Tuesday, September 23, 2014

Security perimeter goes wider

"Our members already cooperate intensely with their own, national police authorities in order to fight with financial cybercrime. Our partnership with Europol now adds a European dimension to this important work. International cooperation between banks and law enforcement bodies is essential because it is clear that criminals know no borders." With this words Mijs Win, Chief Executive of the European Banking Federation (EBF), announced the beginning of a partnership between his organization and Europol, in order to address cybercrime.

This cooperation is necessary to protect one of the most common targets for cyber criminals, credit cards and financial data. That means that two vital elements for securing transactions in Europe join efforts: banks and international law, which is the main obstacle that the police has to face when hunting down criminal gangs.

Today’s pill of news is loaded with studies. The first of them has been carried out by the Institute for National Security Studies (INSS) along with the Cyber Security Forum Initiative (CSFI). they compiled the "state of the art" in global cybersecurity by countries and continents. A short but intense overview of the industry with new digital advocacy groups, such as the US Cyber ​​Protection Brigade; increased resources for the European NATO; evolution of cyber-terrorists with such notorious cases as the theft of 5 million GMail accounts in Russia or the multibillion-dollar losses in Tanzania by digital fraud.

1,400 app developers participated in an anonymous survey by Aspect Security. The results describe the impact that security has on developers to tackling a new project. Such results leave no doubt. Most applications are susceptible to cyber attacks using basic techniques, which apply equally to the service itself, the server and third-party services.

Should developers get all the blame for that? Unfortunately, no. According to a study by Raytheon, 52% of organizations sacrifice security in pursuit of greater efficiency at work. This means that although the development presents acceptable security measures, the way that it is used by the client facilitates the work of cyber attackers, further compromising the privacy and security of the rest of the company.

Identification methods also bring doubts, as stated by Dave Lewis, Forbes contributor, in relation to the risk posed by biometric systems. In case of theft from company servers, attackers could gain control of the unlock pattern, which moreover is unique for each person (no chance to change it). With only a 3D printer it would be possible to emulate a fingerprint or an iris to allow an attacker to login or access to sensible information.

In other cases, however it is sufficient that the victim fell into one of multiple social engineering campaigns that populate cyberspace. The latest one targeted to iCloud users (Apple’s customers) asks user to access the company’s support page on an elaborated email. Of course, the linked page looks the same than the original site but redirects to different domains, probably legitimate ones which are used by the gang to gain control of innocently shared data.

Gradually we witness how all security branches eventually overlap each other, ranging from cyber security to protection systems or from user training to risk management. This is a slope field for most of society, but it is gradually brought to others thanks to you spreading the word.


Post a Comment