Will 2013 Be Like 2012?

The new year is right around the corner and that means everyone is taking time to assess the year that has been and make resolutions for the year that will be.  And the same is true for those in the cyber-security profession.  Here is a look back at some of the toppredictions of the security issues for 2012 and what they may portend for the year to come.

  • Perhaps the biggest predictions that came true in 2012 were those involving non-Windows based hacks.  For years, security experts had predicted that the almost virus free nature of MAC’s operating system was due to fall and this was the year that the Flashfake Trojan infected almost 700,000 Macs worldwide.  In addition, the widespread proliferation of smart phones, which have more computer technology than some people’s home set-ups, led many to think that hackers would soon target smart phones more than computers.  As several high-profile celebrities can attest, this was the case when their cellphones were hacked and private photographs quickly disseminated across the internet.  Because Apple keeps such a tight leash on the manufacturer of their apps, Android is a much more exploitable market with 35,000 malware programs coming out in 2012 targeting the Android platform alone.
  • Another prediction that many experts have been making for years is the proliferation of cyberwarfare.  Since the Stuxnet attack on Iran in 2010 others have followed such as Flame.  This year, another coordinated attack on Iranian oil facilities upped the ante escalating hostilities in that already volatile part of the world.
  • The third big prediction which didn’t really need a crystal ball to foresee is the growing trend of data breaches.  The problem is, many people couldn’t see just how many breaches there would be.  Barnes and Nobles debit card machines were hacked and PINs were compromised.  Personal data was stolen from sources such as eHarmony, Yahoo, and LinkedIn.  Perhaps the scariest breach came when the tax records for South Carolina were compromised leaving everything including social security numbers open to data thieves.

And what will 2013 have to offer?

  • Definitely expect to see more of the same, especially when it comes to these three areas.  Experts are predicting more attempts to hack MACs OS X operating system and more malware targeting Android based devices.  Additionally, cyberwarfare will continue to heat up with Iran retaliating with cyberattacks of their own against Israel.  And finally, expect hackers to continue to mine information from a variety of groups which will have to up their security constantly to stay one step ahead of the criminals.
  • Another potential “growth industry” in cyber attacks is ransomware.  These are viruses that shut down a computer or encrypt data keeping a user from accessing his or her own files until a ransom is paid to the hackers.  Expect more and more sophisticated forms of this type of software to hit computers in 2013.
  • A final type of cyber attack that will expand in 2013 are web based attacks.  These include Cross site scripting, DNS poisoning, phishing, and fake login screens. This attacks are typically performed to gain access passwords and credit card information.

2013 will bring a continuation of more of the same from hackers.  That is why it is so important for cyber security experts and users to stay one step ahead of them.  By knowing what is coming, you can properly prepare so that you won’t be the victim of a cyber attack making your new year a not so happy one.

Posted in Cyber security, IT and Computer Security | Tagged , , , , , | Leave a comment

Single Use Credit Cards – Is it Right For You?

In just the past five years, online holiday sales have gone through the figurative roof as Black Friday’s dominance has been challenged by Cyber Monday.  Many consumers are turning to the internet for shopping needs because of convenience, the plethora of deals, and the fact that you don’t have to stalk a parking spot at the local mall like a hunterchasing his prey.  But with the added benefits of this new shopping avenue, new dangers have also cropped up of which consumers must be cognizant so that they can avoid them.  One way to avoid these pitfalls is with single-use credit cards.

Obviously, we have all heard the horror stories that go with putting out sensitive material online such as credit card numbers.  Many people have heard of companies being breached and having cyber thieves gain access to credit card numbers and other personal data.  Even the government isn’t completely safe.  Recently, the state of South Carolina was hacked and payment information stolen and other data was mined from people who had paid their state income taxes online.

So how can you take advantage of the ease of online shopping without becoming a victim?  Enter the wonders of the virtual credit card.  Bank of America, Citibank, and Discover are among the major card companies which are currently offering this awesome service.  Essentially, you sign up for the program and can set a maximum dollar amount and time frame that this card will be valid.  Once you have reached the time limit or maximum, the card is no longer usable.  This prevents thieves from going on a huge spending spree should they get access to your card because you can set the amount for just what you plan to spend online.  (This is another great idea that those of us on a budget can appreciate during the holidays.  Set your limit at exactly what you budget you can afford for Christmas presents and your card will close out when you reach that amount.)  When you buy something online, you enter the virtual card number and not your real, physical card number.  If the hackers get their hands on this information, you may be out the limit you set on your virtual card, but it is much better than having them able to run up thousands on your actual credit card.  You can also use this to set up limits on shared accounts such as Itunes, Amazon Kindle, or Barnes and Noble Nook so that your children can’t run up huge bills indiscriminately purchasing apps without your knowledge or approval.  As some have noted, the only downside to this is that you have no physical credit card to show for purchases so if you are ordering something online (such as theater tickets) you will still have to use a real credit card so that you can show your card at the ticket window to make your claim.

