Archive for June 2011
They will spend all the people who use the Internet and at least sometimes related to information valuable enough to be stolen, even, it means just everybody.
“Industry experts suggest that this type of program [i.e. spyware in general] can be at up to 90 percent of all computers connected to the internet” – that’s the exact quote. Given the number of computers scanned during this survey (which lasted for one full year 2004), there is nothing left but to come to the conclusion – it must be true to the facts.
Despite the fact that one of the authors Spy Audit is an anti-spyware vendors, there is no doubt that the results can be trusted – no system scans more than 4.6 million made in 2004. It seems that the survey results might like bolts from the blue even for specialists, not to mention the general public.
16.48% of all scanned consumer PCs in 2004 has a monitor installed system. This means that 16.48% of users are clearly under control (that monitors them – that’s another question). 16.69% have a Trojan horse programs, and this is a disturbing sign, too – this is often a Trojan key logging module inside. “Information-stealing Trojan” in the description most often means “containing a Trojan key logger”. Both figures give us 33.17% of PCs contaminated with some programs with the ability to steal information. Even if not all Trojans that steal information-which, sad situation anyway.
Phish schools and swarms of Trojan Horses
“Traditional” phishing and spoofing (sending an email to connect to a fake Web site and the bank waiting for customers without realizing it) which, unfortunately, not a new phenomenon. This is the fraud of modern two-stage covering contaminate the victim machine with a key logger program that contains a Trojan that spreads like wildfire now.
This scheme is without doubt much more dangerous, in this case the victim does not need to follow the link in the email. Trojan horse hiding in the background until the victim of a particular title or type a URL into his browser. Once the user visits one of a number of banking Web sites malicious code is triggered into action, capturing passwords and taking screenshots. Then the information is sent to remote hackers who can use it to break into bank accounts and steal money.
There were several outbreaks in activities such as information-stealing Trojans that targeted bank customers in 2004. Actually, the fraud was first used in Brazil – where the famous Trojan called Troy / Banker-AJ appears, Sophos security experts note that the company had warned earlier in 2004 about the criminals who use similar techniques to get into Brazilian online bank accounts.
There seems to be a shared sense of confidence by small and mid-sized businesses that their organization won’t ever face a critical security breach. If I had a dime for every SMB owner or decision maker who dismissed potential security threats, I’d be able to buy a yacht. The truth is there’s no safe haven when it comes to security, and no organization is safe; not the largest retailers, the smallest mom and pop distributors, or any size organization in between.
Verizon Business performed a study in 2010 of the amount and severity of data breaches and found alarming statistics. The Data Breach Report showed that there were 760 intrusions in 2010, compared to just 141 in 2009 (Baker, et al., 2010). Ironically, the amount of data affected or otherwise compromised was lower than in previous years, but at the end of the day, what impact would just one security incident have on your business? It could be something relatively minor such as some hooligan desecrating your website, or it could be a serious incursion into your sales records, customer payment information, and/or intellectual property. What would that type of breach cost your business? Only you know the answer to that.
In general, network security can be categorized as either physical or virtual. One of the best security documents I have ever seen was written by Richard Kissel for the National Institute of Standards and Technology, a division of the US Department of Commerce. In it, Kissel described essential considerations for every small and mid-sized business regardless of industry or specialization. According to Kissel, the main areas to note are “‘absolutely necessary’ steps to take, highly recommended practices to avoid problems before they happen, and other optional planning contingencies in case of an issue.” (Kissel, 2009) Most of these three sections are further divided into the two distinctions previously mentioned, physical and virtual.
Physical security is fairly straightforward to address. Essentially, it encompasses the mitigation of any direct attempt to access facilities and/or assets by a person or group. Measures to consider include the obvious locked doors, security cameras, security guards, etc., but potential areas of compromise also include some that are not so obvious. Not making sure that non-employee personnel are on the up-and-up can be a huge oversight. Maybe someone on the cleaning crew has light fingers, or enough technical know-how to penetrate your network. This is the perfect application for an IP camera. There are some all-purpose units like the APC NetBotz product line that combines environmental and intrusion monitoring with IP cameras to collect data for a defined period of time. Email alerts are available for staff or other designees who can then act on the information provided.
Managed IT Services offered by various service providers to manage various aspects of your Information Technology. An offer a truly comprehensive service will allow you to focus on issues more important and urgent business without having to worry about the technological aspects of running a successful company. Thus, many organizations have found that renting a Managed Service Provider (MSP) is the most effective and least expensive way to meet often varies their IT needs and requirements. Most companies will experience faster response times, better performing and networking issues are less important in their technical infrastructure. These are just some of the benefits of using a reputable company to support you in DC, Maryland or Virginia business.
If you choose a leading Managed Service Provider, they will also have optimized the process and are able to exploit economies of scale to reduce your current spending on IT support. In addition, some will be able to provide you with IT predictable results for predictable monthly costs, allowing you to more easily determine the IT budget and expenditures. For most small businesses, able to accurately determine and predict IT costs as a percentage of income you can provide tremendous benefits compared to your IT procurement services on an ad-hoc or as needed basis. This predictability in the cost of your IT support can also allow you to more effectively prioritize work related projects that need to be resolved.
By choosing a leading IT Managed Services company, you can also reduce other costs in your organization. For example, many companies decide to outsource the maintenance, support and update their technical environment into a leading MSP only because of huge cost savings realized from not having to hire IT people or to build an IT department. In addition to their salaries, the cost of other obvious factors such as recruitment and training costs need to be considered. Even if companies are lucky to find the ideal IT people, very few are willing or able to pay for the tools are very expensive and enterprise level applications that some of Managed Service Providers deploy to support their clients.
In addition, most of MSP is capable not only more quickly respond to technical assistance requests, they are capable of supporting infrastructure is far more varied and complex. In addition, they are more suitable for scale up or down as IT needs and changing demands of your company because they have a bench deeper and broader technical talent and resources. Because they support the needs of an organization consisting of various industry, size, scope and complexity, they are often more qualified to determine what will work and what will not work, when it comes to supporting your end-users, infrastructure and business.
