Cyber Archives - BOLLYWOOD SURKHIYAN

Cyber Hackers Can Mess With Google – Are You Afraid For Your Business?

If you have been reading the news lately and picking up on all the commotion around hack attacks on some of the big guns like Google, Yahoo and Adobe you may be experiencing a twinge of anxiety over the security for your own business. You may have believed your network was invincible so this news could leave you feeling shaky. You have good reason to feel this way – according to an article in the Sydney Morning Herald the number of hackers tampering with private financial information belonging to Australian business is on the rise. Obviously using the internet and intranet for business has become a viable solution to accomplishing company objectives, but on the downside the criminal faction sees just as much opportunity.

Australia is a Frequent Target for Cyber Crime

Symantec, a data security firm reported that Australian and New Zealand businesses suffer 75% more security breaches than the global average with 89% of the companies polled in the last 12 months admitting at least one intrusion. Hackers are not necessarily going after the major companies where they can make off with large sums of money. Like any other thief, they go where the risk is low and they can get in and out of a system quickly and without detection. The fact is you don’t have to be at any particular level of business profitability to be targeted. Smaller companies tend to use less comprehensive IT security making them more susceptible. In general, hackers are interested in easy money.

Google and Other Large Corporations are Not Exempt

The threat does not always revolve around banking information or sensitive intellectual property. As Google discovered in December 2009, issues such as human rights are at stake in cyber attacks. The advertising and search giant was appalled that a highly organized effort dubbed “Aurora” was being made to hack into the Gmail accounts of Chinese human right activists. They managed to infiltrate only two accounts and were not able to see the account holders’ actual correspondence. The action put Google in the position where it felt it necessary to warn the Chinese human rights community of the attack and to prepare to withdraw business ties with China. Officials at Google did not directly accuse the Chinese government of being the perpetrators but they decided to review doing business with the country based its attempts to limit free speech on the internet. Google stated concern for the safety of the Chinese citizens and the potential for them to be interrogated and imprisoned.

There were at least 20 other large internet, media, finance and technology companies included in the attack: Yahoo, Adobe, Symantec, Dow Chemical and Northrop Grumman to name a few. It was accomplished through a technique called “spear phishing.” This resembles an attack against 100 IT companies in July 2009 where company employees were targeted with infected email attachments.

Small and Midsize Businesses have Minimal Defense

Most businesses are totally defenseless against these sophisticated attacks. They use instant messages and emails that seem innocent at first because the senders appear to be friends and trusted colleagues. The messages are fine-tuned to evade the anti-virus programs designed for these applications. Evidently the best practices for IT security that have successfully held attackers at bay for many years are no longer sufficient. There is an innovative caliber of attacks circulating around the globe using custom malware written specifically for individual companies. The hackers don’t seem to mind if it takes longer to get around the antivirus software in use by the large corporations. They continue painstakingly to tweak their malware until it is effective. Smaller companies that don’t have the budget for a large scale security have not stood a chance. The hackers have the ability to commandeer only one employee’s laptop and make it a gateway for total administrative access to the company’s entire network.

The security firm, iSec Partners that investigated the attack on Google and ensuing corporations recommend we make fundamental changes to the way we protect our networks. They say we have simply not been prepared for the level of sophistication demonstrated by the new cyber criminals.

Hacker Stories in the Australian News

Internet news sites report the direct effects of cyber hacking on Australia. Today Online posted a news article about a hacker called “Ghostbuster” that has been targeting Melbourne businesses as a response to violence against Indians. The person behind the attacks has been sending threatening emails stating Australian servers will be hacked until racism against Indian nationals is ended. The action came in the wake of the murder of a 21-year-old Punjabi student in January 2010. Several Melbourne businesses were victimized when their entire networks were thrown into chaos.

In the technology section of The Age is a report describing the effects on government websites by hackers associated with the group “Anonymous”, known for its attacks on Scientology. This is the same group that temporarily blasted pornography across Prime Minister Kevin Rudd’s website. On the morning of February 10, 2010 a number of government sites were down. The attack was in opposition to the government’s plans for internet censorship. Communications Minister Stephen Conroy was not happy with the fact that Australian citizens could not obtain needed services online and felt it was irresponsible on the part of the hackers.

