Data loss is getting worse. Businesses and other organizations are losing their content 24/7 throughout the globe. Cyberattacks on elections, intelligence agencies and the highest government levels make the news every day. Attacks on big business – Target, Sony and more – threaten the identities of employees, customers and stakeholders. Yet, small businesses have become the easiest data bank to rob.
The Size Of The Problem
What you see in recent research is some confusion about the size of the problem, but it's bad. And, while these figures average the largest numbers, you cannot underestimate the cost to small businesses, which often don't report their problems.
As far back as 2003, David Smith, Ph.D. writing for Pepperdine’s Graziadio Business Review, said, “Although it is difficult to measure with precision the cost of lost data, and the analysis is sensitive to the assumptions that underlie its calculations, there are several reasons to believe that $18.2 billion is a conservative estimate.”
In 2014, Mashable reported, “For smaller businesses, data breaches don't only mean a potential lawsuit — they could mean bankruptcy. In fact, 72% of businesses that suffer major data loss shut down within 24 months.”
In 2016, Fortune referenced a study done for IBM stating that, “On average, the cost of a breach has risen to $4 million per incident… Last year, a similar study found the average cost per breach to be $3.79 million.”
Most of the losses are due to hardware failure, human error and software corruption. Each of these issues can be reduced by comprehensive strategies of data loss prevention (DLP). Such planning integrates firewalls, deep training and features amped up security.
DLP measures can help. But, they haven't been fully up to advances in cyber technology. Cyber thieves have the time and ingenuity to outpace security measures. Employee error – deliberate or accidental – remains responsible for a third of the data loss incidents. And, mobile access has only complicated that.
“You can have all the right technical security measures in place, like email encryption and DLP,” said Hoala Greevy, Founder CEO of Paubox. “But human error can never be totally eliminated, even with the best policies and training. That’s why you need to have both a prevention and recovery plan in place.”
How To Recover The Lost Data
Recovering the lost data is only one aspect of the necessary remediation following data loss events. Recovery is a time- and labor-intensive process with significant cost attached.
If it’s a hardware problem, your hard drive has probably failed, as they all will in time. It’s an inevitably harmful result if you don’t have some measures (like those that follow) in place:
In-house IT technicians should monitor, update and replace hardware as required.
A backup policy, practice and discipline will offer you a fallback position.
A formal disaster recovery plan needs practice and testing on a regular schedule.
The disaster recovery plan must integrate a data recovery module.
Any recovery plan needs a communications tree that includes experts on data recovery.
If it’s a small business, David Howell at Techradar.com recommends taking several steps before launching any recovery effort. They are:
Determine how valuable the data is, asking if it's worth the cost of recovery. You need to prioritize the values. Intellectual property, financial records and personnel info must be restored.
Check your existing backups. For example, if the data has been backed up on cloud-based locations, then you can spend time (but not expense) on the recovery.
Invest in software solutions to recover the lost files.
Top-rated data recovery software deals include:
Data Rescue PC4 is an award-winning data recovery software for PCs. It scans the unit in question for the type of data you lost. This software promises to work on all hard drives even if they're only partly operational or corrupted. It'll recover all material or just the records you select. Or, you can clone the primary hard drive to create a byte-by-byte replicate.
EaseUS Data Recovery Wizard Pro is available for Windows, Mac, iOS and Android platforms on a free trial. Among its features is partition recovery for restoring data accidentally deleted, damaged or in hidden partitions. Another plus is its promise to recover RAW hard drives following severe corruption from a software crash, virus attack and more.
Kroll’s Ontrack EasyRecovery is a packaged, DIY recovery software that relatively easily retrieves your missing files. It will also protect and erase. Not only will it work to recover your data, but it also protects and erases, thereby ensuring that it's an all-inclusive data software suite. They provide additional services for the most serious breaches.
Homeland Security has listed several available resources in the event of a data loss at Ready.gov. They are:
Computer Security Resource Center where the National Institute of Standard and Technology (NIST) offers readings on computer/cyber/information security and guidelines, recommendations and reference materials.
Building an Information Technology Security Awareness and Training Program is a NIST recommendation for federal agencies. But, the many small businesses that do work with federal agencies benefit from complying with such guidelines. The document urges users to base planning on an understanding budget and other resource allocation, organization size, consistency of mission and geographic dispersion, as well as mobility of the organization.
Any data loss recovery strategy must consider the integration of multiple overlaying systems. Any one system can go wrong. And, the failure of any one system can lead to the failure of other systems. But, solutions for one problem may not affect other systems.
Any strategy must consider the condition and security of the computer room with its climate, power supply and mechanics. It must support the organization’s hardware, its desktops, devices and peripherals. It must also study the connectivity on fiber, cable and wireless sources.
The problems could be with software applications, emails, resource management and other in-house systems. And, there must be an appreciation for the size of the data, its complexity and priority.
Finally, a good relationship with your vendors and service providers will help in emergencies. You should use their resources. Once you establish the size and value of the loss, contact them for support.
Any data loss is a business problem. It takes time and resources to fix. It can be as small and as easy to fix as a deleted or overwritten Word document or the result of a massive cybersecurity attack. But, the data lost exists somewhere that technology and professional advice can restore. What a business must do is plan for the problems, small or large.
2FA Architecture — The threat to privacy of modern Internet
Are we secured with multiple layers of security?
There is a huge initiative from industry leaders to double secure user account in order to regain access in case of lost password. That’s perfectly fine. It helps you recover credentials, but this study shows it opens a hole that might be one of the largest security and privacy threats. Both private users and enterprises employs services such as Google, Facebook, Twitter, LinkedIN and others and give trust to those companies to store and process our sensitive data.
However, while all the eyes are pointed to such large enterprises that are trusted, very few are considering an impact of background players who sell Two-Factor authentication security to those enterprises players.
That could make a perfect position for a lucrative business to position on the right spot, and make profit by selling targeted accounts access.
Now lets’ assume the following:
Company X is specialized in delivering PIN codes via Phone Calls or SMS.
That Company X eventually grows enough through mergers and acquisitions so it starts providing services to Google, Facebook, LinkedIN, Twitter and Banks.
Every time you decide to reset your password via your phone by SMS or Call, or even login to your banking platform, your supplier initiate API call towards company X asking them to send you the code.
The attack pattern:
Person in company X can virtually get access to any part of your digital life, including social profiles, chat’s, contacts, messages, places you visit, as well as your bank account.
Person X from the company X intentionally initiate password reset with the target victim.
Person X intercepts the message and performs Login.
This opens a whole new chapter in Internet security, as IT is getting more and more centralized. Instead of securing, this topology is vulnerable as never before. This could possibly lead to a black market of industrial espionage utilizing techniques from this study.
The graphical representation of attack scenario:
Did this scenario ever happen?
Yes. It has been confirmed. Multiple persons confirmed LinkedIN accounts being hacked. After some forensic investigation, I found the following scenario is in use, with accounts being successfully attacked:
This Email shows that someone performed a password reset using Chrome on Windows from United States.
Active login using Chrome, from Windows, country United States, and more important from the Block that has been assigned to one of the Biggest 2FA providers on the world that process Google, Facebook, Instagram, Twitter and many other services. (The block used within their office).
Traffic is not delivered in any form of encryption. Due to a fact that SMS/Voice MSU market function just like a stock market, after the code get’s submitted from Social Network for upward delivery, it’s up to their partner to chose the “least cost route”. There is no Encryption In 2FA transmission:
Methods to achieve targeted attack: By dropping the SMS/Voice call price on the global market for specific Country and the operator of the Victim, as a result of least cost routing, it’s a matter of minutes when the traffic is going to get re-routed towards the attacker platform.
In order to be able to do so, without being suspicious, it could employ very serious tricks: This is the UK numbering plan of prefixes issued by Ofcom.
How bellow market cost is achieved to “get Social Networks verifications” at anytime without even being suspicious:
- 078730 allocated by Ofcom to company X
- 078731 078732 078733 … 078739 allocated to O2
Operators worldwide will try to short-down the lists of Global Titles (similar to iptables rules), and most of them have only 07873 = O2
· Traffic accepted even there is no Roaming Agreement with X (based on O2), Invoice goes to O2 — not X.
· Even if O2 has no agreement, it’s in small operators interest to accept messages from a giant. The test by setting a number from the example pool using a voip white channel resulted in China Telecom thinks my operator is O2.
