Reset Password



New user? Register here

Law enforcement Technology,Law enforcement Agency,Policing Technology,Smart Policing India,Homeland Security India,Border Security India,Border Management India,Cyber Crime news,Cyber Security news,Safety App,Public Safety App,Security App,Women Safety App,Police Initiative,Surveillance news,National Security news,isc event 2016,isc event 2017,scada event 2016,scada event 2017,Critical infrastructure security event 2016,Critical infrastructure security event 2017,iot summit 2016,iot summit 2017,Internet of things seminar 2016,Internet of things seminar 2017,iot seminar delhi 2016,iot seminar delhi 2017,iot conference delhi 2016,iot conference delhi 2017,top security event,security event,security event 2016,security event 2017,security conference 2016,security conference 2017,cso summit 2016,cso summit 2017,Corporate security event,Corporate security conference,security research india,homeland security research india,security think tank india

Law enforcement Technology,Law enforcement Agency,Policing Technology,Smart Policing India,Homeland Security India,Border Security India,Border Management India,Cyber Crime news,Cyber Security news,Safety App,Public Safety App,Security App,Women Safety App,Police Initiative,Surveillance news,National Security news,isc event 2016,isc event 2017,scada event 2016,scada event 2017,Critical infrastructure security event 2016,Critical infrastructure security event 2017,iot summit 2016,iot summit 2017,Internet of things seminar 2016,Internet of things seminar 2017,iot seminar delhi 2016,iot seminar delhi 2017,iot conference delhi 2016,iot conference delhi 2017,top security event,security event,security event 2016,security event 2017,security conference 2016,security conference 2017,cso summit 2016,cso summit 2017,Corporate security event,Corporate security conference,security research india,homeland security research india,security think tank india

news

50 per cent victims of cybercrime struggle to recover their money: Kaspersky Labs

PUNE: New research from cyber security firm Kaspersky Labs reveals that over half the victims of financial cyber crime struggle to recover the lost money.

The study showed that 52 per cent of internet users who have lost their money to cyber criminals have got only some, or none, of their stolen funds back.

On average, Internet users lose $476 per attack and one-in-ten people surveyed said they lost more than $5,000.

With the variety and sophistication of online financial threats against consumers growing, losses from online fraud, identity theft and hacking are now running at billions a year.

Further, with many cases going unreported, the actual economic cost is likely to be significantly higher.

“Cyber criminals are continually looking for new ways to exploit and defraud consumers and that’s why it’s important for Internet users to be on their guard at all times,” said Vyacheslav Zakorzhevsky, Head of the Anti-Malware Research Team at Kaspersky Lab.

“Cybercriminals can conduct financial crimes via malware, phishing and more. Don’t assume you will always get all your money back if you become a target and funds are stolen from you. The best way to safeguard your finances online is to make sure you don’t become a victim, and for that we recommend specialist software that protects your identity and keeps sensitive data out of the hands of the cybercriminals.”

A large majority (81 per cent) of Internet users say they conduct financial operations online and just under half (44 per cent) store financial data on their connected devices.

As more users go online to manage their finances, more cyber criminals are looking for opportunities to cash in, making it important for users to have robust Internet security in place to protect themselves and their money. However, only 60 per cent of Internet users protect all their devices.

Attitudes to online safety could be influenced by users mistakenly thinking lost money will be automatically refunded to them.

Almost half (45 per cent) say that they assume they will be reimbursed by banks for financial cybercrime without any problems, but as the survey shows, over half (52 per cent) of people affected haven’t had all their stolen money returned.
news

Are we prepared for likely cyber attacks?

The Government has been focused on economic growth, as reflected in the various initiatives it has announced. The demonetisation move led to a massive reduction in the availability of physical currency. This shortage of cash forced people to migrate to online transactions even for their smallest needs or purchases.

However, this sudden uptake of online transactions has exposed the existing security gaps in the system which make organisations as well as customers vulnerable to cyber attacks at this critical time.

Highly exploitable
The existing security gaps are ready ground for cyber-criminals to exploit. There are various ways of doing this — by introducing a malicious bug into the system that can skim through privileged information, by introducing rogue applications to lure customers into downloading them, by intensifying hacking attempts and phishing attacks, and so on.

