Mar 03

How Does NSA Almost Kill the Internet? (2)

The Silicon Valley is shaking, just like collated damage in the anti-terrorism war. But the things will get worse.

Technology companies don’t know the Prism project until June, they just know there’s a project with several-year history, namely for the national security, providing specific data and information to the government in the case of the absence of an official document. The legal justification of this project comes from a series of legal provisions and expanded addition. The “Foreign Intelligence Security Act” in 1978, referred to as FISA, created a secret court so as to obtain the requested information. Amendment of FISA in 2008 amendments a new part of the law, namely section 702. This amendment gives President Bush the monitoring plan that can be launched completely secretly without written permission. NSA cited the FISA admendment as specific legal basis of prism project. (Except Prism) more secretive surveillance operations are all based on the Executive Order 12333 of Reagan era, this order authorize NSA to collect the various information and data of foreigners who should be focused on.

Some companies seem to thinks that it’s properly to collect customers’ information to the NSA. Verizon has never refused to provide its tens of millions of users’ critical billing information, telephone numbers, call duration and other information for NSA. Because the telecom companies don’t need to promote itself to customers based on trust, customers rarely expect to get something from the monopoly. On catering to consumers and the government, telecom companies seem to give priority to their government regulators.

Compared to telecommunications companies, technology companies are in another situation. Technology Companies’ CEOs have been repeatedly claimed that without customers’ trust, they have no business. They rely on users’ willingness to share information. On the contrary, these users can get better services, while at the same time the customers expect technology companies will ensure their personal information security and safety. Users have no reason to think that their information can be given to the government without the written permission.

At least one company challenged the unconstitutional information request. Yahoo launched a secret battle on FIFA court to resist handing over users’ information. But the fight failed. In August 22, 2008, the court decided to support government means for national security and give procedural safeguards, achieving consistency with the law in some form and exclude user privacy concerns, therewith Yahoo has no place to appeal.

These queries may have violated a number of large technology companies, but it’s not enough to pose a challenge on its business. They weren’t forced to make obvious modification on infrastructure in order to deal with data query. Usually, they passed the data and information to government-owned special equipment.

For some small companies, compliance is not always easy. For example, Lavabit mailbox is a safe start-up company, which allows users including Snowden to encrypt e-mail messages, the government had asked them to hand over the important information that’s involved in Snowden event to government. Lavabit cannot do this, because if it obedient, all the users’ information will be fully exposed to the government which will lead the company closed.

Twitter’s legal counsel Vijaya Gadde said:”The government can request information, but they cannot force you to give information. You can make things easier or simpler.” Google also said that when a request is “very broad”, Google will push it back. These small things indicate a subtle resistance to government inquiries. FISA requires the government to compensate the enterprises that have been retrieved information. Google said they did not want to bother the government to ask for money. But one company said that it used this clause, in the hope of limiting the extent of government requests. The company’s executives said: “Initially, we thought we should not do this for money, but we recognize that this is a good thing, it could force the government to stop and think about it.”

But finally, the financial motivation of cooperation with the government exists.  A senior director of the company said: “Large companies have business with the government, these companies cannot tell government officials: ‘we are fighting against you – can we get the 400 million dollar contract?’ ”

After the shocks of Prism project, individuals and groups begin to enhance the awareness of information and data security, and the data and information protection has been paid more attention. For more information about data security and information protection, you can click here.

Feb 24

How Does NSA Almost Kill the Internet? (1)

《WIRED》 published a long article that tells the story that after the exposure of NSA massive surveillance activities, the Internet giants Google, Facebook, Microsoft and other technology giants have to confront with the government for their survive.

This is just a start of the chain reaction that will threaten the Internet industry basis. This topic has occupied headlines for months, and has become a hot topic of technology circles discussion. Over the years, technology companies’ privacy policies adopt subtle balance between maintaining the users’ privacy and providing personal data to government agencies. This field is new and is in controversy, sometimes it will erode the existing laws, while in the past, and these companies have made a difficult balance in the progress of promoting the policies. Technology companies suddenly find themselves caught into a fight which’s bigger than a battle involved in over share on Facebook or ads issues on Gmail. Over the past few months, they find that they have to fight with their governments for the future of the Internet.