This is the one and only case of such allocation in the UK or anywhere in the world.
In conclusion: This looks like a very sophisticated scheme aiming to control whole market with the idea of being able to get access to any account at anytime.
The company might even make a loss on their business, and sell the access to any targeted account on any service to government or private sector via third parity companies to make enormous amount of profit.
“Cybersecurity” has become an increasingly vague and generalized term. The concept of cybersecurity encompasses every angle from which infiltrators and others with malicious intentions can make their mark. Fromcyber espionage and hacking electronic medical records to keylogging and trojan viruses, the term cybersecurity does not adequately capture the extent to which threats have evolved. But there is some good news: 2017 has seen new technologies prove to be effective solutions. Most important, we're seeing new philosophies which will eventually translate into technologies to combat a constantly rising threat.
Companies are Changing Course
The philosophical shift within the cybersecurity world has given way to new technologies while changing the way that industry experts operate. While the number of ways in which threats can harm you and your business are infinite, the resources to fight back are finite. That said, some groups have been given recognition for their innovative perspectives that have not been widely adopted-- at least not yet.
A new Forrester report from top cybersecurity analysts reported that companies such asSiemplify,Hexadite, andCybersponse are promoting industry shifting philosophies. They operate on this sort of premise: with an increased frequency of attacks and their intricacy, it is nearly impossible to gauge the actual threat being posed by each alert that comes through your system. You simply do not have the resources, or as mentioned earlier, the workforce, to adequately scrub through each alert coming across your desk. It takes a new kind of outlook to be able to tackle the issue at hand, and the answer is not so black and white. The only good solution is one that takes all the good from each cybersecurity defense tactic and combining it into one, or better known as orchestration.
Security orchestration, though new, is laced with nuances from many different cybersecurity defense strategies. It goes something like this: within every fixed solution is at least some truth, so why not extract bits of truth and effectiveness from all kinds of solutions and combine it into one multifaceted system of defense. One writer likened security orchestration to an actual orchestra, where it takes integral parts many instruments in order to create one sound. There is no doubt that security orchestration will be the tune in the cybersecurity world in the latter half of this year.
It’s Not a Matter of ‘If’, but ‘When’
Cybersecurity threats are more frequent and more advanced than ever. It is not a question of whether an attack is going to happen, but when it will. With that in mind, the priority is threat detection and incident response.
In short, incident response has been defined as an “organized approach to addressing and managing the aftermath of a security breach or attack (also known as an incident.)” The goal is “to handle the situation in a way that limits damage and reduces recovery time and costs.” In other words, incident response is predicated on the idea that attacks will inevitably happen. This is the harsh reality of today’s climate in cybersecurity. But, pessimism aside, you will minimize damage on the backside by not assuming that putting all your efforts into prevention will suffice.
Complete and Total Desperation in the Workforce
Unfortunately, an increase in the number of attacks is being compounded by a shortage in the cybersecurity workforce. Indeed, the industry isprojected to be understaffed by nearly two million employees within the next five years. Considering the increase of threat sophistication and frequency, this spells a real danger for IT departments worldwide. Moreover, it gives those with malicious intentions that much more confidence going forward.
In fact, the problem is considered so severe that, in 2013, the U.S. Department of Homeland Security created a special body to promote cyber security work: the National Initiative for Cybersecurity Careers and Studies (NICCS.) The DHS also put forward a seven-step framework as a kind of blueprint for cybersecurity analysts to “categorize, organize, and describe cybersecurity work into Specialty Areas, tasks, and Knowledge, Skills, and Abilities (KSAs).” All that considered, it is no wonder that, in 2014, theaverage annual income of cybersecurity specialists was up to $91,600. And organizations and educational institutions aresaid to be actively “involved in providing training, certifications and full undergraduate and graduate degree programs to individuals interested in the field of cybersecurity.”
Overall, cybersecurity companies have taken today’s grim realities into account, and have responded accordingly. The truth of the matter is that the cybersecurity workforce is understaffed while the threat frequency is multiplying at an unprecedented rate. Out of sheer necessity, companies are developing new technologies at a rapid pace. While we are nearly halfway finished with 2017, we have already seen a drastic overhaul in the general perception regarding cybersecurity’s importance. Only time will tell what the second half of the year has in store.
