News Recap: 2014 Security Predictions Roundup

By | December 5th, 2013|Uncategorized|

predictions picAs 2013 quickly comes to a close, the security industry has begun making predictions for coming threats and trends for 2014. Here’s a collection of five recurring 2014 security predictions.

1. BYOD will continue to grow – and cause risks – in the workplace

More and more businesses are adopting “bring your own device” (BYOD) practices and will continue to do so next year. Entrepreneur reporter Mikal E. Belicove found that 60 percent of businesses employ a BYOD strategy because “the efficiencies offered by a mobile work force are too great to pass up, and moving the cost of access to the employee is too juicy a cost savings to ignore.” What are the threats associated with a growing BYOD workforce? According to Help Net Security, the potential risks stem from “both internal and external threats including mismanagement of the device itself, external manipulation of software vulnerabilities and the deployment of poorly tested, unreliable business applications.”

2. Internet of Things moves from buzzword to security matter

ZDNet coins the Internet of Things (IoT) as 2013’s favorite buzz-phrase and believes that 2014 will be a time to evaluate how security plays into the IoT: “If 2013 was the year that the idea of the IoT (and many practical applications) went mainstream, then 2014 is likely to be the year when the security implications of equipping all manner of ‘things’ — from domestic refrigerators to key components of critical national infrastructure — with sensors and internet connections begin to hit home.” To circumvent security disasters from occurring amidst the IoT, Help Net Security suggests that the companies making the “things” should “continue to build security through communication and interoperability” and by “adopting a realistic, broad-based, collaborative approach to cyber security” with government departments and security professionals.

3. Hackers will want to destroy data, not collect it

In the past, cyber criminals have wanted to access information for profit, but over the course of 2013 a shift occurred. The 2013 IBM Cyber Security Intelligence Index report found a rise in the number of sabotage cases versus espionage. The reason? Because vulnerabilities within organizations often leave attackers with opportunities to cause damage. InformationWeek says “in 2014, organizations need to be concerned about nation-states and cybercriminals using a breach to destroy data.” Additionally, InformationWeek noted that ransomware will begin affecting small and medium sized businesses.

4. Cyber criminals will use social networks to infiltrate businesses

Social networking continues to expand into the business sector. This being the case, attackers will prey on businesses using social networks and high-level executives participating in business networking sites like LinkedIn to compromise organizations and gather intelligence, InformationWeek says. ZDNet, too, notes that social networking will be increasingly used in 2014 to “lure executives and compromise organizations via professional social networks.”

5. Attackers will look to the cloud for valuable data

Like the IoT, 2013 was an influential year for the cloud industry, but as more businesses continue to adopt cloud technology, hackers have and will continue to find ways to exploit cloud-stored data. To protect against cloud cybercrime, senior consultant at Windstream Kent Landry predicted in Help Net Security that “cloud providers will need to be certified in cyber security standards like NIST, PCI DSS compliance, STAR certifications, and other industry checkpoints. The security industry will flourish as organizations increase investment in protecting both their data and their customers with more advanced prevention software and training.”

What are your security predictions for 2014? Let us know on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

New Juniper Research Findings: More than 80% of Smartphones are Unprotected from Malware Attacks

By | October 23rd, 2013|Uncategorized|

Juniper Blog PicThe Mobile Secutity: BYOD, mCommerce, Consumer & Enterprise 2013-2018 report by Juniper Research finds that more than 80 percent of smartphones devices remain unprotected from malware attacks. As mobile operating systems, including smartphones and tablets, continue to increase in usage, cyber criminals are transitioning their focus from PCs toward the mobile platform.

Although there is an increased risk of smartphone attacks from malware, the report shows consumer awareness is slower to adapt which allows attackers to easily search for ways to circumvent a defense perimeter. Cybercriminals use social engineering to actively persuade users to take shortcuts or to indulge in behaviors that allow the attacker access (Defending Against Web-Based Malware).

Despite low public perception, mobile security software is steadily on the rise due to increased malware attacks over the past two years. The report found that there will be an increase of 325 million mobile devices to have mobile security software installed by 2018, totaling around 1.3 billion devices.

As seen with the “TouchID” feature on the new iPhone 5s, protective measures are already beginning to be enacted. Looking back to CSID’s September blog post, Apple Announces Touch ID, a Fingerprint Password Sensor, the “TouchID” finger sensor could “act as a first line of defense against would-be thieves and hackers – even intelligence agencies, to a degree – against identity and content theft, fraud, and surveillance,” reports Zack Whittaker at ZDNet.

Kristin Badgett, CSID Information Security Officer, advises that the best way to protect yourself and your company from web-based cyberattacks and malware is to stay educated on how to spot and mitigate them. Look for suspicious signs in email and online, such as:

  • Online or email offers that seem way too good to be true
  • Receiving emails from an unrecognized sender or domain
  • URLs that seem odd or are off by a few characters or numbers
  • Applications running slower than normal or unexpected system behavior
  • Look for unexpected program launches, such as a pop-up window, system tray icon, or invisible processes in your task manager
  • Look for bad grammar and spelling errors in text of emails and web-based content
  • A flux of pop-up advertisements when you had pop-ups blocked

A good rule of thumb to follow: When in doubt, don’t click on it!

Follow CSID on Twitter and Facebook for more news and tips, and be sure to check out our Tumblr for the latest industry news stories.

10 Ways to Prevent Identity Theft While Traveling

By | July 24th, 2013|Uncategorized|

travelSummer is a prime time for traveling, and travelers are prime targets for identity thieves. Why? Because they typically carry more personal identifiable information with them than usual, including passports, airline tickets and extra credit cards. Additionally, people on vacation typically travel with more money in their bank accounts, making identity theft a high priority for criminals. Whether you’re traveling domestically or internationally this summer, for business or pleasure, be sure to follow these 10 tips to help prevent having your identity stolen while you’re away from home.

1. Leave important PII documents at home
Before you set off, leave personally identifiable information documents at home, including social security numbers, bank statements, medical documents and personal checks. These documents are easily stolen – or forgotten – from your wallet, rental car or hotel room.

2. Don’t use public Wi-Fi at the airport
Never connect to an unsecured Wi-Fi network on your laptop or mobile device. Connecting to “Free Public Wi-Fi” at the airport or other public place enables cyber criminals to capture your Internet history tracking data, aka “cookies,” and access your email and social networking accounts. Use a VPN (virtual private network) and/or stay on your 3G or 4G connection to remain secure.

3. Keep your mobile device locked
Password protect your phone in case it is lost or stolen. This can prevent, or at least delay, identity thieves from accessing sensitive apps and data. For extra protection, you can download the “Find My Phone” app for iOS or “Where’s My Droid” app for Android that enables you to remotely wipe your SD card and phone data.

4. Treat your child’s identity as your own
Children are also a key target for identity thieves – one in 10 children will become a victim to child ID theft. Treat their PII documents as securely as your own, and teach your children to avoid public Wi-Fi on mobile devices during your trip.

5. Don’t store devices in checked baggage
While it may be tempting to store a heavy laptop in your checked luggage, it’s safer to keep your devices with you in your carry-on baggage. Keeping your devices close to you while traveling helps keep snoops away.

6. Don’t post on social media during your trip
Avoid posting pictures and locations while you’re vacationing, including Facebook updates, tweets, Instagram pictures and Foursquare check-ins. This can alert criminals to your absence and give them a prime opportunity to snatch your unchecked mail or worse – break into your unprotected home.

7. Update everything before traveling
Make sure all of your devices are up to date on the latest software prior to going on your trip, as updating while traveling (on hotel or public Wi-Fi for instance) can increase your chances of downloading malware.

8. Use the hotel security box
Carry as little personal information with you as possible to protect against pickpockets and muggers, and safely store the rest of your documents in the hotel safe.

9. Check your bank account activity intermittently
Make sure there’s no fraudulent activity occurring during your trip – and after. Keep an eye on your bank account for several weeks after returning from a trip; identity thieves are patient and will likely use your information after you return home.

10. Change log-on passwords when you return
To be extra sure that criminals will not be able to access your bank accounts, email or social accounts, change your passwords. Create long passwords that do not contain any personal information an identity theft could guess. Avoid using words like “password” or “123456,” or any of these “Worst Passwords of 2012.”

News Recap: Employees’ Personal Activities at Work Can Lead to Data Breaches & Malware

By | July 18th, 2013|Uncategorized|

employee_workRecent surveys from Europe and the United States show that employees spend up to 30% of their working hours on personal matters. According to Infosecurity Magazine, “all of those non-productive hours could translate to not just lost output, but actual negative equity in the form of malware attacks and hacking incidents.”

Kaspersky Lab Expert Kirill Kruglov believes that personal use of office computers can lead to targeted attacks in a corporate network.

“The fact is that employees often use office computers to communicate on social networking sites, share links to online entertainment, or download files from suspicious resources,” Kruglov said. “ At the same time cybercriminals are actively using social networking sites for phishing and the distribution of malware. Many personal blogs, entertainment sites, file sharing services, torrent trackers, and files downloaded from them are infected. Passwords to email accounts are regularly hacked or stolen.”

Infosecurity magazine outlined an example of a targeted attack in 2009, where more than 20 major software companies were infiltrated via employee fallibility. During this attack, cyber criminals gathered employees’ information through social networks, became online “friends” with the employees and later accessed the employees’ workstation account when the employee logged onto their social sites.

Do you think employees are more likely to use social sites at work if their company has a BYOD policy? What is your company’s policy for using social media sites at work? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr page for the latest industry news stories.


News Recap: Mobile Malware Infecting Mostly Android Users

By | July 11th, 2013|Uncategorized|

mobile_malwareJuniper Networks Mobile Threat Center released their third annual mobile threats report, which found an increasing presence of mobile application malware in Android devices. Compared to the 28,500 mobile malware apps detected in 2011, Juniper found a total of 276,259 mobile malware apps from March 2012 to March 2013, All Things D reported.

While all mobile devices are at risk, “criminals are focusing the vast majority of threats on Android and its open ecosystem for apps and developers, a trend that is likely to continue for years to come,” The Next Web said. “In 2010, Android made up 24 percent of all known mobile malware threats, in 2011 the figure increased to 47 percent, and by March 2013, Android was the target of 92 percent of all known threats.”

What has caused this increase in mobile malware applications? Cyber criminals find Android users to be a large and easy target: “The majority of Android users haven’t updated their devices to the newest version, which is another reason why cybercriminals prefer the operating system,” CNET said. “As of this month, only 4 percent of Android users were running the latest OS, according to Juniper. As users remain on older versions, like Ice Cream Sandwich and Gingerbread, they miss out on new security updates from Google.”

According to The Next Web, Michael Callahan, Juniper’s vice president in security product marketing, believes that as cyber criminals become more financially motivated, “carriers and software vendors must collaborate to develop future platforms that mitigate these large threats, enterprises and government organizations need to take a comprehensive look at protecting their data and networks by adopting a holistic mobile security approach.”

How does your business handle mobile security? Are there policies in place to protect against mobile application malware? Share with us on Twitter and Facebook, and be sure to check out our Tumblr page for the latest industry news stories.

National Internet Safety Month: Keeping Children and Teens Safe on Mobile

By | June 27th, 2013|Uncategorized|

internet_safetyThis June, organizations across the country are celebrating National Internet Safety Month, a nationwide effort to spread awareness on Internet dangers and provide resources to educate children, teens and adults on preventative measures.

National Internet Safety Month was passed as a resolution in 2005 by the U.S. Senate to raise awareness of the need for online safety, especially among children and teens. The Internet safety landscape has changed since 2005, thanks to the rise of smartphones and social media. Now children and teens are connected to the Internet more than ever with mobile devices, putting themselves at higher risk for identity theft and child predators. In fact, 78% of teens now have a cell phone and almost half (47%) of them own smartphones according to Pew Research’s Teens and Technology 2013 Report. That’s a large increase compared to just 23% having smartphones in 2011. Additionally, teens are connected to tablets just as often as adults.

This constant connection to the Internet means that parents and educators have a responsibility to teach children and teens how to stay safe online, especially on their mobile devices. Here are 5 tips for keeping your child’s identity and device free from cyber criminals.

