In this first article we discuss the implication of risky browsing habits. The big shift that’s occurred over the past three years is a result of significantly increasing volume of commerce that is now transacted on the Internet. As more businesses make more and more money from ecommerce, the cybercriminals want to get their share. The motivation now for the vast majority of cyber attacks is money. The attacker profile has shifted from amateurs to professionals that want to make money and, in many cases, those professionals are very organized. It is their full-time job to attack sites. The bad guys, in some cases, will hire other people as mules to transfer money from one place to the other, so it’s an extensive, organized network. We’re not fighting against amateurs anymore.
The same way you learned to ride a bike, bake a tart Tatin, operate powerful machinery or build a house: step by step. Computing devices are everywhere. We each own a few devices that have Internet connectivity. We trust them with our most intimate information, we do business with them, go to bed with them and wake up with them. We drive with them, run with them and even swim with them. One would assume that considering the amount of time we spend with those devices, we must be really good at protecting them and the information that transits through them or resides on them. Unfortunately that is not the case. There are so many risks and threats that it is hard to keep track of what you should be paying attention to.
We have to keep an eye on scams, rootkits, malware, viruses, Internet hoaxes, spyware, denial of service attacks, data theft, data corruption, social engineering attacks, spam, compromising photos… the list goes on!. It seems that every day some brand new threat appears in our digital lives.
Most of the threats that we worry about have to do with data, that is what we are worried about. So it would make sense to first stop, and ask ourselves what we do with our data, whom we give it to and where we leave it? In order to protect anything, you must first know what you want to protect. So ask yourself: what data do you have? Where is it? Does it need to be all over the place? Yes, why? No, why?
Define your assets. Once you're done with that, ask yourself who might want your data. All types of data including credit card numbers and identity information is very attractive for cybercriminals.
Other types of data cybercriminals want to get their hands on :
Within hours those stolen credit cards were being sold in online black markets for $100 each. Online black markets are an ever expanding channels and growing underground economy. Criminals can also burn those credit card numbers onto blank magnetic stripes of their own and hand those out to mules who then go to ATMs and try to do cash advances or use the cards at various points of sale. The US banking system is particularly vulnerable to that because they do not required pins or use a credit card authentication keys. Because of this weakness and data loss, the US are starting to change those payment systems.
Once you know what you want to protect, find out how people protect the same kind of asset? What are your suppliers, competitors or customers using? Read, ask, bother your colleagues, read forum posts. No matter what your information security posture is, you can always learn more, get better at protecting your data, improve your computer habits.
We all have habits about everything, whether we are aware of it or not. Those habits can be good or bad.
We must stop assuming things, we must check the facts, we read, learn, discuss, and share. There is no other way. You have to start paying attention to your habits and assumptions when it comes to computing devices, data and the Internet.
All those questions have one thing in common, our habits and assumptions about our devices and how we use them. So stop! Ask yourself what your assumptions and expectations are. Your habits have grown out of them. If you have good habits, can you teach them to your colleague or create a training program? We've reached that point where everything seems related to everything else. We all do well or we fail collectively.
Sign-up for email updates...