The organizations continue to reap the benefits of internet but at the same time remain vulnerable. Every day we hear incidents related to security breaches, financial loss and tarnished corporate reputation through sophisticated malwares, highly organized spear phishing attacks and insider threats. “According to AV-Test Institute 390,000 new malicious programs are registered with them every day”. This goes on to show that the malwares are increasing at a rapid pace, beating the advancements in technology that are meant to stop them.
If we look back a decade and a half, the only few known security technologies to an organization were either an antivirus or a firewall. The journey started, then came, endpoint protection, email gateways, web gateways, identity & access, data loss prevention, encryption, SIEM & sandboxing and so many more. Half of these technologies have seen a re-launch with some added features and a word “Next Generation” to it and we still remain vulnerable.
Continue reading Threat Protection Begins with Human Driven Firewall
Times are gone when a simple Antivirus & firewall combination would be enough to safeguard an organization from virus attacks. The journey from Antivirus to End Point security is quite an interesting one. On the way we found evolution of complex technologies such as IPS, Email Gateways, Web Gateways, Security Information & Event Management, DLP, Identity & Access and God knows how many other technologies. All of them had a same objective to keep the organization secure from the cyber-attacks. While technologists were occupied in developing the latest technology controls, hackers were busy targeting the most vulnerable assets in the organization i.e. Humans.
The easiest technique of targeting humans to steal confidential information is Phishing, which refers to a hacker’s attempt to get personal financial details from employees who are regular internet surfers. Vishing is another form of cyber-attack much like phishing; it is orchestrated through cell phone text messages. Employees are sent text messages supposedly from their employers requesting for personal information. The most recent form of employee attack is whaling; whaling is a form of phishing that is targeted at top executives and people of high net worth. These individuals are tricked into divulging sensitive information through real looking fake emails that are supposedly from people or organizations of importance.
Continue reading Phishing Scams and Security Behavior Management
I hope you are not a member of AshleyMadison.com. If you are, your only lifeline is to disconnect your wife from the internet. If this is not possible, you can keep cursing the hackers of the website. The central hub for online promiscuity was recently hacked by a group of hackers called the Impact Team. The team of hackers, of course, must have left a great impact on the company, when it gave the threat to expose the identities of their users that include popular people, politicians and high profile public figures.
The Impact Team wrote:
“Too bad for ALM, you promised secrecy but didn’t deliver. We’ve got the complete set of profiles in our DB dumps, and we’ll release them soon if Ashley Madison stays online. And with over 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people.”
With analysis of the attack still ongoing, The Impact Team would have been able to gain access to so much of the company’s data bank through negligence of some of the company’s employees.
Such examples are not restricted to online dating websites, a technology giant like Sony has been one of the biggest targets in the preceding year. It could be very easy to assume that Sony would have had one of the very best security setups due to the kind of business they do, which is all about information. The company was about to release a film titled The Interview which focused on North Korea, and was disgraced by hackers. The company has been facing charges for negligence, and interestingly enough, the company was sued by its former employees. They were in the very best position to know what happened. As a result the critical information was released, causing millions in damages. Still think technology can protect you from being hacked?
Continue reading Still think technology can protect you from being hacked? Think again