Businesses Poorly Protecting Data

February 17, 2012   Absolute Software Blog

According to the results of the Trustwave 2012 Global Security Report, nearly 89% of breaches they investigated involved attempts at obtaining personally identifiable information (PII) such as credit card information or other customer data.

The report, based on 300 data breach investigations and 2,000 penetration tests performed worldwide last year by its own SpiderLabs, shows that cybercrime is changing and that some industries and data types are more at risk than others.

According to their data, the food & beverage industry accounted for the largest number of data breach investigations (44% of the 300 investigations) and that industries with franchise models were particularly at risk.

The report draws particular attention to the issue of passwords and how poor password practices are leading to unnecessary data breaches. According to their analysis of more than 2 million business passwords, the most common password used globally by businesses is “Password1″, which satisfies basic precautions of having a capital letter and a number within the password. Many companies are also failing to revoke temporary administrative accounts, leaving a way ‘in’ to the network using ‘valid’ credentials.

“An abundance of networks and systems were still found vulnerable to legacy attack vectors; many of these vectors date back 10 years or more,” Trustwave said. “Organizations are implementing new technology without decommissioning older, flawed infrastructure.”

In terms of detecting data breaches, only 16% of victimized organizations detected the breach on their own; in other cases, the breach was brought forward by a regulatory agency, law enforcement or the public. The average time after a breach but before detection was 173.5 days – a long time for data to be unsecured.

Read More

Safer Internet Day and how Two Factor Authentication Can Make It Safer

February 07, 2012   Adam Quart   No comments
safer internet day

Today, February 7th, 2012 is officially Safer Internet Day (SID). Safer Internet Day is a global campaign that promotes a safer and healthier internet for everyone to use. It is organized by Insafe and was co-founded by the European Union and encourages responsible use of the internet, online technologies and online services. Safer Internet Day spreads across Europe, Asia, Latina America, Australia, and the United States. As more and more people gain access to the internet and more generations of people are connecting online, internet security concerns are on the rise. More elderly people than ever are accessing the internet, joining social media sites, and engaging in online communities. Studies show that almost half of all under 12 year old kids are using facebook.com and other social media sites. With this broad user base and growing number of online users, online security measures need to be strengthened to keep users and their personal information safe. Most internet sites and internet logins for social media sites use strong passwords which are a combination of a login and static password. These static logins and passwords have long been considered safe, but as technology and hackers advance, online security needs to change and advance as well. Two factor authentication is a great way to increase online security and protect users.

Two factor authentication can be incorporated in any online login session and can be relatively cheap to implement. Two factor authentication is a way to authenticate based on two or more of the three types of factors to identify someone. The first factor would be something the user knows, the second factor would be something the user has, and the third factor being something the user is. Combining someone’s login, or something they know, and combining something that someone has, such as a mobile phone with a onetime password sent to it, is a very effective form and one of the most cost efficient forms of two factor authentication available today. By incorporating a device such as a mobile phone, which most users already have, there is no need for additional hardware to deploy and extra hardware for users to carry around. Two factor authentication can help users protect their personal information by helping to thwart unauthorized users from accessing their accounts.

Using two factor authentication with a login and one time password sent to a mobile device is effective because there are 2 layers of security present. The first layer would be the login and password and the second layer would be the one time password sent to the mobile device to authenticate the user. Even if an unauthorized user were to access someone’s login and password, they wouldn’t be able to retrieve the password that is sent to the mobile device.

Microsoft and AARP conducted a study that found that 83 percent of teens, young adults, parents and older adults are going online to help with family communication. With these generations of users using the internet to connect and communicate with each other, higher security needs to be adapted and used so that these users are protected. Companies such as Microsoft and Google are launching security centers online to provide assistance and guidance for users to navigate the internet more safely, but there needs to be layered security such as two factor authentication to really ensure the safety of users online. Security guides and tips are useful, but what is really protecting users from unauthorized users from trying to access their accounts? Hacking, malware, And phishing tactics have all evolved as the internet landscape has changed, but security has remained stagnant with more users going online and needing online security more than ever.

The focus on Safer Internet Day shouldn’t just be on giving guidance and tips on how to navigate the online world more safely, but should be on how organizations can incorporate online security such as two factor authentication to protect their users and how users can use two factor authentication to protect themselves from intruders trying to access their accounts. More emphasis needs to be on training and guiding users to using better security measures online to really make it a safer internet day and many days ahead for all users.

Read More

10-Year-Long Breach at City College of S.F.

January 27, 2012   Absolute Software Blog
 We know that approximately 5% of data breaches take years to discover. Just this month, for example, the City College of San Francisco discovered an “infestation” of computer viruses that have been leaking data for more than a decade. The investigation of the initial security flag found that an infestation of computer viruses had been lurking on college computers since 1999. Not all systems have yet been analyzed.According to what is known already, each night several viruses would troll college networks and transmit data to sites in Russia, China and several other countries. Computers all across campus have been infected and it is likely that personal computers and data devices connected to the college network in the last 10 years have also been affected.
“We may never know the full extent of the damage, and how many lives have been affected by this,” CTO Hotchkiss told three college trustees Thursday evening who met to discuss school buildings and technology issues. “These viruses are shining a light on years of (security) neglect.”
The college is currently attempting to trace the extent of the breach and will attempt to notify affected individuals.According to the news report, the City College of San Francisco was particularly lax in its security policies. For example, passwords for computer systems had not been changed in more than 10 years and that both technologies and policies for protecting information were years in arrears.
Read More

Why You Need Two Factor Authentication Security

November 22, 2011   Adam Quart   No comments

need two factor authentications
Major institutions in almost every industry vertical are updating their data storage and record management systems to provide access to information over a network or across the internet. Although security is present it is not always as effective as it seems, even over a secure network.

