Wednesday, August 20, 2014

Education and awareness are key for cybersecurity

“The key to combating these types of attack is continued education and awareness.” Security consultant Ken Westin at Tripwire refers to phishing attacks suffered by the US Nuclear Regulatory Commission’s employees. At least three of such attacks have been effective in the past three years.

Indeed the computers of the American institution that regulates the nuclear power industry in United States have been hacked twice by foreigners and once again by an unidentified subject. One of phishing attacks hit over 200 employees of the organization. A dozen of them took the bait and facilitated their credentials to the attackers following a link to a Google Docs spreadsheet. Although the intrusions were resolved immediately, the seriousness of the matter lies in the large amount of sensitive information about the US nuclear energy industry managed by the Commission.

As Westin says, to combat all forms of phishing is necessary to educate and raise awareness among users. A lot of banks, for example, have conducted prevention campaigns informing its customers that they will never request personal information via email and advising them to look at the URL carefully when accessing the bank’s website. However, phishing attacks are still targeting online banking users such as the HSBC’s ones, who are receiving emails purporting to be from the bank which lead them to a fake login webpage.

But the use of phishing techniques are just one of the many types of cyber attacks that we have to face. Ransomware, ie, malware that encrypts files on a computer with a secret key and demands a ransom to get them back, is another of the threats we have to deal with. Yesterday we told you about "ZeroLocker" and today we want to warn you about "TorrentLocker" which borrows several features from "CryptoLocker" and "CryptoWall" and adds some own code as well.

Perhaps our Latin American readers wonder what chance they have to suffer cyberattacks as we the ones we have described. According to Kaspersky’s ranking, Brazil is the most dangerous country regarding cyber attacks with 10.9 million attacks affecting almost 30% of users. It is followed by Mexico and, far away, Colombia, Peru and Venezuela.

Often the problem is that the developers put it too easy for cybercriminals. For example, when they don’t encrypt their apps and websites communication by HTTPS. In order to raise awareness about it and embarrass developers, the "HTTP Shaming" website publishes a list of applications that do not protect their users traffic.

Shame is probably one of the main reasons that move citizens to call for their “right to be forgotten,” recently recognized by the European Union. Thus, Google is required to remove the search results that users interpret can damage their image, when some specific conditions are met. Last month, the search engine received 91,000 requests to remove 328,000 pages. From all those that have been processed so far, 50% of them were approved, among which there are 12 links to BBC News, as reported by the British media itself.

We wish technology didn’t involve any risk! But it does, so every day we try to keep you informed and aware of all of them through our social channels (find the links at the right sidebar) or here on our blog. Follow us!


Post a Comment