It rains in this city just a handful of times per month. But wouldn’t you know it when I woke up today, walked downstairs to grind some coffee only to find something that really grinds my gears. Water. Water everywhere. I’m talking MAJOR water damage. I will update later today – for now I am waiting for the guys with the big hoses to show up fix the damage in my LA rental.
From the board level to engineering and sales, bright young minds and seasoned veterans alike are prime targets for cyber security intrusion. It’s not just people who hate computers or new users; the manipulative social science behind many cyber-attacks far exceeds the digital hacking methods that most people think of when they hear hacking. Is your Los Angeles business at risk?
To understand your data risks as a professional and to achieve peak cyber readiness, consider a few of these phishing, hijacking, and new art of the con methods in the digital world.
Phishing Continues To Evolve
Phishing, spear phishing, whaling: three terms that cover the rising intensity and specificity of con-artists in the digital era. The methods continue to change, the core concept for safety is simple: trust, but verify.
Phishing and similar attacks are achieved by fooling the victim into thinking they’re working with a trustworthy individual. This can mean anything from opening an attachment from someone pretending to be your investor to paying an invoice from someone pretending to be a vendor.
Verification is the obvious answer, but verification isn’t easy. Successful phishing attacks rely on increasingly deceptive mimicry and urgency, and the most potent phishers use a mix of old and new techniques.
Consider a company full of people with at least some internet knowledge–the near future, with Gen X and Millennial-aged professionals in leadership and Gen Z disrupting markets with startups. Digital common sense says to not respond to spam and to verify the address of an email, but what if the fake is really close? Not all companies employ LA IT professionals that can help establish protocols to know what is safe.
If your Accounts Payable department receives emails from XYZ Heavy Industries in Los Angeles for real purchases, how do you know what their real email is? Have you spoken with them in person? Do you know their system administrators or their mail exchange administrators? Do they use personal emails, or multiple emails from @XYZHEAVYINDUSTRIES.net?
Phishers can make fake email accounts that are a letter off, or may use ASCII or Unicode characters to fool the untrained eye. Some email services may detect those questionable practices, but what if an employee ignores the warnings? What if the email comes from XYZHeavyInvoices.net and your team hasn’t been burned by fraud before? Someone may take the bait.
These issues can be prevented by designing filtering and verification within your business. Utilizing a system that only allows emails from verified address to reach certain accounts can protect your team from fraud and tip off newer or inexperienced tech users. Seeing a phisher fail in the real world is better training than slideshows and online learning modules if you’re fortunate enough to emerge unscathed.
Phishing And Fast-Paced Business
You need to act quickly! This deal won’t last, and the market is ripe for the picking!
Urgency is a great marketing technique because it plays on the emotions of people looking for a deal. It’s also completely valid, as many small opportunities can come and go with great returns.
Cyber security attacks play upon the social science behind urgency just as much as legitimate and illegitimate marketers do on a daily basis. If a broker contacts you with a cheap sale, an innovative technology, or a chance to move in on an emerging market, you’re in a space of power and vulnerability at the same time.
Professionals acting on behalf of larger businesses may be looking at such deals every day. They’re individuals who may have huge corporate funds at their disposal if the deal is great for their team. Targeting these professionals rather than sole-proprietors is a great opportunity for theft because of their willingness to part with discretionary funds or entire project budgets.
Phishing isn’t just about buying into a potentially fake deal. When a professional arranges a meeting with a potential partner, they could be building a phishing profile. From the start, phishers will have a name, contact information, and voice of a professional.
Through discussing the deal, social engineers can pick up speech patterns, habits, hobbies, and other details that could help them scam someone else. They could scam the professional’s company, a company partner, clients, or even rivals who are known to steal ideas from the professional.
It’s all a big observation game, and you can’t prevent all information from be leaking. If you’re paranoid enough, even the CEO could be phishing! What matters is that you perform due diligence with a few steps to reduce fallout from cybercrime:
- First names or aliases only. Phishers could be building a directory of people in the business who respond. Don’t make it easier to track down professionals, their departments, project, and responsibilities. Use throwaway or burner accounts that don’t tie directly to the professional.
- Confirm your reward. They’re making the offer to you. If you can’t see the goods, keep it to first name or alias basis.
- Meet a real person. It’s harder to pull a scam if the other party can bring in the authorities. Make sure you have someone to sue.
The digital front is rife with challenge, and there’s no shortage of threats. While securing your data through anti-virus suites is important, be sure that your business can challenge and authenticate outsiders digitally and physically. Contact a cyber security professional to discuss other aspects of protecting your digital resources.
In today’s business environment, advanced technology has taken center stage and it is an integral part of every business. Businesses whether large or small need IT support. While large businesses can afford to hire experts to run their IT departments, the small businesses have to rely on outsourcing. IT support has become a necessity for any business that hopes to grow and remain competitive in the market.
