Tag Archives: Cyber

U.S Plans New Bill to Enhance Cyber Security

Posted on by
Reply

Cyber threats are coming of age. Over the last few years, countries worldwide have faced repeated intrusion attempts on computer systems and networks of government bodies. U.S has also faced a wide range of attacks on computer systems of Pentagon and other crucial installations. However, the recent WikiLeaks exposure, and security breaches at stock exchanges indicate that the threats in the cyberspace have widened. Thousands of new malware and malicious content are identified daily by security companies. The threats pose challenge for security professionals and counter crime agencies. Organizations also face threat of cyber espionage. U.S Senators are planning to introduce a bill to enhance cyber security. The bill titled “Cybersecurity Enhancement Act” will be introduced by Senator Robert Menendez, a member of the Senate Finance Committee. The bill was earlier approved in the House of Representatives, but could not receive Senate Approval. The Senator plans to introduce the bill in the near future.

Security breaches may result in loss of confidential information such as customer databases, business strategies and other privileged data. Such security compromises may have serious long term implications for individuals and business organizations. As such, information security is crucial for retaining trust of customers and investors. The bill is aimed at reinforcing trust among businesses and investors on safety of their investments.

The bill seeks greater coordination and cooperation between Department of Defense (DoD), National Science Foundation and Homeland security department in evolving a long term cyber security research and development plan. Such plans are important to identify the numerous threats emanating from the Internet. The plans would help the counter crime agencies and information security professionals in developing quick responses to cyber threats.

Cyber-attacks may be launched by cyber criminals, political hacktivists, rival intelligence agencies and terrorist organizations. The attacks may target websites, computer systems and networks. Nasdaq, one of the premier stock exchanges of the world confirmed security breach of the company’s servers as reported in several news reports. Recently, security firm McAfee disclosed in a report that cyber-attackers intruded into the systems of five global oil companies and stole highly privileged information.

Implementation of the proposed Act would cost around $600 million till 2014. Proactive coordination between different national and international agencies is crucial to control the cyber threats, protect national assets and bring the offenders to justice. Businesses may safeguard the IT infrastructure by conducting regular vulnerability assessment tests, ethical hacking and security audits. Safe IT environment is crucial for growth and development of the economy.

Safe Cyber Shopping

Posted on by
Reply

It’s a jungle out there. Queues keep getting longer, parking is harder to find than hen’s teeth and negotiating crowds is enough to make a grown woman weep. Karena decided to give the stress of mall-trawling a miss, and took her mouse for a shopping spree on the World Wide Web.

I loathe shopping at the best of time, so cyber shopping seems like an answer to all my prayers. From the comfort of my own study I can purchase whatever I need – ranging from groceries to a luxury 4×4. But, mention shopping online and people fall around in a dead faint. ‘It’s risky,’ the critics wail. ‘How on earth can you put your credit card details on the Web when there are hackers out there waiting to crack the code and fleece you of every last cent?’

With this in mind, I decided to do some investigating about just how safe cyber shopping is. David Boss, customer support, from Kalahari.net was reassuring. ‘There are still lots of misconceptions about buying online,’ comments Ross.

People don’t give a second thought to giving their credit card details over the phone when booking for movie tickets, but when it comes to purchasing a CD online, they’re quick to imagine the worst. While it’s good to be cautious, it’s worth noting that there are safety measures to ensure you won’t get ripped off.

‘I can’t speak for other online stores, but at Kalahari.net we take security extremely seriously. To protect your credit card details from would-be hackers we make use of a sophisticated SSL (secure socket layers) encryption system. Simply put, this code receives the information you key in, but then re-packages it into illegible code so anybody gaining access to the system wouldn’t be able to decipher it. It also stores the information in different areas of the database so that a hacker would never find all the information they would need to make a fraudulent transaction. ‘We also don’t store any credit card information you send us, which means you have to re-enter your details every time you make a purchase. Although this may seem time-consuming if you use a site to shop regularly, it does afford you extra protection.’

