News Recap: The White House’s Cybersecurity Secrets

By | May 2nd, 2014|Uncategorized|

White HouseThis week, the White House joined the conversation about the current state of cybersecurity when it shared its policies on alerting the public to threats and vulnerabilities.

According to David Sanger of The New York Times the discussion started when Michael Daniel, White House cybersecurity coordinator, published a post to the White House blog discussing the process for making cybersecurity flaws public knowledge. Sanger writes, “The Heartbleed incident had cast a light on a balancing test the White House has until now declined to discuss in any detail: When should the government reveal flaws that it discovers.”

The Verge’s Jacob Kastrenakes sheds light on the purpose of withholding the news from the public with this quote from Daniel: “Disclosing a vulnerability can mean that we forego an opportunity to collect crucial intelligence that could thwart a terrorist attack, stop the theft of our nation’s intellectual property, or even discover more dangerous vulnerabilities that are being used by hackers or other adversaries to exploit our networks.”

Dara Kerr of CNET comments on the government policy saying, “Several government agencies have put together a set of principles they use when deciding whether to disclose vulnerabilities. If the government does decide to keep a security flaw secret, it goes through a series of questions about why it made that decision, including the possible risk, exploitability, and reach of the bug.”

Jon Fingas of Engadget lends perspective to any critics of the NSA’s policies with an additional comment from the White House on the matter; “The White House… has a vested interest in speaking up when possible; it suffers like everyone else if critical infrastructure goes down, after all. It’s at least clear from the statements that the government doesn’t make its choices lightly.”

Is the government doing the right thing by keeping cybersecurity flaws a secret? Tell us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

News Recap: Interactive Cyberthreat Map by the Kaspersky Lab

By | April 11th, 2014|Uncategorized|

MapWhile many dedicate their careers to spreading the word about cyber security, this week’s news about the Heartbleed vulnerability has put cyber security in the spotlight, giving the world a new found perspective on just how susceptible the Internet can be.

Farhad Manjoo of The New York Times said “the bug known as Heartbleed… is a stark reminder that the Internet is still in its youth, and vulnerable to all sorts of unseen dangers, including simple human error.” He compares the technology industry with other industries that saw rapid growth, but remarks that the tech industry is ultimately unique and will require additional efforts beyond regulation and industry-wide cooperation. Computer security expert at Princeton University Edward Felten believes that “Heartbleed is further evidence that we don’t have our house in order when it comes to Internet security.”

Help Net Security further discussed the global threat by sharing an interactive map released by the Kaspersky Lab. The interactive cyberthreat map visualizes cyber security incidents occurring worldwide in real time. Help Net Security showed how the map detects and monitors a variety of malicious objects across the web, and comments, “In today’s world of cyberthreats, it only takes a few minutes to spread new malicious applications or spam.”

CNET’s Leslie Katz explained how the interactive map works:

“You spin the 3D globe using a mouse and zoom in or out with a scroll wheel. Click on a country, and you’ll see the number and type of threats detected there since 12 a.m. GMT and the position that nation holds on the world’s “most-infected” list… Different types of threats tracked by the Kaspersky Antivirus and Internet Security Multi Device software shoot around the map like colored lasers. Viruses found in email appear as orange, for example, and yellow represents malicious executable files.”

Does this interactive map help consumers visualize how fast threats move across the globe? How can businesses use this interactive map for security purposes? Tell us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

News Recap: Identity Obese – What it Means

By | March 28th, 2014|Uncategorized|

Identity ObeseIt is common practice in today’s digital age to save personal information to online retail, banking and social accounts. However, storing information online makes you a target to identity thieves interested in collecting and selling personal information on the black market. There’s a new term for users who have too much information stored online: “identity obese.”

Henry Bagdasarian, Author of Identity Diet, defines identity obesity by comparing a consumers food consumption habits and the relationship to weight obesity.

“As eating more of the wrong things can quickly lead to health and weight problems, managing too many personal information components the wrong way can also quickly lead to identity theft,” Bagdasarian reported. “As I continue my research about the causes of identity theft and related risks or solutions, I am convinced that both consumers and companies unnecessarily accumulate and share personal information at an alarming rate without the understanding of the risks and/or willingness to adjust their identity management practices.”

