Archive

Archive for the ‘Contributed Articles’ Category

What the Juniper Revelation Means To You

December 23, 2015 Comments off

The Sixth FlagPete Kofod, December 22, 2015

Juniper Networks, a leading networking equipment vendor, announced on December 17, 2015 that they had discovered “unauthorized code” in their ScreenOS software.

ScreenOS is the operating system used to run their widely deployed firewall and VPN equipment.   The software appears to have been surreptitiously inserted, granting attackers full access to the firewall and the ability to read encrypted traffic.

To make matters worse, it appears this intentional “back door” has been a part of the ScreenOS since 2012.  Given how much sensitive traffic is protected by Juniper equipment, the consequences will likely prove to be disastrous.

Juniper is the firewall vendor of choice for the Unites States Department of Defense as well as for the banking sector.    Consequently, this vulnerability impacts virtually every government agency, Fortune 100 Company as well as the broad technology sector including social media firms and their customers.  In other words, everybody is impacted.

While Juniper and their customers go about analyzing the extent of condition and remediation, we should also consider this to be a teaching moment and an opportunity to review our assumptions about how we secure systems.

Defense In Depth is Not Enough

Most IT professionals, and certainly all security professionals, are familiar with the concept of Defense In Depth.  The principle states that security functions should be layered, forcing adversaries to successfully compromise multiple layers before successfully reaching a network’s “inner sanctum.”

Security LayersWhile this is certainly a worthy security guideline, there are good reasons to believe it may not fully meet its intended mark.  Defense in Depth historically is a network as opposed to application concept.  Simply, it is classic network security involving access lists on border routers, packet inspection by firewalls and restrictive routing policies inside the perimeter.

Unfortunately we have seen that many applications do not include detailed, multi-layered application security, choosing instead to rely on external resources (“the security team”) to save them, except the point and mandate of Defense in Depth is that each layer should include relevant and effective security.

This trend has only become more pronounced as application development has converged around web services.  Vulnerability exploitation has followed the trend and moved “up the stack.” This makes the security engineer’s responsibility far more challenging as applications, including exploits and attacks, are moving communications to HTTPS.

Defensive technologies such as Web Application Firewalls have stepped into the gap in an attempt to mitigate such attacks, but clearly they are not always successful and should not be considered the sole or even primary remedy.  Security is everybody’s responsibility, especially application developers and owners.   In addition to Defense in Depth, technologists should consider adopting cell structure approach to security.

Importance of the Cell Structure approach to Security

Cell Structure Security is the idea that the impact of system compromise can be sufficiently mitigated regardless of which system is affected.

The term traces back to how clandestine resistance groups organize themselves.  In a resistance movement organized in a cell structure if a member of a cell is captured and compelled to spill the beans, the compromise does not go beyond the individual or, at worse, the members of the cell.

To be clear, Cell Structure Security does not ask the question of whether a system can be compromised, it assumes compromise can and will occur at any level and therefore focuses on limiting the damage post-failure.

In a world of directory services and central authentication, this may seem like a tall order but analyzing the feasibility of implementing such an architecture is a worthwhile exercise nonetheless.

In the context of the current mess, it is all but certain that organizations have seen elevated credentials traverse their Juniper VPN connections completely unprotected.  The extent of condition for Juniper’s customers is still largely unknown but it should be assumed that the impact reaches far beyond just patching the Juniper systems.  In fact, the skunk may  well still be inside the walls as internal systems are likely to have been targeted based on the attackers’ reconnaissance of compromised VPN traffic.  The collapse of a single system has compromised the entire enterprise.

Premise is NOT inherently more secure than public cloud

Security remains a persistent concern for organizations considering the public cloud as a software and infrastructure platform.  Whether restricted by cultural or regulatory considerations, events like the Juniper incident should force technology managers to assess whether premise-based systems offer more effective security.

Public Hybrid PrivateWorries have understandably been fueled by well-publicized security breaches of cloud application vendors, but even a cursory review shows lax software and system design were more often than not to blame as opposed to inherent structural flaws of the cloud.

