Week-11 Blog

7 Ways to Avoid Identity Theft Before Facebook Gets Hacked
 

This article “7 ways to avoid identity theft before Facebook get hacked” by Adam Levin, talks about the ways you can protect yourself from being hacked or lose your valuable information from Facebook.  The article starts with a statement from Mark Zuckerberg who stated that “the age of privacy is over” and I think he meant it. There is no more privacy in Facebook and people don’t care it as long as they are updated with the information from family and friends. The article also states that Facebook is built to get personal information from users to better sell ads which are another truth about Facebook since billions of people spent so much time on it.   It is always good to be part of group and get lost of birthday wishes. That is why people put their birth day in Facebook and don’t realize that it could lead to identity theft and security breach. The last you want to know is your information is on a wrong hand for a wrong purpose.

For all these risk associated with using Facebook, the author mentioned several ways to avoid identity theft before your Facebook account gets hacked. He also states that having several Facebook account could help protect identity theft by confusing the hackers with pieces of information here and there. According to him, if you don’t want to have several accounts to protect yourself from hacking, here are some steps that could help:

1.       Having a different name in Facebook could help a big deal. Just tweaking the name a little might confuse the hacker to know who you are.

2.       Another important step you can take to protect yourself is to not tag your picture with location on it. So turning off the location services on the phone will stop hackers find out where you live or where you at.

3.       You don’t have to put your real age in Facebook. The least you could do is not include the birth year.

4.       Never store your credit card information in Facebook.   

5.       Have some boundaries before posting any information in Facebook. Set your privacy controls so that only the people you intend to share can view your postings.

6.       The less you post, the more peace of mind for you. Bragging stuffs in Facebook might only help bring you to the hacker’s attention.

7.       The last thing you could do to protect yourself with all the hassle s to deactivate your account.

I totally agree with the author's viewpoint in this article. It’s up to the users to activate or deactivate their Facebook account but it’s really necessary for them to think before posting anything in Facebook which might lead to having personal information stolen and used for something you don’t want to happen.

References:

Levin, A. (2013, Feb 7). 7 Ways to Avoid Identity Theft Before Facebook Gets Hacked. Retrieved May 22, 2015 from http://www.huffingtonpost.com/adam-levin/7-ways-to-avoid-identity_b_2634967.html

Week-10 Blog

China Blamed for Penn State Breach

This article talks about the breach that happened at the Penn State University, College of Engineering which suffered two sophisticated cyber-attacks with at least one originating from China. The hackers were not detected for two years due the evasion techniques the hackers employed. It was in September 12, when the attacks occurred with one of the attack originated in China. The university exposed the breaches on May 15 even though the FBI notified the school of attacks in November 21.

According to the article, as stated by Penn State, both data and personally identifiable information are safe. However, it was concluded that number of user names and passwords for the university issued accounts are compromised. It was also notified that around 18000 student’s PII might have been compromised so the university is offering a free credit monitoring for those students for a year.

As mentioned in the article, they might never know the specific methods the hackers used to entry the system but custom malware and other tactics was used to infect the network. As stated in the article, publicize of attacks was intentionally delayed so that the hackers are unaware of the efforts that been applied to fight the cyber-attack. The hackers were trying to target the intellectual property of the engineering department. Because all these large research universities deal with lots of development of sensitive technology related to the department of defense, they become attractive to China to get information on those research. All those who got compromised during the attack were required to change the password on their university account while faculty and staff who has remotes access to the system from a private network are required to use two-factor authentication to log in to the system.

References:

Chabrow, E. (2015, May 15). China Blamed for Penn State Breach. Retrieved on May 15, 2015 from http://www.databreachtoday.com/china-blamed-for-penn-state-breach-a-8230

Week-9 Blog

32 Date Breaches Larger than Sony’s in the past year

This article talks about the data breaches that happened last year. Sony suffered a huge loss and a large volume of their data leaked which includes their internal documents with their employee’s information. In addition to that, information about the actors and copies of several unreleased movies which cause them a huge loss because their movies were refused to play in so many theatres.

