The Hollywoodization of the Hacker: Lessons From Mr. Robot

By | November 10th, 2016|Online Safety|

CSIDCurrent shows like Silicon Valley and Mr. Robot and movies like Blackhat have brought hackers into the ranks of pop culture’s most popular protagonists. Until recently, hackers in movies have largely been represented as zany sidekicks or mysterious recluses. But now hackers, and especially vigilante white-hat hackers, are being portrayed like real life, albeit unlikely, superheroes. With audiences so invested in their digital lives, it is easy to see why this shift has occurred. Especially among the younger crowd, who are more digitally active than any previous generation, it makes sense that those with the ability to directly impact digital spaces have become the subject of fascination. TechCrunch argues that these stories have also become popular because viewers are more educated and curious about cybersecurity: “They are finally starting to understand that cyberattacks are real threats and that cybersecurity matters.”

Mr. Robot has been a particularly good example of this change in how Hollywood writers represent hackers. It’s unlike many of the movies and television shows that came before it because of its realism. The main character, Elliot, is a cyber security professional by day and vigilante hacker by night. He exploits his targets using the same methods we’re seeing today, like DDoS attacks, tapping into unsecured Wi-Fi networks, and social engineering where hackers trick victims into sharing their personal information. Elliot joins a group of vigilante hackers called “fsociety,” many of whom are in their early to mid-20s. fsociety’s age range matches the real life trend of hackers getting younger and younger, especially as executing attacks no longer requires years of experience or an advanced technical background. Our CIO, Adam Tyler, will be speaking more on that topic at SXSW this year.

To mitigate the risk and consequences of attacks like those seen in Mr. Robot, here are some of the security measures you can implement:

  • Use strong passwords. Hackers can crack a weak password in minutes. Strong passwords are at least 12 characters long, are comprised of a cryptic combination of letters and numbers, and do not include any words found in a common dictionary.
  • Avoid unsecured Wi-Fi networks. Unsecured Wi-Fi connections, like those in airports and coffee shops, leave users wide open to a variety of man-in-the middle Hackers can capture Internet history tracking data, insert themselves into communications between systems and people, and track keystrokes. This is why users should avoid unsecured Wi-Fi wherever possible. Some great alternatives for connecting to the Internet on the go are secured personal hotspots, or a Virtual Private Network (VPN).
  • Practice good social media habits. Even seemingly innocuous information found on social networking sites, like your pet’s name or high school mascot, can be used by criminals to gain access into your accounts, as these often serve as the answers to popular password-reset questions. Check your privacy settings to make sure you’re not over-sharing information on social media.

Do you watch Mr. Robot or any other show featuring hackers? Tell us your thoughts over on Twitter, Facebook, and LinkedIn.

 

Loyalty Rewards Programs: A New Cybercrime?

By | November 13th, 2014|Uncategorized|

Rewards PointsCyber criminals are getting creative. We constantly hear about hackers stealing credit card numbers and even Twitter handles. Now, they have also added your loyalty rewards points to their list.

Brian Krebs wrote an excellent article highlighting a few of interesting cases where victims had rewards points stolen.

One victim reported that he had about 250,000 Hilton Honors points stolen from his account. These points were used to reserve a number of Hilton hotel rooms, and then the criminals continued to purchase additional points with the corporate credit card associated with the account.

Experts are also starting to see rewards points being sold in the online black market for a fraction of their worth. For instance, a hacker might sell points worth $1,200 in hotel reservations for $12.

So what does this mean for you? It is unlikely that stolen rewards points are going to overtake trends like mobile malware or medical identity theft as the “next big thing” to worry about. That said, we always recommend keeping up-to-date with the latest security trends and being proactive about protecting your identity and online accounts.

Some proactive actions you can take now:

  • Keep an eye on your bank accounts and credit reports as usual. Stolen rewards points may actually be one small piece of a larger puzzle when it comes to identity theft.
  • Avoid saving credit card information on websites with rewards programs, such as your favorite hotel, airline or retail site.
  • Use a secure, unique password for loyalty program sites. Don’t reuse passwords.
  • As a retailer or company that offers reward points, institute a CAPTCHA system to protect against hacking bots and scripts.

What are your thoughts on stolen rewards points? Is this something that concerns you? As always, join the conversation on Twitter, Facebook or LinkedIn.