The truth is that the public cloud, in the hands of a responsible and security conscious team should be seen as an asset that can strengthen, as opposed to weaken, system security.  Top cloud service providers offer rich security functionality, but it is up to the software vendor and client to avail themselves of it.

An interesting exercise for technology leaders to undertake is to consider the architectural differences between premise and cloud-based systems.  Odds are that if they are both well-designed, the differences are not going to be significant and the public cloud may in fact offer security features such as 2-factor authentication and web application firewalls at a fraction of the cost of premise-based solutions.

Technology teams should also challenge themselves to answer the following question:  “If we were to move all systems to the public cloud, how would we do it in a manner that is consistent with our security objectives?”  After doing that, the team should compare the move with maintaining their existing premise-based architecture.

If the team finds itself implementing security measures in the cloud, which have not been currently implemented on premise, the team should ask why that is the case.

Conclusion

While the full impact of Juniper’s security lapse will not be known for some time, it should serve as an urgent opportunity for technology teams to question fundamental security assumptions, not just vendor selection.  What happened to Juniper can happen to anybody, vendor and customer alike.  IT leaders need to spend more time guiding their teams in evaluating consequences of security failures.

While vendors tend to define problem narratives in terms of known solutions, customers should not confine themselves to following that path.

About Pete Kofod

Pete Kofod has over twenty years of technical and leadership experience in Information Technology, including the development of secure hosted services for the transportation industry as well as designing and managing networks in the utility and defense sectors. Pete is Principal of Raleigh-based Datasages Consulting Group LLC, a firm he founded in 2008 that is dedicated to providing enterprise management services to industrial and transportation customers. Pete is often called upon to lend expertise to large-scale transportation projects. He has been a material contributor to the implementation of Positive Train Control in the United States, particularly as it applies to security and availability in a hosted environment.  Pete is also cofounder of The Sixth Flag, Inc. He can be reached at pete@thesixthflag.com

Advertisements

5 Places to Never Use a Bank or Credit Card

September 18, 2015 Comments off

Contributed Article By: Shaun Murphy, CEO Private Giant

According to ConsumerCredit.com, 80% of consumers use their debit cards for everyday purchases like gas, meals and groceries instead of cash. While a card is more convenient to simply swipe through a machine versus counting out change and worrying if you have enough cash on hand to make a purchase, it is not always the safest way to pay. Cash cannot be traced to a bank account or to other personal financial information like a bank or credit card can.

Privacy and security expert Shaun Murphy, founder of Private Giant, has identified five places consumers should never use their bank or credit card in order to help prevent their identity from being stolen and to protect their personal information.

Here are the places you should think twice before swiping or entering those priceless digits:

1.) Online shopping sites that are not secure. Before you enter your credit or bank card information, look for the lock icon without any overlays. While you are checking out, you should see this icon in your web browser:

HTTPS - Secure Connection

Not either of these:

HTTPS-Bad1  or  HTTPS-Bad2

Some sites, Amazon included, will not show you a lock icon until you login to your account or begin the check out process. This means anyone can see what you are shopping for while you are browsing.

2.) Hidden / out of view terminals. A hidden terminal could be as simple as the gas pump furthest away from the center or an unattended station for automatic checkouts at the grocery store. These are sweet targets for credit card skimming devices that can sit there for months without anyone noticing.

3.) Cell phone charging stations. While it may sound convenient to swipe your card to charge your phone for free when the battery is nearly dead, but you should think again. Despite being ripe for credit card skimming or nefarious credit card information storage, these devices can also dump the information from your cell phone while charging! This attack method even has a cool name: Juice Jacking!

4.) Apps (desktop or mobile) that ask you for your credit card information outside of the normal app store. Chances are this is not a legit application, especially if it is threatening you (you have a virus, please deposit $10… or I’ve encrypted all of your files and I’ll unlock them for a price.)