Given the masses who are innocent of the world of technology, it is a field day for cyber criminals. In short, an attack seems imminent. In the absence of a proper understanding of the security infrastructure and the right policies and assets to protect businesses, organisations are at a risk. India’s premier security agency, CERT, has already cautioned bankers and customers to adopt high-end security encryption.

Consider this: According to research on strategic national measures to combat cybercrime, mobile frauds are expected to grow by to about 65 per cent in India by 2017; about 46 per cent complaints of online banking are related to credit or debit card fraud. It should be a matter of grave concern not just for the Government but also for banks and end consumers.

Often, security is seen as just another layer to transact hassle-free but it is imperative that security becomes embedded by design rather than as a bolted add-on for payment gateways. The data security infrastructure along with customer-redress mechanisms will have to be well thought of and the purview of IT laws for cybercrimes will have to be expanded to include mobile-wallet payment systems. E-wallet firms will need to invest in the latest technologies to safeguard their gateways against cyber attacks which are quite sophisticated and advanced.

While we gear up to tackle the upcoming security issues in the country, it is imperative that organisations develop a comprehensive “business-driven” security model that fully integrates with the security requirements keeping in mind the overall business goals and objectives of the company. Such a model will help organisations chose their security investments to create the best possible balance between customers’ ease of use and cyber security

Policies and laws
Another area of concern for the Government should be to implement the right policies and cyber laws that make online transactions a safer choice for customers. We already have strong cyber security guidelines in place but they are not followed stringently, leading to a ‘gap of grief’. The Government is mulling over the almost 15-year-old Information Technology (IT) Act to further strengthen cyber security infrastructure, following demonetisation. The Reserve Bank of India has also recently sent out a cyber security framework to be followed by banks, covering best practices. To help the Government achieve its goal of Digital India, the RBI has ordered all prepaid payment instrument (PPI) issuers, which includes all RBI-authorised banks and NBFCs, to get a special audit done of their systems by auditors of CERT-In on priority and comply with the audit report recommendations immediately.

CISOs (chief information security officers) along with the board of directors now need to take tough decisions to address the business impact of a cyber-attack. Cyber security is no more an IT problem, it is a business problem and needs to be tackled accordingly. The uptake in devices, various operating systems and the constant need for the devices to communicate with one another without the need for a gateway introduces unique challenges in the cyber security space making it complex to log every aspect of communication/transaction.

It is evident that the threat landscape is evolving continuously and the complex layers make cyber security a challenge. The Government’s push for stronger cyber security infrastructure is a welcome move, although we still have a long way to go. The illusion of protection from cyber attacks is a thing of past, no one is secure. How we minimise the impact with continuous monitoring, early detection and quick response is the key in the world of digital economy. An attack is imminent. It is now up to the organisations to prioritise their cyber security needs and act on it.

The writer is Managing Director — India and Saarc, RSA
news

Cyber criminals team up to attack their targets efficiently

NEW DELHI: From being individual attackers, cybercriminals are now running their operations as an organised business, pointing to the rise in efficiency of the criminal activities they carry out, CEO of Finnish cybersecurity company F-Secure, Samu Konttinen, said.

“Ransomware is by far one of the biggest problems. It is in a league of its own – nothing comes close – and unfortunately, these haunt consumers and businesses both,” Konttinen said in an exclusive chat withET.

He said ransomware operators work by encrypting or scrambling data of a business or an individual user to make it unintelligible to even its owner.

Imagine having all your files on your computer, but not being able to see any of their contents until you pay a sum to the cyber attacker, he explained. For paying the ransom, say via bitcoins, the cyber attackers guide the target through the process. “It’s almost like an honest criminal. It is important to them that people (targets) have faith. The attackers must deliver the decryption key to their targets after payment and are very careful about their reputation… because the fact is, if the word gets out, if the targets pay and still don’t get their files back, nobody will pay,” he added.

F-Secure has been focusing on the small and medium enterprise (SME) market in India – it’s fastest growing market in the Apac region. The company sees a big opportunity in the digitalisation of government and businesses in the country.

India is also trying to push biometric authentication — primarily fingerprints and iris scans — for Aadhaar-based transactions. Talking about the use of biometrics and associated devices, Konttinen said fingerprints are not fool-proof.

