Hass and Associates Cyber Security
48 views | +0 today
Your new post is loading...
Your new post is loading...
Scooped by Creselda Cabal
Scoop.it!

Hass & Associates Online Reviews about ‘Here is how cyber warfare began — 50 years ago’

Hass & Associates Online Reviews about ‘Here is how cyber warfare began — 50 years ago’ | Hass and Associates Cyber Security | Scoop.it

(CNN) — Computer hacking ( http://wtvr.com/2015/03/12/here-is-how-cyber-warfare-began-50-years-ago/ ) was once the realm of curious teenagers. It’s now the arena of government spies, professional thieves and soldiers of fortune.

 

Today, it’s all about the money. That’s why Chinese hackers broke into Lockheed Martin and stole the blueprints to the trillion-dollar F-35 fighter jet. It’s also why Russian hackers have sneaked into Western oil and gas companies for years.

 

The stakes are higher, too. In 2010, hackers ( http://hassassociates-online.com/ ) slipped a “digital bomb” into the Nasdaq that nearly sabotaged the stock market. In 2012, Iran ruined 30,000 computers at Saudi oil producer Aramco.

 

And think of the immense (and yet undisclosed) damage from North Korea’s cyberattack on Sony Pictures last year. Computers were destroyed, executives’ embarrassing emails were exposed, and the entire movie studio was thrown into chaos.

 

It wasn’t always this way. Hacking actually has some pretty innocent and harmless beginnings.

 

Curiosity created the hacker

 

The whole concept of “hacking ( http://hassassociates-online.com/articles/ )” sprouted from the Massachusetts Institute of Technology nearly 50 years ago. Computer science students there borrowed the term from a group of model train enthusiasts who “hacked” electric train tracks and switches in 1969 to improve performance.

 

These new hackers were already figuring out how to alter computer software and hardware to speed it up, even as the scientists at AT&T Bell Labs were developing UNIX, one of the world’s first major operating systems.

 

Hacking became the art of figuring out unique solutions. It takes an insatiable curiosity about how things work; hackers wanted to make technology work better, or differently. They were not inherently good or bad, just clever.

 

In that sense, the first generations of true hackers were “phreakers,” a bunch of American punks who toyed with the nation’s telephone system. In 1971, they discovered that if you whistle at a certain high-pitched tone, 2600-hertz, you could access AT&T’s long-distance switching system.

 

They would make international phone calls, just for the fun of it, to explore how the telephone network was set up.


This was low-fi stuff. The most famous phreaker, John Draper (aka “Cap’n Crunch) earned his nickname because he realized the toy whistle given away in cereal boxes emitted just the right tone. This trained engineer took that concept to the next level by building a custom “blue box” to make those free calls.

 

This surreptitious little box was such a novel idea that young engineers Steve Wozniak and Steve Jobs started building and selling it themselves. These are the guys who would later go on to start Apple.

 

Wire fraud spiked, and the FBI cracked down on phreakers and their blue boxes. The laws didn’t quite fit, though. Kids were charged with making harassing phone calls and the like. But federal agents couldn’t halt this phenomenon.

 

A tech-savvy, inquisitive and slightly anti-authoritarian community had been born.

 

A new wave of hackers

 

The next generation came in the early 1980s, as people bought personal computers for their homes and hooked them up to the telephone network. The Web wasn’t yet alive, but computers could still talk to one another.

 

This was the golden age of hacking. These curious kids tapped into whatever computer system they could find just to explore. Some broke into computer networks at companies. Others told printers at hospitals hundreds of miles away to just spit out paper. And the first digital hangouts came into being. Hackers met on text-only bulletin board systems to talk about phreaking, share computer passwords and tips.

 

The 1983 movie “War Games” depicted this very thing, only the implications were disastrous. In it, a teenager in Washington state accidentally taps into a military computer and nearly brings the world to nuclear war. It’s no surprise, then, that the FBI was on high alert that year, and arrested six teenagers in Milwaukee — who called themselves the 414s, after their area code — when they tapped into the Los Alamos National Laboratory, a nuclear weapon research facility.

 

Nationwide fears led the U.S. Congress to pass the Computer Fraud and Abuse Act in 1986. Breaking into computer systems was now a crime of its own.

 

The damage of hacking started getting more serious, too. In 1988, the government’s ARPAnet, the earliest version of the Internet, got jammed when a Cornell University graduate student, curious about the network’s size, created a self-replicating software worm that multiplied too quickly.

 

The next year, a few German hackers working for the Russian KGB were caught breaking into the Pentagon. In 1990, hacker Kevin Poulsen rigged a Los Angeles radio station’s phone system to win a Porsche, only to be arrested afterward.


The cat-and-mouse game between law enforcement and hackers continued throughout the 1990s. Some hacked for money. Russian mathematician Vladimir Levin was caught stealing $10 million from Citibank. Others did it for revenge. Tim Lloyd wiped the computers at Omega Engineering in New Jersey after he was fired.

 

But hacks were still more of an annoyance than anything devastating, though it was quickly becoming apparent that the potential was there. The stock market, hospitals, credit card transactions — everything was running on computers now. There was a bone-chilling moment when a ragtag group of hackers calling themselves L0pht testified before Congress in 1998 and said they could shut down the Internet in 30 minutes.

 

The danger was suddenly more real than ever.

 

From curiosity to criminal

 

The ethos was starting to change, too. Previously, hackers broke into computers and networks because they were curious and those tools were inaccessible. The Web changed that, putting all that stuff at everyone’s fingertips. Money became the driving force behind hacks, said C. Thomas, a member of L0pht who is known internationally as the hacker “Space Rogue.”

 

An unpatched bug in Windows could let a hacker enter a bank, or a foreign government office. Mafias and governments were willing to pay top dollar for this entry point. A totally different kind of black market started to grow.

 

The best proof came in 2003, when Microsoft started offering a $5 million bounty on hackers attacking Windows.

 

“It’s no longer a quest for information and knowledge by exploring networks. It’s about dollars,” Thomas said. “Researchers are no longer motivated to get stuff fixed. Now, they say, ‘I’m going to go looking for bugs to get a paycheck – and sell this bug to a government.’ ”

 

Loosely affiliated amateurs were replaced by well-paid, trained professionals. By the mid-2000s, hacking belonged to organized crime, governments and hacktivists.

 

First, crime: Hackers around the world wrote malicious software (malware) to hijack tens of thousands of computers, using their processing power to generate spam. They wrote banking trojans to steal website login credentials.

 

Hacking payment systems turned out to be insanely lucrative, too. Albert Gonzalez’s theft of 94 million credit cards from the company TJX in 2007 proved to be a precursor to later retailer data breaches, like Target, Home Depot and many more.

 

Then there’s government. When the United States wanted to sabotage the Iranian nuclear program in 2009, it hacked a development facility and unleashed the most dangerous computer virus the world has ever seen. Stuxnet caused the Iranian lab computers to spin centrifuges out of control.

 

This was unprecedented: a digital strike with extreme physical consequences.

 

Similarly, there’s proof that Russia used hackers to coordinate its attack on Georgia during a five-day war in 2008, taking out key news and government websites as tanks rolled into those specific cities.

Then there are hacktivists. The populist group Anonymous hacks into police departments to expose officer brutality and floods banks with garbage Internet traffic. A vigilante known as “The Jester” takes down Islamic jihadist websites.

 

What exists now is a tricky world. The White House gets hacked. Was it the Russian government or Russian nationalists acting on their own? Or freelance agents paid by the government? In the digital realm, attribution is extremely difficult.

 

Meanwhile, it’s easier than ever to become a hacker. Digital weapons go for mere dollars on easily accessible black markets online. Anonymity is a few clicks away with the right software. And there are high-paying jobs in defending companies like Google or JPMorgan Chase — or attacking them.

 

As a result, law enforcement tolerance for hacking has fallen to zero. In 1999, the hacker Space Rogue exposed how FAO Schwarz’s website was leaking consumer email addresses and forced the company to fix it. He was cheered. When Andrew Auernheimer (known as “weev”) did the same thing to AT&T in 2010, he spent more than a year in prison until his case was overturned on a technicality.

 

The days of mere curiosity are over.

more...
No comment yet.
Scooped by Creselda Cabal
Scoop.it!

Hass and Associates Cyber Security» ‘Trojan.Laziok’ malware targets energy companies

Malicious software called ‘Trojan.Laziok’ was recently revealed by the researchers of an American technology company called Symantec.

Based upon the report of Hass and Associates Cyber Security (http://hassassociates-online.com/), the malware is known to be a part of an ongoing worldwide espionage campaign wherein it targets energy companies worldwide especially in the Middle East.

Attacks are launched through spam emails from a moneytrans.eu domain. Those emails contain an attached Microsoft Excel file wherein it activates a backdoor that gives the hackers a crucial view into the targeted computer.

The malware collects system data including the name of the computer, CPU and GPU details, installed software, hard disk and RAM size, as well as what antivirus software was installed. Immediately after, it uploads those data towards the attackers and then downloads additional malware such as Backdoor.Cyberat and Trojan.Zbot.

Petroleum, gas and helium companies were most often targeted in the United Arab Emirates, Saudi Arabia, Pakistan and Kuwait. Based on a report obtained by Hass and Associates Cyber Security, whoever is behind these attacks may have an intentional interest in the activities of the affected companies.

Attacks rarely happened on energy companies in other countries like India, United Kingdom, and the United States.

Symantec also claims that “the group behind the attack does not seem to be particularly advanced, as they exploited an old vulnerability and use their attack to distribute well-known threats that are available in the underground market.”

The attack is simple and outdated which clearly shows the significance of frequently updating all software because organizations nowadays fail to follow basic security guidelines (http://hassassociates-online.com/articles/) which includes updating the software running on a secure system.

more...
No comment yet.
Scooped by Creselda Cabal
Scoop.it!

Hass & Associates Online Reviews on the Evolution of Hacking

Hass & Associates Online Reviews on the Evolution of Hacking | Hass and Associates Cyber Security | Scoop.it
Computer hacking was once the realm of curious teenagers. It's now the arena of government spies, professional thieves and soldiers of fortune.
Creselda Cabal's insight:

Today, it's all about the money. That's why Chinese hackers broke into Lockheed Martin and stole the blueprints to the trillion-dollar F-35 fighter jet. It's also why Russian hackers have sneaked into Western oil and gas companies for years.

 

The stakes are higher, too. In 2010, hackers slipped a "digital bomb" into the Nasdaq that nearly sabotaged the stock market. In 2012, Iran ruined 30,000 computers at Saudi oil producer Aramco.

 

And think of the immense (and yet undisclosed) damage from North Korea's cyberattack on Sony Pictures last year. Computers were destroyed, executives' embarrassing emails were exposed, and the entire movie studio was thrown into chaos.

