Many American homes have a false sense of security when it comes to their devices and networks – their digital doors could do with better protection.
The post False sense of security leaves American homes vulnerable to cybercriminals appeared first on We Live Security.
One of the first steps to ensure that your private information isn’t accessible is to understand the reasons that drive hackers and cybercriminals to do what they do – what are their motives? Politics? Money? Fame? Or is it merely the thrill of getting away with it? What influences their actions and their possible responses?
Given the importance of having answers to these questions, the cybersecurity firm Thycotic carried out a survey of 127 hackers at the Black Hat USA conference in 2014.
51% of those questioned stated that their main motivation was the “search for emotions”, while only 18% said that they were driven by money. According to the report, this indicates that “modern hackers are curious, they are bored and want to test out their abilities”.
To get a better understanding of this information, we need to put it into context: only some of those responsible for cyberattacks make up what is known as hackers, while the rest of them are simple cybercriminals who are looking for an easy way to make money with their attacks.
A large majority of those (86%, to be exact) were also convinced that they wouldn’t have to face the consequences of their cyberattacks, which also lead them to continue doing what they do. The theory of the study is as follows: “The number of attacks carried out is far higher than the level of monitoring on the systems. Today’s hackers are more adaptable than ever and this allows for multiple attacks on multiple systems, increasing the levels of success without increasing the risk”.
In the case of stealing information, 40% of the hackers stated that their main objective was to find the “weak link in the chain” of the business – the contractor. This person may not always have access to the company’s network but the hackers like that they aren’t subject to all of the company’s security policies, which makes them a valuable target.
A further 30% revealed that their main target was the IT administrator; someone with direct access to servers and systems where lots of confidential information is stored, such as that pertaining to clients or customers. This means that once the attacker has obtained control of the access codes, he can easily and quickly take control of the system.
Many hackers and cybercriminals on have to overcome traditional antivirus systems when they are carrying out their attacks – systems of protection that haven’t been able to adapt to the constant evolution of cyberattacks.
Due to this, Panda has come up with Adaptive Defense 360, a security solution that is capable of blocking applications based on real time analysis of their behavior, which allows us to close the “window of opportunity” on malware.
The post Inside the mind of a cybercriminal: what is he looking for any why has he chosen your business? appeared first on MediaCenter Panda Security.
Any attack that takes advantage of the “window of opportunity” produced by recently discovered vulnerabilities is called a Zero-Day attack. In other words, a rapid attack that is deployed by cybercriminals before security experts have been able to patch up the vulnerability… or even before they’ve heard of the attack.
Any attack of this type if the dream of any hacker, given that it guarantees instant fame (sometimes these vulnerabilities are spread on the Deep Web), and is known for its ability to be destructive (when it’s used for the hacker’s own benefit). They are also a useful resource for certain governments to sabotage foreign systems or businesses.
Protection against these attacks is so important that large technology companies employ their own in-house teams of hackers who compete against cybercriminals to detect and locate Zero Day vulnerabilities before they are exploited.
The objective for these teams is to develop the appropriate patch or to make the affected software provider aware of the problem. Google, for example, has its own dream team of hackers called Project Zero, led by Chris Evans and also includes other well-known hackers such as George Hotz (winner of the biggest prize in history for the detection of a vulnerability), Tavis Ormandy, Ben Hawkes, and Brit Ian Beer. Other companies, such as Endgame Systems, Revuln, VUPEN Security, Netragard, or Exodus Intelligence dedicate themselves to the detection of these threats.
It’s important to keep in mind another aspect of the Zero Day vulnerabilities – if the hackers that discover it decide not to spread it and choose a more discrete method to exploit it, the users could be weeks, months, or years exposed to an unknown vulnerability (this is the basis of APTs, or Advanced Persistent Threats).
As mentioned above, this is precisely where the danger of these Zero Day attacks rests. Just as it is impossible to make a vaccine for them, or that we know that it exists but we don’t know what caused it, traditional security tools (such as an antivirus), are unable to deal with a possible malware that is still unidentified.
However, there are a few steps and measures that could help us to reduce our exposure to Zero Day based attacks.
However, going beyond that, it is fundamental that our systems have an additional protection barrier in place that doesn’t depend on technology based on signatures to detect malicious software. With this in mind, Panda has developed Adaptive Defense 360, which is based on a distinct focus: the monitoring of every application and the real time analysis of its behavior with machine learning techniques and Big Data platforms.
This lets Adaptive Defense 360 offer two types of blocking:
The post How to protect your company from Zero-Day attacks appeared first on MediaCenter Panda Security.
In the corporate environment, cyber-threats are becoming more and more sophisticated, security standards more complex, and budgets tighter and tighter.
The world of technology in the workplace is no longer just restricted to servers, workstations, or email accounts, but rather we need to consider mobile devices and the culture of BYOD (Bring Your Own Device).We also need to be aware of problems that may arise from new trends such as social media and the impact that all of this can have on the security of our corporate networks.
