There are several different ways your current employees can knowingly or inadvertently bypass your security; while all can wreak havoc with your systems and cause irrevocable damage, those with malicious intent in mind are by far the worst. Understanding the different levels of threat and what may motivate these insiders can help you create strategies that truly mitigate your risk.
At least once a year, you can find a report on the web about what the most common passwords are based upon leaked data. Think of these lists as the worst passwords you can ever use. Typically, 123456 and password top the list. Coming up the path of popularity are passwords 123456 and 123456789, as people are required to enter in longer passwords. Need a mix of letters and numbers? You might want to avoid abc123 and trustno1, among many others. Nowadays, a password security alone isn’t sufficient to lock anything down. How best can you secure your system to keep the bad guys out?
As malware continues to evolve at lightning speed, it’s getting more and more difficult to prevent and identify its existence. A computer attack from the APT virus is both insidious and crippling for enterprises. Its lifecycle, if well-masked, can do some real damage in just 12 months. An Advanced Persistent Threat attack on a bank revealed that it’s a methodical attack. Here’s how it unfolded. Seasoned cybercriminals mined the bank’s social media platforms and website to identify its hosts and senior personnel. Stolen data was then used to launch phishing email campaigns and launched malware on the bank’s executives’ laptops. Undetected by antivirus software, the attack expanded throughout the business. All of this took just three months. Over the next several months, the malware had injected a code into all of the infected systems. Slowly, it stole passwords, security policies and network diagrams. The organized crime ring used this data for a more offensive attack across the company’s network. The last two months of the malware attack entailed downloading the bank card information of more than 50 million bank customers.
Did you know that your data could be compromised at this moment, even if none of your security measures have sounded an alarm? As companies across the nation reported data breaches throughout the past few years, one commonality was noted: in most breaches, the data was compromised for weeks or even months before anyone noticed. When you couple that fact with some of the expectations for data security in the coming years, you realize that both internal and external security in most organizations has to evolve if it’s going to do any good.
Every few years a new encryption algorithm is released by an IT solutions provider to ensure your data stays safe. Hardware keeps improving, making older encryption algorithms easier to break. Thus, new encryption mechanisms are needed to keep your systems and data safe.
Once upon a time, it was safe to turn your computer on. Nowadays, a month, week, or even day doesn’t go by where you hear about the latest system attack and zero-day exploit used to install malware and expose data from somewhere across the globe. Some news reports even say the NSA is buying these exploits to take advantage of them before they’re patched to gain access and potentially disrupt computer systems. If the US government is doing it to attack their enemy, you can be sure other governments and organized crime are doing the same to potentially get into your systems. A chain is only as strong as its weakest link and the least protected computer system will be found and exploited.
Managing internal access to data and software has always been a challenge for technical and security departments. In the past, security was often managed physically; workers couldn’t access what they couldn’t physically get to. Today, cloud computing and the need for employees of all levels to access data from disparate locations makes physical controls outdated in most industries. Instead, organizations are turning to a variety of cloud, software, and hardware-based security solutions, some of which are less effective than others.
Is your business utilizing data encryption in your security strategy? The process of changing information to make it unreadable to those except authorized users can help your company securely protect data and safeguard it from potential threats. [click to tweet] Businesses use data encryption to protect personal information, customer data, trade secrets, employee files, tax information, credit card numbers and more. This benefits the network is breached. Read on to learn about the benefits of data encryption.
Newscasters seemed rattled by the news last week that Hollywood Presbyterian Medical Center paid hackers $17,000 in Bitcoin to regain access to a key system.
This is no surprise for security insiders. Ransomware for enterprises is a top trending threat. In fact, the center’s ransom pales in comparison to the $123,000 in Bitcoin demanded from a New Jersey school district in 2015; the district decided instead to rebuild systems from backups.
Security analysts say that anywhere from 3 to 40 percent of ransomware victims pay up. The FBI, the agency responsible for investigating ransomware, has no way to help. Instead, the FBI recommends paying the ransom if the victim has no unaffected backup from which to restore files. Several police departments have paid ransoms.