  1. Teach children how to identify email and text phishing scams: Frauds will send you a text or email that looks like it is from a familiar source in order to squeeze personal information out of you. Do not click on any links and never respond with personal information such as your phone number or home address. Personal information should only be given in person.
  2. Don’t use public Wi-Fi: Some smartphones may be set to automatically connect to Wi-Fi, giving hackers a chance to steal information from your phone. Show your children how to turn off that setting to avoid using unsafe public hotspots.
  3. Disable GPS identifiers on social media apps: Children and adults alike should turn off GPS identifiers on social media apps, including location stamps on Facebook posts, tweets and Instagram pictures. Geotagged information can compromise privacy and reveal personally identifiable information (PII) to identity thieves.
  4. Prevent mobile malware by downloading credible apps: Mobile malware can slow down your phone’s processing abilities, steal your photos, spam your contacts and hack into your email. Help your children prevent malware from getting onto their mobile devices by allowing them to download only credible apps from known app marketplaces.
  5. Protect devices with anti-virus software: Though iOS does not have anti-virus software for mobile devices, Android users can download extra protection for their phone.

What are some additional ways you protect your children and yourselves online? Be sure to share with us on Facebook and Twitter and don’t forget to take a look at our blog post “5 pieces of information kids should not share online” for more child identity theft protection tips.

Industry News Recap: Combating IP Theft Through Computer Lockdowns

By | May 30th, 2013|Uncategorized|

laptop_lockThe US Commission on the Theft of American Intellectual Property released an 89-page report assessing how international intellectual property theft affects the United States. The report claims that there is more than $300 billion annually in intellectual property theft, and US Cyber Command commander General Keith Alexander calls this theft “the greatest transfer of wealth in history.”

The end of the report includes recommendations that involve combating cyber thieves. BGR states “[the Commission suggests that] copyright holders should be allowed to take more assertive action against intellectual property thieves, including developing software that will ‘allow only authorized users to open files containing valuable information’ and will potentially lock down any unauthorized computer that tries to access the file.” More specifically, the lock down will provide “instructions on how to contact law enforcement to get the password needed to unlock the account” (Network World).

Some were wary of these recommendations. Technology blog Boing Boing claims that locking down the computer is a “mechanism that crooks use when they deploy ransomware.” PC World called the lock down method “legalized ransomware” and highlighted another IP Commission recommendation: “Corporate vigilantes need not stop there, according to the commission. They could photograph hackers using the cameras built-in to the miscreant’s computer, infect the hacker with malware, or physically disable the suspected IP thief’s computer.”

Take a look at the report and the Washington Post op-ed piece the Commission co-chairs wrote to summarize the report, and let us know what you think: is combating intellectual property theft with computer lock downs and possibly infecting cyber thieves’ computers with malware extreme? Or are current cybersecurity laws too lax? Tell us your thoughts on Twitter and Facebook. Be sure to check out our Tumblr page for the latest industry news stories.

Industry News Recap: Internet Browsers Analyzed for Best Protection Against Malware

By | May 17th, 2013|Uncategorized|

internet_browsersNSS Labs recently published a comparative analysis of leading web browsers, examining each browsers’ ability to block malware downloads. They conducted a month-long test with the top five Internet browsers (Firefox, Chrome, Internet Explorer, Safari and Opera) against 754 samples of malicious software. According to the results, the browser that protects against malware the best is Internet Explorer, blocking 99.96% of the real-world malware samples. Chrome placed second, protecting against 83.16% of the samples, with Safari (10.15%), Firefox (9.92%), and Opera (1.87%) following.

The main reason for the difference in effectiveness relied primarily on measuring each browser’s reputation-based blocking mechanism. According to an article in InfoSecurity Magazine, “the flaw is that since the block is based on reputation rather than known bad content, it is susceptible to false positives. To avoid blocking what might be a legitimate ‘clean’ URL, the user is given the option of accepting or overriding the block. There remains, noted the report, ‘the danger that social engineering attacks can deceive users into bypassing the file blocking and installing malicious software.’ The frequency with which users are allowed to override a block thus becomes an important issue.”

As malware continues to be an issue for both at-home PCs and mobile devices, a browser’s capacity to block malware is becoming increasingly important. “Malware downloads via Web browsers are the most common infection vector for cyber criminals seeking to swipe passwords, engage in financial or click fraud, or install bots on target machines. Any organization could be one malware download away from becoming the next victim of a complex APT attack, and relying on end-users to exercise necessary caution to protect their systems as they browse is an invitation for infection,” said Ted Samson, InfoWorld.

What browser do you use most at work? At home? After hearing this report, will you change the Internet browser you use daily to protect against malware? Let us know what you think on Twitter and Facebook. Be sure to check out our Tumblr page for the latest industry news stories.

