Since the Arab uprisings of 2011, UAE has utilised 'cyber-security governance' to quell the harbingers of revolt and suppress dissident voices

he nuts and bolts of the Emirati surveillance state moved into the spotlight on 1 February as the Abu Dhabi-based cybersecurity company DarkMatter allegedly stepped "out of the shadows" to speak to the international media.

Its CEO and founder, Faisal al-Bannai, gave a rare interview to the Associated Press at the company's headquarters in Abu Dhabi, in which he absolved his company of any direct responsibility for human rights violations in the UAE.  

Established in the UAE in 2015, DarkMatter has always maintained itself to be a commercially driven company. Despite the Emirati government constituting 80 percent of DarkMatter's customer base and the company previously describing itself as "a strategic partner of the UAE government", its CEO was at pains to suggest that it was independent from the state.

According to its website, the company's stated aim is to "protect governments and enterprises from the ever-evolving threat of cyber attack" by offering a range of non-offensive cybersecurity services. 

Seeking skilled hackers

Though DarkMatter defines its activities as defensive, an Italian security expert, who attended an interview with the company in 2016, likened its operations to "big brother on steroids" and suggested it was deeply rooted within the Emirati intelligence system.

Simone Margaritelli, also a former hacker, alleged that during the interview he was informed of the UAE's intention to develop a surveillance system that was "capable of intercepting, modifying, and diverting (as well as occasionally obscuring) traffic on IP, 2G, 3G, and 4G networks".

Although he was offered a lucrative monthly tax-free salary of $15,000, he rejected the offer on ethical grounds.

Furthermore, in an investigation carried out by The Intercept in 2016, sources with inside knowledge of the company said that DarkMatter was "aggressively" seeking skilled hackers to carry out offensive surveillance operations. This included plans to exploit hardware probes already installed across major cities in order to track, locate and hack any person at any time in the UAE.

In many respects, the UAE's surveillance infrastructure has been built by a network of international cybersecurity “dealers” who have willingly profited from supplying the Emirati regime with the tools needed for a modern-day surveillance state

As with other states, there is a need for cybersecurity in the UAE. As the threat of cyber-attacks has increased worldwide, there have been numerous reports of attempted attacks from external actors on critical infrastructure in the country. 

Since the Arab uprisings of 2011, however, internal "cyber-security governance", which has been utilised to quell the harbingers of revolt and suppress dissident voices, has become increasingly important to the Emirati government and other regimes across the region.

Authoritarian control

In the UAE, as with other GCC states, this has found legislative expression in the cybercrime law. Instituted in 2012, its vaguely worded provisions essentially provide a legal basis to detain anybody who criticises the regime online.

This was to be followed shortly after by the formation of the UAE’s own cybersecurity entity, the National Electronic Security Authority (NESA), which recently began working in parallel with the UAE Armed Forces’ cyber command unit, established in 2014.  

A network of Emirati government agencies and state-directed telecommunications industries have worked in loose coordination with international arms manufacturers and cybersecurity companies to transform communications technologies into central components of authoritarian control. 

In 2016, an official from the Dubai police force announced that authorities were monitoring users across 42 social media platforms, while a spokesperson for the UAE’s Telecommunication Regulatory Authority similarly boasted that all social media profiles and internet sites were being tracked by the relevant agencies.

000 OF77X

Crown Prince Mohammed Bin Zayed Al Nahyan of Abu Dhabi meets with US President Donald Trump in Washington in May 2017 (AFP)

As a result, scores of people who have criticised the UAE government on social media have been arbitrarily detained, forcefully disappeared and, in many cases, tortured.

Last year, Jordanian journalist Tayseer al-Najjar and prominent Emirati academic Nasser bin Ghaith received sentences of three and 10 years respectively for comments made on social media. Similarly, award-winning human rights activist Ahmed Mansoor has been arbitrarily detained for nearly a year due to his online activities. 

This has been a common theme across the region in the post-"Arab Spring" landscape. In line with this, a lucrative cybersecurity market opened up across the Middle East and North Africa, which, according to the US tech research firm Gartner, was valued at $1.3bn in 2016.

A modern-day surveillance state

In many respects, the UAE's surveillance infrastructure has been built by a network of international cybersecurity "dealers" who have willingly profited from supplying the Emirati regime with the tools needed for a modern-day surveillance state. 

Moreover, it has been reported that DarkMatter has been hiring a range of top talent from across the US national security and tech establishment, including from Google, Samsung, and McAfee. Late last year, it was revealed that DarkMatter was managing an intelligence contract that had been recruiting former CIA agents and US government officials to train Emirati security officials in a bid to bolster the UAE's intelligence body.

UK military companies also have a foothold in the Emirati surveillance state. Last year, it was revealed that BAE Systems had been using a Danish subsidiary, ETI Evident, to export surveillance technologies to the UAE government and other regimes across the region. 

'The million-dollar dissident'

Although there are officially no diplomatic relations between the two countries, in 2016, Abu Dhabi launched Falcon Eye, an Israeli-installed civil surveillance system. This enables Emirati security officials to monitor every person "from the moment they leave their doorstep to the moment they return to it", a source close to Falcon Eye told Middle East Eye in 2015.

The source added that the system allows work, social and behavioral patterns to be recorded, analyzed and archived: "It sounds like sci-fi but it is happening in Abu Dhabi today."

Moreover, in a story that made headlines in 2016, Ahmed Mansoor's iPhone was hacked by the UAE government with software provided by the Israeli-based security company NSO Group. Emirati authorities reportedly paid $1m for the software, leading international media outlets to dub Mansoor "the million-dollar dissident."

Mansoor's case is illustrative of how Emirati authorities have conducted unethical practices in the past. In recent years, the UAE has bought tailored software products from international companies such as Hacking Team to engage in isolated, targeted attacks on human rights activists, such as Mansoor.

The operations of DarkMatter, as well as the installation of Falcon Eye, suggest, however, that rather than relying on individual products from abroad, Emirati authorities are now building a surveillance system of their own and bringing operations in-house by developing the infrastructure for a 21st-century police state. 

[Source: This article was published in middleeasteye.net By JOE ODELL - Uploaded by the Association Member: Wushe Zhiyang]

Categorized in Deep Web

[This article is originally published in purdue.edu written By Chris Adam - Uploaded by AIRS Member: Grace Irwin]

New technology makes it easier to follow a criminal’s digital footprint

WEST LAFAYETTE, Ind. – Cybercriminals can run, but they cannot hide from their digital fingerprints.

Still, cybercrimes reached a six-year high in 2017, when more than 300,000 people in the United States fell victim to such crimes. Losses topped $1.2 billion.

Now, Purdue University cybersecurity experts have come up with an all-in-one toolkit to help detectives solve these crimes. Purdue has a reputation in this area – it is ranked among the top institutions for cybersecurity.

“The current network forensic investigative tools have limited capabilities – they cannot communicate with each other and their cost can be immense,” said Kathryn Seigfried-Spellar, an assistant professor of computer and information technology in the Purdue Polytechnic Institute, who helps lead the research team. “This toolkit has everything criminal investigators will need to complete their work without having to rely on different network forensic tools.”

The toolkit was presented in December 2018 during the IEEE International Conference on Big Data.

The Purdue team developed its Toolkit for Selective Analysis and Reconstruction of Files (FileTSAR) by collaborating with law enforcement agencies from around the country, including the High Tech Crime Unit of Tippecanoe County, Indiana. The HTCU is housed in Purdue’s Discovery Park.

FileTSAR is available free to law enforcement

FileTSAR is available free to law enforcement. The project was funded by the National Institute of Justice.

The Purdue toolkit brings together in one complete package the top open source investigative tools used by digital forensic law enforcement teams at the local, state, national and global levels.

“Our new toolkit allows investigators to retrieve network traffic, maintain its integrity throughout the investigation, and store the evidence for future use,” said Seunghee Lee, a graduate research assistant who has worked on the project from the beginning. “We have online videos available so law enforcement agents can learn the system remotely.”

FileTSAR captures data flows and provides a mechanism to selectively reconstruct multiple data types, including documents, images, email and VoIP sessions for large-scale computer networks. Seigfried-Spellar said the toolkit could be used to uncover any network traffic that may be relevant to a case, including employees who are sending out trade secrets or using their computers for workplace harassment.

“We aimed to create a tool that addressed the challenges faced by digital forensic examiners when investigating cases involving large-scale computer networks,” Seigfried-Spellar said.

The toolkit also uses hashing for each carved file to maintain the forensic integrity of the evidence, which helps it to hold up in court.

Their work aligns with Purdue's Giant Leaps celebration, celebrating the global advancements in artificial intelligence as part of Purdue’s 150th anniversary. This is one of the four themes of the yearlong celebration’s Ideas Festival, designed to showcase Purdue as an intellectual center solving real-world issues.

Categorized in Investigative Research

Source: This article was Published wglt.org By RYAN DENHAM- Contributed by Member: Carol R. Venuti

October is National Cybersecurity Awareness Month, and it began with a sobering reminder of what’s stake—another big breach affecting our personal data.

This time it was Facebook, which this fall disclosed that an attack on its system affected 30 million users. Detailed information—what they searched, where they were—was stolen from the Facebook profiles of about 14 million of those users, The New York Times reported.

A breach at that scale is beyond our control as individual internet users. But there’s a lot we can do to protect ourselves. Two experts from Illinois State University’s information security office stopped by GLT’s Sound Ideas to share 5 things you can do right now. 

1. Never re-use your user ID and passwords across multiple applications.

Kevin Crouse, ISU’s director of information security and data protection officer, says you should mix it up. If you don’t, a hack of one service may expose you across multiple services. 

Password management tools like LastPass are one way to keep track of all those different usernames and passwords. 

“Generally speaking, (that's) a whole lot safer than writing them down on a Post-It note under your keyboard or a piece of paper in your wallet,” Crouse said. “If you’re trying to protect your entire self, having multiple passwords for every application—it’s hard for most people to remember one or two passwords, let alone 30 or 40.” 

2. Never give out your user ID or password over email or the phone. 

This one is easy: No matter how legit they sound, if someone from your “IT department” calls or emails asking for your user ID or password, it’s bogus. Crouse says ISU’s Administrative Technologies crew never does that, and the same is true for IT support units at other big local employers. 

3. Use long and complex passwords.

Crouse said passphrases are the way to go. How long? More than 20 characters. And sprinkle in some numbers, special characters, and spaces to really mix it up. 

An example: thedogJumpedOverthem88n$ 

“Password strength is all about a term called entropy, or the degree of randomness,” said Seth Pheasant, lead information security analyst at ISU. “Just having a long password is really the most security-enhancing thing you can do. Because by adding each character, you’re actually exponentially increasing the security of it. If you were to just capitalize a letter, that’s only one switch in entropy. Whereas if you add in a whole other letter, you’re completely changing the calculation of how many possible passwords you’d have to try to guess that.” 

4. Know what you’re giving up.

Crouse and Pheasant both encourage you to spend some time looking at what data tech giants like Facebook and Google are collecting about your online behavior. You may be OK with what they’re collecting, or you may not be. The only way to know is to check. 

Pheasant recently deleted his Facebook account, but only after downloading his full set of personal Facebook data to see what was in there. 

“I was pretty shocked to see the various data points,” he said. “They had entire call records. Who I called, at what time, for how long, the phone number, the contact name. This is all used to build a profile around you. To protect yourself online is to be conscious about what you’re sharing and knowing how companies are going to be using this data to build profiles around you and eventually sell that to other companies.” 

5. Devices are not immune.

Don’t get lulled into a false sense of cybersecurity just because you spend most of your time on your iPhone. There’s no such thing as a 100 percent secure device, Crouse said. 

Pheasant recommends encrypting any mobile device that you use—phones, laptops, whatever. For most phones, that’s as easy as using the device’s passcode feature. You can also Google your specific phone model to learn how to manually adjust encryption settings. 

“Having your data encrypted gives you that extra peace of mind that if someone does end up with your phone, they won’t be able to take all your personal information off that device,” Pheasant said.

Categorized in Internet Privacy

 Source: This article was published icij.org By Spencer Woodman - Contributed by Member: Dorothy Allen

Reporters are navigating a more treacherous environment than at any time in recent memory, and despite a plethora of digital tools to keep them safe – many are failing to adopt new strategies.

It’s a bleak reality: Last year alone, a record number of journalists were killed in Mexico, reporters were imprisoned in Myanmar and journalists in Turkeyfaced criminal charges en masse.