Joe Sullivan, the Facebook’s security chief said, “We spent ninety minutes to respond.” Nobody’s heard of Prism project. And the worst is that Facebook and other technology companies are claiming to authorize the NSA to directly access to their server to get a huge amount of information, which seems completely wrong. CEO Mark Zuckerberg was shocked by the claim, and asked his executives whether this issue is true. They answered: NO.

Similar panic dialogue also occurs in Apple, Google and Microsoft. Google’s legal counsel Kent Walker said: “We are asked by the people around us: Is there any secret way to get information?” We said: NO.

Nevertheless, the Washington Post launched and described the Prism project. Technology Company quickly issued a statement to deny that they authorized the U.S. government directly into their user database. Because sometimes the secret court will order technology companies to participate in government projects, these projects require them to share data, but they are often reluctant to participate in, and the fact makes the technology’s statement complicated. Google and their partners did not talk about all the details of this issue, this is partly because the laws prevent them from full disclosure, and on the other hand, they don’t understand the government’s actual operational details of this project.

Before President Obama stepped in the issue, they have little time to plan out how to respond to Gellman’s allegations. President implied the Prism project when he responded to the leak problem, he said: “In terms of the Internet and e-mail, the matter did not involve U.S. citizens, nor people live in the United States.” The answer might alleviate some of the public outrage, but it did not play a helpful role for the IT industry. Most users of Apple, Facebook, Microsoft and Yahoo are non-US citizens. Now these users as well as regulatory agencies are directed to believe that using the services based on the United States means that their data will be directly sent to the NSA.

Technology giants spent years to establish trust which is now at the risk of bursting; however, they seem powerless to do anything for this. Legal restrictions makes them are not at liberty to provide complete documentation of their cooperation with the government, so they can only deny. However, even the most resolute denial – from Google CEO Larry Page and chief legal counsel David Drummond – cannot suppress the query for them. In the Q & A Drummond anticipates in on the Guardian website later this month, his questioner become more hostile:

“Whether this quiz is just a superficial after you are found the collusion with NSA?”

“If Google lies to us, then how can we say?”

“Google, you lost the trust we have given you for ten years.”

“I will stop using Google mail.”

Other companies are also facing such a siege. A company executive said:”Every time we talk about it, it seems that the things will be worse. We are more than not being trusted.”

Facebook’s global communications director Michael Buckley said:”The fact is that the government failed to turn the monsters back into the bottle, we can come up with any statement or statistics, like the government’s weekly routine disclosure, but the problem is that who will believe us? ”

In September last year, Facebook’s Zuckerberg expressed his disgust when attending a technology conference. He said “the government screwed up.” But the government’s actions, and after the world knew the wider information leakage, Zuckerberg, Page, Tim Cook, Marissa Mayer, Steve Ballmer and the other supervisors that have stored user information on their server are in trouble.

More than the revenue is at stake. The concept of maintaining the technology world is also at stake.  The Internet once came from a U.S. Department of Defense project, now it turned into World Wide Web that inspires a new era of civilization. Snowden’s leak questioned the Internet position that is characterized by free expression and authorization. If the network is regarded as an extension of the monitoring means, then the paranoid behavior brought about by it will affect the way people use the Internet. The countries that are angry for the U.S. intelligence agencies gathering information behavior have more reasons to use Snowden’s disclosed information to require U.S. government to stop collecting information, while the U.S. intelligence agencies will not easily give up collecting the information of these countries. Enterprises in the implementation of business activities will make the network Balkanization, destroy its open nature, and thus significantly improve operating costs.

For more information of data security and information protection, you can visit: www.kakasoft.com

Feb 17

Anti-Monitoring Battle is A Protracted War

The outbreak of the American “Prism” makes us know that we are living in a “monitored” era, and this monitoring action is s desecration of free network and absolute violation of the public information security. Monitoring of the information age is different from the traditional monitoring; the traditional monitoring refers to the fact that for some purpose, someone monitors somebody else through video surveillance or other camera recording methods, while the monitoring activity of the information age is equal to data theft, data monitoring or even data control.

Traditional monitoring is mainly caused by the distrust of individuals, businesses, and even government to some certain persons or groups. For the interests of certain groups, this behavior is understandable. But today’s network is a free world, there’s no individual, enterprise or even country that’s allowed to imprison its freedom. Anti-monitoring is the first step to confrontation.

The anti-monitoring battle at information age is actually a protracted war on information security, which needs people to know more about information defend technology, or even take measures to deal with the deteriorating International information security situation.