Peace on earth is the dream of everyone during the holidays.  But peace of mind is something that you can attain when shopping online.  Virtual credit cards on the end-all-be-all of subverting online thieves.  But they are another tool in the arsenal to staying safe, particularly this holiday season.

Posted in Cyber security, IT and Computer Security, Uncategorized | Tagged , , , , | Leave a comment

Cyber Security for Businesses – Part 2

In our last installment, we looked at how to set up a plan for your small business to help prevent  cyber-criminals from attacking you.  But that isn’t the end of the planning that you need to take as a small business owner and operator.  Almost half of all businesses have no response plan once an attack has been made against them.  Every second after a cyber attack is critical and it is important to have a rapid-response plan in place to protect  both you and your customers and clients.  Here are the steps involved in handling a security breach:

  1. Notify the proper authorities.  If there is any type of breach in your security, be it a physical breach (such as a burglary or theft), a network breach or data breach, the first step is to notify law enforcement.  If the breach involved personal information from customers or clients, you should also immediately notify them so that they can take necessary precautions (such as canceling credit cards and the like).
  2. Work together to contain the problem.  Once a breach is discovered, this is not the time to assess blame and start pointing fingers.  Instead, your company should come together and do everything to contain the problem, including seeking outside help from security professionals or law enforcement.
  3. Start the recovery.  If the security breach involves your network, begin removing all malware or spyware from your system.  Take out any “backdoors” which might allow a criminal to have later access to your system.  This may involve wiping all of your storage media and restoring data from back-ups, which is why it is important that your IT department keep backups of this data and also be prepared for the labor-intensive task of performing such a wipe and reinstall.
  4. Have a follow-up meeting with all staff.  Once the threat has passed, it is important for all parties involved to sit down and have a “lessons learned” meeting regarding what went wrong, how it was solved, and what can be done in the future to prevent the same kind of attack from occurring.  Moreover, the meeting should also include brainstorming to discuss proactive ways that the staff can anticipate future attacks and “head them off at the pass” before they become legitimate threats.

The government’s new “Stop. Think. Connect” initiative is designed to help increase awareness among citizens of the threat of cybercrimes and to help them realize that the ability to prevent these crimes lies in their hands.  Just like during World War II when the government encouraged us all to do our part in the war effort, today it is equally important that we all take responsibility to do our part to help stop crime and international terrorism as it takes on a new form in cyberspace.

Posted in Cyber security, Uncategorized | Tagged , , | Leave a comment

Stop. Think. Connect. Cyber Security for Businesses

As we move further into the new millennium, with new technology being developed daily, one thing is becoming readily apparent.  The new threat to our individual and national security is not from a criminal with a gun or an extremist with a bomb; it is from a cyber-criminal with a computer and an internet connection.  That is why the Department of Homeland Security has established new campaign called “Stop.  Think.  Connect.”  This campaign is meant to encourage everyone, from schoolchildren to senior citizens, to take personal responsibility for their own computer usage and to do their part in maintaining cyber security.

One aspect of this is in the form of cyber security for small and personal businesses.  According to the Department of Homeland Security, almost half of all cyber attacks are against small businesses with less than five hundred employees.  Perhaps more shocking, only 52% of small businesses have a cyber security plan and 40% have no response plan in the event that they are attacked by hackers.  In this day, this is incredibly dangerous for the safety and well-being of your business.  The average cost of a cyber attack on smallbusiness from 2009-2010 amount to almost $200,000 per attack.  This would cripple most small companies.   That is why it is so important to have not only a security plan but also a response plan in the event of an attack.

