Preventing and Responding to Identity Theft

According www.us-cert.gov/ncas/tips/ST05-019, you can be a victim of identity theft even if you never use a computer. Malicious people may be able to obtain personal information (such as credit card numbers, phone numbers, account numbers, and addresses) by stealing your wallet, overhearing a phone conversation, rummaging through your trash (a practice known as dumpster diving), or picking up a receipt at a restaurant that has your account number on it. If a thief has enough information, he or she may be able to impersonate you to purchase items, open new accounts, or apply for loans.

The internet has made it easier for thieves to obtain personal and financial data. Most companies and other institutions store information about their clients in databases; if a thief can access that database, he or she can obtain information about many people at once rather than focus on one person at a time. The internet has also made it easier for thieves to sell or trade the information, making it more difficult for law enforcement to identify and apprehend the criminals.

How are victims of online identity theft chosen?

Identity theft is usually a crime of opportunity, so you may be victimized simply because your information is available. Thieves may target customers of certain companies for a variety of reasons; for example, a company database is easily accessible, the demographics of the customers are appealing, or there is a market for specific information. If your information is stored in a database that is compromised, you may become a victim of identity theft.

These are few ways to minimize your risk:

• Always do businesses with reputable companies:  before providing any personal or financial information, make sure that you are interacting with a reputable, established company. Some attackers may try to trick you by creating malicious web sites that appear to be legitimate, so you should verify the legitimacy before supplying any information

• Take advantage of security features - Passwords and other security features add layers of protection if used appropriately.

• Check privacy policies: Take precautions when providing information, and make sure to check published privacy policies to see how a company will use or distribute your information. Many companies allow customers to request that their information not be shared with other companies; you should be able to locate the details in your account literature or by contacting the company directly.

• Be careful what information you publicize: attackers may be able to piece together information from a variety of sources. Avoid posting personal data in public forums.

• Use and maintain anti-virus software and a firewall: protect yourself against viruses and Trojan horses that may steal or modify the data on your own computer and leave you vulnerable by using anti-virus software and a firewall Make sure to keep your virus definitions up to date.

• Be aware of your account activity: pay attention to your statements, and check your credit report yearly. You are entitled to a free copy of your credit report from each of the main credit reporting companies once every twelve months.

Note:

Individuals, be very careful in the way you intend to disposed your personal information and dropping your personal data. There might be dumpster divers in places just waiting for the opportunity to arrive.

Use the hints that are given above to help protect your data and be safe from identity theft.

Undertsanding fake Virus

What is Fake Virus?

Fake virus is malicious software designed to steal information from unsuspecting users by legitimate security software. The malware makes numerous system modifications making it extremely difficult to terminate unauthorized activities and remove the program. It also causes realistic, interactive security warnings to be displayed to the computer user.

How can computer become infected with fake antivirus?

Criminals distribute this type of malware using search engines, emails, social networking sites, internet advertisements and other malware.

How users will know their computer gets infected:

The presence of pop-ups displaying unusual security warnings and asking for credit card or personal information is the most obvious method of identifying a fake antivirus infection.

Steps to protect yourself

•           Be cautious when visiting web links or opening attachments from unknown    senders.

•           Keep software patched and updated.

•           To purchase or renew software subscriptions, visit the vendor sites directly.

•           Monitor your credit cards for unauthorized activity.

Types of cyber attacks

Types of Cyber Attacks

There are many methods of Cyber Attacks from malware injection to phishing to social engineering to internal stealing of data. Other advanced but common forms are DDoS Attacks, Brute Force attacks, hacking, holding a computer system (or a website) for ransom using direct hack or ransom ware.

Some of them have been listed below:

·        Gaining, or attempting to gain, unauthorized access to a computer system or its data.

·        Disruption or denial of service attacks (DDoS)

·        Hacking a website or mal-facing the site

·        Virus or malware installation

·        Unauthorized use of a computer for processing of data

·        The inappropriate use of computers or applications by employees of a company, the way it is use my cause severe harms to the company.

