Destruction of Service (DeOS), Cisco sounds the alarm. First it was Denial of Service (DOS), then came Distributed Denial of Service (DDOS), then Ransomware and now, DeOS? As enterprises and consumers move to cloud infrastructures, this term will no doubt become mainstream very soon and very quickly. The Cisco 2017 Midyear Cybersecurity Report recently published the term as one of the newest forms of cyber-attacks that InfoSec and IT teams will be dealing with on regular basis. Obviously, given the success of its predecessors (DOS, DDOS), and the proliferation of the Internet of Things (IoT), Cisco is sounding the alarm that this is becoming the “new strategy” that “adversaries now seek to eliminate the safety net that organizations rely on to restore their systems and data following malware infestations”. No doubt, this builds on the success achieved by “ransomware campaign”. Although Cisco researchers don’t yet know how successful DeOS will become, they can predict that the emerging IoT could become a playground for this malware. You can download a copy of the Cisco report at Cisco 2017 Midyear Cybersecurity Report
Who is Safe? In a June 2017 cost of security data breach study by IBM and Ponemon Institute, the cost of data breaches is going down, however, breaches are becoming more frequent. Just as you were figuring out the news about the Equifax hack, Wholefoods grocery Stores announces that it is the latest victim of credit card security breach. According to the reports from the grocery chain giant, it is investigating a breach of its credit card systems at certain locations after the company was hacked. Not all of its distribution chains appear to have suffered this breach. Initial reports indicate that the breach appears to be limited to those Wholefood stores that have taprooms and full table-service restaurants. The company's primary checkout systems for the retail-only stores were not involved in the breach. Apparently, those locations use different point of sale (POS) systems.
Take the following steps to ensure the safety of your Identity and Credits Cards:
1. Use a credible credit monitoring agency to review your credit report on regular basis, watch for any irregular activity
2. Change your password at regular interval (every 6-9 months)
3. Don’t give out your password over the phone or chat window
4. If possible, use a password manager to safe guide your password
5. Where available use smartphones or EMV for payments
The Importance of Digital Security
The term Digital Security means different things to different people. I asked a friend what they understood by this term and they said, “it means being conscious of what you send with your gadgets”.
In the new world of Internet of Things (IoT), the importance of securing one’s privacy and data cannot be over emphasized. In addition to IoT, the proliferation of social media platforms has created its own set of challenges for users. In particular, without realizing it, we leave a digital footprint anytime we go online and conduct a transaction, ranging from banking to setting up a new email account or joining the likes of Facebook, LinkedIn, Twitter, to name a few of the popular ones.
As these new ways of communication and life styles take over, we need to be aware of the exposures and how a nefarious action by a “bad guy” can make our lives miserable. Digital Security or Information Security is the branch of Information Technology that focuses on the protection of our online activities. The bad guys (actors) are becoming more sophisticated and protecting yourself or identity online should be taken very seriously.
It was the night of Feb 15, 2006. John logged into his online bank account from the comfort of his home and discovered a strange check has been cashed on his account. Because he usually doesn’t write checks with such large amounts, he was very suspicious of the transaction. The next morning, John went to the bank and the inevitable had happened. Though the Bank refunded all the amount on the check, John has just been introduced to the world of Identity Theft. ID Theft is when someone steals your personal information and use your name to open accounts or transact other businesses to make money without your knowledge. This can happen online or if you lose your documents. Our example relates to online ID Theft. Unlike John, you may not realize this has happened until you decide to transact a business with your accounts. The phenomenon is so common that the need to protect ourselves and our personal information online is one of the most popular areas of study in the 21st century.
John’s experience is not uncommon anymore, however, the resolution depends on where you live. Although John got his money back from the bank, the effect of identity theft can linger on for years. Identity theft is a very lucrative business and some bad guys do it for fun while others do it for the monetary gain. Failing to protect ourselves can leave us vulnerable to the negative effects of identity theft. And by the way, these are not limited to big companies anymore. To protect yourself adequately, look for tools like anti-virus software, and secure your smartphones through available biometric methods such as fingerprints or iris scanning, also look for smart card-based or SIM card protection to secure your mobile devices. Knowing the tools is one thing but understanding and practicing some basic digital security hygiene can go a long way in keeping you safe while navigating the world wide web of information.
How to Protect Yourself
The most basic and fundamental protection you need as you engage in online activities is to make sure you have a password that is not easy to decode. The following are some Best Practices for protecting your user password:
1. Make sure you don’t share your password with other people, including members of your immediate family (wife, husband, children). Similarly, don’t use the same password for all your online accounts
2. Do not use easy to guess passwords, like date of birth, Driver’s License Number or Social Security Number (if applicable). For example, don’t use password123 or password. Be creative by using a password that includes Letters, Symbols, and Alphabet; e.g. S%&5thinking
3. If your email account is compromised, be sure to Reset your password immediately
4. If you use different passwords for your online accounts, try and use a Password Manager program versus saving your password in a browser. Be secure to clear the cache of your browser if you use a public computer for your transactions
5. Make sure your password complies with the requirements of the site provider
Protecting Your Devices
1. Password-protect your smart devices, both at the lockscreen level and after logging in. This is particularly necessary for your smartphones and tablets
2. If you have a home network, be sure to protect your Wifi with passwords that are not easily decoded. Remember the bad guys are looking for easy access
3. If you’re into IoT and have remote-controlled appliances, anti-virus software may be helpful in keeping away the bad guys. Anti-virus also helps with your laptops or PCs
4. Whether you keep your data on your local disk or remote site (cloud), you’re not safe from attacks. Practicing simple online hygiene as recommended can go a long way in keeping us safe online.
Whatever you do, STOP, THINK, and CONNECT. Stay safe online.
For years, traditional wisdom has always been that large corporations are the primary target for hackers. This thinking stemmed from the understanding that motivations for hackers has evolved over the years to focus on monetary gain. In the early 2000’s, the motivation for hackers was to gain knowledge and discover what their true capabilities were. As time progressed, hackers figured out that there was tremendous opportunity for monetary gain.
Copyright © 2018 Cyber Training Group International - All Rights Reserved.