IT News

  • Why you need to take IT Social Engineering more Seriously

    By

    Why you need to take IT Social Engineering more Seriously

    PersonWihtNotebookRecently in the news, there have been  some victories combating cyber-crime. Cisco took down a ransomware network . Dell Secureworks took down the Dridex malware servers.

    Many hardware and software vendors have taken steps to address security in their products to combat the growing rise of cyber-crime. There are many solutions on the market today that IT can deploy to minimize risk.

    For example, WatchGuard’s line of firewall products have won awards relating to security and gives an edge against APT (Advanced Persistent Threats) eliminating most threats all from one appliance.

    However…

    Even if you have the best hardware and software security platforms implemented at your organization, breaches may still occur if staff training towards security is neglected.

    Social Engineering has become both an art and a science in how to manipulate people into giving up confidential information. Utilizing social engineering methods to obtain information such as passwords are typically easier than to hacking. As mentioned earlier, as hardware and software advances improve security, expect a rise in social engineering attacks.

    Hackers have stepped up their game and attacks are more sophisticated. Phishing emails are targeted to organizations rather than a mass spam email campaign.

    C level executives are now targets. Criminals “spoof” and impersonate a target’s email address and send wire transfer instructions to subordinates. Business Email Compromise or CEO Fraud is the name of this scam. The FBI reported that 1.2 billion has been stolen worldwide due to this scam last year.  I even received an email last week from someone impersonating the president of a logistics company.

    The key takeaway here is that this scam is working and training staff to identify these threats is now necessary. Here is a link to a story of a CEO Fraud attack that almost worked and how training prevented it.

    LinkedIN is another resource where business professionals are targeted. Fake recruiters have been able to gather information not only on the target, but also mapping out their connections as well. A fake recruiter once reached out to me and because this individual was already connected to two of my trusted colleagues, I did not question his legitimacy. Luckily all he got was my resume.  Extra vigilance is now required when accepting connection requests, otherwise we run the risk not only to ourselves, but to our connections as well.

    What Actions to Take:

    1. Conduct staff training regarding current security policies and social awareness training
    2. Be extra vigilant regarding connections and communications on social media sites
    3. Review security policies and action plans at least once per quarter
    4. Subscribe to a blog/website that provides updates on social engineering ( I personally like CyberHeist News from KnowBe4 https://www.knowbe4.com/cyberheist-news/ )

    For more information about how BIT can help develop your security solutions from gateway to endpoint, give us a call.

    Read more
    0
  • Sad Linux and Apple Party

    The Party is Over for Apple and Linux Users

    By

    The Party is Over for Apple and Linux users

    Being in IT, one cannot escape the never-ending debates about PC vs MAC, vs Linux, etc.

    The debates usually are centered on a variety of topics, whether it is ease of use, costs and the most talked about one, “we don’t get viruses, malware, etc…” This is typically the trump card that gets thrown on the table against a PC loving user to end the debate.

    What is true is that there are not as many malicious threats to Mac or Linux devices compared to PCs, since hackers will typically target the biggest market share.

    In the recent weeks, Apple has been in the spotlight for a number of security related issues. From malware infected apps in their App store, down to Gatekeeper flaw in the OS X operating system. This short video from WatchGuard Technologies summarizes these issues.

    For Linux, there is the recent XOR DDoS botnet malware that has caused havoc. Even though this botnet was targeting Linux servers directly connected to the internet and the chances of harming Linux PCs is low, this incident serves as a wake-up call to both Apple and Linux users who do not take security and threats seriously.

    There are many incidents where Apple and Linux end users simply ignored implementing security software simply due to the attitude that they believe they could not get infected. Remember this commercial?!

    Threats are growing. Hackers are becoming more sophisticated. Phishing campaigns don’t discriminate.

    Attitudes need to change. Implementing security software even at a personal device level should become second nature like putting on our seat-belt anytime we step into a car.

    The “I don’t get viruses/malware” trump card is now invalid. The party is over.

    But the debate on which platform is better will never end.

    Read more
    0
  • Windows 10: Microsoft Addresses Privacy Concerns

    By


    Windows 10: Microsoft Addresses Privacy Concerns

    In my recent blog about Windows 10, I mentioned one of my concerns was privacy. Many articles regarding privacy exploded on the web with many not having evidence to support it. There was so much data to process, that I mentioned that this situation has to be dealt with on its own and a dedicated post to it.

    Windows released a blog yesterday to begin to clarify some of these issues that so many are vocal about. Here are Microsoft’s opening principles…

    1. Windows 10 collects information so the product will work better for you.
    2. You are in control with the ability to determine what information is collected.

    Better late than never, what I like about Microsoft’s post is the attitude they have taken by issuing this statement…

    Trust is a core pillar of our More Personal Computing vision, and we know we have to earn it.”

    Throughout the post there are other statements that should put fears at ease….

    “This doesn’t include any of your content or files, and we take several steps to avoid collecting any information that directly identifies you, such as your name, email address or account ID”

    “You are in control of the information we collect for these purposes and can update your settings at any time. Note that with new features like Cortana which require more personal information to deliver the full experience, you are asked if you want to turn them on and are given additional privacy customization options.”

    “Unlike some other platforms, no matter what privacy options you choose, neither Windows 10 nor any other Microsoft software scans the content of your email or other communications, or your files, in order to deliver targeted advertising to you.”

    Future updates to Windows 10 will have more settings geared for both enterprise and consumer customers. Microsoft has taken the right steps to continue further dialog about privacy and posting tools to report any concerns.

    The post ends the way it started, all about trust…

    “We will continue to listen and respond, to earn your trust.”

    Read more
    0
Need Help?