Cyber Attacks Response

Cyber Attacks Response

Cyber attacks can be essential information for users, businesses and other institutions that has an attack. The same applied to any field of IT, when it comes to protection against cyber attacks. Furthermore, assuming that your computer or website were attacked, after taking all the precautions they are some response you can take as follows:

• Did the attack really happen or is someone calling in to play a prank.

• If you still have access to your data, back it up.

• If you cannot access your data, and the hacker is demanding ransom, you may want to consider approaching the legal authorities.

• Negotiate with the hacker and regain the data.

• In case of social engineering and employees misusing their privileges, checks should be conducted to determine if the employee was innocent or acted deliberately.

• In the case of DDOS attacks, the load should be mitigated to other servers, so that the website comes back online as soon as possible. You may rent out servers for a while so that costs are minimal.

http://www.thewindowsclub.com/cyber-attacks-definition-types-prevention

Careers in Cyber Security

• Candidates who are willing and have an interest in cyber security should have the knowledge and required skills to respond quickly to threats as soon as they are detected.
• They should be able to poses a set of technical abilities to perform a lot of activities and remain extremely collaborative.

Here are a few jobs that is available with the Cyber Security field:

• Computer Crime Investigator: is a professional that investigates a number of crimes and recovering file systems on computers that has been hacked or damaged.

• Security Analyst: is a finance professional who is responsible for maintaining the security and         integrity of data. 

• Security Consultant: is a professional or adviser to give advice in any number of security                   specialization.

• Security Architect: is a professional who is responsible for maintaining the security of a company's computer system.
• Network Security Engineer: is a professional who implement, maintain and integrate the WAN (Wide Area Network), LAN( Local Area Network) and server architecture. 

Cyber Security, Advantages and Disadvantages

Cyber security refers to a range of concepts including the practice protecting an organization's information, networks, computer, and resources against attacks from security and computer attacks.

Advantages of Cyber Security:

• Improved security of cyberspace.
• Increase in cyber defense.
• Increase in cyber speed.
• Protecting company data and information.
• Protects systems and computers against virus, worms, Malware and Spyware etc.
• Protects individual private information.
• Protects networks and resources.
• Fight against computer hackers and identity theft.

Disadvantages of Cyber Security:

• It will be costly for average users.
• Firewalls can be difficult to configure correctly
• Need to keep updating the new software in order to keep security up to date.
• Make system slower than before.

Computer Based Training to Reinforce Security Protocols in the Workplace

According to http://www.knowledgeanywhere.com/blog/news-and-events/post/use-computer-based-training-to-reinforce-security-protocols-in-the-workplace, these are some outline on basic computer based training security protocols in the workplace;

Attracting viruses and other nasty malicious bugs is a real concern for every business. Therefore, cyber security is an important part of workplace practices. All employees need to learn and actively practice cyber security measures. Computer based training is a good way for companies to help employees learn safe practices.

Workplace Policy for Acceptable Computer Usage

All workplaces need to have a clear and precise protocol that outlines what is acceptable use of computers. Each company will have different expectations, as will different divisions within companies. These need to be constantly reviewed as workplace roles, conditions and expectations change to suit the needs of business.

Security protocols must be written in a way that is easy to understand. The document must also clearly show how to report incidents of abuse, how an employee can seek help with areas of concern, and clearly outline the consequences of abuse. If the protocol is new to the workplace, all staff members need to know the terms.

Educating Employees

New employee orientation programs must discuss the workplace's policy for safe computer use. It is not something to shove in a package and send home with people to read at their own leisure. Existing employees need initial training, plus ongoing training to ensure the information remains fresh in their minds.

Whole Staff Training

If cyber safety issues have not been addressed thoroughly, compulsory sessions for staff members are in order. Research has shown that the most successful outcomes result from small sessions. Ideally, computer based training, presented in a small virtual classroom, delivers initial training.

