Skip to main content

Home/ WPPS C-Suite News/ Group items tagged hack

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
sandy ingram

What's a Company's Biggest Security Risk? You. - WSJ.com - 0 views

online.wsj.com/...4836104576556421692299218.html

Privacy security hack Insider Threat

shared by sandy ingram on 04 Oct 11 - No Cached
  • Consider what happened in March at EMC Corp.'s RSA security unit, the maker of computer login devices used by thousands of other companies. A hacker sent emails to two small groups of employees that looked innocent enough, including a spreadsheet titled "2011 Recruitment plan." The message was so convincing that one employee retrieved it from the "junk mail" folder and then opened the attachment. Doing so introduced a virus inside RSA's network that eventually gave the hacker access to sensitive company data and enabled later attacks against RSA's customers.
  • Employees have more opportunities than ever to compromise company information. We not only screw up by clicking on emails from hackers that download viruses, letting them bypass corporate firewalls. We also open a Pandora's Box of security problems by circumventing company tech-support rules and doing work with personal gadgets and consumer-grade online services like Web email and cloud storage services.
  • Here's a look at what employees are doing wrong and how companies are trying to fight our bad habits
  • ...3 more annotations...
  • Today, we make ourselves easy targets by posting troves of information about ourselves and our jobs online, say security experts. Blogs and professional networks such as LinkedIn are particularly useful sources for criminals, since many people share details about their roles at work, which can be used to help determine corporate hierarchies, among other things.
  • Hackers include dangerous traps in these targeted emails, such as links leading to malware or a Web page designed to dupe the employee into entering passwords. In the RSA attack, the emails included an attachment that took advantage of a previously unknown chink in Adobe Flash software to inject a virus into the company's systems.
  • As older systems that are focused on firewalls fail, corporate IT "needs a new defense doctrine," says RSA's head of identity protection, Uri Rivner. "You need to have security cover inside your organization, rather than your perimeter. You need to understand what your users are doing, and then spot any type of suspicious activity inside."
  • sandy ingram on 04 Oct 11
     
    Hacking attacks against companies are growing bigger and bolder-witness a string of high-profile breaches this year at Sony Corp., Citigroup Inc. and others. But gone are the days when hackers would simply find holes in corporate networks to steal valuable data. Large companies have grown wise to the threat of hacking, and have spent the past 30 years hardening the perimeters of their networks with upgraded technology.
sandy ingram

"Anyone can EASILY get online and steal passwords" - 0 views

www.itpro.co.uk/...-proves-password-theft-is-easy

Privacy Security compliance cybersecurity breach

shared by sandy ingram on 02 Nov 10 - No Cached
  • During the hack, he set up his own wireless hotspot, which he simply called BT Openzone. As delegates used the wireless service, Hart was able to get hold of whatever usernames and passwords were being typed into web applications, just by using an easily downloadable password recovery tool called Cain & Abel.
  • When Hart and his team tested out the method across cafes in the UK, 100 per cent of web browsers in the various establishments used the fake BT Openzone service.
  • “That’s how easy it is, it is instant,” said Hart.
  • ...1 more annotation...
  • “People believe passwords are secure, but if someone has got your password you won’t know about it.”
  • sandy ingram on 02 Nov 10
     
    This was the message during a live hack coordinated this morning by Jason Hart, senior vice president in Europe for two-factor authenticaton provider CRYPTOCard.
sandy ingram

How a Pas5woRd Can Sink Your Company - NYTimes.com - 0 views

boss.blogs.nytimes.com/...pas5word-can-sink-your-company

Privacy Security password Best Practice

shared by sandy ingram on 28 Nov 10 - No Cached
  • Back in the 1990s fellow science and technology journalist Charles Mann and I wrote a book uncovering the true story of how a lone, young, cognitively impaired hacker with relatively few computer skills managed to perpetrate what was then the most extensive and scariest series of computer break-ins ever — government weapons labs, dam control systems and ATM networks were among the hundreds of networks compromised. At the end of the book, we predicted that no matter how much effort was poured into making the Internet safer, hackers would always be able to have a field day, partly for technical reasons but also because companies and individuals would never get it together to take simple precautions critical to safe computing.
  • Sadly, Mann and I called it right. Viruses, trojans and spyware are bigger problems than ever. Employees unwittingly but routinely hand over their passwords to hackers who break into corporate databases to steal credit card and other information of thousands of customers. Private e-mail is rifled through and made public, and companies have their computers incapacitated by “denial of service” attacks. You need to ask yourself: Could your company survive an encounter with a hacker?
  • they’re always one step behind the latest hacking twist sweeping through networks. Even if you could afford to get a computer-security genius to come in and watch your company’s back 24 hours a day, he or she couldn’t fully protect you if you or any one of your employees were to slip up.
  • ...8 more annotations...
  • Don’t count on even the best security software or services to protect you —
  • Everyone knows by now, I would think, that you shouldn’t use a password that’s easy to guess.  Hackers use automated programs that can find any password if it’s a word in the dictionary or a proper name, even if it’s spelled backwards.
  • But here’s the problem even tricky password users run into: Because we all need passwords for so many Web sites and accounts these days, people end up using the same password for many of them — or else write their passwords down somewhere. Both of these practices are disasters waiting to happen.
  • If you use the same password for many sites, all a hacker has to do is get your password at any one site — and some site out there somewhere is doing a lousy job of protecting your password — and he’s got it for all of your sites and accounts. So if a hacker or malicious employee at the place you buy shoelaces online lifts your password, he can get into your bank account and your company’s computers.
  • Here’s a better solution: Come up with a simple formula for generating passwords in your head that’s based on the name of the site or organization you’re signing up with. For example, you might take the name of the site (tractortires.com), drop everything but the first six characters to the left of the “dot” (tracto), reverse the first three letters (artcto), add the number “5″ after the third character and a capital “Z” at the end (art5ctoZ). By this formula, “plan9movie.net” gets the password “alp5n9mZ,” and “cellphone.org” yields “lec5lphZ.”
  • Make up your own formula, and don’t share it with anyone. It may sound a bit complicated, but after doing it a few times you’ll be able to do it in your sleep, and you’ll have a unique, impossible-to-guess password for every one of your accounts and sites without having to write anything down.
  • Every single one of your employees has to get with the program on this. If they’re writing passwords down, or using the same password everywhere, then they’re not just risking getting hacked at other sites, they’re also inviting hackers into any of your company’s computers or accounts to which they have password access.
  • So you might want to teach everyone in your company how to come up with his or her own in-your-head password-generating formula.
  • sandy ingram on 28 Nov 10
     