Bagdasarian makes it clear that companies can also fall victim to identity obesity, but at a much greater cost. He makes the clear distinction that identity obesity of a consumer simply puts the consumer at risk. However, when a company unnecessarily collects and shares the information of its customers, it has the ability to put their entire customer base at risk for identity theft. During our 2013 Risk Mitigation for Small Business webinar, SMB CEO Chuck Gordon of SpareFoot encouraged SMBs to avoid collecting unnecessary personal information from customers, and executive director of the National Cyber Security Alliance Michael Kaiser agreed with a motto CSID has now adopted: “if you collect it, you’ve got to protect it.”

The Identity Management Institute recently shared a video about the effects of identity obesity and what this issue can look like based on the simple actions you take each day.

Are you identity obese? What are the best ways to avoid becoming identity obese? How can you identify an obese company? Tell us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

News Recap: Realities of Cyber Threats Continue to Concern Financial Sector

By | March 14th, 2014|Uncategorized|

blog_031314As companies and organizations continue to fall prey to cyber attacks, the financial sector is on high alert and hoping for changes that might alleviate their worst fears.

John McCrank of the Chicago Tribune reported on how the current state of cyber security is impacting the world’s exchanges. McCrank quotes Magnus Bocker, chief executive of Singapore Exchange Ltd, saying, “We are worried a lot and we are far more worried now than we were just a couple of years ago. Spending on cyber security is on the rise, but exchanges need to do a better job of sharing information with each other on effective ways of combating cyber criminals.” Meanwhile Jeffrey Sprecher, head of New York Stock Exchange comments, “The scary thing for us is not what we control, because we all are focused on it… The reality is we all have common customers that are connected to us, that are connected to each other.”

Vipal Monga of the Wall Street Journal shares the concerns of financial consultants, quoting principal of Rudolph Financial Consulting, Max Rudolph: “Risk managers have become more aware of general vulnerabilities in their computer networks and will likely continue emphasizing the risk to their corporate boards and management.” Monga writes, “Almost half of risk managers saw cyber security as an emerging risk in 2013, up from 40% in 2012, according to a survey released Thursday by the Society of Actuaries.” Monga concludes by mentioning the surprising fact that, for risk managers, the greatest concern in the cyber security conversation is the potential for regulatory changes to negatively impact the nation’s financial growth, as many believe the worst of our financial crisis is in the past.

What sort of defenses should the financial sector be promoting to protect the exchanges from cyber threats? Are there any regulatory measures that should be enacted in order to provide added security? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

News Recap: Social Engineering Threats to Businesses

By | February 27th, 2014|Uncategorized|

SMB postA few weeks ago, we shared the story of @N_is_stolen; where Naoki Hiroshima’s online accounts were attacked and held at ransom, in order to have access to his Hiroshima’s coveted “$50,000” Twitter handle. A recent update in his story arose: Twitter was able resolve the incident by restoring Naoki with his @N handle. Megan Guess of Ars Technica quotes a tweet from Hiroshima on Tuesday that said, “Order has been restored.” While this is good news for Hiroshima, other stories like his are continuing to spread across headlines.

Paul Mah of Fierce CIO Tech Watch shared the story of Josh Bryant, the founder of a start-up business who nearly lost his entire company to a social engineering attack. Mah writes, “The target of this hacker was Josh Bryant’s Twitter username of @jb and its popularity due to it representing the initials of superstar Justin Bieber. In his case, the attacker targeted various online services that Bryant used with social engineering tactics to gather more fragments of information along the way.” Bryant states that his attackers hoped to gain access to his personal information through his accounts with Apple and Amazon. Mah comments, “It is worth noting that disaster was prevented only because Bryant was online at the time of the attempted hijack, and followed on the heels of the various password reset notifications in an active bid to stymie the attacker.”

Fahmida Y. Rashid reported on last week’s Kaspersky Lab Security Analyst Summit, where senior security researcher David Jacoby shared his experience with a different approach to social engineering. Rashid writes, “Jacoby was invited by a company come in and tests its defenses. As it turned out, he didn’t need any fancy hacks or zero-days to get through. It was all social engineering.” Rashid continues by explaining Jacoby’s step-by-step process to infiltrating and gathering information from this company. In closing, Jacoby believes that as a business “It’s really hard to defend against social engineering because it’s human nature to want to be nice and helpful. We want to give people the benefit of doubt and not assume everyone is out to cause harm, but it’s exactly this human emotion that makes us fail at security.”

