cyber security

Cyber Security Budgets Not In Tune With Rising Threats

April 2nd, 2016

Businesses are increasing their investment in cyber security but the landscape of threat is changing very rapidly. To remain secured one has to understand the possibility of cyber attacks in advance and make sure data remains safe. Majority of security professionals believes that the budget should be increased.

Institute of Information Security Professionals (IISP) conducted survey to understand the current scenario. Two-thirds of professionals said that security budgets has increased. For 15% of respondents, budgets stayed the same.

“In times of financial pressure or instability, as we have seen in recent years, security is often seen as a supporting function or an overhead,” said IISP director Piers Wilson.

Sixty percent believes that budgets are low considering level of threats. Only seven percent of respondents reported that security budgets were rising faster than the level of threat.

The survey was conducted in participation with more than 2,500 members working in security across a wide range of industries and roles. UK cyber security space can be understood by the survey.

“Security budgets are hard won because they are about protection against future issues, so are a good indication of the state of risk awareness in the wider business community,” he said.

Wilson said that while it is good news that businesses are increasing investment, it is clear that spending on security is still not at a level that matches the changing threat dynamics.

Cyber security skills shortage is another issues which organisations are dealing. Participants mentioned that there is shortfall in the level of skills and experience which makes staff training, development and retention crucial to the future of the industry.

Ten percent of respondents felt that the security industry’s ability to protect data is declining rather than improving while forty nine percent said the opposite.

Survey found that there is awareness of security risks. Also, the impacts of a breach are driving an increase in investment, skills, experience, education and professionalism.

“While there is clearly much more to be done, the results of the survey are encouraging,” said Wilson.

————————————————————————————————————————————————————-

Alertsec is used by organizations that have recognized the need to protect their information. Customers range from single user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec’s Check Point Full Disk Encryption.

Bank Sues Cyber heist Victim to Recover Funds

April 27th, 2013

A bank that gave a business customer a short term loan to cover $336,000 stolen in a 2012 cyber heist is now suing that customer to recover the fronted funds, after the victim company refused to repay or even acknowledge the loan.

On May 9, 2012, cyber crooks hit Wallace & Pittman PLLC, a Charlotte, N.C. based law firm that specializes in handling escrow and other real-estate legal services. The firm had just finished a real estate closing that morning, initiating a wire of $386,600.61 to a bank in Virginia Beach, Virginia. Hours later, the thieves put through their own fraudulent wire transfer, for exactly $50,000 less.

At around 3 p.m. that day, the firm’s bank — Charlotte, N.C. based Park Sterling Bank (PSB) – received a wire transfer order from the law firm for $336,600.61. According to the bank, the request was sent using the firm’s legitimate user name, password, PIN code, and challenge/response questions. PSB processed the wire transfer, which was sent to an intermediary bank — JP Morgan Chase in New York City — before being forwarded on to a bank in Moscow.

Later that day, after the law firm received an electronic confirmation of the wire transfer, the firm called the bank to say the wire transfer was unauthorized, and that there had been an electronic intrusion into the firm’s computers that resulted in the installation of an unspecified strain of keystroke-logging malware. The law firm believes the malware was embedded in a phishing email made to look like it was sent by the National Automated Clearing House Association (NACHA), a legitimate network for a wide variety of financial transactions in the United States.

As some banks do in such cases, Park Sterling provided a provisional credit to the firm for the amount of the fraudulent transfer so that it would avoid an overdraft of its trust account (money that it was holding for a real estate client)  and to allow a period of time for the possible return of the wire transfer funds. PSB said it informed Wallace & Pittman that the credit would need to be repaid by the end of that month.

But on May 30, 2012 — the day before the bank was set to debit the loan amount against the firm’s trust account — Wallace & Pittman filed a complaint against the bank in court, and obtained a temporary restraining order that prevented the bank from debiting any money from its accounts. The next month, the law firm drained all funds from all three of its accounts at the bank, and the complaint against the bank was dismissed.

