data

08/28/2021 12:55:45 PM


As cliché as it sounds, data is still the kind, even for cybercriminals. One of the considered crudest approaches by these attackers is diving into corporate trash for any valuable data.

Global cybersecurity company Kaspersky has found these top three most-discarded items—work documents, envelopes, and digital storage media—that are considered highly useful for cybercriminals. These culprits may extract information from these materials and use it as a weapon to monetize or use against your company.
"It's said that one can learn a lot about a person or a company from the trash they throw away. Cybercriminals know that all too well, and finding out that they rummage through company garbage shouldn't be surprising," said Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky.
Even with the advent of digitalization, companies would still be doing a lot of paperwork. Research conducted by a printer company has founded the average office worker prints as many as 6,000 sheets of paper in a year (25 in a day), and about 3,720 sheets are considered waste (10 per day). Another research says that nearly half of printed documents in a typical office are discarded within 24 hours.

Tossed-out work documents don't need to have confidential data in them to reveal what your team is doing, your business vocabulary, or even your current business processes. Once these are in the hands of a cybercriminal, such information would be handy to impersonate a staff, supplier, or client through telephone or email to draw out more information.

The past few years saw cybercriminals increasingly relying on doing business email compromise (BEC) attacks that target corporate correspondence. A real-life example was when a car manufacturer's European division lost more than $37 million (P1.8 billion in today's current forex) to cybercriminals due to a fake bank transfer instruction that an employee mistook as legitimate.

Another interesting trash for cybercriminals is envelopes from business letters that indicate details of the addressee and the sender. Through this, a cybercriminal can contact the recipient with a convincing request for clarification or send a malicious link that appears to confirm receipt of a real physical document.

Not to be ignored as ordinary office trash are digital media which can be a treasure trove of information for anyone with malicious intent. A broken smartphone can cough up lists of contacts and messages and can be used to imitate the former user of the device. Flash drives, hard disk drives, or solid-state drives hold tons of work documents and personal data.
"More than 80% of all cyber-incidents are caused by human error. Cost-wise, a cybersecurity breach would set back a small to medium-sized business about $101,000 and an enterprise for $1,090,000 on average (as of last year's statistics from Kaspersky). So, it's up to us in the business sector, regardless of position in the company, to be mindful that the security of the business depends directly on our behavior in handling corporate data," adds Yeo.
With all that said, Kaspersky recommends the following steps on how to minimize or eliminate the use of office supplies for data storage and hopefully not be used by an attacker:

1. First, destroy all paper documents related to the company's work before tossing them in the garbage. That means all of them, not just those containing personal data. Shred them, envelopes included. 

2. Digital media (hard drives, flash sticks) do not belong in the trash. You have to render them mechanically unusable and take them to an electronics recycling center. Use pliers to snap disks and flash drives. For hard drives, use an electric drill or hammer. Remember that there is a flash drive inside every phone and a hard drive inside every computer. If you're throwing any of them out, first make sure their data is unreadable. 

3. Before throwing away parcels or food delivery bags, it's good practice to tear off and destroy any labels with the name and address of the sender and recipient.

Besides proper disposal of corporate garbage, businesses can beef up their cybersecurity by utilizing technologies like Kaspersky Endpoint Detection and Response Optimum (KEDRO), which delivers straightforward, in-depth defense against complex and advanced threats with no additional overheads.
The KEDRO automation features ensure that incidents are dealt with swiftly. Its simplified root cause analysis helps reveal the true scope of the threat so you can act accordingly, all with an easy-to-use toolkit.

Find out the latest KEDRO promos and discounts at Kaspersky Endpoint Detection and Response Optimum.

Author: slickmaster | © 2021 The SlickMaster's Files

No comments:

Post a Comment

Feel free to make a comment as long as it is within the bounds of the issue, and as long as you do it with decency. Thanks!

Reader Advisory

Some articles posted in The SlickMaster's Files may contain themes, languages, and content which may neither appropriate nor appealing to certain readers. READER DISCRETION is advised.