Cyber Criminals Shut Down an SMB in One Hour

By | May 11th, 2015|Uncategorized|

JomocoThere’s a huge misconception among small businesses that cyber criminals are only interested in stealing data from big names like Target, Home Depot and Neiman Marcus. This misleading mindset may cause a small business (SMB) to inadequately invest in security measures and improperly enforce security policies at work. In fact, only 2 in 5 SMBs have a social media policy in place and only 2 in 10 SMBs plan to increase security spending this year. The truth of the matter is that cyber criminals are looking for the path of least resistance that will get them the most information as fast as possible.

With the growth of startup culture across the nation, we decided to test just how easy it is for cyber criminals to infiltrate a budding business. Thanks to the ingenuity of the sales and marketing team and some dark web help from our cyber team, Jomoco was brought to life. Jomoco is a fictitious coconut water company with a groovy coconut mascot and two fabricated employee personas. We set up Jomoco like any other startup would – with a company website, server, employee personal and work email addresses, a credit card and some employee social media accounts. CSID also ensured that Jomoco’s fictional employees made common mistakes when protecting their professional and personal data online, including sharing sensitive information via email and reusing passwords across multiple sites. The real cyber criminals took it from there.

Within one hour, Jomoco was taken over by cyber criminals. The website was defaced, the credit card had been used and employees were locked out of work emails and social media sites.

Interested in finding out how cyber criminals took down this business so fast? Download our case study to get the complete story, including pictures of the defaced website and the dark web forums where Jomoco’s credit card information was shared. If you’re an SMB looking to better protect your data, here are tips from the National Cyber Security Alliance on how to make your business more secure.

How can SMBs better protect their assets? What are some ways employees can protect business data? Please share your thoughts with us on Facebook, Twitter and LinkedIn! We’d love to hear what you have to say.

Combating Cyberterrorism with Cyber Security

By | March 5th, 2014|Uncategorized|

Ginger Guest PostThis guest blog post comes from Ginger Hill, associate content editor at securitytoday.com and Security Products magazine.

As I sat in the classroom at GovSec West 2013 listening to Jeff Snyder, VP of cyber programs at Raytheon, talk about cyber threats and remediation, I quickly learned that we have no global laws to fight cyberterrorism. With the eroding economic viability of America, cyber threats are increasingly targeting critical infrastructures and major systems. The cyber criminal’s mentality is: why invent when you can simply steal?

According to Snyder, China is the number one threat when it comes to cyberterrorism as they have 1-2 million making up their human capital. With such a large number of people, China can carry out their cyber threats, making them into a “cyber reality.”

During his presentation, Snyder frequently brought up the term “cyber resiliency” as an essential part of any security strategy – on a personal, business or national level – to thwart cyberterrorism. Being able to take the hit from cyber terrorists without destroying your entire system and quickly recovering is the key strategy to fighting back. But how do we accomplish such a feat?

I’m going to take the viewpoint of a business and work in suggestions to develop your own personal cyber security plan.

The 3-Pronged Approach to Cyber Security

Dealing with cyber terrorists and cyberterrorism takes a thoroughly thought-out and developed plan, and the willingness to take immediate action, preferably before a terrorist event takes place. The following is a simplistic approach to cyber security:

  1. Do whatever it takes to protect the infrastructure.
  2. Invest to protect your products.
  3. Protect your clients, including their personal data.

Be sure that your infrastructure, whether that is your personal computer, social media and online accounts or the multibillion-dollar waterworks station is protected. Start small. Make sure that all passwords are strong by incorporating capital and lower case letters, numbers and symbols in unlikely combinations. Invest in products that increase system security, like malware protection and virus detection, and use encryption to help protect your client’s personal information.

Taking security to a higher level, consider hiring an ethical hacker to attempt to gain access to your system, and patch any vulnerability immediately. Also consider insider threat monitoring to identify behaviors and anomalies with your system and to help meet human capital demands. It takes a lot of people to adequately protect an organization, just as it takes a large number of people to complete a cyber attack. Therefore, think like a cyber terrorist to beat them at their own game. They use technologies to achieve their terrorist goals, so follow suit and use ethical technologies to battle against their unethical acts and spread security as far as possible within your organization.

Surviving Cyberterrorism

Fighting back against highly sophisticated, intelligent cyber terrorists seems to be a no-win situation, but with the proper technologies, experts and the willingness to respond, exploitation can be minimized.

The following steps teach you exactly what to do before, during and after a cyberterrorism attack.

  1. Anticipate cyber attacks: The question is not if cyber terrorists are going to attack, it’s when. Think about prevention strategies and what you can do now. Do not wait until you are attacked to do something about it because it will be too late.
  2. Respond immediately to enhance business continuity: When attacked, the goal is to keep the business functioning as a cohesive unit at all times. This is possible if you have established your security plan and have practiced what to do before an attack rears its ugly head.
  3. Monitor all systems in real time: Invest in technologies and experts to monitor your systems 24 hours a day, 7 days a week, 365 days a year.
  4. Evolve: Never stop learning ways to survive cyber attacks, and always use each cyber attack as an educational tool to enhance your overall security plan.

Cyberterrorism is a 24/7, 365 days-a-year giant that never sleeps; it doesn’t need to eat and it never stops preying. Developing a multifaceted, layered approach to fight against this giant will minimize exploitation of vulnerabilities, allowing people, organizations and the nation to sleep a little easier at night.

Staying Cyber Secure During the 2014 Sochi Olympics

By | February 11th, 2014|Uncategorized|

Sochi 2013Last week NBC News experimented with cyber security in Russia to help visitors traveling to Sochi for the Olympics understand the cyber risks they may face. The news segment warned that travelers’ data could be exposed when using their devices in Russia, and the reporter showed how his data was hacked within minutes of using his smartphone and laptop.

This report has been under fire since it was published. Gizmodo reporter Robert Sorokanich writes, “NBC did a few questionable things in filing this report – namely, initiating download of an unknown .apk file on the smartphone, and neglecting to download updates on their fresh-out-of-box laptops… That certainly upped their chances of being hacked.” In fairness, Sorokanich continues, “those are the kinds of things unsavvy tech users do, and unsecured public Wi-Fi is still plenty risky.”

Mashable reporter Jason Abbruzzese also pointed out that these risks “are not exclusive to Russia. Visitors may see more malicious links in the average Olympic search result than in other countries, but any users clicking on suspicious sites are bound to end up with problems regardless of where they are.”

In short, the risks NBC highlighted are risks that consumers should be wary of, no matter where they are in the world. Whether in the United States, Russia, or another country, cyber criminals are savvy when it comes to identifying a device’s weaknesses, infiltrating your data and taking advantage of large-scale events, such as the Olympics, to maximize hacking success.

Travelers to Sochi should note, however, that laws pertaining to cyber monitoring do differ from the United States. The State Department issued a travel advisory that warned travelers “that Russian federal law permits the monitoring, retention and analysis of all data that traverses Russian communication networks, including Internet browsing, email messages, telephone calls, and fax transmissions,” reported U.S. News.

Here are three ways to protect yourself during the Olympics, whether you’re watching from home or abroad:

1. Make sure your devices do not auto-connect to public Wi-Fi.

When you connect to a public Wi-Fi spot, you’re giving cyber criminals a chance to capture your Internet history by tracking data via a man-in-the-middle attack. This can provide access to valuable accounts like your email and social networking profiles, which likely store sensitive data. Disable your smartphone’s auto-connect to Wi-Fi feature to help reduce this risk.

2. Connect to reputable sites to get Olympic coverage.

Phony sites that claim to stream Olympic coverage can actually harm your device and result in stolen data. Dave Kashi from The International Business Times reports that “harmful actors may create fake websites and domains that appear to host official Olympic news or coverage, which could be used to deliver malware to an end user upon visiting the site. Such sites are also known as drive-by downloads or watering holes.” Kashi provided a list of sites that provide credible Olympic coverage, including: NBC, NBCSN, MSNBC, USA Network, NBCOlympics.com and the Olympics’ Twitter, Facebook and Instagram accounts.

3. Lock mobile devices and install remote wipe apps.

In case of mobile theft or loss, keep a passcode on your smartphone to help delay identity thieves and cyber criminals from accessing sensitive data on your phone. You can also download apps for your iOS or Android device that allow you to remotely wipe your SD card and phone data in the event it is lost.

If you are abroad or plan on traveling abroad to visit Sochi for the Olympics, check out our past blog post: 10 Ways to Prevent Identity Theft While Traveling

What are some additional ways to protect your devices during this Olympic season? Let us know on Facebook or Twitter, and please be sure to stay up-to-date on the latest security news on our Tumblr.

Load More Posts