This all places a great stress on businesses when it comes to the monitoring and management of information security.
There are currently a new series of products emerging on the market that are placed under the name Managed Security Services. This includes typical services such as antiviruses, firewalls, intrusion detection, updates, content filters, and security audits, while also embracing the new needs that businesses have, based on these services being managed by a third-party who assumes responsibility for the function and monitoring of them at all times.
A study carried out last year in the USA, UK, Canada, and Germany showed that 74% of organizations were still managing their own security systems, but that 82% of IT professionals were working, or had thought about working, for a company that provided security management services.
With all that has been mentioned in mind, Panda Security has decided to offer its very own self-managed security solution, Adaptive Defense. Thanks to the latest cloud computing technologies (based on Machine Learning techniques and Big Data) developed by Panda, Adaptive Defense is capable of automatically classifying all running applications on the system without the need for any user intervention.
Adaptive Defense is also a solution that has zero impact on the customer’s infrastructure. This is due to it being a service that is operated from a centralized web console that allows for the securing of Windows workstations, servers, cell phones, and remote offices.
The post The advantages of having a managed security service appeared first on MediaCenter Panda Security.
In the rush for convenience, we have overlooked security when it comes to public Wi-Fi. And, as this feature investigates, there are plenty of dangers.
The post Public Wi-Fi: Convenience trumps risks appeared first on We Live Security.
Just being aware of all the headlines is enough to realize that new threats and vulnerabilities in the field of information security are constantly emerging. As a result, it is essential for a company to be able to rely as much on the preparation of their security professionals as it is their IT governance strategy.
That means there is just one question – what is the best way for both professionals to obtain the adequate training (which makes them more employable), and for businesses to do the same with protocols and security procedures (demonstrating a sense of security to their customers)?
The correct solutions would be the security certifications which allow for a combinations of minimal requirements, a standardized language, and a common, professional code of ethics.
If we as both professionals and leaders within an organization decide to take up a course in IT security management, it is recommended that we opt for certifications given by international and independent organizations.
With this in mind, here are some of the most relevant certifications available:
CISA and CISM are the two main accreditations issued by ISACA (Information Systems Audit and Control Association), an international association that has been sponsoring certificates and methodologies since 1967, and is currently made up of more than 95,000 members.
CISA (Certified Information Systems Manager) is newer than CISA, and offers accreditation in the knowledge and experience of IT security management.
What defines CISM are the basic standards of competence and professional development that an IT security director should possess in order to lead or design an IT security program.
The Certified Information Systems Security Professional (CISSP) awarded by the ISC is one of the most valued certificates in the sector. Organizations such as the NSA or the United States Department of Defense use it as a reference.
The certificate is also known as being “a mile wide and an inch deep”—indicating the wide breadth of knowledge (a mile wide) that the exam covers and that many questions don’t go into nitty-gritty details of the concepts (only an inch deep).
COBIT 5 (the latest version tested) is defined as being a reference point used by governments and for IT management in businesses. It is managed by the ISACA in conjunction with the IT Governance Institute.
COBIT is deigned to adapt itself to businesses of all sizes (including SMEs), different business models, and corporate cultures. Its standards are applied to fields such as information security, risk management, or decision making regards cloud computing.
ITIL (IT Infrastructure Library) can be described as a reference of good practice and recommendations for the administration of IT services, with a focus on the administration of processes. The entity that manages this certificate is the OGC (Office of Government Commerce) in the UK.
While COBITS works on the management and standardization of the organization, ITIL centers itself on the processes – COBIT defines the what, and ITIL the how.
The standard that is published by the ISO (International Organization for Standardization) and by the IEC (International Electro-technical Commission) to act as a reference point for a group of standards that provide a framework of IT security management to be used by any type of organization (be they non-profit, public or private, big or small).
As opposed to the other certificates which are aimed at individuals, this one is directed more towards businesses.
The post The main information security certifications for businesses appeared first on MediaCenter Panda Security.
Are there things in life that you can really say you are 100% sure about, I am sure there are a few but not very many.
In the last week here at AVG our virus research teams and engineers have achieved not just one great test result, but two. The AV-TEST results show that AVG achieved 100% detection of real-world malware and 100% detection of widespread malware. Then followed the AV-Comparatives Malware Removal report awarding AVG with the highest award mark of Advanced+.
Whether you are a consumer or business looking to make a decision on what Anti-Virus/Malware product to use, then independent results from internationally recognized testing organizations should help you make the right decision.
For businesses selecting the right product to stay safe is particularly important, in many cases you are not just protecting your company data but also the personal information that you hold about your customers.
The double 100% result from AV-TEST is particularly important as this shows that our products are protecting you without compromise whether the threat is new and only just appeared, as detailed in the real-time test, or whether it’s a known malware variant that is widespread.