Avoiding Hackers in College (AKA Jennifer Lawrence is a Millennial Too!)

By | September 3rd, 2014|Uncategorized|

millenialsThis guest blog post is a part of our cyberSAFE blog series focusing on back-to-school security, privacy and identity topics. It comes to us from Cynthia Lieberman, co-founder of CyberWise, the go-to-to source for busy adults who want to learn how to embrace digital media fearlessly, and the CyberWise Certified online learning program (check out the course on “Online Security Strategies”). Cynthia has an M.A. in Media Psychology and Social Change and with 20+ years of entertainment marketing and media experience under her belt, she also consults for a diverse range of companies in marketing, social media and professional online profiling.

In a flagrant violation of privacy, personal photos stored on iCloud were recently hacked from celebrity cellphones and leaked onto “4chan,” a simple image-based bulletin board where anyone can post comments and share images anonymously. One suspected cause surrounding this incident is that a group of celebrities attending a recent awards ceremony were somehow hacked using the venue’s public Wi-Fi connection.

Many of these celebrities, like Jennifer Lawrence and Kate Upton, are young millennials (age 18-27) who grew up using social media networks such as Facebook, MySpace and most recently, Instagram, SnapChat and more, and consider online social sharing to be part of their daily communication routine.

Despite their obvious celebrity status, many of these stars are no different than other millennials. They are at ease with online technology and comfortable sharing their personal info online. Unfortunately, the consequences of this comfort level have led them all—famous or not—to engage in risky online behaviors.

The Federal Trade Commission reports that people between the ages of 20-29 are the most-victimized age bracket when it comes to identity theft, making up 20 percent of all reported victims last year (and that’s followed closely behind by ages 30-39). This is partly because college students in particular are heavy social media users with smartphones (and often used without passwords).

Many of these millennials are leaving the parent’s nest and flying off to college dorms, unaware that unless they take certain online security precautions, they too can become easy targets for identity theft. In fact, most recently and for the second time in less than three months, hackers have broken into Stanford University’s computer network, and other university servers have been put at risk this year, including MIT, North Dakota University, and the University of Maryland.

Why are students so easy to target? For one thing, college students don’t have a credit history, making their blank slates easy to steal. They don’t usually do a regular check of their credit reports, so If their identity is stolen, it can go undetected for even years.

Here are just a few tips for college students to keep their online identities safe on (and off) campus:

