▼The Economic Impact of Cybercrime & Cyber Espionage▼
For banks, their number one is protecting the impression of trust. If they lose that
impression of trust, that bank goes out of business. It's that simple...There's
no device known to mankind that will prevent people from being
idiots...You may not be interested in strategy,
but strategy is interested in you.
IRA WINKLER | MARK RASCH
○ ○ ○
Facts aren't meant to scare. Facts, in the the right hands, strengthen the hand, mind and will to more adequately deal with threats at play. That's why I thank my good friends at The Center for Strategic & International Studies, McAfee and TrendLabs (TrendMicro).
Anything 'cyber' involves digital (i.e., online or networked) communications systems. Under the rubric of Cyber Security (“Cybersecurity”), the ones relevant to this blog include: Cybercrime, Cyber Espionage, Cyber Terrorism, Cyber Warfare and Cyber Threats.
Cybercrimes are crimes committed using computers and networks. These include hacking, intellectual property crimes such as downloading or stealing files; credit card and identity or other financial fraud or theft that, as above, may involve stealing millions of dollars from banks.
Economic and Industrial Espionage are defined below. But Cyber Espionage involves the calculated use, for purposes of stealing and gaining competitive or other strategic (economic, national, military, intelligence or political) advantage, of computers and/or digital communications techniques to gain unauthorized access to sensitive or secret information. Such information may also be resold or simply used against an adversary or competitor.
Called Cyber Attacks, disruptive or harmful attacks on networks, computer systems, and other communication infrastructure (infra) by groups or terrorists for political and other ideological reasons, fall under the rubric of Cyber Terrorism. DDoS (i.e., Distributed Denial of Service) attacks are the most common method used. Think Estonia, 2007.
Speaking of Estonia, Cyber Warfare involves nation states. As with the 2008 Russia-Georgia War (aka, 2008 South Ossetia War). Cyber Warfare comprise targeted, coordinated (ie., synchronized) and/or full spectrum critical network intrusions aimed at compromising, degrading, interrupting, corrupting, disrupting debilitating or destroying critical systems and data, communications, business operations, energy, medical, transportation and other infrastructural services. This significantly neutralizes, leaves vulnerable and/or defenseless the target nation's Critical Infrastructure, Critical (electronic) Assets and even Command and Control, creating chaos.
This is not theoretical. It has already happened.
And more is to be expected.
That is why we say after Land, Air, Sea and Space, Cyber Space (specifically, Information Warfare) is the 5th domain of current and future warfare.
Further, a nation “must learn to negotiate a new geography, where borders are irrelevant and distances meaningless, where an enemy may be able to harm the vital systems we depend on without confronting our military power”.
Hence, Cyber Security involves the protection of information and systems from major Cyber Threats which may or may not be intentional. Which may or may not originate from/by poorly trained employees, disgruntled employees or contractors, poorly secured/patched computers, vendor systems, cyber criminals (as in video above), virus writers and hackers, hactivists and anarchists, and foreign governments.
Now, whether a Cyber Threat is “directed toward Access to, Exfiltration of, Manipulation of, or Impairment to the Integrity, Confidentiality, Security, or Availability of data, an application, or a federal system, without lawful authority” or not, the adverse domino effect to any nation, organization or individual often revolves around the loss of assets due to a cyber event, loss of reputation/trust, Business Continuity, Information and Operations Assurance. To delve deeper via Series (6i). But at this point, we'll turn to one of the two critical steps in protecting yourself.
From malicious websites to phishing techniques/software such as keystroke logging designed to mine your personal or banking details, you can neutralize the possibility that you're being monitored by using a really good anti-keylogger. The best one I know of is KeyScrambler, by QFX Software. “KeyScrambler is a well-established anti-keylogging program that encrypts users' keystrokes in real time to protect users' privacy against data theft by keyloggers and keylogging malware.” You can get either the Premium or Free version by googling it or simply clicking the image to your left and the download button when you get there. That's the first step.
The second involves having an excellent a vulnerability scanner: criminal hackers' enemy.
Because Java exploits (including browser plugins that enable Java applications) claim more than 50% of computer hacks followed by unpatched Windows vulnerabilities, I strongly recommend that you completely uninstall or at least disable Java applications. That is, unless, and until you absolutely need one at any given time. And why? Because those exploits will completely bypass any Internet Security/Firewall & Antivirus solutions you have in place.
You bolster your security posture with a stronger Windows and Mac software and patch vulnerability manager/scanner/updater that goes further than your operating system's updater by monitoring the ever changing (software) security threat landscape.
Also, in case you were wondering: "a vulnerability scanner is a computer program designed to scan for vulnerabilities that are present within your network" or computer. And what's the point of all that? Let's first take a short break, shall we?
○ ○ ○
○ ○ ○
Simply put, you want to focus on your work, watch that favorite clip or new video, or chat with your friends. However, maintaining a secure computer doesn't end with an Antivirus or Firewall. Computer criminals are all around and they depend on old insecure software on your computer to get in and exploit you. So, what you want to do is safeguard your data and computer easily with something that scans and identifies such old and insecure software needing updates. For Windows users, doesn't Windows Update take care of that? Short answer: Not really.
So let's examine results on one computer I tested. Bear in mind that when we talk about vulnerability, all that is required to successfully mount an attack against your computer is just one program, one security hole. So, no. We're not talking Grade B+ being enough here.
○ ○ ○
○ ○ ○
We'll check on that computer's score later. But for now, we know Secunia PSI (Personal Software Inspector) is what we want. But remember, as in the previous blog: You need Administrator privileges to successfully proceed with the install. And although most tech savvy users usually wouldn't require help at this stage (i.e., after clicking the "Come and get it" below), I'll provide some illustration so you have an idea of what to expect. So, how to get the latest version?
Yes. Click it. And now with Admin privileges, you're ready to install
(or change the location if you want)
○ ○ ○
When it's done, you'll see a tray icon and as it quietly scans, ocassionally, you'll see status updates telling you a "new program" has been "removed", etc. You can always click on that to get more information. What you really want is the Scan Results, which you can get to from the Dash Board.
○ ○ ○
(on the top left)
○ ○ ○
Now, scroll back up to the top. The results you see directly below is the same computer
(after it'd been cleaned up)
○ ○ ○
So, how did we get here? Notice (directly above) where it says Install Solution?
And from the left Detected Version, Threat Rating, Program State?
You can either follow the Install Solution option or click
the "plus" icon next to the program of your choice
(for example Adobe Flash Player 11)
for more information on what
to do. See the Java update
○ ○ ○
○ ○ ○
There's always a better and stronger alternative around the corner or out there and you can expect more from me. But if you want to try a basic scan with language options, you can try the free Java-based OSI (Online Security Inspector) option from the same reputable company.
○ ○ ○
○ ○ ○