Dark Web, How Does it Impact Small Businesses?

Dark Web is a term that has surfaced in recent years in connection to cybercrime and cyber security.  Identity theft is an unfortunate occurrence that is all too familiar with most business owners, but do those individuals know where the compromised data will end up? Often, these business owners are unaware of the virtual marketplace where stolen data is purchased and sold by cybercriminals; a place known as the Dark Web.  An article on Lexology explores what the Dark Web is, what information is available for purchase there and how it impacts small businesses.

What is the Dark Web?

The Dark Web, which is not accessible through traditional search engines is often associated with a place used for illegal criminal activity. While cybercriminals tend to use the Dark Web as a place to buy and sell stolen information, there are also sites within it that do not engage in criminal activity. For many, the most appealing aspect of the Dark Web is its anonymity.

What is for sale on the Dark Web?

Information sold on the Dark Web varies, and includes items such as stolen credit cards, stolen account information from financial institutions, forged real-estate documents, stolen credentials and compromised medical records. Even more alarming, the Dark Web contains subcategories allowing a criminal to search for a specific brand of credit card as well a specific location associated with that card. Not only can these criminals find individual stolen items on the Dark Web, but in some cases, entire “wallets” of compromised information are available for purchase, containing items such as a driver’s license, social security number, birth certificate and credit card information.

What is stolen personal information used for?

When stolen information is obtained by criminals, it can be used for countless activities like securing credit, mortgages, loans and tax refunds. It is also possible that a criminal could create a “synthetic identity” using stolen information and combining it with fictitious information, thus creating a new, difficult to discover identity.

Why are stolen credentials so valuable? 

Stolen user names and passwords are becoming increasing popular among cybercriminals, but why? Identity thieves will often hire “account checkers” who take stolen credentials and attempt to break into various accounts across the web using those user names and passwords. The idea here is that many individuals have poor password practices and are using the same user name and password across various accounts, including business account such as banking and eCommerce. If the “account checker” is successful, the identity thief suddenly has access to multiple accounts, in some cases allowing them the opportunity to open additional accounts across financial and business-horizons. 

Why should small businesses be concerned about the Dark Web?

Since the Dark Web is a marketplace for stolen data, most personal information stolen from small businesses will end up there, creating major cause for concern. With the media so often publicizing large- scale corporate data breaches, small businesses often think they are not a target for cybercriminals, however that is not the case. Cybercriminals are far less concerned about the size of a business than they are with how vulnerable their target is. Small businesses often lack resources to effectively mitigate the risks of a cyberattack, making them a prime target for identity theft as well as other cybercrime.

At a recent Federal Trade Commission (FTC) conference, privacy specialists noted that information available for purchase on the Dark Web was up to twenty times more likely to come from a company who suffered a data breach that was not reported to the media. The FTC also announced at the conference that the majority of breaches investigated by the U.S. Secret Service involved small businesses rather than large corporations.

How can you reduce the risk for your small business?

To reduce the risks of a cybercriminal gaining access to your company’s information/network, you must ensure you have proper security measures in place. The FTC has a webpage that can assist with security options for businesses of any size.  In addition, it is crucial that your employees are properly trained on security, including appropriate password practices. There is also talk of a government-led cyberthreat sharing program which would help enhance security across all industries by sharing cyberthreat data.

 

Security consultant watching downtown area.

Why You Need a Security Consultant

There is a growing concern within the IT security industry. According to Forbes, IT Security Industry To Expand Tenfold, “This $60 billion industry researches, develops, and sells firewalls, anti-malware, authentication, encryption, and 80 other categories of products. With each advance in the threat level represented by hackers, cyber criminals, and cyber spies there has been a new batch of vendors which come on the scene to counter threats that bypass previous technologies and spending has increased.” The article goes into further depth about how little attention and investment has gone towards an organization’s security. Security budgets are projected to double in order to make up for the underdevelopment of security measures. This new wave of precautions will shape the way IT security is measured and mapped out. Don’t let your company be exploited – instead, take advantage of the fastest growing industry by investing in an IT security consultant.

Security Consultant Moves You Forward

Make the right move forward with a security consultant. Your IT security consultant will be able to determine the most effective way to protect your company’s networks, software, data, and information systems against potential threats. They will take the much needed precautions in interviewing staff and heads of each department to determine their specific security and authentication protocols. They can prepare cost estimates and identify integrated issues for your project managers, and will also plan, research, and design robust security architectures for any IT project.