What procedures and policies should businesses incorporate in order to protect the company and its employees from falling prey to social engineering attacks? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

News Recap: Adding Social Verification to the Multifactor Authentication Mix

By | February 24th, 2014|Uncategorized|

Social VerificationMultifactor authentication is nothing new. In fact, “secret questions” to reset passwords or verify your identity have been around for a long time. However, social networking has made it easier than ever for cyber criminals to find personal information often used to answer “secret questions,” such as a mother’s maiden name, a favorite pet or a school mascot. Using social engineering tactics, cyber criminals can access personal data of even the most private person. Social verification is a new tactic that businesses are starting to use that makes it more difficult for cyber criminals to false authenticate a login.

Mashable’s Rebecca Hiscott reports that “Facebook is already employing a form of this social verification: When you log in to the platform from an unknown computer, the site will ask you to identify the names and faces of several of your friends. That kind of data is much more secure than your mother’s maiden name; it would be difficult for a hacker half a world away to determine this information in the space of a few minutes.”

There are other forms of multifactor authentication that are coming to market. Biometrics is one example and uses something a person is such as voice or a fingerprint as a second form of authentication. CSID provides VoiceVerified, a patent-protected voice biometrics technology to authenticate individuals. Geo-fencing is another. Hiscott mentions LaunchKey, an authentication software with authentication factors including “the ability to pair devices together — for example, making it impossible to log in to your work computer without also having your mobile phone nearby — and geo-fencing, which entails setting a geographical radius for logins. None of these relies on personal data beyond an individual’s location.”

Many businesses are getting on board with multifactor authentication, making it more widely accepted and adopted. Microsoft Office recently rolled out multifactor authentication to Office 365 business users, PC World John Ribeiro reported. The future of biometrics includes incorporating these “invisible” identifiers, like geolocation awareness or even the cadence with which you type. The more hassle-free it is for consumers to use and the harder it is for cyber criminals to guess or fake, the more widely adopted multifactor authentication will become, therefore making our digital world a safer place.

What do you think about multifactor authentication? Does your business employ two-factor authentication? On personal accounts, have you opted into multifactor authentication? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.


News Recap: PayPal Hack Reminds Us To Travel Securely

By | February 14th, 2014|Uncategorized|

PassportThis week, PayPal CEO David Marcus had his credit information swiped while traveling abroad in the UK. Marcus tweeted, “My card (with EMV chip) got skimmed while in the UK. Ton of fraudulent txns. Wouldn’t have happened if merchant accepted PayPal…” Ashley Feinberg of Gizmodo reported, “When you own a company specializing in online payments, the constant threat of hackers and phishing schemes is an inescapable part of the job description.”

While this may be true, identity theft can happen to anyone – especially while traveling. Check out our past blog post for a few of our top tips to help you travel secure.

Update everything before traveling
Make sure all of your devices are up to date on the latest software prior to going on your trip, as updating while traveling (on hotel or public Wi-Fi for instance) can increase your chances of downloading malware.

Enroll in ID & Data Breach Protection Plans
Enroll yourself in an identity protection program to ensure that you’re covered in the case that your identity is stolen while traveling. Also, encourage your company to invest in data breach and fraud detection solutions to provide an extra layer of protection for important data, traveling or not.

Don’t use public Wi-Fi at the airport
Never connect to an unsecured Wi-Fi network on your laptop or mobile device. Connecting to “Free Public Wi-Fi” at the airport or other public place enables cyber criminals to capture your Internet history tracking data, aka “cookies,” and access your email and social networking accounts. Use a VPN (virtual private network) and/or stay on your 3G or 4G connection to remain secure.

Keep your mobile device locked
Password-protect your phone in case it is lost or stolen. This can prevent, or at least delay, identity thieves from accessing sensitive apps and data. For extra protection, you can download the “Find My Phone” app for iOS or “Where’s My Droid” app for Android that enables you to remotely wipe your SD card and phone data.

Check your bank account activity intermittently
Make sure there’s no fraudulent activity occurring during your trip – and after. Keep an eye on your bank account for several weeks after returning from a trip; identity thieves are patient and will likely use your information after you return home.

Have you experienced identity theft while traveling? What tips would you suggest to keep yourself or others secure? Have you heard any updates on Marcus’ news? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

News Recap: Cyber Attacks through Social Engineering

By | February 7th, 2014|Uncategorized|

social engineeringIn today’s digital age, nearly everything we do online requires an account composed of a username, password and other important personal data – including answers to private questions for password reset options – unique to each individual. It’s these pieces of information that are the foundation for a person’s “digital life,” or what you could call your digital DNA. Building a digital life through online accounts typically makes things easier and provides such benefits as increased efficiency, ease of use and personalization. Despite the many conveniences, your digital life could be in great danger without proper security precautions. One of the latest trends of online attackers is social engineering, which is the practice of manipulating users into performing certain action that will provide the attacker privileged information.

