Award Down The IT Security Boulevard

October 9, 2014 — Leave a comment

The Americas Information Security Leadership Awards has announced its winners for the fourth time. The great thing about is that the American in its title does not refer only to the North America, but also to the Central and South America. So, when you say the American Award it includes both continents.

This is exactly what we need. We need something traditional, encouraging and inspirational at the same time. On the other hand, this something should include the word international in its title. As long as we have American or European prefixes, we cannot expect a major improvement in this field.

For what is worth, we are appreciating and we are grateful for these types of rare IT security awards. We just wish for more of these awards with the wider scope. The hackers themselves seem to be less nationalistic oriented and more open to the idea of an international cooperation. We should follow.

This is how we should do it. A little bit of awarding here and there. Then, a little bit of bug bounty programs, as well. If we appreciate enough our efforts and time invested for the IT security, then we can be rewarded with something more valuable that the awards themselves. The fully functional IT Security, for a change.

Unpatched = Unprotected

October 8, 2014 — Leave a comment

How many times we have to repeat it? How many evidences we have to submit in order to convince you? About what exactly? Our main point is quite a simple one, and apparently extremely difficult to accept. The human factor is the worst cyber menace you have ever witnessed and heard about.

In the absolute and surprising majority of cases you can easily ensure the remarkable level of the proper IT security. How? With the regular updates and use of patched systems. Yet, we keep missing to update and continue to use the unpatched systems. Why? Either we are totally reckless or lazy.

Either way we are in trouble. On the other hand, your friendly neighbor hacker only needs one vulnerability to pay an unexpected and unforgettable visit. We could have easily avoided or at least decreased the chances of facing this cyber trouble. All what we needed to do was to invest a little bit of our time.

No one can make you to comply with these simple and effective IT security rules, but also there is no one you can complain once you get hurt. The cyber doctors have given you a fair warning including a vaccine. It is your fault, if you think that you have something else more important to do.

The Shadow IT

October 7, 2014 — Leave a comment

The big bad and ugly wolf is coming. It is called the EU General Data Protection Regulation. Actually, it is supposed to protect us and save us from the three little pigs, who have mastered some hacking in the meantime. Then, how come the worrying majority of the employees in the EU is not willing to cooperate? Fully.

Nowadays, the IT guys in your company can forget the good old days when they were the Alphas and Omegas in your office. The cloud technology and the absolute abundance of available mobile devices were the fruitful ground for the new phenomena called the “shadow IT”. What in the world is that?

Well, this is a nice way for you to avoid the situation with the EU General Data Protection Regulation way, or the highway. You can still do your thing without worrying about those boring new regulations, including your paranoid IT colleagues. What is so difficult and problematic about the new IT security measures?

It is the similar, if not absolutely the same, situation with the traffic safety regulations. They are supposed to protect you. You can ignore them or even work against them, but at your own risk. The same goes for the IT security measures, rules and policies. Instead of keep asking why, just comply.

KasperskyPOL

October 6, 2014 — Leave a comment

Here is a breaking news in the world of cyber security. Kaspersky Lab has teamed up with Interpol and Europol. This can easily turn out to be a role model for the future private – public teams up. Undoubtedly, this is a dream team for the cybercrime field. So, what they can do together for real?

Well, with no exaggeration at all, the sky is the limit. On the other hand, what is the nature of this specific relationship itself? It is better to say partnership. Kaspersky Lab will involve all of its resources and even staff for the Interpol and Europol specific tasks. There will be so much work to do together.

On the other hand, we do not want to spoil the fun, but we need to ask some questions. If Kaspersky Lab remains to be the only Interpol and Europol partner, then this will not be a good thing for the cyber security itself. We would be more than pleased to witness more participants in this teaming up.

Why stop here? Let us bring FBI and other similar agencies to share their thoughts and requirements with the cyber security experts. If the hackers can hold their hands, or better to say fingers, while attacking our IT infrastructure, then how come our guardians cannot be on the same cyber page?

The BlackEnergy On The Run Again

October 6, 2014 — Leave a comment

Who or what is the BlackEnergy? Well, to be quite honest, no one can tell for sure. We can only speculate. However, we can make a wild guess, which sounds extremely reasonable. From what it is known, the BlackEnergy has humble DDoS beginnings. Then, all of a sudden everything has changed for this group.

They have become more sophisticated. In addition, it is more than indicative that the primary targets were in both Ukraine and Poland. This somehow strangely coincides with the recent political and military confrontation in Ukraine. That is why the rumors about the state’s support were born.

