Friends and Colleagues,
It is critical that at this time, the Digital Edge Security Team sends an urgent warning about a wide-spread email phishing campaign aiming at Microsoft Office 365 users. The emails have subject similar to this: “View your Office 365 Business billing statement for…”.
The email looks very real and our Security Team is urging what users should pay attention to when analyzing such email for authenticity.
Multiple clients have notified us about receiving said emails and some people were getting trapped by this campaign.
Click here to read more about this incident of email phishing and possible remediation for this and further attack involving setting up spying rules in your Office 365 account.
Using cloud platforms does guarantee that customer deployments on those platforms will be automatically secured. Regardless of how advanced the security of the products is, if a customer leaves login as admin/admin - the entire deployment will be vulnerable. This admin/admin is only one very simple example, and is exactly why Equifax had its major security breach.
Digital Edge not only suggests, but implores companies to implement security frameworks such as ISO 27001, NIST Core or SOC2.
Recently, the resumes of potential, current, and previous employees of the US Department of Defense and the US intelligence community were exposed. The documents were found on an insecure Amazon S3 bucket that was not password protected. Amazon needs a stronger third-party cybersecurity to prevent these issues, especially since it is such a large company. This can become very disastrous, for clients and Amazon if the problem isn’t fixed. To find out more information, click here!
A brief message from the Digital Edge Security Team:
Traffic analytical tools can cause unintentional sensitive information disclosure.
Most of precisely targeted attacks on IT infrastructures are originated from outside of security perimeters of the victimized organizations. However, the security openings allowing cyber attackers to breach security mechanisms overwhelmingly originated either with unintentional help of insiders or disclosure of sensitive information.
As of May 1, 2017, Digital Edge is proud to announce its official certification of the International Standards Organization (ISO) 27001 framework for Information Security Management, a specification for an information security management system (ISMS). ISO is an independent, non-governmental international organization with a membership of 163 national standard bodies. ISO is credited for publishing more than 2100 international standards, covering almost every industry, from technology, to food safety, to aviation and healthcare. By adopting the ISO 27001 framework, Digital Edge will protect businesses from threats, including internet fraud, hacking, overseeing of transactions and other cyber security threats.
Undergoing the process of getting certified by ISO is vital to Digital Edge because these standards evaluate process effectiveness and better structures company management and growth. Digital Edge’s clients will always be insured with quality services with the core value of “Stability, Security, Efficiency, and Compliance”. Digital Edge received this certification with minor and no major non-conformities, proving once again that our security processes are constant.
Receiving the ISO 27001 certification, proves that Digital Edge’s processes meet the best quality and security standards for our clients. Digital Edge guarantees our clients and partners are receiving outstanding services, demonstrating our serious commitment to these security controls.
Digital Edge was engaged by a US based hardware manufacturer to implement Cisco Identity Manager and BYOD Policies. The client infrastructure is deployed in US Based headquarters, 2 offshore development offices, 2 datacenters, and AWS web services.
The project was successfully delivered and accepted in April 2017.
Author: Danielle Johnsen (VP of Compliance)
Date: 5 April 2017
Version: 2.0
This document defines Digital Edge’s policy on Information Security and is based on the following principles.
WikiLeaks has recently exposed that the CIA possessed the capability to hack into nearly every device you own. With all that we have learned from these leaks, Digital Edge wants to take the time to focus on is the “zero days” concept – which can be simply put as a weakness/hole in a system that allows a hacker to breach it before anyone even knows about this vulnerability. The act of reporting the vulnerability is known as “zero days”.
Once a hole in the system is found, it should be reported immediately, so it can be patched up before it’s exploited.
A huge threat to today’s businesses is hackers. They can manipulate their way into any businesses system and take advantage of any data that is important to the company. This can generally leave long lasting, harmful effects on the business which might even lead to eventual failure of the organization.
Don’t let this happen to you! Digital Edge offers a Penetration test in which our trained and specialized team gets authorized access to “attack” your system. This is done in the form of a real attack using strategies hackers usually use. Digital Edge uses standard licensed security assessments and penetration tools, as well as their own proprietary techniques, black hat reconnaissance and exploitation methods. The purpose of this test is to expose any and all vulnerabilities in your system that can potentially hurt your business, so they can be fixed. Pen tests provide the precautionary measures needed to be taken to ensure there be no breach in your system. They ensure the safety of your data by allowing you to be ready to prevent future attacks.
Due to rapid technological advances, Pen tests should be done regularly to catch any vulnerabilities that pop up before it’s too late. Read more about how Digital Edge’s Penetration test can be beneficial to your company!