On the network, a serious network security error people most likely to commit is: Connect the public Wi-Fi and log on to your e –mail, bank account and other sensitive account information. If this situation is unavoidable – after all, you are in most of time in cafes, hotels, airports. You can consider buying a virtual private network; hence you can significantly improve the privacy protection when accessing the public network.

VPN, as an encrypted tunnel, can prevent bad guys from stealing your login information and other sensitive information.

Don’t put personal information in the cloud, and it should be encrypted even you must. The online file synchronization service like Dropbox, Google Drive and SkyDrive can be described as the best innovation of the Internet. However, when you conveniently view the latest photos stored on Dropbox, or easily find relevant text files on iCloud, you need to know that the data you stored on the server’s data is not encrypted.

This means that the relevant government law enforcement officials can readily obtain these data you stored. The hackers can also find security vulnerabilities on server suppliers.

For some sensitive data and information you need to synchronize across devices, the better choice is to use an encrypted cloud storage services. Of course, there is a more simple way- to find a file synchronization service with built-in storage encryption.

To ensure your online service security, you need to set a unique, random, tem or more-character password for every account. Don’t forget store them in a good password manager. For better security, please use the double-factor authentication provided by Google, Facebook and all the other services.

Double-factor authentication requests you in addition to enter the password, also need to enter a short numeric code. This code is usually from a physical FOB or smart phone app.

Dropbox, Evernote, Google, LastPass and Microsoft accounts adopt validators automatic work. And Facebook provides it owm code generator on its social network app, meanwhile, you can add Facebook code validator through Facebook account settings. In Facebook news feed page, click on the gear-shaped setting button on the top-right, and select account settings.

For the files stored in own computer or external storage devices, you mustn’t ignorance their security. They may be stolen or leaked to others even though you set boot password for your computer. To prevent the data stored in local computer and flash drives, you’d better lock files with password so unauthorized users can’t access without permissions.

At Information age, the value of the data will still be rising. As long as the mainstream of this era is still information and the Internet, the scramble for information resource won’t stop, the monitoring and the anti-monitoring won’t stop. In order not to damage their data security, it’s necessary to adopt targeted encryption software to guard the security bottom line.

Feb 10

Encryption Software Becomes Essential Factor for Future Information Security

In the day with rapid development, predicting the future based on the data analysis has become one of important reference for individuals and enterprises or even countries to formulate development plans. But there’s one thing that we cannot ignore. As the subject of this action, we need to pay attention to information protection. Once the information itself is wrong, the prediction definitely can’t be correct.

Security Situation – threats are increasingly targeted

In this informationization society, there’s no doubt that the most effective way to pry corporate secrets, to destruct the business’s normal operation or to steal enterprises’ funds is to invade the enterprise IT system. In order to avoid ulterior attacks and business confidential information stealing, more and more companies buy and install anti-virus, firewall and other information security protection products. Despite so, the security incidents are emerging endlessly.

In 2010, the U.S. Securities and Exchange organizations Nasdaq were repeatedly attacked; In 2011, RSA, Sony, U.S. digital certificate authority Comodo were hacked; In 2012, hackers used SQL injection to obtain 453400 users’ authentication information from Yahoo; In 2013, some banks and TV stations of Korea and some TV stations were attacked by hackers.

Do these companies not emphasize on information security? Nope. The companies listed above include not only the veteran IT enterprises and famous organizations but also the vedors that engaged in information security and financial organizations that highly valued information security.

For this reason, we can only conclude that information is now more and more targeted- Where there is value data, would be easy to burst a crisis.

What to do – informationization enterprises face unprecedented challenges

The development history of IT is accompanied by information security. After years of defense battles, current hackers have more specific target, more subtle method, and last longer, and there is a lot of means that can bypass conventional protective measures. Hackers cliques and ambushes the enterprise, they organized and premeditated to implement collaborative attacks. Moreover, with the improvement of the cost of crime, more and more attacks aimed at financial, securities, telecommunications and other industries that can bring high profits.

In 2013, some South Korean television stations and a number of banks were under attack, the cause is that hackers invaded anti-virus software vendors’ LANs and updated the virus database server, and then use the update mechanism to distribute malicious software to users’ computers.  The industry generally believed that in order to get these banks and television information, and to implement attack, the hacker is likely to have been dormant for a few months.

