Network Critical - The Window to your Network

Crime and Punishment…and Protection


Crime

The European Cybercrime Center announced in its 2016 Internet Organized Crime Threat Assessment report. Here is a quote from the organization. “The volume, scope and material cost of cybercrime all remain on an upward trend and have reached very high levels.” Another report from BT and KPMG stated that, “Criminal groups who mount a constant assault on legitimate businesses are not simply members of an amorphous underworld. They are, in fact operated as rational hard-nosed businesses with their own clearly defined business models and money making scams.”

Given the above information here is an interesting report. According to a Zurich Insurance Group survey of small and medium sized businesses, about 11 percent of respondents said they worried about cyber-crime. This is not a typo and your eyes are not playing tricks. Also note, this is not a small sample. The survey polled 2600 C-level executives from 13 countries for this study. However, even though the number is small, it is the fastest growing perceived business risk category. So, it appears that cyber-crime awareness is relatively weak in small and medium businesses, it is growing.

Law enforcement, however, is paying attention. About 200 delegates from 56 countries met in Singapore the last week of September to discuss best practices for overcoming the many steep challenges of fighting cyber-crime and bringing perpetrators to justice.

Punishment
As reported in SC Magazine UK, Nazariy Markuta, a hacker for D33D Company, has been convicted and will spend two years in prison by the UK’s National Crime Agency. Two years! That is not a typo either, two years! Now, this is a guy who is believed to be involved in the leak of 450,000 email addresses and passwords from Yahoo!’s contributor network. Further, when he was arrested, agents found thousands or payment card records in his possession. But wait there is more…between 2012 and 1014 Markuta had attacked a video game reseller and SMS messaging service. He actually was sentenced to 11 years pleading guilty to 8 counts of hacking and fraud but the sentences will run concurrently, leaving him locked up for only two years!

Time for a little editorial comment…So, look. Cyber crime is no joke. It hurts real people and causes severe financial distress for victims. Global losses are estimated to be in the Billions of dollars annually. It is also difficult to track, arrest and prosecute perpetrators. Cyber theft of payment cards and personal information should be treated just like bank robbery or any other high crime. Ransomware hackers who disable systems and hold the encryption key for ransom, should be tracked down and treated like any extortionist. Phishers, whalers and other criminals with cute cyber names should be gives stiff sentences with little leniency. What about an international treaty that requires a minimum sentence of 20 years prison time and no cell phone or tech access? It seems that international cooperation and internet crime legislation have not yet caught up to the cyber world. Hopefully, that will change soon.

Protection
Until our lawmakers, judges and leaders catch up with the connected world, all we can do is to be careful, aware and protected. I had just read a report from a company called mimecast that offers some sage tips to help protect against whaling, a cyber crime where the perpetrator sends an email pretending to be a high level company official asking a subordinate to send money. For example, a US networking company called Ubiquiti was victimized to the tune of $46 million dollars in 2015 by a whaling attack. Here are some anti-whaling ideas:

  • Educate senior management and finance teams about this type of attack so they can be aware of the whaling tactics.
  • Carry out tests within your organization to gauge staff vulnerability.
  • Consider technology that alerts users when an email is coming from outside the corporate network.
  • Subscribe to domain name registration so that you will be alerted to domains that look like or are similar to yours.
  • Review financial practices. Insist that multiple signatures and requisition review be done prior to any large fund distribution.

Cyber crime is one of the fastest growing businesses on the global landscape. Law enforcement and the legislators are struggling to catch up with the new and evolving types and styles of cyber theft and extortion. Until that happens, it is up to individuals and companies to read, learn and be aware of potential threats coming at you in cyber space.


Posted: 29/12/2016 22:53:37 by Network Critical with 0 comments

Top 5 Trends for a Connected World in 2016

Close the books on 2015. In the last week we have seen many “Year in Review” stories. Here at Network Critical, however, we like to keep our eyes focused on the road ahead. We are going to start the year with a blog about trends in the networked world that are likely to affect our jobs and lives in the coming year. Here are some of the major trends and a few comments about each:

Bandwidth Growth - This is a recurring topic every year. What amazes us, though, is the magnitude of growth. Cisco forecasts that global IP traffic in 2016 will pass the 1 zettabyte mark. In case you have not yet heard of the term, a zettabyte is one trillion gigabytes. For the engineers out there, the number is 1021. That is a lot of zeros. Following are some of the drivers behind the bandwidth growth.

Devices - Part of what will be driving this growth is the plethora of connected devices that are being developed. The Internet of Things, is becoming The Internet of Everything. According to Gartner, wearable web access will be a $10 Billion business in 2016. This includes fitness tracking devices, watches, ear devices, glasses, shoes and even some talk about chips in tattoos. This trend has people being actively connected more hours per day, more days per week. We are closing in on 24/7 personal connectivity with new apps touching every part of our lives. Traffic from wireless devices will exceed traffic from wired devices in 2016.

Shopping - The internet has transformed shopping and more changes are coming. The early discussions were about dot com replacing physical shopping. Retailers are now learning how dot com shopping can enhance the physical shopping experience. So you will see more blending between internet and in-store activities. Further, retailers are becoming smarter about using the internet while you are in the store. The shopping experience will transformed to become more real time interactive between you and the retailer. Beacons will broadcast your location and merchandise may literally beckon your attention. You and your phone may be walking by a refrigerator that is enabled by a Bluetooth Beacon. When it notices your proximity it might blink (wink?) the ice maker light to catch your attention.

Entertainment - It is not your father's TV. Companies that are thought of as “Internet Companies” are engaging in content development and winning consumers over from traditional network TV. Streaming services companies Amazon, Hulu and Netflix received 14 Golden Globe Awards in 2015. In fact, streaming video is forecast to hit over $16 Billion dollars in the United States alone by 2019, growing at 15% per year. Streaming video at 4K (UHDTV) will have a dramatic impact on bandwidth requirements as these services grow. Netflix and Amazon were the only two companies on the S&P500 to double in value in 2015.

Security - How bad is it? It is so bad that an Italian security group called The Hacking Team, got hacked. Some other major breeches included Experian, Target, T-Mobile and Anthem Health Care. These are companies that are not without resources to protect and combat cyber attacks.

So what should we look forward to in 2016? More of the same. The lesson here is that corporate networks are not nearly as secure as we think. Further, the corporations are realizing that the cost of protection is much less than the cost of a breach. Expect IT Security budgets to grow in 2016. Look for spending on this triad…Visibility into data flows (to know what is going on in the network), Tools that will monitor and manage in-flows and out-flows (keeping the intruders out and keeping the data in), Policy to manage who has access to what). Re-thinking and dramatically shrinking who has access to confidential information in the corporate network will be a discussion in many board rooms this year. As long as there are networks, there will be breaches. However, good visibility, the right tools and sound access policy can help safeguard information and reduce the severity of breaches.

We hope you enjoy your new devices, interactive shopping and multi-screen entertainment in a more secure world. Happy New Year from Network Critical.

Posted: 05/01/2016 11:36:11 by Global Administrator with 0 comments