For those of you who have been reading the EiQ Networks blog on a regular basis, you know that one of the most fundamental and unyielding tenets of the security world that we frequently point out is this: functionality and performance always – and we mean always – trump security. For developers of new software products, hardware technologies and the emerging world of IoT, the ability to get to market as quickly as possible is the most important thing a company can do, because it gets them a market position that turns into revenue. Because security isn’t generally perceived by companies that make commercial software and hardware as something on which people make buying decisions, it’s usually relegated to a last-minute “bolt-on”, or simply addressed after vulnerabilities are discovered by users and security analysts after the product is released. Even after disclosure of vulnerabilities, many companies either ignore these findings or back-burner patches and fixes until the next major release of their product. One of the “dirty little secrets” of the industry is that certain, specific vendors (we won’t name names here… but they know who they are) have had gaping holes in their products for months and sometimes even years. Sadly, this behavior among many companies is not likely to change.
Just a few weeks ago, security researcher and journalist Brian Krebs reported on the arrest of two men who were suspected of running “vDOS,” one of the most pervasive distributed denial-of-service (DDoS) paid service networks in the world. DDoS as a subscription service is nothing new; vDOS was in existence for well over four years, and along with other services such as “PoodleStresser” were part of the nascent but rapidly-growing distributed denial of service-as-a-service market (“DDoSaaS” – how’s that for an acronym?)
Cybercriminals and IT security shouldn't be taken lightly. One breach can cost your company hundreds of thousands of dollars. If you're not sure whether your company needs to upgrade or completely revamp its cybersecurity practices, here are three warning signs that indicate it should:
"One breach can cost your company hundreds or thousands of dollars."
1. You Don't Understand the Target
IBM executive security advisor Diana Kelley, who co-authored the IBM study "Securing the C-suite," has over two decades of cybersecurity experience. Her company has 7,000 IT professionals protecting the organization from outside threats. But even Kelley recognizes that numerous executives, even at the most influential computer institutions such as IBM, don't take IT security as seriously as they should.
There are many types of cybercriminals, and the type of data they're searching for can vary. For example, the Congressional Research Service categorizes hackers into criminals, nation-state warriors, terrorists and "hacktivists," and each has their own objectives when performing cyber attacks.
As a business owner, manager or industry professional, it's critical to understand the common challenges that exist when trying to defend against these cybercriminals.
Security as a Service has rapidly become one of the hottest cybersecurity trends in 2016. The latest shift in this trend though is the cloud-based options that are available, specifically for the managed IT security services industry. This is primarily due the cost-saving benefits associated with cloud security. Even with this shift, however, there still remains many myths about cloud security. Based on an article by David Spark published on CIO.com called 20 of the Greatest Myths of Cloud Security, EiQ has chosen three of these myths that we believe IT security professionals need to forget about immediately in order to overcome the fear of cloud security and start reaping the benefits.
- The cloud is fundamentally less secure (in fact it might be safer!)
- More breaches occur in the cloud
- Maintaining cloud security is just too difficult
Can IT professionals rely on the cloud to keep their data safe and secure like they did floppy disks, compact disks and flash drives? After all, for years those units were staple features of business operations and storage. Each of those items proved their worth, but eventually fell in favor to new technology. This time, it's the cloud.
"It's not a matter of managing IT security as it is ensuring a breach never happens."
The question today is whether IT professionals can trust the cloud to keep their data secure all the time. Data breaches are a major problem, especially in the banking industry, so it's not a matter of managing IT security as it is ensuring a breach never happens.
When it comes to cybersecurity, companies today typically have three options:
- Do nothing or the bare minimum, and hope that cyber attackers don’t find you.
- Keep your current cybersecurity posture as is, without consistent updating or monitoring (and hope cyber attackers don’t find you!).
- Consider EiQ’s hybrid security as a service to identify threats and vulnerabilities, mitigate risk, and achieve compliance.
Let’s look at each of these options.
One need only read the headlines to know how insecure company data and networks are these days. Just a few weeks ago, U.S. health insurer Banner Health informed 3.7 million customers and healthcare providers that their data may have been stolen. This has become a fairly common scenario as healthcare records and private data are traded openly on the black market. Thinking through all of the likely attack vectors, it seems almost impossible for organizations to completely secure their intellectual property, customer data, and other corporate records. For example, employees might not know that malware need not be downloaded in a file or executable but simply through clicking on an infected banner ad or even a link in social media. If an organization has a “bring your own device” to work policy, a mobile phone or tablet infected at home can spread easily malware to the corporate network.
Another big name gets added to the list of 2016 data breaches. Yahoo, the multinational technology company, has its hands full as it deals with trying to confirm the possibility of a data breach. The infamous hacker that goes by the tag of “Peace” has listed a cache of what allegedly appears to be 200 million stolen Yahoo user accounts for sale on the Dark Web. Yahoo has already begun a thorough forensic analysis investigation to the determine the validity of the hacker’s claims and promises that it’s taking this breach "very seriously.” According to reports by Motherboard, the cache supposedly contains usernames, passwords, and dates of birth. At this time, the stolen user data is currently being sold for 3 Bitcoins, or around $1,860, and apparently contains records from “2012 most likely,” according to hacker Peace. Peace has also provided a way to unscramble the hashed credentials, making it easier for buyers to use the stolen information once they get their hands on it.
In June 2016, Facebook CEO Mark Zuckerberg made The New York Times for covering his laptop camera with tape. The following explains why individuals choose to block their webcam lenses, and why this cybersecurity technique is not enough.