Usernames and passwords are no longer enough and have not been considered a high form of security for quite some time. Industry standards for access to secure information have risen and will continue to grow as more confidential data becomes available to users over the internet and ways of intercepting or accessing that data become more readily available. That is why two factor authentication solutions are highly feasible for accessing data securely.

With identity theft, phishing and online fraud occurring more often usernames and passwords are easy to obtain. Even if you change your credentials often that still does not stop hijackers from using your personal information they have already intercepted once to gain access over and over again. With two factor authentication not only do you need your traditional login information but also some other form of indentifying yourself such as a one-time password.

Highly secure 2 factor solutions will even offer an out-of-ban solution for the second factor while authenticating. This means the data is coming from a separate network than the traditional login panel, making it less susceptible to being hacked or hijacked. With multiple networks to access and intercept it is not a completely bulletproof solution but more of an added layer of protection which is becoming necessary.

Two factor authentications are some of the most efficient forms of security for internet or network based data communications. Mainly because there is no hardware to pay for and integration is usually seamless, quick and easy. Also there are many ways to connect the software whether you need a server, cloud, hardware or software based solution they are all readily available.
Hardware and software key loggers are readily available and have been for a while, they are hard to detect and there is not much you can add to your system for protection from this form of hijacking. Two factor authentication solutions relieve the worry of getting your username and password siphoned from your system because the thief would need your second form of identification which is held on a completely separate system or network.

With almost everything becoming available online and more access being thrown around from device to device a higher level of security is a necessity. In order to provide confidentiality and peace of mind to clients it is a company’s obligation to have a highly secure way of transferring their records and information. Two factor authentication solutions are that form of security and it can also be very cost effective. There are many different types of solutions for two factor authentication. DynaPass, Inc. is a leading provider of out of band two factor authentication solutions to companies worldwide. You can learn more about them and two factor authentication solutions at www.DynaPass.com.

Read More

Socialbots Threaten Social Media Users

November 15, 2011   jlankow

A new paper released last week by researchers at the University of British Columbia, Vancouver (“The Socialbot Network: When Bots Socialize for Fame and Money”) has created a stir by highlighting social media sites’ vulnerability to infiltrations by socialbots. In an eight-week experiment, the UBC researchers deployed 102 socialbots on Facebook that were able to gain 250GB of personal information from over 1 million user profiles. What does this mean for the average Internet user? Your personal information is at risk every time you log on to a social media site. Here, we explain what a socialbot is and how you can protect yourself.

What is a Socialbot?

To know how to defend against these online enemies, you need to know what they are. As described by the paper’s authors, a socialbot is a computer software program that controls an account on a particular social network and has the ability to perform basic activities such as posting a message and sending a friend request. If a user accepts a socialbot’s friend request, the bot gains access to the individual’s information and contacts, which it will also try to befriend, and so on. Its success lies in its ability to mimic a human, making it a unique type of malware. The bots used in the experiment used profile photos taken from the website hotornot.com and generated fake status updates from the site iheartquotes.com, making them appear to be real people.

Cybercriminals can deploy socialbots to infiltrate social media sites for malicious purposes, usually to gain information for identity theft. The researchers’ bots obtained thousands of home and email addresses, birthdates, etc., all of which can be used to commit fraud. However, one of the unique skills of socialbots is that they can also do significant damage in the social sphere in the form of reputation defamation. As the researchers pointed out, social bots can be used to infiltrate social media sites to spread misinformation and propaganda.

Though social networks do have some safeguards in place, there are major flaws in the system—for example, the social bots in the study only sent out 25 friend requests a day, to stay under Facebook’s radar. In fact, the experiment proved Facebook’s security measures to be so ineffective that the socialbots had an 80 percent success rate of infiltration. In the absence of stronger security, it is up to social media users to be vigilant.

How to Protect Yourself

If you are an active user of social media sites, it is important to educate yourself and take the following steps to ensure you’re protecting yourself, as well as your online community.

Only friend people you know. A socialbot only has power if you give it to it. In the study, almost half of the friend requests sent out were accepted. You can avoid being victimized if you make sure you’re only adding contacts you know.

Don’t post personal information. Never post your home address, phone number, or financial information online—these can be used for ID theft. You should also assume that everything you post, including conversations, photos, etc. is permanent. Remember that your account can be vulnerable if a contact’s account is compromised. So if you would be uncomfortable with it being shared, don’t post it.

Report suspicious behavior. Be alert for suspicious activities or unusual online behavior from “friends.” Hackers can infiltrate friends’ accounts and spam their contacts list. If you are receiving peculiar messages or links encouraging you to click on them, report it (and contact your friend separately to let them know you think they might have been hacked). And if a stranger is repeatedly requesting friendship, flag, block, or report them.

Don’t share your contacts list when you join. When you sign up for most social networking sites, they ask if you’d like to invite your email list of contacts. Don’t approve this: The information can be exploited by hackers if your account is compromised.

Make sure you’re on the real site. Some phishing scams will send an email to you from your social networking site asking you to log in or verify some account information. When you click on the link, you’re directed to a fake site (which may look legit) that actually shares your username and password with cybercriminals.

Socialbots Threaten Social Media Users - ZoneAlarm Blog

Read More