In the Sydney Morning Herald one journalist mentions the statistics that there are now more mobile devices in the country than Australians. It is not unusual for an individual to own two or three. The rising use of wireless broadband provides accessibility and convenience for subscribers but it also expands the territory for cyber criminals. Currently there are more barriers to cyber hacking wireless devices than terrestrial networks, such as the cost of making a phone call. However with the advances in mobile device technology to the point where it can replace the need for owning a laptop computer the potential for being targeted by hackers exists. The actual devices may be secure but the Wi-Fi network, often free and faster for users in public places is a temptation for cyber criminals. You may believe you have connected to a site operated by an airport, hotel or coffee shop, but there is no way of knowing for sure who controls the IP address that now has access to everything in your computer or mobile device. It is not that difficult for hackers to present a fake website you feel you can trust that they can use to steal from your network at any time in the future.

Millions of dollars are stolen everyday from individuals and businesses that use the internet. We are warned frequently about viruses, worms and phishing scam but somehow we get caught anyway. The situation is getting worse as hackers become better adept at breaking down the unique systems designed to keep them out. If you are still experiencing discomfort about the vulnerability of your network it will pay off to attend to your gut feeling.

How to Protect Your Business From Cyber Crime

Is your business secure? It may not be. Many unscrupulous individuals are operating online looking for new ways to exploit honest people.

I was recently pulled into a scam enacted by someone yet to be identified via a freelance work website. Because of how personally this affected me and my brand reputation, I’ve decided to write today’s blog post about securing your business online.

My personal experience involved Upwork.com, which is a website boasting about the value of freelance talent.

Well as the old saying goes: there is nothing more expensive than cheap labour.

Someone posing as me purporting to be a writer/editor from NYC took a job writing a book for a client and the results were bad. 3 chapters completely plagiarized bad.

Even worse – the fraudulent work got blamed on me! This person’s profile had my name and my photo and her client found me (the real me) through a Google search that matched my profile photo. You can imagine the shock I felt of being falsely accused of ripping someone off!

After realizing this was a clear case of identity theft, I immediately contacted UpWork to have the fake profile taken down. This person’s client did the same; we hope they were able to get a full refund of the monies spent on the useless book written for them.

Scary stuff. But compared to what others have encountered it’s small potatoes.

While hiring and supporting local talent has always been my thing, if you have to outsource (overseas or via those freelance sites), then a great idea to protect yourself is to insist on seeing a scan of government issued ID. Take your identification proof one step further and insist on a video conference before making any commitment.

Fraud is on the rise

2016 saw a significant increase in fraud over 2015. While the numbers show the amount stolen went slightly down the volume of theft went up. A lot.

While those figures relate more to consumer fraud if you’re the seller, you can be out of pocket money if the claim means sending the now used product back to you.

The point to take home is fraud is up so you need to take action to prevent yourself and your customers from becoming victims.

How to prevent and report cyber crime

According to The National Cyber Security Alliance there are several steps you should take to protect your business and customers:

• Evaluate Risks

Identify what types of fraud or crime you may be most susceptible to. Do you work with medical information? Financial information?

Even if the purpose of your business is simply B2C there are steps to be taken to protect yourself.

Users who purchase through your website are trusting you to keep their financial information safe so take steps to do so such as having SSL installed for any e-commerce or sensitive information and it’s wise not to store it.

• Monitor Threats

This can be as simple as making sure no spam messages are opened or any emails with attachments are scanned with some sort of antivirus software. While the software is not 100% effective it will stop the better circulated scams.

• Report Attacks

If you are the victim of a cyber attack you are going to get frustrated and with good cause.

Currently Canada is really vulnerable when it comes to cyber crime and your best hope is just to call the police. While promises have been made to address this, very little has been done and international criminals are impossible to go after.

If you are a victim of cyber crime contact local law enforcement and cross your fingers. But the bad news is you are likely to get no resolution. This is something to consider if you’ve been hiring anyone overseas.

In the US reporting cyber crime is much easier. You contact the FBI via this website. They have the capacity to address international criminals and recently America has cracked down on international crime operating within its borders.

For those reading from any other country I encourage you to do your own due diligence regarding protocol for reporting cyber crime so you’re prepared should you ever need to be.

