Friday, July 23, 2010

Great Tweeps - Great Info

#FF

Cybersecurity, National Security, Safety of You or Kids Online

@anthonymfreed

@burgessct
@co2hog
@catinflorida

@cybersafety808

@cybercrime101
@cybersafefamily
@cybercrime101
@elyssaD
@gtiadvisors
@georgevhulme
@liviaweb

@gregWhoward
@GregMHoward
@freedom4usa
@heykim
@hidemyip
@hostexploit
@flags_usa
@infragard808@insiderthreats
@intel_chris

@isa_808
@kakroo
@lawbusinesstips
@pranheim
@kevinfunnell
@littlebytesnews
@lukika
@justice1776
@meowatthesun
@missiledetadv
@militarydotcom
@nigroeneveld
@PvtShuttDetach
@paperghost
@stratcon
@spectrumpestinc
@808COP_retired
@rootnl2k

@safetyweb
@someguynamedpat

@teksquisite
@usmcdog
@WOTN

@wireheadlance

Women Trailblazing About Kid Safety!

@crisclapp
@marjieknudsen
@momsmaterial
@monkids
@oaklandctymoms

@marykayhoal

@wiredmoms

@rebeccanewton

@privacyprof

@micheleborba

@lindacriddle

@suescheff
@googlebombbook
@awaythrough
@janebalvanz
@theonlinemom
@spectrumpestinc
@momsmaterial


Media with Integrity
@WBTVKristenM
@almacy
@scottstanzel
@tonyfratto

Communications, Social Media & Fun Pursuits 
@PJPuppyMom
@BlueSoapComm
@topSEOtips

Thursday, July 22, 2010

Guest Post - Kevin Elrod - Small Business - The New Focus For Cybercriminals

We have a guest post from Summer Intern, Kevin Elrod.


RESEARCH OUTLINE:

Topic:  Cybercrime – Small Business Cases
Research by:  Kevin Elrod
Date: 07/22/2010

TEASER/TITLE:   Small Businesses – The New Focus for Cybercriminals

SUMMARY PARAGRAPH

For many small business owners, the recent economic downturn has brought a sea of economic challenges.  A new threat, however, has emerged which may be the nail in the coffin, and it has come in the form of cybercrime.  Hackers and computer criminals have lately been turning away from the impenetrable security systems of large corporations in order to reap the fruits of the vulnerable small business sector.   To the careless, or even prepared, entrepreneur this may spell bankruptcy, and the effects could trickle down causing further harm to local economies.  Action must be taken in order to insure financial security for small business owners, especially in our current economic climate.



KEY FINDINGS

Cybersecurity insurance is an effective and reasonable way of protecting a small company’s business assets, although according to cio.com only 25% of companies have it

After the development of anti-virus software, the main attack channel has switched from email to the web for many criminals targeting small businesses.

A hefty portion of small business owners have little to no cybersecurity at all.  According to a report by Tim Wilson for DarkReading.com, 1/5  of all small businesses don’t use anti-virus software, 60% have unencrypted wireless networks, and 2/3 do not have a proper security plan in place.



BACKGROUND

Since the beginnings of the internet, bad intentioned citizens and criminals have sought to manipulate it for their own personal gain.  Cybercrime has evolved tremendously over the past few decades, from the “Melissa” and “I Love You” viruses of the late 1990’s which jumpstarted the growth of anti-virus software to the more recent denial-of-service (DoS) attacks which freeze networks by overloading them with outside data.  Now, cybercrime is undergoing a new phase by switching its focus to the susceptible assets of small businesses.  According to a survey conducted by the Canadian Chamber of Commerce 85% of all business fraud occurs in small to medium-sized businesses.  These companies do not have the means to pay enough attention to these threats due to scarce resources and insufficient time.

After the popular growth of anti-virus software in the late 1990’s most of all cyber attacks have switched from emails to the World Wide Web.  Today, the most common threat faced by small businesses is web-based crime.  Small company owners must realize that security plans that commit solely to anti-virus software is no longer sufficient to keep themselves protected.



