Octarity

#Digitalsafety for parents 📢

Beware of Too Good to Be True! An unexpected job offer? Think twice. Cybercriminals impersonate trusted companies like CrowdStrike and other well-known technology companies to deliver hidden malware. Stay vigilant and verify every opportunity. 🔗 A healthy dose of skepticism helps safeguard critical infrastructure every day. #CyberSecurity #CriticalInfrastructure #OTSecurity #PhishingAwareness #CyberAwareness

Think Before You Click! Especially if you are working on critical infrastructure networks using the same device as you use when browsing the internet. Phishing emails are crafted to trick you—don’t take the bait! Always verify the sender and check links before you click. A moment of caution can save critical systems. 🔗 Every step counts toward securing critical infrastructure—start by being mindful of every email you open. #CyberSecurity #CriticalInfrastructure #OTSecurity #PhishingAwareness #CyberAwareness

🚦Critical Infrastructure Engineers: Look out for a New Phishing Campaign Impersonating CrowdStrike! A phishing campaign targeting job seekers, impersonating the well-known cybersecurity company CrowdStrike to trick victims into installing a Monero cryptocurrency miner (XMRig) is going around. 🔹 Here's what you need to know to prevent yourself from falling victim… How the Attack Works: 🔸 Phishing Email: Victims receive an email allegedly from a CrowdStrike hiring agent, thanking them for applying to a developer position. 🔸 Fake Job Offer: The email directs victims to download a supposed 'employee CRM application' from a website appearing to be CrowdStrike's portal. 🔸 Malicious Download: Clicking the link provides options for downloading the fake app for Windows or macOS. 🔸 Deceptive Installer: The app runs checks to avoid sandbox detection, displays a bogus error ("file is corrupt"), but silently installs and runs XMRig, a cryptocurrency miner. Why This Matters in OT Environments: 🔺 Impact: Compromised engineering devices can serve as entry points to critical systems. Malware can propagate laterally, disrupting operations or exposing vulnerabilities to further exploitation. XMRig is configured to use minimal resources (max 10%) to evade detection, making it a persistent and low-key type of threat to detect. 🔺 Targeted Professionals: Engineers and technical experts are often attractive targets for phishing campaigns due to their access to sensitive systems and data. 🔺 Operational Risk: Even minimal system disruptions can lead to operational failures in critical infrastructure environments. Check out our downloadable poster for 5 essential tips to protect your operations, including verifying sources, safe browsing habits, and staying alert for suspicious emails. A secure critical system starts with informed action—take the first step today!"

Our Cyber Risk and Governance leader, Michelle Govender recently shared insights on Veritas radio station with the amazing host Karen Goldstone-Hoffman (FCG) & Sifiso (Sifis'esihle) W. Ndwandwe. Here are key points from the show... Small businesses owners often think of themselves as less likely targets for cyberattacks, but they are more vulnerable than larger companies for a few reasons... [1] Small businesses often lack the awareness, skills, and resources to protect themselves from cyberattacks. They may not have dedicated IT staff or cybersecurity experts, therefore may not be aware of the latest threats and vulnerabilities. [2] Small businesses may not have the funds to invest in robust cybersecurity solutions. This leaves them more exposed to attacks and more likely to suffer significant damage if they are attacked. [3] The increasing use of digital technology by small businesses makes them more vulnerable. As small businesses grow and expand their online presence, their risk increases, especially if they engage in e-commerce **Interview key insights** ♦ Common Risks: 1. Phishing attacks and scams (and other versions of this) and CEO fraud 2. IP theft 3. Client data leakage Here are a few tips that were shared on the show: 🔹 Company directors need to understand the strategic impact of an attack on their business revenue, reputation, legal and compliance obligations, and the steps they can take to protect themselves. 🔷 With limited resources available, small to medium business owners should seek practical advice and solutions. This includes staying updated and taking guidance from credible bodies such as the Cybersecurity Hub, CSIR, ENISA , and NIST which offer guidance and support. 🔷 Leverage your cloud and SaaS solutions security controls and ensure your solutions are configured securely. Avoid bypassing security controls to make something easier. As a basic minimum, all SME directors could implement the following solutions to stay ahead: 🔹 Email security , periodic training and awareness to your teams 🔹 Cloud security measures - ensure you configure your cloud accounts correctly common ones are Microsoft and Google 🔹 Device protection 🔹 Enabling Multifactor authentication on all applications that allow this 🔹 Good Password management practices Most importantly - run periodic audits to ensure what you supposed to have in place is configured correctly. **Summary** The conversation highlighted that small businesses are often vulnerable to because they lack the resources and expertise for oversight and governance of this risk. Educating small businesses on business risks relating to cyber risks and providing them with access to affordable solutions and guidance is a must for our collective digital well-being going into the future. #cybersecurity #smallbusiness #Riskmanagement #Cybersecureleadership