 

It wasn't always this way. Hacking actually has some pretty innocent and harmless beginnings.

 

CURIOSITY CREATED THE HACKER

 

The whole concept of "hacking" sprouted from the Massachusetts Institute of Technology nearly 50 years ago. Computer science students there borrowed the term from a group of model train enthusiasts who "hacked" electric train tracks and switches in 1969 to improve performance.

 

These new hackers were already figuring out how to alter computer software and hardware to speed it up, even as the scientists at AT&T Bell Labs were developing UNIX, one of the world's first major operating systems.

 

Hacking became the art of figuring out unique solutions. It takes an insatiable curiosity about how things work; hackers wanted to make technology work better, or differently. They were not inherently good or bad, just clever.

 

In that sense, the first generation of true hackers were "phreakers," a bunch of American punks who toyed with the nation's telephone system. In 1971, they discovered that if you whistle at a certain high-pitched tone, 2600-hertz, you could access AT&T's long-distance switching system.

 

They would make international phone calls, just for the fun of it, to explore how the telephone network was set up.

 

This was low-fi stuff. The most famous phreaker, John Draper (aka "Cap'n Crunch) earned his nickname because he realized the toy whistle given away in cereal boxes emitted just the right tone. This trained engineer took that concept to the next level by building a custom "blue box" to make those free calls.

 

This surreptitious little box was such a novel idea that young engineers Steve Wozniak and Steve Jobs started building and selling it themselves. These are the guys who would later go on to start Apple.

 

Wire fraud spiked, and the FBI cracked down on phreakers and their blue boxes. The laws didn't quite fit, though. Kids were charged with making harassing phone calls and the like. But federal agents couldn't halt this phenomenon.

 

A tech-savvy, inquisitive and slightly anti-authoritarian community had been born.

 

A NEW WAVE OF HACKERS

 

The next generation came in the early 1980s, as people bought personal computers for their homes and hooked them up to the telephone network. The Web wasn't yet alive, but computers could still talk to one another.

 

This was the golden age of hacking. These curious kids tapped into whatever computer system they could find just to explore. Some broke into computer networks at companies. Others told printers at hospitals hundreds of miles away to just spit out paper. And the first digital hangouts came into being. Hackers met on text-only bulletin board systems to talk about phreaking, share computer passwords and tips.

 

The 1983 movie "War Games" depicted this very thing, only the implications were disastrous. In it, a teenager in Washington state accidentally taps into a military computer and nearly brings the world to nuclear war. It's no surprise, then, that the FBI was on high alert that year, and arrested six teenagers in Milwaukee -- who called themselves the 414s, after their area code -- when they tapped into the Los Alamos National Laboratory, a nuclear weapon research facility.

 

Nationwide fears led the U.S. Congress to pass the Computer Fraud and Abuse Act in 1986. Breaking into computer systems was now a crime of its own.

 

The damage of hacking started getting more serious, too. In 1988, the government's ARPAnet, the earliest version of the Internet, got jammed when a Cornell University graduate student, curious about the network's size, created a self-replicating software worm that multiplied too quickly.

 

The next year, a few German hackers working for the Russian KGB were caught breaking into the Pentagon. In 1990, hacker Kevin Poulsen rigged a Los Angeles radio station's phone system to win a Porsche, only to be arrested afterward.

 

The cat-and-mouse game between law enforcement and hackers continued throughout the 1990s. Some hacked for money. Russian mathematician Vladimir Levin was caught stealing $10 million from Citibank. Others did it for revenge. Tim Lloyd wiped the computers at Omega Engineering in New Jersey after he was fired.

 

But hacks were still more of an annoyance than anything devastating, though it was quickly becoming apparent that the potential was there. The stock market, hospitals, credit card transactions -- everything was running on computers now. There was a bone-chilling moment when a ragtag group of hackers calling themselves L0pht testified before Congress in 1998 and said they could shut down the Internet in 30 minutes.

 

The danger was suddenly more real than ever.

 

FROM CURIOSITY TO CRIMINAL

 

The ethos was starting to change, too. Previously, hackers broke into computers and networks because they were curious and those tools were inaccessible. The Web changed that, putting all that stuff at everyone's fingertips. Money became the driving force behind hacks, said C. Thomas, a member of L0pht who is known internationally as the hacker "Space Rogue."

 

An unpatched bug in Windows could let a hacker enter a bank, or a foreign government office. Mafias and governments were willing to pay top dollar for this entry point. A totally different kind of black market started to grow.

 

The best proof came in 2003, when Microsoft started offering a $5 million bounty on hackers attacking Windows.

 

"It's no longer a quest for information and knowledge by exploring networks. It's about dollars," Thomas said. "Researchers are no longer motivated to get stuff fixed. Now, they say, 'I'm going to go looking for bugs to get a paycheck - and sell this bug to a government.' "

 

Loosely affiliated amateurs were replaced by well-paid, trained professionals. By the mid-2000s, hacking belonged to organized crime, governments and hacktivists.

 

FIRST, CRIME: Hackers around the world wrote malicious software (malware) to hijack tens of thousands of computers, using their processing power to generate spam. They wrote banking trojans to steal website login credentials.

 

Hacking payment systems turned out to be insanely lucrative, too. Albert Gonzalez's theft of 94 million credit cards from the company TJX in 2007 proved to be a precursor to later retailer data breaches, like Target, Home Depot and many more.

 

Then there's government. When the United States wanted to sabotage the Iranian nuclear program in 2009, it hacked a development facility and unleashed the most dangerous computer virus the world has ever seen. Stuxnet caused the Iranian lab computers to spin centrifuges out of control.

 

This was unprecedented: a digital strike with extreme physical consequences.

 

Similarly, there's proof that Russia used hackers to coordinate its attack on Georgia during a five-day war in 2008, taking out key news and government websites as tanks rolled into those specific cities.

 

Then there are hacktivists. The populist group Anonymous hacks into police departments to expose officer brutality and floods banks with garbage Internet traffic. A vigilante known as "The Jester" takes down Islamic jihadist websites.

 

What exists now is a tricky world. The White House gets hacked. Was it the Russian government or Russian nationalists acting on their own? Or freelance agents paid by the government? In the digital realm, attribution is extremely difficult.

 

Meanwhile, it's easier than ever to become a hacker. Digital weapons go for mere dollars on easily accessible black markets online. Anonymity is a few clicks away with the right software. And there are high-paying jobs in defending companies like Google or JPMorgan Chase -- or attacking them.

 

As a result, law enforcement tolerance for hacking has fallen to zero. In 1999, the hacker Space Rogue exposed how FAO Schwarz's website was leaking consumer email addresses and forced the company to fix it. He was cheered. When Andrew Auernheimer (known as "weev") did the same thing to AT&T in 2010, he spent more than a year in prison until his case was overturned on a technicality.

 

The days of mere curiosity are over.

 

Visit our website http://hassassociates-online.com and read for more related articles @ http://hassassociates-online.com/articles

more...
No comment yet.
Scooped by Creselda Cabal
Scoop.it!

Hass & Associates Online Reviews: Twelve Tips to Combat Insider Threats

Hass & Associates Online Reviews: Twelve Tips to Combat Insider Threats | Hass and Associates Cyber Security | Scoop.it
Employees with access to sensitive data remain a critical security vulnerability - but there are practical steps for addressing the issue from within
Creselda Cabal's insight:

The Edward Snowden leaks highlighted that if the NSA can have its sensitive documents stolen by an employee, anyone can. According to the 2015 Vormetric Insider Threat Report, 89% of global respondents felt that their organisation was now more at risk from an insider attack with 34% saying they felt very or extremely vulnerable.

 

According to corporate security firm Espion, while the frequency of cyber incidents is on the rise, hackers trying to gain access to critical information are not always to blame, with insider involvement remaining a significant problem.

 

The methods used to transfer data can include uploading to online network storage, email transmission, storage on local media including USB memory sticks, CD’s or DVD’S and other data exfiltration methods. The information sought by hackers is multifaceted and varied and depending on the nature of the target’s business can include; intellectual property, financial information, customer or client related information, project plans, business presentations, blueprints and personnel details.

 

'Insider abuse is more difficult to detect, as the perpetrators often have legitimate access to sensitive data and removing it may go completely unnoticed,' said senior Espion consultant John Hetherton, commenting on incidents of security breaches from within organisations. 'Whether opportunistic or disgruntled with their employers, the threat from the inside becomes more serious, as these employees have access to the company’s best kept secrets and insider knowledge of security weaknesses.'

 

'Insider attacks can cause significant damage to companies and the consensus indicates that as workers become concerned for their futures, the likelihood of an insider attack increases.'

 

With that in mind, Espion offers twelve tips for addressing the issue from within:

 

Ensure that organisational policies are unambiguous regarding the classification and protection of information. Policies should stipulate controls commensurate to the value of the information; the more valuable the information the more rigorous the controls. These controls should state protection measures for information at rest and in transit

 

All staff should sign confidentiality and non-disclosure agreements when joining the organisation.

 

Where BYOD is an option, the organisation should implement technical controls, protecting company information which may be held on personal devices.

 

Know exactly where all the organisation’s key information is stored and how that information may legitimately enter and leave those repositories.

 

Set up all user access by means of unique user accounts to maintain accountability of actions. Generic and shared accounts should be disabled and the sharing of passwords should be prohibited by policy.  It is especially important that system administrators are also subject to these controls.

 

Password complexity and management processes should be robust to prevent impersonation attacks.

 

Strictly control access to information, which is authorised by information owners and regularly reviewed to ensure access to information is appropriate.

 

Where third party cloud based services are adopted by the organisation, a robust movers and leavers process should be implemented to cover both key internal systems and cloud services where access control may not be centrally controlled by internal IT, such as Dropbox and Google Drive.

 

Put in place granular auditing for accessing key systems and information repositories. The level of auditing should be granular enough to ensure that the sequence of events which lead to the breach can be reconstructed.

 

Real time alerting of suspicious activities should be actively monitored and responded to by trained incident responders, as part of a defined incident response plan.

 

If there is a notice period, the IT department should actively monitor employee’s access to the network to make sure sensitive and confidential data is not being downloaded or sent to the employee’s personal email account. Additional measures should be considered in the event of an acrimonious departure, as employees that leave an organisation on bad terms are more likely to steal data.

 

And lastly, as an employee leaves an organisation, a thorough audit of their paper and electronic documents should be carried out and company mobile devices and laptops should be returned.

 

Visit our website http://hassassociates-online.com and read for more related articles @ http://hassassociates-online.com/articles

more...
No comment yet.
Scooped by Creselda Cabal
Scoop.it!

