Even in the wake of warnings and increased awareness about passwords being weak, the problem continues. This was evident in a recent data breach that exposed the Social Security numbers of over 280,000 people in Utah. The breach of a Utah Medicaid network server was hacked via a default administrative password. This allowed the cyber thieves to bypass the perimeter, network, and application level security controls that were built into the health agency's systems.
With such mistakes fairly easy to avoid, it continues to surprise experts that these aren't the first thing taken care of when attempting to secure a computer network. But many examples exist. The U.S. Department of Energy said after a security audit at the Bonneville Power Administration, the agency identified 11 servers that were configured with easily guessable passwords. Having usb and flash drive encryption will help a great deal.
Four of the power administration servers allowed remote users to access and modify shared files. Another server hosted an administrator account was only protected with a default password. The agency reported and urged stronger password protection, especially within national security critical infratstructure such as power plants.
The recent Global Payments data breach that exposed about 1.5 million credit card account holder's information was likely accessed via weak authentication mechanisms. And it is also believed that Chinese hackers got into the U.S. Chamber of Commerce's website via weak password protection.
Gartner analyst John Pescatore said the Anonymous hacking collective takes advantage of the very human tendency to use the same password for multiple accounts. "A lot of Anonymous' recent success has been in attacks where they have obtained users' passwords to external services and then found the same passwords in use at sensitive internal applications or in email systems," Pescatore said. That is "the curse of the reusable password," he added.
"The truth is, anyone trying to protect nontrivial assets should be using multifactor authentication and/or complementary controls to protect themselves," said Peter Lindstrom, an analyst with Spire Security. "The password has too many weaknesses, including the obvious human ones. At this stage of the IT game," he added, "there is really no excuse for using default passwords."
nside a new survey, 70% of organizations storing third-party information aren't "very confident" that the sensitive information stored inside their corporation is safe. More than 80% from the organizations that responded towards the survey had been really storing sensitive information from their clients, customers, vendors and company partners. About 50% had been ?fairly confident? that the info was protected. About 20% had been "not confident at all" that sensitive information was protected. And 5% had been "unsure."
It is disconcerting that a lot of businesses are nonetheless complacent with regards to information protection. It indicates that these organizations could have some severe concerns to answer ought to they suffer a breach. Actually, regulators like the SEC, ICO and EU would most likely deem that they failed within their obligation to supply suitable security protection to stop sensitive information breaches and impose a hefty monetary penalty.
Additional info gathered from the survey included much more insight into those that identified as "not confident" that information was protected -- only 10% didn't know exactly where the information is stored and 0% didn't monitor all information access. These extra information points make it clear that the lack of self-confidence in protection most likely stems from the ever-changing skills for cyber thieves to locate methods to access and steal information.
The Ponemon Institute's Price of Information Breach Study - which focuses exclusively on U.S. information breaches, also has shown that the price of information breaches has been declining as much more attempts are place into reaction and response. Probably the most substantial becoming that each the organizational price of information breach and also the price per lost or stolen record have declined. The organizational price has declined from $7.two million to $5.five million and also the price per record has declined from $214 to $194.
The survey states, "This decline suggests that organizations represented in this study have enhanced their efficiency in each preparing for and responding to a information breach". Nevertheless, it appears that as information breaches continue to happen and also the efforts of information hackers improves, companies really feel as although they by no means are ready and start to lack the self-confidence that they are able to manage and shield information security. Having secure usb flash drive review will add some confidence when selecting such devices, products and vendors for a company's data protection needs.
Internet connected Tv sets and set-top boxes are a little percentage from the a huge selection of an incredible number of American households. A brand new report from the study firm, NPD In-Stat is predicting that 100 million houses in each Canada And America and Europe will personal a tv which has Web content material capabilities by 2016. At this point, you will find restricted issues about info security regarding these connected TVS - like these within the Roku or Apple Television networks. Nevertheless, current revelations are raising fears these connected TVs will probably be a brand new security hole.
Roger Grimes, a blogger has discussed his exploits operating as a security advisor for an unnamed CATV service provider. Grimes wrote in InfoWorld about his function as a part of a team which was given the job of penetrating the CATV's network. The team was in a position to bypass the protection functions from the CATV provider's set leading box, redirecting the service's Disney channel to a porn website. These shenanigans had been on leading from the team's capability to get into the CATV provider's internet servers.