IBM wants to increase the value of your existing products by bringing you more content through the Integrated Service Management Library. Take a moment to help us understand what kind of content would be most useful to you by answering this very brief survey.
IBM wants to increase the value of your existing products by bringing you more content through the Integrated Service Management Library. Please take a moment to help us understand what kind of content would be most useful to you by answering this very brief survey.
In Q4 2012, IBM Security completely
revamped the Identity and Access Management portfolio to address today’s
advanced security threats. Familiar products such as Tivoli Identity Manager
and Tivoli Access Manager for e-business have new IBM Security names and
exciting new capabilities. Plus we’ve announced brand new solutions for
privileged identity management and better access security for online
environments. On this webcast, you’ll hear the IBM product managers themselves
answer your questions about the broadest set of IBM IAM product updates in
years.Don’t miss it!
Ravi manages the IBM identity, access
and mainframe security portfolio strategy and product management based in
Austin, Texas.He has over 15 years of
experience in product management, market strategy, and development in software
and services industries.Ravi meets and
consults with senior management, lines of business owners and IT operations
management around the world on their key security, risk, and compliance
Robin Cohan is Product Manager for IBM
Security's Identity Management portfolio.Robin has been an IBM product manager for over 7 years, previously in
the Tivoli Netcool product group. Robin has extensive product management and
industry experience, having served in many product management related roles for
over 20 years across the systems and software industry.
Archit is a Product Manager with deep
expertise in enterprise product management, pre-sales consulting, product
development and marketing.As an early
member of an Information Security startup acquired by the IBM, he has worked
across Asia Pacific, Europe and North America and possesses an insight into the
process of navigating through the opportunities and challenges faced by a
The Official Tivoli User Community is the largest online and offline
organization of Tivoli professionals in the world – home to over 160 local User
Communities and dozens of virtual/global groups from 29 countries – with more
than 26,000 members. The TUC community offers Users blogs and forums for
discussion and collaboration, access to the latest whitepapers, webcasts,
presentations and research for Users, by Users and the latest information on
Tivoli products. The Tivoli User Community offers the opportunity to
learn and collaborate on the latest topics and issues that matter most.
Membership is complimentary. Join NOW!
There was a time,
when logging in to your bank account was a simple matter of entering a user ID,
entering a password, and accessing your account.
cash from an ATM, just entailed inserting your card, entering your PIN code,
and grabbing the cash.
Not any more.
When you access your
bank’s web page, something horrible, called ‘malware’, sits on your PC,
remembering every character you type, and sending them all to its sociopathic
owner, so that he can later rob you. When you visit your ATM, a hidden camera
records the PIN code that you type, while another device reads the magnetic
stripe on your card. Of course, the sociopath receiving all of this
information, will also rob you later. A third sociopath has installed a network
snooper on the line from the ATM, so he will pick up your PIN and user ID, and
rob you of anything the first two missed.
Spy cameras, malware,
network snoopers and keyloggers all conspire to get your money, and passwords,
PIN codes and biometrics are helpless to stop them.
What would be really
good, would be some kind of telepathic password, which you could communicate to
your bank, each time you needed to access your account online, and it would be
really handy, if your mind could also transmit this password to the ATM.
obviously not going to happen so, how about a compromise, where you transmit to
your bank, information about your telepathic password, which only your bank
Yes, but the camera,
and the malware, would record what you typed, and use it to get into your
account. Okay, then, how about, if what you typed only worked once. Then, using
the same keystrokes a second time would be useless. That would work, but how
does the bank know that, what you typed the second time, represented the same
telepathic password? Also, you certainly wouldn’t want to contact your bank
every day, to get a new method of transmitting your telepathic password.
How about this, then?
Each time you want to access your account, a popup shows you an alphabet, with
a number under each letter, and you type the numbers, instead of the letters?
obviously bad because the camera would pick up the numbers but, what if the
numbers were all scrambled? That’s better, but the camera would still get you,
and the malware would still send them back to the sociopath who, after a few
months, would be able to guess your password, from the patterns of the numbers.
