Tag Archives: information security

Cybercriminals extorted about one billion dollars from ransomware victims last year, according to the FBI. And nearly all of those perpetrators went unprosecuted because of the innovative methods they use to protect their identities and hide their funds. They go to great lengths to keep authorities from seizing or freezing their money. By and large, their efforts have paid off. Here’s how they do it: Hidden identities, disposable email Extortionists protect their identities whenever interacting with victims. This generally occurs when they distribute ransomware, and when they collect ransom payments…

Continue reading

People are the core of any incident response effort.  You must have the right people to provide the right response.  Incident response teams should include a diverse set of individuals across the organization including executives, information technology, security, public relations, legal and relevant 3rd parties.  Here is what makes a winning incident response team. Winning teams have top level support Top level support is essential in an incident response team, and executives can provide it.  Executives are the ones who will be able to allocate the resources necessary to take…

Continue reading

A Pokemon Go-themed ransomware virus has appeared on Windows computers, tablets, and phones. The ransomware is the latest in a series of malicious applications that have popped up in the wake of the global Pokemon Go obsession. This particular piece of malware is known as POGO Tear and it’s based on open source ransomware code called Hidden Tear. POGO Tear encrypts the files on victims’ computers, changes the extension to “.locked” and then demands a ransom on a screen emblazoned with famed character Pikachu’s picture. POGO Tear is currently coded…

Continue reading

The average company today is a hybrid collection of traditional on-premise and cloud-based IT solutions.  On-premise solutions may include identity and authorization servers, custom applications, packaged applications, and local data repositories. Cloud services fulfill a wide variety of business tasks such as document sharing, group collaboration, customer relationship management, payment processing, marketing, and communication.  This combination of on-premise and cloud services is called Hybrid IT. On-premise applications require equipment purchases, software deployment, and user training but cloud services can be purchased with a credit card and used almost immediately.  As…

Continue reading

Ransomware is the quickest way to turn your valuable data into garbage.  Ransomware is a form of malicious software that blocks access to user data such as documents, spreadsheets, pictures, music, or videos, typically by encrypting those files.  At this point, the ransomware will display a demand for payment in order to send the victim the decryption keys to the data. Businesses and consumers often do not know what they have until it is encrypted.  It is then that they realize their Christmas list, family photos, and personal financials are…

Continue reading

The concept of identity is core to the protection of data.  Data and other computing resources exist to be used by individuals, each of whom has an identity that is used to grant or deny access to such resources.  However, identity is not limited to humans.  Computer services also have an identity that allows them to interact with other services and data. As humans, we understand identity as all the characteristics that are representative and unique of an individual and our method of validating identity comes naturally in the course…

Continue reading

Information security is often described using the CIA Triad. The CIA stands for Confidentiality, Integrity, and Availability and these are the three elements of data that information security tries to protect. If we look at the CIA triad from the attacker’s viewpoint, they would seek to compromise confidentiality by stealing data, integrity by manipulating data and availability by deleting data or taking down the systems that host the data. By and far, most attacks have been focused on disrupting confidentiality or availability so defense mechanisms and training have also been…

Continue reading

Anonymity has been a longstanding hallmark of the Internet but you should no longer assume that your online activities are anonymous. A vast amount of information is collected as you use the Internet. Search engines store the key words you search for and the pages you visit, browsers store web history, which may be integrated with the cloud, and websites store information your activities on their sites. Your IP address provides information on your general location and many applications can track your location data, obtained from your address or from…

Continue reading

Some breaches require notification such as those involving patient data or customer information, but sharing is optional. Of course, notification is just one form of information sharing. For example, February’s executive order encourages private sector companies to share information on cybersecurity threats. There are advantages and disadvantages of sharing information with others, and here to talk about it are two information security influencers and Eric Vanderburg and Bev Robb. Vanderburg will be arguing for information sharing and Robb will discuss potential sharing woes that may arise from government and private…

Continue reading

In 5 to 10 years, the cloud will be as ubiquitous as the Internet is today. It is predicted that 2015 will see a dramatic change in labor and business models as operations shift to the cloud. It will be part of our normal lives, with cloud-based apps running on stereos, watches, mirrors, glasses and many other devices that we interact with or carry with us daily. Software and data will not be hardware dependent because they will be running in the cloud but you will be able to interact…

Continue reading