A recent series of white papers released Global Knowledge and specifically authored by James Michael Stewart (CISSP, CEH, CHFI, ECSA, and Security+) reveal some startling yet unsurprising facts about our predicted-yet-probable cybersecurity future. They come in a series of 10 different predictions, and this article will synopsize or summarize the conclusions reached by Stewart and Global Knowledge (GK). Fully-Automated Digital Extortion. Ransomware as we know it could likely merge with another malicious activity known as doxing (or doxxing, which is where a personally-compromising dossier of information is hacked and released as a form of blackmail or libel) into something we could perhaps call ransom-doxing, whereby doxing dossiers are hacked and held for ransom in a “botnet cloud,” as James Stewart calls it, which results in a particularly vicious and personal form of ransomware or cyber blackmail. A Major Digital Payment System Will Be Hacked or Otherwise Compromised. We’ve already seen things like the Egyptian “test hacking” of PayPal, but Global Knowledge predicts that one of the bug-riddled “mobile payment systems” based on Apple Pay and Android Pay will be breached. This is after mobile payment systems get the bugs worked out of their systems and become widely used globally, creating “a fertile environment for multiple groups to fail to address security properly” according to the GK Report. Data Leaks Related to Wearables Will Occur. As wearables evolve and emerge into much greater popularity and use, their being networked via the Internet of Things and also containing personally-identifiable information – especially medical and financial – “could be used for a wide range of malicious social engineering attacks” according to the GK Report. The Failure of Smart Home Devices. “In 2016, it is likely that a well-known and fairly well-implemented smart device (or device ecosystem) will be compromised by hackers,” says the GK Report. This assertion is based on the ever-increasing use of and reliance on IP-oriented remotely controlled devices in the home like light bulbs, thermostats, and HVAC controls. Continuing Security Underperformance by Businesses. The GK Report goes on to speak of a continuation of the lack of cybersecurity that has caused so many cases of ransomware, malware, and other cyber breaches in huge corporate organizations. It speaks of further similar disasters mostly being caused by companies failing to adopt “common sense security solutions or by stress-testing their own implementations.” Ad and Script Blockers to Become Essential Internet Tools. With malvertising (malicious advertising), scareware, adware and other phishing schemes and viruses on the rise, the use of ad blockers and script blockers will be essential in order for PC and mobile device users to stem the flow of malicious code generated unscrupulous data-miners and hackers. An Increase in Employee-Focused Social Engineering Attacks. The GK Report claims that among the predicted continuation of social engineering attacks such as phishing scams, fake security programs, and phone/VoIP attack calls, that compromised employee credentials will actually emerge as the biggest social engineering threat of 2016. Cloud Computing Security Threats. Although cloud computing, a.k.a. remote virtualization has many benefits, the fact that your data is being stored in someone else’s building is not necessarily one of them. It actually poses more risk than if it were being housed inside a secure virtual private server (VPS) or cloud server under your own roof. This fact will continue to pose risks for business networks, and the potential of at least one major cloud service provider being heavily compromised is high in 2016 and beyond. Serious Security Breaches Involving Drones. Drones, as we all know, are both useful and pose risks to privacy and physical property and well-being. They can also be used to gain access to wireless networks or breach security in order to plant listening or monitoring devices. We will likely continue to see drones being involved not just in military strikes, but also cybernetic ones as well. Cyber Warfare Will Increase and Involve Civilians. It’s no secret that governments routinely engage in cyber warfare and hacking as a weapon of espionage and attack on foreign databases. Although private citizens have largely been left untouched by this, in the future we will likely see cyber warfare attacks that involve innocent civilians. This will probably cause outrage and a backlash against shadowy governments’ misuse of cybernetic power, resulting in laws that protect private citizens from state-sponsored cyberattack. Ask a Cybersecurity Pro If you need effective cybersecurity services, {company} is a proven leader in providing IT consulting and cybersecurity in {city}. Contact one of our expert IT staff at {phone} or send us an email at {email} today, and we will help you with any of your IT issues or needs.