Your details aren’t stored in a database waiting for any would-be hacker. ‘We have our reputation to consider. Kalahari.net is an accredited ABSA speed point user, and if we transgress the code of conduct by putting transactions through twice, the association would soon be terminated. Mistakes do sometimes happen, just as they do in restaurants or shops, but if you contact us with a complaint we’ll happily refund you if we’ve made an error. No reputable site who’s planning to be around in the long term would risk this kind of damage to their business.

Despite these assurances, if a customer insists on a safer method of payment, we do accept bank deposits. Sean Riley is an IT specialist. He emphasizes that you can’t be too careful when shopping online. ‘Online security issues keep coming up, but for good reason,’ comments Riley. ‘Despite the risks involved, one out of two E-commerce sites continues to breach security recommendations. For starters, many still store credit card information and, what’s more, they don’t encrypt the information they store.’

Companies are often in a hurry to get their e-business online and they employ independent consultants to get it up and running. There’s usually enormous pressure to get a job done quickly and often security stops and checks are overlooked. What’s more, sites also often abuse the Verisign or Thawte certificate of security that appears on them.

In order to prove that your site is secure, you need to register with one of these companies, who will then supply you with a certificate. But, security systems often slow a site down so, in order to speed up transactions, companies choose where to apply security. You wouldn’t, for example, need to secure a page that’s advertising apples because it poses no security risk, while you would need to put restrictions on a page that contains personal details or financial information. Some companies overlook the crucial areas that need security.

Despite these warnings, you can still shop online. You just need to take steps to ensure you don’t get ripped off – much as you would when shopping in the traditional way. The mere presence of a security certificate is NO guarantee of privacy. You are still at the mercy of the particular website and their application of the secure certificates. Make sure the site is secure by looking for a small padlock in the window to the lower right in Internet Explorer.

If the lock is open or the key broken, the site isn’t secure. You can also check the level of security by running your cursor over the padlock or key. Entry-level encryption starts at 40 bit and goes up to 128 bit. The more sensitive the data, the higher the level of encryption needed. Financial sites, such as online trading sites, should have very high-end encryption of 128 bit.

The URL address should also change from http:// to https:// when you start the payment part of your transaction. Without this, stop your transaction immediately. Common sense should also prevail when you start shopping online. Only shop at sites backed by reputable companies, keep a record of all your transactions, check your credit card statements regularly and only shop at sites with a declared privacy policy (without this they can legally sell your contact details on to marketers). And, be careful about accidentally hitting the Refresh icon while you’re at the transaction stage of shopping as your credit card details and the transaction will be resubmitted and you could be billed twice.

Pros and cons of cyber shopping

Shopping online is great if you’re pressed for time, aren’t mobile or live in an outlying area that has a dusty main street and no decent bookstores for miles.

Prices online are often more competitive than in brick and mortar stores and you can shop around fairly easily by comparing prices on various sites.

There are disadvantages, however, and you need to be realistic when you take your mouse on a spending spree.

Unless you are buying a brand you’re familiar with you don’t always know what you’re getting.

Glitches with delivery do happen and vendors don’t always deliver as quickly as they should. But, if you shop wisely, the Internet can be a great tool. I wouldn’t buy a car online, for example, because I would want to test drive it and experience what it feels like. But shopping for groceries (and especially take-away sushi) is an absolute pleasure.

Security Experts Engaged In Constant War Against Cyber Criminals

Posted on by
Reply

Reports and analysis have proven that there have been a huge increase in the nature of cyber criminal activity ranging from identity theft to security breach, and the number will continue to increase if proper security measures are not taken.

What is important to note is the amount of losses has been quite substantial. Recently, About 90 percent of U.S. companies that responded to a Computer Security Institute survey said they had detected computer security breaches and 74 percent acknowledged financial losses as a result of the breaches of security.

Bradley Anstis, VP of technical strategy at M86 Security, a global provider of Secure Web Gateway solutions, says the cyber crime industry generates over $100 billion per year and organisations can no longer accept cyber crime simply as a cost to business.

