I think organizations and companies with sensitive and confidential information ought to put up a high level of security infrastructure to protect their data….am I right?
This security protocol is even more relevant now, as organizations are increasingly becoming targets of cyber attacks. Every violation of the network infrastructure increases the likelihood that vital corporate data can be stolen. Therefore, it is extremely important to develop a position of readiness for cyber attacks that could harm your business.
- Company’s role in security planning
- How are you vulnerable to hacking
- Problem with upgraded firmware
- ESET discloses attacks on target data
Preparing for the threat of data-stealing attacks
Data security is an important aspect of American life. According to studies, 64 percent of Americans have experienced major data breaches that compromised their information, of which 41 percent experienced fraudulent credit charges, and 16 percent say their e-mail accounts have been compromised. It’s become so prevalent that Ginni Rometty, IBM's chairman, president and CEO, went so far to say that cyber crime is the greatest threat to every company in the world.
This is why it's all the more important for companies to keep an eye out for the top security challenges that they could be potentially vulnerable to. Here's a discussion on how they can prepare for such a daunting task.
Company’s role in security planning
Thanks to modern-day technology, companies can now afford themselves a wide range of security technologies, all of which claim to offer solutions to various problems. But why do you need to prioritize having a solid security foundation? How does moving to the cloud affect planning for data loss prevention for companies?
In short, ensuring that cyber security--including scanning and scanning for vulnerabilities--must be high on the company’s agenda. However, security planning, including anticipating the types of cyber attacks that your company could be subjected to, requires making the right decisions according to the needs of your organization from the range of options. How can companies do this?
- Research intelligence. Determine the state of the problem.
- Proper equipment and protocol. Tools, technologies and practices that contribute to a strong security program.
- Roles in security maintenance. The security status in the organization hierarchy.
How are you vulnerable
Cyber criminals are stepping up the distribution of data theft programs through pornographic content, optimized for viewing on smartphones and touch-sensitive tablets. Moreover, free applications and mobile ads are constantly being manipulated by scammers inclined to redirect your clicks to web links that you did not intend to visit. Known as clickers, these scammers pay advertisers for each such click.
Do you know that your own home Wi-Fi routers could be a gateway to data breach? This is because information is transmitted through our routers, through which we access the Internet along with other devices. There are even contests where participants need to hack into Wi-Fi routers. This event was called DEFCON hacking in 2014.
Problem with upgrading firmware
Linksys develops new firmware every year, but only for its most popular routers. New firmware usually introduces new features, improves performance and security. The Linksys function is already enabled, which allows users of the local network to connect to the web interface without an access key.
Manufacturers have made routers that can be automatically updated. The most-rated model is Linksys EA8500. However, firmware updates must be activated using the manual method. Many computer experts are unaware of the need for this operation.
Reports have shown that less than half of IT professionals regularly update their router, while only 32 percent know about this operation. These statistics show that many routers do not have the latest security firmware update. The easiest way to update the firmware is to log into your web interface. Each manufacturer has its own IP address.
ESET discloses attacks on target data
The first infectious vector used a widely used and violent vulnerability, known as CVE-2012-0158. This vulnerability can be exploited by specially created Microsoft Office documents and allows arbitrary code execution. The materials were delivered by e-mail, and the malicious code was executed without an attacked computer user, even knowing when the document was opened.
Another vector of infection was via Windows executable files, which are Word or PDF documents, which are distributed again via email. In both cases, to avoid suspecting the victim, fake documents are shown to the user at execution.