STRATEGIC PLANNING ASSUMPTIONS

Hackers are turning away from the hardened, secure networks of large corporations and turning towards small businesses
Web-based threats are emerging as the most common form of cybercrime.  According to the World Economic Forum total online theft for 2009 alone totaled over $1 trillion.

Small companies are becoming increasingly disintegrated and spread out as they begin to rely more heavily on outside consultants and expertise.  Mergers also divide the company trust by acquiring rival business staff.  These hazards increase the risk of untrustworthy employees who might use company knowledge to steal their electronic assets.


ANALYSIS

Keeping one’s business secure from cyber threats in today’s digital world is no longer as simple as it used to be.  Evolution has taken small businesses from cash and checks to regulating most of their finances on the web.  Not all small-sized businesses have safely adapted to this change, however.  According to David Hogan, senior vice president for the National Retail Federation, only 60% of Level 3 businesses (just one level above mom-and-pop shops) have complied with the Payment Card Industry’s Data and Security Standards (PCI DSS) which strive to protect credit card data.  Companies that put off essential security standards can suffer drastic consequences, as can be seen in a case of a California escrow firm.  Last March, computer bandits broke into the online banking network of Village View Escrow Inc., a company based out of Redondo Beach, stealing a total amount of $465,000.  The culprits then proceeded to make 26 wire transfers to 20 various individuals around the globe who have no relation to the company.  Unlike consumers, when businesses lose money online there really isn’t a sure way of retrieving it.  Since the incident, the owner of Village View Escrow has had to take out a $395,000 loan at 12% interest to get back on track, and it will surely be some time before that ever happens.

Another similar incident occurred last April at DKG Enterprises, an Oklahoma City party supplies firm.   David Green, a manager for DKG, usually only accessed the company’s bank account from a Mac computer in the office.  Last April, however, while he was sick and working from his home he found he needed to authorize a company transfer.  He decided to use his wife’s PC because he could not get to the office that day.  Of course, this was the same computer his children play on, and it had at that time contracted a password-stealing Trojan horse.  A few days later, computer hackers had stolen $100,000 from the company account using their stolen password.  As of yet, DKG has been able to recover only $22,000 of their losses.  Krebsonsecurity.com recommends using a Mac instead of a PC when handling online business accounts because many of the viruses aimed at stealing passwords simply do not work on Macs.  In any case, these cases stress the importance of protecting one’s business from cybercrime.


RECOMMENDATIONS

Consider using in third-party security services to manage credit card purchase processes to reduce the risk of cybertheft.

Changing passwords regularly is an effective security policy especially after an employee leaves the company.

Purchasing cybersecurity insurance is one effective measure of protecting a business’ assets.  After a recent incident in which cyber thieves stole $35,000 from Brookland Fresh Water Supply District, the company was able to retrieve all of their funds in exchange for a $500 deductable.  Without the insurance not only would the company have suffered but so would the 1,300 homes and businesses it provides for.

Encrypt your wireless networks – this needs no further explanation.  Consult a computer professional if you are unsure how to do this.

Establish an acceptable use policy for office computers storing company data.

Arrange for all company computers to be equipped with up-to-date security software.
SOURCES

Tim Wilson, Darkreading, March 19, 2009
http://www.darkreading.com/security/perimeter/showArticle.jhtml?articleID=215901301

Brian Krebs, KrebsonSecurity, blog from Jun 10 – July 10   http://krebsonsecurity.com/category/smallbizvictims/

Randy James, Time, June 1, 2009 http://www.time.com/time/nation/article/0,8599,1902073,w00.html#ixzz0thKk6ckI

BusinessPundit.com interview with Robert Gorby, June 17, 2010            http://www.businesspundit.com/interview-protecting-your-small-business-from-cybercrime/

Tuesday, July 20, 2010

Guest Post - Ashesh Mamidi - The New Target of Cybercriminals - Small Business

This is a guest post from intern Ashesh Mamidi.


