should

now browsing by tag

 
 

#nationalcybersecuritymonth | Why small businesses in India should take cybersecurity seriously

Source: National Cyber Security – Produced By Gregory Evans

NEW DELHI: City-based Virendra Shekhawat, founder of Delhi Photography Club, which teaches photography to beginners through workshops was the target of a cyber-attack in December 2017. The company’s Facebook page which had 2 lakh followers and 10,000 paid subscribers was hacked and Shekhawat was logged out of his own account.

Despite filing a police compliant and paying a ransom, Shekhawat failed to secure access to his account. He finally accessed it after Facebook reset his account. Shekhawat made just 12,000 from the page that month compared with monthly earnings of 3,00,000 and 4,00,000 prior to the attack.

Cyber-attacks on small- and medium-sized businesses (SMBs) have been on the rise. According to a 2019 study by Accenture, 43% of cyberattacks worldwide are aimed at SMBs. India has 6 crore SMBs that account for 30% of the GDP as per the Confederation of Indian Industry and with the adoption of technology their contribution is only likely to grow.

Consulting firm Zinnov expects SMBs in India to consume digital services worth $80 billion in the next 5 years.

Unlike large enterprises, many SMBs often do not have resources and manpower to deal with the evolving threat landscape. On top of it, they feel that they are not at risk.

A July 2019 study by UK based cyber-security firm Keeper Security found that decision makers in 62% of companies between $1 million and $500 million did not think they would be the target of cyber-attacks. It is this perception which may discourage them to spend enough on cyber-security.

“Small budgets certainly have a role to play for small companies that might forego hardware security via firewalls and unified threat management devices, and certainly would find it difficult to hire IT staff with the skill and experience to implement security measures,” said Samir Mody, vice president, CyberThreat Lab, K7 Computing, an Indian cyber-security firm.

To cut down on spending, many are tempted to use cracked or pirated software. Mody warned that using pirated or outdated operating systems also leads to the risk of cyber-attacks since they may not get security updates.

According to an August 2019 report by Russian cyber-security firm Kaspersky, despite the availability of newer versions of software, around 41% of consumers still use either an unsupported or approaching end of support desktop operating system such as Windows XP or Windows 7.

About 40% of very small businesses and 48% of SMBs continue to rely on these operating systems. Microsoft recently killed all support including security updates and patches for Windows 7.

SMBs in banking, financial services and insurance sector are more vulnerable as they allow cyber-criminals to make monetary gain and steal sensitive data at the same time.

Similar to SMBs, startups also feature high the list of potential targets of cyber-criminals. Despite founders of startups having a better understanding of modern day cyber-security risks, and a higher likelihood of them taking steps to protect their assets, there have been frequent cyber-attacks on startups. Among Indian startups, Zomato suffered a security breach in 2017.

Also, targeting startups can sometimes be more lucrative than SMBs. “Most important thing that a startup needs to protect is its IP (intellectual property). Many of these startups have no funding for first 6 to 12 months but they have a great idea. If the idea or source code is leaked, they can lose what makes them unique,” said Mukul Shrivastava, partner, Forensic and Integrity Services, EY India.

Credibility is also important. If a customer data base is breached, startups lose credibility, which can stall future investment in addition to heavy penalties they may have to pay, added Shrivastava. A 2019 study by US-based National Cyber Security Alliance suggests that 60% of SMBs that face a cyberattack tend to go out of business within six months.

Cyber-attacks have a catastrophic effect on startups as they are characteristically anchored in technology and operate on a lean infrastructure. If this infrastructure gets compromised, it usually compromises their business entirely, warned Rakesh Kharwal, managing director, India/South Asia & ASEAN, Cyberbit – an Israeli cyber-secuirty firm.

“Any cyber-attack primarily complicates a business in three ways, i.e. operations, market perception, and legal. Now, startups also have meagre capital. A report by Data Security Council of India (DSCI) also states that the average cost of cyber-attacks has increased by 8% in India. So, for startups, it becomes tough to sustain unit economics,” added Kharwal.

Source link

The post #nationalcybersecuritymonth | Why small businesses in India should take cybersecurity seriously appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | WhatsApp is under attack and you should be aware of this growing risk

Source: National Cyber Security – Produced By Gregory Evans

Along with WhatsApp, other firms being targeted in these scams include PayPal, Facebook, Microsoft and Netflix.

If you are concerned about these types of online attacks then the UK’s National Cyber Security Center has some good advice for consumers.

Here’s their top tips for avoiding phishing scams online.

• Many phishing scams originate overseas and often the spelling, grammar and punctuation are poor. Others will try and create official-looking emails by including logos and graphics. Is the design (and quality) what would you’d expect from a large organisation?

• Is it addressed to you by name, or does it refer to ‘valued customer’, or ‘friend’, or ‘colleague’? This can be a sign that the sender does not actually know you, and that it is part of a phishing scam.