Apparently, that breach was not even within the top 30 breaches that happened last year. Sony breach was ranked at 33^rd in terms of number of records breached. EBay was in number one who suffered the largest data breach in terms of records with more than 150 million records compromised. J.P Morgan chase ranked second while losing 76 million records. Home Depot, Community Health Systems, Michaels Stores, Texas Health and Human Services, Neiman Marcus, Goodwill industries international, Oregon Employment Department, work source Oregon, U. S. Postal Service were within the top ten business who suffered a huge loss data and valuable information. Hacking or malware was the type of breach used to steal the data of these organizations.

References:

McCarthy, K. (2015, January 8). 32 Data Breaches Larger Than Sony’s in the Past Year. Retrieved May 7, 2015 from

http://www.huffingtonpost.com/kyle-mccarthy/32-data-breaches-larger-t_b_6427010.html

Week 8 Blog

Risk Management Process

Since we are covering Risk Management in class this week, I chose to write something about understanding the Risk Management Process.

Internal auditors in an organization help identify the risks and the impact the risk can have on the organizations performance and processes. In addition to that, their job is to make sure there is enough security measures to safeguard the assets of an organization and ensure proper controls are in place to mitigate the threats. So having a risk management process helps an organization and their auditors to provide quality recommendations for the organizations needs and requirement regarding threats and risk before they happen.

Risk management is the identification, assessment and prioritization of risks (defined in ISO 31000 as the effect of uncertainty on objectives) followed by coordinated and economical application of resources to minimize, monitor and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities.  Every risk management process comes with certain objectives which the auditors should recommend the organizations to examine the best practices.  The main objective of risk management is to eliminate negative risks, reduce risks to an acceptable level and to transfer risks by means of insurance. Knowing yourself, knowing the enemy and accountability for risk management are some of the crucial topic for risk management. 

References:

http://en.wikipedia.org/wiki/Risk_management

https://iaonline.theiia.org/understanding-the-risk-management-process

Week 7 Blog

Sony Hackers Used Phishing Emails to Breach Company Networks

This article talks about how Sony Pictures Entertainment computer network was hacked in 2014. It was found that the hackers used phishing emails to infiltrate the system. After talking to the CEO of the computer security firm Clyance, Stuart McClure states that there was a database of Sony emails which was downloaded following a pattern of phishing emails. The whole process started with employees getting fake emails to verify their Apple ID which lead to victim prompted to enter their Apple ID information into a fake verification form. After getting all the information, it enabled hackers to connect with the employees LinkedIn account where they were able to figure out their Sony login information thinking the employees might be using the same credentials for their accounts. The credentials helped the hackers to code into a strain of malware which is known as Wiper led them into the company’s networks.

It was later found out that the hacking responsible party were the North Korean government when they posted the links to a collection so stolen document which includes financial records and private keys to the Sony’s server. Regarding the hack, the CEO mentioned that companies need to implement some safeguards that will better protect user credentials if they are to avoid becoming the victim of attack like they did to Sony. He also stated that companies should use some form of memory process injection protection and password reuse should be avoided not to become a victim like that again.

References:

Bisson, D. (2015, April 22). Sony Hackers Used Phishing Emails to Breach Company Networks. Retrieved on April 26, 2015 from http://www.tripwire.com/state-of-security/latest-security-news/sony-hackers-used-phishing-emails-to-breach-company-networks/

Week 6 Blog

Wombat Security Technologies Unveils New Security Awareness and Training Modules to Help Protect Companies Against Advanced Cyber Threats

Wombat Security Technologies is an organization who offers a software-based training platform and spear-phishing filters to combat cyber security attacks. They help organizations combat cyber security attacks by providing a uniquely effective software-based training platform and spear-phishing filters. In this article, they announce about having introduced two new awareness training modules, security essentials and mobile device training. They also mentioned about adding two more languages to make it easy for global companies to raise the security bar against phishing, social networking and other security threats. They have been successful business organization to provide the best tools to help other organization to protect their valuable information from cyber threats.

The Security Essentials Training Module is one the new awareness training they introduced recently. It is a scenario based training module which introduces employees to deal with the security issues which happens in daily basis. The article states that this training helps the new employees providing them the basics and best effective way to improve their security knowledge in and outside the organization. It can also act as a refresher for the other employees to keep up with the new technologies and the threats.

The Mobile Devices Security Training Module is another training module which helps employees how to deal with threats regarding their mobile communication. This module helps the importance of physical and technical safeguards and how to improve the security on both personal and company issued mobile devices.