More frightening is that anti-virus software, as a corporate security “bodyguard”, has become hackers’ accomplice in this event. Traditional anti-virus, firewall and other security products are too dependent on the virus database to deal with unknown threats, various security products cannot coordinate with each other, etc. This is why so many large enterprises and security vendors will suffer hackers.

Whether for individuals or work groups, data security needs more attention. Effective precaution will be more useful than remedy measures, precaution of data and information security can reduce possibility of potential data leakage and data loss so as to decrease the financial and reputational loss caused by data loss.

For more information and data security solution, please visit: www.kakasoft.com

Jan 20

Security Tips for Anti Data Leakage (2)

2. Many large enterprises also have this problem, the database administrator and the network administrator who on the earth should be given more full administrative privileges to complete their work. According to the proportion of employees, the total amount of database administrators and network administrators is also the minority of all employees. And implementing management for them is relatively simple. But there’s a vulnerability of management: whether DBA can view all the data without any limitation? Who can have the administrative privileges of copy of the database? Whether there’s no data loss threats even those who have admin privileges are trustworthy?

I recommend canceling the super administrative privileges of database administrator and network administrator, for they just need to do their own job well, and don’t have any reason to fully grasp the enterprise database administrative privileges. The responsibilities of these IT management staffs should be subdivided, allowing them to set user name and password for their work. These user names and passwords should be submitted to the CIO administrator, while they should be kept by password protection software but not CIO.

3. There’s another situation: some IT user may not need to have powerful privileges, but owing to their work, they need to use other people’s privileges. A typical example is a low- level data center operations staff, he may only be responsible for production scheduling environment, while some of his work may be related to database management and system administrator’s user name and password. This is a significant potential threat for any business.

This situation may seem difficult; in fact, it is not hard to solve. Let all the staffs know that all the network activities in the enterprise will be monitored, so as to prevent data leaks.

“The value of core commercial secrets is self-evident, while the number one way of core secrets leakage is the most common e-mail.” Proofpoint CEO Gary Steele thinks so.

The remarks above show the accuracy of a recent survey-according to Forrester’s survey, IT executive and managers believe that email is one way that most likely cause data leaks, particularly the confidential memo, valuable intellectual property rights and transaction information.

However, after observing a number of leaks, you will find that only a small part of these events is malicious leaks, mostly are caused by negligence.

It can’t be denied that there’re malicious data leakage issues in real life. Enterprise users should have awareness, such as using server protection software that can help companies build information protection platform to prevent inbound mail threats (such as spam and viruses ), and ensure that outbound messages comply with company policies and external regulations.

Jeff Bowling, the founder and CEO of TELXAR stressed that the best way to block data leakage is to perform a good security plan, which should include security notes about preventing service attacks and the internal network, and the network admin guide service. The following information should be included in the plan:

1 The reap time should be shown

2 Assign the login credentials and rights

3 Disable external software

4. Consider internal audit/intrusion monitoring applications

5 Lock the internal hardware components

6 Regular audition, security and resource

7 Disable USB or FireWire port

8 Set message size restrictions or/and block all attachments

9 Define a strict policy

10 Execute secrecy and confidentiality agreements

11 Determined command chain and upgrade procedure

12 Ensure secure plans and policies that managers and users understand

If you want to find enterprise data protection solution, you can visit Kakasoft for more tips.

Jan 13

Security Tips for Anti Data Leakage (1)

Whether in real life or in the virtual world of the Internet, the security issues existing in many enterprises are mostly caused by internal staff. The so-called “internal problems” doesn’t derive from hatred to enterprise, many of which are caused by unintentional faults. For example, employees visited the site linked to horse, spyware , adware, such of kind of malicious software will unknowingly downloaded to their computer, and then these programs will be spread within the enterprise network.

Harm caused by the employees to the enterprise, regardless of whether they intend to so, the results of their actions are the same: misuse of the network is likely to cause that the company information system is compromised, confidential information is stolen and the company network is congested and other issues. Once corporate trade secrets are leaked, the assets will suffer huge losses.

Data leakage is a great loss for both employees and the business.

When corporate data leaks, the enterprises are not the only one who suffers loss, the concerning staffs are also the ultimate victims.