Virtually every task or project in a business has been automated. Computers play an important role in ensuring that a business runs efficiently. Having an effective computer network system helps to ensure that a business can operate smoothly and cost-effectively. The computer system enhances efficiency and is able to enable the business to hire fewer employees than would be required to run a manual system.
As advancements in IT continue to expand and change, it is becoming increasingly important to have people who know how to run the systems, working for the business. Outsourcing IT services has become one of the most important functions that a company can carry out. Most administrative tasks have been automated and the business has to get a reliable service that ensures that the systems are working at all times.
The benefits of IT support services include the fact that productivity is increased without the need for additional staff. A small business does not have to increase the number of employees, as the technology implemented is able to perform many specialized tasks. By outsourcing its IT services, the business can concentrate on its core functions, including dealing with customers and bringing in more clients.
Small businesses are able to compete on a level playing field with larger businesses when they have access to the latest technology. The companies that offer the IT services have expert personnel who are able to acquire the latest software and skills. The small business gets the benefits of the skills without paying to hire new computer specialists. The service providers are able to ensure that their clients have all the support they need at all times.
Support services offer a wide range of IT related services; from simple computer tasks, to more complex network issues. A business can hire the service provider to deal with any number of issues, whether they are hardware related, or software related. Most IT support services are offered round the clock and the business can get assistance any time of day or night. The company is able to monitor the clients’ systems to ensure there are no problems, and they perform routine maintenance on a regular basis.
Most small businesses depend on remote support where the IT service company ensures that the system is running properly, from a remote location. This means that the service provider can even be in a different city or country, but is still able to handle the affairs of the business. The support company is able to monitor the company data to ensure that everything is running smoothly. Communication can be conducted through the telephone, emails, online chats and any other systems.
There is no denying that CCTV systems, both traditional OVR-based and cloud-based systems, serve as the first line of security in nearly all public and private organizations today. As a matter of fact, it’s for this reason that many people fail to see the need of giving these invaluable security devices the security protection that they deserve. CCTV should keep people safe and not the other way round, right? Well, that argument would be misleading because with the increased rate of cybercrimes and terrorism, no organization is truly safe if its data collection and/or storage devices are vulnerable to infiltration. CCTV systems collect and store more data than Google and Bing combined which means that they top the list of criminals’ target devices.
Rumors of some counterfeit CCTV equipment having pre-installed malicious software surfaced about two years ago in the US. In 2017, stakeholders in the global CCTV manufacturing industry started raising concerns that criminals had found ways of accessing a device’s IP address which they would then use to access an organization’s security feeds from a remote location. This conversation has since picked momentum as cases of visual surveillance data theft increased exponentially towards the end of 2017 and into 2018.
Vulnerability of CCTV Systems in Public Schools
Among the organizations that seem to have neglected their surveillance cameras most are our public schools. At least four British schools and several others from Canada recently fell victim of this negligence, with footages from their CCTV cameras doing rounds on the internet late last year and early this year Government investigators working on these cases have since revealed that most public schools are either using outdated surveillance systems, easy-to-bypass passwords, or systems without any firewall protection. This is a serious security breach which could cause unimaginable damages, particularly because all the affected schools had at least a thousand pupils by the time their security feeds were stolen. But how exactly did this happen?
CCTV Hacks in UK-Based Schools
In January 2018, an American-registered website hacked CCTV systems in some UK-based schools and posted images videos of unsuspecting pupils and teachers online. The website spied on kids at Christ The King Academy Primary School through cameras that were at that time installed near classrooms and at the school’s main entrance. Parents in the school were left speechless after realizing how unsafe the surveillance cameras had made the
institution to be and blamed the administration for not taking their kids’ safety seriously.
Another school that the malicious spies had gained access into was Christ The King Academy Primary School’s neighbor, St Mary’s Catholic Academy in Blackpool. The school which boasts of a pupils’ population of about 1,188 kids has cameras at every turn, including inside the toilets, but had not password-protected them prior to the January attack. Still in Blackpool, the criminals went to the extent of streaming live all the activities in and around Highfield Leadership Academy. This was one of the biggest security breaches in the history of Britain’s modern education system.
CCTV Hacks in Canadian Schools
In October last year was the turn of Cape Breton School’s privacy to be infringed by cybercriminals. Video surveillance images from different parts of the school were streamed by a Russian-registered website for days without the knowledge of the school’s administration. According to Nova Scotia’s privacy Commissioner Catherine Tully’s report, the school’s reluctance to advance technologically left it exposed to hacks. This was even as the Cape Breton-Victoria Regional School Board (CBVRSB) denied that schools within its jurisdiction were negligent in regards to student’s security. Beth Maclsaac, the board’s superintendent, argued that even though the damage was already done, the school boards had embarked on a mission to secure school cameras with passwords.
