Using up-to-date security software is pretty much at the top of recommended defense measures. Anti-virus and anti-phishing software filter out daily attacks from network communications. However, it is important that users can trust this software to intercept malicious software, harmful links, and other threats no matter who they come from. Threats may originate from criminals but also increasingly government organizations. Users also expect that data remains stored confidentially on their devices, especially considering that security software has the capability of viewing and intercepting data. Recently, the Russian antivirus company Kaspersky has made headlines for exactly this reason. US authorities claim that Kaspersky stole top-secret software from a government employee’s PC and delivered it to the Russian intelligence service. This included exploits for previously unknown vulnerabilities.
Sometimes it’s hard to believe the stories we read. In the case of CEO fraud incidents, cybercriminals earn double-digit sums in the millions by persuading employees that they are acting on behalf of the CEO or another senior manager. Employees then transfer the required amount to an alleged account of a partner or supplier, based only on an e-mail or telephone request without seeking reassurance. CEO fraud follows a similar method to telephone cons targeting the elderly but causes significantly higher financial damage. In mid-2016, an international network was unraveled which was alleged to have earned USD 60 million through the cybercriminal methods of Business Email Compromise (BEC) and CEO fraud. Similar attacks are now occurring on a daily basis in Germany, with similar dramatic consequences.
Smartphones are part of everyday life, either for private or professional use. However, while many users have taken basic measures to protect their desktop PC or laptop, this is not the case for mobile devices. A study by Consumerreports.org showed that in 2014 one third of all American smartphones did not have a single security measure, neither a PIN code, nor anti-virus software, let alone encryption. This may look different for professional and enterprise managed devices, but many use their personal mobile device at least partly for professional purposes. This means that links, files, photos, contacts and other internal company data are stored on personal smartphones. This makes easy pickings for a thief or digital attacker.
US retailers have been having a tough time of late. Shifting consumer tastes and the rise of online shopping have forced a number of stores to cease trading. While conventional stores may not be hiring for the summer like they used to, there’s still plenty of seasonal work to be found in hotels, restaurants and the hospitality sector in general. Restaurants and hotels are already popular targets for cybercrime. On top of this, the busy summer season brings an influx of newbies to join the workforce, adding an extra risk dimension for employers to deal with. From remote Point-of-Sale connectivity, to summer season workers using their mobile phones to look up or share company information, hospitality chains need a comprehensive VPN strategy so they can be assured that sensitive data remains private and secure.
When WannaCry dominated the headlines, manufacturers fell over one another to make a statement. On the whole, the comments can be divided into two groups. Some reminded customers that not patching software is negligent and others claimed that it simply would not have happened with their software/hardware/service. How true is this? One can hardly imagine that organizations such as hospitals or Deutsche Bahn would not have any protection software, employ incompetent administrators, or have not heavily invested in security technology. Security products and services were almost certainly available to the affected organizations; however, they were unable to neutralize this threat.
The ATM celebrates its 50th anniversary this year. Some of the oldest cash machines still in use today date back to an era when network security was relatively unsophisticated. Protecting connections between large numbers of disparate ATMs and the banks’ processing centers using VPNs is relatively straightforward. Yet, some banks have not yet taken adequate protective measures. As the Internet of Things gathers pace, the need to protect machine-to-machine communications is becoming urgent. Cybercriminals’ recent success in carrying out remote attacks on ATMs is a timely reminder of how important secure remote connectivity has become for M2M environments.