"Our objective was to determine if we could hack in to the set-top box, steal consumer individual info, pirate solutions, and incur denial-of-service circumstances." Roger Grimes wrote inside a current post. Adding, "we not just owned the box, but wound up taking root from the whole cable method."
The way forward for Web-connected Television is certainly going to become just like today's globe. There's a possible that this globe might see malware takeovers of TVs, DoS attacks, and all of the other hacker associated activity that's observed in present pc networks within the always-connected globe. Perhaps things like usb encryption and other forms of encryption will help.
Probably the globe might find hackers perform the following with Web connected TVs:
-- Present fake bank card types to fool customers into giving up their private info.
-- Intercept and redirect Web visitors back and forth from the HDTV, which might be utilized fool customers into convinced that "imposter" banking and commerce web sites had been reputable.
-- Monitor and report on consumers? private Web usage habits with out their information.
A current survey showed that a majority of businesses as well as government organizations are blind towards the reality that they have a problem with their data protection. These organizations are at an excellent risk and do not even realize it.
Also, the companies may be unaware that they've currently lost data or had the private information stolen from their databases or computer systems by cyber thieves. This blindness implies that they're unaware that they've lost useful information or that their operations have been compromised by some means.
Here are some suggestions to help keep your data safe and your reputation sterling:
1. Remember that one of the worst errors would be to think that it's the responsibility from the IT division to safeguard customer and sensitive data. Security ought to have the attention of C-level management and it should be a part of the overall corporate strategy with both an outside and more importantly internal threat.
2. It is suggested from sources online which you control the core operations and make certain which ones are priorities for the organization. Then defend these operations through layering of protection. Monitor the flow of business interactions to be able to know exactly where the weak intersections and exactly where vulnerabilities are. Use usb encryption and other technologies.
3. Leading management of each organization should chair a cross-functional security compliance committee. The committee ought to manage determining what the essential information assets are that need to be protected and what the right mixture of internal and external protections are and putting them into place.
Governments, organizations and businesses can take a strong stance in securing data after which utilizing this to strengthen their reputation and trust from the public. Taking the extra steps beyond complying with regulations, organizations that do greater than the minimum to shield data and information will offer a increase in protection of information. A company can turn a strong corporate objective to secure and shield private information into a increase to corporate reputation and branding.
Because the tools of security networks from cyber burglars improve in sophistication so do these tools utilized by the particular thieves themselves. Groups like Anonymous as well as other cyber crime groups are now favoring totally free automated tools to rapidly exploit web site vulnerabilities. What tends to make current incidents fascinating will be the speed and effectiveness from the hacks. The speed and ease had been accomplished through automation.
Actually newer crime ware toolkits such have enabled individuals with minimal personal computer expertise to learn from cybercrime. This really is simply because these cyber crime tools automate the otherwise labor intensive procedure of making hard-to-spot malware. This malware that's created to find and steal sensitive individual information like bank account numbers and passwords and to make use of infected PCs as a part of a higher crime network of infected computer systems Nevertheless the sophistication level has been increased and these types of automation are becoming applied to make much more advanced web site hacking tools.
Automated hacks aren't new but now they've elevated sophistication. This really is even truer with regards to tools for exploiting SQL injection flaws. Higher attack tool sophistication can produce worrisome attack volume capabilities. Automation is really a important indicator that somebody desires to attain an economic climate of scale. Inside a current information breach in Europe the suspect admitted to exploiting 259 websites in 90 days an typical of 3 web sites each day. The suspect was the teenager and he had conducted web site reconnaissance to catalog bugs in applications and Internet-connected databases then returned to these websites to exploit them. Automated attacks might also display telltale signs that organizations can use to assist spot and block such attacks whilst they are in progress.
Utilizing encrypted flash drives is one way that businesses may avoid the attack of hackers. Automated attacks have a tendency to be launched against a sizable quantity of websites more than a brief time period which means that much better attack intelligence and info sharing could assist organizations spot these kinds of attacks as they are taking place.
Oliver David writes and contributes articles for websites on issues like usb flash drive review and usb protection.