Hammett Technologies is proud to announce that we have joined the American Subcontractors Association (ASA). As IT support partners for a number of ASA members already, we hope to grow our network of valued clients with even more members in the coming years. The ASA is a non-profit trade association that addresses business problems affecting subcontractors of all trades across the country. Headquartered in Alexandria, VA and founded in 1966, the ASA works with more than 5,000 member companies through a national network of local and state chapters. The ASA boasts a massive membership of construction firms, manufacturing businesses, and related companies, all of whom could benefit from our team’s industry-specific IT expertise. Just hear what one of our current clients, another ASA member, has to say: “After relying upon many “experts” for that service and experiencing less than satisfactory results, we have finally found the expert partner we have needed in the person of Charles Hammett and his company,” says Dennis McCartney, Vice President of B&B Welding Company. We’re proud to provide clients like B&B Welding with a range of vital IT solutions, including: Flat monthly rate managed services plans that are easy to budget Comprehensive remote support capability via phone, email or online Responsive onsite support to address emergencies as they happen Robust data backup and business continuity solutions And much more! “It’s a mutually beneficial arrangement,” says Charles Hammett, President and CEO of Hammett Technologies. “We greatly value the business relationships we’ve developed with our current ASA clients, and only hope to provide leading edge technology solutions to more members to support their liability, security and other IT needs.” To learn more about Hammett Technologies’ many IT services for ASA members, get in touch with us right away at (443) 216-9999 or send us an email at info@hammett-tech.com.
According to a recent Cybersecurity Ventures report sponsored by Herjavec Group, projections have it that cybersecurity defense costs will exceed six trillion dollars by 2021. This will be double the cybercrime expenditures paid out in 2015. This is a staggering figure, even when taking into account the many millions of dollars paid out in fines for those who incur cyber breaches that violate HIPAA regulations alone. Figure in the remedial costs all those companies are paying in order to get adequate IT security, and you can start to get a picture of how big the IT industry is – and will be in the coming decades. Another interesting statistic is that by 2020, more than 25% of identifiable cyberattacks on enterprising ventures will involve the Internet of Things, which is quickly evolving into a huge target for opportunistic hackers. IT industry pundits are saying that fully half of IoT devices are unsecured and unready in case of attack. And, take just the six high-risk industries (healthcare, education, finance, manufacturing, government, and transportation) and what they pay out in cybersecurity alone and you’ve got a staggering figure that will involve millions of unsecured, Internet-connected devices. The healthcare industry tops the list of biggest current spenders on cybersecurity, being that they are also the most cyber-attacked industry as well. The race is on to make our business organizations more secure from cyber threat, but the attacks are steady, and increasing. Ransomware attacks alone have risen 300% in the last year, says the Cybersecurity Ventures report. And, cybercriminals have been showing off their weapons of mass destruction at the rate of 230,000 new malware exploits per day throughout 2015. A new zero-day exploit was discovered at the rate of one per day in 2015. Says Herjavec Group Founder and CEO Robert Herjavec (as seen on the popular TV show Shark Tank) about the problem, “There’s no effective law enforcement for financial cybercrime today. Organizations need to increase their defenses and become more resilient because there is no end state in sight for this growing cybercrime epidemic.” Add to that the pervasive ignorance of cyber defense best practices in the workplace in general, and this mass epidemic seems only to be worsening. Herjavec goes on to make the point that as long as cybercriminals get the message that their crimes are paying, the ransomware and other malware attacks will continue (meaning, in effect, “Don’t pay anything to cybercriminals”). The answer to this modern scourge seems to be more and better education, in the form of workplace tutorials on cyber safety, coupled with more comprehensive and sophisticated filtering technology that weeds out phishing, malware, and other schemes to hijack the sensitive data of companies in multi-billion dollar industries. Or, we will be swallowed up in snowballing cybercrime costs we can’t control or scarcely comprehend. Have Questions About Cybersecurity Monitoring and Costs? If you have questions regarding cybersecurity services, {company} is a proven leader in providing IT consulting and effective cybersecurity in {city}. Contact one of our expert IT staff at {phone} or send us an email at {email} today, and we will help you with any of your IT issues or needs.