In addition to the training modules, they translated their educational content into two different languages which includes Russian and Dutch in their already robust language library. Wombat is already known for their high class security awareness and training market and they are still working on to provide better service and more security to their customers.

References:

http://www.marketwired.com/press-release/wombat-security-technologies-unveils-new-security-awareness-training-modules-help-protect-2005292.htm

Week 5 blog: 5 Information Security Trends that will Dominate 2015

The level of cyber threats and breaches are increasing every day. Cyber criminals and hackers are getting better and more sophisticated than they were ever. The authors of this article talks about five trends that professionals need to understand and worry about to face and deal with the threats.

Cybercrime:  With all these new innovations and better network, the internet has been a great hunting ground for cyber criminals, terrorists and trouble makers. Incidents related to money, personal records and much other critical information are stolen and misused by these hackers for their personal benefits. 2014 was a great year for them since they were able to dominate the security due to their performances and moderns tools available. 2015 will be a challenging year for everyone. The article emphasizes that organization must be well prepared for the unpredictable and unforeseen events that might increase risk of hacktivism and increase the cost of recovery from these kinds of incidents.

Privacy and Regulations: According to the article, most governments have created or in process to create the law that impose organization to create regulations to safeguard and use of PII. They might have to deal with penalties if the valuable information and PII are compromised which might lead to damage in reputation and loss of customers due to security breaches.

Threats from Third-Party Providers: A large amount of information is shared during the transactions between organization and their supplier. When the suppliers share that information with a third party vendor or organization, there is no direct control of information. For example, when the attack happen in Target last year, the hackers broke the application the HVAC vendor used to submit the invoices. The hackers broke into the HVAC vendors online services and stole millions of valuable information of Target customers. Now since there is risk of information being stolen from the third party providers, it is hard for them to continue their services and provide assurance of data C.I.A. So, to be on safe side, the contracting services should work with the IT personnel to make sure the information are not compromised.

BYOx Trends in workplace: Bring your own device trend is increasing every day in organizations. Since all the personal devices comes with a lot of applications and cloud based storage, and when they are accessed in work places, organizations are seeing the increase of security risk related to valuable information from both inside and outside threats. Even though, organizations make regulations related to use of personal devices at work, employees will find a way to use it. Since this trend is increasing, organization should at least take some serious security measures to make themselves vulnerable.

Engagement with your people: And it all comes to people. The article states that people are the greatest assets and they are the most vulnerable. Organizations have been spending a lot of money educating and providing valuable knowledge about their responsibilities. Authors in the article states that organization should rather change to creating solutions and embedding information security behaviors than promoting awareness of the issues.

As a conclusion, 2015 is not going to be an easy year regarding security of information. Organization should take all the available security measures to save themselves from being a victim from cyber threats and hackers.

References:

http://www.cio.com/article/2857673/security0/5-information-security-trends-that-will-dominate-2015.html

Week 4 Cyber-security: The new business priority

Information Security has been the most challenging topic for every business organization in this digital world. Still, companies fail to give much priorities to this crucial matter with all these threats and attacks roaming around within their boundary. All these incident starts with stolen customers information, disclosure of confidential financial data and security measure employed.

According to this survey on US business impact of security incidents, it shows that the cyber attacks caused 37.5% financial losses, 31.8% Intellectual property theft, 31% Brand/reputation compromised, 15% Fraud, 12.2% Legal exposure/lawsuit, 11.3% Loss of shareholder value and 7.1% Extortion. (Source: PwC, CIO and CSO 2012 Global Security State of Information Security Survey).

Most of the business organization thinks their security measure are good enough to handle the threats. But in reality, it is not. Most of these organizations have different obstacles and barriers regarding an effective cyber-security. Some of them are Insufficient funding for capital expenditures, Bad leadership, Absence or shortage of in-house technical expertise, Insufficient funding for operating expenditures, Lack of an effective information security strategy, lack of an actionable vision or understanding and poorly integrated or overly complex information/IT systems. (Source: PwC, CIO and CSO 2012 Global Security State of Information Security Survey).

With the development of new technologies, companies not only have to fight the risk already existed, but also have to keep up with the new innovations. Adapting to these new technologies, companies also have to deals with risks such as Cloud  security, social media security, mobile devices security and security associated with employees use of personal devices. The power of employee and mobile devices makes companies increasingly vulnerable. 

