1-888-643-2217 Email ABEX
Keeping you updated

Tag Archives: Cyber Crime

Cyber Crime’s Forgotten Victim—Your Company’s Reputation

Reputation 1Even though companies are finally starting to dedicate resources to prepare for cyber attacks, it’s possible that they may be overlooking a key exposure. While internal audits, hardware and software upgrades, and payouts to impacted customers can be costly, those costs can quickly be dwarfed by the damage a cyber attack can do to a company’s reputation.

The Dark Side of Social Media

Social media poses a huge threat to your company’s reputation. In the event of a data breach, traditional media coverage, blog posts and consumer reaction to the breach will dominate discussion of your company’s brand across social media platforms. Social media newsfeeds offer little to no distinction between legitimate news, biased reports, rumors and outright falsehoods, making the problem worse.

Additionally, social media is the perfect battleground for a competing interest to launch an attack on your brand. In fact, a white paper released by Hays suggests that the deliberate spread of false information about companies could be part of the next wave of cyber attacks launched by foreign governments.

Managing Your Reputation

In the wake of a cyber attack, it’s important to have a social media strategy in place and ready to roll out, as well as a team dedicated to monitoring social media in order to dispel any rumors and clarify any falsehoods. It’s also important to consider all avenues for mitigating your risk.

 

© Zywave, Inc. All rights reserved.


Spear Phishing: Targeted Cyber Crime

The word password hooked by fishing hook“Phishing,” a type of cyber attack in which a hacker disguises him- or herself as a trusted source online in order to acquire sensitive information, is a common scam that can put employees and businesses at risk. However, more resourceful criminals are resorting to a modified and more sophisticated technique called “spear phishing,” in which they use personal information to pose as colleagues or other sources specific to individuals or businesses. And, when attacks contain personal information, they are much more difficult to identify as malicious.

For businesses, the potential risk of spear phishing is monumental. The 2015 Internet Security Threat Report released by Symantec Corporation, a company that specializes in security software, states that, globally, 5 out of every 6 large employers were targeted in spear phishing attacks in 2014, and that there was an average of 73 spear phishing email attacks per day.

How to Protect Your Business

Though it is difficult to completely avoid the risk that spear phishing attacks pose, there are ways to prevent further damage to your business. For example:

  • Be cautious when you are asked to divulge personal information in an email. Even if it appears to be from a trusted source, it could be a hacker impersonating another person or group.
  • Only share personal information on secure websites or over the phone. When in a Web browser, you can ensure a website is secure when you see a lock icon in the URL bar, or when an “s” is present in the “https” of a URL. The “s” stands for “secure” at the end of the normal “http”.
  • Some spear phishing schemes use telephone numbers, so be sure to never share information over the phone unless you initiate the call to a trusted number.
  • Never click on links or open attachments from unknown sources. Even opening a file that seems familiar can give a spear phishing attacker access to personal information stored on your device.
  • Ensure that your company’s security software is up to date. Firewalls and anti-virus software can help protect against spear phishing attacks.
  • Encourage employees to think twice about what they post online. Spear phishing hackers often attain personal information through social media sites. Make sure that employees know how to keep this information private to protect their own security as well as that of your business.

Regularly check all online accounts and bank statements to ensure that no one has accessed them without authorization.

 

© Zywave, Inc. All rights reserved.


How Hackers Can Control Your Car

CYBER CRIMEFiat Chrysler Automobiles is recalling 1.4 million vehicles—not for a manufacturing flaw or a faulty part, but for a vulnerability to hacking. The company deemed the recall necessary after two software programmers demonstrated how easy it was to remotely tamper with a Jeep Cherokee’s radio, air conditioning, dashboard display, windshield wipers, brakes and transmission.

This hack is an example of what the security industry calls a zero-day exploit—a vulnerability in a piece of software that the vendor is unaware of. In the case of Fiat, hackers, through wireless access gained via the Internet, sent commands through the vehicle’s entertainment system, taking control of any number of vehicle functions. This could, in theory, be performed from a laptop across the country.

But this type of vulnerability isn’t limited to Fiat vehicles, as most auto companies produce models that are susceptible to breaches. Industry leaders like General Motors, Ford and Toyota are atop a long list of auto makers believed to be the most susceptible to hacking.

As vehicles become increasingly connected, the risk of hacking becomes more apparent and no longer limited to select models. By 2022, an estimated 82.5 million automobiles worldwide will be connected to the Internet.

