Tag: cybercrime (Page 1 of 3)

The Ballooning Cost of Cybercrime

The legal industry finds itself in the upper echelons of companies when it comes to the fiscal impact of a cybercrime. However, many are ignoring this risk. According to the American Bar Association’s (ABA) 2015 Legal Technology Survey, about half of firms said they had no response plan in place to address a cybersecurity breach.

Furthermore, Cybersecurity Ventures predicts the costs associated with a cyberattack could balloon to $6 trillion globally by 2021. To put that in perspective, if cybercrime were a country, the number would represent the fourth highest Gross Domestic Product (GDP) in the world.

To better understand the costs associated with cybercrime it is helpful to group the expenses in two buckets, direct and indirect.

Read More

website security

Why Cybersecurity Matters

National Cybersecurity Awareness Month (NCSAM) is observed every October to raise awareness around the importance of cybersecurity. As we head into a new month, we remain focused on promoting the importance of practicing vigilance about cybersecurity year-round.

At SiteLock, our mission is to help create a secure Internet for all users. Regardless of industry, age or education, cybersecurity concerns us all. Cyberattacks can impact individuals as young as children, and organizations as large as Yahoo. Learn from the examples we provide in this blog as SiteLock President, Neill Feather, weighs in on why cybersecurity should matter to you.

Read More

SiteLock Security by Obscurity Blog

Are You Certain Your Website is Secure from Cyberattacks?

Websites experience 22 cyberattacks per day on average. That’s more than 8,000 attacks per year, per website. You might assume the majority of these attacks are aimed at eCommerce sites because they accept and store credit card information, but actually, the eCommerce sector accounts for only one percent of compromised websites.

Read More

SiteLock Popularity Infographic

Popular but Insecure [Infographic]

The more popular the website, the more likely the cyberattack. Find out your website’s risk of being compromised.

Read More

Is It Time For Mandated Website Security?

website security tipsWe’re now closing in on nearly one billion websites worldwide, and with another 6 million new domains being registered daily. Yet it’s estimated that less than 3% of those websites are secure. And guess who’s really taking notice of this glaring absence of website security?

It’s nothing new that hackers are constantly changing their tactics. What’s troubling is how quickly they adapt and adjust to whatever security countermeasures they encounter, and how creative and sophisticated their workarounds have become. That’s what happens when a crime becomes a lucrative industry, and when things like website security get overlooked hackers won’t waste a moment exploiting it.

Read More

10 Ways To Keep Hackers Away and Protect Your Data

moneydownthedrain1. Don’t Keep What You Don’t Need

Most businesses hang on to too much data for too long. And it’s often data that they don’t need. Or worse, didn’t realize they even had. So do a spring-cleaning. Do an inventory of all your data and everywhere you keep it. Identify what you don’t need, then get rid of it forever. And not by simply hitting the Delete key, but overwriting it to military standards or shredding it. When it comes to data breaches, you can’t lose what you don’t have.

2. What You Do Keep, Know Where It Is

So many data breaches result from data being in the wrong place at the wrong time. Like highly sensitive customer or employee information being carried around town or across the world on an unprotected laptop. As part of your inventory you need to know where your data is at all times so that you can protect it at all times. That means checking servers, desktops, laptops, websites, tablets, phones, removable storage, filing cabinets, storage lockers, warehouses, third parties and anywhere else it might be hiding.

3. Classify Your Information

Not all information is created equal. And understanding that you can’t protect all data all the time, you have to focus on the stuff that’s worth protecting. That’s where data classification comes in. There are a number of different ways to classify data, but they’re usually a series of three to five categories of importance – from top secret to simply private and confidential. By assigning a security classification to your data, you make it easier for employees to instantly understand how they need to handle that data.

4. Encrypt

In most states, you get an almost free pass on data breaches if the breached data was encrypted. That’s how good encryption is at making data useless to hackers. Encryption is getting much easier to implement and afford. Encryption isn’t just for credit cards and online transactions. In any business you can easily encrypt files, folders, hard drives, texts, phone calls and emails, photos and videos, and just about any kind of data.

5. Comply With PCI

The credit card companies are pretty good when it comes to protecting information, which is why PCI compliance is a great baseline. It’s not perfect and not a guarantee, but you should never be without it.

6. Lock Down Your Website

Many of today’s breaches start with the exploitation of poorly protected and patched websites. Which is really a shame because it’s so easy to protect your website. Make sure you’re using some kind of web scanning or monitoring service that will find and fix security holes before hackers do.

7. Turn Every Employee Into a Data Sentry

Technology only goes so far when it comes to preventing data breaches. People fill that gap, and the most important people are your employees. Every employee needs to understand the value of data, the risks of breaches, and how their choices can make all the difference

8. Try Not to Move It

If you know where your data is and you don’t plan to move it any time soon, then it’s very easy to lock it in place. But data is at its most vulnerable when it’s on the move – like stored on a traveling laptop or phone, sent on tape to a third party like a payroll processor, or even being emailed between employees.

