With electronic payments now outnumbering cash transactions, the Point-of-sale (PoS) system hack is becoming a more common in the world of cyber crime. In recent years, there have been several high profile cases including the notorious $10 million Subway PoS breach, where at least 150 franchises were targeted, as well as the breach of Barnes & Noble, where credit card readers in 63 stores were compromised. Almost all modern businesses now make use of an electronic PoS systems, and with the hacking of these devices on the increase, it is more important than ever to take appropriate steps to secure your customers’ data.
A company’s network is one of its most valuable components, not only because of its necessity to the health of operations, but because of its vitality to sustaining business-client relationships through business continuity. One of the most common errors business owners make in terms of IT strategy is to take a reactive approach rather than a proactive approach when it comes to network monitoring. A reactive approach can promote costly downtime, expensive urgent break-fix technical consulting, and often more serious problems such as virus and malware attacks, hacking, and data loss. A good network monitoring system is beneficial to any business, however if your network displays any of the following warning signs, you should consider implementing a monitoring system right away:
On July 9th, 2012, the Internet was supposed to hit doomsday. Millions of machines worldwide were expected to no longer have access to the Internet resulting in huge losses to businesses and swamped ISP helpdesks.
The threat of malware is one that is increasing year after year, and has been doing so steadily. Scams of one sort or another are increasingly being seen on social networking sites and mobile application markets. As ever, you can reduce the risks to yourself by deploying anti-virus programs and keeping them up to date. Their ability to detect suspicious activity has been getting better and better as heuristics improve.
IT security specialists working with small and medium-sized businesses are well aware of the potential pitfalls of a BYOD approach to provisioning employees with mobile handsets and tablets. The need for such awareness was underlined this month by news that the Apple App Store's efforts to keep out malware did not managed to stop an app known as ‘Find and Call’ from being listed. The same app also made its way into the Google Play marketplace, with the result that Android as well as iOS devices became vulnerable to the Trojan.
Providing a robust level of IT security involves surmounting two distinct challenges. Not only must IT support personnel deal with the current threats that exist in the known information security environment, they must also attempt to fend off other threats that are as of yet unknown. Sometimes these threats represent a new form of an old trick, a new virus, for example.
One frequent obstacle to improving IT security can be the fact that businesses, both small and large, that find themselves the target of an attack sometimes have incentives to avoid going public with information. While this is understandable from a Public Relations standpoint, it also means that other companies that could benefit from such information have no access to it. Only when breaches involve certain kinds of personal data, types that are protected by state or federal laws, are businesses generally required to admit to a breach. In many of these cases, however, they still need not go public, as long as they notify the individuals whose personal information may have been compromised.
Now, a new software effort at Georgia Tech Research Institute may change this ‘breach reporting’ landscape. The institute has developed a system that will allow both government officials and business representatives to share information about their experiences in the current threat environment. The program, regarded as a ‘malware intelligence system’, is officially titled ‘Titan’ and is currently in beta testing. Titan differs from many similar efforts in one key respect: it will allow those who contribute information to do so anonymously.
Titan's project leader, Chris Smoak, spoke about the importance of offering businesses IT solutions that enable them to contribute information anonymously: "People tend to think that if an organization gets hit, it was because they had poor security measures. That's not necessarily true, because a variety of factors contribute to intrusions. Until we get to the point that there's no longer a stigma attached to having an infiltration, people are going to want anonymity to participate."
In addition to spearheading Titan, Smoak heads up the Cyber Technology and Information Security Lab at the institute. The Titan system is much more than a database of reported breaches. It also includes a repository of malware samples, with the system examining and classifying new code on a daily basis, sometimes as many as 100,000 pieces of suspicious code. Smoak sees Titan in the future functioning as a central hub that businesses and other interested parties can consult as needed.
Such central repositories are likely to become increasingly important as cloud computing continues to grow in scope and emphasis. A cloud computing paradigm, of course, involves confronting the threat environment online from moment to moment rather than only when workers happen to launch a browser. In such a computing environment, businesses are best served by using IT outsourcing so that highly qualified managed security providers can protect their information assets.
Most individuals even tangentially connected to computer usage in the workplace have heard the term malware to refer to malicious programs such as Trojan horses and viruses. Far fewer, however, may be familiar with the phenomenon of ‘scareware’. From an IT support standpoint, however, scareware can be every bit as hazardous to systems at small and medium-sized business as its better-known cousins.
The hacker group referred to as 'Anonymous' has recently launched a cyber attack, this time targeting a pair of trade associations in the area of technology. The attacks took the form of a distributed denial of service, a technique that can make web sites inaccessible. The group, which is considered a ‘hacktivist’ organization because its attacks generally relate to policy aims rather than the theft of personal information, was protesting legislation currently before Congress. The legislation would serve to encourage businesses to share information about the threat environment with government officials.
The cyber threat detection company Kaspersky Lab, maker of an anti-virus program used on millions of Windows PC computers, has uncovered a new form of malware that has been termed both advanced and massive in scope. This new cyber threat has been officially designated as Worm.Win32.Flame but is being referred to in casual parlance simply as "Flame". The purpose of Flame appears to be cyber espionage and has mainly been deployed in the Middle East region, with its targets being networks and systems under the control of the national governments there. To date, targets appear to include nations such as Iran, Sudan, Syria, Lebanon, Egypt, and Saudi Arabia.
The giant anti-virus company Symantec has released a new version of their Internet Security Threat Report. The study, which is published on a yearly basis, outlines the current threat environment in detail. Among the findings were some facts likely to startle employees of small and medium businesses, even those who regard themselves experienced with today's online environment threats.
