iBankCoin
Home / Tag Archives: Cybersecurity

Tag Archives: Cybersecurity

Why Companies Should Spend More on Cyber Security

As companies continue to adapt their business models to integrate the best business practices alongside developing technology, CEO’s and CFO’s must take into consideration the issue of cyber security, and develop a strategy to keep their business protected online as well as off. As top businesses become more and more reliant on digital goods and services, the number of cyber attacks will continue to increase in attempts to steal or damage these assets.

A Cisco survey recently indicated that nearly 87 percent of top executives expected their company’s cyber security spending to increase at least “significantly” over the next 12 months.  So what are they spending so much money to protect? In addition to prevents losses due to cyber threat, cyber defense strategies are now also seen as a way to equip companies with a shield against attacks that target knowledge and innovation, two key drivers of company growth.

This trend emphasizes the need for businesses to develop a security strategy that can withstand the attacks from cyber spies, corporate espionage and hackers looking to bring down networking systems. The company that fails to protect itself can experience catastrophic damage in a very short period of time.

With this as a background, consider the additional following reasons as to why companies are justified in allocating more funds to cyber security.

When a cyber attacks happens, it affects more than just a single business

One of the biggest threats of a cyber attack on a business is not simply the unintended exposure of the company, but also the risk that valuable client information can be stolen, breaching personal and corporate security measures.

Earlier in 2017, Verizon learned this lesson first hand after millions of customer records were exposed following a security lapse. This particular incident occurred due to an unprotected server comprised by an employee of a third-party contractor.

In addition to beefing up its security options and a thorough review of partner-contract relations, Verizon must also gain back the trust of its customers.

 

In B2B operations, cyber attacks become increasingly more dangerous when commercial security requires network monitoring of multiple networks. Businesses must ensure that each corporation engagement occurs through a safe and secured connection that will not lead to a system’s compromise.

The financial implications of a large-scale cyber attack can be staggering

Businesses depend on steady and predictable revenue streams and a disruption of this process for even a single day can be a major disruption for large corporations. While a direct attack on company financial information, may appear to be the most threatening form of attack, any assault that prevents a business from operating normally can make a huge dent in a company’s profitability, adding an unwanted force into a market equation. As the global market place continues to grow, companies must understand that these factors are important to consider in developing a strong digital defense strategy.

After Target’s high-profile cyber security breach back in 2013, the company was left trying to mitigate a massive $162 million hole in their budget after the loss of shopper credit cards and lost sales. Other high-profile losses include Sony-PlayStation ($171 million), TJ Maxx ($162 million) and Sony Pictures ($100 million).

A strong, secure network can quickly become a competitive advantage for a company

By investing more budget and jobs into defending network security, companies minimize a weakness while also enlarging a potential strength. Nothing will strengthen investor’s confidence more than knowing that company innovations and digital assets are safely stored and protected from any number of attacks. Companies that develop commercial security excellence are free to continue the process of digital transformation uninhibited by outside threats.

With data-driven business models changing the nature of competition, companies must remain innovative in how they choose to build and secure network systems if they are going to have the speed and capacity to compete in digital markets.

On example of this is the mobile market, which has grown by the billions over just a few short years requiring companies everywhere to scale up in technology in order to remain connected to consumers. As companies continue to the push to digitize all that can be digitized, growing the bottom line of a business depends on a company’s ability to securely innovate, react, and respond appropriately to developments in technology.

Comments »

What You Need to Know About Crimeware-as-a-Service

More and more companies are making the change to cloud services for their business. While there are many advantages to the cloud, these services can also lead to vulnerability and security threats. Many cloud services include security systems such as a network TAP and integrated security, however, there are still new ways to get around these security programs. Today’s successful malware writers across the globe are highly motivated by money and are able to adjust their technical capabilities to evade the latest security technology and current industry best practices.

In order to protect your business and assets from cyber security threats, it’s important that you are familiar with the possible risks. Some important things to know about Crimeware-as-a-Service programs include the evolution of cybercrime, current hacking methods, and industry best practices.

 

Evolution of Cybercrime

Starting with hackers who wrote custom code to exploit vulnerabilities, then shifting to making these codes accessible to script kiddies, to currently providing full on Crimeware-as-a-Service programs, the cybercriminal world has greatly expanded and increased its efforts over time. The evolution of cybercrime follows a similar pattern to those that have been previously seen in business model evolution. This adjustment of technology stacks and revenue models as a service by cyber criminals shouldn’t come across as a surprise Crimeware, stolen data, and other salable items on the Dark Web are increasingly being sold as a service. These cyber criminals offer their crimeware services to clients in the same way that the average software vendor does. Cyber hacking has reached a point where the typical exploit kit is completely offered on a regular basis. The subscription prices for these kits follow a number of trends including one to the cyber black market: takedowns and mysterious disappearances of criminal competition.

Just as legitimate service provides a la carte selections and add-ons to a buyer’s needs, it is the same with crimeware services. Researchers have detailed a modular botnet service that offers up several different options. These services are fronted with highly professional and user-friendly management panels. Higher modular malware covers everything from browser password stealing and keylogging to a variety of Distributed Denial of Service attack techniques through crypto currence wallet stealing.

