What are the Top 5 Internet Security Trends for 2013

As the Internet and technology advances at increasing speeds, the concerns over security are keeping pace. New threats to security emerge every day. Check out the National Vulnerability Database . With access to the Internet expanding to various devices other than the laptop or desktop, there are more opportunities for attacks. With the ever increasing connectedness of our society, it is important to look at the Internet security trends 2013 and be prepared.

Each time you access the Internet, you are putting yourself and your technology at risk by exposing it to the security risks, known and unknown. The security trends for the coming year are looking to focus around a variety of threats including cyber conflict, ransomware, madware, social software and cloud-based cyber attacks. Like it or not, these concerns aren’t going away any time soon, so it is best to gain a baseline understanding of them so that you’ll be able to protect yourself in the coming year.

1. Cyber Conflict

Increasingly, cyber conflict is becoming a serious threat between states, organizations and individuals. While the threats at the state and organizational level may not be of immediate concern, cyber conflict can become very serious when you’re dealing with others sitting behind a computer screen. People are less considerate and often more bold when sitting at a keyboard. Threats and aggression come quickly as discussions online become heated. You can protect yourself and your family from cyber conflict by becoming more aware of how you interact on the Internet. Bullying and aggression are of great concern for families with children. Be sure to educate your children and monitor their Internet usage closely.

2. Ransomware

It’s actually just what it sounds like – virtual ransom demands from criminals. This is a growing threat due to the increasing sophistication of cyber-criminals. Be aware and protect yourself online by consulting with an Internet security firm if you are in a position where you feel exposed to the threat of cyber-criminals. Fast incident response is key when dealing with Ransomware.

3. Madware

Mobile adware or Madware is a growing concern as more and more people are using mobile devices to connect to the Internet. Madware can cause a HIPAA security violation easily of you lose patient data to an attack as well as pose a problem to the functionality of your mobile devices. Often mobile apps expose mobile device users to various forms of madware. Consult your mobile device dealer or an Internet security firm in order to protect yourself from madware. See this good illustration of madware from MobileSecurity.com

4. Social Software

Social media security is a growing concern as more and more people and social media platforms emerge. The social media reputation risk is high when people use social media platforms carelessly or are uneducated about the multitude of privacy and security risks that come from social media.

5. Cloud-based Cyber Attacks

Cyber attackers are turning to the cloud as more people and companies are using it as a way to store the massive amounts of data they accumulate through their desktops, laptops, tablets and mobile devices. This can be a great concern for people who are relying on these cloud-based services to store their valuable documents, entertainment collections and pictures. The recent news article of Wired technology journalist Mat Honan getting hacked through Amazon and Apple cloud services, “Apple account hack raises concern about cloud storage”  illustrates the damage.

As you can see, each of the Internet security trends of 2013 pose a real threat to your security online. Now is the time to take serious steps to protect yourself from these emerging trends so that you will be able to start the new year off right. It may seem like these things will never happen to you, but usually these attacks come when you least expect it. Just like home invasion, if you’re an easy target, you’re more likely to get hit by any one of these threats. The best defense is a good offense and in this case. For help in cloud, network and social media security, contact us at KRAA Security.

Enhanced by Zemanta
Social Media Buzz
Image by ivanpw via Flickr

Social Media Policy

Social Media has become part of the user community several years ago. Today we have social media in the corporate environment. The main problem we have is how social media has evolved. It has been a bottom up approach. By bottom up I mean that the consumer has determined how to use a technology and the corporation is playing catch up. But the social norms that are appropriate for a consumer “product” are not appropriate in a corporate environment.    
 
Social media usage is being retrofitted into the corporate environment. But the consumer is already used to using social media in an insecure, “information must be free” manner. Employees who have been used to giving up all their information in places such as Facebook and Twitter must now be retrained to use social media in a whole different manner to meet corporate standards. (Assuming we have a corporate standard for social media security)  
But what is a corporate standard for using social media in an appropriate fashion that does not put the company at risk? Corporations have not made a concerted effort to define that secure social media strategy, or even a strategy for training their employees in the “correct” use of social media.
 