• Execute a Security Plan

For this the recommendation is to work with your ISP on a cyber security plan. While your ISP may be worth talking to you should really speak with your website’s hosting company first and foremost.

The security of your customer’s info and your business is delicate so make sure your host knows to have things such as routine backups of all information made and stored on another server.

Most of the majors stay on top of things but it’s always worth calling them for a quick review especially if you have pertinent info for them that may help.

If you have been a victim already let your host know what happened. The information may help others down the road.

• Safeguard Your Clients

The suggestion found in this article of scanning all USB drives routinely is a good one. Sometimes the information can be air tight behind the most advanced firewall but it still gets out.

One of the easiest ways to exploit technology is social engineering. Many times the information isn’t so much stolen as leaked by someone internally.

Have a privacy policy in place and make sure your employees know that any time they connect anything to your computer network it will be scanned.

Make sure all software is updated and that all computers connected to your network are running the most updated version of their operating system.

• Educate Your Team

This is an easy one.

Have protocol in place that ensures your employees follow all steps noted above.

All computers must be scanned when attached to a network and all USB drives as well.

Most people are accustomed to this now so don’t worry about implementing it suddenly.

Stay Safe

By taking measures to protect yourself you’re ahead of the game should something occur. Scrambling after you’ve been a victim only helps the people who have stolen from you by giving them time to disappear.

Online business is only likely to grow even more and along with it fraud. The complexity of the scams will evolve and hopefully so do the solutions. In the interim I hope you enjoyed these tips and that you never become the victim of cyber crime.

5 Significant Cyber Security Risks Businesses Should Ponder

In the recent years, it has been observed that many businesses have been rapidly affected by various types of cyber attacks. Companies continue to be under great pressure and strive to keep their information safe and secure. Some of the common security risks businesses continue to face have been listed below:

1. Human factor and peoples’ reactive mindset: The employees working in the business could form the major base for cyber threats as they are more prone to open phishing emails or download links that could turn out to be malware. Moreover, the top level management or people at the C level will be less prone to become malicious insiders. Due to this a serious concern of privilege abuse by lower level employees is more common as they become malicious insiders and measures need to be taken to overcome this problem.

2. Password protection measures play vital role: Businesses should be extremely aware that they should maintain all important business accounts with a two factor password authentication such that it may not be easily hacked. This password needs to be changed and maintained effectively once in 30 or 45 days to keep it more safe and away from any security attacks.

3. Aging Infrastructure and drastic Patch Management necessary: In addition to the above security risks, hardware can also be a major issue as lifecycle of most of the devices is becoming increasingly shorter these days. Purchase only new hardware that can uphold updates such that aging factor can be taken care off. Recent attacks such as the WannaCry and Petya outbreaks have underlined the importance of regular software updates that needs to be taken up. Even for Eternal Blue, it allowed the malware to spread within corporate networks without any user interaction, making these outbreaks particularly virulent. The above incidents do show the importance of protecting vulnerable systems and patching is a key way to do it.

4. Difficulty with Data Integrations: It is interesting to note that the amount of data that flows through an organization could for reasons overwhelm anyone as it contains very critical information. This could be about employees, partners, stakeholders, service providers etc. But integrating various data sources is crucial to have a clear understanding of various risks involved within or outside the organization.

5. Lack of a Proper security recovery plan: Most businesses are still unaware of the impounding risks with cyber security and lack a proper plan to overcome such situations. They need to draft a plan that contains the actions that could be taken up when there is a cyber attack and thus can quickly and efficiently minimize the risk and save information or other economic losses.

How Can Businesses protect themselves?

Certain solutions like SecOps provide superior customer experience along with a robust cyber security. This security product has capabilities of secure operations while focusing on delivering a seamless customer experience. This specific Security and Experience go together approach finds the right balance between the ease of user experience and effectiveness of security protection. These solutions cover the entire software lifecycle, from secure design to security testing in development and QA, app self-protection and monitoring in product and patching. Security is an enabler of new business opportunities in addition to helping protect your company’s people, data, and systems. Cloud Security is achieved through following certain cloud adoption strategies with specific focus placed on security and privacy to improve all operations and make them secure.