5.) Services that claim to be free or a free trial but still need you to input a credit card before you can start using it. It is almost guaranteed that service is either going to scam you or sign you up for some paid service that will be impossible to cancel.

Now, if you are wondering how exactly you are supposed to pay for the services you need in situations like those listed above there are a few options. One of the easiest is to use your bank or credit card to buy one-time use/reloadable cards that do not have ties to your personal information. Just make sure when you are checking out at the store that you go to a clerk, not a self-checkout lane.

Damage Control: Making what’s visible in Citrix/Terminal Servers invisible

July 22, 2015 Comments off

Kurt Mueffelmann, CEO and President, CryptzoneArticle contributed by Kurt Mueffelmann, President and CEO, Cryptzone

The Citrix XenDesktop™ and XenApp™ solutions, and Windows Terminal Servers, are commonly used to provide remote access to network resources. They are typically located between the internet and the internal network, providing an entry point into internal servers—something that makes them an attractive target for hackers.

Citrix/Terminal Servers provide highly valuable functionality for session-based access from the server to the network, which must be very open to allow for all the differing user profiles and use cases. The challenge is that all traffic from every user using a Citrix/Terminal Server is seen on the network as coming from a single IP address, which might represent dozens of different user types, all with various levels of clearance.

For a traditional firewall, this means that an access rule is necessary to allow the server to access every resource that any user on that server could need. In practice, these access rules often become a permit all for the Citrix/Terminal Server. This open door to the network represents a significant security risk.

What cyber criminals can’t see, they can’t compromise.

Taking the recent Anthem breach and many other notable breaches that were the result of stolen credentials into account, it’s safe to say that nothing is out of reach. Accepting that Citrix/Terminal Server access will be compromised is the most proactive cybersecurity strategy you could take. Here’s why: hackers are, simply, the best at what they do. Research supports his theory: incident response provider Mandiant recently reported that 97 percent of organizations have been breached at least once.

Citrix/Terminal Server access rules allow users sharing an IP address to access every resource on a network segment. Once inside the network a cyber criminal who possess stolen credentials, can “see” applications and services, whether authorized or not. Enterprises need to move away from IP-centric architectures to a role-based security model, dynamically provisioning access depending on the user’s role and contextual attributes.

Once past denial, and on to acceptance, an organization can fully embrace a practical Citrix/Terminal Server security plan by focusing on minimizing risk. While the majority of cybersecurity spending historically has gone toward building up a perimeter, limiting the amount of damage intruders can do after they’re in is a powerful paradigm shift in a CXO’s strategy.

It’s time to flip cybersecurity strategies on their head.

The focus now becomes about user access and entitlements, including tight user-based controls around network access from virtual desktops. Enterprises must move away from IP-centric architectures to a role-based security model that maintains the distinction between individual users connecting through a Citrix or Windows Terminal, then dynamically provisions access on the network and application level depending on the user’s role and contextual attributes.

Dynamic access control considers factors such as, “Is the user on a laptop at home, or on an unrecognized tablet on an unsecure Wi-Fi network?” “Should access be granted in the latter case to sensitive data?”

Disruptive solutions allow organizations to limit the damage that can be done by cyber attacks (via privileged account and third-party users) by using identity and context to dynamically secure access to individual resources—essentially making the rest of an enterprise’s infrastructure invisible. They prevent the exposure of sensitive and confidential information to only allow an individual to access what they are authorized to access. This not only prevents someone from authenticating into a network if something seems amiss, but can also limit any damage a bad actor can take if they get in with stolen credentials.

This concept is taking hold at places like Coca-Cola, Google and others. It’s IT’s job to ensure that every enterprise, regardless of their size or resources, can reap the same benefits. In order to truly protect corporate data and resources, tighter user-based controls around network access from virtual desktops is critical.