Hass & Associates Online Reviews: Cyber warfare provides ominous welcome to 2015

Hass & Associates Online Reviews: Cyber warfare provides ominous welcome to 2015 | Hass and Associates Cyber Security | Scoop.it

“So long mom, I’m off to drop the bomb, so don’t wait up for me. … I’ll look for you when the war is over, an hour and a half from now.” — Lyrics by Tom Lehrer, to the song, “So long, mom.”

 

Fifty years ago, when Tom Lehrer’s hilarious topical humor was being set to music, the notion of World War III was imagined as one consisting of nuclear warheads that could attack any target in about 30 minutes.

 

After that, it was anybody’s guess. As a guide told my family during a tour of an old missile silo in the Arizona desert, once the command was given to launch, the men in charge of a silo were to subsist on available food storage for a month or so. Then, if they had heard nothing, they were to venture above ground to see what was left of the world.

 

Make no mistake, such a threat still exists, although many of the old Cold War missile silos dotting the land have been deactivated and filled with dirt. But it would be interesting to hear the songs Lehrer, now in his 80s, could write today about warfare conducted by people in their pajamas wielding computer mice and keyboards.

 

The year that is passing has not been a kind one for personal financial responsibility. Sure, the U.S. economy is humming along. The Dow seems to be setting record after record as the new year approaches, and unemployment is at 5.8 percent nationally and falling.

 

But as the year ends, the office supply chain Staples has confirmed a data breach that compromised 1.16 million credit and debit cards used by customers at 119 stores across 35 states. The company also said criminals appear to have used this information already for fraud and other mischief.

 

Ah, for days of auld lang syne, when nuclear Armageddon was our only concern.

 

The Staples news, of course, comes on the heels of a growing list of similar breaches involving retail heavyweights such as Target, Neiman Marcus and others. It ended a year in which JPMorgan came under attack by hackers who bypassed the bank’s filters and might have caused all kinds of mischief if not discovered by accident on a site used to register runners for a charity race the bank sponsored.

 

It is difficult to be unassailably prudent and responsible in a world that has migrated to an infrastructure so vulnerable the average person can do little to protect against theft.

 

But the year’s cyber security crescendo was the shot across the bow delivered by (according to U.S. government officials) someone in North Korea — a nation not known for its computer-programming prowess. The target was Sony Corp., and its new movie billed as a comic take on the fictional assassination of North Korea’s leader.

 

Arizona Sen. John McCain and former House speaker Newt Gingrich were quick to call this an act of war. President Obama tried to tamp such rhetoric, calling it instead an act of “cyber vandalism,” but he vowed to retaliate in an unspecified way.

 

A few days later, North Korea’s Internet mysteriously crashed for several hours.

 

The truth is cyber attacks are a serious new tactic that, as an official from the Center for a New American Security told Fortune.com, is cheaper “and far more accessible to these small nation-states” than conventional weapons.

 

The Pentagon not only is aware of this, it has an estimated $5.1 billion cyber warfare ( http://hassassociates-online.com/articles ;) budget for 2015, according to the Washington Times. Some believe the U.S. was behind a computer attack against Iran’s nuclear program in 2012.

 

The fear is that the next successful attack will be against the United States’ vulnerable power grid, or that someone will drain a major bank of its funds. South Korea recent conducted cyber-war drills after someone stole online ( http://hassassociates-online.com ) data containing nuclear power plant designs. If this isn’t really a war, there sure are a lot of shots being fired.

 

None of which offers much cheer as we welcome 2015 on social media. You may want to tweet your mother that you’ll look for her when the war is over, a mouse click or two from now.

more...
No comment yet.
Scooped by Creselda Cabal
Scoop.it!

Hass and Associates Cyber Security: How to Avoid Phishing Scams

Hass and Associates Cyber Security: How to Avoid Phishing Scams | Hass and Associates Cyber Security | Scoop.it
Creselda Cabal's insight:

Phishing scams have been around for quite some time now. But not many people are aware of what it is and what it can do to them. It is simply a ploy used by fraudsters to lead you to divulge personal information by pretending to be legitimate online business companies. In fact, they trick you to believe they are popular companies, such as Facebook, in order to get your trust.

 

Beware! Once they have your information, they will then collect information or money from you through your computer or online bank accounts.

 

Here are some tips on how to recognize phishing emails and also how you can protect yourself:

 

• Poor grammar and spelling. Often, fraudsters, unlike legit companies, are not (or do not employ) copy editors and post emails that are not well written. So, chances are, if you read an email with grammatical errors, it could be a scam dealer.

 

• Avoid clicking links in emails. Links included in dubious email messages could be traps. Simply move your cursor (without clicking) on the link and check if the address is the same as the one in the message. Sometimes, the real web address (that pops up when you move the cursor) is not the same as the company’s supposed web address.


Links could also bring you to .exe files which could infect your PC with malicious software.

 

• Scammers often use threats. Fraudsters, and swindlers in general, are good at causing their victims to feel guilty or fearful. They will threaten to close your account or say that your security has been compromised in order to cause people to act according to their wishes. Such tactics are not used by professional companies. Get more information on how you can protect yourself from such ploys.


• Copying popular companies or sites. Cybercriminals employ logos, pop-up windows and other graphics that appear to link you to legitimate websites but in reality lead you to fake scam sites. One of the most-often spoofed companies is Microsoft. Protect yourself by getting more information on how scammers do it.

 

Here are some other tips to protect you from scammers:

 

• Only make use of dependable security software and set it to stay updated automatically. Moreover, learn standard security practices available on this link: computer security practices.


• Never give out your email personal or financial information. The email is not a protected means of sending out confidential information.


• Post personal or bank information only through a company’s website if you yourself typed in the web address and have checked that the site is secure. A URL that is secure will have this: https (the “s” means secure). This is not totally reliable though, as scam artist have also found a way around it.


• Inspect credit card and bank account statements right after you receive them to see if there are any unauthorized transactions. If your statement arrives a few days late, call to verify the billing address used and check out your account balances.


• Be careful when you click on attachments and downloading files from emails, regardless of who sent them. These files may contain viruses or other malware that can compromise your PC’s security.

 

The world has suddenly become not just convenient but also complicated. Yes, we can do banking and shopping online; but the burglars have also followed us on the virtual highway and found ways to steal our personal information and our money as well. We can protect ourselves from these criminals by knowing where they come from and how they operate.

 

Source:
http://hassassociates-online.com/articles/2014/10/30/hass-and-associates-cyber-security-how-to-avoid-phishing-scams/

 

Read more info:


http://hassassociates-online.com/

https://www.facebook.com/pages/Hass-and-Associates-Cyber-Security/215900375214031

 

more...
No comment yet.
Scooped by Creselda Cabal
Scoop.it!

Hass & Associates Online Reviews: Tips for Safe Online Shopping

Hass & Associates Online Reviews: Tips for Safe Online Shopping | Hass and Associates Cyber Security | Scoop.it

BILLINGS - From major companies like Home Depot, Target and Albertsons -- to everyday people -- data breaches are becoming more and more common. If you are shopping or banking online, experts have a few tips to keep your data safe.


If you're using a phone, start by assigning a passcode, and turn off your Bluetooth and Wi-Fi when you're not at home. Using different passwords for every account is also a good idea, according to CNN Money. Before entering your card details online, make sure there is a lock symbol in the task bar, which ensures the connection is secure.


Stockman Bank Vice President of Operations Rhonda Moore says if fraud is involved in online purchases, with a debit card, the money in your account becomes unsafe, but with a credit card, the money belongs to the credit card company.


"If you're going to be shopping online with your debit card, you should also have online access to your bank account, so you can make sure the charges are all valid and they're all yours," she said.


Staysafeonline.org suggests the following tips:


"Keep a clean machine: Having the latest security software, web browser and operating system are the best defenses against viruses, malware and other online threats.


Make passwords long and strong: Combine capital and lowercase letters with numbers and symbols to create a more secure password.


Unique account, unique password: Separate passwords for every account helps thwart cybercriminals.


When in doubt, throw it out: Links in email, tweets, posts ( http://hassassociates-online.com/articles ), and online advertising are often the way cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it's best to delete or if appropriate, mark as junk email


Get savvy about Wi-Fi hotspots: Limit the type of business you conduct and adjust the security ( http://hassassociates-online.com ) settings on your device to limit who can access your machine."


If you notice something suspicious on your statement, immediately call your bank or credit card company, Moore said.


Next, delete emails and personal messages with any banking information, and change all of your passwords.

more...
No comment yet.
Scooped by Creselda Cabal
Scoop.it!

Hass & Associates Online Reviews: FBI Investigates Possible Breach of JPMorgan

Cnet.com reported on 27th August, 2014 stating that FBI (Federal Bureau of Investigation) of America is investigating a breach of data in JPMorgan and may be in many other banks. According to Forbes, a renowned American financial magazine, JPMorgan is the largest bank in the US and sixth largest in the world.


Sources said that the investigators probing the matter believe that hackers might have breached with the help of malware although reach and timing of the hack is scant and two to five US banks might have been affected.

Cybercriminals ( http://hassassociates-online.com/articles/) have been targeting banks since long who are after financial data of customers. Cnet.com published news on 27th August, 2014 quoting Trish Wexler, Spokeswoman of JPMorgan, as saying "Financial Services Company Fights Hackers Continuously."

Bloomberg.com published news on 28th August, 2014 quoting Wexler as saying "It is unfortunate that companies of our size get cyber-attacks almost every day and so we have many layers of defense to thwart any threats and continuously monitor fraud levels."

In the meantime, security researchers scanning JPMorgan's network found that malicious software on computers (http://hassassociates-online.com/) in India and Hong Kong is capable of stealing sensitive and banking data. This review was different from the attacks being investigated by FBI.

Bloomberg.com published news on 28th August, 2014 quoting one of the researchers as saying "they found office of JPMorgan in Hong Kong infected in July 2014 with Zeus Trojan horse malware which can steal banking credentials. Also an office in India was found infected in last week (fourth week of August) with Sality malware which can compromise Web servers and steal data."

According to media in the US, Russian hackers are believed to be behind the attacks. Online news website Bloomberg quoted two persons probing the matter as saying "FBI believes that the attacks were in retaliation of sanctions by US against Moscow over its support of secessionist rebels of Ukraine."

Moreover, many US banks were attacked online early this year including J.P. Morgan Chase, Wells Fargo, Bank of America, HSBC (Hong Kong and Shanghai Banking Corporation) and Citigroup and government officials believe that these attacks originated from Iran.

more...
No comment yet.
Scooped by Creselda Cabal
Scoop.it!