The press’s enemies have been boosted by U.S. President Donald Trump, who has lodged almost daily attacks against journalists, and many have followed his lead. Wealthy private interests have launched their own crusades: a private firm was hired to undermine New Yorker reporter Jane Mayer’s reporting on Koch Industries, and Harvey Weinstein offered big bucks to a military-grade surveillance firm to spy on reporters and their sources breaking the story of his sexual harassment.

“The World Press Freedom map is getting darker,” according to the 2017 World Press Freedom Index compiled by Reporters Without Borders, “and media freedom is under threat now more than ever.”

[Journalists] frequently disregard their sense of insecurity even when they feel unsafe in public or cyberspace.
Canadian Journalists for Free Expression

These threats are compounded by increasingly potent hacking tools falling into the hands of governments around the world and, in some cases, hackers serving government interests. This makes personal cybersecurity an essential first line of defense for reporters everywhere.

Yet many journalists are failing to utilize some of the most basic tools to keep them and their sources safe from digital attack. A recent study by the Canadian Journalists for Free Expression found that some of the most at-risk journalists “frequently disregard their sense of insecurity even when they feel unsafe in public or cyberspace.”

So what can journalists (and citizens) do to better protect themselves online? Here are five security tools that have emerged as among the most commonly recommended for reporters and news organizations as well as their sources.

1. Signal and other end-to-end encrypted apps

Phone calls and digital messaging often comprise the bulk of a journalist’s workday. But conventional lines of communication can leave the contents of conversations vulnerable to hacking. And, even if someone is not able to intercept to the contents of these chats, a hacker can still access extensive archives of related metadata, including who you talked to and when.

But there are an increasing number of options to help you communicate securely with a high degree of confidence.

As we settle into 2018, the app Signal — possibly you’ve already heard of it – is a clear favorite for secure voice calls and messaging between journalists, their editors, and sometimes their civil servant sources.

You can easily use the Signal app on your phone.

“Everyone is really enthusiastic about Signal,” said Harlo Holmes, director of newsroom digital security with the Freedom of the Press Foundation. “Right now it’s the state of the art in terms of encrypted communication.”

To the user, Signal looks and operates like a traditional chat app, and also allows you to avoid expensive international call and text fees. But Signal also offers what’s called end-to-end encryption, meaning communications can only be deciphered on the physical devices of the communicating users. Even if a government tried to compel the group of developers that administers Signal to turn over your communications, it couldn’t provide information: Signal simply has no ability to figure out exactly what you’re doing on its platform.

An increasing number of digital platforms are using end-to-end encryption, but some popular products differ from Signal in one key way: While some of these firms may not be able to access the content of your communications, they can often access valuable metadata that may reveal who you were communicating with and when. These apps also may allow users to inadvertently send messages without end-to-end encryption.

To learn more about Signal, Holmes recommends checking out the foundation’s page on Security Planner, a project of the University of Toronto’s Citizen Lab.

2. Secure file storage and encrypted sharing

A large portion of our lives is often stored on our laptops and the messaging platforms, social media sites and work portals they access. For journalists, this can mean a lot of sensitive material, including leaked documents, identities of sources and unpublished story drafts.

Bill Budington a security engineer at the Electronic Frontier Foundation, a group dedicated to digital privacy, points to the particularly risky situation of crossing a border and recommends a series of products and measures journalists and others can adopt to keep files safe in the most at-risk circumstances.

His first tip: When most under threat, ditch your primary laptop or smartphone completely. If you have a burner phone or a cheap netbook that doesn’t contain sensitive data, bring this secondary device along instead while traveling.

But when burner devices aren’t an option, Budington says, “the most powerful thing” a person can do to keep devices safe at a border-crossing is to make sure the hard drive is fully encrypted beforehand – helping to ensure that only those with the device’s passphrase will be able to access its files. This step is also among the easiest – for Mac iOS and some Windows users, it can be as simple as clicking a few buttons to activate built-in encryption programs.

Even with an encrypted hard drive, hackers can attempt to “brute-force” a password, potentially gaining access to the encrypted data. (In many jurisdictions, courts and law enforcement agencies can try to compel you to turn over your password under threat of punishment, including incarceration.) An open-source program called VeraCrypt can add an additional layer of encryption, so that, even if hackers get access to your hard drive, they then must enter what amounts to a highly-fortified folder to gain access to your most sensitive information.