As far as instituting a security plan to help prevent an attack, the Department of Homeland Security has identified the following steps:

  • Define responsibilities—Before you do anything else, you should sit down with your staff and designate who will be in charge of each aspect including implementation and training.
  • Set up policies for internet and social media usage—You should define rules for your employees to govern how they can use office computers for both general internet and social media usage.
  • Train your employees—Employees need to know how to recognize everything from social engineering, online fraud, fake antivirus offers, phishing, malware and malicious software.  They should also be trained to use the same security measures when using email outside of work and also their company issued smartphones which can compromise your business’s network.
  • Encrypt and protect off-site usage—Make sure that all computers that are allowed to access the network remotely are up to date with virus software.  Also, make sure that smartphones are encrypted and train employees to be aware of their surroundings so that they don’t enter passwords or view sensitive information when others may be looking over their shoulders.
  • Dispose of trash and equipment properly—Use a shredder or shredding service to destroy all of your sensitive documents and mail to ensure that no one can snoop through your trash and find information about you or your clients.  When upgrading equipment, be sure to properly dispose of the old equipment, wiping the hard drives and destroying the SIM cards so that data cannot be retrieved by dumpster-diving criminals.

This is a great deal of material to process and it is just the tip of the iceberg, but it is not a plan that has to be completed overnight.  Developing a cyber security plan should take time to make sure that it is well thought out and implemented properly.  In our next installment, we will look at how to develop a secondary plan in the event of a worst-case-scenario, a response to an actual attack.

Posted in Cyber security, Uncategorized | Tagged , , | Leave a comment

Ethical Hacking is Used to Beat Cyber Criminals

The theft of customer data that is used by hackers for financial gain requires companies to ensure their data is protected. This is done using ethical hacking that tests the security of current IT infrastructure. The ethical hacking of your computer system will use penetration testing techniques. There is an article posted on the National Business Review that talks about the role of ethical hacking for an organization.

“In order to protect systems from cyber attack, organizations will often engage specialist companies to perform systems testing prior to launching new systems.”
Companies that use our service are provided with as assessment of real-world threats to the security of their computer systems. This includes any system weaknesses, assessments of ongoing risk and all the options available for correcting any potential issues.

Our technicians are trained to know and have a full understanding of the various hacking techniques that are in use by cyber criminals. The goal is to discover if a computer system has any vulnerabilities that could lead to a data breach.

The tools and methods used for penetration testing are designed to detect any potential issue to constantly advancing technology. Testing also determines if a business has security measures in place to withstand a cyber attack.

Ethical hacking and penetration testing of a computer system is designed to improve security. This is a way for your business to properly validate the security of IT infrastructure. If you are updating systems for your organization, then consider a security assessment to find any potential problems. Your business will also benefit when employees have proper security training. This can be achieved by taking one of our computer security and cyber security training classes. If you have any questions about the use of ethical hacking as a way to keep your data safe, then contact us for more information.

Posted in Cyber security, Ethical Hacking | Tagged , , , , , | Leave a comment

Hackers feed on the lack of penetration testing and security audits

Network and software security? Hacker’s feed on the lack of it. They live for the challenge of finding vulnerabilities, and they know when and how to accomplish their cyber intrusions just when you think your audits are trustworthy.

The legacy notion of companies hiring a computer wonk to test network and software weakness is just that: an old way of trying implementing the all-important ‘pentest’ (penetration testing), according to an overview on MSDN Magazine, “Penetration Testing,” by author James A. Whittaker.

“…you probably envision a lone genius performing arcane tests against some hapless piece of software. And before the renaissance in penetration testing, that was probably a realistic image.”

Today’s software, for the most part, is tougher to ‘penetrate’ simply because its development uses the Security Development Lifecycle (SDL), which is “front-loaded” in its design.

All the more reason to consider careful steps in planning your penetration scena rios; a summary of his guidelines include:

”ENVIRONMENT ATTACKS”

Whittaker offers a series of “trust questions” that takes into account the nature of any enterprise architecture: Software does not operate onto itself in “total isolation.” 

* Are your applications trusting their “local environment” as well as “remote resources”?
* Is your application dumping sensitive information areas readable by other applications?
* Is every loadable file trusted without “verifying content”?

“INPUT ATTACKS”

It’s all about “subsets” within the pentest: network protocols, sockets, Web services, data files, to name a few. A most vital component to penetration testing is determining which “input is properly controlled,” as well as identifying the gremlins and keeping them out.

Consider using our nationwide Boot Camp Training that covers Ethical Hacking and Penetration Testing; we teach skills in confined networks that give the much-needed hands-on to learn about network and software vulnerabilities.

Contact us to learn how you can put our cyber security experts to work for you.

