A data breach will cost you. Market research firm Cybersecurity Ventures estimates the cost of cybercrime will rise to $6 trillion by 2021. Beyond the dollars and cents of restoring your data and the network, however, a data breach will leave a mark on your brand and weaken your reputation.
For the criminals, your data is at the core of a lucrative business model, which is why the threat landscape always changes. Information security is several things, but it is never a one-and-done thing. Here are some ideas from the Xerox Security Summit that will help you think about your information security strategy.
IoT is so cool, even the hackers have noticed
Calendars, email, uploads, downloads and more are accessed by armies of devices. Collectively known as the Internet of Things (IoT), people who have a reason to access your network love them for their convenience. Cyber thieves know this, which is why they try to infiltrate your network through smartphones, tablets, smartwatches and more. Your printers are things of the internet too, which is why Xerox and Cisco made it easier to secure them.
Cisco’s Identity Services Engine (ISE) now comes with profiles of more than 200 Xerox printers, high-end production presses and multifunction devices, including our portfolio of 29 new ConnectKey-enabled VersaLink and AltaLink workplace assistants. These webpages will help you understand how Cisco ISE helps network and IT managers assure intrusions won’t happen through their printer fleets.
Common Criteria certification for security
Achieving Common Criteria Certification is not so common. That’s why Xerox is especially proud to receive the industry’s most stringent information security standard certification from National Information Assurance Partnership (NIAP).
With cyber security threats growing in both numbers and complexity, NIAP determined to tighten up its security standard for hardcopy devices. In November 2017, 10 Xerox AltaLink MFPs became the first products to receive Common Criteria certification from NIAP for the new standard.
Xerox-McAfee solutions provide unrivaled security
Xerox print devices have been engineered with security in mind. That’s why Xerox is the only company that embeds whitelisting technology from McAfee and provides a free extension for ePolicy Orchestrator.
Xerox’s AltaLink, iSeries, and WorkCentre EC7836/EC7856 multifunction printers come bundled with McAfee Embedded Control software so you can rest easy knowing that your MFPs, and any data associated with them, are safe and secure. Key features:
Whitelisting: Xerox predefines a list of trusted applications and functions that can run on an MFP; nothing else is allowed to execute. This is the most efficient way of blocking malicious attacks and attempts to corrupt the printer’s firmware.
Alerts and audit logs: Any attempt to change applications, or perform a blocked activity, triggers an email alert to the system administrator. What’s more, tracking those attempts is easy.
McAfee ePolicy Orchestrator (ePO): Using the free ePO extension from Xerox, IT admins can include Xerox printers in their central security management process. McAfee ePO is easy to use, with drag-and-drop dashboards, and lets organizations use their existing IT infrastructures. Adding eligible Xerox devices to the ePO allows administrators to receive automated alerts, view device security events on the ePO dashboard, keep device firmware current and track up to 60 security settings.
What motivates cyber criminals?
The obvious answer is money, but cybersecurity company McAfee wanted to know if there is more to it. McAfee researchers examined recent examples of ransomware and the accompanying ransom notes that included email addresses where victims could send their payments or ask questions. The researchers sent emails asking the “actors” if they would answer a few questions.
Initially, the McAfee team received a few replies, but most of the actors did not want to cooperate. No surprise there. But their luck slowly changed over the next few weeks, and the researchers gathered a collection of conversations. Their findings:
Yes, it’s about the money. Travel, cars, a house, and some were simply paying off debts.
Almost all said they were willing to negotiate the ransom price if the victim cannot afford to pay.
People become ransomers because they believe cybercrime is a low-risk with high returns. This is increasingly untrue because law enforcement agencies have partnerships with academic institutions and cybersecurity companies (like McAfee)