Yet even the most highly secured hard drive will provide little help in protecting your data when you inevitably need to transfer a sensitive document to someone else via the internet. Some of the most prominent file-sharing programs, such as Google Drive and Dropbox, do not provide what Budington calls “client-side” encryption by default.

“For cloud storage, the most important feature for secure storage is for the program you’re using to encrypt files locally on your own machine before they are uploaded to the cloud servers,” Budington told the International Consortium of Investigative Journalists (ICIJ). There are some services that provide local encryption prior to upload – Budington recommends SpiderOak, the Keybase filesystemtresoritand Jungle Disk.

You can learn more about device security and document storage by watching a security talk Budington gave in December.

3. Password managers

As hackers become more sophisticated, maintaining strong and up-to-date passwords that aren’t reused across different services is a must. But for reporters who use numerous online services and databases, this can become burdensome: Memorizing a series of complex and ever-changing passwords isn’t feasible and storing them in your computer or email makes them prone to fall into the hands of hackers.

Chris Walker, Digital Security Advisor at the Tactical Technology Collective, a cyber security initiative based in Berlin, recommends solving this problem with an encrypted password manager, which can both generate and store your passwords for you.

“Writing down your passwords and keeping them all in one place might not sound like a good idea at first,” Walker says, but he assures that with the right password manager, users will be more secure with fewer hassles. These apps can both generate stronger passwords and remember them for you.

KeyPass is just one Password manager available.
 
Walker recommends one tool in particular: KeePassXC, a system he describes as highly secure. “It is well maintained, free and open-source software that relies on well understood, standards-based encryption to protect your passwords,” Walker says. “It is also quite simple. It does not try to store your data online or sync between multiple devices. This simplicity helps protect KeePassXC from many potential avenues of attack.”

KeePassXC also has competitors that have been highly rated, including Lastpass, which both Securityplanner.org and online consumer guide Wirecutter recently recommended.

4. Two-factor authentication and its innovations

But Walker is quick to point out that even the most well-managed passwords must be used, when possible, alongside two-factor authentication – an extra layer of security that most often requires users to enter a temporary code that is only accessible from a personal device, usually a cell phone, in addition to their passwords. The idea is that, even if hackers have cracked your password, they still must somehow get their hands on a physical device that only you carry.

This is a basic step that should be used whenever you need to log in to an online service – including email portals, Twitter, Facebook, bank accounts and wherever else you use passwords to protect and to prevent hackers obtaining sensitive information.

One problem with this: The text messages containing these codes can be intercepted. This year may also see a growing adoption of a new sort of two-factor authentication that security engineers believe may be safer than receiving a code on your iPhone: Google is now offering to provide people at high risk of surveillance a program that requires users deploy two physical authenticator keys as a final step for unlocking an account. The devices can fit on a keychain and use USB or bluetooth technology to communicate with your computer and smartphone.

Google’s two-factor authentication requires an extra login step.

Runa Sandvik, the senior director of information security at The New York Times, is a fan of Google’s new initiative, known as the Advanced Protection Program. “I think the Advanced Protection Program (APP) is a great option for at-risk users,” Sandvik told ICIJ. “I have, personally, used APP for a few months and see no reason not to turn it on.”

For more information on Google’s APP and its physical security key, the New York Times has a good article on it and you can also visit the Google’s website. (Unfortunately, this feature isn’t free – each key costs about $20.)

5. Slack alternatives for your office

Over the past several years, new technology known widely by the brand-named Slack has pervaded American office culture. It’s part chat, part email, highly distracting and can archive everything you say and all the documents you upload. Slack has been criticized for its lack of full encryption, and, last year, a web security researcher discovered that a vulnerability in Slack’s code would allow hackers to gain access to millions of users’ private conversations – a particularly sensitive potential exposure for some, given that Slack’s private channels are infamous for encouraging fierce workplace gossip.

Slack does not offer end-to-end encryption, so the contents of your communications may be retrievable if the firm receives an order from, say, an intelligence agency or law enforcement office. Martin Shelton, a data security researcher who works with at-risk groups, says that, although Slack may be the most user-friendly service of its kind, organizations seeking a higher level of security have other options. Semaphor, designed by the tech security firm SpiderOak, is a prominent alternative to Slack. Shelton recommends it as a “nice choice for an end-to-end encrypted chat,” but notes that its “user experience is a little clunky.”