Social Media Policy Infrastructure

What is a good starting point for implementing a social media policy? Here is a basic guideline.   
1) Define a policy – You cannot assume employees will do the right thing without guidance. You already have things like Expense Policies, Acceptable Use Policies, Internet Use Policies. Write a basic guideline. What’s in that guideline will vary from company to company.  
 2) Information Classification – You have to explicitly define what information can be shared and what information should not be Tweeted, FaceBooked, BlibbedBlabbaded (I made that up)about. If your employees do not know how valuable information is that you cannot blame them for inadvertently being sucked into the blogosphere. (I am not sure blogosphere is yet a word, but who cares)3) Keep It professional – If you allow your employees to Socialize (that a word with any meaning here?) information about your company, you have to give them standards to follow. Things like cursing, grammar mistakes, casual conversation style discussions might not be the image you want to portray when discussing anything related to your company. 4) Tracking and Monitoring – If you are going to have a policy for anything, you have to have a mechanism for tracking compliance, reporting on activity and have consequences for breaking that policy. How much tweets that are over the line makes you bring an employee before HR? What is a firing Facebook picture offense? This is a very abbreviated start. In later posts I will define more aspects of a social media policy. But let’s get the conversation started about the necessity for this as a standard policy in every organization, both large and small.  
Enhanced by Zemanta
Windows 7 is the latest stable Windows operati...
Image via Wikipedia
There is a lot of focus on network security and application security today. Years ago it was operating system security that was all the rage. But with the advent of the strict requirements of some of the regulations such as HIPAA, PCI, SOX, and FISMA, more attention needs to be paid to the operating system. As Windows is still dominant, what are some of the features you need to be concerned with in an application? Some key feature of a host security assessment tool are: 
  1. Ability to quickly audit
  2. Ability to inventory
  3. Structure for classification of components
  4. Patch management of course
  5. Ability to baseline and report against the baseline
  6. Templates of the regulatory requirements
  7. Templates of different levels of security configurations
  8. Threat identification and classification
  9. User management
  10. Port security assessment and management
  11. Service and process analysis
A baseline configuration for operating system security, cover things such as patch levels, ports, services, processes, logging, policy settings and user configuration, should be the first step for any company in host security assessment and diagnostics. If you build from scratch, or don’t use a secure template, you will always be in trouble. Timely updates and reconfiguration of your baseline is necessary. Your operating system like your network security should match your corporate business practices and procedures. Policies should be in place for this of course.  Over time you should be able to benchmark your host security problems, solutions and changes. Gary Bahadur http://www.kraasecurity.com http://blog.kraasecurity.com http://twitter.com/kraasecurity Address: 200 Se 1st St #601 Miami FL 33131 *Managed Security Services *Vulnerability Management *Compliance & Policy Development *PGP Security *FREE Website Security Test 
Reblog this post [with Zemanta]
The Washington State Capitol. Taken from The J...
Image via Wikipedia
PCI laws are expanding around the country. Washington State is the latest to add a law to their books. Washington state follows Nevada and Minnesota in implementing Payment Card Industry Data Security Standard (PCI), the law is HB 1149. It changes the breach notification law they already had on the books. The key point is that it allows issuing banks a method of collecting the costs to reissue payment cards after a breach.

Organizations who must abide by the law

It defines “business(es)” as merchants processing more than six million cards and sell to Washington state residents.  “Processors” manage account information for others and “vendors” sell software or equipment that processes, transmits or store account information.  Account information can is not so clearly defined. It will be interesting to see how companies outside of the state are affected. PCI Security Assessments are going to become even more prevelant.

How is the law implemented?

Entities that fall under the law are required to provide reasonable security measures. They can be liable for damage and if they have to reimburse their banks for reissuance of card, that can get very expensive.  The law should probably have been more clear on this point Determining a breach has been defined as “unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by the person or business.”  There is the possibility of confusion between account information and personal information. That will probably cause problems in the future lawsuits. Encryption is also going to be a challenge in the implementation and review for compliance requirements. How this law integrates or conflicts with PCI requirements will news worthy. The different levels of PCI compliance and the levels identified by the law are now completely consistent. Can PCI SAQ assessment be enforced by the law? Can you be PCI compliant and not compliant with the law, or vice versa? I would venture to say yes. If only we have a National Standard for all of this. Wouldn’t that be a progressive move? Gary Bahadur http://www.kraasecurity.com http://blog.kraasecurity.com http://twitter.com/kraasecurity Address: 200 Se 1st St #601 Miami FL 33131 *Managed Security Services *Vulnerability Management *Compliance & Policy Development   *PGP Security
Reblog this post [with Zemanta]
Ponemon Institute recently released their  Cyber megratrends as listed below. While I agree with these I think there were a couple that could easily be added to the list. First, I would either add or modify Web 2.0 into Web 3.0. Lets look to what is going to happen versus what is happening. Incremental change may not be the trend.  Secondly, I suggest adding Vendor Risk Management. The vendor does not have to be offshore to pose a problem. Vendors are so integrated into companies and business processes that they are like an employee but are not subjected to the same Network Security Assessment requirements in many cases. Its a difficult thing to try and forecast. The good thing about it is that no one really remembers your forecaste anyway. Regards Gary Bahadur http://www.kraasecurity.com

http://blog.kraasecurity.com

http://twitter.com/kraasecurity Managed Security Services Managed Firewall Managed Vulnerability Scanning

++++++++++++++++++++++++++++++++++++++++++++++++ Cyber Security Mega Trends Study Prepared by Dr. Larry Ponemon, November 18, 2009 Related articles by Zemanta
Reblog this post [with Zemanta]