10 Questions to Ask to Make the Most of Your Data Center Investment

July 20, 2015 Comments off

FortrustContributed post by Josh Moody, Fortrust Senior VP of Sales and Marketing

While outsourcing your data center services often can be less expensive than maintaining your own in-house data center, it is still a considerable monetary commitment. That’s why most companies want to maximize their ROI by finding the right data center partner.

“Knowing what to ask and what to look for in a data center partner can help companies save valuable time and resources,” explains Josh Moody, Senior Vice President of Sales and Marketing at FORTRUST. “Businesses entrust a large component of their livelihood to their data center, so it’s important to work with someone with integrity and who will follow through.”

Here are 10 questions to help ensure you find a data center that fits your needs and can help you make the most of your data center investment.

1.     Have you considered consolidating data centers?

If your company’s main focus is to prevent downtime and data loss, you may be considering colocation at multiple, lower quality sites. Instead, consider colocating in one or two facilities that have an impeccable uptime record. This solution will remove redundant IT assets, software, maintenance and support, and disaster recovery contracts while maintaining the reliability you require.

2.     Is your hardware rationalized?

Rationalizing your hardware will provide a clear look at your inventory, giving insight into which machines are used effectively and which are not. By paring down your equipment, you can lower maintenance and support charges as well as lower energy costs, freeing up capital to allocate more wisely elsewhere.

3.     How secure is your data center?

Security is one of the biggest concerns for businesses looking to outsource their datacenter services. Your data center partner should deploy a combination of multi-layered and progressive security measures to control personnel access with multiple points and types of 2-factor authentication, including card readers and biometric scanners, dual mantraps, security identification points, CCTV, and 24-hour onsite security guards combined with offsite security monitoring. Your data center should be doing all they can to protect your business’s assets from attack.

4.     Does your data center provide constant customer support?

In addition to security teams and a skilled operations team, your data center should provide a professional, highly available customer support team. A problem, question, or a need to alter your services or environment could come up at any moment. A live support staff should be made available to you 24/7/365 to handle any questions, concerns, or requests for assistance quickly and with competence.

5.     Can your data center accommodate you now and in the future?

It’s important to select a data center that can accommodate your legacy hardware, extend its lifetime, and yet allow for future growth when customer computing demands or technology increase. A typical data center traditionally over-provisions, but a datacenter that provides a fit-for-purpose solution to match your requirements now and in the future optimizes your data center investment.

6.     Have you considered data modules?

In terms of energy consumption, security, and design, data modules offer some of themost efficient methods of colocation. Modules segregate hot and cold aisle containment and adjust cooling parameters based on the customer’s real time IT load. Their effective method of cooling allows for higher density computing, which maximizes space and efficient energy utilization, thus reducing operation costs by as much as 18.5 percent. By providing the infrastructure to perform high density computing, as well as savings from the energy efficient design and an extra layer of security due to its containerized architecture, modules are an effective colocation solution.

7.     How efficient is your data center?

Consider storing your infrastructure at a facility that maximizes operational efficiency. A highly efficient data center will have lower operations costs, which results in lower rates for the customer. Efficiency also speaks to how well a data center is run and maintained. Look for features that keep the data center’s IT equipment running longer and at peak operating efficiency like seismic enhancements, custom air filtration systems, closed loop cooling systems, a comprehensive Data Center Infrastructure Management (DCIM).

8.     Can you be sure your IT environment is optimized and your SLA is being met?

Most data centers today use a DCIM system that allows them to monitor the datacenter’s critical infrastructure, but a few progressive facilities are now offering their customers a real-time view into their data center environment as well. This virtual window offers insight into how and where your resources are being expended without speculation. This visibility ensures your SLA is being met, and informs you of any adjustments that need to be made.

9.     Does your data center provide ample connectivity?

Internet and WAN connectivity is vital to maintaining normal business operations in a connected world. Be sure your data center has a robust network infrastructure and employs several carriers with intelligent route optimization capabilities and regional peering points. Diversified connectivity, high redundancy, and intelligent load balancing ensure you experience low latency and a lower risk of uninterrupted service, which can be costly to your company.