“The problem is for any of the fingerprint readers, they don’t understand if the holder of the fingerprint is alive. I can cut off your thumb and it most probably will open your phone,” he said.

Also, using a single fingerprint scanner for multiple scans – such as at a door or for office attendance – can it wear out. The issue of the scanner not being able to read fingerprints because of dirt or grease on fingers is another problem. A recent technology, which uses infra-red to read blood veins in the palm, is a better technology, Konttinen said. “They are as unique as a fingerprint. You only need to hold your hand above the reader.

A chopped off hand will not work,” he said. He also spoke about the lack of disclosure norms and adequate punishment for cyber breaches in India. A new regulation that will come into force from 2018 in the EU mandates tough penalties.

According to the regulation, if a company fails to notify the EU government of a data breach within 72 hours of learning about it, the non-compliant company can face fines of up to 4% of annual global turnover or 20 million euros, whichever is greater. “What has also happened very, very often is that at the end, the CEO gets fired (in case of big cyber breaches). So they are gradually beginning to understand that if you don’t take care of the cybersecurity of your company, it is your job that is on the line,” Konttinen added.
NewsletterA A
news

RBI tries to close gaps in cybersecurity of state owned-banks

Banking regulator Reserve bank of India's move to use ethical hacking experts to check cyber security vulnerabilities of banks has exposed chinks in the armour of four state-owned banks, sources involved with the operation said.

Reserve Bank of India decided to ethically break into the IT systems of banks. In the first phase, the focus will be on PSU banks because they have more vulnerable systems than private banks.

There are 27 state-owned, 30 private and 40 foreign banks in India. The RBI did not respond to an email seeking its response for this story.

RBI tries to close gaps in cybersecurity of state owned-banksRBI tries to close gaps in cybersecurity of state owned-banks - Image“RBI is looking at international standards when it comes to protecting itself and banks from cyber-attacks. The regulator is planning a mix of ethical hacking, planned and unplanned audits of banks' security systems to ensure that best practices are followed strictly ,“ a person who is involved with the matter said.

In the last couple of months, RBI has put together a small team which looks into cyber vulnerabilities of Indian banks. The team consists of young ethical hackers and some former senior police officers.

The team would be headed by Nandkumar Sarvade, a retired IPS officer and an expert in bank fraud and terrorism cases. RBI has sought outside help from experts on several occasions earlier too.

The top 51 banks in India have lost Rs 485 crore from April 2013 to November 2016, finance ministry data showed. Of this, 56% was lost due to net-banking thefts and card cloning. As per estimates, there are at least 15 ransomware attacks per hour in India and one in three Indians fall prey to it.

“Knowing spends of Indian banks on cyber security versus their US counterparts, we still have a long way to go when it comes to being equally mature against sophisticated cyber-attacks. Banks, however are the more matured among other industries like manufacturing, hospitality and healthcare where the focus on cyber security is still extremely low,“ said Saket Modi, CEO of Lucideus Tech.

Modi and a dozen techies at Lucideus, the company he co-founded, worked with the RBI in the past for protecting Unified Payments Interface (UPI) from hackers.
news

Sharing information key to ensure cyber security: Experts

NEW DELHI: Sharing information relating to cyber breach with other countries can help tackle the threat of cyber crime which is increasing in the age of fast-growing use of internet and technology, cyber experts said today.

Cyber conflict will anyhow increase in the future as well as the complexity and penetration of malware. By cooperating with each other, data can be kept safe and secure and these threats can be kept at bay, Gulshan Rai, National Cyber Security Co-ordinator, today said during a conference on 'Cyber Security: The Internet of risks' at the Raisina Dialogue here.

"The more we will share information regarding any cyber breach or theft with cooperating countries or different stakeholders, the more we will be prepared and equipped with dealing such threats in the age of information technology and fast-increasing internet connectivity. We have to be transparent in sharing information," Rai said.

He asserted that tackling cyber crime and threat is, however, very challenging task and more complex one. The security of data is of prime importance.

"It needs greater attention as those indulged in cyber attacks are much more advanced and fast in carrying out their task. Attackers are evolving themselves," Rai said.

Uri Rosenthal, Special envoy for cyberspace, ministry of foreign affairs, the Netherlands, said that "Internet is all about trust. We have to also focus on the need of developing a mechanism where cyber security can be ensured".

