Organizations should audit their environments to identify conditions that create vulnerability to YellowKey. Organizations should define their risk acceptance for lost or stolen devices and then tailor mitigations accordingly. Mitigations include customizing Secure Boot and ensuring firmware and boot integrity. Because exploitation requires physical access, organizations should focus on physical security controls around Windows devices. Strong policies and controls for physical access are a first step, and organizations can limit locally stored data when additional protection is needed. Corporate data on laptops increases exposure, so device security policies should prevent users from leaving devices unattended. Detection can be difficult because targeted devices may show no clear user indicators, especially when encrypted-volume files are read or when malicious software causes only subtle performance changes.
"“Organizations should start by auditing their environment for the conditions that exist that leave them vulnerable to YellowKey,” said Eric Grenier, senior director analyst at Gartner. “They should also have a clear understanding of their risk acceptance in the case of a lost/stolen device and, based on that acceptance (or non-acceptance), follow the steps such as customizing Secure Boot and ensuring firmware and Boot integrity.”."
"“Since this vulnerability requires physical access to exploit, organizations should be focusing on the physical security controls around their Windows devices,” he said. “Having strong policies and controls around physical access to devices is a good first step in helping protect the potentially vulnerable devices. If there are additional concerns about attackers being able to gain access to files on the system, organizations can look at limiting the data that they allow users to store locally.”"
"“You're increasingly seeing companies with corporate data on their laptops, and YellowKey can leave that data unlocked,” said Nathan Davies-Webb, principal consultant at UK-based security company Acumen. This is where tight device security policies come into play, such as prohibiting users from leaving devices unattended."
"However, said Fosaaen, what makes detection of an attack particularly difficult for the individual user is that it is not immediately apparent that a device has been targeted. “If an attacker used the exploit to read files from the encrypted volume, there likely wouldn't be any indicators to a user. If the attacker implanted malicious software, you might see increased system utilization, or other performance issues,” he noted."
#device-security #physical-security-controls #secure-boot #firmware-and-boot-integrity #risk-management
Read at Computerworld
Unable to calculate read time
Collection
[
|
...
]