What about, if there
were only two numbers and, what if there were two alphabets, in upper and lower
case? Then your telepathic password would be represented by a selection from 52
letters, each letter identified by one of two random digits. If the pattern of
the digits changed randomly, with each access, then your telepathic password of
“gobbledeygook” would be “1000110011001” the first time but, the second time,
it would be “1110010001101”.
Now we’re getting
somewhere. The camera sees you entering a pattern of 1’s and 0’s, each of which
could correspond to any one of 20 or 30 letters, the network snooper sees the
numbers, but not the letters, and the malware sees both, but doesn’t know what
they mean. Luckily, you took maths in college, and spend a lot of time in the
casino, so you know how to calculate odds, and you can see they’re now in your
favour, but you still want them to be better, because you work with classified
documents, and really need to have tight security. What if you had two
passwords, and added them together? What if you added or subtracted ‘1’ from
every other letter What if...? You’re tempted to call this ‘Uncrackable
Aha! I hear you cry.
How do I get my telepathic password, in the first place? The malware is
watching my browser and my email, and will pick up the keystrokes when I type
it into any form I fill in. How am I going to enter my password? Well, it might
ne good, if I had a set of alphabets but, this time, the letters were pictures
of letters, and they, themselves, were scrambled, and referenced by a set of
numbers. Then, the malware would pick up the mouse strokes, but would only know
that they corresponded to a selection of pictures, with random names. Let’s be
realistic, however. If there’s a spy camera, watching you do this, it will pick
up what you enter. On the bright side, you’ll be doing this at home, probably
only once a year, or so, with only the malware to contend with – unless you’ve
fallen foul of the CIA, or your wife has her suspicions about you...
One day, quite by chance, you stumble upon a site
at www.designsim.com.aurecommended by your friend at the FBI (he got
it from some guy in military intelligence), and you say to yourself, Hey, they
stole my idea”, but you look at it anyway
IBM Tivoli Access
Manager for e-business is a single sign-on (SSO) solution that authorizes and
authenticates user access to Web and other hosted applications.
Tivoli Access Manager’s software is a highly scalable user
authentication, authorization and Web SSO solution for enforcing security
policies over a wide range of Web and application resources. It centralizes
user access management for online portal and business initiatives.
About an hour ago we launched the new developerWorks security site.
I'm excited to have this corner of developerWorks to pull together all
of the existing security articles on dW in one place. But more
importantly we're looking forward to producing a steady stream of how-to
articles and videos on producing secure code and securing your IT
operations at the new developerWorks security site.
developerWorks security site has two key parts to its "Practices" area.
The first section is devoted to secure software engineering and all of
the practices needed throughout your software development process to
ensure you produce secure code. The second section of the site is
devoted to secure IT operations. Obviously this is a huge are all by
itself, so we've decided to break it down into the following practice
Identity and Access Management: The
practice of verifying people's identity and giving access to the right
resources for the right purposes at the right time.
Application Security: The
practices used throughout the life cycle of an application to prevent,
detect, and eliminate vulnerabilities introduced in design, development,
deployment, or maintenance of an application.
Data Protection: The
practices used to protect information from unauthorized use,
disclosure, modification, or destruction using cryptography, redaction,
Endpoint Security: The
practices used to enable each device in an IT environment to protect
itself from malicious activity either from external sources or from
within the device. We'll be covering everything from mainframe host
systems to smartphones as IT endpoints.
Network Security: The
practices used to prevent and monitor unauthorized access to a network
and to prevent disruption to access of network resources. In this
section we'll be covering real networks as well as virtualized
environments and cloud computing.
The Internet is changing the face of product support. It is an
undeniable fact that the manner in which we attempt to resolve problems,
be they complex software applications or finding the closest Italian
restaurant, is entirely different than 10, 5, or even 2 years ago. In
all facets of our daily lives, how we search for answers to even the
simplest of problems have been forever changed through online technology
and capabilities. The Internet permeates all aspects of our lives; how
many readers of this blog post do not understand the phrase "Just Google
it"? Nowhere is this more apparent than the emerging use of social
media in the business environment. Over the past few years, social
venues like Facebook, Twitter, YouTube, and others have transformed from
purely social offerings to bona fide business tools. For additional
insight into IBM's approach and use of social business in the
enterprise, I highly recommend following Sandy Carter, the IBM Vice President of Social Business. Sandy is an acclaimed author, expert, and evangelist in this business context.
one might argue social business is still maturing and that the social
media landscape is still quite dynamic and reminiscent of the Old West
(anyone still have a MySpace account?). the commitment to social
business has seen tremendous growth in the halls of IBM Software
Support. This acknowledgement of the import of social business is in no
small part due to the explosion and popularity of these mediums as a
viable means to resolve issues through a collection(s) of peer users.