In August 2006, the CTO (Maureen Govern) worked for America Online (AOL) resigned; the reason is that AOL had leaked 658,000 anonymous users’ about 20 million Search keyword in three months.

In addition, a researcher and his supervisor of AOL technical research department also left the company owing to data leakage. In order to quell the waves of criticism on the Internet, AOL said it would set up a special team to review the company ‘s customer privacy protection policies.

Data breaches will even make a nation suffer loss, letting the government competence being questioned – British Prime Minister Gordon Brown has been questioned for 2500 people losing information.

In October 2007, the UK HMRC lost two important data discs, in which there is 25 million people sensitive information. In the UK, child welfare subsidies are all directly deposited to the target bank account via transferring, while losing discs saved important personal information.

The losing information involves a great number of UK households, almost all families having children under the age of 16 have lost personal information, and even Prime Minister Gordon Brown family was not spared. Losing information is related to all child welfare subsidies beneficiaries, including 25 million people, 7.25 million families. Almost half of the UK’s confidential information is lost, which contains important bank account content, British Prime Minister Gordon Brown s have been strongly questioned.

Many companies make up some security policies in the database, e-mail and some other aspects of information management, but these policies are just a framework, the effects of which is questionable.

One of the most stressful things for the IT charge men is business-critical data leakage, however leak is really inevitable, because no matter how powerful the technology and equipment are, the enterprise can hardly avoid illegal invasion.

Many enterprises will assign super administrator privileges to admin, such permission is a reflection of the abuse of authority to database. The data environment with such kind of privileges is very dangerous, because it is very easy to be exploited by unscrupulous people, causing critical data loss.

Johnson offers three ideas and suggestions to adequately protect data:

1. In the enterprise, allowing IT operation staffs to assign permissions based on the actual users’ needs is a strenuous and thankless job. Many business executives require IT operation staffs to set the permission of database as “super administrator”, but this requirement is not necessarily consistent with the actual need, which makes IT operation staffs in dilemma.

However, as IT executives, even if you feel very difficult, but I still recommend you to adhere to your principle – related personnel database permissions should match their actual work right, especially you should figure out why some staffs obtain the super privileges.

The management of company must have a clear judgment in this aspect, is it better to firstly regard convenience or the safety? But from all above, we know that in order to stand out from such a competitive market environment, sound and stable security measures are imperative.

You can visit Kakasoft for more information about data security.

Jan 06

Malware CryptoLocker May Cause Millions of Dollars Loss

According to Dell safety engineering researchers’ analysis, within 100 days the encryption virus software CryptoLocker invaded at least 200,000 computers, obtaining defraud income of at least $ 380,000 and this figure may be larger.

CryptoLocker encrypted over 70 different types of files, including Microsoft Word and Excel, Adobe Illustrator and PDF files, etc. and asked the victim for $ 300 to unlock their files. In a report released in late December, security researchers conservatively estimated that in the first 100 days at least 200,000 people infected with the virus, about 0.4 percent of the victims paid the fee to CryptoLocker for the decryption key.

Data loss caused by infection of CryptoLocker poses threats and loss to thousands of companies. In the past the majority of ransom ware or rogue security software at most locks Windows desktop until the users pay extortion fees, they don’t actually encrypt or destruct the data. However, CryptoLocker uses encryption technology, which is also used to encrypt files for data security, to encrypt important files, making them unreadable unless the user pay for the decryption key.

“Compared with most ransom ware, the difference is not only the scale of destroy or the competence level of hackers, more importantly, it’s a more pathetic desperation virus: it will destroy your files, and you will eventually lose your important data if you do not pay extortion fees.” Dell’s senior security researcher Keith Jarvis said.

CryptoLocker virus first spread in early September, it disguised as consumer complaints spam emails. When you run the compressed executable file in the attachment, the program will connect to a server and retrieve an encryption key on the Internet. In this way, it encrypts more than 70 different types of files in infected computer system.

“After a series of practice, the malware authors have created a powerful and difficult to circumvent the program,” the report said.

By using this malicious software in the field of monitoring, security researchers found that in late October and early November, nearly 32,000 computer IP address were displayed that having signs of infection of the virus. In the second week of December, there are nearly 6,500 computer IP addresses that showed signs of infection.

According to a statistical graduate student Michele Spagnuolo’s statistics, some infected people use Bitcoin as extortion payments to the criminals. Through analysis of payment Spagnuolo find out the Bitcoin account holder information. Through this way, security researchers discovered in the first 100 days, an account bundled with CryptoLocker collected 1216 Bitcoins which was worth at least $ 380,000.

However, the ransom collected by criminals could reach millions of dollars. Because Bitcoin is a kind of virtual currency, the fluctuations in the value might make the final ransom far exceed the minimum value of $ 380,000 in that period. In addition, there are more than 0.4% of victims possibly pay a ransom.” Security researcher Jarvis said, “I think the total ransom ultimately is at least several times of this number.”

Dec 30

Please “KISS” in Information Leak Prevention

Einstein led us to have a taste of the simple beauty of the physical world; Steve Jobs was showing us the extraordinary minimalist design. At most of time, only simplicity can reach the essence of things. There is a very important principle in enterprise management-”Keep It Simple, Stupid”, because only simplicity can be accepted by majority and be more widely implemented. Enterprise information leak prevention often make people feel complicated and have no thread, which makes it need KISS principle.

So how to apply the KISS principle to corporate information leak prevention? In current enterprise information leakage protection projects, three aspects that most need simplification are security systems architecture, information using environment and security regulation.

1. Keep the system simple to realize easy operation.

If the security mechanism of enterprises is too cumbersome, employees will find any ways to circumvent them. For a suit of information leak protection system, no matter how powerful it is, it will be invalid if no one uses it.

Some companies will chose a system that stacks different brands of security systems together when purchasing the information leakage protection system. In fact, due to need to run multiple systems, administrators must log in multiple accounts, set policy on multiple platforms, and query data, which make the management more difficult. Coupled with compatibility and other issues, the company’s overall anti-phishing systems become more complex and practicability therefore becomes weaker.

2. Keep the environment clean so as to achieve an orderly control.

If compare a business to a planet, the information are lives on the planet, and the information ecological environment of the enterprise is very poor. For example, randomly placing important files, crossly using various U disks, randomly installation of various software, freely to modify the configuration of your computer, such kind of phenomenon that will harm information abound, which potentially increase the chance of data leakage. Meanwhile this chaotic environment will virtually give employees an expression that “company doesn’t attach importance to information leakage protection”, and gradually eroded employees’ security awareness.

Therefore enterprise information leak prevention can start from information using environment specification, such as to unify the registration and management of mobile storage device to ensure that admin can trace back to the owners of each device, every device usage has its operational records; such as to unify the applications installation and network configuration of external computers via desktop standardization. Clean information using environment can not only improve the enterprise anti- leak coefficient, improve safety awareness of users, but also help to shape corporate professional and trustworthy image.

3. Keep the system simple so as to achieve clear and feasibility.

At the mention of information security system, many people may come to mind is something out of a thick manual and the like, tedious, boring, soporific. Such kind of a system, although it takes a great deal of efforts, but few people like it.

Information security system should not be cold warning or even command, but a humanized communication between enterprise and users. Therefore, companies should take a variety of forms to communicate with employees, and with a reasonable incentive so as to achieve good results.

You may face core assets loss and heavy pressure from market, partners and the public if you don’t prevent information leakage; while you may feel difficult to promote, implement if you decide to prevent the information leakage. Those enterprises that worrying about information leak prevention project had better “KISS”!

For more information about data security and enterprise data leak prevention, please visit: Kakasoft.

Dec 23

The Great Loss Caused By Network Crimes

Ponemon Institute recently released a research report entitled “2013 Cybercrime cost”. The research report consecutively sponsored by HP Company for four years estimated the economic impact caused by cybercrime. The report notes that in 2013 the economic impact caused by cybercrime increases 78% compared with that of over the past four years, in the past 4 years, the time cost to solve the problem has increased 130%. Average cost for per network attacks needs more than $ 1 million.

In 2013, the frequency of attacks and damage has increased. Based on the sample of U.S. companies and the government point of view, the loss was caused by cyber attacks every year $ 11.56 million, more than four years ago, when the beginning of the study increased by 78%.

Although the level of network defense is improving, cyber crime groups also show their strong ability of adjust and adopt in front of the continuously improving protection level of network defend.

Some important data presented in this report are summarized as follows:

1) The annual average loss of every enterprise (organization) caused by cybercrime is $ 11.56 million; the loss range is from $ 1,300,000 to $ 58,000,000, which increased $ 2.6 million than that in 2012, an increase of 26%.

2) Military, financial, energy, power industry suffered the largest loss of cyber attacks

3) The major factor of loss caused by cybercrime is data loss or data theft, which accounted for 43% of the total loss, and the loss caused by the shutdown accounted for 36%.

4) The business or organization suffered 122 successful cyber attacks every week. The figure in 2012 was 102.

5) The average time to resolve a cyber attack is 32 days; the average cost during this period was $ 1,035,000, which is about U.S. $ 30,002 thousand a day. And in 2012, the average time to solve the each network attacks was 24 days, with an average cost of $ 591,000.

6) The loss due to DoS attacks, Web attacks and damage caused by the internal staff accounted for 55% of enterprises cybercrimes.

7) For small businesses, the loss caused by network attacks of per employee is much higher than that of large enterprises.

8) For business, the costs of finding network attacks and recovery after network attacks are the highest.

The report also reveals the importance of the necessary network protection mechanisms and establishment of network security awareness. The researchers also found that the use of Security Information and Event Management (SIEM) and big data analysis can help mitigate the loss of network attacks. For enterprise and organizations, data and information may be two of most important assets, data or information loss will lead to not only financial loss but also reputational loss. Every company should establish strong awareness of data security, what’s more, the admin of company need to improve employees’ data protection awareness. For example, admin must remind employees to password protect folder stored in PC and portable storage devices.

Dec 17

Dangers in Mobile Information Age

The development of the Internet and information technology makes people step into the information age, but with the change of the information processing terminal, people also enter the mobile information era. In this mobile era, people can use their mobile information devices to connect the network anytime and anywhere, beginning their informationalized living, office and entertainment. It’s sure that the mobile situation will continue for a long period of time, because it fit people’s hope of free.

But it is this portable mobile device that brings about information and data security issues to people. How to deal with mobile device security issues has become one of most concerned things of individuals, companies and even countries. Also due to the diversity of mobile devices and information technology, the protection solutions must keep up with them, namely is able to adapt to various possible environment and safety requirements.

Mobile Device Management (hereinafter referred to as MDM), namely management of smart phones, tablet PCs and other mobile network client. Now, MDM is an indispensable measure for enterprises, because the mobile network clients are similar to traditional computer, poor management is likely to cause a bad impact on operating safety.

Smart phones and tablet computers are developed from the PDA (Personal Digital Assistant, Pocket PC), their history is not long. They can be used as a mobile network clients, the earliest portable microcomputer appeared in the late 1990s.

Mobile + Portable= Increasing chance of stolen

Owing to the small size and portability, the stolen risk of microcomputer is significantly higher than desktop computer. Most desktop computers are larger in the volume and fixed on positions in the office, they are seldom stolen if you close the door. But because of the small size of laptops and smart phones, the stolen difficulty is sharply decreased.

Many researches show that mobile phone is now more important than our wallets for people. The reason why phones are becoming so important is that in addition to its intrinsic value, the important data stored in the phone, such as scheduling, address book, and so such private information are important.

Business people tend to store data involving many business secrets in office tablet PCs and smart phones, especially in the email. E-mail specific contents are different based on each company ‘s information infrastructure, which may include unimportant chat, and may also include customer information, corporate plans, and even the contract documents. Email possibly contains passwords of common office applications.

The most frightening thing is data. Important data may be lost due to security vulnerabilities in equipment: hackers can gain access to the device, and access the data in the device. Another way is through the phishing application. As long as you download some phishing applications, they will be able to access to the data stored in your device. Apparently, users who download these applications are insufficient of vigilance. As long as the application is free, users are willing to download; they are seldom concerned about the possibility that the data in their own equipment may therefore be compromised.

The traditional Trojan viruses can also spread on a mobile platform. Even though Apple, Google, Microsoft and other companies have considered this problem in the design of operating procedures and ensure that the factory equipment is not toxic, but it’s impossible that the program has no flaws.

As the security issues come with the development of mobile technology and IT are more and more, in order to decrease the loss caused by mobile device stolen we’d better password protect the data stored in it. If the threatening objects aim at the value of data, you can use encryption solution to protect the data.

People look for freedom, while the yearning for freedom also affects their attitudes of handling things. In the face of security issues in the information age, individuals, companies and countries need encryption technology to protect files and lock portable storage devices.