It seems as India is producing an army of “ethical hackers”, who earn millions protecting foreign corporations and global tech giants from security issues but are largely ignored at home in India. The skills are either misunderstood or distrusted. India produces more ethical hackers, the ones who break into computer networks to expose, rather than exploit, weaknesses – than anywhere else in the world. An unwillingness to hire its homegrown hackers has backfired spectacularly for a number of Indian startups. This has forced a long-overdue rethink of attitudes toward cyber-security. Multi-national corporations like Facebook are hiring Indians who are highest ranked bug hunters, or those who get rewarded for finding red-flagging security loopholes. Companies have previously not compensated hackers accordingly or even appreciated them. Hence many have been going oversees for opportunities.
Week 07: NetCat and HellCat
Pretty Interesting article that I found which talks about the cyber security job market. It explains there will be millions of jobs open by 2021 and not enough people to fill them,( which might not be a terrible thing for us). However, this article also talks about how they teamed up with the Girls Scouts to train young girls in cyber security which is pretty cool. So if they have an interest, they could help fill some of thoose jobs.
After the big credit cart breach that we learned about two weeks ago in class which was talking about Target losing millions of US credit cards customers information. Pizza Hat admitted that an email sent to so many affected customers placing orders on the company mobile app or website.
The “temporary security intrusion” resulted in hackers accessing names, addresses, and payment card information ( Card number, Expiration date, and CVV numbers). Until now, the company didn’t say the number of customers were affected.
Another company was not honest enough to inform its customers and it took the leaders more than 2 weeks to inform the customer of the attack which made so many of them very angry.
SMEs more vulnerable than ever to cyber attacks, survey shows
This article talks about the following: Cyber-attacks have become a growing threat in the United States and UK and this has factored primarily because of weak password protection. A study conducted on about 1000 SMEs from UK and US revealed that most attacks have happened on small businesses because of poor management. Because of poor management and lack of resources for cyber threat protection, these SMEs are targeted through phishing. There are a couple of reasons that have been identified. First, SMEs lack antivirus software. Second, they do not have encryption software’s. Third, they do not adopt the practice of using digital signatures. Lastly, they do not use Dmarc email authentication.
It will be interesting to see how things unfold in the future. SMEs do not have financial muscle to invest largely on such cyber security measures. Questions that need attention are, What viable options do they have to protect themselves from phishing and online scams? What will be the level of investment required to implement organization-wide cyber security systems?
Iran to blame for cyber-attack on MPs’ emails – British intelligence
This article talks about the following: In June 2017, the email accounts of many MPs were compromised and this blame has been put on Iran. With this recent development, the ties of United States and Iran has also taken a toll. The attacks have been named by the American Intelligence as a Brute Force attack done deliberately to tap communications of MPs with their constituents. Attackers carefully planned the cyber-attack on those email accounts that have weak passwords. These attacks have further spilled the relations of Iran with the United States with President Donald Trump abandoning the Iran Nuclear Deal
It will be interesting to see how things unfold in the future. How can government organizations be more protective and equipped with Cyber Threat measures? If the government plans to implement security measures for stronger firewalls, how will this impact the operations of MPs?
Over Two-Thirds of SMBs Lose Money In Cyber Attacks: BBB
This article talks about the following: This is a survey conducted on more than 2000 businesses by BBB. The results from the discussion with respondents showed that about one thirds of small and marginal businesses are victims of cyber threats and though they take all preventive measures right from filtering emails and traffic over the internet, 8% of the respondents haven’t heard from dangerous virus such as Trojan. The most important reasons that hinder businesses from using cyber security protection are lack of resources, unskilled to tackle cyber-attacks, and some say that they lack information. These results are peculiarly interesting because they give customer sentiments towards such threats.
It will be interesting to see how things unfold in the future. What measures or resources can small businesses avail to tackle cyber threats? Will financial resources allow small businesses to invest in cyber security measures?
Almost 60% of small businesses have been victims of a cyberattack in the past year; however, most them were not aware they were attacked. Nationwide conducted its third annual survey which included over 1,000 businesses with fewer than 300 employees for the study. 58% of participating companies were victims of a cyberattack. The types of attacks ranged from phishing scams to ransomware. Companies who are targeted tend to have fewer cyberdefense systems, lower budget for threat protection and less name recognition. The most common forms of attack were computer viruses (36%), phishing attacks (29%) and Trojan horses (13%). Many of these companies were not prepared for any type of cyberattack. Around 58% of the firms do not have a dedicated team or vendor to monitor for cyberattacks. 76% did not have a plan action for when an attack takes place, 57% did not have plan for protecting employee data and 54% did not have a plan for protecting customer/client data. Recovery was slow and expensive for these companies. Around 20% of the companies spent about $50,000 and recovery took over six months. Additionally, 7% spent over $100,000 and recovery took over a year.
My article this week discusses the business risks associated with cyber security. It lists many statistics about how many organizations are attacked and the amount of money and reputation lost as a result of these attacks. I don’t disagree that it seems like every day we hear more and more attacks and new vulnerabilities being exploited. I do, however, disagree with the conclusion that the author has drawn as a result of the increased focus on cyber security. The author asserts that cyber security is just now becoming a business risk instead of an IT issue and that executives now need to focus on it more. I think that cyber security has always been a business risk and not just an IT issue, but executives are just now starting to listen to what IT professionals have been telling them for ages. IT is often part of the solution to fix cyber security vulnerabilities, but organizations have always been wrong to classify cyber security as a solely IT issue and I think they are finally starting to realize this as a result of the impact on businesses we have seen from cyber incidents.
Do you agree with me or the author of the article? Has cyber security always been a business risk or is it now becoming a business risk because of the increase in the frequency and severity of cyber incidents?
In this article, it talks about how India has become the second largest market for smartphones usage. This means new malicious actors can appear and introduce new threats to the market. Not only are smartphones are at risk but also businesses. Since in India they have a high percentage of piracy for software, businesses need to make sure they get the original software and install it in their systems, harden the OS, implement secure password policies, make their employees aware of such threats and pretty much have backups and backup plans.
Finspy, a spyware that was being sold to government agencies, has been found infecting targets using an Adobe Flash zero-day exploit through Microsoft Office documents that was started by BackOasis. Security researchers from Kaspersky Labs found the Adobe Flash zero-day exploit, tracked as CVE-2017-11292, is a vulnerability that can lead to code execution through Flash Player 22.214.171.124 for all major OS. It has been found that the FinSpy payload exploits the Flash Zero-day vulnerability.