Week-11 Blog

7 Ways to Avoid Identity Theft Before Facebook Gets Hacked
 

This article “7 ways to avoid identity theft before Facebook get hacked” by Adam Levin, talks about the ways you can protect yourself from being hacked or lose your valuable information from Facebook.  The article starts with a statement from Mark Zuckerberg who stated that “the age of privacy is over” and I think he meant it. There is no more privacy in Facebook and people don’t care it as long as they are updated with the information from family and friends. The article also states that Facebook is built to get personal information from users to better sell ads which are another truth about Facebook since billions of people spent so much time on it.   It is always good to be part of group and get lost of birthday wishes. That is why people put their birth day in Facebook and don’t realize that it could lead to identity theft and security breach. The last you want to know is your information is on a wrong hand for a wrong purpose.

For all these risk associated with using Facebook, the author mentioned several ways to avoid identity theft before your Facebook account gets hacked. He also states that having several Facebook account could help protect identity theft by confusing the hackers with pieces of information here and there. According to him, if you don’t want to have several accounts to protect yourself from hacking, here are some steps that could help:

1.       Having a different name in Facebook could help a big deal. Just tweaking the name a little might confuse the hacker to know who you are.

2.       Another important step you can take to protect yourself is to not tag your picture with location on it. So turning off the location services on the phone will stop hackers find out where you live or where you at.

3.       You don’t have to put your real age in Facebook. The least you could do is not include the birth year.

4.       Never store your credit card information in Facebook.   

5.       Have some boundaries before posting any information in Facebook. Set your privacy controls so that only the people you intend to share can view your postings.

6.       The less you post, the more peace of mind for you. Bragging stuffs in Facebook might only help bring you to the hacker’s attention.

7.       The last thing you could do to protect yourself with all the hassle s to deactivate your account.

I totally agree with the author's viewpoint in this article. It’s up to the users to activate or deactivate their Facebook account but it’s really necessary for them to think before posting anything in Facebook which might lead to having personal information stolen and used for something you don’t want to happen.

References:

Levin, A. (2013, Feb 7). 7 Ways to Avoid Identity Theft Before Facebook Gets Hacked. Retrieved May 22, 2015 from http://www.huffingtonpost.com/adam-levin/7-ways-to-avoid-identity_b_2634967.html

Week-10 Blog

China Blamed for Penn State Breach

This article talks about the breach that happened at the Penn State University, College of Engineering which suffered two sophisticated cyber-attacks with at least one originating from China. The hackers were not detected for two years due the evasion techniques the hackers employed. It was in September 12, when the attacks occurred with one of the attack originated in China. The university exposed the breaches on May 15 even though the FBI notified the school of attacks in November 21.

According to the article, as stated by Penn State, both data and personally identifiable information are safe. However, it was concluded that number of user names and passwords for the university issued accounts are compromised. It was also notified that around 18000 student’s PII might have been compromised so the university is offering a free credit monitoring for those students for a year.

As mentioned in the article, they might never know the specific methods the hackers used to entry the system but custom malware and other tactics was used to infect the network. As stated in the article, publicize of attacks was intentionally delayed so that the hackers are unaware of the efforts that been applied to fight the cyber-attack. The hackers were trying to target the intellectual property of the engineering department. Because all these large research universities deal with lots of development of sensitive technology related to the department of defense, they become attractive to China to get information on those research. All those who got compromised during the attack were required to change the password on their university account while faculty and staff who has remotes access to the system from a private network are required to use two-factor authentication to log in to the system.

References:

Chabrow, E. (2015, May 15). China Blamed for Penn State Breach. Retrieved on May 15, 2015 from http://www.databreachtoday.com/china-blamed-for-penn-state-breach-a-8230

Week-9 Blog

32 Date Breaches Larger than Sony’s in the past year

This article talks about the data breaches that happened last year. Sony suffered a huge loss and a large volume of their data leaked which includes their internal documents with their employee’s information. In addition to that, information about the actors and copies of several unreleased movies which cause them a huge loss because their movies were refused to play in so many theatres.

Apparently, that breach was not even within the top 30 breaches that happened last year. Sony breach was ranked at 33^rd in terms of number of records breached. EBay was in number one who suffered the largest data breach in terms of records with more than 150 million records compromised. J.P Morgan chase ranked second while losing 76 million records. Home Depot, Community Health Systems, Michaels Stores, Texas Health and Human Services, Neiman Marcus, Goodwill industries international, Oregon Employment Department, work source Oregon, U. S. Postal Service were within the top ten business who suffered a huge loss data and valuable information. Hacking or malware was the type of breach used to steal the data of these organizations.

References:

McCarthy, K. (2015, January 8). 32 Data Breaches Larger Than Sony’s in the Past Year. Retrieved May 7, 2015 from

http://www.huffingtonpost.com/kyle-mccarthy/32-data-breaches-larger-t_b_6427010.html

Week 8 Blog

Risk Management Process

Since we are covering Risk Management in class this week, I chose to write something about understanding the Risk Management Process.

Internal auditors in an organization help identify the risks and the impact the risk can have on the organizations performance and processes. In addition to that, their job is to make sure there is enough security measures to safeguard the assets of an organization and ensure proper controls are in place to mitigate the threats. So having a risk management process helps an organization and their auditors to provide quality recommendations for the organizations needs and requirement regarding threats and risk before they happen.

Risk management is the identification, assessment and prioritization of risks (defined in ISO 31000 as the effect of uncertainty on objectives) followed by coordinated and economical application of resources to minimize, monitor and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities.  Every risk management process comes with certain objectives which the auditors should recommend the organizations to examine the best practices.  The main objective of risk management is to eliminate negative risks, reduce risks to an acceptable level and to transfer risks by means of insurance. Knowing yourself, knowing the enemy and accountability for risk management are some of the crucial topic for risk management. 