These sessions should address cyber security in employee's own homes first. This creates relevancy for the importance of cyber security in a way that addressing workplace security simply can't do. Then transition the skills to the workplace using eCourses or additional virtual training sessions. By highlighting the risks and costs to the company, employees find the information more relevant.

Computer Based Training and Cyber Security

Once employees are aware of better cyber security practices, using a learning management system to deliver quizzes to staff members is a good way to check employee knowledge of the issue. For example, having employees answer a Tip of the Day, or a Daily Quiz on computer security makes people more mindful of how they use the computer.

Keeping track of the responses is valuable for the IT security department too. They can be used to follow up with employees needing additional training and when used as part of performance reviews, they can reinforce accountability among employees.

Cyber Threat Source Descriptions

According to https://ics-cert.us-cert.gov/content/cyber-threat-source-descriptions, here are a few cyber threat source descriptions:

• Bot-network operators: Bot-network operators are hackers; however, instead of breaking into systems for the challenge or bragging rights, they take over multiple systems in order to coordinate attacks and to distribute phishing schemes, spam, and malware attacks. The services of these networks are sometimes made available in underground markets (e.g., purchasing a denial-of-service attack, servers to relay spam, or phishing attacks, etc.).

• Criminal groups: Criminal groups seek to attack systems for monetary gain. Specifically, organized crime groups are using spam, phishing, and spyware/malware to commit identity theft and online fraud. International corporate spies and organized crime organizations also pose a threat to the United States through their ability to conduct industrial espionage and large-scale monetary theft and to hire or develop hacker talent.

• Foreign intelligence services: Foreign intelligence services use cyber tools as part of their information-gathering and espionage activities. In addition, several nations are aggressively working to develop information warfare doctrine, programs, and capabilities. Such capabilities enable a single entity to have a significant and serious impact by disrupting the supply, communications, and economic infrastructures that support military power - impacts that could affect the daily lives of U.S. citizens across the country.

• Hackers: Hackers break into networks for the thrill of the challenge or for bragging rights in the hacker community. While remote cracking once required a fair amount of skill or computer knowledge, hackers can now download attack scripts and protocols from the Internet and launch them against victim sites. Thus while attack tools have become more sophisticated, they have also become easier to use. According to the Central Intelligence Agency, the large majority of hackers do not have the requisite expertise to threaten difficult targets such as critical U.S. networks. Nevertheless, the worldwide population of hackers poses a relatively high threat of an isolated or brief disruption causing serious damage.

• Insiders: The disgruntled organization insider is a principal source of computer crime. Insiders may not need a great deal of knowledge about computer intrusions because their knowledge of a target system often allows them to gain unrestricted access to cause damage to the system or to steal system data. The insider threat also includes outsourcing vendors as well as employees who accidentally introduce malware into systems.

• Phishers: Individuals, or small groups, who execute phishing schemes in an attempt to steal identities or information for monetary gain. Phishers may also use spam and spyware/malware to accomplish their objectives.

•  Spammers: Individuals or organizations, who distribute unsolicited e-mail with hidden or false information in order to sell products, conduct phishing schemes, distribute spyware/malware, or attack organizations (i.e., denial of service).

The Anatomy of Cyber Atttacks

Cyber criminals are stepping up and becoming professionals in their field. As the use of technology increases everyday, then hackers keep improving by the minute. Cyber criminals learning how to break through every code and devices as the development of technology come on stream. Therefore, hackers and virus are far more persistent and advanced which can lead to serious damages and destroy an entire firm. Furthermore, it has been a challenge for businesses to develop cyber security in order for these criminals to determine.

In order for users to know how to stop cyber attack, then users need to know how really work.

According to https://www.fireeye.com/current-threats/anatomy-of-a-cyber-attack.html here are six steps describing the anatomy of a cyber attack:

• The cyber criminal, or threat actor, gains entry through an email, network, file, or application vulnerability and inserts malware into an organizations network. The target is now compromised.
•   The advanced malware probes for additional network access, vulnerabilities, or communicates with command and control (CnC) websites to receive additional instructions and/or malicious code.
•   The malware typically establishes additional breach points to ensure that the cyber attack can continue if one point is closed.
•   Once a threat actor has established network access he/she begins to gather data, such as account names and passwords. Once the attacker cracks the passwords, he/she can now can identify and access data.
•  Data is collected on a staging server, then the data is exfiltrated. A data breach is now occurring.
•   Evidence of the cyber attack is removed, but the organization is still compromised and the cyber criminal can return at any time to continue the data breach.