9. Don’t Forget Paper Records

It’s estimated that one in every five data breaches involves paper records. That means documents stolen from a briefcase or in a burglary, dumped without shredding, or simply mislaid. So as part of your inventory you need to go through the piles of information in every office, pick what you have no more need for, and shred it.

10. Use Layers of Security

While antivirus software is important, it’s not enough. While website security is essential, it’s not enough. While good passwords are a must, still not enough. Hackers after your data are relying on the fact that you might be relying on just one or two layers of security between them and your data. Good security is about creating multiple security perimeters that convince hackers that you’re just not worth their time and energy.

Securing your website can be a daunting challenge. Contact a SiteLock consultant today to learn how to quickly and easily secure your site.

Google Author: Neal O’Farrell

Russian Hackers Caught With 1 Billion+ Stolen Passwords

Russian hackersSeems like just about everyone thought that the massive Target data breach earlier this year would be the biggest for a while. Yet only a matter of weeks later, eBay announced a data breach that was even bigger.

Now we’re learning of a hacker haul that makes those earlier breaches look like chump change. Security researchers in Milwaukee revealed that they’ve been monitoring a hacking gang operating from a small Russian town, and found the gang had managed to amass a database of more than 1.5 billion stolen credentials.

Here’s just a sample of what the investigators learned about the hackers, and the implications of their haul:

Read More

What Is A Botnet?

Malware can be confusing. Not just because there are millions of different types of malware, because they’re constantly evolving. And it doesn’t help much that researchers have a tendency to give them some crazy names.

The botnet, on the other hand, is relatively easy to understand. Instead of just stopping at infecting thousands or even millions of computers, botnets will continue to control all those computers remotely to perform the bidding of the bot controller or herder. That’s why it’s one of most sinister types of malware that all business owners need to be aware of.

Read More

Anatomy Of A Security Breach: Target

Target security breach 2013It’s not often we get a chance to attend a security breach postmortem — a step-by-step, hack-by-hack, mistake-by-mistake account of what went so horribly wrong. The U.S. Commerce Department recently presented their report into all the mistakes Target made, and which could have avoided, in its recent massive data breach.

The report provides what’s referred to as an “intrusion kill chain” that highlights all the places Target had a chance to spot the breach and stop it. But missed. For example:

  • The hackers were able to identify a potential Target vendor or supplier to exploit because Target made such a list publicly available. That was the starting point for the hackers.
  • The vendor targeted had very little security in place. The only malware defense they appeared to have used to protect their business was free software meant for personal and not business use.
  • The vendor’s employees had received little if any security awareness training, and especially on how to spot a phishing email. So the hackers used a phishing email to trick at least one of those employees into letting them in the back door.
  • Once in the vendor’s systems, the hackers were able to use stolen passwords without the need for authentication because Target did not require two-factor authentication for low-level vendors.
  • The hackers are suspected of gaining further access from the vendor by using a default password in the billing software the vendor used. If the default password had been changed, the attack might have stopped right there.
  • There were few controls in place to limit access the vendor had on the Target network. Once the vendor had been compromised, Target’s entire networks were exposed.
  • When the hackers installed their Point of Sale malware on Target’s networks and began testing the malware, that activity was detected by Target’s security systems but the alarms were simply ignored.
  • When the hackers created an escape route and began moving the stolen data off Target’s networks, that activity triggered alarms too but once again, the alarms were ignored.
  • Some of the data was moved to a server in Russia, an obvious red flag for Target security which once again was missed.
  • The login credentials of the vendor were used throughout the attack, yet Target’s security system wasn’t able to detect that those credentials were being used to perform tasks they weren’t approved for.

We keep saying that every business large and small has important lessons to learn from Target. Don’t waste the opportunity. Double-check your own security and see if there are any obvious gaps you haven’t spotted but need to be sealed. Need help? Give SiteLock a call any time, 24/7/365, at 855.378.6200.

Google Author: Neal O’Farrell

Data Privacy and the Cybercrime Economy

data-privacySpeaking in a recent interview on CBS’ 60 Minutes, Tim Sparapani, a former privacy lawyer for the American Civil Liberties Union, commented “Most retailers are finding out that they have a secondary source of income, which is that the data about their customers is probably just about as valuable, maybe even more so, than the actual product or service that they’re selling to the individual.”

It was a chilling admission that the world has changed in ways most of us never expected, and that there may be more value in private data about people than in selling goods and services to those people. Or stealing from them.

Read More

Page 1 of 3

Powered by WordPress & Theme by Anders Norén