Community based, or to use the cool kid's lingo, crowdsourcing, allows
you to move far beyond traditional support models. Prefer a concise and
direct notification system? There is a Tivoli Support Twitter page. Want to engage in a dialogue with your peers? Check out the just released IBM Tivoli Support Facebook page. If you want to do more than just "like" the FB page, join the Tivoli Support Facebook group. Are you a visual learner? The IBM Electronic Support Channel on YouTube have generated over 50,000 views! There are hundreds of online instructional videos also available at the IBM Education Assistant site. Two of the most prominent IBM online offerings dedicated to problem resolution are the Support Portal and Service Requests
systems. The Support Portal is the gateway into resolving your product
issues. You can configure the portal and add any and all IBM Software
products your organization utilizes. From the portal, you can search our
extensive knowledge base, download product documentation, review
deployment and configuration best practices, and obtain product updates
and maintenance. Service Requests (SR) is the system where you can
easily create new PMRs, view existing tickets. Two years ago, less than
20% of all new PMRs were created through the use of the SR system.
Today, almost 50% of all PMRs originate electronically from the SR
system.. I could go on and on about our IBM eSupport initiatives and
will continue to focus and highlight online tooling in future posts. For
now, I hope you take the time to review some of these tools and
systems. I'm confident you will realize immediate value from these
offerings. I welcome all comments on any aspect of Tivoli product
support delivery. What works for you, and just as importantly, what's
not working or what's totally missing. Our constant and driving
objective is to continually improve the consistency and caliber of
support we provide and your feedback in these forums is crucial to these
One of the many business benefits of honing your skills at this conference is the enhanced return on investment in Tivoli & Security products. Whether you learn best by listening, watching or by doing, we have it covered with our expert presentations, demos and hands on labs.
Take this opportunity to attend the only IBM Tivoli & Security Technical conference in Europe this year, but be quick, as places are limited and early booking is highly recommended! Book before July 31st and receive a 10% discount and 2 free certification exams worth $400! Tivoli solutions are at the heart of IBM’s Smarter Planet initiative. In addition to our deep technical sessions we will focus on some actual projects, and related technologies. We are excited to demonstrate our best practices based on comprehensive Tivoli implementation projects. Whether your role in managing a dynamic infrastructure is executive leadership, security, operations, storage, production, delivery, facilities or communications service, the most valuable opportunity to gain the necessary service management skills is at the EMEA Tivoli & Security Technical Conference. This year, the event offers:
“How to” technical classes taught by product experts Hands-on demos, labs and workshops Certification testing Panel discussion about challenges, best practices and lessons learned The latest solutions and demos from IBM partners
The FDA’s Office of Science and Engineering Laboratories referenced work in its FY 2011 report to collect requirements for medical data flight recorders in medical devices. Isn’t there a large mature industry in event management that can be applied to this? [Read this post.]
In the aftermath of the LinkedIn password hack, much of the discussion has focused on secondary security issues like password hash algorithms and salting. But the root cause security issue and how to mitigate its risk are being overlooked. http://goo.gl/fi57K
The CloudFlare hack is interesting not because of the damage that was done, but because of the multiple authentication system failures that were exploited to make it happen. It also sheds some light on the Achilles’ Heel of web-based services, the password reset procedure. http://www.itsecurityzone.com/cloudflare-hack/
Gawker is reporting the Mitt Romney Email Hack story. Once again a public email service is embarrassed by a gaping hole in its security which is widely known and easily fixed. What you can do to protect yourself and simple low cost alternative’s to the so-called “security questions.”
The Facebook IPO stumble has rekindled the usual hand-wringing about Facebook’s long term viability in light of the many failed social networking services in the past. But Facebook’s role as an identity service provider using the OAuth standard give it hope of overcoming the Facebook IPO stumble and staying in business when the Next Big Thing comes along and steals away the end users’ attention from their Facebook news feed.