Those who are put-off by noisy or inefficient PC cooling fans should consider upgrading to the new Corsair ML-series fans. They use maglev technology to defy the laws of physics and give you the most efficient PC cooling yet available. The maglev technology also defies earlier Corsair schematics by using powerful magnets that suspend fan blades away from the motor’s central bearing, which results in far quieter and reliable fan performance – even at higher speeds. The new Corsair ML-series model is also notable because the fan blades make almost no physical contact with any other casing parts, allowing for higher rotation speeds at lower decibels of noise output. Implications of New Corsair Technology One can guess at the implications of Corsair’s decision to go with maglev (magnetic levitation) technology over the noisier, clunkier models of PC cooling fans. Once you start connecting the dots to the Internet of Things possibilities, one can see that it won’t be just PC cooling fans that will use this technology. Cars, power tools, and other devices will also use the maglev innovation in order to make the devices we use more efficient, quiet, and productive. For IT, it will have particular impact. Imagine the uses maglev-tech cooling fans can be put to for servers and large computing stations. Offices themselves will also utilize the maglev technology, so it has cross-industry, universal potential in the global business environment. In June, Corsair released new memory and case fans, along with an updated Carbide 400C case at Computex 2016 in Taipei. It’s obvious that Corsair is serious about innovating technology solutions for a more streamlined, high-performance future. Corsair already makes ventilators, all-in-one fans, and liquid CPU coolers which themselves all have Internet of Things possibilities, besides those of immediate, practical application. An office of well-cooled hardware is a more productive and better-performing one. Where to Buy Corsair Fans The new Corsair fans come in both 120 mm and 140 mm. A Pro version features rubberized corners that further dampen noise and vibration at the higher RPMs, and also comes in a wider variety of colors. Prices range from $24.99 to $39.99, depending on the size and illumination options you choose. PC Cooling Questions? If you have questions regarding better PC cooling technology, {company} is the leader in providing IT consulting and hardware rollouts in {city}. Contact one of our expert IT staff at {phone} or send us an email at {email} today, and we will help you with any of your hardware cooling and IT needs.
In order to remain in business, stay competitive, and keep yourself and your company safe from a data loss disaster, there is a fairly standardized checklist that should be followed if you expect to survive the oft-treacherous contemporary conditions of business computing and Web connectivity. Here are 10 things you should have on your data network disaster survival checklist: Implement a solid business continuity plan. This is perhaps the sin qua non in the world of IT support and protection. It allows a given entity to continue doing business through any cyber threat, data breach, or natural disaster, such as fire, flood, or earthquake that destroys part or all of a physical IT framework. Effective business continuity can occur because of cloud-based or offsite backup, which allows remote access to data via cloud servers. Have a firm disaster recovery policy in place. As a subset (and very necessary) part of Business Continuity, Disaster Recovery, or DR, is essential to keeping a healthy IT network and a future in doing business in a Web-based or cybernetic manner. It involves the employment of a set of procedures or policies that ensure the recovery of data which is vital to business operations and continuation, generally through cloud-based means. Utilize employee cyber safety training and policies in the workplace. Employee cyber safety training and strict policies will cut down significantly on the risk of incurring a serious data breach and any subsequent data loss, downtime, or threat to the company’s future operations. Use antivirus protections on all computers on the network. Using effective antivirus software on all the computer terminals on your IT network will ensure the filtering out of spam, email phishing, malware and other exploits. Don’t ignore the suggested software updates. They may be annoying to most of us, but studies show that it’s a bad idea to ignore the pop-ups from Microsoft and other tech or software platforms. If you don’t want to leave it to your staff to do, have an IT support team that can force updates and upgrades overnight, to eliminate the ignorance of these important updates. Use cloud computing to cut down on overhead cost and data liability. Being able to use cloud computing services to collaborate on projects saves cost and liability in so many ways. Imagine what is saved on travel costs alone, to be able to telecommute or teleconference via shared docs in Office 365, Exchange, and other programs that streamline business productivity and ensure data disaster recovery. Perform a regular network system check. This should be done by an IT professional or support team, and will analyze and report any deficiencies in your IT network’s infrastructure. Perform regular PC maintenance. Performing regular PC maintenance has a built-in checklist of its own which includes: Daily data backup Weekly scans for malware Monthly disk defrags Monthly scanning of your hard drive for errors Twice-per-year backing-up of hard drive as an image Do semi-regular server maintenance checks. A 12-point server maintenance checklist, as part of healthy server management, should include such steps as backup verification, updating of your OS and control panel, changing passwords, and the checking of remote management tools, server utilization, and system security. Click on the previous link for more info on how to perform a 12-step server check. Have the most pro-active data loss prevention measures in place. This can include cybersecurity, intrusion detection and prevention, firewalls, antivirus software, cloud-based storage and software services, and can come as a “turnkey solution” with the right IT company and performance-assurance systems on the job. If you have questions regarding the best checklist for surviving data disaster, {company} is the leader in providing IT consulting in {city}. Contact one of our expert IT staff at {phone} or send us an email at {email}, and we can help you with all of your IT network needs.