In the United Kingdom, the latest cybercrime cost estimates released by the Cabinet Office showed annual losses of more than $43 billion. An information intelligence solutions company, Detica, which collaborated on the British government report with the Office of Cyber Security and Information Assurance in the Cabinet Office, reported that the real impact of cybercrime was likely to be much greater than that estimated. The report said most of the cybercrime costs were being shouldered by business.

Computer media reported that, while a global recession lingers, cybercrime is one industry that has shown double-digit growth for several consecutive years. Cybercrime has become more profit-driven, its “business model” has evolved, giving rise to new types of criminal activities and new twists on the old types. Highly-motivated criminals are using tools that are getting easier for anyone to access and use, and this further widens the cyber crime problem. Panda Labs report that malicious software could be bought, if not freely downloaded, “to make big bucks stealing credit card numbers and other personal information.”

The number of threats in circulation has risen in comparison to last year. In the first three months of 2011, PandaLabs recent malware report identified an average of 73,000 new malware strains, most of which were Trojans. Moreover, there was a 26 percent increase of new threats compared to the same period last year. The most popular type of threat to computer systems is still Trojan, and now accounts for 70 percent of all new malware. It can be incredibly lucrative for cybercriminals to commit fraud or steal money from Internet users through the online banking channel.

Analysts have also noted a shift from Windows-based computers to other operating systems and platforms, including smart phones, tablet computers and mobile platforms in general. Smart phones and tablets increasing popularity means more and more people are carrying miniature computers with them everywhere they go and using them for more of their daily tasks including financial transactions.

Meanwhile, according to Antis, “Since 2007, the security market has grown 41%, and this is compared to cyber crime that has conservatively grown 376%. “Ideally, security researchers are able to plug gaps before they are used for attacks, but this does not always happen; look at the problem with zero-day vulnerabilities. Security researchers have to use every tool in their arsenal against cyber criminals.” said Antis.

More awareness of security issues and incidents only demands on organizations to secure its information security environment These report findings clearly indicates that data breaches are very common these days. One way to mitigate information security risks is with technical security training. EC-Council’s brand new TakeDownCon is a technical information security conference series, in addition to learning from some of the best security experts, TakeDownCon also offers highly sought after technical training courses, including the Certified Ethical Hacker (CEH) course, often touted as the world’s most comprehensive ethical hacking training program.

The CEH Program certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective. The Certified Ethical Hacker certification will fortify the application knowledge of security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. A Certified Ethical Hacker is a skilled professional who understands and knows how to look for the weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker.

Norton Lays Emphasis on Cyber Security Awareness

Posted on by
Reply

Internet has brought manifold benefits and has transformed the way the daily lives of people around the world. People have the facility to shop, conduct banking transaction, book tickets, and pay utility bills at any time from any part of the world through Internet. However, Internet has also provided a new platform for criminals to indulge in illegal activities. Threats may arise due to programming errors, security flaws in devices, computers and networks, lapses in website security management and negligence on the part of the users. Most of the threats could be avoided by simple precautions by users. While people enjoy the convenience provided by Internet, lack of security consciousness, makes them vulnerable to malware attacks, data breach, identity theft and financial losses.

Recently, Dan Nadir, senior director of consumer products at Norton, emphasized on user awareness to deal with the sophisticated attacks by cybercriminals. The security specialist emphasized that security software solutions cannot prevent an individual from disclosing personal information online. While social networking sites have provided an opportunity for Individuals to connect with family and friends online, personal information shared on online platforms may be misused by cybercriminals. Cybercriminals may extract personal information and use social engineering to trick users into fraudulent schemes. Cyber security awareness education may help Internet users to gain understanding of various threats in the cyberspace and modus operandi of the criminals.

Norton also encourages people to use strong passwords. Users are required to operate multiple online accounts for availing different types of services. People use simple and common passwords as they are easy to remember and also save time. However, the tendency among people to use weak, predictable and common passwords also makes them vulnerable to intrusions and data breaches. If user use a common password for all accounts and a cybercriminals gains access to one password related to a particular account, he may easily breach the security of other accounts. A strong password must be alphanumeric, contain special characters and must be of at least 8 characters in length. Users must use different passwords for different accounts and must also change them frequently.