  1. Don’t use public WiFi. College campuses, coffee shops and restaurants are rife with WiFi. Never shop online, log into credit accounts or do any banking transactions with your bank while on a public connection.
  2. Be alert when shopping online. Make sure you only buy from sites that have the security lock symbol next to the URL which can help ensure the website has taken appropriate measures to protect your info. While not foolproof, it will certainly lessen the risk.
  3. Never share your passwords with others. Not even your fraternity brothers or your BFF. Not for website sign-ins, email, online banking or access to the school’s library. Think about it…what if you shared a password with someone you know and they later decide use it to do something stupid on one of your social networks or with your bank account? It’s more than just a trust issue, and not worth the risk.
  4. Have complex passwords that you don’t tape under your desk. Make a habit of having several different “difficult to guess” passwords that you change regularly, and don’t store them on your PC, in a notebook or on mobile devices. Don’t use easy to find phrases like your birthday or last four digits of your social security number either.While it may seem easier for you to have one password for multiple websites, it leaves you wide open for thieves to hack your data. With one password, they can sign in to your email account and have a field day with your email—and everything else associated with it.
  5. Size Matters. Also, do the math—the length of your password is just as important as its complexity because longer passwords make it harder for hacking software to determine your combinations of letters, symbols and numbers.
  6. Don’t click that link. There’s no such thing as a free lunch. No matter how good that deal may sound, if you get an email or text saying you’ve won something or that has a tempting link, think twice before clicking. A recent study revealed that 52% of millennials—compared with 40% of those aged 35+—are more willing to exchange privacy for value with companies as long as they get something in return (i.e. special deals or freebies). Hackers prey on our greed, so avoid offers of smileys, screen savers and coupon-printing software and be especially cautious about downloading free media like movies and games: peer-to-peer networks are full of malware. Same goes for website pop-ups that tell you that you have a virus. With so much pirated software in the market, there is an increased chance that some sort of malware is involved.
  7. Be email cautious. Never open an email – especially an attachment – from an unknown source. Be wary of emails with no subject line or that is strangely vague or brief (i.e. “Hey” or “Cute!”), especially if a web link is included. Viruses can also come from friends that have already been hacked. Open its attachment and you could unwittingly be spreading the virus to others. For safety, verify the source with that friend before you open.
  8. Avoid credit sharks. Credit card and student loan businesses are known for inundating college students with great freebies in exchange for completed credit card applications. Don’t do it! If you want to apply for credit, go to the company’s secure website from your private, password-protected Internet connection, and never over a public WiFi.
  9. Careful about oversharing. Many websites ask for answers to personal accounts to help protect your privacy such as “What’s your dog’s name?” “Where did you grow up?” “What’s your mother’s maiden name?” Many of your answers can be found by checking out info you’ve posted on social media sites like Tumblr and Facebook, so be careful what you post and how transparent your security answers be when answering them.
  10. Don’t assume your phone or tablet is safe. It’s not only PC’s that are susceptible to viruses and hackers, but tablets, phones and apps are too. Lots of virus programs can be installed for cheap or free; just make sure they are downloaded from a secure website by a reputable company.
  11. Monitor your credit report regularly. Sounds like a hassle, right!? It’s worth it though because it’s much easier to catch an identity thief early on by keeping regular tabs on your credit report than it is to make a gazillion calls later to set your record straight.
  12. Trust no one. Imagine finding out when applying for a loan that someone has stolen your ID and has been opening accounts using your name—and it turns out the thief is a former neighbor or relative! Yes, even college roommates, offline and especially online “friends” and classmates can be scammers.
  13. Be app-alert. Be careful what you put on your mobile devices. Always use reputable apps, and select them cautiously. Make sure you use the Google Play or iTunes store, and never click any boxes that allow installation settings from unknown sources.
  14. Leave your important documents with your parents. Social Security cards, passports, and birth certificates should be stored off-campus under lock and key. Only carry physical copies of the ID that you actually need, like a driver’s license and student ID. Shred credit card and bank statements and any paper documents that have sensitive financial information rather than just throwing them in the trash.

These are just a few tips on how to steer millennials (and yourself) out of harm’s way when it comes to identity theft and online security. If you want to learn more, check out our CyberWise Learning Hubs and CyberWise Certified Online Courses on related subjects, including Online Security Strategies, How To Protect Your Online Privacy, Online Reputation Management and more.

News Recap: Experts Working To Protect Cars From Cyber Attacks

By | July 25th, 2014|Uncategorized|

Car Cyber AttacksThis week, Reuters released news that security experts Chris Valasek and Charlie Miller plan on displaying an “intrusion prevention device” in a prototype vehicle during August’s Black Hat hacking 2014 conference. This prototype will demonstrate ways to keep vehicles safe from cyber attacks.

The automotive industry is finding that cyber criminals are using vehicles’ electronics to their advantage as the Internet of Things (IoT), or the idea that everyday objects have network connectivity and the ability to send and receive data, continues to evolve. Wil Rockall, director at KPMG’s cyber security practice, explains in Information Security just how cyber criminals are using cyber attacks to put drivers in danger.

“These attacks could potentially allow cyber-attackers to penetrate in-car systems, either using physical interaction or also by seizing control through attacks over the Internet; typically a connected car network has over 50 potential access points for a cyber-attacker now, and this will only increase as the level of technology integrated into the car goes up,” explained Rockall. “Three years ago, criminals sought access to vehicles by stealing the keys, but today three-quarters of cars stolen in London are done so without them, principally through electronic methods. It is important that cyber-attacks do not become physical ones because manufacturers are unable or unwilling to design in security.”

Kaspersky Labs recently analyzed potential attack vectors in vehicles and shared ways in which cyber criminals can attack connected cars. One example of an attack vector includes stolen credentials. These credentials could possibly enable a cyber criminal to “install a mobile app with the same credentials and potentially enable remote services before opening up the car and driving it away.”

The device that security experts Valasek and Miller plan to exhibit at the Black Hat conference costs $150 in electronic parts, Reuters reported, “though the real ‘secret sauce’ is a set of computer algorithms that listen to traffic in a car’s network to understand how things are supposed to work.” Valasek explained that the device has the ability to detect traffic anomalies when an attack occurs and blocks rogue activity.

How can the automotive industry better protect against cyber criminals’ attacks? What other everyday objects or devices are at the risk of being hacked? Tell us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

Keylogging malware on public computers is a growing concern

By | July 23rd, 2014|Uncategorized|

keylogger malwareThis month, the U.S. Secret Service issued a warning about the increasing practice of hackers installing keylogger malware on computers in hotel business centers. The malware captures keys struck by hotel guests that use the computers and then sends that information via email to the malicious hacker. The result – any sensitive information the traveler types in to the computer is compromised.

Hotel systems hold a treasure trove of data, including email addresses and email account logins, card details, even logins to travel and rewards accounts. More importantly, they are more likely to host information related to a government issued ID like a driver’s license or passport, common documents that are referenced when traveling.

While keylogger malware is nothing new, we have seen a huge increase in hotels being targeted by this remote malware. We have seen more than 50 different hotel chains compromised in the past few weeks via our CyberAgent software including a handful of large US-based hotel chains. We’ve also seen the same type of installations at libraries and museums – virtually any environment that offers public access to a computer. Keylogger malware is an opportunistic, low risk and high reward attack method, and anyone using a public computer should be aware the risks.

To avoid being the victim of keylogger software, consider the following:

  • Keyloggers can’t record what isn’t typed. When using a public computer be aware of the accounts you log in to and the information you share. Avoid logging in to high value accounts like your bank account or Amazon account. In instances where logging in to a high value account is unavoidable, change your password when you get home.
  • Speaking of changing your password, it is generally a good practice to update your passwords frequently. This practice alone will hamper most keylogging attacks.
  • Assume that anything you do on a public computer will be recorded and used by others. Follow this advice and you should be okay.

Cyber Criminals Pose Big Threat to Banking Industry

By | February 21st, 2014|Uncategorized|

guest blogThis guest blog post comes from Rebecca Gray who writes for Backgroundchecks.org.

As the world is flattened into cyber commerce, banking industry hackers have become progressively more dangerous. Ultimately, cyber criminals have tapped into over half of the world’s top 50 banking websites in the last eight years and are responsible for around $1 billion in losses per year from the banking industry. It is clear, then, that these cyber criminals are seriously threatening the security of multi-national banking infrastructures. In turn, those companies are responding with real security measures to keep their information safe. This has created a market for new companies that enable cyber security services that keep hackers at bay.

Identifying High Risk Internationally

As companies continue to rely on international banking structures through Internet communication, the information available to cyber criminals knows no language or regional bounds. Global system security is paramount, as the information held by the banking industry is highly valuable and attainable, if systems are breached. For this reason, banking institutions are raising the stakes on security. Companies are bidding for the time and expertise of the best minds working on Internet security. The time is now to bring in greater security measures, enhancing firewalls and general cyber defense.

Threat Management Services

Preventing the possibility of cyber attacks requires a full-time comprehension and analysis of threats, along with a qualified response plan. Preparing for potential security breaches means hiring qualified professionals, allowing banks and their clients to supplement the security infrastructure with cutting-edge security practices. The value of such consulting has increased in recent decades, responding to increased threats and rising numbers of incidents. Several smaller Internet security companies have merged with the world’s most respected banking and accounting firms. Simply put, cyber security is booming.

Risk Perspective Reports

The most recent Office of the Comptroller of the Currency’s Semi-Annual Risk Perspective shows alarming accelerated risk of cyber attacks in financial institutions. The problem is this: criminals seek information and their ability to access bank information with profound ease is only getting better.

The results confirm that cyber attacks remain high, proving once again the importance of mandatory security audits. As security infrastructure is monitored, banks get a better understanding of the increasing and concentrated risk facing the banking industry, as a whole. By measuring the risk independently, banking institutions are able to defend themselves against cyber theft and prepare end-to-end solutions with customized plans.

Re-Training Employees on Security

As intensifying cyber threats plague the banking industry, current employees are being retrained in technology security. Understanding cyber issues is key to banking security, so the industry is seeing a greater emphasis on IT jobs and overall awareness of IT skills in job descriptions and expectations. This re-training, sparked by massive breaches internationally in both banking and retail sectors, has brought new training services to the industry. As new threats keep appearing, new employee training programs emerge to confront them.

