Saturday, September 15, 2018

Computer Security: The Cyber ​​Criminals Are Winning

The cyber criminals are winning. Individuals and organizations are losing the computer security battle. The annual dollar amount being stolen by cyber criminals now exceeds the total amount of money bought in globally by illegal trade. This fact is stunning! What can be done?

Individuals and organizations must take pre-emptive action. This can only be done, in the author's opinion, when a security mind-set is developed by users and an organization implements a culture of information security.

The changes brought to us by electronic devices are phenomenal. Computers, tablets and smart phones have changed the way we do business and live. The invention and use of modern day implements have had far reaching consequences that are in the same earth-shattering league as the discovery of fire and its implication. We still have to exercise care to safely harness and use fire. Otherwise significant property losses and even lives can be lost.

A business must systematically protect the confidentiality, integrity and availability of its information assets. This can only be done when securing digital assets become a "business process". If your company is operating without a formal information security plan it is vulnerable. The only thing in doubt is how much you have already lost.

The same is true if we consider a single individual. You can determine your level of risk by considering the answer to just a few questions: Do you terminate a persistent Internet connection when you have finished surfing? Do you have a password that consist of more than eleven characters of which one letter is capitalized, one character is a numeral and another is a special symbol? Do you "lock" your keyboard when you leave your workstation? Do you systematically update software patches?

You are vulnerable unless you answered "yes" to each of the previous questions. Your systems may already be infected by malware. How can you be sure? One way is to obtain basic security software, learn how to use it and routinely follow security best practices. Avoid deviating from your routine and be suspicious of anything that is out-of-the-ordinary.

One person recently received a superior-looking email notification which appeared to be from the social media giant, Twitter ™. The computer screen even had Twitter's logo and included the user's Twitter ™ name. The communication informed the user that there was an attempt to access the user's account from a "different location" and the user was advised to change the account password.

The "form" on the user's screen contained space in which the user was asked to enter the "Old Password" and the "New Password". The ruse was very official in appearance and excellent. It failed for one basic reason, the legitimate user had not used the account for months. The target (the computer user) was suspicious and able to perform a "mouse over" (hovering above the link) to read the web address. The user saw a re-direct in the web address which would have sent the individual to a malicious software site.

Cyber ​​criminals are very smart and very good. The number of attacks is increasing and their level of sophistication is increasing. One can not be too careful when it comes to protecting information assets. Clearly our digital information is at risk and we all must become more diligent in protecting it.