The defencive capabilities must be strong enough so that authorities can retaliate in the event of cyber breach.

"It is not only the responsibility of the government to ensure cyber security but private sectors and NGOs must also pay enough attention in this direction. There is an urgent need to address the problems in the way of cyber security," Rosenthal said.

He said that cyber attacks may come from anywhere, be it a private organisation, state actor or non-state actor.

"When it comes to ensuring cyber security, it is not only about the technicalities but cooperation is also required," Rosenthal said, adding that China should open its internet on global level.

Chris Painter, cyber coordinator, department of state, the US, said that cyber security is not only related to internet and technologies but also related to the national security of a country, hence, it requires greater attention.

Li Yan, Vice Professor at China Institutes of Contemporary International Relations, also highlighted the risks relating to the internet and cyber security and said public private partnership can play a key role in ensuring cyber security.

Patricia Lewis, Research Director, International Security, Chatham House, the UK said ensuring cyber security requires much larger attention as merely making legislations in this regard will not serve the purpose.

"There is a need to create a culture in terms of cyber security. We need to inform each other in the event of a cyber breach as greater cooperation can save us from many challenges.

"Cyber security should also be cost effective otherwise small and medium enterprises or organisations would not be able to afford its cost and hence, cyber security would be at risk. We have to recognise what is at stake and what is important when it comes to cyber security, only then we would be able to take better decisions in this regard," Lewis said.

She said that ensuring cyber security includes knowing what a crime is in the cyber world and protecting the citizens from cyber attackers.

When asked about the challenges of cyber terrorism, Rai said that the issue is complex and needs to be taken cautiously while dealing with it.

It is easy to shut down such accounts promoting terrorism using social media platform. There are issues while scanning data as about 70 per cent traffic on the internet is encrypted. So, the action has to be in accordance with the law of the land, Rai added.
news

Cybercrimes show an alarming increase in Rajasthan

JAIPUR: Internet is turning out to be the new nemesis for the state police. The crime figures released by the State Crime Records Bureau (SCRB) for the year 2015 has set alarm bells ringing with the state recorded an increase of 33.06% in online crimes.

The state recorded a total of 974 cases in 2015 compared to 732 in 2014, an alarming spike of 33.06%. Reporting 574 cases, Jaipur had the highest number of cases of online crime.

Speaking about the increase in crime rate, SP Sharat Kaviraj of SCRB told TOI that were several stumbling blocks that have led to the increase in crime rate. “People open bank accounts on fake documents and obtain SIM cards on forged identification cards. These are the two major problems we encounter while trying to nab the offender,” he added.

According to Kaviraj, who was also part of the team that compiled the comprehensive report about crimes in Rajasthan-2105, the international jurisdiction in online frauds impedes investigation.

“We have no control over international email service providers. They often decline to cooperate with us citing issues of jurisdiction,” he said.

A senior official of the Jaipur police attributed lack of training and absence of a dedicated cadre to fight cybercrimes for the rise in such crimes. “We have a special telecommunication cadre. But cops are not equipped to tackle such technical cases,” the official added.

In 2014, cops arrested 311 culprits for cyber-crimes. But only 197 people have been arrested in 2015, a decrease of 36.66%. The police are equally troubled by the slow rate of conviction in such cases. For instance, Jaipur (west) police district recorded the highest number of cases in the city, registering 220 cybercrimes. But they have filed chargesheets in only 14 cases and have about 51 pending cases.

“The police rely on private investigators and hackers to probe matters of online fraud. But, there is always a suspicion of crucial information being leaked to these investigators. Therefore, the only solution is to set up an in-house investigation unit,” a senior police official told TOI.

Even in cities such as Ganganagar, Bhilwara, Tonk, and Dausa, where the internet penetration is limited, cybercrimes are on the rise.
news

India, US sign MoU in cyber security cooperation

New Delhi: India and the US have signed a memorandum of understanding (MoU) on cooperation in the field of cyber security, an official statement said here on Wednesday.

"India and the US have signed a memorandum of understanding between the Indian Computer Emergency Response Team (CERT- In) under the Ministry of Electronics nd Information technology of the government of India and the Department of Homeland Security, government of the United States of America on cooperation in the field of cyber security," the statement said.