    "Back in the 1990s fellow science and technology journalist Charles Mann and I wrote a book uncovering the true story of how a lone, young, cognitively impaired hacker with relatively few computer skills managed to perpetrate what was then the most extensive and scariest series of computer break-ins ever - government weapons labs, dam control systems and ATM networks were among the hundreds of networks compromised. At the end of the book, we predicted that no matter how much effort was poured into making the Internet safer, hackers would always be able to have a field day, partly for technical reasons but also because companies and individuals would never get it together to take simple precautions critical to safe computing."
sandy ingram

Security Fix - Malicious Attacks Most Blamed in '09 Data Breaches - 0 views

voices.washingtonpost.com/...ious_attacks_blamed_for_m.html

privacy security breaches employees theft

shared by sandy ingram on 25 Jun 09 - Cached
  • The ITRC found only a single breach in the first half of 2009 in which the victim reported that the lost or stolen data was protected by encryption technology
  • sandy ingram on 25 Jun 09
     
    The ID Theft Center found that of the roughly 250 data breaches publicly reported in the United States between Jan. 1 and Jun. 12, victims blamed the largest share of incidents on theft by employees (18.4 percent) and hacking (18 percent). Taken together, breaches attributed to these two types of malicious attacks have increased about 10 percent over the same period in 2008.
sandy ingram

McAfee Security Insights Blog » Blog Archive » Advanced Persistent Threat (APT) - 0 views

siblog.mcafee.com/...advanced-persistent-threat-apt

security privacy cybersecurity breach Fraud Best Practice mcafee Risk

shared by sandy ingram on 01 Jul 10 - Cached
  • APT is the new way attackers are breaking into systems.
  • APT is a sophisticated, mercurial way that advanced attackers can break into systems, not get caught, keeping long-term access to exfiltrate data at will. 
  • APT focuses on any organization, both government and non-government organizations.
  • ...11 more annotations...
  • While the threat is advanced once it gets into a network, the entry point with many attacks is focused on convincing a user to click on a link.
  • Advanced attacks are always changing, recompiling on the fly and utilizing encryption to avoid detection.
  • Advanced attacks are always changing, recompiling on the fly and utilizing encryption to avoid detection.
  • Today attacks are nonstop. The attackers are persistent and if an organization lets its guard down for any period of time, the chance of a compromise is very high.
  • Attackers want to take advantage of economy of scale and break into as many places as possible, as quickly as possible. 
  • Therefore the tool of choice of an attacker is automation. Automation is not only what causes the persistent nature of the threat, but it is also what allows attackers to break in very quickly.
  • Old school attacks were about giving the victim some visible indication of a compromise. Today it is all about not getting caught.
  • the problem with the APT is that it enters a network and looks just like legitimate traffic and users.
  • Based on the new threat vectors of the APT, the following are key things organizations can do to prevent against the threat:
  • APT is only going to increase in intensity over the next year, not go away.  Ignoring this problem just means there will be harm caused to your organization.
  • The ultimate way to make sure an organization is properly protected is to run simulated attacks (i.e. penetration testing, red teaming, ethical hacking) and see how vulnerable an organization is and, most importantly. how quickly you detected it.
  • sandy ingram on 01 Jul 10
     
    One of the main reasons organizations are broken into today is because they are fixing the wrong vulnerabilities. If you fix the threats of three years ago, you will lose. APT allows organizations to focus on the real threats that exist today. While APT is important, we need to clear the smoke and hype, focusing on why it is important and what it means to you. Instead of just using it as a buzz word, if we understand the core components of APT, we can use it to improve our security. In APT, threat drives the risk calculation. Only by understanding the offensive threat will an organization be able to fix the appropriate vulnerabilities.  What is APT?
sandy ingram

Privacy is good for business - CEO Forum Group - 0 views

www.ceoforum.com.au/article-detail.cfm

ceo cpo

shared by sandy ingram on 20 Nov 08 - Cached
  • "There are thousands of privacy professionals now, in the U.S. and Europe and Asia. Most of the Fortune 100 have a privacy officer or some sort of equivalent".
  • "Now imagine", Pearson says, "the first few times an insurance company or a university sends out a letter saying, 'excuse me, but we were hacked and we don't know what happened exactly, we don't know what happened to your data, but we are required by law to notify you that something might have happened'. That's not a pleasant situation to be in".
  • But privacy concerns impact more than just the bottom line; they affect multiple areas of an organisation, from legal liabilities to PR efforts to CRM and employee retention. A well-designed, well-implemented policy can help a company in all of these areas, on both the tactical and the strategic levels.
  • ...2 more annotations...
  • Security and privacy are not simply IT challenges—they need to be addressed as strategic issues, at the highest levels of the organisation.
  • Ultimately, however, it is organisational policies, not technology, that are most important to enforcing privacy.
1 - 6 of 6
Showing 20 items per page