10.  What is your data center’s uptime record?

Recent reports show that the average length of an outage was 86 minutes. When you factor in the average cost per minute of downtime — $7,900 — that means the average total cost of an outage was a whopping $690,200. With that in mind, smart IT organizations need a data center that does everything it can to prevent a costly unplanned outage. To minimize the chance of an interruption of services, choose adata center with risk mitigation features, a resilient critical systems design, a thorough DCIM, a well-trained operations team, and frequently tested redundant components and critical systems infrastructure. Be sure to ask for the data center’s uptime record, as well as the frequency of critical systems infrastructure (Electrical and Mechanical distribution) maintenance windows, which are the true measuring stick for any datacenter provider.

Every data center is different and will offer varying levels of service. Invest in a facility that offers all of the above to ensure that your organization receives the benefits and protection it needs. At the end of the day, your data center should be more than just another expense; it should serve as a valuable business partner to make your job easier.

# # #

FORTRUST is one of the most progressive high-availability data center services providers in North America, serving clients across the globe who depend on colocation services for a critical lifeline of their business. FORTRUST Denver is the largest data center in the region with over 300,000 square feet and 34 megawatts ofdata center capacity. FORTRUST offers agile, reliable, sustainable and secure raised floor and modular data center capacity for any-size enterprise supported by optimal power infrastructure and connectivity to safeguard mission-critical business services. In addition to the national headquarters in Denver, FORTRUST has data centerlocations in Phoenix, Arizona and Edison, New Jersey. www.ftdc.com

Categories: Contributed Articles

Rewire Your Brain for Business Success – How to Harness the Power of the Four Intelligences

December 12, 2014 Comments off

Acolyst

by Valeh Nazemoff

Do you ever feel like you’re drowning in the flood of data you receive each day? Are you simply reacting to challenges at work, instead of proactively addressing them? You are not alone. A new approach called “The Four Intelligences” can serve as a life preserver to help us master the flood of information we receive every day.

In my role as Senior Vice President of a business performance management firm, I commonly see executives struggle when attempting to answer two key questions:

  1. Are you confident that your organization’s performance will improve?
  2. Do you believe that the information you have in hand is accurate?

The management team at one client in particular was providing their executives with mountains of reports, sometimes hundreds of pages. The execs were overwhelmed and didn’t know how to make sense of it. They weren’t sure what questions to ask, what data they needed or why they needed it. Leadership wanted to make a difference to impact and transform their organization, but found it too difficult without insight into what was going on in their organization. That’s what sparked my creation of the “Four Transformational Intelligences.”

Valeh Nazemoff

Valeh Nazemoff

This new approach for business transformation blends practical strategies based on research from organizational psychology, neuroscience, business analytics, and multiple intelligences theory. These types of intelligences – financial, customer, data, and mastermind – are different but interrelated and, when coupled with key exercises, can lead to exponential organizational change. My original goal when creating this approach was to help my clients retrain their brains and drive value in their organizations, but I soon realized that this knowledge can benefit anyone from individual leaders up through entire organizations.

But what are the Four Intelligences?

  1. Financial Intelligence: Collect and use financial data to generate insights that lead to increased cash flow, profitability, and growth, as well as quality and productivity.
  2. Customer Intelligence: Understand your customers and how to find, attract, and connect with them on multiple, nuanced levels.
  3. Data Intelligence: Create easily understood, organization-wide processes, procedures, and systems through collaboration.   Communicate data in a timely manner and useful visual format.
  4. Mastermind Intelligence: Build a non-judgmental, creative environment based on mutual respect and collaboration.  Empower employees to be innovative when engaging and supporting partners and customers.

Each of the Four Intelligences encompasses a unique set of questions for every decision maker to ask himself or herself and their team. By training their brains to think along these lines, they will be able to use the outputs from these queries to identify, evaluate, and pursue transformational opportunities.

As I was building the methodology for this approach while consulting with my clients, I realized there is another major area to consider as you are about to embark on a new endeavor – your mindset.

“When the student is ready, the master appears”
This expression applies to the workplace as well. But, what does it mean to you? To me, it means that true learning and transformation can only occur when you have the right attitude, or mindset.

To make this mental transition, you must prepare, prepare and then prepare some more. Asking the proper strategic questions at the outset of a project can help you avoid costly rework, delays and deviations from strategy. Thorough and strategic assessment and documentation is key, as it paints a clearer picture of potential impacts on people, processes and systems. Through my work, I’ve learned that there is no tool or process that can replace the effectiveness of a meticulous requirements analyst. You may not have one at your disposal, but that doesn’t mean that you can’t learn to ask similar questions.

Get On the Same Page
Let’s say you ask all the right questions and map out your strategy. Then you must be all set, right? Not quite yet. Does everyone who will be impacted – both internally and externally – by this project share the same definitions of key terms? Of necessary action items? Of who is responsible for what? By ensuring that all players are on the same page from the get-go, you establish a cohesive mindset that improves your odds of achieving impactful and lasting change.

An Iterative Cycle
The Four Intelligences are not a static tool – rather, they represent a dynamic, iterative cycle. By constantly reevaluating changing conditions through the lenses of Financial, Customer, Data and Mastermind Intelligence, you provide yourself with ongoing opportunities to refine and readjust strategy as needed.

Caution: May Be Habit Forming
Just like with any new pattern of behavior, harnessing the power of the Four Intelligences comes through practice. Your goal is to create a habit of automatically thinking along the lines of the Four Intelligences. It’s not just rhetoric either – there are many engaging exercises you can try solo or as a team to really internalize the methodology. Once that occurs, you can easily spot what areas can benefit from your attention, and then improve them, helping yourself and your organization.

As you learn to cut through the clutter of daily data and collect and use critical information, you’ll see that you have optimized business performance through a combination of strategy, technology and teamwork. Then, you will be able to confidently answer “Yes” to those two key questions.

Valeh Nazemoff is the Senior Vice President and co-owner of Acolyst, a high-level business technology performance management consulting firm. An accomplished strategic advisor, team builder, speaker, author and teacher, she is passionate about improving people’s lives through strategic planning, technology and teamwork. Learn more about Valeh Nazemoff and her new book, The Four Intelligences of the Business Mind, at www.valehnazemoff.com and www.acolyst.com.

ERICSSON’s 10 hot consumer trends for 2015: connectivity integrated into daily life

December 10, 2014 Comments off

Ericsson• Ericsson ConsumerLab’s annual report shows that consumers want technology and connectivity to be integrated into all facets of daily life – in everything from bathroom mirrors, to sidewalks and medicine jars

• Consumers are becoming more comfortable with ideas that once seemed beyond imagination – like robots in the home and mind sharing

• In 2015, consumers will watch streamed video more often than broadcast TV

The end of 2014 is approaching, and Ericsson ConsumerLab can now, in the fourth edition of its annual trend report, present the hottest consumer trends for 2015 and beyond.

Michael Björn, Head of Research, Ericsson ConsumerLab, says: “The cumulative effect of smartphones becoming part of mainstream society is astonishing. As consumers, we try out new apps and keep the ones we think improve, enrich or even prolong our lives at such a rapid pace that we don’t even notice that our attitudes and behaviors are changing faster than ever. Services and products that quite recently seemed beyond imagination are now easily accepted and believed to rapidly reach the mass market. With only five years until 2020, the future really does seem closer than ever before.”

The insights in the report “10 hot consumer trends for 2015 and beyond” come from Ericsson ConsumerLab’s global research program, with a special focus this year on smartphone owners aged 15 to 69 in Johannesburg, London, Mexico City, New York, Moscow, San Francisco, Sâo Paulo, Shanghai, Sydney and Tokyo – statistically representing the views of 85 million frequent internet users.