The agreement was signed by Aruna Sundararajan, secretary, Ministry of Electronics and Information Technology, and Richard Verma, US Ambassador to India, on Wednesday here.

"The MoU intends to promote closer co-operation and the exchange of information pertaining to the cyber security in accordance with the relevant laws, rules and regulations of each economy and this MoU and on the basis of equality, reciprocity and mutual benefit," the statement said.

Earlier the US and India had signed an MoU on July 19, 2011 to promote closer cooperation and timely exchange of information between the organisations of their respective governments responsible for cyber security.

Since, July 19, 2011, regular interactions between CERT-In and US CERT are taking place to share the information and discuss cyber security-related issues.

In continuation to the cooperation in cyber security areas both have renewed the MoU, the statement added.
news

6 Cybersecurity Predictions for 2017

2017 will usher in intensified cyber attacks, new regulations and a shift in how businesses approach cyber risk management, according to Stroz Friedberg, an Aon company. It predict top threats this year include nation state cyber espionage, a rise in data integrity attacks and an increase in attacks harnessing Internet of Things (IoT) devices.

With cybersecurity firmly entrenched as one of the most consequential issues impacting international security, politics, economic stability and transactional crime, an understanding of existing and emerging cyber risks is more relevant than ever before.

“In 2016, we witnessed everything from cyberattacks influencing public opinion to hacked IoT devices and the introduction of new cybersecurity regulations. This year we’ll see an intensification of these threats, along with new challenges and a blurring of lines between the actions and responsibilities of the state, markets, businesses and civil society,” said Ed Stroz, Co-President and Co-Founder of Stroz Friedberg. “The flood of fake news and nation state-backed attacks in this past year’s election are just a sign of things to come, as attackers find new ways to seek faster and wider access to data and exploit sensitive information.”

Here’s a look at the 6 cybersecurity predictions:

1. Criminals harness IoT devices as botnets to attack infrastructure

In 2017, Stroz Friedberg predicts there will be an increase in IoT devices compromised, harnessed as botnets and used as launching points for malware propagation, SPAM, DDoS attacks and anonymizing malicious activities.

2. Nation state cyber espionage and information war influences global and political policy

Cyber espionage will continue to influence global politics and will spread to the upcoming elections in Latin America and Europe. Russia, China, Iran and North Korea will remain regions of great concern in 2017, as they continue to develop deep pools of cybercrime talent.

3. Data integrity attacks rise

Data sabotage as the next big threat will become a reality in 2017. Criminals will seek to sow confusion and doubt over the accuracy and reliability of information, impairing decision-making across the private and public sector.

4. Spear-phishing and social engineering tactics become craftier, more targeted and more advanced

As organizations continue to leverage evolving technologies, including the cloud and IoT, and in parallel shore up perimeter defenses to raise the bar of network security, criminals will increase their focus on the human element as an entry point. In 2017, advanced social engineering tactics will become more targeted, cunning and more effective, exploiting the weakest link – employees – that organizations always find challenging to safeguard.

5. Regulatory pressures make red teaming the global gold standard with cybersecurity talent development recognized as a key challenge

Increased pressure from regulators worldwide will push in-house red teaming capabilities to accelerate in 2017. In addition, companies that are not in the cyber business will face a different challenge – recruiting, motivating and retaining highly technical cyber talent to keep their red teams at the forefront of cybersecurity. This push will likely first occur in financial hubs such as Hong Kong, Singapore, the EU, and even the U.S.

6. Industry first-movers embrace pre-M&A cybersecurity due diligence

The financial services industry and other regulated sectors will be early-adopters of making cybersecurity due diligence a critical part of the pre-M&A due diligence process, learning from high profile transactions that were derailed last year, following the exposure of cyber vulnerabilities.

In 2016, Stroz Friedberg’s correctly predicted events such as cyber threats influencing the U.S. presidential election and security incidents with IoT devices shifting dialogue from functionality to security.

Industry is not powerless or relegated to sit by and wait for government directives to manage risks. Stroz Friedberg provides recommendations on how organizations can increase their resilience, shore up operations and boost defenses in the face of a substantial cyber threat landscape.
news

How to assess your organisation’s cyber security resilience

High profile cyber attacks over the past 12 months – Census and the Bureau of Meteorology are two examples – have company directors scrambling to tighten up their IT security strategies.