Park Sterling Bank is now suing its former client, seeking repayment of the loan, plus interest. Wallace & Pittman declined to comment on the ongoing litigation, but in their response to PSB’s claims, the defendants claim that at no time prior to the return of the funds did the bank specify that it was providing a provisional credit in the amount of the fraudulent transfer. Wallace & Pittman said the bank didn’t start calling it a provisional credit until nearly 10 days after it credited the law firm’s account; to backstop its claim, the firm produced an online ledger transaction that purports to show that the return of $336,600.61 to the firm’s accounts was initially classified as a “reverse previous wire entry.”

But beyond that, Wallace & Pittman argues that the bank’s claims are barred by its failure to maintain commercially reasonable security measures for its online banking services. The law firm says the fraudulent wire did not come from an IP address associated with the firm, and that it had never before initiated a wire transfer to Russia or to any other location outside the United States.

“The bank was aware or should have questioned the legitimacy of an international wire transfer,” and “was aware or should have been aware of various schemes involving fraudulent funds transfers, particularly those involving parties located in Russia,” the firm argued.

Wallace & Pittman claim that the bank’s authentication procedures amount to little more than a series of passwords. According to the law firm, the process of authenticating its account PSB involved merely entering an account username and password.  To move money via wire transfer, FSB customers must enter an online banking ID and static 4-digit “wire code.” After the wire transfer request is submitted, the system generates two “challenge questions.”  Wallace & Pittman said these two challenge questions never changed, and that the answers to both questions were pre-programmed by the bank to the same common and intuitive four-letter word.

Dan Mitchell,  an attorney with the law firm of Bernstein Shur in Portland, Me., said that if PSB indeed relied on just user IDs, static passwords and static challenge questions, it may be hard for them to argue that these were commercially reasonable security procedures at of the time of the theft in 2012. On the other hand, if as the bank alleges — that the law firm declined the bank’s suggestion of using “dual controls,” or requiring two people to verify and sign off on all money transfers — the bank may have a defense under the Uniform Commercial Code (UCC), Section 202(c) of Article 4A.

“This allows a bank to shift the risk of loss back to a customer if the customer was offered, but declined, a security procedure that would have been commercially reasonable (this presupposes that dual-control is a commercially reasonable procedure,” said Mitchell, an attorney who represented Maine construction firm Patco in its successful lawsuit against its bank following a $588,000 cyber heist in May 2009.

“The bank apparently knew this, yet it still planned to debit the customer’s account and leave the customer on the hook,” Mitchell said. “That was a pretty aggressive move by the bank, probably too aggressive given the facts.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Review of Chinese Cyber Security Threat

March 19th, 2013

In a recent study revealed by New York Times, a leading International Security Consulting Firm, Incident Management Group, Inc. (IMG) will be reviewing a corporate security policy in China. It is due to the fact that a computer security threat has been found, posed by Chinese hackers.

This had led IMG to examine Chinese cyber security and computer security for global corp. The New York based news agency, highlighted a report released by Mandiant, another cyber security firm, which focussed on the attempts by the Chinese military to conduct such cyber attacks on The States (US) and some western companies. It has been suspected that these Chinese hackers, especially those associated with military, targeting western firms in order to obtain intellectual property and technology, for years. Despite this article, added weight to the growing suspicion and drawn attention to all the hacking groups around the world, including China. In response to this, IMG is looking for ways to enhance the computer security, cyber security posture as well as to monitor data theft protection of its client partners by enforcing effective data security policies and ensuring full disk encryption for the computer protection.

In light of the news article about western organisations being the target of the Chinese hackers, IMG is planning to conduct a cyber security review to see how full disk encryption can be done and cyber security posture can be increased to implement data security policy. However, for IMG computer protection for data security must be overlooked as an element of institution’s computer security and cyber security framework. Given that the hacking groups have military as well as state support, it is critical for organisation to take a 360 degree view of data security. By doing so, they will ease threats, that are posed by Chinese hackers.

It is possible that either to take advantage of China’s position as a leading global manufacturing base or their growing  business economy, many large corporations are eager to be present, as a target for sales and marketing efforts in the Chinese market. in either cases, Companies need to have a robust encryption software or data security program who are carrying their business with/ in China. n this growing digital technology world, it is paramount to have an active computer security software protection for companies and that should be based on an active evaluation of all data security risks. Physical data security, such as employee access can be a gateway to cyber attacks, hacking and crime; as well as vice-versa.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta