Tag Archives: Computer security

Computer Security 101

Computer Security in the IT world — a daily intellectual battle dangerously played between the good and the bad guys like a complicated chess game on a global level. Every day consists of countless battles, skirmishes, espionage excursions, reconnaissance, securing data, subterfuge, encryption, deceptions, surveillances, clandestine communications, and rambo raids in a ghostly intellectual dual between the defender and attacker.

The clever guy on either sides wins.

Our world relies on unified interconnected data, services, and computing resources for all aspects of our daily lives. Almost all sectors of our economy have come to critically depend on their availability, and ubiquity and correctness—failure in any part of the system could have devastating consequences on the rest of the system.

What are the attackers targeting?

Each day, all around the world, thousands of IT systems are compromised. Some are attacked purely for the kudos of doing so, others for political motives, but most commonly they are attacked to steal commercial secrets and money, access government and defence related information, disrupt government and industry service, and exploit information security weaknesses through the targeting of partners, subsidiaries, and supply chains at home and abroad.

What is Cyberspace?

“Cyberspace is an interactive domain made up of digital networks that is used to store, modify and communicate information. It includes the internet, but also the other information systems that support our businesses, infrastructure and services.”

— UK Cyber Security Strategy

Many players pose a risk to information

Cyber criminals interested in making money through fraud or from the sale of valuable information; Industrial competitors and foreign intelligence services, interested in gaining an economic advantage for their own companies or countries; Hackers who find interfering with computer systems an enjoyable challenge; Hacktivists who wish to attack companies for political or ideological motives; Employees, or those who have legitimate access, either by accident or deliberate misuse.

The threat is not only technical

Many attempts to compromise information involve what is known as social engineering, or the skillful manipulation of people and human nature. It is often easier to trick someone into clicking on a malicious link in an email that they think is from a friend or colleague than it is to hack into a system, particularly if the recipient of the email is busy or distracted. And there are many well documented cases of hackers persuading IT support staff to open up areas of a network or reset passwords, simply by masquerading as someone else over the phone.

Anatomy of a computer intrusion

Reconnaissance: Attackers research and identify individuals whom they will target through open source means.

Intrusion into the network: The attackers send spear-phishing emails to targeted users within the company with spoofer emails that include malicious links or attached malicious documents.

Obtain user credentials: Attackers get most of their access using valid user credentials. The most common type: domain-administrator credentials.

Establish a back door: With domain administrative credentials, attackers will move literally within the victim’s network, installing back doors for future and continued exploitation.

Install multiple utilities: Utility programs are installed on the victim’s network to conduct system administration, steal passwords, get emails, and list running processes.

Data exfiltration: The attackers obtain emails, attachments, and files from the victim’s servers and then encrypt and exfiltrate the data via the attackers’ command and control infrastructure.

Maintaining persistence: If the attackers suspect they are being directed or remediated, they will use other methods to ensure they don’t lose their presence in the victim’s network, including updating their malware.

Best practices against a cyberattack

While there is no silver bullet to prevent all attacks, the risks can be mitigated, and you can rest more comfortably, if you employ a multi faceted security program. A program that often times is simply based upon best practices:

If you’re an employee:

Use a complex alphanumerical password with a combination of numbers, letters (uppercase and lowercase) and symbols.

Change your passwords regularly

Do NOT open emails and attachments from unfamiliar sources, even if they looked official.

Do NOT install or connect any personal software or hardware to your organization’s network or hardware without permission from your IT department.

Report all suspicious or unusual problems with your computer to your IT department.

If you’re in the Management & IT department:

Implement defence-in-depth: a layered defence strategy that includes technical, organizational, and operational controls.

Implement technical defences: firewalls, intrusion detection systems, and internet content filtering.

Update your anti-virus software daily.

Regularly download vendor security patches for all your software.

Change the manufacturer’s default passwords on all of your software

Monitor, log, and analyze successful and attempted intrusions to your systems and networks.

Protecting against an attack or reacting to an attack is not a black art; most of the methods needed to protect critical information are already known and we just need to employ those methods more effectively. Preparation in advance of the 2:00 am phone call is everything.

Your data is your most precious commodity; prepare to protect it, and prepare to deal with the impact of a loss.

Further Reading

Canada’s Cyber Security Strategy

 — Public Safety Canada

Protect Myself from Cyber Attacks

 — Department of Homeland Security USA

Written by

Hi! My name is Woody, Senior Technical Lead & Product Manager at a leading software security company based in Montreal, Canada.

Why small businesses must tackle cybersecurity


Byron Acohido, USA TODAY 1:32 p.m. EST December 24, 2013


Editor’s note: In this guest post, Maria Horton, founder and CEO of EmeSec, outlines why small businesses must address cybersecurity.

The 23 million small businesses that are thriving in America today are the foundation of local communities across the country. Most businesses must adhere to the “always- on” world and stay connected with customers that cause potential concerns securing sensitive data.

Many government agencies, healthcare providers and small businesses often presume that a low profile will help them escape the reach of cyberattacks.

However, according to the 2013 Verizon Data Breach Report, three out of four companies attacked in 2012 were organizations with 100 people or less. The lack of a strong cyberdefense carries hidden costs in the form of lost intellectual property or legal liabilities.

With the rise of cloud and mobile devices, company information is no longer held within the business’ physical walls. End-users are downloading personal applications on company-issued devices or storing work information on personal devices.

Every industry approaches cybersecurity with a unique set of compliance standards. Within healthcare, the Health Insurance Portability and Accountability Act (HIPAA) regulations and Payment Card Industry (PCI) requirements focus on protecting personally identifiable information (PII) data.

Similarly, the federal government created the Federal Risk Authorization Management Program (FedRAMP) as a rigorous, government-wide program that provides a standardized approach to secure the cloud. The small business space can benefit from a similar degree of rigor in approaching security.

A year ago, the Federal Communications Commission (FCC) created a tailored small business Cyber Security Planning guide that allows a user to customize the security recommendations. Through this, the guide gives recommendations on specific issues like privacy, fraud, and policy development management. Small businesses can easily adopt best practices in cybersecurity.

Small businesses owners should consider all stakeholders in their security strategy. Data security must extend beyond the business to consider protecting all customers, investors, partners, and employees’ PII by guarding devices that hold sensitive data like a credit card machine.

Also, entrepreneurs can reduce the number of breaches by employing two-factor authentication security process forcing employees to use two means of identification such as a physical token and a security code.

Finally, security can be challenging when it comes to the growing mobile workforce. A mobile security strategy requires employee devices to incorporate password authentication, encryption of sensitive information, and a procedure for reporting lost or compromised information.

About the essayist: Maria Horton is founder and CEO of EmeSec, a Service Disabled Veteran Owned Small Business in the cybersecurity field.