Many are now wondering if their cyber resilience policies and procedures are effective enough in a global environment where attacks are more complex than ever. Directors also question how they will respond after an attack to lessen the financial and reputational impact on their organisations.

When creating a cyber security strategy, it’s important to establish a common language so everyone understands the technical issues being discussed.

Cyber security is a term often used synonymously with information security and business continuity and is generally seen purely as an information technology issue rather than a corporate risk issue. The truth is it is both.

The diagram below provides an easy way to understand the relationship between cyber security, information and risk management and how information technology management and business continuity also support security risks.

The Rise of 'Data and Analytics' Roles Points to Digital Business Transformation
More from Gartner


So, what questions do company directors need to ask when assessing their organisation’s cyber resilience?

The following questions are a starting point recommended in a report by the body responsible for company regulation the Australian Securities and Investments Commission (ASIC).

Are cyber risks an integral part of the organisation’s risk management framework?
How often is the cyber resilience program reviewed at the board level?
What risk is posed by cyber threats to the organisation’s business?
Does the board need further expertise to understand the risk?
How can cyber risk be monitored and what escalation triggers should be adopted?
What is the people strategy around cybersecurity?
What is in place to protect critical information assets?
What needs to occur in the event of a breach?

Many boards will find that management can only partially answer the above questions. To address this problem a range of cyber security frameworks have been developed to assist with the communication between the board and management and to focus discussion only on areas which need attention.

Is your organisation cyber resilient?

Several different frameworks are available to assist management address this question. All the reputable frameworks have similar elements and give similar outcomes if applied correctly, however some are more expensive and complex than others to implement.

In Australia, a commonly used framework is ISO 27000 which is an international standard against which organisations can be certified as compliant. Certification is a costly process and does not necessarily improve outcomes so many organisations will use this framework but not become certified.


However, one of the most commonly used frameworks internationally is the Cyber Security Framework (CSF) developed by the US National Institute of Standards and Technology (NIST). This framework is free and can be downloaded and used by any organisation.

The framework complements, and does not replace, an organisation’s risk management process and cybersecurity program. The organisation can use its current processes and leverage the framework to identify opportunities to strengthen and communicate its management of cybersecurity risk while aligning with industry practices.

Additionally, the US Computer Security Response Team (US-CERT) which is part of Department of Home Security (DHS) has developed freely available tools to help implement CSF using the NIST controls defined in their publication Security and Privacy Controls for Federal Information Systems and Organizations.

The easiest tool to get started with is the Cyber Resilience Review (CRR) tool. This tool is a pdf document which provides an assessment that is designed to measure existing organisational resilience as well as provide a gap analysis for improvement based on recognised best practices.


Proposed laws could take IT procurement decisions away from telcos
A more comprehensive tool is the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), which is also part of DHS. They offer a tool called Cyber Security Evaluation Tool (CSET), which is also free and can be downloaded on to a personal computer and will do a more comprehensive assessment.

The main benefit of CSET over CRR is that CSET allows assessment reports to be compared, so organisations can track progress over time as improvements are made to their security posture. However, for those organisations that have not done this type of assessment before CRR is the recommended starting point.

Although management must ultimately perform these assessments, the implementation of the frameworks can take a significant effort and be distraction for business. Therefore it is worth considering if a consultant should be engaged to assist in the first cut implementation and initial board presentations.

One thing you can be sure of is that at some point in the future every organisation must do some type of cyber security assessment so you may as well start now.

Ian Brightwell is principal consultant at DH4. He was previously director of information technology and CIO at the NSW Electoral Commission.
news

Cybersecurity: Top Tips from the Other Side of the Trench

When it comes to cybersecurity expertise, I’ll often quote industry professionals and security firms in order to help you stay on top of new trends, review best practices, and ensure that your strategy is sound. But it is also crucial to take a look from the other side of the court, to get a full perspective on today’s most pressing cybersecurity issues.

It can be easy to write off cybersecurity professionals’ warnings as alarmist, or irrelevant to your business. But it really drives the message home when you hear about these dangers from those who have actually carried out the crimes, when it becomes clear just how easily you can lose everything with one wrong click of a link. Today, we get an inside look into hackers’ own thoughts on cybercrime, and examine the areas in which they see the most vulnerability.

