Malware has been the archenemy of organizations around the globe for years, with ransomware, in particular, being an extremely deadly foe. Locking down victims’ files through encryption and demanding a ransom for decryption has proven to be an effective tactic for cybercriminals, with a steady stream of recent attacks serving as a constant reminder. However, these attackers are continually refining their tactics and have recently turned to double-extortion, whereby they threaten to leak victims’ sensitive files in order to increase the odds of ransoms being paid. Kaseya-style supply chain attacks are another example of ransomware’s growing sophistication. In any event, falling victim to an attack can disrupt business operations, harm brand reputation, lead to significant financial costs, and more.
Adversaries are constantly searching for soft targets they can attack to penetrate enterprise defenses. In recent years, SaaS applications have emerged as appealing prey. SaaS apps are designed to enable rapid file sharing, collaboration, and automation. As a result, once ransomware has been placed, it can easily spread to connected applications as well as to users’ devices. Additionally, SaaS apps contain countless files that can be stolen and used for double-extortion. When misconfigurations exist in data-rich SaaS apps, they create dangerous gaps that can extend access to malicious parties looking to infiltrate the enterprise. Unfortunately, almost no SaaS apps provide native threat protection, and the few that do lack the technological sophistication to identify zero-day threats; they are limited to detecting known threats. Complicating the picture further is the fact that legacy security technologies (in the form of on-premises hardware appliances that lack scalability) are not designed to defend against malware or protect data in our cloud-first, work-from-anywhere world.
The gaps to be filled
Organizations need comprehensive defense against the proliferation of malware and ransomware both within and across their SaaS applications. This requires the use of a security solution architected for the modern, cloud world and capable of defending against malware for any user, any device, and any app over any network (without the need to backhaul traffic to an appliance on premises). Such a solution needs to be able to prevent infected files from being uploaded to cloud applications, but it also must be able to identify threats that have already made their way into the cloud. Organizations must also be able to trust that their solution of choice can defend against any threat, including zero-day ransomware, and not just known malware. In the event of (increasingly common) double-extortion attacks, organizations need to be able to defend their data from being exfiltrated via SaaS, as well.
- Keep the devices updated with the most current software and antivirus programs.
Software updates to mobile devices often include patches for various security holes, so it’s best practice to install the updates as soon as they’re available.
There are many options to choose from when it comes to antivirus software for mobile devices, so it comes down to preference. Some are free to use, while others charge a monthly or annual fee and often come with better support. In addition to antivirus support, many of these programs will monitor SMS, MMS and call logs for suspicious activity and use blacklists to prevent users from installing known malware to the device.
- Backup device content on a regular basis.
Just like your computer data should be backed up regularly, so should the data on your company’s mobile devices. If a device is lost or stolen, you’ll have peace of mind knowing your valuable data is safe.
- Choose passwords carefully.
The average Internet user has about 25 accounts to maintain and an average of 6.5 different passwords to protect them, according to a recent Microsoft study. Obviously, this lack of security awareness is what hackers count on to steal data. Use the following tips to ensure your mobile device passwords are easy to remember and hard to guess:
- Require employees to change the device’s login password every 90 days.
- Passwords should be at least eight characters long and include uppercase letters and special characters, such as asterisks, ampersands and pound signs.
- Don’t use names of spouses, children or pets in the password. A hacker can spend just a couple minutes on a social media site to figure out this information.
We’ve seen some of the features that make JSON applications such as RESTful APIs more reliable than others, and the best places to go to learn about Lambda are Google Developer Tools (developerspaces), CloudDB, and AWS Lambda. To give you some basic recommendations, here’s how to use Lambda as a library to build services, service lifecycle management (SIL), and APIs that require no special setup.
In this section, we’ve summarized each of those features and their specific use cases.
Javascript
We’ll work with JSF’s RESTful API to provide a common API for data collection and retrieval. From there, we can create JSF services that can return either a JSON or a JSON-API document. These services are written in JavaScript, but we can also use JSF’s JSON API as a library.
The best way to get a real understanding over these services, is via the JIT API. The JIT API represents all the JSF implementations that you can use or integrate with JSF. It contains all the available JVM, ES6, and JavaScript implementations and provides two ways you can interact with the service:
In a JIT application, you perform various action (e.g., submit the request). In order to perform this action, you specify a command to
We’ve seen some of the features that make JSON applications such as RESTful APIs more reliable than others, and the best places to go to learn about Lambda are Google Developer Tools (developerspaces), CloudDB, and AWS Lambda. To give you some basic recommendations, here’s how to use Lambda as a library to build services, service lifecycle management (SIL), and APIs that require no special setup.
In this section, we’ve summarized each of those features and their specific use cases.
Javascript
We’ll work with JSF’s RESTful API to provide a common API for data collection and retrieval. From there, we can create JSF services that can return either a JSON or a JSON-API document. These services are written in JavaScript, but we can also use JSF’s JSON API as a library.
The best way to get a real understanding over these services, is via the JIT API. The JIT API represents all the JSF implementations that you can use or integrate with JSF. It contains all the available JVM, ES6, and JavaScript implementations and provides two ways you can interact with the service:
In a JIT application, you perform various action (e.g., submit the request). In order to perform this action, you specify a command to
We’ve seen some of the features that make JSON applications such as RESTful APIs more reliable than others, and the best places to go to learn about Lambda are Google Developer Tools (developerspaces), CloudDB, and AWS Lambda. To give you some basic recommendations, here’s how to use Lambda as a library to build services, service lifecycle management (SIL), and APIs that require no special setup.
In this section, we’ve summarized each of those features and their specific use cases.
Javascript
We’ll work with JSF’s RESTful API to provide a common API for data collection and retrieval. From there, we can create JSF services that can return either a JSON or a JSON-API document. These services are written in JavaScript, but we can also use JSF’s JSON API as a library.
The best way to get a real understanding over these services, is via the JIT API. The JIT API represents all the JSF implementations that you can use or integrate with JSF. It contains all the available JVM, ES6, and JavaScript implementations and provides two ways you can interact with the service:
In a JIT application, you perform various action (e.g., submit the request). In order to perform this action, you specify a command to