Endpoint
12/5/2012
03:07 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Don't Bring Cybercrime Home For The Holidays

Here are a few strategies for keeping the cyber-grinches out

PORTLAND, Ore., Dec. 5, 2012 /PRNewswire/ -- Cybercrime is on the rise, the holidays being no exception. In fact, this holiday season may prove to be the biggest ever for cybertheft. Hackers observe no holidays, instead using them as yet another theme to entice and trick computer users into letting them into their networks. Compounding this, many retailers and other businesses conduct more transactions and process more credit cards during the holidays than at any other time of the year, which makes breaking into any company's networks all that more lucrative and enticing, regardless of size.

Here are a few strategies for keeping the cyber-grinches out:

Know what is happening on your network. With good security monitoring architecture in place, if a network incident occurs, you would be able to go back and trace when and how the breach happened and detect if any sensitive data was stolen. Network recording devices, such as full packet capture appliances, quickly establish the facts and timeline of any incidents and provide the forensic evidence necessary to pursue prosecution.

Beware of holiday e-cards, even if received from a trusted sender. Unbeknownst to the sender, holiday-themed screensavers, e-cards and other free digital content from the Internet may contain malicious spyware, malware and trojans. Downloading these digital "freebies" onto your office computers can open your network up to intrusion and exploitation by cybercriminals – who have no intent of spreading holiday cheer.

Encourage employees to keep their holiday internet shopping activities at home. Seemingly benign and legitimate retail sites may be fronts for disseminating malware, compromising both computers and networks. Hackers are fully aware that even a short-lived exploit on a busy website can bring high exposure. Hackers even go so far as to hide their malicious payloads in paid-for advertisements. Remember: a firewall cannot keep malicious programs out if an insider invites them in.

Review what your business liability insurance covers and what to expect from lapses in PCI and other regulatory compliance. Standard business insurance does not cover the costs and liabilities resulting from data theft and a breach of your credit card processing system can result in suspension of your merchant account.

The reality is that business losses from cybercrime overtook losses due to physical theft for the first time in 2010. 2012 stands as no exception, with a growing list of breach victims in all industries. Cybercrime is on an upward trend and the question now is not whether an intrusion will happen, but when you will need to respond to a cyber-event. Businesses cannot afford to put cybersecurity off until the new year.

IPCopper wishes you a happy and safe holiday season!

About IPCopper: IPCopper, Inc. manufactures off-the-shelf and custom solutions for network forensics, security monitoring and encrypted data storage. Its line of standalone packet capture appliances leads the market in performance, capacity and price. Headquartered in Portland, Oregon, IPCopper, Inc. designs and manufactures its products in the USA.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7298
Published: 2014-10-24
adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality.

CVE-2014-8346
Published: 2014-10-24
The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic.

CVE-2014-0619
Published: 2014-10-23
Untrusted search path vulnerability in Hamster Free ZIP Archiver 2.0.1.7 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the current working directory.

CVE-2014-2230
Published: 2014-10-23
Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php.

CVE-2014-7281
Published: 2014-10-23
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.