Tag Archive for: crime

Leadership Essential in Cybersecurity Dynamics

Are your C-level leaders sending a clear message about Cyber Security?

Despite the high profile security breaches making news headlines and increased attention around cyber risks, executives in the C-suites are still lacking commonality and communication of a clear goal when it comes to a cybersecurity strategy. These individuals need to work together to manage their organizational risks to help prepare, mitigate, and minimize the damage caused by cyber incidents.

Every organization needs a clear strategy and roadmap with supporting tools that protect critical assets. Read more about this topic and the crucial role the C-suite plays in the dynamics surrounding Cybersecurity.

https://securityintelligence.com/c-suite-dynamics-can-impact-the-organizations-cybersecurity/

Knock Knock. Who’s there? Ivanna. Ivanna who? Ivanna steal your data!

I recently read a story about a vulnerability that was discovered in electronic door looks commonly used in hotels.  The problem centers around a particular popular model of hotel door lock sold to hotels globally. Hackers claim to have discovered that the company left a security port uncovered that allows them to open any of the locks with a universal key of sorts.  The article goes on to say that until this flaw has been fixed it’s more important than ever to make sure to go the extra step of securing your door with the deadbolt and chain.

A lot of people will trust that the basic security of their software/operating system/network (the electronic door lock) is good enough.  They won’t bother adding additional security (the deadbolt/chain) and will end up getting their data hacked in the same way that some hotel guests are going to wake up to find their room cleaned of valuables way better than the maid removes dust and dirt.

Thieves are counting on people to trust standard security and not do their own due diligence to identify vulnerabilities or provide additional security to deal with these deficiencies.  While the average person has no way to determine if the hotel door lock is secure, they can at least provide another layer of security to prevent a breach and loss of property.

Fortunately for you, Pathmaker Group can review your security system and find vulnerabilities and patch them up before data thieves strike.   They can also provide additional layers of identity and access management to secure application access and prevent unauthorized access, even from those already on the inside.  So don’t delay, you never know who’s knocking on the door…

The Importance of Hiring an Experienced, Qualified Security Assessor for Your PCI-Compliance Audit

With the stiff penalties associated with failure to meet standards set by the PCI Security Council, ensuring that your company remains compliant and avoids security breaches requires regular PCI compliance audits. Hiring qualified security assessors can help you avoid a number of potential pitfalls associated with audits. Opting to hire the most experienced candidates offers a number of benefits, including:

  • Getting it Done Right
    In 2004, CardSystems Solutions was hacked, resulting in 263,000 stolen credit cards and roughly 40 million compromised. This breach occurred despite their security auditor giving them a clean audit just three months prior. Hiring experienced PCI compliance auditors to perform your audits lessens the likelihood of potentially costly mistakes.
  • Continued Security
    Experienced PCI compliance auditors not only understand current standards, but they understand the areas in which the current standards fall short. This allows you to proactively anticipate security risks and protect your customers’ data. Understanding the current problems, as well as the next generation of threats, allows you to remain in compliance and prevent costly security breaches. Read more

Different Types of Incidents that Can Result in Compromised Network Security and Information

Network security is an important consideration for any business that is connected to the internet, but especially for businesses entrusted with sensitive customer information. Penetration testing and PCI compliance are important safeguards for protecting customer data, but what are the ways in which customer data might become compromised?

  • Malware
    Malware is one of the most pervasive network security threats these days. Malware is a comprehensive term to describe viruses, worms, Trojan horses, tracking cookies, and many other types of threats that include malicious code or software that aims to breach your confidentiality. They can be detected and removed with most software security suites.
  • Cybercrime
    While malware attempts to breach your security from inside your computer, cyber criminals attempt to breach your security from afar. Hacking and cyber crime causes tens of millions of dollars in losses every year. One way to prevent cybercrime is to have an IT security professional perform penetration testing on your system to find loopholes and close them. Read more

Stuxnet Worm, Research and Recommendations

As you may be aware, a worm (originally appearing in 2009) and named Stuxnet has recently resurfaced as a focused attack at Industrial and Energy control systems, namely but not exclusively targeting those systems built by Siemens, AG. This worm has the capability to take control of and/or alter settings within SCADA systems and PLC/RTU sub-components.

Below are some good articles related to recent research into the worm.

Read more

iTunes Accounts Hacked? or, Something Worse?

So perhaps only a few have heard about the July 4th news story reporting that several iTunes accounts (30 accounts ??) across the globe were compromised by the developer of an application (or several apps).

The story alleges that iTunes was hacked and several user accounts were compromised by an application developer who exploited peoples’ iTunes accounts to purchase his applications, so much so that it elevated him to the top in his applications’ category. Now, i would suggest that more that 30 accounts would have to be involved to elevate an app to the top of its category, but that’s beside the point. It is likely that there are more accounts involved, some go not reported, some completely oblivious to their losses.

Read the story for yourself….

I’m not so convinced that iTunes was hacked by some thief brute forcing username/password combinations to crack 30 accounts out of millions. While it is entirely possible that Apple could be hacked and that data could be stolen in bulk, I think there are some alternative ideas that should be considered. Read more

Why is it even more important to have an IR plan than a DR plan?

Virtually every organization has a DR (disaster recovery) plan in place as they should. However, most organizations don’t have a detailed IR (incident response) plan in place for when their IT systems are impacted by malicious behavior from either external or internal causes.

Why is it potentially more important to have an IR plan in place vs. a DR plan? The answer is simple, statistics. According to several creditable sources, the percentage of companies in the United States who experienced an IT incident in 2009 related to a directed malicious attack from either an external source (malware, etc.) or internal source (privileged user, disgruntled employee) was 49% compared to less than 10% of organizations who actually activated and used their DR plan.

Over the last few years we, at PathMaker Group, have seen the number of incidents, and the impact from those incidents, dramatically increase in number and impact (both downtime and financial). Suprisingly, most organizations still don’t have a defined Incident Response team and procedures to address these issues in a timely fashion to reduce downtime and financial impact. Read more

Kneber botnet – update

Last month, our trusted partner, NetWitness, discovered the Kneber botnet, a dangerous new ZeuS botnet that infected over 75,000 systems in 2,500 organizations around the world. The full story is in the link below.

Kneber Botnet

And, we just received more follow-on information from an RSA report that shows most major U.S. corporations (up to 88 percent of the Fortune 500 companies) are likely affected by botnet activity from computers compromised by the Zeus data-stealing Trojan, according to the study released last Wednesday, 14-April-2010. For more information on this report, please see the link below.

Zeus Data Stealing Trojan

PathMaker Group offers a complete lineup of services and solutions in response to this serious issue. We can assess your network, determine if your systems are infected by Kneber/Zeus, and help you take the appropriate steps to remove it and prevent it from coming back. Call us immediately if you feel like your business is experiencing malware or worm attacks.

Review Us at favecentral.com