Tags: IT Consulting, IT Solutions, IT Support, Security, IT Services, Managed Programs, Risk Management, Cyber Security, Outsourced IT Support, IT Security, Encryption, IT company, Outsourced IT, firewalls, Malware
Some firms can operate well by using a managed services approach to their IT needs, but some need more of a hands-on approach. This is where a managed programs provider can be invaluable. In many situations, there is no substitute for a human being who is onsite on a regular basis. By contracting with a managed programs IT support provider, a company can have the confidence that comes from knowing a consultant is close at hand when infrastructure or network problems occur.
One of the challenges in the world of Android-based cell phones and devices has been the fact that some malware developers have seen apps as the ideal way to intrude into not just cell phones themselves, but into the systems to which they may at times be connected, including business systems set to synchronize or communicate with mobile devices. Up until now, Google has not provided IT professionals with robust tools to help them deal with this type of menace. That has changed with the introduction of Google Bouncer, a program designed to scan the Android Marketplace for apps containing malicious code.
Not so very long ago, the term ‘bad device’ merely indicated a hardware component or peripheral that had stopped functioning properly. In today's world of extensive cyber threats, however, the term has taken on an entirely new meaning. A bad device now is one that functions as a repository for malware or malicious web content. According to industry estimates, thousands of new bad devices are added to the World Wide Web every day.
A recent wave of malware attacks has highlighted the need for banks and other businesses to secure high quality IT consulting services. A variant of the attack program known as Zeus, nicknamed Ice IX, has begun to target individuals and organization that use online banking services. Ice IX attempts to extract user names and passwords, but the true goal of the malware is to secure telephone numbers in order to continue perpetrating fraud that is much more difficult to detect.
Like any other software system, VMware does sometimes need to be patched with updates and fixes that can improve security and offer enhanced functionality. Other patches may even remediate bugs that have been recently discovered in the newer versions of the software. One of the best ways to ensure your system stays up to date is to use the VMware Update Manager, which provides automated functions that can streamline the process of upgrading and patching. The Update Manager allows managed services staff to fine-tune the patching process as needed so that organizational workflow is disrupted as little as possible.
Employees often want to visit social media sites such as Facebook on their breaks or lunch hours, or even during working hours, although many company policies prohibit such access. It can be difficult for companies to lock down such sites, however, because all too often, firms are making valuable business use of social media. These factors complicate life when malware programs such as the Ramnit worm begin to target those who log onto Facebook.
Any attempt to prevent malware from taking hold in a network or system must depend on a thorough understanding of how malicious programs tend to infiltrate information systems as well as how they propagate. While there are many ways to search for malware, by “signatures” that identify known malicious files, for example, one of the most useful is to look for such programs by searching for evidence of unauthorized communication on the network.
Even a security professional that diligently attends training events will have a difficult time staying completely ahead of the curve when it comes to the protection of data resources. One mind, after all, can only absorb so much in a given amount of time, and in the world of malware, things are changing faster with each passing year. This is a key reason why it is good for a security professional to work closely with an IT consulting firm so that he or she has access to a huge wealth of knowledge about how to fend off the latest developments in the hacking world.
Businesses granting workers network access privileges face the inherent challenge of keeping all such employees fully up to date with regard to safe online practices. Malware developers are becoming more adept all the time at devising ways to trick individuals into allowing infections to take root in computer systems, and even the most robust IT solutions that rely on software and hardware layers of protection can be foiled if the human element is not trained to make good decisions while using online resources.
In the current threat environment, malware often introduces itself on the network level - this requires organizations to have more effective malware controls that are based in the network itself, in addition to those that are implemented at the desktop or laptop level. For small and medium-sized businesses, this can pose a challenge. In part, this emanates from systems in which anti-virus and anti-spyware programs do not overlap or coordinate with intrusion protection at the network level. Protection systems work better, however, if these functions are integrated into a seamless whole.
During 2011, business and government organizations in the United States saw more attempted malware intrusions than in any previous year. Some of these intrusions were highly effective, damaging both the reputation and systems of targeted businesses. When it comes to the security of a company's computer systems, it is not true that bad press is better than no press at all. The public relations damage done to a business by word that private customer information has been compromised can be serious and long lasting.
A new acronym has become common parlance among computer and network security specialists: APT. The acronym stands for Advanced Persistent Threat, and it is usually used in the plural since there is a multitude of such threats populating the online world. Last July, more than a hundred influential leaders in government and business IT applications gathered to discuss the growth of APTs and what can be done to prevent them from having an impact on private industry.
Business organizations have much to lose – literally – if their information systems are not thoroughly secured against malware and intrusions. From records of credit card transactions to the private health records of employers who self-insure, personal data is at risk, but neither is company data immune to online threats. Hackers trying to infiltrate your network may indeed be looking for product designs or source code under development. A managed programs approach is one of the most effective ways to reduce the chances of information stored in your systems being compromised.
Every new technological development brings with it specific challenges to overcome, and cell phones and other devices are no exceptions. From the point of view of the user, one of the best things about cell phones is the vast array of free ‘apps’, or small programs, that can be downloaded from service providers. These apps offer features that can help users in a variety of ways, from pointing them to the nearest Starbucks to providing up-to-the-second price quotes on stocks and bonds.
Government security forces in both Estonia and the United States have uncovered one of the most extensive crime scenes in modern times. Six Estonian nationals have been arrested in connection with the internet fraud scheme, which used DNS redirection to deceive users into visiting websites they had not requested. The point of the scam was to generate advertising revenue from these sites; authorities believe that the scheme netted almost $15 million.