Mitigation

Processes need to be defined based on the type of threat observed.  Broadly speaking, these break down into the three areas associated with threats to customers, to the company’s assets and threats to reputation association with community perception.  These will require processes to address the following in particular:

Guest Blog by the Online Trust Alliance (OTA)

Today the Online Trust Alliance (OTA), a member-based non-profit representing businesses and organizations from across the global Internet ecosystem, released a comprehensive white paper outlining best practices for end-user botnet notification.  This effort reflects input from over 100 businesses, governmental agencies and thought leaders who have been working to help detect, prevent, remediate and recover from the threats of botnets and cybercrime.

These days, it’s tough to find someone who hasn’t at least been sent a phishing email, let alone responded to one.  Being the go-to computer guy in my family, I’ve had to deal with “can you just look at this email and tell me what you think?” or “Microsoft called me about my computer being hacked, can you come fix it?” on more than one occasion.  And it’s not just my grandparents that I’ve had to educate, but younger family members as well – to support this finding, Norton released their Cybercrime Report last week which showed that Millennials were more likely to fall victim to cybercrime than Baby Boomers.  To think, here I was worried about old dogs learning new tricks, when the new dogs were the ones that needed the most help.

Norton says that cybercrime cost $110 billion over the past 12 months – quite the lucrative venture, it seems, especially when you fail to see much in the way of prosecuting the offenders.  We’ll occasionally hear about some high-profile carder or malware author’s arrest, but it seems that owners of file-sharing companies are of greater importance to law enforcement.  Perhaps the banking associations need to hire the MPAA’s lobbyists.

For any company that does business online, hearing that you’ve been involved in a data breach is quite possibly the worst news to hear.   Last month it was the online transaction processing company Global Payments, who joined the likes of Epsilon and Sony in the list of high profile data breaches in recent memory.  These breaches not only affect the existing customer base but can also do significant damage to your online reputation which could impact customer growth in the future; this is to say nothing of the monetary costs involved in “cleaning up” these PR nightmares.

Most businesses today understand the need of having their own website, but most of those businesses don’t monitor their websites and even more don’t know how to react when their sites have been compromised.

A new generation of Facebook Scams has emerged just in time for the launch of Timeline – Facebook’s new profile layout. And while these changes have more than one user celebrating Facebook’s evolution, there are a large number of defectors who are begging Facebook to let them revert back to their old profiles.

By Dylan Sachs and Minal Pithia

With the recent news of even more malware on the Android Market (and the subsequent Microsoft offer of a free Windows Phone for some of those affected), people are getting more and more concerned that their devices, personal information - or worse, their bank balance - are going to be targeted.

Accredited registrars can now purchase .XXX domains on a first-come, first-serve basis. The Internet Corporation for Assigned Names & Numbers and ICM Registry have finally released their latest attempt at supervising access to porn sites. The new .XXX domains are meant to filter access to adult content and give Internet users a heads-up of the site’s contents.

Banning employees from Facebook, Twitter and other sites shows a 30% increase in computer security breaches

TELUS and the Rotman School of Management have published their third annual IT security study. This time, the study revealed an increase in the number of security breaches in both government entities and companies in the private sector; with government entities experiencing twice the number of attacks – almost a 74% increase. Most of these attacks are aimed at obtaining sensitive citizen data for identity theft purposes.

One recent scam worked as follows:  A number of fake job postings were made on a very popular website featuring free online classified advertisements.  The “hiring company” name was not identified in the ads.  When an applicant applied for a position they received a response from a spoofed email address which looked like it came from a major employer.  The communication indicated the applicant has been hired on the spot, without an interview.  The justification made was “we are staffing very aggressively, and are prepared to make you a firm employment offer. Typically we conduct multiple in-person interviews with each candidate. However, due to increased staffing needs, we have greatly expedited the hiring process.”   I hope if you received such a response your suspicions would be aroused immediately!