Adapting to New Challenges

The evolution of cyber issues in the financial sector is happening quickly and banks are trying to keep pace. Insightful minds at the best-protected companies are thinking ahead of the game, investing in and planning strategies for cyber security. With the recent public attention on data breaches, financial structures are calling for fresh perspectives on cyber security – and fast. While many people working for these banks were trained to face hackers, techniques used to steal data change quickly. By the time IT staffers understand prevailing threats, they may already be a step behind attackers. Consistent training and retraining is the only way to stay ahead of emerging vulnerabilities.

Innovators in the Industry

The question is not how to eliminate cyber threats—because controlling outside parties will always be tough—but, instead, how to prepare, and remain resilient in cyber defense. Market-leading companies protect banking infrastructures through enhanced security customizations, each crafted to address new threats.

Join CSID: Talking Security at SXSWi 2014

By | February 20th, 2014|Uncategorized|

SXSWi_v2One of the perks of headquartering in Austin, Texas is our proximity to the ever-growing South By Southwest Interactive (SXSWi) festival. And beyond the renowned parties, food and celebrities, we are most excited to host three speaking panels.

Which one will you attend? While they all coincidentally overlap on the schedule, you can’t go wrong with whichever you pick – all three feature intriguing speakers and hot security topics. Here’s all the information you’ll need to know about CSID at SXSWi:

When Good Technology Goes Bad: Mobile Technology

Did you know that in less than 60 minutes you can turn a $20 router into an attack platform that is capable of stealing hundreds of thousands of dollars worth of data? Did you know that this can be done with very little technical expertise? It’s possible, and Adam Tyler, Chief Innovation Officer with security technology company CSID, is going to demo this process live, and show just how easy it is to turn an inexpensive, widely available technology into a device that can threaten individuals and businesses. While doing his demo, Adam will provide an inside look into the world of data theft and malware on mobile devices. He will discuss how inexpensive and powerful technologies have made it easier than ever to inject malware and steal data from laptops, smartphones and tablets. And with technology becoming evermore powerful, Adam will provide insight into what we can expect from future mobile threats and how we can proactively fight against them.

Presenter: CSID’s CIO Adam Tyler

Where: Austin Convention Center, Ballroom E

When: Sunday, March 9 from 5:15 – 5:30 PM

Hashtag: #SXTechHack #SXSW

Note: Adam’s presentation is a Future15 session, a succinct 15-minute solo talk and Q&A.

That Was the Old Me: Managing Online Reputation

91 percent of hiring managers now look at social media profiles when screening job applicants, and one in 10 young job applicants has been denied due to their online reputation. Companies are concerned with employees’ personal behavior more than ever, and brands are leveraging customer data for increased sales. Meanwhile, many of us are so caught up in being relevant, authentic and part of the conversation that we fail to realize the overall impression our digital identity presents, or the impact a few bad pictures or a drunk rant might have on our futures. In this dual panel, security expert Bryan Hjelm from CSID and Internet privacy lawyer and reputation management specialist Parry Aftab will debate the topic of online reputation, including reputation management techniques, privacy and legal implications, and use cases for businesses. No matter your perspective – as a consumer, professional, HR manager or CEO – this discussion directly impacts your life and is one you don’t want to miss.

Presenters: CSID’s VP of Product & Marketing, Bryan Hjelm, and Managing Director of WiredTrust, Parry Aftab

Where: Sheraton Austin Creekside

When: Sunday, March 9 from 5 – 6 PM

Hashtag: #SXSW #SXRep

Growing Up Unprotected: Child ID Theft

Children are 51 times more likely to have their identities stolen than adults. Now that children have a digital footprint at an early age, identity thieves have found an easier route to take advantage of children’s unused social security numbers to secure thousands of dollars in loans and credit – and go undetected for years. While most parents understand the dangers of online predators, nearly half of parents are unaware that child identity theft is a growing problem. Children with stolen identities can have difficulty applying to colleges, opening savings accounts or credit cards, and may have thousands of dollars of fraudulent debt associated with their name prior to turning 18. In this discussion, online child safety advocates Chris Crosby, CEO of Inflection Point Global and Managing Director of SociallyActive.com, and Clay Nichols from LookOut Social will explore today’s digital landscape of child identity as it relates to our social and professional lives.

