According to Symantec's Internet Security Threat Report, cyber criminals are changing tactics and are acting speedily and methodically!
Symantec Security Advice for Business and End Users
In today's hyperlinked world, it is no longer a matter of attacking your data, but when. According to the recent Symantec (Nasdaq: SYMC) Internet Security Threat Report (ISTR), Vol. 20, the cyber criminals, has changed tactics once they penetrate the networks and then on the valuable data, avoiding their detection by infraction of the infrastructure and the use of this infrastructure for their benefit.
The most advanced cybercriminals continue to breach networks with spear-phishing-level attacks, which increased by 8% in 2014. The accuracy of these attacks, which used 20% less e-mail to successfully penetrate target organizations, is remarkable. and integrate more drive-by malware downloads and other web-based exploits.
Last year, target for 60% of all targeted attacks was small and medium-sized businesses. These businesses typically invest fewer resources in security, and many continue to fail to adopt basic protection practices such as blocking executables and screensavers attached to email, increasing the risk for both businesses themselves and their affiliates.
Malicious attacks are multiple and complex. The most common ones are those that put users' e-mails at risk. With simple text messages for Password recovery επιτυγχάνεται εισβολή μέσω social engineering.
Some of the most effective scams they are often very simple and realistic in their execution. Someone "pretends" e.g. the police officer, or an Authority and asks the average user to confirm passwords, which of course the user most of the time confirms.
This type of fraud is based on two things: In its simplicity and in the fact that people in their overwhelming majority trust their data in the Authority asking them, especially if it is also plausible.
Researchers in the field of security and cybercrime have also begun to pay more attention to the cloud, as much more data is moving from traditional computerized systems to this new environment.
Indeed, the amount of data and other resources stored in the cloud looks set to grow further as IT decision makers plan to significantly increase their spending on cloud computing in 2015. As with any system, whenever a new layer in a service stack, the potential for attacks also increases. While cloud environments can suffer from commonalities vulnerabilities, όπως για παράδειγμα τα SQL injection flaws, μπορεί επίσης να επηρεαστούν και από ορισμένα πρόσθετα θέματα ασφάλειας, όπως τα μη ασφαλή interface APIs, shared resources, data breaches, malicious users and misconfiguration issues.
A third point that calls attention to security issues is the fact that companies today, at regular intervals, are losing valuable intellectual property.
While many security initiatives have focused on the threats posed by cyber criminals and hackers, there is also a less obvious factor in the theft of corporate assets, and this is no more than employees.
In most cases, companies trust workers to move, exchange and report sensitive data in order to do their daily work.
However, there are also cases of employees who deliberately receive confidential information, for example, to use them in their next employer without realizing that they are at risk either themselves or the companies they work or work in, since valuable data may end up in dangerous "hands".
Correct management of corporate and personal data through multiple security systems prevents potential attack risks.
Symantec Business Advice:
• Using advanced security solutions helps businesses find threats and respond more quickly to malicious incidents.
• Implementing a multi-level endpoint protection, network security, encryption, strong authentication and reputation-based technologies ensure valuable data.
• Prevention is always better, so be prepared for the worst. The proactive management of a malicious incident ensures the security framework and must enable optimization as well as measurable and verifiable results, for all the events extracted.
• Providing ongoing education and training, as well as setting guidelines and policies for the company and procedures for protecting sensitive data on personal and corporate devices.
Advice to End Users:
• Χρήση ισχυρών passwords: Όσο πιο ισχυρό και μοναδικό είναι ένα password σε λογαριασμούς, και σε συσκευές, τόσο πιο δύσκολο είναι να παραβιαστεί. Σημαντική επίσης είναι και η αλλαγή σε τακτά χρονικά διαστήματα, ιδανικά κάθε τρίμηνο. Τέλος δε χρησιμοποιούμε ποτέ το ίδιο password σε διαφορετικούς λογαριασμούς.
• Social media attention: We do not click on links and emails that we do not know and on messages from unknown sources. Fraudsters know well that most users are more likely to click on friends' links and create corresponding accounts to endanger users and send malicious links to account holder contacts.
• What is published in a common "view": When installing a device that is connected to the network, e.g. a router, or downloading a new app, the terms must always be reviewed so that we know which data is stored. We disable remote access when it is not needed.
https://www.youtube.com/watch?v=x5R34SXnRpk