Security Insights: Web-borne Attacks Are On The Rise

By | May 10th, 2013|Uncategorized|

web-borne attack“Web-borne attacks are on the rise as cybercriminals and others who do harm to computer systems for profit or malice prey on the web’s areas of vulnerability, and businesses are feeling the effects of the attacks on their resources. Currently the weakest link is the web browser. Vulnerabilities in browser add-ons like Java, Flash and Adobe represent a common a common source of network incursions and endpoint infections.” – Webroot

Consider these key findings…

  • 8 in 10 companies experienced Web-borne attacks in 2012
  • Web-borne attacks are impacting businesses through increased help desk time, reduced employee productivity and disruption of business activities
  • 88% of Web security administrators say Web browsing is a serious malware risk to their firm
  • Phishing is the most prevalent Web-borne attack, affecting 55% of companies
  • Companies that deploy a Web security solution are far less likely to be victims of password hacking, SQL injection attacks, social engineering attacks and Web site compromises

Read more about the “2013 Web Security Report” from Webroot.

Phishing Is The Most Prevalent Web-borne Attack
“Phishing represents one of the fastest-growing causes of breaches and data loss as cybercriminals become progressively adept at luring users into divulging sensitive corporate data. As a point in fact, more than half of companies’ surveyed experienced phishing attacks in 2012. Phishing is particularly challenging because cybercriminals launch new sites that masquerade as legitimate sites so quickly and for such a short period of time that most existing Web security fails to detect them.” – Webroot

Security breaches via the Web in 2012:

  • Phishing Attack – 55%
  • Keyloggers or Spyware – 43%
  • Drive-by Download – 42%
  • Web Site Compromised – 42%
  • Hacked Passwords – 32%
  • Social Engineering Attack – 23%
  • SQL Injection Attack – 16%

None of the Above – 21%

How to protect yourself and your company
As an employee, you have a crucial role in the security of your company whether you realize it or not. A company cannot be secure without the help of every single employee. Below are some tips that you can follow in order to avoid Web-borne attacks, such as phishing scams:

  • Only browse websites that are required to fulfill your job duties
  • If something seems “shady” it probably is Do not submit confidential data on insecure HTTP websites
  • Go directly to websites instead of being at the mercy of embedded URLs in emails
  • Only open attachments that you are expecting and from senders that you recognize
  • Pay attention to URLs – if you are unsure about one, be on the safe side and do not visit it
  • Never email confidential information – pass this information on through telephone
  • NEVER enter confidential information on a pop-up screen
  • Pay attention to your web browser warnings
  • Report suspicious activity to the Information Security Officer

Be sure to check out our other blog posts on security. Share your tips for protecting your business with us on Facebook and Twitter.

Industry News Recap: More than 58 million home PCs infected with malware

By | May 3rd, 2013|Uncategorized|

malwareIn the latest Annual State of the Net Consumer Report about 58.2 million American home PCs were affected with at least one malware infection, causing an estimated $4 billion in repair costs.

“Our Annual State of the Net Report revealed that home computers are no safer than they were last year,” said Jeff Fox, technology editor for Consumer Reports.

Consumers had different ways of identifying malware on their PC. In the report, “people whose computers had been infected by malware were asked how they verify such problems. Sixty-two percent relied on antivirus software to notify them, 17 percent felt they were savvy enough to verify it themselves, and 15 percent relied on someone else with computer expertise,” said Dark Reading.

According to Consumer Affairs, even the best anti-virus software can miss malware detections. “If you find that your browser is taking you to a different site than the one you selected from your bookmarks, or a search engine gives you odd, unpredictable results, it’s a sure sign your computer is infected with malware. After all, the main purpose of malware is to give someone else control over your machine,” Consumer Affairs reported. Our development director Joel Lang recently spoke to this topic at the UT Center for Identity ID360 Conference.

In addition to a high number of home PC malware cases, it appears that malware is on the rise for small businesses and mobile devices as well.

What methods do you use to identify malware on your home or business PC? What are some ways you can prevent malware from getting onto your PC on the first place? Take a look at the three types of malware to be aware of and let us know what you think on Twitter and Facebook. Be sure to check out our Tumblr page for the latest industry news stories.

Load More Posts