Presenters: Chris Crosby, CEO of Inflection Point Global, and Clay Nichols, CEO of LookOut Social

Where: Sheraton Austin Capitol View North

When: Sunday, March 9 from 5 – 6 PM

Hashtag: #SXChildID #SXSW

Note: While CSID is not represented among the panelists, we did arrange and organize this panel and we are excited to support it.

Will we see you at SXSWi? What other security and technology panels would you recommend this year? As always, let us know on Twitter and Facebook.

News Recap: 2014 Security Predictions Roundup

By | December 5th, 2013|Uncategorized|

predictions picAs 2013 quickly comes to a close, the security industry has begun making predictions for coming threats and trends for 2014. Here’s a collection of five recurring 2014 security predictions.

1. BYOD will continue to grow – and cause risks – in the workplace

More and more businesses are adopting “bring your own device” (BYOD) practices and will continue to do so next year. Entrepreneur reporter Mikal E. Belicove found that 60 percent of businesses employ a BYOD strategy because “the efficiencies offered by a mobile work force are too great to pass up, and moving the cost of access to the employee is too juicy a cost savings to ignore.” What are the threats associated with a growing BYOD workforce? According to Help Net Security, the potential risks stem from “both internal and external threats including mismanagement of the device itself, external manipulation of software vulnerabilities and the deployment of poorly tested, unreliable business applications.”

2. Internet of Things moves from buzzword to security matter

ZDNet coins the Internet of Things (IoT) as 2013’s favorite buzz-phrase and believes that 2014 will be a time to evaluate how security plays into the IoT: “If 2013 was the year that the idea of the IoT (and many practical applications) went mainstream, then 2014 is likely to be the year when the security implications of equipping all manner of ‘things’ — from domestic refrigerators to key components of critical national infrastructure — with sensors and internet connections begin to hit home.” To circumvent security disasters from occurring amidst the IoT, Help Net Security suggests that the companies making the “things” should “continue to build security through communication and interoperability” and by “adopting a realistic, broad-based, collaborative approach to cyber security” with government departments and security professionals.

3. Hackers will want to destroy data, not collect it

In the past, cyber criminals have wanted to access information for profit, but over the course of 2013 a shift occurred. The 2013 IBM Cyber Security Intelligence Index report found a rise in the number of sabotage cases versus espionage. The reason? Because vulnerabilities within organizations often leave attackers with opportunities to cause damage. InformationWeek says “in 2014, organizations need to be concerned about nation-states and cybercriminals using a breach to destroy data.” Additionally, InformationWeek noted that ransomware will begin affecting small and medium sized businesses.

4. Cyber criminals will use social networks to infiltrate businesses

Social networking continues to expand into the business sector. This being the case, attackers will prey on businesses using social networks and high-level executives participating in business networking sites like LinkedIn to compromise organizations and gather intelligence, InformationWeek says. ZDNet, too, notes that social networking will be increasingly used in 2014 to “lure executives and compromise organizations via professional social networks.”

5. Attackers will look to the cloud for valuable data

Like the IoT, 2013 was an influential year for the cloud industry, but as more businesses continue to adopt cloud technology, hackers have and will continue to find ways to exploit cloud-stored data. To protect against cloud cybercrime, senior consultant at Windstream Kent Landry predicted in Help Net Security that “cloud providers will need to be certified in cyber security standards like NIST, PCI DSS compliance, STAR certifications, and other industry checkpoints. The security industry will flourish as organizations increase investment in protecting both their data and their customers with more advanced prevention software and training.”

What are your security predictions for 2014? Let us know on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

U.S. Cyber Security By The Numbers

By | October 30th, 2013|Uncategorized|

IBM recently published the 2013 IBM Cyber Security Intelligence Index, a report detailing the global threat landscape across 3,700 IBM clients in 130 countries. The report analyzed the most affected industries and the most comment types of attacks, motivation behind attacks, how human error comes into play and suggestions on how to create a strong cyber security defense. The findings? Cyber threats are increasingly becoming more opportunistic as human fallibility creates vulnerabilities within an organization.

Affected Industries

To get a better understanding of who and what cyber criminals are targeting, researchers took a look at the industries that were most affected. The manufacturing and finance/insurance industries took the lead, accounting for nearly 50 percent of all security incidences. Researchers were not surprised to find that these industries were the most affected, but their interest piqued when seeing a rising number of cyber attacks focused on sabotage compared to the number of espionage cases within these industries. The report shows that attacks are often “aimed at causing physical damage, disruption and safety issues – rather than accessing information.” Why? Because vulnerabilities within organizations often leave attackers with opportunities to cause damage.