Shelton also points to Mattermost, another potentially appealing chat application for organizations on perhaps the more established side. Like Signal, Mattermost’s code is open source, meaning that anyone can inspect its architecture for vulnerabilities.

“This is great because it’s regularly audited by security researchers,” Shelton says. “You can also host it on your own server, so you know where your data is located,” Shelton notes that this last feature can, however, mean a bit more work. “News institutions will need administrators who know what they’re doing to maintain the server,” Shelton says.

As the Electronic Frontier Foundation reminds us, good data security is a process, not just a series of products. The tools above only offer a start. Some commonly used digital security products that didn’t make the list also include email encryption – which can be a pain to set up but can ensure your encrypted emails are all but impenetrable – as well as secure and private web browsing with Tor and DuckDuckGo.

For more tools and a more detailed explanation of how to use them, take a look at the Electronic Frontier Foundation’s Surveillance Self-Defense project and the Citizen Lab’s SecurityPlanner.org. Threats to journalists may be building, but, luckily, so are our defenses against them.

Categorized in Internet Privacy

 Source: This article was published cyberblogindia.in By Abhay Singh Sengar - Contributed by Member: Bridget Miller

When we talk about “ethics” we refer to attitude, values, beliefs, and habits possessed by a person or a group. The sense of the word is directly related to the term “morality” as Ethics is the study of morality.

Meaning of Computer Ethics

It is not a very old term. Until 1960s there was nothing known as “computer ethics”. Walter Manerin the mid-70s introduced the term ‘computer ethics’ which means “ethical problems aggravated, transformed or created by computer technology”. Wiener and Moor have also discussed about this in their book, “computer ethics identifies and analyses the impacts of information technology upon human values like health, wealth, opportunity, freedom, democracy, knowledge, privacy, security, self-fulfillment, and so on…“. Since the 1990s the importance of this term has increased. In simple words, Computer ethics is a set of moral principles that govern the usage of Computers.

Issues

As we all know, that Computer is an effective technology and it raises ethical issues like Personal Intrusion, Deception, Breach of Privacy, Cyber-bullying, Cyber-stalking, Defamation, Evasion Technology or social responsibility and Intellectual Property Rights i.e. copyrighted electronic content. In a Computer or Internet (Cyberspace) domain of Information security, understanding and maintaining ethics is very important at this stage. A typical problem related to ethics arises mainly because of the absence of policies or rules about how computer technology should be used. It is high time, there is some strict legislation regarding the same in the country.

Internet Ethics for everyone

  1. Acceptance- We should accept that the Internet is a primary component of our society only and not something apart from it.
  2. We should understand the sensitivity of Information before writing it on the Internet as there are no national or cultural barriers.
  3. As we do not provide our personal information to any stranger, similarly it should not be uploaded to a public network because it might be misused.
  4. Avoid the use of rude or bad language while using e-mail, chatting, blogging, social networking. Respect the person on another side.
  5. No copyrighted material should be copied, downloaded or shared with others.

Computer Ethics

Following are the 10 commandments as created by The Computer Ethics Institute which is a nonprofit working in this area:

  1. Thou shall not use a computer to harm other people;
  2. Thou shall not interfere with other people’s computer work;
  3. Thou shall not snoop around in other people’s computer files;
  4. Thou shall not use a computer to steal;
  5. Thou shall not use a computer to bear false witness;
  6. Thou shall not copy or use proprietary software for which you have not paid;
  7. Thou shall not use other people’s computer resources without authorization or proper compensation;
  8. Thou shall not appropriate other people’s intellectual output;
  9. Thou shall think about the social consequences of the program you are writing or the system you are designing;
  10. Thou shall always use a computer in ways that insure consideration and respect for your fellow humans.

Computer and Internet both are time-efficient tools for everyone. It can enlarge the possibilities for your curriculum growth. There is a lot of information on the Internet that can help you in learning. Explore that Information instead of exploiting others.