Cybercrime takes advantage of trends, knowing that one in three people will open their email. Crimeware-as-a-Service now makes this accessible to anyone who wants to hack someone or something else. Spear-phishng with weaponized documents and other techniques are already the popular tactic used by most cyber attackers because of the high success rate. While previously, one only needed nominal hacker skills to launch such an attack, the recent discovery of Crimeware-as-a-Service is making cyber crime accessible and easy for anyone with a Bitcoin wallet.

 

Current Methods

The current weapon of choice in cybercrime today is spear-phishing with Microsoft Office document attachments. Weaponized documents arrive via email as a benign attachment, such as a Word document or an Excel project. The attack runs across embedded in these programs and to drops a keylogger. When the target or person opens the attachment it tends to present itself as a normal-looking document on their screen but simultaneously works to compromise their machine with a virus.

Weaponized document attachments present severe problems for most companies and businesses. The reason is quite simple: people in an organization are more likely to open an attachment regardless of how much security training an organization does, hence why this form of cyber hacking is easiest and most successful. Most of these attacks ask users to enable macros, which is automatically done once they’ve committed to opening the document. This just means that vulnerability isn’t needed, only a macro code. As a consequence, these documents do not auto-detonate in company security programs, such as network sandboxes, as many programs check for presence of other documents to ensure it is a user machine.

 

Industry Best Practices

Several organizations have been struggling with these weaponized document spear-phishing attacks and other cyber hacking methods, however, these breaches can be prevented. Security teams should follow industry best practices, including the use of a multi factor authentication program, continuous collection of system logs, and not reusing passwords. In addition to these few examples, there are many ways to prevent a cyber security breach, and business owners and decision makers should make it an effort to familiarize themselves with these methods.

Organizations and companies who haven’t focused as much as they should on this threat, need to begin doing so as soon as possible. Isolation automatically identifies any links or attachments delivered via email so the attacker never has to be able to do any real damage themselves. Endpoint protection techniques, such as behavioral monitoring and isolation, can help in stopping weaponized documents from malware , machine learning, isolation, and whatever other techniques hackers use.

 

Comments »

Top Cybersecurity Threats to Hospitals

Hospitals have traditionally safeguarded digital information so that patients, vendors, and shareholders will have the peace of mind that they deserve. Unfortunately, in today’s world, there are a lot of cybersecurity challenges facing IT administrators. In order for hospitals to stay ahead of the threats, many of their business administrators have turned to IT staff that can think outside of the box when it comes to threats facing their facility. Here are some of the top cybersecurity threats facing hospitals today:

 

Patient Records Theft:

Around 10 percent of the people that live in large metropolitan areas have HIV. In the past, health authorities and others shared their personal information so that they could track the threat of HIV spreading. The problem for hospitals has been that hacker consultants trying to create their own databases that track HIV positive people cultivated people that work at hospitals in order to try and steal patient information. The net result for someone who did get their information stolen was trouble at work because their employers didn’t want to share a group health plan with someone who would have outrageous medical costs.

California finally passed a law that levies steep fines on hospital systems that have a data breach due to internal staffers getting involved in looking at patient data when they are not their personal care team. Of course, although that curbed theft in California, the hackers moved their confidence game to Arizona, Oregon, and Washington to take advantage of hospital systems that were multi-state and could potentially access California data from outside California. For administrators, the best defense has been creating sophisticated permissions in their databases that only allow the people that should have access to view records.

 

Accounting Woes

Another problem that hospitals can face is a cyber attack on their accounting systems. Over the past two decades, many hospitals have developed internal database systems that integrate accounting with the daily activities that go on so that the costs flow directly to the financial people handling the books. The problem with that is that if you have a hospital with 300 computers, you end up with 300 access points for a hacker to try and use. The current trend, therefore, is to utilize virtual bookkeeping services. Online accounting systems that are provided as a service by a vendor are much safer because they are hosted in a world-class security data center. Only the accounting people from your hospital system are able to access records. There is also a large cost savings because your IT department no longer has to design internal security for your financial records.

 

Wireless Thieves

Several years ago, a Hewlett-Packard facility banned the use of wireless devices in their building. Part of the reason was that from outside their building and on other people’s property, they were getting hit by up to 100 local hacking attempts at any given time. For hospitals, the idea that there are that many hackers interested in gaining access should give them pause. It does no good to have all of your drug infusers networked wirelessly to a console in the pharmacy if your pharmacy application is vulnerable to attack from outside. The most common answer is to have your IT administrators work carefully with your vendors to ensure that your software access points are bulletproof.

And even if your software is secure, make sure you design your wireless system well. A few years ago at the Black Hat hackers conference, several of the world’s top hackers were hacked by wireless systems hackers that were never caught. Along those lines, there is also an application that has been sold that pulls all 7 layers of the physical network and un-encrypts the data by getting access through a different layer. When used wirelessly, it can wreak havoc.

There are many cybersecurity challenges facing hospitals today. By leveraging online software as a service through secure data centers and tightening access with sophisticated permissions and solid planning, IT administrators can stay ahead of hackers seeking to steal data from their hospital.

Comments »