But, which state? Well, you do not have to guess twice, do you? Russia is the usual suspect in this story. This does not imply that the USA and other NATO allies do not have cyber black ops teams of their own. Yet, when you have the government’s fingers involved, then the things become even more serious.

What is the point if we keep fighting the cyber menace, which has a state’s support and origin? Solving of all political crisis in the world will not eliminate all cyber threats. Nevertheless, we can certainly decrease their numbers. The most dangerous hackers are the ones wearing state’s uniforms.

Former Employees – Future Worries

October 5, 2014 — Leave a comment

You do not have to be a rocket scientist to know that former employees should not have the access to the company’s IT infrastructure as once they used to do. Yet, you would be surprised to find out in how many cases we forget to lock the IT door after someone leaves a company this way or another.

Why? It seems that we worry much more about the contract, social security, cancellation period, and all other more important issues that IT security in these cases seems like a trivial thing. We do not have time to clean the cyber working space after our former colleagues, but we do not forget the other things.

Believe it or not, there is a higher probability that your former employee will “hack” your company than any hacker you can possibly think of on this planet. The worst thing about it is that we leave an open door. Any unauthorized access is potentially extremely dangerous for your company or business.

This includes cases, when your former employee feels nostalgic about his old company’s account or wants to do you harm because he was fired. It only takes a couple of minutes to change passwords and adjust new security settings. Yet, we miss to act accordingly. This is how our former employee becomes our future hacker.

Cyber Crime And Business Punishment

October 3, 2014 — Leave a comment

Why do we need top IT security for our business? So, that the IT experts can earn more. Why do we hesitate to implement these adequate cyber security measures? Because, they are expensive. Because, they are time consuming. Because, we do not have enough qualified staff to implement it.

Well, we have heard so many excuses that we learned them by heart. On the other hand, there is one piece of statistical information that will make you think twice about these ridiculous excuses. There is something scarier than any known malware or virus, which can be found on the Internet.

Are you ready to face the absolute horror? Here it goes. Customers, clients, users, and others, call them what you want, who have experienced a cyber trouble associated with your business are more than likely to pay a visit to your competitors. In more than 50% of all cases, this will happen sooner or later.

Are you already googling in search for the IT security consultant? If you do not want to do it for yourself, then do it for your customers. If you are not afraid of the hackers, then you should be terrified of your competitors. What a lovely way to motivate businessmen to invest in the IT security. Indeed.

Microsoft Online Services Bug Bounty Program

October 3, 2014 — Leave a comment

Here is a nice way for you to earn $500, or even more. Microsoft has launched the Bug Bounty Program for its online services. The awards begin with the amount of $500 and increase accordingly. Yet, you are required to focus your findings on the MS online services alone. And, there is one more thing.

You need to identify a problem as precisely as possible and offer the most suitable suggestion in order to resolve it successfully. Microsoft will carefully evaluate your contributions and award you accordingly. It comes without saying that is a good and highly recommended activity for any IT player.

This brings us back to the good old days when we had a promising abundance of the bug bounty programs and competitions. Those were the days, weren’t they? It seems that we needed some time to start appreciating again the benefits of these recently undermined ways of improving the cyber security.

We sure hope that other players of the major IT league will join the party, as well. This is an extremely efficient solution for our cyber troubles, which we often take for granted. Luckily, there is a sign of positive changes on the horizon. So, what are you waiting for? The grandpa Microsoft dares you.

Don’t Feel Free With The IC3

October 1, 2014 — Leave a comment

Who or what is the IC3? The IC3 stands for the Internet Crime Complaint Center, which was launched as the partnership between the FBI and the National White Collar Crime Center (NW3C). It was supposed to protect you and work in your best interest. Then, how come the FBI has issued the warning about the IC3?

Well, it seems that we have matched our match with these hackers, who were able to disguise themselves as the IC3 itself. You cannot believe how detailed and credible they were with their plan. You were lead to believe that the IC3 is addressing you directly about the certain legal issue.

They ask you for some money to solve this matter without further troubles. People fall for it, because these hackers have done their homework properly. Now, the FBI itself has to warn you about this serious threat. So, what is the moral of this story? Well, there is more than one, that is for sure.

We should learn from these hackers. They were methodical, patient and above all, they examined the existing security system from A to Z. They have done our homework, actually. If they can do it, so can and should we. You need to know your enemy in order to defeat him. This is how it goes. Right FBI?

IMELA Software Blog

4 out of 5 dentists recommend this WordPress.com site

Month: October 2014