Users must also verify the authenticity of a web page by checking for padlock and trust seal. However, customers must vary of simulated padlocks. When users double click on a legitimate padlock, it will be display information regarding security certification of the page. Fake websites may have simulated padlocks, which will not display any certification information. Security researchers at Norton also suggest that some browsers may color their address bar green to indicate the authenticity of a website. Security researchers also advise users against displaying their e-mail addresses on social networking sites, blogs, and comments on websites. Users may improve their knowledge on IT security through online training programs, tutorials, webinars and e-learning programs.

Cybercriminals target users through phishing and spear phishing e-mails. They also trick users to download malicious programs and malware. The malicious programs may track user activity, steal confidential information and send the extracted information to remote attackers. Adherence to security fundamentals and cyber security tips issued by regulatory authorities, security firms, banking and online shopping sites would enable users to improve computer and Internet security.

Necessities of Cyber Security Professionals in Todays Computing Environment

Posted on by
Reply

The vast network of cyber-space presents? Or, can harbor — major threats to the security of personal computers; LAN and WAN networks; and wireless Internet networks. Trained computer networking specialists who are experts in cyber-security are needed to secure networks and computer systems for effective data storage and retrieval. Just as importantly, they are needed to secure the privacy and integrity of personal and corporate identities. These professionals can find work in private firms, in consulting, or at the state and federal government levels. Most individuals complete at least a bachelor’s degree before working in the cyber-security field.

Hackers pose special threats to computer network security. These technologies and networking experts use their insider information to grant them access to computer networks, without permission. Our modern computing environment is an open one, and individuals with systems and software knowledge? Or, even, persons with the gumption to steal data or computing devices? Can easily get their hands on very sensitive information.

Much information should be kept private, and serious damage can ensue if this information falls into the hands of hackers. One of the greatest risks to business computer and personal computer users who are working on unsecured networks is identity theft. A cyber-thief can use a personal or company address; financial and credit card information; or even a personal social security number to steal money from individual or corporate accounts. This is a serious crime? One with far-reaching consequences, including ruined credit records — and increasingly easy to commit in today’s open-computing, technology-heavy environment. Cyber-security professionals who are adept at designing secure, hack-proof information systems and networks are needed to win the fight against identity theft.

Spyware and viruses pose another threat to the integrity and security of computer data. Spyware is installed on a computer without the user knowing, and can collect personal data or interfere with computer applications or run-time. Viruses are computer programs that replicate themselves to infect the machines, often damaging files or even hard drives in the process. There now exist of several types of anti-virus and anti-spyware software that can be installed on a personal computer or on networked office computers for low or no cost. Security professionals on IT repair teams might be trained in the use of this software. Some professionals might provide security consulting services to businesses and individuals, as well.

Skilled security professionals also know how to install and maintain firewalls. These pieces of software or computer appliances are security devices that monitor activity between networks? Usually, networks with different levels of security and access. Firewalls might restrict permissions to various Internet activities or Web sites. The level of security firewalls provide on large business networks can be changed or altered by security administrators. There exist many types of firewalls, including network layers and proxy servers. Understanding what each type of firewall does, and when it should be applied are main responsibilities of a cyber-security; typically, he or she will take several classes about firewalls to complete a network security degree.

Design and evaluation of secure computer network systems are special skills, in which cyber-security information systems professionals must be proficient. Secure network architecture is imperative in preventing hacking and threats to information integrity. Some cyber security professionals will be employed as business consultants, routinely evaluating system security software, and creating and testing secure network systems.

Finally, some cyber-security professionals might be employed to work on major projects and contracts where information privacy and integrity is vital. Similarly, cyber-security specialists are needed in biology and scientific research centers, such as those found in universities and hospitals, to make sure data and findings remain secure. Specific federal regulations outline how these findings should be secured, so specialists can help these research centers stay compliant.

The field of cyber-security is a constantly evolving and important area of information systems science. Individuals pursuing an education in this challenging and lucrative field will be sure to find fascinating work and a lifetime of learning throughout their careers.