Eight Common Cyber Threats

Cyber crimes have increase rapidly over the past years. These cyber hackers send threat to individuals, small businesses, officials and government networks to activate personal information and company's data. Cyber activities can cause great dangers to companies and individual in the future.


According to (www. national crime agency.gov.uk/crime-threats/cyber-crime),

Consumers:

·         Phishing: is an attempt that hackers use in the form of an email that poses as a legitimate company to acquired personal information.

·         Webcam manager: where criminals takeover you webcam.

·         File hackers: are criminals that hijack files and hold them to ransom.

·         Key loggers: are criminals that monitor and record all keystrokes you type- such as passwords and relay them to other security threats.

·         Screenshot manager: allows hackers to take screenshots of your computer screens.

·         Ad Clicker: allows hackers to direct a victim’s computer to click a specific link.

Business:

·         Hacking: are hobbyists who experiment with programs to maximize performance and attack weaknesses.

·         Distributed Denial of Services (DDOS): is an attack where multiple compromised systems are used to target a single system causing a DOS attack. (www.webopedia.com)

What is Cyber Crimes and ways to protect yourself from it?

According to (2013 Pearson Education, Inc. publishing at Prentice Hall), " Computer crimes are computer based activities violating state, federal or international laws. Cyber Crimes are carried out by the means of the internet."

As new technology keep emerging to enhance our lives and let users communicate with other users in next countries,  hackers keep gaining entry to harm and destroy technology. In order for cyber activities or crimes to decrease, we the users of technology together with tech entities have to play a vital part.

Here are some measures you can take to protect yourself from online criminals or attackers:

First you should create a strong password that consist of eight or more characters with the combination of letters, numbers and symbols.

Secondly always keep private information private such as you full name and date of birth, account numbers and social security numbers as well as other specific information about yourself.

Thirdly,  ensure to protect and lock your computer at all times when they are not fully in use. Also be careful with accessing unknown email address and clicking on free apps which can have hidden viruses and spam contain in it.

The next point is always do business with legitimate vendors or business. Be very careful and ensure that you are handling financial transaction with a reputable business.

Whenever you are using social networking websites always use private settings.

Always report any suspicious activities you encounter with to the law enforcement committee. 

President Obama improvement on Cyber Security

Cyber attacks have always been a very serious threat to the people whether its customers dealing with on-line transactions, businesses both offering, selling or buying on-line products or services. Companies with many servers and very huge databases aimed at storing lots of private user data such as Banks and Government Agencies with high amount of sensitive data and information that can’t afford to ever get compromised. But now cyber crimes have been on the high rise and worst hackers are getting far more sophisticated and now it poses a very serious threat to the White House and the Government of America.

Don’t you think that it’s about time for the Government to take the proper initiative with this issue?

Well according to (eandt.theiet.org/new/2015/feb), it’s said that, “President Barack Obama has held a summit on cyber security and consumer protection with top industry figures such as Apple, Facebook etc to encourage companies to share more information about cyber security threats with the government.” This sounds like a great approach the government is finally taking action and beefing up security with both customers and business while educating them about various security threats is the right way to go when dealing with security concerns.

It also states that most of the companies have sent their top information security executives. The main idea of the president was to bring tech companies, law enforcement, consumer and other entities that specialize in the area to make sure that issues and solutions to the problem handled properly.

Such a good initiative that was took by the president by collaborating with these companies and businesses in a effort to work together to increase or enhance cyber security for business and for the people was a very good approach to solving the cyber threats and other cyber related issues by collaborating and improving their infrastructure by sharing ideas and solutions is a good step the president took.