Social Engineering Is Often Overlooked

Kevin Mitnick is a criminal-turned-security-expert, kind of like a cybersecurity version of Frank Abagnale. He still hacks for a living, but these days it’s in the name of legal penetration testing. His number one piece of advice to clients is to never forget that “people are the weakest security link.”

Mitnick believes that social engineering is an issue strongly lacking in awareness, and something that businesses (and individuals) need to focus on going forward. Computer security is unwavering, but people can be weakened, manipulated, compromised. They rely on emotion and trust, and can quite easily be tricked by phishing attempts that appear to come from legitimate sources.

Maybe you think that this won’t happen to you. But what about your coworkers, your employees? All it takes is one person to click the wrong link, and your entire network can be compromised. Employee education, training, and testing should be a top priority, and can help you avoid some of the most pernicious attacks.

Stagnant Security Protocols Don’t Cut It

Mitnick also emphasizes that companies cannot take a “set-it-and-forget-it” approach with cybersecurity – the field is changing too rapidly, and there are too many attack vectors for you to assume that your current measures will always be successful. He has demonstrated how thumb drives, PDFs, public Wi-Fi, and other common elements we take for granted in our daily computing lives can be used to penetrate unsuspecting users’ systems.

The final piece of advice Mitnick has to offer is his insistence on penetration testing – hiring third party, experienced “white hat” hackers try and break into your business. By analyzing current security, your company can determine its weak points and get advice on how to improve so that real hackers cannot exploit these vulnerabilities. It is recommended that these penetration tests be performed a couple of times per year in order to ensure that your security remains strong against the latest threats.

Recommended for You
Webcast, January 12th: Leveraging Urgency and Scarcity for Increased Sales
Criminals Love When You Fall Behind on Updates

New viruses are created every single day, new vulnerabilities are regularly discovered, and cybercriminals are constantly refining their techniques in order to gain entry to victims’ systems. New exploits are put into practice by those who discover them, then passed around criminal communities for common use.

Software developers do their best to patch these vulnerabilities as soon as they are discovered, but unfortunately, users are not as quick to put these updates into place. And that’s good news for cybercriminals: according to a contributor on Null-Byte’s “Advice From a Real Hacker” series,

“We hackers love when people refuse to update because that means that even old tried-and-true exploits will work with their systems. If you update, I have to be more creative in developing my own new hack.”
And that goes for more than just operating systems – products such as Adobe Flash and Reader are common targets for hackers, and need to be regularly serviced.

It is also highly recommended that you keep your antivirus up to date. This software is regularly updated for a reason: viruses mutate to get around these defenses, and so antivirus must constantly evolve to cope with the newest and most dangerous threats.

Your Password Isn’t as Strong as You Think

When it comes to choosing a password, the key element is not cleverness – in most cases, hackers won’t know you well enough to try manually entering passwords they think will work. Instead, they use brute force, attempting millions or even billions of different combinations. As a result, your approach to password choice should reflect this primary threat, and use the following tactics to make it infeasible for professional hackers to gain entry:

Make your password as long as possible
Never use dictionary words
Use all allowable character types (upper and lowercase letters, numbers, special characters)
Change your password often
Use different passwords on different accounts
A good approach is to create a passphrase: a long string of words that is meaningful enough to remember, but difficult to guess (long, using varied characters). This way, you will not have to write it down to remember, but frustrate even the most persistent of hackers.

Putting Advice Into Action

Cybersecurity is not a theoretical field, nor is it a unique concern to large companies. Hackers are constantly searching for victims and finding new vulnerabilities every day, yet for many organizations, the threat does not feel real enough to take action. Hopefully this article helps demonstrate the fact that these are the daily considerations of cybercriminals, and that such people will attack indiscriminately when they find an opening. If you’ve been waiting to update your business’s cybersecurity strategy, now is the time to act.


Read more at http://www.business2community.com/cybersecurity/hackers-guide-cybersecurity-top-tips-side-trench-01745346#lkm7C8VAU7HHTIir.99

Prev Next

Newsletter

Sign Up for Monthly Newsletter



Recent Tweets

CONTACT US

Crux Center for Security
Research and Events (CCSRE)
316-317, Bestech Chambers,
Sushant Lok – 1, Gurgaon,
Haryana, 122002

0124- 4207903, 05, 06