The depth of human error

More than 49 percent of the attackers surveyed claimed that existing vulnerabilities or weaknesses were their main motivator to attack in the first place. Having strong defenses in place can be a major deterrent to a cyber attack. However, human fallibility can greatly attribute to a company’s vulnerabilities. According to IBM’s report, humans can account for roughly 80 percent of company breaches.

Reduce vulnerabilities and build awareness

In order to reduce vulnerabilities within a company’s cyber security, IBM provides 10 ways to better protect against cyber attacks. Here are a few recommendations from CSID:

  1. Continue to educate your employees on cyber security risks. Keep employees aware of the types of risks they should look out for and have an open door policy for employees to contact your IT team. Here is a list of the top 10 internet and email scams of 2013 for employees to be aware of.
  2. Build and enforce a strong social media policy. The blurred lines between personal and professional social media use can serve as a weak link in a business’s armor of defense. We recently held a reputation management webinar on this topic – see what our expert panelists suggest when it comes to employee social media use.
  3. Encourage strong passwords and require employees to change them frequently. Employees should never use the same passwords for work and personal use.

Are you surprised at these report findings? How can businesses reduce the amount of human error in cyber security? Let us know what you think on Twitter, Facebook and be sure to check our Tumblr for daily news updates.


Cyber security by the numbers

Security Insights: Web-borne Attacks Are On The Rise

By | May 10th, 2013|Uncategorized|

web-borne attack“Web-borne attacks are on the rise as cybercriminals and others who do harm to computer systems for profit or malice prey on the web’s areas of vulnerability, and businesses are feeling the effects of the attacks on their resources. Currently the weakest link is the web browser. Vulnerabilities in browser add-ons like Java, Flash and Adobe represent a common a common source of network incursions and endpoint infections.” – Webroot

Consider these key findings…

  • 8 in 10 companies experienced Web-borne attacks in 2012
  • Web-borne attacks are impacting businesses through increased help desk time, reduced employee productivity and disruption of business activities
  • 88% of Web security administrators say Web browsing is a serious malware risk to their firm
  • Phishing is the most prevalent Web-borne attack, affecting 55% of companies
  • Companies that deploy a Web security solution are far less likely to be victims of password hacking, SQL injection attacks, social engineering attacks and Web site compromises

Read more about the “2013 Web Security Report” from Webroot.

Phishing Is The Most Prevalent Web-borne Attack
“Phishing represents one of the fastest-growing causes of breaches and data loss as cybercriminals become progressively adept at luring users into divulging sensitive corporate data. As a point in fact, more than half of companies’ surveyed experienced phishing attacks in 2012. Phishing is particularly challenging because cybercriminals launch new sites that masquerade as legitimate sites so quickly and for such a short period of time that most existing Web security fails to detect them.” – Webroot

Security breaches via the Web in 2012:

  • Phishing Attack – 55%
  • Keyloggers or Spyware – 43%
  • Drive-by Download – 42%
  • Web Site Compromised – 42%
  • Hacked Passwords – 32%
  • Social Engineering Attack – 23%
  • SQL Injection Attack – 16%

None of the Above – 21%

How to protect yourself and your company
As an employee, you have a crucial role in the security of your company whether you realize it or not. A company cannot be secure without the help of every single employee. Below are some tips that you can follow in order to avoid Web-borne attacks, such as phishing scams:

  • Only browse websites that are required to fulfill your job duties
  • If something seems “shady” it probably is Do not submit confidential data on insecure HTTP websites
  • Go directly to websites instead of being at the mercy of embedded URLs in emails
  • Only open attachments that you are expecting and from senders that you recognize
  • Pay attention to URLs – if you are unsure about one, be on the safe side and do not visit it
  • Never email confidential information – pass this information on through telephone
  • NEVER enter confidential information on a pop-up screen
  • Pay attention to your web browser warnings
  • Report suspicious activity to the Information Security Officer
  • ALWAYS BE SUSPICIOUS

Be sure to check out our other blog posts on security. Share your tips for protecting your business with us on Facebook and Twitter.

Load More Posts
WordPress › Error

There has been a critical error on this website.

Learn more about troubleshooting WordPress.