When a business especially an SME, experiences a cyberattack, the immediate impact goes beyond financial and data loss; it also involves the breakdown of customer trust. Customers rely on companies to protect their personal and financial data, and a breach shatters that trust. Research shows that 59% of customers are likely to avoid businesses that have suffered data breaches in the past. https://buff.ly/4eyUCgM

🗒️ Did you know supply chain cyber risks could be anyone or all of the following scenarios: 1. A system integrator working on behalf of the critical infrastructure reuses vulnerable code leading to a breach of mission-critical data. 2. Contractors leave backdoors open in their solution to make remote maintenance and support easy, access of which is exploited by malicious adversaries 3. A company contracted as a supplier of a product, whitelabels and supplies you with a product or software that has undetected vulnerabilities, introducing vulnerabilities into your operational environment. Given the wide dependency on contractors and third party system integrators in the Operations (OT) environment , it's important to manage your supply chain exposure, ensuring reliable, safe and secure operations.

The countdown is on! Only 24 hours until our “Resilience in OT Cybersecurity: A Guide to Critical Controls” webinar hosted by Women in CyberSecurity (WiCyS) - Southern Africa 🙌 We’re just one day away from our webinar, and we couldn’t be more excited! Our OT Cyber risk director, Michelle Govender will share her field experience. ✨ What to expect: 🔹 Actionable guidance that will help you gain better oversight of your OT cyber risk and resilience controls 🔹Referring to a case study, we will unpack 5 OT Cyber resilience control areas to manage and track. 🔹A view into the future of OT Cyber Security See you tomorrow! 👀 #Countdown #Networking #IndustryInsights #Innovation #Leadership #ProfessionalGrowth #DontMissIt #Cybersecureleadership 

Just when you think you have this figured out, the world of cybercrime throws you another curve ball, highlighting the need to take #Software #supplychain cyber risk management seriously. 🤨 In recent news, we discovered that adversaries are abusing DocuSign to send fake invoices to unsuspecting companies bypassing email protection. Here is a brief summary of the scam: 🔸 Adversaries use legitimate Docusign accounts to send messages that appear true from brands we know and trust. 🔸 Unsuspecting individuals receive fake invoices that appear as a legitimate service or software companies, Once signed, the malicious actors use these to request payments. 🔸 It's hard to detect by email protection because, in this situation it comes from an approved software platform. So what do we learn and what can we do to protect ourselves from this threat? 🔹 Cross check invoice legitmacy 🔹 Strengthen your approval processes, and train employees on the need for process controls. We often bypass critical controls to get the job done while this is necassary for operational effectiveness in some circumstances, guard against it becoming the de-facto standard. 🔹 Conduct regular audits on email accounts and flag irregular and unusual requests. #Cyberriskmanagement #Cybersecureleadership

👀 We often forget to reflect and learn from others sometimes placing ourselves in a situation to learn from our own mistakes which can be devastating. In 2019, we learned the importance of taking cyber risk management seriously when Norsk Hydro faced a wide scale operations outage caused by ransomware attack. The adversaries managed to get in through exploiting communications between an employee and a customer. “All of that damage had been set in motion three months earlier when one employee unknowingly opened an infected email from a trusted customer. That allowed hackers to invade the IT infrastructure and covertly plant their virus. “ https://lnkd.in/dN_8Bv5e A reminder to all of us to take employee awareness and securing your communications with customers and suppliers seriously..