Better, Faster, Stronger Network Security in Time for the Olympics
The Olympics has always helped to put host cities on the map, but the flip side is that cyber security gets that much harder. Imagine the following situation:
The hotel's front desk people first notices the problem at 10:13 am as they are locked out of their computers. Their passwords aren't working.
Next, someone in billings notices there's something wrong with the hotel's website; the online booking page looks the same as usual, but there are no records of bookings for the past 24 hours and the administrator login page keeps giving only an error message. Just as the IT department begins its investigation, they are inundated with complaints from all departments that email is down. Blackberries and other mobile devices are useless. The security cameras go out next. Security personnel know something is up, but they're working blind...
The above scenario may be a bit extreme, combining elements of a cyber attack by organized criminals and possibly even terrorists.
But this kind of situation is actually being planned for as part of the 2010 Winter Olympics preparations in Vancouver. It's not just the Olympic organizations like VANOC that are already being constantly probed for vulnerabilities by hackers; private businesses ranging from hotels and tourism operators to all kinds of service providers will need to ensure their networks and web assets are locked down so data is protected.
Some points to consider as the Olympics draw near:
1. Websites are like water bottles with steroids -- you might not find out there's bad stuff in there until it's too late.
Your colleague asks: "When did we update the website with that new security page that asks for your private credentials after I've already logged in? Seems a bit redundant."
That would be redundant if it were an actual security feature. Possibly, it's the opposite of a security feature. Actually, this could be a clue that the organization's website has already been hacked, sending private data to an unknown entity. These types of scams will likely increase as more web traffic heads to the websites of Vancouver-based organizations over the next few months.
A great way to ensure the organization's website doesn't get hacked is to ensure it is built and maintained with security in mind. The majority of web developers do not have formal training in web application security. Especially those who are self-taught may have only a vague understanding of some of the most popular hacker tactics like SQL injection and cross-site scripting. As a result, they may not know how to remediate known vulnerabilities or how to counter less common but potentially devastating threats.
Make sure your in-house webmaster understands these issues and if they don't have the expertise in-house, get a web security assessment from a provider that does in order to find the vulnerabilities so you can fix them.
2. It's important to know who's really on your team
Network security involves many components, from physical security like locks on your server room door to user access management, firewall configuration, antivirus software and a schedule of patch management. Organizations need to prevent not only outsider attacks from remote hackers but also those fraudsters and criminals who will attempt to subvert your infrastructure from the inside. These kinds of attacks may also increase in the short term, as suspicious types try to take advantage of the spreading out of your assets to remote locations.
In mere moments, an intruder passing themselves off as "new" member of your organization can gain access to your systems, steal data and sabotage your systems. Access rules and tools already in place will help your organization withstand a probe even if they do manage to gain entry initially.
Data breaches often involve a combination of causal factors like those cited above. Make sure you cover all your bases and get expert help if your need it.
3. Teamwork is tricky when your messages -- or messaging device -- go missing.
Lately, more and more of our office's network infrastructure is located outside the office. During the Olympics, many of your colleagues or employees will be working remotely, possibly from home, a client on-site or other location.
Your Blackberries, iPhones and other mobile devices will contain corporate data. Provide clear rules to your employees working remotely about passwords and use of built-in features to lock down your data (and even erase it remotely, if need be). Some configuration will likely need to be provided by your IT people or a security service provider, especially to enforce uniform security processes.
Security regarding the types of messages they will receive (whether on mobile devices or on desktops) will also be an issue. As with any high-profile event, hackers will employ phishing techniques to try to use your employees' interest in Olympics news to get them to click links and download infected files. The same threat will appear in your social networking incoming messages on Facebook or Twitter.
"Olympic breaking News!" + obsfucated URL = security threat.
If in doubt but there is a real "business" need to click that link, employees can always check its safety first by visiting PCIS free online security tools.
Would you like help in improving your organization's network security? For information about website security scanning, network security assessments and other ways to protect your business and customers, contact Boonbox.
Ask A Security Expert
"I've read that antivirus programs aren't as effective as they used to be. Should I still be using this for my organization's network security?"
Absolutely, it is important to keep using antivirus. In this case, security isn't a case of either A or B -- you can have antivirus and a firewall and everything else you're using to keep data protected.
It's true that many types of antivirus software are increasingly less effective against some of the latest types of viruses and worms. It is hard for security vendors to keep up with defenses when it has become so easy for hackers to develop and deploy their viruses. However, your antivirus will keep you safe from plenty of existing threats.
No security tool is 100 per cent effective anyway. Different network security threats call for different solutions. To deal with viruses, there's no substitute for antivirus software to protect your computer network.
If your organization requires assistance in developing web security and network security policies, contact Vancouver's IT consulting and security experts.
Devfense Cyber Alert
PCIS Devfense Cyber Alert identifies websites that are vulnerable to attack. See the latest websites identified as vulnerable to badware at Devfense Cyber Alert on Twitter
This is not a complete list of all vulnerable sites on the Internet, but only represents websites where vulnerabilities were found within the past 90 days. These are only the latest additions to an ever-growing club of sites found to be insecure according to various public sources and online tools used in the web security industry.
If you would like more information on our data and why these sites are listed here, please contact PCIS
Devfense Cyber Alert Sites With Vulnerabilities Discovered in Past 90 Days
advancedlaser.net
afrikart.net
americanphotojournalist.com
chinese-chemical.net
evaluationengineering.com
expertsinprinting.com
harlequin.uk.com
hosting4speed.com
indiacoffee.org
innercirclemarketers.com
|
meditation.my
microbasetech.com
musicacentral.com
onjobtraining.in
philadelphiacricket.com
philharmonia.spb.ru
shopcabins.com
starshipmodeler.biz
thecitymalls.com
totalpaidsurveys.com |
Other ways to stay connected
About Boonbox
Boonbox is a division of Pacific Coast Information Systems Ltd., specializing in products for web security, network security, password management and data backup.
PCIS is a Vancouver-based company which provides strategic consulting, application development, technology solutions and managed services to companies and government organizations throughout North America.
How to Subscribe/Unsubscribe to the Informer
SUBSCRIBE: To subscribe to the Cyber Security Informer, send a blank email message with subject line "SUBSCRIBE" to informer@pcis.com
UNSUBSCRIBE: If you do not wish to receive future issues of the Cyber Security Informer, send a blank email with subject line "UNSUBSCRIBE" to:informer@pcis.com and we will promptly remove you from our distribution list.
WE WANT YOUR FEEDBACK: Our purpose for providing this free service is to keep our clients and business contacts informed of technology developments. This information can help them resolve common problems and achieve their full potential by strengthening their business processes and infrastructure. Your input is important to us and we welcome your ideas for new features and how we can continue to improve our service to you. Send your comments and suggestions to informer@pcis.com or contact us directly at 604.844.7558
|