I asked Andreas Marx, CEO of AV-TEST what the significance of the 100% result means, he said “Here at AV-TEST we understand that consumers and businesses rely on specialist organizations such as ourselves to test products they rely on for their security and protection. When a vendor scores 100% in both the real-time and widespread sections of our protection test, it provides a data point that allows consumers and businesses to make informed decisions. We congratulate AVG for achieving the 100% result in our August test.”
Detecting malware and stopping it from carrying out its malicious intent is important, but knowing that it has been completely removed from a device is also extremely important. The AV-Comparatives award for Malware Removal shows that we have excelled in this area too.
At an industry conference I asked Andreas Clementi, Founder and CEO of AV-Comparatives about the Malware Removal report and the AVG result, he said “An important factor for users of Anti-Malware products is not only its ability to detect malware but also its ability to remove the threat and all of the components that it installed. At AV-Comparatives we conduct an annual Malware removal test that shows a products efficiency to clean up after an infection, AVG has achieved an Advanced+ rating for 2 years in a row which shows great consistency.”
It’s important to understand that testing anti-malware products is undertaken and a point or period in time, so the results reflect the moment that these tests were carried out.
Of course our teams are motivated to continue with flawless detection results, and with the release of our new versions of our Ant-Virus range of products there are additional security features designed to provide improved detection. You can see more details in my article about our product release.
Indulge me in this moment of unashamed promotion of AVG and allow me to proudly acknowledge the commitment and dedication of the AVG teams that have delivered these awesome results, which they proudly develop to protect you, our customers.
Follow me on Twitter @TonyatAVG
Analysts have been saying for a long time that the Internet of Things (IoT) is about to become a fundamental element in the transformation of businesses – its impact will end up influencing all social and industrial sectors. Recently, the technology consultancy Gartner placed this technology as one to watch (along with machine learning), and estimated that it would reach its full potential within 5 to 10 years.
However, according to this company it won’t be long before we can see how the Internet of Things will begin to generate visible changes – a study presented this month by the Gartner team predicts a transformation in the world of cybersecurity within the next two years, thanks to the Internet of Things. Therefore, by the end of 2017 more than 20% of businesses will be using security services dedicated to protecting businesses initiatives, and that use devices and services based on the Internet of Things.
Likewise, Gartner also predicts that IT and security strategies will need to be redefined as a consequence of adopting this new technology, along with the 26,000 thousand new devices that come with it. This, obviously, will massively increase the number and reach of technological vulnerabilities.
With the massive implementation of the IoT, intelligent gadgets will lose importance against the rise of omnipresent sensors (and the huge amount of information that they generate). In short, the lines between the physical and the digital will become blurred and BITS will act as the engine that allows devices connected to the IoT to change the state of its environment, including their own.
Gartner gives a few examples of this – a sensor that detects a temperature that is too low in a room will raise it automatically, or another that readjusts the dosage of medication for a patient in their hospital bed according to their medical records. This is without even mentioning the potential for IoT to change the way we drive on our highways (or, even better, how we stop doing it altogether).
Businesses that adopt the IoT (the demand driven by providers and customers will ensure that they do) should increase their connectivity and readjust their maintenance policies. In any case, the main challenge will still be in the security systems. The Internet of Things is set to redraw the lines of responsibilities for the enterprise – security policies will have to be open to different profiles of employees and updating protocols, the same as what happened with the introduction of BYOD or cloud computing, but on a much larger scale, and with a far more visible impact.
“Ultimately, the requirements for securing the IoT will be complex, forcing CISOs to use a blend of approaches from mobile and cloud architectures, combined with industrial control, automation and physical security,” says Ganesh Ramamoorthy, Vice President of Gartner.
“However CISOs will find that, even though there may be complexity that is introduced by the scale of the IoT use case, the core principles of data, application, network, systems and hardware security are still applicable.”
The post How the Internet of Things will change cybersecurity as we know it appeared first on MediaCenter Panda Security.
When you’re watching a movie and you see the typical computer screen filled with green coding (you know the type, rows of 1s and 0s) you might get the impression that IT experts are magicians that work wonders with a mouse and a keyboard. Theirs is a difficult professions, but they are also humans that suffer from the same human errors and doubts as the rest of us.
At Google they are well aware of this and for this reason they have carried out an investigation that tries to shed light on the security measures that IT professionals follow, and that for the rest of us seem impossible to imitate.
The conclusion they reached leaves us all in a bad light – what seems difficult really isn’t that complex at all. The majority of the steps taken by IT professionals to protect themselves from digital threats are based on pure common sense and are easy enough for the average use to put into practice.
The people behind the study compared the precautions taken by experts and those taken by regular users and discovered that the latter are skipping some of the basic steps. Here are the main ones.