In case you needed another reason for regularly changing your passwords, the recently-uncovered Yahoo hack of 500 million accounts is probably the reason of the decade so far. The hack and subsequent data theft involving half a billion Yahoo accounts is the largest of its kind – ever. Granted, it is Yahoo, where most people don’t send or store any sensitive data like payment card information (PCI) or other personally-identifiable or compromising information anyway, but it’s the principle of the thing. The Web-based giant has confirmed that the hacked information includes: Names Email addresses Telephone numbers Dates of birth Hashed passwords (the vast majority with the password-hashing function bcrypt) And, “in some cases,” encrypted or unencrypted security questions and answers. Yahoo Serious? Yahoo is alleging that the massive data breach “didn’t include unprotected passwords, payment card data, or bank account information.” The popular search engine and email host denies that it stores any payment card or bank account information in its database. And, although it blames a “state-sponsored actor” for the cyberattack (apparently from Russia, according to Yahoo and US intelligence officials), the fact remains that Yahoo allowed a hack of epic proportions to happen on its servers and domains, making the practical point clear to all of us: “Change and encrypt your passwords regularly.” The Yahoo hack resembles previous data breaches of huge Web-based giants like LinkedIn, Tumblr, and Adobe, as well as healthcare facility hacks where Ukrainian hackers claimed responsibility for at least one of them. This latest and biggest hack ever is so disconcerting, because the cyber breach occurred a full two years earlier. It repeats a pattern we have seen in these cybercrime cases where we don’t learn of the data thefts until well after they have happened. And, it’s also disconcerting for another glaring reason: Yahoo failed to inform its users of the hack and suggest a password reset in August 2016 when the news was first made public. The Password-Changing Argument There is great debate amongst white hat hackers and IT specialists on whether regular password changes are a good thing or not. The argument for seems to stem from situations like the Yahoo hack – basically, the “change when urgently required” rule. Studies have shown that routine password changes of every few months appear only to frustrate office staff, with new passwords only being variations on old ones anyway, and written on sticky notes attached to monitors, which defeats the purpose of safety. But, the pro-password change argument remains in serious cases like data breaches involving half a billion accounts. The Takeaway Basically, no one’s data is 100% safe online, even when supposedly protected over secure servers and databases. Too-frequent password changing may be just as risky as never changing them, so a happy medium here is prudent. A good rule of thumb is to stick with one hard-to-decrypt password, maybe alter a number or letter here and there, and never share any financial or personally-compromising information on unsecured channels of communication.
A new study done on online safety by German scientists reveals that 56% of email recipients and roughly 40% of Facebook users click on links from unknown senders. This is a particularly disturbing statistic, given what we all know about spam, malware, and phishing links that the unscrupulous embed in cyber messages designed to entice you right into dangerous, exploitative waters. It seems the main reason participants clicked on the hazardous links – even though they (78% of respondents) were well aware of the danger – was curiosity. Well, we all know what curiosity did to the cat. And, what it can do to you and your computer, data network, and business can be shocking at best, and catastrophic at worst. So, why do many people continue to click when they should delete or ignore? It seems that enticements that involve something personal or the promise of money or prizes are too hard for most to resist. Provocative visuals were also cited by participants as reasons for the irresistible urge that got the better of them. The use of personally-identifiable names in the messages was also a big motivator, understandably (to a point). But, aren’t we smarter than this in 2016, with all we know about email phishing scams, adware, scareware, ransomware, and all of the many-faceted cyber threats bombarding us? It appears that many will gladly toss caution to the wind and gamble their luck on the craps table of the cyber sphere, if the enticement looks passable enough. A Cautionary Tale Well, looks aren’t everything, especially on the Web. Caution should be the order of the day for everyone – from the neophyte, individual user to the largest corporations and government bodies – no matter what link to whatever from your “old friend from high school” lands in your Facebook or email inbox. Sure, humans can be fooled. Our gullibility when it comes to supposed gifts, enticements, letters, special messages, etc. spikes in a world that tends to cut us short “out there,” offline, in the real world. But, people, and especially business enterprises need to be stalwart and vigilant on this matter. After all, with more employees claiming to use social media during work hours, the chances of someone on your staff clicking a malware-loaded link are extremely high. You really should have a “zero tolerance” policy in the workplace towards clicking on unsolicited email or Facebook links that aren’t verified by the sender and receiver as being business-related. Period. For a Safer, Better Web Luckily, there are steps you can take and tools you can use to make your online experience safer and better, such as link safety websites. And, if you have further questions or concerns about email and Facebook phishing and scams and better Web link safety, {company} is the leader in providing cybersecurity and IT consulting in {city}. Our Web security platform can keep your employees navigating safely while blocking non-business sites. Contact one of our expert IT staff at {phone} or send us an email at {email}, and we will be happy to help.
It’s a concern many of us may have – whether or not someone has read a sent email message. It concerns both personal and business email users and works just the same as it would with a snail-mail letter – we want to know if the sender got or read our mail, ignored it, or never got it at all. Well, one way of finding out is by the use of email tracking, which utilizes a digitally time-stamped record that keeps track of the exact date and time your email arrived in your intended recipient’s inbox, or was opened, as well as recording the IP address of the email receiver. There are also concerns about the inconsistency of automatic email tracking in some circles, though complaints seem few and far between. Certain email tracking apps have traditionally been able only to tell you if the recipient saw that they received the email in their inbox, but advances in email tracking technology have now allowed certain clients to know whether those emails were indeed opened up, how many times it was opened, and even if multiple people opened the message. Email tracking that uses eye-tracking software to read the eyes of recipients in relation to opened emails is probably not too far down the road, judging by the rapidity of these advances. It’s Just Like Read Receipts Many of you have probably used read receipts in social media or instant messaging, but unlike in that format, you can’t toggle off read receipts within a given email service. You probably have a bunch of email-tracked messages in your inbox right now and don’t know it, though most are used by email marketing and CRM services. Ironically, it seems less disconcerting to have some corporate tracking device on sent emails than those used by close family and friends – after all, what if close relatives and friends judge you as being deliberately ignorant of their attempts to communicate with you? But, personal or business implications aside, there’s no doubt that email tracking software will evolve and become a more controversial issue in the future. Email Tracking Stats The market for email tracking is rapidly growing. The CRM industry is worth billions of dollars – many of those dollars spent based on who’s reading – and who’s discarding – their mail. The MailTrack Chrome extension has close to half a million users, gaining 60,000 per month as of July 2016. The MailTrack email tracking app recently celebrated its one-billionth tracked email, after only three years in service. Bananatag is another email tracking service, claiming to have a quarter of a million users and 25 million emails tracked so far. Since 2013, the number of folks using email tracking apps has increased by nearly 300%, according to Conrado Lamas, head of communications at MailTrack. Have Questions About Email Tracking? If you need more information on how to install email tracking software, {company} is the leader in providing IT consulting in {city}. Contact one of our IT experts at {phone} or send us an email at {email} for more info, and we will be happy to help you reach your goal.