Posted in Ethical Hacking | Tagged , , , , | Leave a comment

Tips for Keeping Your Password Secure

If you got a fancy new security door to protect your home and loved ones, you wouldn’t just make extra copies of the key and leave them lying around outside begging people tocome on in.  But that is what many people do when they leave their online accounts open to hackers with simplistic, easy-to-guess internet passwords.  Think about all of the different places that we enter passwords each day:  e-mail accounts (with most of us having at least two these days if not more), bank accounts, loan and mortgage websites, shopping websites like Amazon, and social media sites like Facebook and Twitter.  But how do you pick an appropriate password that is easy to remember as well as being secure.  Here are some tips for how to achieve more cyber security:

  • The “Big Don’t” List.  This should go without saying, but do not, under any circumstances, choose something simple and personal like your birthday, anniversary, spouse’s name, children’s names, or even your pet’s name.  Cyber criminals with a modicum of background information on you will start with these first and then move on to random password generators to find out your secret.
  • Choose multiple good, complex passwords.  Most websites will allow you to enter almost anything as your password.  Others will require standards such as a minimum of eight characters, a mixture of uppercase and lowercase letters, and a special character.  So choose several complex passwords for your accounts.  Do not choose just one password so that thieves won’t have access to all of your information and personal sites if they figure out that one password.
  • Mix up the words.  If you choose “olympics” as your password, mix it up reversing some of the syllables.  Make it “picsolym” or some other combination.  Also, consider replacing certain characters with numbers or characters:  “pics01ym” or “pics0!ym” would be much safer.
  • Change your password regularly.  Set a reminder on your smartphone calendar or write it in on your wall calendar.  But every three months, go through and change your passwords to something new.  This keeps criminals from being able to pigeonhole your passwords if you are changing them up constantly.
  • Use personalized reset questions.  If your security question to reset your password is “Mother’s maiden name?” or something that a cyber-criminal could easily discover with a little background research, consider picking something more personal or, if possible, give a wrong answer that you will be able to remember in place of the real one.
  • Keep track of your passwords.  If you have to have a different password for each account, how do you keep track of them all?  One method is to vary the password just slightly.  If your password is “pics01ym” then make each new password a variation such as “pics01ym1” or “2pics01ym.”  This will still be fairly random to keep the crooks guessing.  Another idea is to use a password manager, a piece of software which is itself password protected and can keep track of all of your other passwords.  This can be tricky, however, if someone hacks that account as you now have handed the criminals all of your passwords.  Others prefer the old pen and paper method, writing each password down in a password journal.  This is also fine as long as you keep the journal secure and don’t leave it lying around where anyone can find it.  Finally, you might want to save a text file to your smart phone or tablet with your passwords on that.  This keeps the passwords from being saved directly on your computer in case of theft or hacking.

Whatever method you use for choosing a password and then managing them, it is now just as important to keep your passwords safe as it is to protect your keys and your social security card.  Make them tricky and keep up with them so that you don’t become a victim in the cyber-crime epidemic.

Posted in Cyber security, IT and Computer Security, Uncategorized | Comments Off on Tips for Keeping Your Password Secure

Tips to Avoid Digital Hoarding

You’ve probably seen at least a preview of the TV show Hoarders and thought to yourself, “What could lead a person to live like that?”  Piles of boxes, papers, clothes, food and junk cluttering up a house can become a breeding ground for germs and bugs alike.  But many of us have our own, more subtle, hoarding issue.  Digital hoarding has become a major problem in the cyber-age as many people refuse to get rid of files and e-mails which then clog up their hard drive space.  But what causes digital hoarding, and how can you break the cycle of hoarding and rid yourself (and your computer) of unneeded files.

Simply put, digital hoarding is the accumulation of files and emails on a computer or other storage device.  Many people hold on to thousands of documents, music files, videos and digital photos for two reasons.  First, they do not understand that their hard drives and email storage is finite and that they have a limit to what they can hold onto.  These people simply aren’t cognizant of how these unnecessary files clog up their hard drive and slow down their computer’s speed.  The second group holds onto this material out of fear—a sense that they will need this again someday and they can’t delete it “just in case.”  Some people go so far as to buy portable hard drives which they fill up with terabytes worth of information rather than part with anything.