Research Outline

Topic: Small businesses

Research by: Ashesh Mamidi

Date: 07/20/2010

TEASER/TITLE: The new target of cyber criminals


SUMMARY PARAGRAPH:

Small businesses today have shifted from paper records to electronically stored information.  This so-called digitalization process has helped small businesses attain a dramatically more efficient way of doing business. On the other hand, this has also opened new doors for cyber criminals to penetrate a small businesses' data system.  This trend could result in massive financial and retail security fraud and breaches over the next decade.

Criminals will find new avenues to get malicious software onto a small business' computer systems.  There will be attempts to embed malicious software into the downloads of software from reputable vendors.  If software isn't authenticated, then attempts will be made to intercept software being downloaded and replace it with malicious versions.  This is a wake-up call for small businesses because security issues with the Internet will cause dramatic loss of revenue for these entrepreneurial enterprises in the years ahead.

These small businesses are the easy targets for the cybercriminals and more than money, the criminals are interested in the intellectual property which they can use elsewhere to gain financially.


KEY FINDINGS:

Criminals are targeting companies that have PII: Personally Identifiable Information (PII) is at risk. The breakdown of identity theft cases is as follows (2009):
26% credit card fraud, 18% utilities fraud, 17% bank fraud, 12% employment fraud, 5% loan fraud, 9% government fraud, 13% other.

Criminals are targeting company bank accounts


Criminals target other information:
Data about them or their customers such as Credit card, Social Security and bank account numbers.
Loss of intellectual and financial property – It is estimated that losses can range from $20 to $90 billion annually to upwards of $240 billion a year.
See statistics at:
http://www.ojp.usdoj.gov/ovc/ncvrw/2005/pg5i.html

METHODS DEPLOYED TO BREAK THE “LOCKS”:
Virus - Studies in December 2007 have shown that the effectiveness of antivirus software has decreased in recent years, particularly against unknown or zero day attacks. The German computer magazine c’t found that detection rates for these threats had dropped from 40-50% in 2006 to 20-30% in 2007. In general antivirus software removes only one-third of all the viruses.
.
Malicious software – It gives partial to full control of the computer to do whatever the malware creator wants. The damage done can vary from something slight as changing the author’s name on a document to full control of the machine without our ability to easily find out. Malicious software lurks behind emails, links on social networking sites, and in legitimate downloads.



RECOMMENDATIONS:

SOFTWARE PROTECTION:
Consider Anti-virus software like Shield Deluxe-Antivirus Protection, Trend Micro Antivirus Internet Security 2010, Norton Antivirus 2010and anti-malware software like Avira, Threatfire, Combofix etc.
Discuss Implementation of Several Packages: Combining Anti-Virus, with Anti-Spyware, Intrusion Prevention Service, and Application intelligence can deliver stronger network security protection against a comprehensive array of dynamic threats. The combination helps combat viruses, spyware, worms, Trojans and software vulnerabilities such as buffer overflows, as well as backdoor exploits and other malicious code. This provides application layer attack protection not only against external threats, but also against those originating inside the network. The lower layer technologies like SSL/TLS, firewall and IPSec support application layer security.

CLOUD or SaaS: In-the-Cloud security services may offer an easy and affordable solution for small businesses, especially for those that cannot afford an extensive, dedicated IT staff. Some cloud computing services offer better business continuity options and more sophisticated technology than small business do-it-yourself teams can do.

INTERNET USE POLICY - An internet acceptable use policy clearly defines how employees should and should not use the internet at work. For example:
Instructions on what to do before downloading material, checking the size of the file and its source.
A warning to abide by any copyright and licensing restrictions on internet-sourced material.

CONTENT FILTER - Content filtering is the technique whereby content is blocked or allowed based on analysis of its content, rather than its source or other criteria. It is most widely used on the internet to filter email and web access; basically used to filter spam.

SEPARATE COMPUTERS: Keep business and home computing separate.