Since the hack, Fiat has taken strides to prevent remote manipulation by distributing USB drives to vehicle owners that they may use to upgrade vehicle software and deter hackers—but that may not be enough. While automakers are aware of cyber risks and are even taking steps to prevent attacks, experts say that the auto industry is far behind when it comes to cyber security and that current solutions aren’t yet strong enough to thwart hackers.

 

 

© Zywave, Inc. All rights reserved.


43% of companies had a data breach in the past year

Cyber CrimeSource: www.cnbc.com

A staggering 43 percent of companies have experienced a data breach in the past year, an annual study on data breach preparedness finds.

The report, released Wednesday, was conducted by the Ponemon Institute, which does independent research on privacy, data protection and information security policy. That’s up 10 percent from the year before.

The absolute size of the breaches is increasing, said Michael Bruemmer, vice president of the credit information company Experian’s data breach resolution group, which sponsored the report.

“Particularly beginning with last quarter in 2013, and now with all the retail breaches this year, the size had gone exponentially up,” Bruemmer said.

He cited one large international breach few Americans have even heard about. In January, 40 percent of South Koreans—a total of 20 million people—had their personal data stolen and credit cards compromised.

The breach was caused by a worker at the Korea Credit Bureau, which provides credit scores to Korean credit card companies.

While shadowy hackers in Eastern Europe often get the blame for these attacks, more than 80 percent of the breaches that Bruemmer’s group works with “had a root cause in employee negligence,” he said.

“It could be from someone giving out their password, someone being spear-phished, it could be a lost USB, it could be somebody mishandling files, it could be leaving the door to the network operations center open so someone can walk in,” he said.

Despite the rise in breaches, 27 percent of companies didn’t have a data breach response plan or team in place, though that’s down from 39 percent who didn’t have them in the previous year’s survey.

Even in companies that have breach plans in place, employees aren’t convinced they will work. Only 30 percent of those responding to the survey said their organization was “effective or very effective” at creating such plans.

One reason might be that few companies seem to take the need seriously. Of the companies surveyed, just 3 percent looked at their plan of action each quarter. Thirty-seven percent hadn’t reviewed or updated their plan since it was first put in place.

The statistics don’t surprise Ted Julian, chief marketing officer with Co3 Systems in Cambridge, Mass. His company does cyber incident response management.

“Most organizations, and I’m only talking the sophisticated ones, have done a little but it’s not enough,” he said.

Breaches are now just a part of life and yet when they happen too often companies pull out “a dusty incident response plan that hasn’t been touched in two years,” Julian said.

The survey was conducted in 2014 and included 567 U.S. executives, most of whom reported to their company’s information security officers.


Is Your Website Secure?

Best Internet Concept of global business from concepts seriesIn the wake of several high-profile cyber security scandals and the widespread Heartbleed security bug, website security is more important than ever. Without a concerted effort to safeguard your business’ website, you risk losing money due to relentless cyber attacks.

Because hackers are constantly searching for new website vulnerabilities and engineering new viruses, website security should be a round-the-clock concern—the threat will never ebb. The consequences of weakening your stance on website security, even for a second, can be disastrous: loss of revenue, damage to credibility, legal liability and broken customer trust.

Web servers, which host the data and other content available to your customers on the Internet, are the most targeted and attacked components of a company’s network. Some specific security threats to Web servers include the following:

  • Cyber criminals may exploit software bugs in the Web server.
  • Attackers can disable a network by flooding it with information.
  • Hackers may secretly read or modify sensitive information on the Web server.
  • Criminals could gain unauthorized access to resources elsewhere in your business’ network following a successful attack on the Web server.

To avoid similar threats to your website’s security, follow the steps listed below:

  1. Develop and implement a data breach response plan.
  2. Ensure that the Web server operating systems and applications meet your organization’s security requirements.
  3. Publish only appropriate information.
  4. Prevent unauthorized access or modification on your site.
  5. Protect and monitor Web security at all times.

Rely on ABEX for expert, timely guidance on cyber security.

 

 

© 2014 Zywave, Inc.


Blog

FOLLOW OUR BLOG

Receive notifications of new posts automatically.



ABEX - AFFILIATED BROKERS EXCHANGE IS ON FACEBOOK.

Like us on Facebook

Connect with us on LinkedIn