If you do think that you have a problem, here are some suggestions that may help with “thinning your stockpile”:

  • Do not save every email.  You should only keep those that are current and pertain to jobs or events that are still outstanding.  Once an assignment has been completed, delete the email.  If you receive an email from your boss saying that he or she will be out of the office on a certain day, make a note of it on your calendar and then delete the email.  There is no point in having this in your inbox three years later!
  • Set aside a day to delete.  Go to your documents and take each folder on a case-by-case basis.  If you have not needed the file in the past year, chances are you will never need it again, so it is probably safe to delete it.  Also, ask yourself, “If I do need this again, will I be able to download it from another source?”  If you answer “yes” it is probably safe to get rid of it and then download it again if you ever find yourself needing it.
  • Go through your music files and look for duplicates.  Many of us have multiple copies of music and video files (and everything else) clogging up on files.  If this is the case, delete all the extraneous files and just keep one copy.
  • Go through your pictures and delete the ones that are blurry.  Many of us just copy all of pictures off a camera and then never look at them again.  There is nothing wrong with holding on to these memories, but do you really need an out of focus picture of your Aunt Judith that is so blurry that it could be anyone?  Or do you need those test shots of your wall or carpet that you took accidentally when you were trying to figure out the camera?  Getting rid of these will clear up a lot of hard drive space.
  • Finally, go to the Control Panel and select Uninstall on your computer.   Look at each and every program on the list, paying close attention to the last date used column.  If you haven’t used a program since you bought the computer three years ago, uninstall it.  (Be careful with this though.  If you don’t know what a program is, look it up and find out.  You don’t want to delete anything that might be integral to your computer’s operating system.)

These are just a few tips on how to break the cycle of digital hoarding.  Your computer doesn’t have to be a cluttered mess.  Just like you set aside a time to spring clean your house, set aside a time to spring clean your computer.  It will be worth it in the long run.

Posted in Cyber security, IT and Computer Security, Uncategorized | Tagged , , , | Comments Off on Tips to Avoid Digital Hoarding

Cyber security can be enhanced with training

When protecting the data that is stored and manipulated within your company’s computer system, no effort is to small. Making sure you have adequate cyber security is essential.

One way to increase your cyber security is to make sure your employees have the proper skills and training needed.

Superior Solutions offers a full range of security training, from boot camps to certification training and hands on skill training. We even offer training in general security awareness.

Our expert trainers can bring the training to your location.

We offer classes that include CISSP, CISA, CISM, CASP, Security + and more.

You can also get online and self-paced training.

One of the biggest hurdles in providing cyber security for any organization is making sure that everyone is aware of the potential threats and that they are always practicing good basic security techniques. The best designed security system can be rendered ineffective when users fail to put security techniques to work.

Managers can also rest easier if they know that they have on staff, employees trained to deal with security threats. Sometimes you need people who can act at the first sign of a threat.

Most companies today process tons of data every day. Protecting that data and your company from cyber threats is not optional.

If you want to learn more about what you can do to improve the cuber security operations for your company, contact us. Our experts can help you test, redesign and implement the security systems you need and train your people to operate it.

Posted in Cyber security, Ethical Hacking, Security Certification | Tagged , , , , | Leave a comment

Identify IT Vulnerabilities with a Security Assessment

The IT infrastructure for a business may have hidden vulnerabilities that can expose data to many types of risks. One way to identify vulnerabilities on a system is to perform a security assessment. A strategic company that can perform ethical hacking of computer equipment is needed for this task. Your business will benefit from a full regular security assessments and penetration testing.

Information and Knowledge

A security assessment of your computer network provides you with information about new security risks and vulnerabilities. You will also have an understanding of the state of security for your computer equipment and IT infrastructure. This means when you learn about any new threat or security risks a new security assessment can be performed.

Establish Internal Awareness

A full security assessment of your IT infrastructure provides you with information that will increase the awareness of security threats. This means identifying security holes in your network and patching all of the vulnerabilities can be done much faster. Management can use the results of a security assessment to make strategic decisions to improve any weaknesses in IT security.

Improve Security Measures

Periodic security assessments of IT infrastructure provide companies with information to make needed improvements to security measures. This can include installing new technology, programs, and making changes in computer policies. The main goal is to protect the business’s core systems from any security breaches that can lead to the theft or corruption of data. A proactive approach to protecting the network can be taken after completing a security assessment.

Regulatory Compliance Standards

Businesses that have any type of IT infrastructure need to follow regulatory compliance standards. The failure to follow required compliance standards can lead to substantial fines. A security assessment can be used to evaluate a business’s current position in regard to various requirements. Testing will need to be done to determine if the implementation of new security procedures is required.

Additional Information

If you have any questions about performing a security assessment of your business, then contact Superior Solutions for more information.

Posted in Cyber security, Ethical Hacking, Hacking, IT and Computer Security | Tagged , , , , , , | Leave a comment