They date back all the way to 1971, but the Pentagon is still employing floppy disks as part of their tests and military maneuvers. A May 2016 Popular Science article claims that their use by the Pentagon is “probably safer than newer technologies,” which may be exactly why the Department of Defense is using them as part of maneuvers involving nuclear drills and testing. It may also have to do with the recent hacking of several U.S. government agencies, including NASA, the NSA, and FBI. But, as the Government Accountability Office (GAO) recently noted in a report on legacy systems still in use by the U.S. government: “The Department of Defense Strategic Automated Command and Control System, which coordinates the operational functions of the United States’ nuclear forces, such as intercontinental ballistic missiles, nuclear bombers, and tanker support aircraft is woefully outdated.” Just how outdated? “This system runs on an IBM Series/1 Computer—a 1970s computing system— and uses 8-inch floppy disks,” the GAO report continues. Those 8-inch floppy disks date all the way back to 1971. So, why are they still in use – and by the most militarily capable government on the globe? Good question. A Pentagon spokeswoman told the AFP news agency in reply to the question, that, “This system remains in use because, in short, it still works.” And, it’s the fact that the IBM 1 Series computers that use the disks, as well as the disks themselves being so secure against cyberattack, that there is no rush to replace or upgrade the current DOD system. Which may prove a certain limited point on how a facet of legacy computer systems may actually prove safer than the use of something less…tangible? But perhaps only in such a unique situation as the strategic air command control systems and drills being used by the Pentagon and DOD. If you asked an IT expert, “Is it safer to use 8-inch floppy disks, or floppy disks in general than USB drive or cloud backup?” he or she would probably laugh and give you an unequivocal “No.” But, it appears that the Pentagon’s own CIO experts are taking the point of view that if a legacy system isn’t broken, don’t fix it. Certainly, some old-school techies like the idea of old Uncle Sam stuck in the early 1970s, utilizing big, floppy, cumbersome square things to store ultra-sensitive and exploitable government data. But, those old-school types may be in for some disappointment (as will those who argue for the large-format data storage method over more vulnerable USB drives), as the Strategic Automated Command and Control System is due for a lengthy upgrade beginning in 2017, and slated to last through 2020. Need Safe Data Storage Advice? If you’d like expert advice on the best way to keep sensitive data safe from exploitation – especially if you are in a high-risk industry such as government – then {company} is the leader in providing managed IT services and consulting in {city}. Contact our expert IT staff at {phone} or send us an email at {email} if you have any questions or concerns regarding safe data storage and security, and we will be happy to answer any and all your questions.
After spending a half-decade operating undetected, an APT (advanced persistent threat) known as “ProjectSauron” has been uncovered by both Symantec and Kaspersky Labs. A group called “Strider” has been using Remsec, an advanced tool that appears to have been designed for spying. According to Symantec, the malware has been active since at least October 2011. Symantec became aware of ProjectSauron when their behavioural engineer detected the virus on a customer’s systems. Kaspersky’s software detected the malware in a Windows domain controller as an executable library registered as a Windows password filter. The spyware can deploy custom modules as required, and has a network monitor. Once it has infected a system, it can open backdoors, log keystrokes, and steal files. It is heavily encrypted, allowing it to avoid detection as it takes control, moving across the network and stealing data. As many of its functions are deployed over the network, it resides only in the computer’s memory, not on disk. This, along with the fact that several components are in the form of Binary Large Objects makes it extremely difficult for antivirus software to detect. So far, evidence of a ProjectSauron infection has been detected in 36 computers by Symatec, spanning seven separate organizations in Russia, China, Sweden, and Belgium, as well as individual’s PCs in Russia. Kaspersky has found more than 30 infections across Russia, Iran, and Rawanda, and suspects that Italy may also have been targeted. Both Symantec and Kaspersky have suggested that a nation-state may be behind this APT. Kaspersky has collected 28 domains and 11 IP addresses in the US and Europe that may be connected to ProjectSauron campaigns. While it appears that the spyware has gone dark, no one can confirm whether or not Strider’s efforts have ceased. If Strider is in fact a nation-state attacker, these infections will likely continue to crop up. The fact that ProjectSauron operates by mimicking a password filter module is yet another indication that it may be time for technology users worldwide to move away from relying on passwords, favoring instead biometrics and other more sophisticated security measures. Need more information on how to best protect your data, devices and business against malware? Contact {company} at {phone} or {email} with your questions. We’re the trusted IT professionals for businesses in {city}.