According to Symantec's Internet Security Threat Report, cyber criminals are changing tactics and are acting speedily and methodically!
Symantec Security Advice for Business and End Users
In today's hyperlinked world, it is no longer a matter of attacking your data, but when. According to the recent Symantec (Nasdaq: SYMC) Internet Security Threat Report (ISTR), Vol. 20, the cyber criminals, has changed tactics once they penetrate the networks and then on the valuable data, avoiding their detection by infraction of the infrastructure and the use of this infrastructure for their benefit.
The most advanced cybercriminals continue to breach networks with spear-phishing-level attacks, which increased by 8% in 2014. The accuracy of these attacks, which used 20% less e-mail to successfully penetrate target organizations, is remarkable. and integrate more drive-by malware downloads and other web-based exploits.
Last year, target for 60% of all targeted attacks was small and medium-sized businesses. These businesses typically invest fewer resources in security, and many continue to fail to adopt basic protection practices such as blocking executables and screensavers attached to email, increasing the risk for both businesses themselves and their affiliates.
Οι κακόβουλες επιθέσεις είναι πολλαπλές και πολυσύνθετες. Οι πιο σύνηθες είναι αυτές που θέτουν σε κίνδυνο, το e-mail των χρηστών. Με απλά μηνύματα κειμένου για Password recovery επιτυγχάνεται εισβολή μέσω social engineering.
Some of the most effective frauds are often very simple and plausible in their execution. Someone "performs" e.g. a police officer or an Authority and asks the average user to confirm passwords, which the user of course most of the time confirms.
This type of fraud is based on two things: In its simplicity and in the fact that people in their overwhelming majority trust their data in the Authority asking them, especially if it is also plausible.
Researchers in the field of security and cybercrime have also begun to pay more attention to the cloud, as much more data is moving from traditional computerized systems to this new environment.
The amount of data and other resources stored in the cloud shows that it will grow further as IT decision makers plan to significantly increase their spending on cloud computing 2015. As with any system, every time a new layer is inserted into a service stack, the ability to attack is increased. While cloud environments may suffer from common vulnerabilities such as SQL injection flaws, they may also be affected by some additional security issues such as unsafe interface APIs, common resources, data breaches, malicious users as well and misconfiguration issues.
A third point that calls attention to security issues is the fact that companies today, at regular intervals, are losing valuable intellectual property.
While many security initiatives have focused on the threats posed by cybercriminals and hacker, there is also a less obvious factor in the theft of corporate assets and that is none other than the employees.
In most cases, companies trust workers to move, exchange and report sensitive data in order to do their daily work.
However, there are also cases of employees who deliberately receive confidential information, for example, to use them in their next employer without realizing that they are at risk either themselves or the companies they work or work in, since valuable data may end up in dangerous "hands".
Therefore, the correct management of corporate, but also personal data, through security systems that are protected multiple times, prevents potential risks attacks.
Symantec Business Advice:
• Using advanced security solutions helps businesses find threats and respond more quickly to malicious incidents.
• Implementing a multi-level endpoint protection, network security, encryption, strong authentication and reputation-based technologies ensure valuable data.
• Prevention is always better, so be prepared for the worst. The proactive management of a malicious incident ensures the security framework and must enable optimization as well as measurable and verifiable results, for all the events extracted.
• Providing continuous educationand training, but also setting directions and policies for the company and procedures for protecting sensitive data on personal and company devices.
Advice to End Users:
• Use powerful passwords: The more powerful and unique a password in accounts, and on devices, the more difficult it is to be compromised. It is also important to change at regular intervals, ideally every quarter. Finally, we never use the same password in different accounts.
• Social media attention: We do not click on links and emails that we do not know and on messages from unknown sources. Fraudsters know well that most users are more likely to click on friends' links and create corresponding accounts to endanger users and send malicious links to account holder contacts.
• Τι δημοσιεύεται σε κοινή «θέα»: Κατά την installation μιας συσκευής που είναι συνδεδεμένο στο δίκτυο, π.χ. ένας router, ή τη λήψη ενός νέου app, πρέπει να επανεξετάζονται πάντα οι όροι έτσι ώστε να γνωρίζουμε που αποθηκεύονται ποια δεδομένα . Απενεργοποιούμε την απομακρυσμένη πρόσβαση όταν δεν χρειάζεται.
https://www.youtube.com/watch?v=x5R34SXnRpk