Cognoscape Puts You First with Our Security Consultants

The more responsibility you give your IT security consultants, the better they can respond to security-related incidents and provide a successful and thorough event analysis. This is the time to make the right strategic investments in IT security consultants. If you are looking for a better way to protect your company’s technology, contact us today!

Hacker is infiltrating a business’s network system from a remote location

Brief History of Information Technology Security

People are fiercely driven by ‘what is going to happen’ rather than ‘what has happened’. Due to the growing concern of intellectual property vulnerability, people have begun to investigate further into the past. By understanding the history of technology security you might be able to safeguard against potential threats. Information technology security protects sensitive assets and property through the use of technology processes and training. High concerns that stem directly from information security are protection of confidentiality, integrity, and availability.

“The more you know about the past, the better prepared you are for the future.” -Theodore Roosevelt

The Early Years

Despite the efforts of the “CIA Triad” (or more commonly known as the Parkerian Hexad) on confidentiality/control, information integrity, authenticity, availability, and utility, they were not able to guard against all threats. Early mainframes used by the military were connected to phone lines called ARPANET (precedent to today’s internet), which allowed integration of information between government data centers. A special ARPA squadron began to determine additional steps for better security by studying the unsecure points between the data centers and the public. Their studies jump started the first few precautions focused on mainframe operating systems. MIT, Bell Labs, and General Electric were the first pioneers to build multiple security levels and passwords into their mainframes.

The Boom of Hacking

Computer system hacking began in 1970’s with the boom of emerging telecommunication technology. Ready to ‘stick it to the man’, a group of hackers found a way to infiltrate the telephone and computer networks in order to make free long distance calls. Also known as “phreakers”, these groups were pioneers for organized crime against unsecured networks. After Ian Murphy’s crime of stealing information from military computers in 1986, the Computer Fraud and Abuse Act was created. The Emergency Response Team was created to alert computer users of network security issues after Robert Morris unleashed the Morris Worm to thousands of defenseless computers.

The Growing Concern

Although public use of the Internet is barely 20 years old, malicious Internet activity has turned into a major criminal enterprise for over a decade. Businesses are now under attack by big threats that can leave them defenseless and exposed. Growing concern for the safety of personal/business information comes from the accelerated worldwide use of electronic data and the heavy amount of business conducted over the internet. With this expedited advancement and expansion, more and more people are putting their personal information online, making them vulnerable for an attack. In 2010, a group of the nation’s top scientists concluded in a report to the Pentagon that “the cyber-universe is complex well beyond anyone’s understanding and exhibits behavior that no one predicted, and sometimes can’t even be explained well.”

We recognize that monitoring technology activities are important to continue to protect the safety and security of your business. If you have any questions or concerns about your technology contact Cognoscape today.  

Facts About Cyber Security

Cybercrime is big business. Cybercrime costs the global economy an estimated $575 billion; $100 billion of which comes from the US. The Unites States is the #1 country for cybercrime, and every person and business is a target. We are exploring the world of cybercrime and providing you with resources to protect your business.

 

  • They aren’t computer nerds; they are the country’s most wanted criminals

If you think hackers are computer nerds in their mothers’ basements, this illusion puts you at risk. Just like any other crime, there are smalltime offenders and largescale operations. The FBI’s #1 wanted man has managed to gain access to millions of computers with a ransomware attack that captured banking information and robbed Americans of more than $100 million.

 

  • Most computers are vulnerable

Ninety-nine percent of computers are equipped with some of the most vulnerable software. If Adobe or Java sound familiar to you, you are at-risk. These programs are especially susceptible to exploit kits. Cognoscape identifies these susceptible programs, recommends patches, and scans for threats minute to minute. Cognoscape will also ensure the computer system and software are up-to-date.

The most expensive attack ever cost $38.5 million. Do you remember the MyDoom worm from 2004? MyDoom originated in Russia and was sent to millions of users via a junk email disguised as a legitimate message. Once users clicked on the link, the worm invaded. The worm’s main goals were to provide backdoor access to the systems to permit remote control, and it would do a direct denial of service.

These types of attacks are dangerous because they access personal information and take over control in the system. Cognoscape’s security risk audit considers the threat of such attacks and looks for current hot spots and security gaps to prevent an intrusion. Cognoscape provides strategies for continued defense and constant monitoring to identify and prevent attacks on the systems.