References:

http://en.wikipedia.org/wiki/Risk_management

https://iaonline.theiia.org/understanding-the-risk-management-process

Week 7 Blog

Sony Hackers Used Phishing Emails to Breach Company Networks

This article talks about how Sony Pictures Entertainment computer network was hacked in 2014. It was found that the hackers used phishing emails to infiltrate the system. After talking to the CEO of the computer security firm Clyance, Stuart McClure states that there was a database of Sony emails which was downloaded following a pattern of phishing emails. The whole process started with employees getting fake emails to verify their Apple ID which lead to victim prompted to enter their Apple ID information into a fake verification form. After getting all the information, it enabled hackers to connect with the employees LinkedIn account where they were able to figure out their Sony login information thinking the employees might be using the same credentials for their accounts. The credentials helped the hackers to code into a strain of malware which is known as Wiper led them into the company’s networks.

It was later found out that the hacking responsible party were the North Korean government when they posted the links to a collection so stolen document which includes financial records and private keys to the Sony’s server. Regarding the hack, the CEO mentioned that companies need to implement some safeguards that will better protect user credentials if they are to avoid becoming the victim of attack like they did to Sony. He also stated that companies should use some form of memory process injection protection and password reuse should be avoided not to become a victim like that again.

References:

Bisson, D. (2015, April 22). Sony Hackers Used Phishing Emails to Breach Company Networks. Retrieved on April 26, 2015 from http://www.tripwire.com/state-of-security/latest-security-news/sony-hackers-used-phishing-emails-to-breach-company-networks/

Week 6 Blog

Wombat Security Technologies Unveils New Security Awareness and Training Modules to Help Protect Companies Against Advanced Cyber Threats

Wombat Security Technologies is an organization who offers a software-based training platform and spear-phishing filters to combat cyber security attacks. They help organizations combat cyber security attacks by providing a uniquely effective software-based training platform and spear-phishing filters. In this article, they announce about having introduced two new awareness training modules, security essentials and mobile device training. They also mentioned about adding two more languages to make it easy for global companies to raise the security bar against phishing, social networking and other security threats. They have been successful business organization to provide the best tools to help other organization to protect their valuable information from cyber threats.

The Security Essentials Training Module is one the new awareness training they introduced recently. It is a scenario based training module which introduces employees to deal with the security issues which happens in daily basis. The article states that this training helps the new employees providing them the basics and best effective way to improve their security knowledge in and outside the organization. It can also act as a refresher for the other employees to keep up with the new technologies and the threats.

The Mobile Devices Security Training Module is another training module which helps employees how to deal with threats regarding their mobile communication. This module helps the importance of physical and technical safeguards and how to improve the security on both personal and company issued mobile devices.

In addition to the training modules, they translated their educational content into two different languages which includes Russian and Dutch in their already robust language library. Wombat is already known for their high class security awareness and training market and they are still working on to provide better service and more security to their customers.

References:

http://www.marketwired.com/press-release/wombat-security-technologies-unveils-new-security-awareness-training-modules-help-protect-2005292.htm

Week 5 blog: 5 Information Security Trends that will Dominate 2015

The level of cyber threats and breaches are increasing every day. Cyber criminals and hackers are getting better and more sophisticated than they were ever. The authors of this article talks about five trends that professionals need to understand and worry about to face and deal with the threats.

Cybercrime:  With all these new innovations and better network, the internet has been a great hunting ground for cyber criminals, terrorists and trouble makers. Incidents related to money, personal records and much other critical information are stolen and misused by these hackers for their personal benefits. 2014 was a great year for them since they were able to dominate the security due to their performances and moderns tools available. 2015 will be a challenging year for everyone. The article emphasizes that organization must be well prepared for the unpredictable and unforeseen events that might increase risk of hacktivism and increase the cost of recovery from these kinds of incidents.

Privacy and Regulations: According to the article, most governments have created or in process to create the law that impose organization to create regulations to safeguard and use of PII. They might have to deal with penalties if the valuable information and PII are compromised which might lead to damage in reputation and loss of customers due to security breaches.

Threats from Third-Party Providers: A large amount of information is shared during the transactions between organization and their supplier. When the suppliers share that information with a third party vendor or organization, there is no direct control of information. For example, when the attack happen in Target last year, the hackers broke the application the HVAC vendor used to submit the invoices. The hackers broke into the HVAC vendors online services and stole millions of valuable information of Target customers. Now since there is risk of information being stolen from the third party providers, it is hard for them to continue their services and provide assurance of data C.I.A. So, to be on safe side, the contracting services should work with the IT personnel to make sure the information are not compromised.

BYOx Trends in workplace: Bring your own device trend is increasing every day in organizations. Since all the personal devices comes with a lot of applications and cloud based storage, and when they are accessed in work places, organizations are seeing the increase of security risk related to valuable information from both inside and outside threats. Even though, organizations make regulations related to use of personal devices at work, employees will find a way to use it. Since this trend is increasing, organization should at least take some serious security measures to make themselves vulnerable.

Engagement with your people: And it all comes to people. The article states that people are the greatest assets and they are the most vulnerable. Organizations have been spending a lot of money educating and providing valuable knowledge about their responsibilities. Authors in the article states that organization should rather change to creating solutions and embedding information security behaviors than promoting awareness of the issues.

As a conclusion, 2015 is not going to be an easy year regarding security of information. Organization should take all the available security measures to save themselves from being a victim from cyber threats and hackers.

References:

http://www.cio.com/article/2857673/security0/5-information-security-trends-that-will-dominate-2015.html