The success and failure of any organizations depends on their valuable information. Cyber-security is the key to safeguard all these valuable assets like intellectual property, customer information, financial data, employee records and many more. It also acts as a better tool for their position with business partners, customers, investors and other stake holders. To better serve the topic, companies need to understand the importance and meaning of cyber security. Keep checking and testing the tools they have as a security measures for the information security helps a big deal. Having a back up plan and business strategy to move on when something like this happens gives the companies a before hand to deal with the attacks. Its always better to have knowledge of what kind of information the company holds and where they are at the moment helps manage the valuable information.                                                                                                                                                                                                                                                                                                                                                     References:

http://www.pwc.com/us/en/view/issue-15/cybersecurity-business-priority.jhtml

Week-3 Tougher Challenges Ahead to Secure IT

With all these advancement in the technology field regarding the security of information from hackers and cyber threats, not only it adds information security but also gives advantage to the bad guys with the new innovations and ideas.

According to Steve Dublin, the managing director of the Information Security Forum in his interview talks about nine compelling threats which will make securing IT more challenging that ever over the next two years. In the interview, he discusses the findings of the Information Security Forum's Threat Horizon 2017 report that identifies the nice potential threats:

• Increased connectivity speeds present challenges to organizational response time;
• Criminal organizations become more structured and sophisticated;
• Widespread social unrest breaks out, led by tech rejectionists;
• Dependence on critical infrastructure becomes dangerous;
• Malicious agents weaponized systematic vulnerabilities;
• Legacy technology crumbles;
• Disruption to digital systems leads to verifiable human deaths;
• Global consolidation of organizations endangers competition and security;
• Cost of scale of data breaches dramatically.

I totally agree with this article and the interview with Steve Durbin. All these organizations are using the modern technology but not paying enough attention to the vulnerability of the infrastructure they are functioning under. Cyber-threats and Hackers are more organized and strategic and few steps ahead in the cyber-crime game. Information security needs to step side by side with the advancements of all the new technology to be less fragile.  Not only the organizations and businesses, the public themselves are becoming the target of cyber-crime so security measures are vital to everyone.

References:

http://www.bankinfosecurity.com/interviews/tougher-challenges-ahead-to-secure-it-i-2613

Simple Security measures to have a peace of mind

The use of Internet applications to share and store our personal and official information has grown beyond the limit. Internet has made everything in our life so easier and faster as compared to few years back but this flexibility comes with so many risks. Malicious hackers all over the world use computer viruses, worms scam techniques such as Phishing, to steal confidential information compromising peoples privacy and security. The number of Cyber attacks are increasing everyday and most of the incidents are from outside sources. While the security measures are getting better day by day, hackers are getting stronger to fight the security measures. There are some simple security measures you could at least do to have a peace of mind.

1. Establish strong passwords 

2. Put up a strong firewall

3. Install antivirus protection

4. Update your programs regularly

5. Secure yours personal electronics and gadgets

6. Backup regularly

7. Monitor diligently

8. Be careful with e-mail, IM and surfing the web

9. Educate your family, friends and employees

Just taking these simple measures could save lots of valuable information taken away from you. You never know when your own stolen information could be used against you.

References:

http://www.entrepreneur.com/article/217484

Biometric security could do away with passwords

This is Suraj Karki and a first time blog user. This is my first quarter at Bellevue University with a Management Information System major. 

Found this article interesting which talks about bio metric security replacing passwords to create stronger online identity protection from hackers and cyber thieves. According to the article, analyst predict that 15% of mobile devices will be accessed with bio metrics in 2015 and the number will grow to 50% by 2020. I think introducing bio metrics to replace the password is a great idea. First, you do not have to remember all these long passwords. In addition, you do not have to worry about changing them every once in a while and there is always the risk of passwords being stolen. With the bio metrics being launched, it will only improve the security measures by making it hard for hackers. However, there is always pros and cons for everything that exists. Introducing the bio metrics might come with great security measures as well as some serious risks. If you want to read more about this topic, please follow the link provided.

Thank you,
Suraj Karki


References:

http://www.homelandsecuritynewswire.com/dr20150313-biometric-security-could-do-away-with-passwords