EMPLOYEE AWARENESS – Phishing, a method of capturing confidential information over the internet, mainly takes place by using emails which appear to be coming from a trusted website source. Things to do for employee awareness and email protection:
Ignoring suspicious mail which ask for personal information
We should never try to give credit or debit card information in response to emails.
Change the password regularly.
Use strong passwords

SAFE INTERNET CONNECTIONS: Wi-fi safety such as using secure sites (a site whose web address starts with https instead of http is always secure), making sure that no one is watching you when you enter personal information or when entering PIN code at an ATM, being careful while sending sensitive data when using a public wi-fi hotspot.


BACKGROUND:

Small businesses are a target now more than ever before. Malicious security threats—particularly those executed via the Web—are abundant as an unprecedented number of botnets, Trojan horses and self-replicating worms, created and executed by organized criminal networks, are unleashed on networks to steal personal and financial information.  In 1999, it is estimated that Fortune 1,000 companies sustained losses of more than $45 billion from theft of proprietary information, with insiders to the organization being seen as a higher than average threat. Borrowing software from work for personal use accounts for some of the $12 billion lost to software piracy worldwide.

A lagging economy has caused many companies to rein in their IT budgets, opening small businesses up to attacks simply because they lack the money and staffing for proper security infrastructure.

The lack of resources paired with a lack of awareness about security issues create gaps in small businesses security policies regarding behavior and best practices.




ANALYSIS:

DATA BREACHES: 47% of Small Businesses have lost confidential data in the past and huge percentage of loss came from deliberate theft (52%) as opposed to accidental data loss. Of this figure, 24% was attributed to people outside the organization, and insiders were found to account for 16% of illegal data loss, with loss through partners at 15%. 30% of firms who don't password protect their laptops, are running the very real risk of harming their businesses and reputations through losing confidential data by accident.
Statistics referred from:
http://www.newstatesman.com/technology/2010/06/cyber-attacks-businesses-risk

LACK OF PROTECTION: Nearly one-fifth of small businesses don't even use antivirus software. Sixty percent don't use any encryption on their wireless links, and two-thirds of small businesses don't have a security plan in place. The majority of small businesses and even some medium size businesses do not have the dedicated IT support needed to monitor their computer networks and protect themselves from attack. Finally, many small business owners understandably lack the expertise to deploy the software or hardware solutions available to address ever-changing security challenges.

BUSINESS BANK ACCOUNTS HACKED: Vulnerable businesses, have sustained tens and even hundreds of thousands of dollars in losses, with little hope of recovering the money. Some have filed lawsuits against banks, charging that they failed to detect and stop transactions that were patently fraudulent. For example, Hillary Machinery Inc. filed a lawsuit against its bank, PlainsCapital, after online crooks used stolen credentials to transfer more than $800,000 from its account last year. The bank later recovered about $600,000 of the stolen funds but has so far refused to compensate the Plano, Texas-based manufacturing firm for the remainder.

Statistics referred from:
http://www.computerworld.com/s/article/print/9168458/Cyberattacks_raise_e_banking_security_fears?taxonomyName=Security&taxonomyId=17


IMPLICATIONS:

Businesses of every size rely on the Internet. Innovative use of the Internet can confer a competitive advantage on small and medium sized businesses. That edge can be dulled or even eliminated by cybercriminals and other threats. A single breach in which a business owner or their customer’s data is stolen could literally destroy a small business. Less dramatically, but perhaps as importantly, common Internet risks like spyware and malware can damage computer software and wreak havoc on productivity. So can employee access to non-work related web sites. Blocking certain websites in a work environment is easy to do and greatly reduces risk.

Such cyber thefts have led multiple businesses to file lawsuits against their banks and prompted government regulators to call on financial institutions to improve their security systems.


RECOMMENDATIONS:

There is no one size fits all approach and every business will have its own risk exposures. If you are a business owner, consider having your business evaluated for risks of cyber attack or data loss. Business owners need to stay on top of the threat by implementing a sound data loss and privacy plan.






SOURCES:

1) "Small Business IT Channel News for VARs and Technology Integrators--ChannelWeb." Channel News, Technology News and Reviews for VARs and Technology Integrators--ChannelWeb. Web. 19 July 2010. .