 

  • The more you ‘like’ and ‘share,’ the more you attract criminals

Social media is a hotbed for criminal activity. Think about it; people share everything about themselves, they click on links, watch videos, tag their friends in any post that looks attractive, and invite friends to like pages to earn incentives. Fake ‘like’ buttons cause users to download malware, links to reputable sites are hijacked with links to malicious sites and downloads, criminals phish for sensitive information, and social spam exposes thousands of users to dangerous content.

Cognoscape’s security risk audit looks at the social media practices within the organization as well as monitors social media activity to protect the business from intrusive programs that may not be identified by the user. Cognoscape makes recommendations for monitoring and social media best practices, and protects the business’s links to insulate the company from social media criminals.

 

  • People on the inside want to get you

Companies are staffed by people, and people are the ones who make the errors, are tricked into providing sensitive information, and who have malicious intentions. It is estimated that 59% of fired employees or employees who quit take company data with them when they leave.

A Cognoscape audit looks at the company’s current password strategies and management, backup and recovery solutions, file sharing practices, and permissions to protect businesses from disgruntled employees.

 

  • You won’t get your money back

Sadly, cybercrime is the most expensive crime, and it is a near-perfect crime. It is hard to detect the offenders, and all businesses and users are targets. The average time to detect a threat is nearly 6 months and the average cost in the US is $12.7 million a year. Sixty-eight percent of cybercrime costs are unrecoverable. The best thing for businesses to do is to see where their vulnerabilities lie, how they can prevent and protect, and how they can establish a system of constant monitoring. A security risk assessment does that and much more. Businesses that spend the money now to assess and protect their systems save thousands—or millions—in the future.

10 Tips To Keep Your Data Safe From a Phishing Attack

Any IT consultant will tell you, hackers keep finding new ways to steal our personal information. As technology becomes more advanced, these criminals have to find better ways to trick unsuspecting computer users into getting their passwords and other confidential information. “Phishing” has become an epidemic and it usually takes places in the form of pop-ups, spam, fraudulent emails and contacts through social media. Don’t become a victim of this scheme and read our 10 tips to keep your data safe from a phishing attack.

 

1. Recognize Suspicious Emails
Phishing emails have some specific characteristics that you need to look for. The reason they are so successful is because they present the email with a duplicate picture of the real company and give the name of a real employee. These emails generally promote free gifts or report that your existing account has been lost. If you’re unsure, call the business and ask if they really sent you the email.

2. Always Check the Source of the Email
Be leery of emails that come from unrecognized senders or are not personalized. Phishing emails will use scare tactics telling you to act quickly or something terrible will happen with an account. They will ask urgently for confirmation of financial or personal information over the Internet. Don’t ever give this type of information online. A real bank or financial institution will never ask for your password via email.

3. Be Alert on All Sites
Phishing is not limited to banking sites. Scams to steal your data can appear on PayPal, eBay, Facebook and more.

4. Beef Up Security
Invest in good antivirus software for your computer. Consider a firewall, anti-spyware and spam filters. Make sure you have the most recent version updated on your browsers and OS.

5. Check Accounts Regularly
Make it a habit to check your online bank accounts and credit card statements on a regular basis. This way you can pick up on any irregularities as soon as possible.

6. Beware of Links in Emails
Never click on links to your bank included in an email. It could be linked to a fake site. This also goes for attachments or download files you weren’t expecting.

7. Be Cautious of Pop-Ups
Never enter any personal data in a pop-up or click on links within them. If you get a pop-up asking for information on a site that you thought was a real business, get away from it immediately because legitimate businesses will never ask for anything that way.

8. Avoid Emailing Personal Info
Don’t ever send emails with personal information in them, even to recipients you are close with. Your account or theirs could get hacked into or compromised by a phishing attack.

9. Look for Secure Web Sites
Check for signs of secure sites when making online transactions. Some clues that the site is safe are a lock icon on the browser’s status bar or “https” vs “http”. The “s” stands for “secure

10. Phishing in Any Language
Be aware that phishing can get to you in any language, so if you’re suddenly receiving statements in a foreign tongue, something is wrong. Quite often they are poorly written with bad grammar or if the criminal is from another country, they do not translate well.

On top of these helpful tips, having Cognoscape as your trusted IT consultant will help prevent you from becoming a victim to technology. Contact us today if you have any questions regarding your technology’s security or if you simply have a technology topic you’d like us to discuss.