Hass & Associates Online Reviews: Protect Your Identity at All Costs

Hass & Associates Online Reviews: Protect Your Identity at All Costs | Hass and Associates Cyber Security | Scoop.it

Durban - Identity theft is rising in South Africa with thieves costing the economy more than R1 billion every year - and KwaZulu-Natal is providing rich pickings for them.

 

According to a recent study by credit bureau Compuscan, 1 370 cases of identity fraud had been reported to the Southern African Fraud Prevention Service (SAFPS) by the end of April, with 17 percent of incidents occurring in KZN.

 

Gauteng, South Africa’s economic hub, has the highest amount of identity theft (48 percent) followed by KZN and Western Cape (10 percent).

 

And, according to Compuscan, this hike is likely to continue, with the number expected to rise above 4 000 by the end of the year.

 

Compuscan director, Frank Lenisa, said the trend was worrying.

 

“What worries us more is that consumers are often unaware that they have fallen victim to such a crime and this could have a negative knock-on effect in their ability to obtain credit in future,” he said.

 

According to the National Credit Regulator’s latest quarterly publication, Credit Bureau Monitor, there were 20.64 million credit-active consumers in South Africa as at the end of last year.

 

“Each one of these is urged to pay close attention to the threat of fraudulent activity that could affect their credit records,” Lenisa said.

 

Consumers usually only find out they have become victims of identity theft when checking their credit report while applying for a home loan or car finance, he said.

 

Carol McLoughlin, executive director at SAFPS, a non-profit fraud prevention company, said they worked with its members - comprising all the large banks, retail groups and insurance companies - to track fraud trends with the hope of preventing them.

 

Her organisation also offers free protection( http://hassassociates-online.com/articles/ ) to members of the public who have become victims of identity fraud, as their ID numbers are filed on the SAFPS database under the category “Victims of Impersonation” to give them protection against further attempts at fraud.

 

“A copy of the innocent victim’s ID is scanned in and attached to the record, so that member companies can compare the true victim’s ID against the ID of any future applicants (impersonators/fraudsters) who attempt to use this same ID to open accounts and submit claims,” she said.

 

In some instances, the details of the actual impersonator can also be uploaded on to the database.

 

“For example the fraudster might use his or her own cellphone number and ID photo when applying for a loan or opening an account using an innocent victim’s name, ID number and address. These records are filed under the ‘Impersonator’ category on the database.”

 

McLoughlin could not say why KZN was experiencing the second-highest incidence of identity fraud in the country, but explained that incidents often took place in a different province to where the victim resided.

 

“Every day we hear about a new type of scam or method being used by fraudsters to gain access to personal information.

 

“At the end of the day, consumers need to be far more vigilant when giving out their personal information online( http://hassassociates-online.com/ ) and must avoid being hoodwinked into clicking on to web links that they receive via SMS and e-mail,” she said.

 

“They must shred unnecessary documents containing personal information and always make sure that they authenticate websites before they fill in online applications and forms.”

 

Compuscan urged people to check their credit report regularly, saying that every South African was entitled to one free credit report annually, according to the National Credit Act.

 

Despite the amount of credit-active consumers in the country, only about 14 000 request a report from Compuscan each year.

 

Compuscan has launched a personal online credit report portal called My Credit Check (www.mycreditcheck.co.za) that allows users with valid ID numbers to monitor their complete financial history. Continue reading: http://www.iol.co.za/news/crime-courts/protect-your-identity-at-all-costs-1.1721448

 

more...
No comment yet.
Scooped by Creselda Cabal
Scoop.it!

Hass & Associates Online Reviews: Advertisers Join Forces to Fight Online Ad Fraud

Hass & Associates Online Reviews: Advertisers Join Forces to Fight Online Ad Fraud | Hass and Associates Cyber Security | Scoop.it

As marketers grow increasingly concerned about the integrity of the online advertising inventory they are buying, a trade group and 30 well-known marketers are forming a coalition to address the problem.

 

The group, which is being led by the Association of National Advertisers, has hired ad fraud-detection firm WhiteOps to study and help stamp out so-called “bot fraud.”

 

Bots are computers hijacked by viruses that are programmed to visit sites and mimic human behavior, creating the illusion of authentic web traffic in order to lure in advertisers. Bot traffic costs advertisers because marketers
typically pay for ads whenever they are loaded in response to users visiting Web pages — regardless of whether the users are actual people.

 

Visit Hass & Associates http://hassassociates-online.com/

 

The ANA said that some marketers estimate that about half the money they spend on digital advertising is wasted because of “bot fraud.” With digital ad spending around the globe expected to grow 17% this year to $140 billion,


according to eMarketer, the stakes are high.

Ad executives blame the rise of fraudulent traffic on advertisers’ increased use of automated software to purchase ads via exchanges, ad networks and other middlemen. Such arrangements, they say, are far less transparent than
buying ad space the traditional way by through human salesforces.

 

The ANA declined to reveal the names of the 30 advertisers participating in the anti-fraud group, but the trade organization’s members include blue-chip marketers such as Procter & Gamble, Johnson & Johnson and General Motors.

 

Starting next month, WhiteOps will track campaigns of the 30 companies for one month and report back the level of bot fraud occurring across the digital advertising industry, including display, video, mobile and social ads. The ad
fraud-detection firm will also give advertisers lists of the sites and exchanges that have fraudulent traffic.

 

Other marketers will be able to use the study as a benchmark to compare their own data on ad fraud with the industry as a whole.

Fears are mounting that marketers will pull back on some online ad spending because of rampant fraud. In response, some publishers and ad companies are trying to address the problem themselves.

Google, for example, acquired Spider.io, a London-based company that specializes in identifying and blocking online-traffic fraud in February. Meanwhile, ad-buying giant GroupM said recently that it would stop buying online ads from
“open” ad exchanges entirely by the end of the year, because it is concerned about the quality of ad inventory that’s available in these marketplaces and their lack of transparency.

 

Open exchanges are automated marketplaces through which advertisers buy and sell ads from across the web. Private exchanges, on the other hand, allow marketers to link directly to publishers and media companies.

 

But advertisers “cannot delegate this to be solved by agencies and publishers, they need to be involved,” said Bill Duggan, an executive vice present at the ANA. “Advertisers have the most to lose with bot fraud.”

 

Want more? Visit http://hassassociates-online.com/articles/ for more related articles

 

Check out https://plus.google.com/110122862631173427761/posts

 

more...
No comment yet.
Scooped by Creselda Cabal
Scoop.it!

Insurers Take on Cyber Risk Market by Hass & Associates Online Reviews

Insurers Take on Cyber Risk Market by Hass & Associates Online Reviews | Hass and Associates Cyber Security | Scoop.it
(EurActiv) -- Insurers are eagerly eyeing exponential growth in the tiny cyber coverage market. But their lack of experience and skills handling hackers and data breaches may keep their ambitions i...
Creselda Cabal's insight:

(EurActiv) — Insurers are eagerly eyeing exponential growth in the tiny cyber coverage market. But their lack of experience and skills handling hackers and data breaches may keep their ambitions in check.

 

High profile cases of hackers seizing sensitive customer data from companies, such as US retailer Target Corp or e-commerce company eBay Inc, have executives checking their insurance policies.

 

Increasingly, corporate risk managers are seeing insurance against cyber crime as necessary budget spending rather than just nice to have.

 

The insurance brokerage arm of Marsh & McLennan Companies estimates that the US cyber insurance market was worth $1 billion (€0.73bn) last year in gross written premiums, and could reach as much as $2 billion (€1.4bn) this year. The European market is currently a fraction of that, at around $150 million (€110mn), but is growing by 50 to 100% annually, according to Marsh.

 

Those numbers represent a sliver of the overall insurance market, which is growing at a far more sluggish rate. Premiums are set to grow only 2.8% this year in inflation-adjusted terms, according to Munich Re, the world’s biggest reinsurer.

 

Get More Information:

http://hassassociates-online.com/

http://hassassociates-online.com/articles/

more...
No comment yet.
Scooped by Creselda Cabal
Scoop.it!

From the Cold War to the Code War: UK boosts spending on cyber warfare | ZDNet

From the Cold War to the Code War: UK boosts spending on cyber warfare | ZDNet | Hass and Associates Cyber Security | Scoop.it
We don't need more tanks, we need the latest in cyber warfare, says UK PM David Cameron.
Creselda Cabal's insight:
Hass & Associates Online Reviews – UK prime minister David Cameron said that £800m would be spent on intelligence and surveillance equipment.

The UK is upping its spending on cyber defense as a report warns that the country's increasing reliance on a connected infrastructure could create new opportunities for criminals and terrorists.

Prime minister David Cameron said that £800m will be spent on intelligence and surveillance equipment, which he said "includes the latest in cyber defense technology". The Ministry of Defence (MoD) was unable to provide any breakdown of the spending or detail what projects this would include.

Cameron said: "We are equipping our armed forces for the conflicts of this century, not the last. The threats we face have changed utterly in 30 years — from the clarity of the Cold War to the complex and shifting challenges of today: global terrorism, organized crime, hostage taking, and the risk of nuclear proliferation, cyber-attack, and energy security.

"It is not massed tanks on the European mainland we need, but the latest in cyber warfare , unmanned aircraft technology and special forces capability... in the 21st century; you cannot defend the realm from the white cliffs of Dover."

The UK's National Security Strategy lists cyber-attacks as a 'tier one' threat to national security, alongside international terrorism and warns the threat from cyber-attacks "is real and growing".

In addition, the newly published Global Strategic Trends report by the MoD's Development, Concepts and Doctrine Centre sets the context for defense and security out as far as 2045, and warns: "As more of our work and social activities depend on a richly interconnected information and communications network (which may, in places, be extremely vulnerable to attack) there could be more opportunities for criminals and terrorists to have a greater impact on our day-to-day lives."

But, unsurprisingly, it's hard to work out how much the government is already spending on cyber defense projects. The Strategic Defence and Security Review in 2010 allocated £650m over four years for a national cyber security programmer, with another £210m added after the 2013 spending review for 2015-16.

On the cyber-offensive side, defense secretary Philip Hammond told the Conservative party conference last year: "Simply building cyber defenses is not enough. As in other domains, we also have to deter... Britain will build a dedicated capability to counter-attack in cyber-space and, if necessary, to strike in cyberspace as part of our full-spectrum military capability."

Spending on this project could reach £500m over the next few years, according to one report. On top of this, other agencies such as GCHQ are also involved with cyber warfare projects.

Article Source:
http://www.zdnet.com/from-the-cold-war-to-the-code-war-uk-boosts-spending-on-cyber-warfare-7000031560

Read More:
http://hassassociates-online.com
http://hassassociates-online.com/articles
more...
No comment yet.
Scooped by Creselda Cabal
Scoop.it!

Hass & Associates Online Reviews: Fraud lurks in shadows of changing digital advertising landscape

Hass & Associates Online Reviews: Fraud lurks in shadows of changing digital advertising landscape | Hass and Associates Cyber Security | Scoop.it
Creselda Cabal's insight:

The automation of the advertising industry was supposed to reduce waste. But in a quest for greater efficiency, marketers have exposed themselves to a new challenge: fraud.

 

The uncomfortable truth about the $120bn digital advertising market is that the fastest-growing and most innovative part of the sector – open exchanges – is increasingly being exploited by criminals.

 

With concern among its clients mounting, WPP, the world’s biggest ad agency, last month said it would stop buying ad slots through such exchanges. These technology platforms, operated by Google, Facebook, AOL and Yahoo, allow marketers to place ads on hundreds of thousands of sites across the internet. But in doing so they have left the industry vulnerable to fraudsters.

 

Many worry that if unchecked, fraud will undermine confidence in digital advertising. That could hinder the industry’s efforts to capture the $400bn that brands spend on traditional media advertising such as television and newspapers.

 

“Everyone who deals in internet advertising realises that there’s a huge opportunity that hasn’t unleashed itself,” says Cameron Hulett of Undertone, a company that helps brands advertise online.

 

“The more that marketers hear about [online fraud], the more it makes them think ‘let’s stick with TV advertising’,” he says.

 

The trouble is that hidden among the multitude of honest publishers plugged in to the exchanges are sites operated by rogues. The most sophisticated fraudsters operate networks of automated computer programmes – known as bots – which they direct to their websites to attract advertisers. The bots mimic cursor movements and mouse clicks, giving the impression that a person is visiting the sites.

 

Read related content:

http://hassassociates-online.com

http://hassassociates-online.com/articles

 

more...
No comment yet.
Scooped by Creselda Cabal
Scoop.it!

NuData Security reveals improvements to online fraud detection engine

NuData Security reveals improvements to online fraud detection engine | Hass and Associates Cyber Security | Scoop.it

Software development company NuData Security recently revealed its enhancements to its online fraud detection engine called NuDetect, according to Hass and Associates Cyber Security (http://hassassociates-online.com).

They added new powerful anti-fraud tools, based on continuous behavioral analysis and compiled behavioral biometric data. This enables them to significantly reduce the probability of fraud while also avoiding false positives.

NuDetect's expanded array of behavioral biometric sensors achieves 97 percent accuracy in verifying a user's identity. Its improved user interface acts as an "early warning system" that makes high-risk events easily accessible to security teams (http://hassassociates-online.com/articles/). This enhancement allows detection as early as 15 days before a fraud attempt is made wherein it provided the client with sufficient time to track, discover and avoid fraudulent transactions from happening.

Institutions that fall victim to fraud are at risk of losing large amount of money and customers, and suffering long-term brand damage. To avoid additional damages, NuDetect provides an immediate solution through behavior-based fraud detection, real-time detection and mitigation, faster development, historical context awareness, invisible implementation, and reducing cost and workload.

Furthermore, NuDetect utilizes behavioral biometric to greatly improve on traditional device identity and deliver far more intelligence than traditionally available, without interrupting a user's experience. It monitors activity in real time that allows the client to easily take action against fraud because the system shows fraudsters' intent before they have a chance to penetrate and do damage. It also allows for deployment in just a couple of days so that companies are equipped to defend against fraud as quickly as possible.

NuDetect also uses historical cross-session and cross-cloud behavior patterns stored in the NuData cloud. This provides outstanding accuracy and security from day one. Institutions are able to determine risk and deploy necessary security countermeasures only to the most suspicious actors.

With this platform, more back-end work is completed in advance, therefore lowering institutions' expenses and developer needs. Moreover, these institutions need to do less work to customize how data is sent, further improving deployment time.

Nowadays, it is obvious that attackers become more sophisticated in terms of identity theft, therefore institutions must quickly implement strong fraud detection measures. NuDetect's improved features put highly effective anti-fraud tools into the clients' hands. It provides clients with a more in-depth view in how fraud attacks functions and the full fraud lifecycle, instead of focusing only at the fraudulent purchase of goods.

The company of NuData Security predicts and prevents online fraud, protecting businesses from brand damage and financial loss caused by fraudulent or malicious attacks. NuData Security analyzes and scores billions of users per year and services some of the largest e-commerce and web properties worldwide.

more...
No comment yet.
Scooped by Creselda Cabal
Scoop.it!

Hewlett-Packard partners with cybersecurity firm FireEye

Hewlett-Packard partners with cybersecurity firm FireEye | Hass and Associates Cyber Security | Scoop.it

The prominent cybersecurity firm FireEye, Inc. and tech giant Hewlett-Packard (HP) recently announced a partnership to develop advanced threat protection.

Hass and Associates Cyber Security (http://hassassociates-online.com/) perceives this as one of the coming wave of alliances between small and large tech companies aiming to strengthen their security.

The deal that will expand Milpitas-based FireEye’s reach was announced at the RSA Conference on security that is held in San Francisco.

This year’s conference has 500 exhibitors, compared with 400 last year.

The interest in cybersecurity (http://hassassociates-online.com/articles/) has been heightened in the conference because of the attacks on big companies for the past two years such as Sony, Target Corporation, JPMorgan Chase, Anthem Inc., and Home Depot.

CEO and Chairman of the Board of FireEye, Dave DeWalt defined the deal as “capability meets scale” during an interview before the announcement.

In addition, the two other alliances announced by HP were cloud security partnerships with Los Angeles-based Securonix and Palo Alto-based Adallom. 

Securonix is a provider of security intelligence platform for monitoring security events. It also identifies and access data to detect insider threats and advanced targeted attacks. While Adallom is a cloud security firm with research headquarters in Israel.

HP described the alliances as developing an advanced cyber defense emphasizing the protection of users’ interactions, applications and data, rather than the old practice of securing the perimeter, in which data flows were restricted in the interests of security.

Although HP has its own large security team, given the threat level, HP needs a FireEye which has a next-generation security platform.

HP’s own security professionals can now bring in FireEye’s technology and the investigative group from Mandiant.

On December 30, 2013, FireEye acquired Mandiant in a stock and cash deal worth in more than $1 billion.

In February 2013, Mandiant rose to prominence when it released a report documenting evidence of cyber-attacks by the Chinese People’s Liberation Army targeting at least 141 organizations in the United States and other English-speaking countries extending as far back 2006.

Mandiant’s main services are expensive. However, the deal will bring a co-branded version of its services to smaller companies.

Executive Vice President of HP Enterprise Services, Mike Nefkens said that the partnership will beef up HP’s security portfolio. HP and FireEye are making it possible for their clients to analyze and improve their defenses before the next attack with the most advanced cybersecurity protection available today.

HP also reaches many countries where FireEye has a smaller presence including Africa, Middle East, and Europe.

FireEye also announced a partnership with Israeli security provider Check Point Software Technologies to share threat intelligence to protect customers from modern advanced attacks.

more...
No comment yet.
Scooped by Creselda Cabal
Scoop.it!

Hass & Associates Online Reviews: The threat of fraud is evolving; are your controls?

Hass & Associates Online Reviews: The threat of fraud is evolving; are your controls? | Hass and Associates Cyber Security | Scoop.it

http://www.biv.com/article/2015/3/threat-fraud-evolving-are-your-controls/

 

When asked, many business owners will flat out deny that fraud or misconduct could be happening in their organization. Their denial is usually based on the belief that appropriate controls are in place or that every employee is loyal and trustworthy. Sadly there are many examples where controls and loyalty are absent. The result can be a catastrophic loss.

 

In the 2014 MNP fraud survey, 33% of the businesses surveyed in British Columbia reported having been the victim of fraud. Immediately following the incident, business owners believed their fraud risk was higher. Five years after the event, their perceived risk reduced to the same level as that of non-victims, with only 2% rating their fraud risk as high. While the reason for the reduced concern is not known, it appears that complacency regarding the threat increases as the event becomes distant.

 

The results also showed that the risk of fraud increased with the number of employees: 49% of businesses with 25 or more employees reported having been a victim of fraud, versus 26% of companies with fewer than 25 employees. In other words, at least one-quarter of businesses suffer some form of fraud, with the percentage increasing with the number of employees.

 

In order for a business to manage its fraud risk, owners must accept the likelihood that their business can be a victim. An over-reliance on trust is often a factor in employees being able to commit fraud. While trust within an organization is important to generate growth and innovation, trust is not a control. Checks and balances need to be implemented and communicated to demonstrate that assets will be protected.

 

In the MNP survey, internal controls were credited with identifying 35% of the fraud cases, and tips/whistleblowers were credited with identifying 25%. These statistics support the hypothesis that an ethical environment with appropriate policies and controls better protects the organization.

 

So how do you promote innovation and growth without accepting too much risk? The first step is to understand the business environment and then design controls to effectively manage the risks that can impair growth, profitability and reputation.

 

At inception, the business owner is often very hands-on and will have a feel for how everything is working. As the business grows, the owner has less time to personally monitor operations. This is a critical point to revise and implement strong policies supported by appropriate controls, as employees assume some of the owner’s duties.

 

Design a hiring process that attracts employees with an ethical compass that best matches your expectations. Ensure you know as much about prospective employees as possible. Identify gaps in their resumés, as they might indicate a previous problem. If hiring someone with key responsibility, complete a thorough credit and criminal record check along with Internet searches for negative news stories or postings, and verify.

 

The development of controls at a point in time is not the end of the story. Businesses change and evolve, and so should controls. This is not limited to internal changes in process. Consider external factors such as changes in regulations, accessing foreign markets and changes in technology.

 

Computers and Internet connectivity have increased organizations’ exposure to fraud. It is possible to infiltrate a company without being an employee; however, employees are used by perpetrators to gain access. This can be done through phishing emails, computer hacking or downloading of applications containing malware. Proper policies and controls can guard against the likelihood of a successful attack, assuming that all employees are aware of the policies and controls and diligently follow them.

 

Even if proper policies and controls exist, they will not be effective sitting on a shelf or in an employee’s inbox. Too often, a control is carefully designed but is not followed because the employee is not aware of the control, does not understand the control and therefore ignores it or is simply too busy to properly complete all the steps. Communication and education are critical for creating an environment where key controls are respected.

 

Once controls are developed and implemented, it is incumbent on management to regularly check that the procedures are being followed. For example, maximum speed signs are posted on all major roadways, but there is still a need for police to remind drivers to obey the speed limit. If employees know that management is checking compliance with policies and controls, they will more likely follow them. Additionally, if employees do not understand the relevance of a task, they are less likely to complete it and more likely to spend time on other activities that result greater perceived value.

 

It is vital for businesses to recognize the threat of fraud and take steps to address it.

 

More online reviews from Hass & Associates, visit:

http://hassassociates-online.com/

http://hassassociates-online.com/articles

more...
No comment yet.
Scooped by Creselda Cabal
Scoop.it!

Hass and Associates Cyber Security: Portable HD 'Mirror' from LaCie

Hass and Associates Cyber Security: Portable HD 'Mirror' from LaCie | Hass and Associates Cyber Security | Scoop.it
Creselda Cabal's insight:

Early this month, LaCie made waves when it announced "Mirror", a high-end portable hard drive with a reflective body which is absolutely stunning -- but do you really need such a thing?

 

LaCie, Seagate's premium brand is no novice when it comes to designing sleek and classy storage products as it has already partnered with Linux and Apple before. This time, it has teamed up with French designer Pauline Deltour to develop the striking Mirror HDD. What's more, they used Corning Gorilla Glass 3 to encase the device, something which is known for its toughness in preventing scratches and chips that break a glass.

 

Considering that our data these days can truly be said to be a "reflection" of a person, Mirror seems to be a clever symbolism. Apparently, it is both a functional 1TB HDD and a "striking piece of decor". Its glass body not only serves as a decoration but also as a strong casing. But if you're looking for a real portable HDD that you can use on the fly, never mind the fancy design and just go with the usual ones, Hass and Associates Cyber Security(

http://hassassociates-online.com/

 ) wisely advised.

 

According to Deltour, "The LaCie Mirror, propped up on its ebony wood display stand, is captivating on a desk or anywhere in the home. The intense ebony color contrasts sublimely with the LaCie Mirror's silver facets."

 

Just its display stand which is made from Makassar ebony wood is enough to captivate anyone once it's connected to a PC. Its rich color and exceptional density apparently makes for a very unique design that no two pieces would be the same. Sounds useful for preventing sly switches we usually see in movies but for mere mortals like us who don't have sensitive data apart from our income statement, this is probably not reason enough to shell more money.

 

This premium hard drive  will be available starting this week for an SRP of USD 279.99. Typical 1TB portable HDD only costs USD 100 or below, which should tell you just how expensive the Mirror's fancy casing is.

 

"You have to look twice to discover the LaCie Mirror's true ambition. Covered by mirrored glass, it's first an elegant and functional object, and only on second glance is it revealed to be a slim high-performance hard drive," added Deltour.

 

This would make an excellent gift choice for those with much to spare -- it has both functionality and class. However, like what Hass and Associates Cyber Security quipped(

http://hassassociates-online.com/articles/

 ), until the rest of your house looks sleek enough to go along with such a fancy hard drive, it's a good idea to pass for now.

more...
No comment yet.
Scooped by Creselda Cabal
Scoop.it!

Hass & Associates Online Reviews - Security in 2015: Will you care about the next big breach?

Hass & Associates Online Reviews - Security in 2015: Will you care about the next big breach? | Hass and Associates Cyber Security | Scoop.it

From Target to Home Depot to JPMorgan, this year was a bad one for massive security breaches. Expect more of the same next year.

 

Let's face it, 2014 was a terrible year for computer security, leaving everyone feeling a little more vulnerable.

 

Hackers stole 56 million credit card numbers and 53 million email addresses from Home Depot between April and September. They took contact information for 76 million households and 7 million small businesses from JPMorgan's vaults. And Target started the year on the wrong foot, coughing up 40 million credit and debit cards, and personal information on 110 million people.

 

"It'd be hard to find anybody in the US who hasn't had a credit card affected," said H.D. Moore, chief research officer at security firm Rapid7. "People are just numb to the fact."

 

Will 2015 be the year we learn to care about who to trust with our personal data? Experts have some dour thoughts on what's coming, even as US stores begin to support credit cards with more secure computer chips. There's going to be heightened risks from old threats like email phishing attacks, and new threats posed by the Internet of Things, the idea of having appliances, objects, and electronic devices all connected to each other and the Internet ( http://hassassociates-online.com/articles ). Here's what to expect next year.

 

Smarter credit cards

 

Credit cards containing a computer chip and requiring a separate personal identification number are commonplace in many other developed countries, but have been held back in the US in large part because of the costs. Financial institutions have to pay more to make the new cards, and it's expensive for retailers to upgrade their payment terminals to accepted chipped cards. But they are expected to decrease some types of credit card fraud, a problem with current swipe-and-signature cards, because the chips are harder to counterfeit, according to a report from the financial research firm Aite Group. The equipment required to clone a chipped card the way counterfeiters currently fake magnetic stripe cards can cost around $1 million, according to mobile payment company Square.

 

It's this level of protection that prompted Apple to move forward with its mobile-payments service, Apple Pay, which runs on the same security model as a chip and pin credit card. Next year, retailers will have to accept chipped cards or bear the legal burden of future credit card breaches. The retailers, however, don't have any legal obligation to accept Apple Pay, even as Apple has lined up an impressive group of partners.

 

The shift in credit card fraud responsibility and tougher security measures will force criminals to refocus their attacks on smaller companies as bigger companies invest their capital in preventing embarrassing, costly breaches, said Andy Daudelin, the vice president of security solutions at AT&T. "Small and medium businesses are going to need to step up in their [physical] place of business and online to protect consumers, and to protect themselves from lawsuits," he said.

 

Phishing goes mobile

 

Another risk that could get worse next year are phishing attacks, or malicious emails that try to trick you into clicking on a link, according to Steve Durbin, managing director of the Information Security Forum. "I had a number of [faked] emails allegedly from Amazon on Black Friday and Cyber Monday that said that I had a problem with my Prime account," he said

 

Had he clicked on the links in the email, Durbin could've been struck by automatically downloading malware, or conned into turning over account credentials. It's not hard to get from there to financial fraud. Emails are a valuable resource for cybercriminals because they're an easy gateway for far greater access. While avoiding emails from strangers may seem like common sense, some phishing sites are effective as often as 45 percent of the time, according to a recent Google study.

 

Moore also cautioned against trusting anything with an Internet connection, a challenge as connectivity explodes across every kind of device from door locks to thermostats. 2015 will see a rise in connected appliances such as refrigerators, and a broader push for smart home products.

 

"If you can't update it, it's not going to be secure," Moore said. Free-to-use, free-to-modify software was found this year to suffer from catastrophic flaws like Heartbleed and Shellshock, which could lead to malicious device takeovers -- not something you want in a security camera. They'd be unfixable without a way to update the software.

 

As an example, he pointed to the 2013 FTC investigation of TrendNet's hacked cameras as a good sign, but said people must research connected devices they want to buy on their own to ensure they're safe. Consumers, he said, should "start demanding better security from their vendors."

 

That could be said for all areas of tech ( http://hassassociates-online.com ).

more...
No comment yet.
Scooped by Creselda Cabal
Scoop.it!

Fighting Words: Criticism Of Video Games And Gamers Hass & Associates Online Reviews

Fighting Words: Criticism Of Video Games And Gamers Hass & Associates Online Reviews | Hass and Associates Cyber Security | Scoop.it

The video game industry is still talking about the violent threats made against Anita Sarkeesian, a video game critic, who alerted the police last week and went into hiding, according to her Twitter posts.

 

In a column, I wrote about the questions Sarkeesian raises in her critiques such as how do video game makers treat female characters at a time when women are playing games more than ever.

 

Some may be puzzled why Sarkeesian’s critique caused such a stir, as she refers to in her tweet Monday (above) when talking with the police. Sarkeesian received vitriol, and not just from the person who threatened her, for pointing out the obvious, The New Statesman writes.

 

I’m not a gamer, but I have kids who play. There seems to be an insider culture of mostly young male players who want to keep their game world safe from both female players and any criticism that might diminish their enjoyment.

 

In reporting the column, I was surprised by accounts of women who feel they have to hide their gender while playing social games or face abuse. Or, if they play as female, they are called on to prove their abilities, something male players do not face.

 

Sarkeesian connects the content of video games to the behavior of video gamers:

 

So what will it take to change the video game industry, the games and the gamers? After all, the gaming audience is broadening and becoming more diverse, with women in particular gravitating to MOBILE GAMES. Shouldn’t video game companies want to appeal to this audience?

 

James McQuivey, an industry analyst at Forrester, told me that it may take awhile for the gaming industry to change:

 

The best way to break this habit is to promote alternative ecosystems of GAME DEVELOPMENT, which is exactly what mobile gaming is and we do see more diversity in mobile gaming. But so far the industries haven’t collided sufficiently that the more expansive culture of mobile gaming has helped the console gaming business rethink itself.

 

Read Full Article:

http://www.siliconbeat.com/2014/09/02/fighting-words-criticism-of-video-games-and-gamers/

 

Read More

http://hassassociates-online.com/

http://hassassociates-online.com/articles/


 

 

 

more...
No comment yet.
Scooped by Creselda Cabal
Scoop.it!

Hass & Associates Online Reviews: Expert Reaction, Business Implications Of The Icloud Hack

Hass & Associates Online Reviews: Expert Reaction, Business Implications Of The Icloud Hack | Hass and Associates Cyber Security | Scoop.it
What ramifications will businesses and Apple itself face following the celebrity leaks.
Creselda Cabal's insight:

 

What ramifications will businesses and Apple itself face following the celebrity leaks.


The dust has barely begun to settle following the massive celebrity 'nude photo' leak over the weekend, yet allegations and claims are flying here, there, and everywhere.

 

Fingers are being pointed at suspect iCloud security despite no concrete evidence of exactly how theimages became public in the first place (that is, apart from the original 'leakers' confession of obtaining the images from iClouds)

 

Firstly, it has to be unlikely that iCloud itself sustained a large attack, especially as the service is 128-bit encrypted both ways of delivery.

 

What is much more likely was that this was an attack of social engineering, an exploitation which works by manually deciphering information about the target ie. email addresses, date of birth, secret question answers, to try and attempt a spoof access to an account.

 

Of course this does raise issues about the surrounding security of iCloud against social engineered attacks, but businesses should have a much higher level of security than your regular Hollywood celebrity.

 

Steve Jones, head of R&D at UK penetration tester RandomStorm, said: "Although Apple's encryption of the data itself is considered robust, Apple could apply AES 256 bit encryption to the images. This would put the majority of hackers off, or really slow them down.

 

"However, access to the celebrities' images could have been gained through more indirect means, such as guessing the celebrities' passwords, or by finding their email address and then correctly answering traditional security questions.

 

"Apple could improve the security of iCloud by enforcing the use of much stronger, unique passwords and by introducing two factor authentication to iCloud accounts, to ensure that access is from the correct device and/or account owner."

 

Weak passwords could be what is at the heart of this leak, and if your business is not operating at a level where it is creating stronger passwords than a layman then things needs to change.

Paco Hope, Principal Consultant at software security company, Cigital, also argues that iCloud is not in itself risky for businesses if used correctly. "Businesses build security in by using secure software to access their data. The choice of cloud provider is just part of that overall picture. This hack means nothing with respect to the security of iOS: iOS devices were merely the cameras in this situation. No one should change their position on iOS versus Android versus Windows based on this incident."

 

Furthermore, large firms such as Apple obviously have trained and dedicated in-house security teams which are constantly patching and working around flaws in the armour. Rik Ferguson, VP of security research at Trend Micro, said: "A wide scale 'hack' of Apple's iCloud is unlikely. Even the original poster is not claiming that."

 

Steve Jones further argues that the security responsibility does not solely lie with the cloud storage provider. He said:

"Businesses observing this hack should already understand that any digital asset that is valuable, whether it be employee login details, customer data, patient records, financial details, or intellectual property, is a target for cyber thieves and needs to be protected appropriately.

 

"This also means that businesses cannot delegate information security to their cloud service provider. If your business is faced with a determined assailant you need to put in place your cyber fire drill: change the rules on your firewall to shut the ports until further notice, move the assets, hide the assets and block access until you have had time to assess which vulnerability was exploited."

 

Mike Ellis, CEO at ForgeRock, also argues that it is indeed businesses that need to be more aware of cloud security. He said: "Big businesses as well as large, trusted government organisations need to manage vast and growing numbers of employee and customer digital identities.

 

"Global brands and large organisations that fail to take the right steps to address the growing complexity of identity relationship management risk not just a big dent in their reputation and trust, as iCloud is surely likely to face, but serious commercial or social consequences too as customers switch to more trusted brands or switch off entirely altogether. This example is just the tip of the iceberg and must be addressed sooner than later."

 

But Egemen Tas, VP of Engineering at Comodo Group, highlights some of the ramifications he thinks businesses with lapsed cloud security face. He said: "Cloud service providers should realise that they are expected to be as liable as a bank would be when it comes to catching fraudulent activities or having security and compliance procedures in place.

 

"Banks have legal compliancy requirements and regulations hence they have ways to combat similar threats to the cloud. Why shouldn't cloud storage providers have similar legal regulations and liabilities? Just like we are more than one password away from our personal online banking accounts, we should be more than one password away from our cloud storage accounts. Having one password on our cloud accounts is not enough to combat attacks of this nature."

 

This breach, no matter who to blame, ultimately still alerts businesses to the risk of cloud storage, but this unforunate opportunity should be used to highlight areas where improvements can be made and cloud security awareness can be heightened. Alex Raistrick, from Palo Alto Networks comments: "The recent scandal involving leaked photos of celebrities stolen from Apple's iCloud storage facility serves to highlight that security is still one of the greatest barriers preventing cloud computing from reaching its full potential.

However, amid the negativity there are now more opportunities than ever for channel partners who specialise in cloud security to move in and toughen up security, particularly on previously

'trusted' platforms."


Read more:


http://hassassociates-online.com/


http://hassassociates-online.com/articles/

 

more...
No comment yet.
Scooped by Creselda Cabal
Scoop.it!

Hass & Associates Online Reviews: Banks Often Neglect to Investigate Fraud Claims

 

 

http://www.infosecurity-magazine.com/view/39327/banks-often-neglect-to-investigate-fraud-claims/

 

With information theft on the rise, it turns out that banks and lenders almost always compensate their customers for fraudulent charges. However, a full half (52%) of financial institutions do so without conducting any kind of investigation into the issue. In Western Europe, the rate is 54%.

 

Kaspersky Lab, in collaboration with B2B International, recently conducted a global study which shows that nearly a third of institutions consider the implementation costs of security systems[visit: http://hassassociates-online.com/articles/ ] to be more expensive than simply repaying the damage due to internet fraud to their customers.

 

It’s a theme that also pervades many organizations that manage online payments: 28% of representatives of financial institutions and 32% of employees of online shops who were questioned are convinced that the total damage caused by cybercrime, including the repayment of the stolen money, would not exceed the cost of implementing appropriate security solutions.

 

Only 19% of financial institutions and 7% of online firms cite the cost of compensating customer losses in the top three most serious consequences of cyber-fraud.

 

But, the issue is escalating. According to the Kaspersky Security Network, almost four million users of Kaspersky Lab products have faced in 2013 with financial malware software to steal their money (an increase of 18.6% compared to 2012). In December 2013, several US banks have lost more than $200 million due to loss of personal information of their clients or their credit cards. The total damage is probably much higher, the firm noted, adding that it is clear that the continued growth of cybercrime will irremediably lead to a situation where the costs of refunds that institutions pay will be higher than the protection of financial transactions and compensation budgets.

 

"Financial institutions should not only accrue large sums of money in their budgets to repay the stolen money to their customers, but also to cover the cost of filings by their customers. The most important is that customers, so when the victims are repaid quickly, there may be shall dream twice before using the services of a bank that fails to ensure that their online accounts are safe. It is therefore better to prevent damage and loss rather than compensate,” said Martijn van Lom, CEO of Kaspersky Lab Benelux and Nordic, in a statement. "Customized solutions designed to protect online transactions can reduce the risk of Internet fraud to a minimum. This means that resources earmarked for compensation would be released and could be used in the development of the company. "

 

Another argument for the use of specialized security solutions is the neglect of clients. A former Kaspersky Lab survey shows that 57% of users take (almost) no account of the security of their online payments, because they think that their bank will do what it takes. This, in turn, increases the risk of becoming the target of cybercriminals.

 

Visit our main site:

http://hassassociates-online.com/

more...
No comment yet.
Scooped by Creselda Cabal
Scoop.it!

Hass & Associates Online Reviews: Despite Privacy Concerns, It's Time to Kill the Password

Hass & Associates Online Reviews: Despite Privacy Concerns, It's Time to Kill the Password | Hass and Associates Cyber Security | Scoop.it

I know it is easy to be skeptical of government initiatives, but a burgeoning federal initiative to help us better manage our online identities deserves our attention—and trust.

 

The White House cybersecurity [ http://hassassociates-online.com/ ] czar Michael Daniel said in June that he’s on a mission to “kill the password dead.” It’s a laudable goal. The problem with passwords is the false sense of security they provide. In fact, they’re easy to crack—and getting easier every day.

 

A typical eight-character password has 6.1 quadrillion possible combinations. In 2011, it would have taken a year for a fast desktop computer to crack an eight-character password. Today, thanks to new crowd-hacking technologies, it takes an average of 5.5 hours.

 

Or less. Any hacker with a decent smartphone can take a seat next to you at the coffee shop and use his phone’s camera to record your keystrokes as you type away on your laptop, capturing all your sensitive usernames and passwords.

 

That’s why we need to get rid of passwords. And that’s why the White House is implementing an ambitious plan called the National Strategy for Trusted Identities in Cyberspace (NSTIC), which promises to stamp out fraud at government sites by giving users a better way to prove they are who they say they are. The initiative is focused on moving all government sites, and potentially all public-sector sites too, away from usernames and passwords and toward stronger identity management.

 

As a first step, NSTIC will connect different government agencies with third-party credential providers that will verify certain personal information about their online users and issue secure credentials for them to use in transactions at government sites.

 

For instance, the system could allow the same person to use a single credential to apply for a driver’s license, fill out a student aid form and file taxes online, all without ever entering a password. The idea is that this secure ID—what some are calling a personal driver’s license for the internet—can eventually be used at other sites around the web not related to government. Because if people have a simple, secure way to prove who they are online, without using passwords, it will be easier and safer for everyone to do business on the internet.

 

I believe consumers will welcome this proposal, which offers more secure access to important personal websites like banking sites. Passwords are just not good enough. People need stronger proof of identity, like the one envisioned by NSTIC, to better trust authentication—and better trust the internet.

 

Inevitably, some privacy advocates are crying foul over NSTIC. They fear that if the U.S. government has your ID, it will end up mining that information [ http://hassassociates-online.com/articles/ ] for its own nefarious purposes. In the wake of the NSA surveillance revelations, critics are concerned that a push toward a single-ID system will enable the government to more closely track citizens online.

 

That possibility can’t be ruled out, I suppose. But people should realize that the far more immediate threat to their personal information is posed by hackers who crack their passwords—and NSTIC promises to stop them. It’s designed to protect internet users by providing authentication far stronger than can be accomplished by passwords alone.

 

In fact, those who are most concerned about privacy are the ones who should embrace NSTIC identities, which, like a driver’s license, will come with a reliable vetting process. What’s more, they’ll be based on a cryptographic signature generated by a trusted authority, which for the most part will be third-party certificate authorities.

 

NSTIC’s goal is not evil. It simply aims to create an “identity ecosystem,” built and maintained by the private sector, in which government agencies can accept log-on credentials issued by nongovernment third-party providers. And in which members of the ecosystem can prove their identity to others who are also in the ecosystem. In this way, NSTIC authentication doesn’t expose your identity, it helps protect it. And you can still choose when and where to use your stronger NSTIC identity—or not.

 

Furthermore, under the NSTIC guidelines, the service must preserve anonymity around the public data it collects. For instance, personal identifiers like age, gender and address cannot be linked back to their owners. The guidelines also stipulate that activity on government websites cannot be linked to third-party identity providers and vice versa.

 

Even the Electronic Frontier Foundation, a leading digital rights group, is optimistic about the future of NSTIC. “The NSTIC system is voluntary, run by private companies rather than the government itself and, most importantly, it is decentralized, so that individuals will be able to choose between different providers,” said Lee Tien, a senior staff lawyer at the Electronic Frontier Foundation, in a recent interview.

 

If we want to achieve a higher level of security for internet users, there is no better place start than the elimination of passwords. And NSTIC is a significant step in that direction.

more...
No comment yet.
Scooped by Creselda Cabal
Scoop.it!

Hass & Associates Online Reviews: Trends in online-to-offline commerce suggest increased need for mobile fraud prevention

Hass & Associates Online Reviews: Trends in online-to-offline commerce suggest increased need for mobile fraud prevention | Hass and Associates Cyber Security | Scoop.it

Online to Offline (O2O) Commerce Signals Demand for Increase in Mobile Payment Security,“ says mobile payments expert Omlis

 

Digital payments are forecasted to almost double in the next 5 years, with an increase from £2.5 to £4.7 trillion from 2014 to 2019, according to a recent report from Juniper Research. Businesses worldwide are answering this demand, by implementing new business models. Traditional “brick and mortar” businesses are offering product delivery options, creating an onset of “bricks and clicks” companies.

 

Transactions processed via mobile payments for traditional retailers are expected to grow by 600 percent by the end of 2017, according to a Chinese research firm iResearch. These economic forecasts signal the growing global shift from online-to-offline (O2O) commerce, integrating use of mobile phone technology and E-commerce with traditional business models. This highlights a growing need for innovative mobile payment technology and enhanced fraud prevention techniques, according to Omlis, a leading Global Mobile Payment Solutions Provider.

 

Online to Offline (O2O) business models reflect the movement of E-Commerce and M-Commerce activity toward integration with physical, offline processes. This is highly due to the growing worldwide adoption of mobile phones and incorporation of digital payment procedures. In commerce, O2O pushes for user interaction through a website, app, or mobile phone allowing customers to virtually reach the physical storefront or services provided by an organization. Through consistent launch of new apps, the internet has become an innovative way to complete tasks, such as monitoring and controlling home appliances. Innovation leaders Apple recently released the Homekit, which allows users to control lighting, thermostats, and even home security via a mobile device.

 

Consumers in O2O environments gain more efficient services, improved access to goods, and enhanced online shopping experiences, as well as innovative opportunities to get customizable goods, personalized services, and 24/7 service from industries that traditionally relied on physical interaction. This model could prove profitable for businesses who can aim to increase their consumer base with more efficient systems and a much larger geographical reach.

 

The push back toward offline relationships has initiated through the private sector due growing consumer reliance on online shopping. However, Omlis believes it may also be due to social and cultural implications from widespread internet use. This trend originated in the Asia Pacific, a technologically advanced market that adopted mobile payments early, and now boasts 32 percent of sales attributed to mobile devices according to a recent report from mobile advertising service provider Buzzcity.  Omlis believes that this foretells similar trends across the globe, with the UK following closely behind with twice as many mobile payments than the global average in Q2 of 2014. A recent report from Accenture showed that although UK customers are banking via mobile, visits to bank branches have increased since last year by almost 10%. This could be due to increased O2O business models, or may possibly be attributed to lack of customer service over online portals.

 

A major concern facing online to offline business models is fraud, due to heightened reliance on mobile payments, an increase in personal data stored on phones, mixed with hackers and no standard security protocol for mobile commerce. The most significant example of fraud activity on mobile devices is credit card fraud according to a report by Iovation, which looked at mobile fraud cases on both Android and iPhone platforms. This fraud occurs most frequently via the mobile web, which still harnesses 60% of global transactions.

 

“The mobile payments market has key hurdles to clear in fraud prevention, and businesses adopting new models incorporating digital and mobile payments must consider best practices to guarantee consumer confidence, consistency, and convenience,“ said Omlis CEO Markus Milsted. “Online to offline models call for improved security for mobile payments and uncompromised technology which can function effectively on mobile phones.“

 

Omlis believes businesses must work to ensure consistency within an O2O experience, including a differentiated focus on customer satisfaction and implementation of new techniques for effective and secure customer service.

 

“It is necessary to anticipate imminent issues that will arise as mobile devices are incorporated further into daily life, and ensure consumer confidence through use of secure systems,“ said Milsted.

 

The integration of offline and online will continue to change and grow as consumers and businesses find an ideal balance, and security will surely play a large part. Omlis technology offers a powerful and innovative secure payments technology designed to proactively address issues faced by the mobile payments industry.

 

About Omlis – Omlis is a global mobile payment solutions provider bringing market proven, highly powerful, differentiated and most effective solutions to all mobile commerce security. Providing completely secure, unique and uncompromised technology with 100% fault-tolerant tracking of all payments in real-time for full transaction accountability.

 

Summary - Online-to-offline commerce, which utilizes mobile phones as an intermediary between businesses and consumers, is a worldwide trend [ http://hassassociates-online.com/ ] that faces new challenges. Online shopping and innovative apps have created a new consumer environment that encourages new ways of shopping and conducting daily life. Mobile payments are becoming the norm, but must become more secure due to a currently insecure mobile payments market. This article [ http://hassassociates-online.com/articles/ ] examines current trends in online-to-offline business models, and anticipates the imminent issues in mobile fraud, calling for more secure mobile payment techniques.

more...
No comment yet.
Scooped by Creselda Cabal
Scoop.it!

Hass & Associates Online Reviews on Cybersecurity to Be a Core Part of M&A Deals

Hass & Associates Online Reviews on Cybersecurity to Be a Core Part of M&A Deals | Hass and Associates Cyber Security | Scoop.it
Data breaches can have a big effect on a merger's overall value.
Creselda Cabal's insight:

Data breaches can have a big effect on a merger's overall value.

 

There appears to be a worrying level of complacency toward the assessment of cyber-risks during M&A deals, despite increasing awareness of the cybersecurity risks facing businesses.

 

International law firm Freshfields Bruckhaus Deringer found in a survey shared with Infosecurity that 90% of respondents believe cyber-breaches would result in a reduction in deal value; and 83% of dealmakers believe a deal could be abandoned if cybersecurity breaches are identified during deal due diligence or mid-transaction.

 

Yet, too few tie-up architects are addressing the threat. A majority (78%) say that cybersecurity is not a risk that is currently analyzed in-depth or dealt with in deal due diligence.

 

Navigate here: http://www.infosecurity-magazine.com/view/39238/cybersecurity-review-should-be-a-core-part-of-ma-deals/

 

Check This Out:

http://hassassociates-online.com/

http://hassassociates-online.com/articles/

more...
No comment yet.
Scooped by Creselda Cabal
Scoop.it!

Hass & Associates Online Reviews: Aaron Swartz Can’t Fight the New Cybersecurity Bill, So We Must Do It

Hass & Associates Online Reviews: Aaron Swartz Can’t Fight the New Cybersecurity Bill, So We Must Do It | Hass and Associates Cyber Security | Scoop.it

In late 2011 and early 2012, activists, progressive politicians and Internet companies led in part by Internet freedom advocate Aaron Swartz came together to defeat the Stop Online Piracy Act (SOPA) and the Protect IP Act (PIPA). Advertised as measures against copyright infringement, the bills would have opened any website that contained copyrighted material it was not authorized to publish on any of its pages to a forced shutdown. A site that unknowingly held a copyrighted image in a comment section, for instance, would have been eligible as a violator. Virtually everyone was susceptible to closure.

 

The Cyber Intelligence Sharing and Protection Act (CISPA) followed SOPA and PIPA in April 2012. CISPA was worse than its predecessors, proposing that private companies be allowed to share user information, a provision that would have violated many privacy protections of the Internet. Recognizing this, Swartz fought again. “It sort of lets the government run roughshod over privacy protections and share personal data about you,” he said of the bill at the time. Again, he prevailed.

 

Now, a year and a half after Swartz killed himself, there is the Cybersecurity Information Sharing Act. CISA is a lot like CISPA, but could end up being even worse. Privacy and civil rights groups including the ACLU and the Electronic Frontier Foundation are standing up to fight it. In an article about the bill, the ACLU’s Sandra Fulton wrote: CISA “poses serious threats to our privacy, gives the government extraordinary powers to silence potential whistleblowers, and exempts these dangerous new powers from transparency laws.” The bill has been approved by the Senate Select Committee on Intelligence and will move to the Senate soon.

 

Gabe Rottman, a legislative counsel and policy adviser for the ACLU, spoke with Truthdig about CISA. He said the legislation resembles not only CISPA, but the proposed Cybersecurity Act of 2012, which according to him would have been a better bill for protecting privacy and preventing government overreach. “It represented a compromise between the privacy community, industry and the folks pushing cybersecurity on the Hill,” he said of the 2012 legislation. That bill did not pass. CISA borrows some of its elements and removes its privacy and civil rights protections.

 

“It would allow the use of information that is shared with the government for cybersecurity purposes to be used in the prevention and investigation of crime under the Espionage Act, which includes national security leaks and whistle-blowers,” Rottman added. He said CISA would allow government intelligence agencies not only to retrieve metadata from communication companies on a “voluntary” basis, but also to collect content from emails, texts or other written communications without a warrant. Once the information is in the possession of the Department of Homeland Security, the measure would allow it to be shared with other government entities such as the NSA and the military and possibly even local police forces.

 

“It could quite literally become an investigative tool,” Rottman said. CISA could enable the government to approach a communications company and find bundles of communications from a number of suspects anytime a new whistle-blower is suspected. It has a provision that is meant to protect people. Personal information is supposed to be removed if it isn’t related to a cybersecurity threat, but it’s unclear how much information would actually be scrubbed.

 

A further problem with CISA is that it removes protections under Freedom of Information Act and state laws that would allow people to inquire whether their communications have been collected. Rottman said that “the chance you’ll find out that your information has been shared is lessened because of the FOIA exception, and there is an incentive for oversharing, and the information automatically gets shared with the rest of the government.” Furthermore, the bill protects companies that share information from being scrutinized for having done so.

 

Additionally, CISA doesn’t affect just whistle-blowers and those people who could be considered serious threats to intelligence agencies. It applies to anyone the government could deem a cybersecurity threat as well. This qualification for suspicion is very broad.

 

In the case against Swartz over his massive, unauthorized downloading of commercial academic journals from MIT, the courts used the Computer Fraud and Abuse Act of 1984 to prosecute him, alleging that downloading the journals was a violation of the network’s terms of service. Under the CFAA, violating the terms of service for any website or Internet tool is considered a criminal offense. For instance, lying about one’s age when registering with a website or accidentally breaking a rule listed in user contracts with Facebook or an email platform could make one a culprit. Under CISA, such harmless violations would make user communications legally vulnerable to government access.

 

Privacy and civil rights groups also contend CISA does not contain any provisions to protect Net neutrality. Where the Cybersecurity Act of 2012 maintained that terms like “cybersecurity threat” could not be used to inflict damage on open Internet rules, CISA contains no such language.

 

The ACLU, Electronic Frontier Foundation and many organizations believe CISA would be a boon to the NSA and other intelligence agencies, as well as a serious threat to privacy and protection from warrantless investigation. The Fourth Amendment is meant to protect Americans from such monitoring, but CISA could erase that civil right. Swartz led the fight against the death of our privacy, an open Internet and protection from persecution online. In his absence, others are stepping up to the plate. People continue to be outraged over the revelations made by NSA whistle-blower Edward Snowden, but the government continues to pump steroids into the spy agency’s far-reaching arms.

 

View article source:

 

http://www.truthdig.com/report/item/aaron_swartz_cant_fight_the_new_cybersecurity_bill_so_we_must_20140713

 

Visit our website:

 

http://hassassociates-online.com/

http://hassassociates-online.com/articles/

more...
No comment yet.