Computer Internet Ethics

Categorized in Internet Ethics

Cyber-crime has become one of the greatest threats to businesses, government institutions, and individuals, as hackers are constantly finding new targets and advanced tools to break through cyber defenses. As technology improves, new vulnerabilities are discovered and new obstacles challenge security professionals.

The past year was followed by a number of high-impact cyber-attacks. Namely, a number of devastating, high-impact cyber-attacks like rumors that the US election was hacked, marked 2017. Apart from the rumors regarding the hacked US election, there were ransomware attacks all over the world, and of course, the Equifax breach.

Unfortunately, as challenging as it is today, cyber-security threats will likely get worse in the future, as attacks get more sophisticated. As the years pass, the global security threat outlook keeps on developing. In order to fight this threat, all business entities must understand and learn how to cope with these global cyber threats.

In 2018, these cyber threats are expected to grow at a constant rate, as more complex challenges continue to surface, and cyber criminals keep coming up with new ways of attacking secure IT systems. The following are some of the biggest internet security threats that can impact the operations of IT-powered organizations in the year 2018.

Ransomware

Over the past 12 months, we saw a huge number of ransomware attacks. Ransomware is, in fact, a relatively simple form of malware that breaches defenses and locks down computer files using strong encryption. Then, hackers demand money in exchange for digital keys, needed to unlock the data. Quite often, especially if the encrypted data hasn’t been backed up, victims pay. This has made ransomware popular with criminal hackers, who have recently started demanding payment in cryptocurrencies which are extremely hard to trace.

Google, Amazon, IBM and other big cloud operators, have hired the best digital security that will protect them from such attacks. However, smaller companies can’t afford such thing, which makes them more vulnerable. For a small-scale local business, even a single tiny breach could lead to a big payday for the hackers involved. To prevent your computer from getting hijacked, avoid clicking on unknown links, keep security software up to date, and backup everything on an external hard drive.

Attacks on Cryptocurrencies

According to the latest research, currently there are 1324 cryptocurrencies in total, and this number is expected to increase. The rapid increase in the value of some cryptocurrencies has pushed thieves into massive criminal activities against virtual currency scheme. As more people mine cryptocurrencies on their computers, cybercriminals will organize more attacks designed to steal crypto coins from users, using malware to steal funds from victims’ computers or to deploy hidden mining tools on machines.

Threats to IoT (Internet of Things)

As the value of real-time data collection advances, day-by-day, individuals and business entities are increasingly making use of IoT devices. But, unlike our traditional devices, the IoT devices pose a significant challenge and a sense of less control, simply because they are not the best protected entities, and are susceptible to hacking. That’s why protecting them is so important and will continue to do so in 2018. Millions of connected devices have little or no defense against hackers who want to gain control of them and use them to enter into a network or access valuable data. The number of cyber-attacks powered by compromised IoT devices has become a great concern of the IT security industry, which is why IoT vendors are already putting more time and effort into securing their devices.

Source: This article was published alleywatch.com By VIVENNE CARDENASS

Categorized in Internet Privacy

Let’s talk seriously about industrial cybersecurity: What you don’t know can hurt you.

Industrial cyber security is all over the news, and not in a good way. Our most vital industries – including power, water, nuclear, oil and gas, chemical, food and beverage, and critical manufacturing – are under attack. The gravity of the situation became clear when the FBI and the Department of Homeland Security went public in October about existing, persistent threats. Virtually or not, bad actors are among us.

Unlike physical attacks, cyber attacks are nonstop. Cyber hackers have graduated from simple mischief and denial-of-service attacks to ransomware, theft of competitive information, interception or altering of communications, the shutdown of industrial processes, and even knowledge manipulation through the news and social networks (it’s bigger than just politics). Who knows what’s next?

Digitalization and connectivity are heightening cyber risk, though they are foundational to the Internet of Things (IoT), cloud computing, Big Data analytics, and artificial intelligence. Breaching a single connected operational technology (OT) device or system puts everything on the network at risk.

Low-security and small networks provide easy access for bad actors, whether they’re traditional hackers, black-hat hackers making money on the dark web, nation-states, or malicious insiders. Human error and negligence also are cyber risks.

To establish and sustain cybersecurity and restore the confidence of the public, greater awareness of threats and ownership of risks are imperative. In addition to mastering basic security measures, the industry needs to detect and respond to attacks with persistence and resilience. Trust is not a strategy.