Karissa Bell of Mashable shared the story of Naoki Hiroshima – a man with a coveted digital presence. According to Bell, “Naoki Hiroshima claims to have tweeted using the @N handle since signing up for Twitter in 2007. In that time, he said, he has fended off multiple attempts by attackers to take control of the coveted one-character account. He claims he was once even offered $50,000 in exchange for the handle.” Bell goes on to tell the story of how Hiroshima experienced several breaches of online accounts including PayPal, GoDaddy and Facebook that eventually ended in the hacker blackmailing Naoki into handing over control of his @N Twitter handle.

In his own words, Hiroshima wrote, “As of today, I no longer control @N. I was extorted into giving it up.” Continuing his story, Hiroshima describes with great detail the great lengths his attackers went to in order to secure his information, including holding his GoDaddy domain names and other information hostage until the handle was released. Knowing the severity of his attackers to his digital livelihood, Hiroshima saw no other option than to relinquish the desired Twitter handle.

What can you do in order to protect your digital presence from attacks like this? How can you work with third party sites to better protect your information? What tools can be used to better monitor your digital presence? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

News Recap: Feb. 1 is National Change Your Password Day

By | January 31st, 2014|Uncategorized|

PWWith the recent release of 2013’s worst passwords, there has been a good deal of discussion about the importance of good password habits. And what better time for this discussion than now, considering National Change Your Password Day is this Saturday, February 1st.

SpiceWorks’ Peter Tsai discusses password protection, the dangers that poor password security presents from an IT perspective, and what to do on the upcoming National Change your Password Day. Ultimately, Tsai encourages readers to take advantage of the holiday with following tips:

  1. Enforce a strong password policy
  2. Don’t store your passwords out in the open!
  3. Implement 2 factor authentication in your IT environment
  4. Enable 2 factor authentication on your personal accounts
  5. Consider using password management software
  6. Password protect and secure your mobile devices
  7. Consider a MDM solution for BYOD devices that have access to your network

We found in a survey last year that poor password habits are rampant: 44 percent of consumers change their passwords only once a year or less, and 61 percent of people reuse passwords across multiple websites. So in addition to Tsai’s tips, we also encourage you to take a few minutes on Change Your Password Day to make sure your own passwords – personal and professional – are long and strong, and vary across websites! For more about how to spruce up your passwords and the importance of password security, see our white paper and infographic on the topic.

How are you going to participate in National Change Your Password Day? What are your go-to tips for maintaining secure password habits, personally or in the workplace? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

News Recap: The Results Are In For 2013’s 25 Worst Passwords

By | January 24th, 2014|Uncategorized|

passwordsEvery year security firm Splashdata pulls the most common stolen passwords to create a list of the year’s worst passwords. The consensus is in for 2013, and “123456” has moved up a spot to be the most commonly used and guessed password of the year. Here’s a look at the worst passwords of 2012 for comparison.

Many of the passwords on this list can be easily guessed or cracked, putting users at risk of having their financial information or identity stolen. In fact, PC World reporter Jared Newman said that “weaker passwords are more susceptible to brute-force attacks, where hackers attempt to access accounts through rapid guessing. And when encrypted passwords are stolen, weaker ones are the first to fall to increasingly sophisticated cracking software.”

In addition to the typical “123456” and “password” passwords, there were a few on the list that were likely from recent breaches. Morgan Slain, CEO of SplashData, said in Time: “Seeing passwords like ‘adobe123’ and ‘photoshop’ on this list offers a good reminder not to base your password on the name of the website or application you are accessing.”

Here’s a look at SplashData’s top 25 worst passwords for 2013:

1. 123456

2. password

3. 12345678

4. qwerty

5. abc123

6. 123456789

7. 111111

8. 1234567

9. iloveyou

10. adobe123

11. 123123

12. admin

13. 1234567890

14. letmein

15. photoshop

16. 1234

17. monkey

18. shadow

19. sunshine

20. 12345

21. password1

22. princess

23. azerty

24. trustno1

25. 000000

Find out how to create more secure password habits from our on-demand webinar and check out consumer password habits in this infographic. Let us know what you think about this list on Twitter and Facebook, be sure to check out our Tumblr for the latest industry news stories, and please change your password if you’re using any of the above!

Load More Posts