20 facts that May Keep You From Committing Cyber-SUICIDE! vol 5, rel 3

Well, well, well.. Here we are beginning our new 2016 jaunt.  All dressed up, but no where to go... What do we mean by this?  

Basically, most IT professionals who are asked if they are sufficiently protected from cyber exploits, most will tell you, "yes".  For those who chose to admit that more could be done, cloak themselves with the idea that the likelihood of an exploit is slim to none, for no one will "hit" us.  

So for the sake of public service, we would like to submit 20 facts that IT professionals may not be aware of when in comes to Cyber-Security.

1. Cyber attacks cost businesses $400 billion every year—Lloyd’s of London, 2015.
2. Some 42 percent of survey respondents said security education and awareness for new employees played a role in deterring a potential criminal. — “US cybercrime: Rising risks, reduced readiness; Key findings from the 2014 US State of Cybercrime Survey,” PwC
3. There are more than 1 million unfilled information security jobs globally; by 2017 that number may be as high as 2 million — “2014 Annual Security Report,” Cisco; UK Parliament Lords’ Digital Skills Committee witness interview
4. The malware used in the Sony hack would have slipped past 90 percent of defenses today. — Joseph Demarest, assistant director of the FBI’s cyber division, during a U.S. Senate hearing
5. The average U.S. business deals with 10,000 security alerts per day. — “State of Infections Report Q1 2014,” Damballa
6. A significant 90 percent of CISOs cite salary as the top barrier to proper staffing. — “State governments at risk: time to move forward,” Deloitte/NASCIO
   
7. About 43 percent of businesses experienced a data breach in 2014. — “Is Your Company Ready for a Big Data Breach? The Second Annual Study on Data Breach Preparedness,” Experian/Ponemon Institute
8. Just 21 percent of IT professionals are confident that their information security technologies can mitigate risk. — “2015 Vulnerability Study,” EiQ Networks
9. As many as 75 percent of breaches go undiscovered for weeks or months. — Michael Siegel, research scientist at MIT, at a recent cyber security conference
10. The most expensive virus in the world and in cyber security history, having caused an estimated financial damage of $38.5 billion! MyDoom was first spotted in January 2004 and it became the fastest-spreading e-mail worm ever, exceeding all previous records. The virus’s origins are believed to be in Russia, but its author was never
    discovered.
11. Social media – a hackers’ favorite target, more than 1.6 billion social network users worldwide with more than 64% of internet users accessing social media services online. Users that spend a lot of time on social networks are very likely to click links posted by trusted friends, which hackers use to their advantage.
    
12. Cyber security fact: Oracle Java, Adobe Reader or Adobe Flash is present on 99% of computers. That means that 99% of computer users are vulnerable to exploit kits (software vulnerabilities). Just last week Adobe Flash Player had an exploit called “Nuclear”, just before releasing a security patch, which you should install asap if you haven’t already. The serious threat came from this exploit’s capability of delivering ransomware, such as various CryptoLocker variants, like Teslacrypt and CTB-Locker.
13. 59% of employees steal proprietary corporate data when they quit or are fired. But there are more types of insider threats to get protection against, malicious, exploited, or careless employees.
14. Social engineering – cyber criminals’ favorite way to manipulate victims. an international cyber crime ring based out of Eastern Europe managed to steal $1 billion in 2 years from 100 different banks in nearly 30 countries using spear phishing emails targeting bank employees. The spear phishing technique is, by far, the most successful on the internet today, accounting for 91% of attacks.
15. There is a real-time map that shows cyber-attacks in action. Ever wondered how
    cyber-attacks look at a global scale? Now you have the chance to do it with this real-time map put together by Norse.
16. 68% of funds lost as a result of a cyber-attack were declared unrecoverable.  Cybercrime is not only costly, but poses other problems as well for organizations worldwide. It’s becoming increasingly difficult to detect cyber-attacks and resolve security issues create by them: the average time to detect a malicious or criminal attack by a global study sample of organizations was 170 days (according to a research conducted by the Ponemon Institute).
    
17. Having a strong password actually can prevent most attacks. Facebook’s Chief Security Officer Alex Stamos has spent most of his career finding security vulnerabilities and figuring out how attackers might try to exploit software flaws. Stamos says that the biggest problem is that the media focuses on stories about the deepest and most complicated hacks, leaving users feeling like there’s nothing they can do to defend themselves. But that’s just not true. Users can protect themselves against the most likely and pernicious threat actors by taking two simple steps: (A) Installing a password manager and using it to create unique passwords for every service they use.  (B) Activating second-factor authentication options (usually via text messages) on their email and social networking account.
18. Every website and app should use HTTPS.  You’ve heard every rumor there is to hear about HTTPS. It’s slow. It’s only for websites that need to be ultra-secure. It doesn’t really work. All wrong. The Electronic Frontier Foundation’s Peter Eckersley is a technologist who has been researching the use of HTTPS for several years, and working on the EFF’s HTTPS Everywhere project.  All sites on the Web need to be HTTPS, because without HTTPS it’s easy for hackers, eavesdroppers, or government surveillance programs to see exactly what people are reading on your site; what data your app is processing; or even to modify or alter that data in malicious ways.
19. The cloud is not safe — it just creates new security problems. Everything is cloud these days. You keep your email there, along with your photos, your IMs, your medical records, your bank documents, and even your sex life.  Cloud security is like having a car cover – sure it’s more difficult to steal the car, but conversely, if someone decided to steal your radio, tires, and the contents of your car, no one would notice – because it’s covered.  Cloud services are able to correlate data across their customers, there’s someone at the front desk of that building 24/7, and they’re watching the logs and usage patterns as well. It’s a bit like herd immunity. However, if using sophisticated malware, the signs will be more subtle. When you’re trying to defend a cloud system, you’re looking for needles in haystacks, because you just have so much data to handle. There’s lots of hype about “big data” and machine learning right now, but we’re just starting to scratch the surface of finding attackers’ subtle footprints.
20. Software updates are crucial for your protection. There are few things more annoying in life than the little pop-up that reminds you that updates are required. Often you have to plug your device in, and the updates can take a really long time. But they are often the only thing that stands between you and being owned up by a bad guy.

Source(s):

• https://heimdalsecurity.com/blog/10-surprising-cyber-security-facts-that-may-affect-your-online-safety/
• http://map.norsecorp.com/
• http://gizmodo.com/9-facts-about-computer-security-that-experts-wish-you-k-1686817774
• http://swimlane.com/10-facts-every-cyber-security-professional-should-know/

So “Once more unto the breach, dear friends, once more;”

____________________________________________________________

About Rick Ricker

An IT professional with over 23 years experience in Information Security, wireless broadband, network and Infrastructure design, development, and support.

For more information, contact Rick at (800) 399-6085 x502