These are the 10 hot consumer trends for 2015 and beyond:

1. The streamed future. Media use patterns are globalizing. Viewers are shifting towards easy-to-use on-demand services that allow cross-platform access to video content. 2015 will be historic as more people will watch streamed video on a weekly basis than broadcast TV.

2. Helpful homes. Consumers show high interest in having home sensors that alert them to water and electricity issues, or when family members come and go.

3. Mind sharing. New ways to communicate will continue to appear, offering us even more ways to keep in touch with our friends and family. Many smartphone owners would like to use a wearable device to communicate with others directly through thought – and believe this will be mainstream by 2020.

4. Smart citizens. The idea of smart cities is intriguing – but a lot of that intelligence may actually come about as a side effect of the changing everyday behaviors of citizens. As the internet makes us more informed, we are in turn making better decisions. Consumers believe traffic volume maps, energy use comparison apps and real-time water quality checkers will be mainstream by 2020.

5. The sharing economy. As the internet enables us to efficiently share information with unprecedented ease, the idea of a sharing economy is potentially huge. Half of all smartphone owners are open to the idea of renting out their spare rooms, personal household appliances and leisure equipment as it is convenient and can save money.

6. The digital purse. 48 percent of smartphone owners would rather use their phone to pay for goods and services. 80 percent believe that the smartphone will replace their entire purse by 2020.

7. My information. Although sharing information when there is a benefit is fine, smartphone owners see no point in making all of their actions open to anyone. 47 percent of smartphone owners would like to be able to pay electronically without an automatic transfer of personal information. 56 percent of smartphone owners would like all internet communication to be encrypted.

8. Longer life. Smartphone owners see cloud-based services of various kinds giving them the potential to live healthier and longer lives. Jogging apps, pulse meters and plates that measure our food are believed to help prolong our lives by up to two years per application.

9. Domestic robots. Consumers are welcoming the idea of having domestic robots that could help with everyday chores. 64 percent also believe this will be common in households by 2020.

10. Children connect everything. Children will continue to drive the demand for a more tangible internet, where the physical world is as connected as the screens of their devices. 46 percent of smartphone owners say that children will expect all objects to be connected when they are older.

About Ericsson ConsumerLab

Ericsson ConsumerLab has close to 20 years’ experience of studying people’s behaviors and values, including the way they act and think about ICT products and services. Ericsson ConsumerLab provides unique insights on market and consumer trends.

Ericsson ConsumerLab gains its knowledge through a global consumer research program based on interviews with 100,000 individuals each year, in more than 40 countries and 15 megacities – statistically representing the views of 1.1 billion people. Both quantitative and qualitative methods are used, and hundreds of hours are spent with consumers from different cultures.

Download high-resolution photos and broadcast-quality video at www.ericsson.com/press
Ericsson is the driving force behind the Networked Society – a world leader in communications technology and services. Our long-term relationships with every major telecom operator in the world allow people, businesses and societies to fulfill their potential and create a more sustainable future.
Our services, software and infrastructure – especially in mobility, broadband and the cloud – are enabling the telecom industry and other sectors to do better business, increase efficiency, improve the user experience and capture new opportunities.

With more than 110,000 professionals and customers in 180 countries, we combine global scale with technology and services leadership. We support networks that connect more than 2.5 billion subscribers. Forty percent of the world’s mobile traffic is carried over Ericsson networks. And our investments in research and development ensure that our solutions – and our customers – stay in front.

Founded in 1876, Ericsson has its headquarters in Stockholm, Sweden. Net sales in 2013 were SEK 227.4 billion (USD 34.9 billion). Ericsson is listed on NASDAQ OMX stock exchange in Stockholm and the NASDAQ in New York.

www.ericsson.com
www.ericsson.com/news
www.twitter.com/ericssonpress
www.facebook.com/ericsson
www.youtube.com/ericsson

KnowBe4 Issues Alert: Social Engineering Threats Soaring

December 3, 2014 Comments off

KnowBe4Tampa Bay, FL (Dec 3, 2014) KnowBe4 issued an alert today warning of a recent spate of high profile social engineering attempts targeted at prominent businesses. One such attack includes high profile financial advisors, officers and deal makers, thought to be an attempt to gain a Wall Street edge. The FBI also alerted private sector companies that targeting of their networks is a significant threat as reported by Reuters lateMonday. Not to be left out, small business and consumers are being targeted with fake IRS agents looking for a little extra dough for the holidays along with an uptick in phishing emails posing as  Costco, Home Depot and a variety of shipping sources.