As the debate of whether or not schools should secure their surveillance cameras, one fact takes precedence, CCTVs are, unbelievably, making school environment more insecure than they are making it safe for kids. Schools all over the world need to come up with ways of protecting their data in the same way that big companies are doing, failure to which the cases of visual data theft will erode the confidence that parents have in them. As for the parents, it is time that they took matters on their own hands and demanded that any CCTV camera that’s not supported by the manufacturer in regards to regular updates be replaced. Privacy trainings should also be made mandatory for all school heads. These are some of the ways through which our kids will be protected from the malicious cybercriminals and terrorists.
Some of the biggest cyber breaches in recent history occurred in 2017, and data belonging to thousands of businesses and millions of consumers were hacked. The major cyber-attacks in 2017 include the WannaCry ransomware infection, and the stealing of personal data from Equifax, Chipotle, Forever 21, and different social media sites. Experts have projected that by the end of 2017, spending on information security would have reached $864 billion. The 2017 Cyber-crime report projected that by 2021, damages from cyber-crime would cost the global economy $6 trillion per year.
The increase in the prevalence rate of cyber-crime is expected to continue through 2018, and businesses and individuals need to protect themselves from falling victim. This article examines IT security in 2018, and the five major security issues.
The most popular conception of hackers is lone individuals working in a dingy place for personal gain. This has changed because cyber-crime is turning into black market services provided to businesses, countries and individuals with the aim of harming or embarrassing the victims or rivals.
The provision of data breach services could lead to the emergence of new sophisticated malware, Trojan and phishing programs in IT security in 2018, as hackers advance their communication and coordination techniques. The provision of cyber-attack services in the black market could also see budding hackers purchase malware programs that enable them to carry out cyber-attacks without technical knowledge.
- An Increase in the Prevalence Rate of Crypto-Jacking
As 2017 ended, there was an increase in cryptocurrency related crimes, and this trend is expected to continue into 2018, encouraged by the appreciating value of cryptocurrencies. Experts have noted that it is difficult to differentiate a normal internet user and a cyber-criminal whenever it comes to cryptocurrencies. An individual could be mining cryptocurrencies for his/her own wallet from visitors to his/her website. The same individual may engage in crypt jacking and it would be difficult to tell. For example, cases of individuals holding vast amounts of a specific cryptocurrency, and manipulating the market for their own benefit have been reported, and the trend is expected to continue through 2018.
- Ransomware In Cloud Computing
In 2017, a number of ransomware attacks were reported, with the most notable ones including the attack against Britain’s National Health Service, the breach against light-rail network in San Francisco, and attacks against major corporations such as FedEx. Ransomware is a type of malware that compromises defense and shuts down computer files using advanced encryption. Hackers using ransomware demand money in exchange of the digital keys to unlock the computer.
Criminal hackers like to use ransomware, and then demand payment in cryptocurrencies that are difficult to trace. Experts project that in 2018, the most preferred target for ransomware attack will be businesses in cloud computing. Big corporations have already hired the best minds in digital security to prevent any attacks. However, smaller companies are likely to fall victims to criminal attackers using ransomware.
- Internet of Things (loT) will Create More Risks
Businesses are increasingly adopting loT devices, but most of the devices lack a secure design that ensures IT security in 2018. Organization need to know the risk associated with using loT devices because loT ecosystems will face more security threats in 2018. The major security threats loT devices face include:
- Lack of transparency on how the data captured by loT devices is used The manufacturers have access to the data captured using loT devices, and could use the data in ways not approved by customers.
- Businesses face the risk of litigation if data is stolen from their loT devices.
- Industrial attacks could quickly result in physical damage and loss of life, if the hacked loT devices were used to
control industrial processes and machinery.
- Manufactures launch new loT devices regularly and this means that the older versions are ignored in terms of upgrade and firmware, and this exposes them to new security risks.
- Hackers Will Target Security Software
Cyber-criminals will focus more on compromising security software in 2018. Security software are trusted programs, and by targeting security software, hackers will have the ability to control devices and manipulate other users. As attacks through security software are reported, public trust in the software, especially antivirus solutions will deteriorate.
Justin Dolly. (Dec 2017). Top 5 cybersecurity concerns for 2018. https://www.csoonline.com/article/3241766
Thor Olaysrud. (Nov 2017). 5 information security threats that will dominate 2018. https://www.cio.com/article/3237784/security/5-information-security-threats-that-will-dominate-2018.html
Ben Canner. (Dec 2017). 5 Major Cybersecurity Threats 01 2018. https://solutionsreview.com/security-information-event-management/1107-2/
Martin Giles. (January 2018). Six Cyber Security Threats to Worry About in 2018. https://www.technologyreview.com/s/609641