2) Statesman, New. "New Statesman - Cyber Attacks Cost Small and Medium Businesses £200,000 Annually." New Statesman - Britain's Current Affairs & Politics Magazine. Web. 19 July 2010. .

3) "U.S. Small Businesses Vulnerable to Cyber Attacks, Says VirnetX Research Director -- SCOTTS VALLEY, Calif., Feb. 10 /PRNewswire-FirstCall/." PR Newswire: Press Release Distribution, Targeting, Monitoring and Marketing. Web. 19 July 2010. .

4) Parental Controls, Internet Filter, Online Safety Software and Services | CyberPatrol. Web. 19 July 2010. .

5) Vijayan, Jaikumar. "Cyberattacks Raise E-banking Security Fears - Computerworld." Computerworld - IT News, Features, Blogs, Tech Reviews, Career Advice. Web. 19 July 2010. .

6) 23, Folino |  Nov. "Is Your Small Business Cyber-Secure?" Small Business and Small Business Information for the Entrepreneur. 23 Nov. 2009. Web. 19 July 2010. .

7) Goldman, David. "What Cybercriminals Do with Your Information - Sep. 16, 2009." Business, Financial, Personal Finance News - CNNMoney.com. 16 Sept. 2009. Web. 19 July 2010. .

8) "Cyber Liability : Connecticut Business Litigation Blog." Connecticut Business Litigation Blog : Connecticut Business Lawyer & Attorney : N. Kane Bennett : Raymond & Bennett Law Firm : Hartford, Middletown, Glastonbury. Web. 19 July 2010. .

9) Thompson, Steve. "FBI Warns Small Businesses about Rising Cybercrime Dangers." Merchant Account & Credit Card Processing Guide - MerchantAccountGuide.com. Web. 19 July 2010. .

10) "Create an Internet Usage Policy | Business Link." Business Support, Information and Advice | Business Link. Web. 19 July 2010. .

11) "Content Filtering." Wikipedia, the Free Encyclopedia. Web. 19 July 2010. .

12) "Network Security, Firewall & Wireless - Gateway AV, SPY & Intrusion Prevention Service - SonicWALL, Inc." SonicWALL - Select Your Region or Country. Web. 19 July 2010. .

13) http://ezinearticles.com/?What-is-Phishing---Email-Phishing-Protection-Tips&id=4213593

Friday, July 16, 2010

Excellent Tweeps! You will enjoy them.

These tweeps provide great info. I have found them willing and ready to help if you need any research assistance (and even a prayer!).  I hope you enjoy them as much as I do!


#FF


Cybersecurity, National Security, Safety of You or Kids Online

@anthonymfreed

@burgessct
@co2hog
@catinflorida

@cybersafety808

@cybercrime101
@cybersafefamily
@cybercrime101@elyssaD
@gtiadvisors
@georgevhulme
@liviaweb

@gregWhoward
@freedom4usa
@heykim
@hidemyip
@hostexploit
@flags_usa
@infragard808@insiderthreats
@intel_chris

@isa_808
@kakroo
@pranheim
@kevinfunnell

@littlebytesnews
@lukika
@justice1776
@meowatthesun
@missiledetadv
@momsmaterial

@militarydotcom@nigroeneveld
@PvtShuttDetach
@paperghost
@stratcon
@spectrumpestinc
@808COP_retired
@rootnl2k

@safetyweb
@someguynamedpat

@teksquisite
@usmcdog
@WOTN

@wireheadlance



Media with Integrity
@WBTVKristenM
@almacy
@scottstanzel
@tonyfratto

Women Trailblazing About Kid Safety!
@crisclapp
@oaklandctymoms
@marykayhoal
@wiredmoms
@rebeccanewton
@privacyprof
@micheleborba
@lindacriddle

@suescheff
@googlebombbook
@awaythrough
@janebalvanz
@theonlinemom
@spectrumpestinc
@momsmaterial