Stu Sjouwerman, KnowBe4 CEO said, “Hackers will use as many avenues to break in as they can dream up, but social engineering is one of the favored. We are hitting the season when online shipping is at a peak and employees become much more complacent. It is important to keep users alert and aware of how much a target they are, especially during scam season.” Furthermore, Sjouwerman warns, “I cannot think of a more urgent reason to step all employees through effective security awareness training to keep them on their toes with security top of mind.”

Similar to a magazine’s editorial calendar, hackers have a “scam calendar” that focuses on events and opportunities to take maximum advantage of unsuspecting users or lax employees. These malware campaigns don’t discriminate between home or office and use social engineering to trick users. Millions of such phishing emails are sent each day and just one user in a hurry clicking on something might take down a system or a company.

Sjouwerman offers this advice:

1) Be on the lookout for “Shipping Problem” emails from from FedEx, UPS or the US Mail, where the email claims they tried to deliver a package from (for instance Apple Computer) but could not deliver due to an incomplete address. “Please click on the link to correct the address and you will get your package.” If you do, your computer is likely to get infected with malware. Warn everyone in the family, especially teenagers.

2) Watch out for alerts via a TEXT to your smartphone that “confirm delivery” from FedEx, UPS or the US Mail, and then asks you for some personal information. Don’t enter anything. Think Before You Click!

3) Reiterating a warning KnowBe4 sent out a few weeks ago, there is a fake refund scam going on that could come from a big retailer. It claims there was a “wrong transaction” and wants you to “click for refund” but instead, your device may be infected with ransomware.”

If not a customer, KnowBe4 will allow IT managers to create a free account and send a simulated phishing test to 100 users to see what the Phish-prone percentage of your organization is.

For more information visit: www.KnowBe4.com

Additional links:
Reuters story: http://www.reuters.com/article/2014/12/01/us-sony-cybersecurity-malware-idUSKCN0JF3FE20141201
Social engineering: http://www.knowbe4.com/what-is-social-engineering/
Security Awareness Training: http://www.knowbe4.com/products/kevin-mitnick-security-awareness-training/
Ransomware: http://blog.knowbe4.com/bid/400080/New-Flavor-of-Ransomware-Is-More-User-Friendly

About Stu Sjouwerman and KnowBe4

Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, LLC, which provides web-based Security Awareness Training (employee security education and behavior management) to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awareness training. KnowBe4 services hundreds of customers in a variety of industries, including highly-regulated fields such as healthcare, finance and insurance and is experiencing explosive growth with a surge of 427% in 2013 alone. Sjouwerman is the author of four books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses.

About Kevin Mitnick

Kevin Mitnick is an internationally recognized computer security expert with extensive experience in exposing the vulnerabilities of complex operating systems and telecommunications devices. He gained notoriety as a highly skilled hacker who penetrated some of the most resilient computer systems ever developed. Today, Mitnick is renowned as an information security consultant and speaker, and has authored three books, including The New York Times best seller Ghost in the Wires. His latest endeavor is a collaboration with KnowBe4, LLC.

False Pretense Films

Films with a Twist

I'm Just Trying to Help

Helpful Hints, Tips, Tricks, and Info

5K a Day 2017

Our 2017 fitness goal

The securityNOW Podcast Show

Cybersecurity News and Interviews

LoneStarFreedomPress

Phoenix Republic - The Lone Star Gambit / Sovereign's Journey

%d bloggers like this: