Corporate cybersecurity policies and procedures must come first.
The news bombards us with the latest cyber-attack stories. Being aware of potential attacks is important, but what can a business owner do? Are you worried that cybersecurity vendors are going to try to exploit these attacks to sell you their products? Are you afraid that IT will ask for more money? Do you just keep doing what you are currently doing and hope a cyberattack never happens to you?
Investing in cybersecurity is important; however, you can’t afford to make a snap security decision based on fear that will do little to no good. Nor can you hope it will never happen to you. Cybersecurity is not all about new technologies. Often a change in policies and business practices can have a greater impact on your bottom line. Before you bring out the checkbook, here are six tips that costs very little, but have high security impact. Read More→
A cyber attack Scrooged Christmas. Treat security as a process – not as a product!
In reading articles about the resent Christmas cyber attacks, the authors’ key take away is that global companies are extremely vulnerable to cyber-attacks and data losses. Guess what, so too are the small and medium size businesses. Every business, healthcare service, government agency and educational institution is vulnerable since they all use many of the same technology components. So who’s to blame
These last few weeks I have been asking the questions: “Who do you think should be held accountable for all the cyber breaches: the Merchants or the Technology companies?” The responses have been most enlightening. Some blame the business owners, others the IT managers, some the technology companies, and some say all the above. Read More→
Accept it; cyber-attacks are happening to your company too.
You may have seen in the news that LivingSocial recently experienced a cyber-attack where 50 million customers’ name, email address and password were exposed. While that news typically makes the headlines, what is not being emphasized is everything that LivingSocial did right to safeguard their customer’s personal data.
Accept it; cyber-attacks are happening to your company too. The hacker’s strategy is to prey on the psychology of employees. Spear phishing, watering hole attacks, social media and poisoned SEO sites s are just some of the weapons of choice. According to Symantec, businesses in 2012 with 2,500 or fewer employees were the targets of 50 percent of the attacks, and those businesses with fewer than 250 employees accounted for 31 percent of the attacks. Here are some other 2012 statistics to confirm the statement that, “there are two types of businesses, those that have been hacked and those that don’t know it yet:” Read More→
An SEO Cyber Mule or SEO Hack is when unauthorized links are embedded into your website without your knowledge for the sole purpose of increasing Google rankings. For Google to increase a site rankings they look for the number of one-way backlinks. That’s why the hackers do it. In most cases these links are to pornographic movies, material and services that have nothing to do with your business. These links are positioned so they don’t actually appear on the webpage, but Google can still see them when they send in the spiders. So why is this problem?
Other than the obvious reason that someone has injected code into your site without your permission, the bigger issue is that if Google discovers these links and deems them inappropriate, your site will be blacklisted. Blacklisting is when Google and other search engines no longer index your site. When someone is searching using your keywords, your site will never come up. Google often never informs web owners that they have been blacklisted, and the effort to get off the list can be very time consuming. Read More→
Cyber Security begins with Network Access Authentication
My first Law of Computers took a step backwards on November 20, 2012 with the announcement of the Pentagon’s new Cyber Warfare Central proposed by DARPA, Code Name “PlanX”. The Pentagon is giving birth to a brand new, baby branch. Besides the Army, Navy, Air Force, Marines and Coast Guard we now have the Geeks. I wonder if their anthem will be the theme from Star Trek and the service men and woman will use the famous “three finger salute” to honor each other.
The DARPA proposal states:
DARPA is soliciting innovative research proposals in the area of understanding, planning, and managing military cyber operations in real-time, large-scale, and dynamic network environments. Plan X will conduct novel research into the nature of cyber warfare and support development of fundamental strategies needed to dominate the cyber battlespace. Proposed research should investigate innovative approaches that enable revolutionary advances in science, devices, or systems. Specifically excluded is research that primarily results in evolutionary improvements to the existing state of practice.
Cyberspace is the new battlefield as I blogged about earlier. Identity theft has migrated into cyber warfare. It’s no longer about governments attacking governments, armies against armies, or radicals against governments. Everyone and everything is a target: civilians, corporations and infrastructure are part of the cyber battlefield. The cyber warriors are found in their home basements, internet cafes, etc..
Network access has to begin before the firewall. Plan X only emphasizes the demand to implement my second Law of Computers – Law #2: Computers must first positively authenticate the user, determine that user’s rights and privileges, and leave an accountability record before executing its programs.
See FoxNews article, Inside ‘Plan X’:’ The Pentigon’s Plan for cyberweapon central for more cyber warfare information