Source link

The post #cyberfraud | #cybercriminals | WhatsApp is under attack and you should be aware of this growing risk appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Opinion | Jeff Bezos’s Phone Hack Should Terrify Everyone

Source: National Cyber Security – Produced By Gregory Evans

What Mr. Pierson describes is low-hanging fruit — the kind of security flaws that can quickly be fixed with a little knowledge and attention to detail. Even then, he said, it takes time for the true nature of clients’ vulnerability to sink in. “They’re shocked when we give them their password and tell them where we found it, but it doesn’t hit as hard as when we tell them their entire home automation system has been potentially online and viewable for three or five or eight years,” he said.

When it comes to a Bezos-style breach — potentially at the hands of a nation-state’s intelligence service — high-profile targets would likely be even less prepared. As Mr. Bezos’s lengthy investigation into the 2018 attack shows, it’s difficult to get straight answers even when you have the money and resources to run full forensics.

Of course, it’s not just wealth that turns somebody into a person of interest for hackers. Journalists, government employees, workers at energy companies and utilities could all be targets for someone. Those who work for financial firms, airlines, hospitals, universities, Hollywood studios and tech firms are all potentially at risk. To mitigate that risk, there are plenty of things you can do. You can take steps to secure yourself from corporate data collection using privacy settings on your phone. And to protect yourself from cyberattacks there are helpful guides you can use that have been vetted by security professionals.

For most of us, the attack against Mr. Bezos isn’t the death of privacy, but a reminder of the risks of living a connected life. It should be a moment to think as critically about what you do online as you might in the real world. Invest in a password manager. Turn on dual factor authentication. Be skeptical of any communication that looks out of place.

For the ultrarich and influential, the Bezos hack should be a terrifying revelation that, as the former State Department employee and whistle-blower John Napier Tye told me last autumn, “For someone who’s truly a high-value target, there is no way to safely use a digital device.” The stakes are astronomically high. Not just personally, as Mr. Bezos found, but professionally. Company secrets, matters of national security, access to critical infrastructure and the safety of employees could all be compromised by lax security at the top.

The internet has long been thought of as a truly democratic tool, flattening and democratizing the ability to publish and communicate. It’s also the great privacy equalizer. Money can buy a lot of things. But on a dangerous internet full of exploits, flawed code, shady actors and absent-minded humans, total, foolproof security is not one of them.

Source link
——————————————————————————————————

The post #deepweb | <p> Opinion | Jeff Bezos’s Phone Hack Should Terrify Everyone <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Who Should the CISO Report To in 2020?

Source: National Cyber Security – Produced By Gregory Evans The debate over who the CISO should report to is a hot topic among security professionals, and that shows no sign of changing soon. That’s because there is still no standard or clear-cut answer. Ask CISOs themselves for their opinion, and you will get a variety […] View full post on AmIHackerProof.com

5 Reasons Why Programmers Should Think like Hackers

Source: National Cyber Security – Produced By Gregory Evans Programming has five main steps: the identification and definition of the problem, the planning of the solution for the problem, coding of the program, testing, and documentation. It’s a meticulous process that cannot be completed without going through all the essential points. In all of these, […] View full post on AmIHackerProof.com

#cybersecurity | #hackerspace | 3 Steps Developers Should Take To Use npm Securely

Source: National Cyber Security – Produced By Gregory Evans Node Package Manager (npm) was a revolutionary addition to web application programming. It allowed developers to create small, reusable pieces of code and share them with the developer community. npm gives developers massive flexibility and makes developing applications incredibly simple, but there are also potential pitfalls […] View full post on AmIHackerProof.com

Splunk customers should update now to dodge Y2K-style bug – Naked Security

Source: National Cyber Security – Produced By Gregory Evans

If you’re a Splunk admin, the company has issued a critical warning regarding a showstopping Y2K-style date bug in one of the platform’s configuration files that needs urgent attention.

According to this week’s advisory, from 1 January 2020 (00:00 UTC) unpatched instances of Splunk will be unable to extract and recognise timestamps submitted to it in a two-digit date format.

In effect, it will understand the ‘year’ up to 31 December 2019, but as soon as this rolls over to 1 January 2020, it will mark it as invalid, either defaulting back to a 2019 date or adding its own incorrect “misinterpreted date”.

In addition, beginning on 13 September 2020 at 12:26:39 PM UTC, unpatched Splunk instances will no longer be able to recognise timestamps for events with dates based on Unix time (which began at 00:00 UTC on 1 January 1970).

Left unpatched, the effect on customers could be far-reaching.

What platforms like Splunk do is one of the internet’s best-kept secrets – turning screeds of machine-generated log data (from applications, websites, sensors, Internet of Things devices, etc) into something humans can make sense of.

There was probably a time when sysadmins could do this job but there are now so many devices spewing so much data that automated systems have become a must.

This big data must also be stored somewhere, hence the arrival of cloud platforms designed to do the whole job, including generating alerts when something’s going awry or simply to analyse how well everything’s humming along.