Make sure you have the latest version of software installed on your operating system and the programs that you use. This is the same for both computers and mobile devices. The manufacturers usually correct vulnerabilities as soon as they realize them, so it’s up to you to make sure you install the latest version. You can always allow for automatic updates if you want to.
Although passwords are on the verge of extinction, they are still the main way to protect your devices. You should make sure to follow these basic guidelines for choosing passwords which include a different one for each service, ones that are hard to guess, and ones that contain a mix of letters, numbers, and symbols.
If you choose a secure password, you’re on the right path, but that still isn’t enough. The experts recommend activating the two-step verification process whenever possible (in Gmail or Facebook, for example). This way, if anyone tries to access your account then the service will ask for a code which is only sent to your mobile. This should be out of bounds for a cybercriminal.
There are very few things that can’t be found on the Internet. Every day you can find something new while surfing online, but you need to be careful where you click. Not all websites are safe and some hide nasty surprises. If your browser says that something’s not right, then pay attention to its warning. Unless it’s a website that is totally secure, a warning that the website isn’t following correct security protocol should be enough for.
Although some doubt its effectiveness, what’s certain is that an antivirus software with firewall is the best barrier against attacks. Surfing the web without an updated or reliable protection is an unnecessary risk that the experts at Google aren’t prepared to take. So why do some users continue putting themselves at risk?
If some of these measures don’t form part of your routine, then you should adopt them immediately. Not only because the experts consider them common sense, but because, above all, they are very easy to adopt and can save you a lot of problems.
The post 5 security measures that experts follow (and so should you!) appeared first on MediaCenter Panda Security.
A few months ago on this blog we raised the basic points that you should think about when confronted with a cyberattack. Unfortunately the general reaction of some companies is very different to this – here we present to you some of the worst reactions to a cyberattack:
TRICARE Management Activity is the name of the company that in October 2011 managed the healthcare of millions of members of the United States Department of Defense and military personnel. When it found out that five million of its users had their information compromised, TRICARE waited two weeks before making it public, with the excuse that it “didn’t want to cause an alarm” among its customers.
After this the company was the subject of intense criticism. What generates trust between customers is knowing about the situation quickly and that something is being done to resolve it. Stalling or delaying the announcement only serves to make the situation worse and can remove all trust that was there.
In April 2012, two years before Sony suffered its biggest security breach, the Japanese company was involved in another leak. In this case the credit card details of hundreds of thousands of Playstation Network users were involved. Sony reacted quickly but announced that it only affected 77,000 users. So, just when the situation appeared to be under control, it was revealed that there were a further 25,000 users affected but that they hadn’t been detected during the initial investigation.
This damaged Sony’s image and gave the impression that the company “didn’t know what it was doing”, leading to the suspicion that at any moment more negative information could arise relating to the leak. Just like in the previous case, a failed attempt at putting customers at ease had the opposite effect. For Sony, it would have been better to err on the side of caution and state that not all of the information was yet available.
When, after Sony’s big leak in 2014, The Guardians of Peace (the North Korean group of hackers responsible for the attack) announced a new line of retaliations if the movie The Interview was released and shown in cinemas, the multinational decided not to release the movie.
As its security expert Bruce Schneier explained in his blog: “Pulling The Interview was exactly the wrong thing to do, as there was no credible threat and it just emboldens the hackers. But it’s the kind of response you get when you don’t have a plan. Sony’s reaction has all the markings of a company without any sort of coherent plan. Near as I can tell, every Sony executive is in full panic mode.”
A total panic is exactly what drove them to commit a host of errors. Before this public display of weakness, Sony had flaunted a totally different, and equally unwarranted, attitude towards the press. In fact, the studio opted to hire a well-known lawyer that threatened those who spoke about the leak. This is a terrible way of “shooting the messenger”.
In December 2013, after Target suffered a data theft what involved the credit card and other information belonging to over 40,000 customers, this company committed various errors – delay in informing the customers of what had happened and failed to give the correct information from the start. What’s more, Target committed an even bigger error by not having a solution to the problem.
On the one hand, it tried to win over its customers (not just those affected by the leak) by offering a free security service which consumer organizations attack for “giving a false sense of security”, as it wasn’t useful for eliminating the risk of fraud that could come from a data leak.
Furthermore, its decision making wasn’t much better when it came to solving internal issues that caused the initial leak. It’s important to point out that Target had all of the protocols and systems in place to avoid a security breach… it’s simply that its employees weren’t trained to deal with the alerts – they ignored them because they were unaware of the protocol.
Target decided, however, to react in a most bizarre way by firing the company’s CIO and announcing the creation of two new roles that dealt with security (Chief Information Security Officer and Chief Compliance Officer). The three roles remained vacant for six months following the leak.
The post 4 common errors that businesses make after a data breach appeared first on MediaCenter Panda Security.