Fortunately, industrial software, technology, equipment, and service providers are fast ramping up their defenses, and dozens of new cybersecurity technology and services firms are offering to help. Consultants, legislators, regulators, and standards bodies also have prominent roles, but it is the end users, ultimately, who must put the cybersecurity puzzle together.

Here, several industry and cyber professionals weigh in about industrial producers’ cybersecurity risks and responsibilities and offer their actionable recommendations.

How bad is the problem?

When companies are surveyed about their top business risk, the answer increasingly is cybersecurity, says Alan Berman, president, and CEO of the not-for-profit Disaster Recovery International Foundation (DRIF). The IoT – now a $3 trillion to $6 trillion industry – is opening new doors to cyber hackers. An estimated 50 billion connected devices (handhelds, sensors, etc.) are in use already.

Speaking at the Society of Maintenance and Reliability Professionals (SMRP) 2017 Conference, Berman noted that cyber hacking has matured to become a sophisticated industry seeking to penetrate devices and systems through the weakest link in the chain, with the goal of profitability. “It is a business and we have to deal with it as a business,” he explains.

The weakest link could be a vending machine in the plant, Berman says. “Once hackers get on the network, they can get into everything,” he says. “When that happens, it could be months before the breach is discovered. What looks like a malfunction could actually be a hack.”

Until there’s awareness within the maintenance organization of the security risks associated with adding or replacing a connected device, the number of cyberattacks an organization sees will continue to rise, says Howard Penrose, president of MotorDoc.

Penrose has easily uncovered industrial cybersecurity gaps using Shodan.io, a search engine for finding internet-connected devices. In one case, “We found numerous points of access to different IoT devices using (the organization’s) default passwords, including links to the documents with those passwords,” he says. “In another case, an OEM had installed software on wind generation systems that allowed them to be turned on or off with a smartphone app.”

Most people equate cybersecurity to the network or IT, but the things that go “boom” in the night are on the industrial control system (ICS) side, says Joe Weiss, managing partner at Applied Control Solutions. “Not enough people are looking at this,” he says.

Weiss has been compiling a nonpublic ICS cyber-incident database that he says already contains more than 1,000 actual incidents, representing about $50 billion in direct costs. Each new entry serves as a learning aid or reminder; often they’re logged in his cybersecurity blog.

“People worry about the IT/OT divide, but the real divide is what comes before and after the Ethernet packet,” suggests Weiss. “Before the packet is where the Level 0,1 devices live (sensors, actuators, drives), and that’s where cybersecurity and authentication are lacking.”

As managing director of ISA99, Weiss recently helped start a new working group for Industrial Automation and Control System Security standards to address the cybersecurity of Level 0,1 devices.

Fear or fight?

Digitalization adds significant value despite the cyber risk. “Don’t fear connectivity – the benefits are too great,” says Eddie Habibi, founder, and CEO of PAS Global. On the other hand, he cautions, the threat of cyber attack is imminent and proven; critical systems are vulnerable; and “every minute, day, or month that you put off securing your systems, they remain at risk.”

Malicious code can sit dormant on a network for months or years before it suddenly activates, explains Habibi. The consequences can be significant to safety, production, the company’s reputation, insurance costs, and even the cost of borrowing for organizations that are not considered secure. “It’s beyond the theft of data; it’s now hitting the bottom line,” he adds.

While OT operators face all of the cybersecurity risks common in IT environments, many of the tools used to mitigate those risks are not available for OT networks, observes Chris Grove, director of industrial security at Indegy. He notes the following crucial distinctions:

  1. OT networks are not designed from the ground up with security in mind, meaning that industrial controllers are not typically protected with authentication, encryption, authorization, or other standard security mechanisms.
  2. A successful cyber attack on an OT network could have safety, financial, and environmental implications.
  3. It is much more difficult to monitor OT networks than it is to monitor IT networks because of the lack of monitoring tools, the proprietary protocols in use, and network isolation.

With the right tools, such as those developed for OT asset discovery and for tracking of user activity and changes to operational code, operators can identify risky configurations, malware, human errors, and insider attacks.

“Security is not a static thing,” cautions Dr. Allan Friedman, director of cybersecurity initiatives at National Telecommunications and Information Administration (NTIA) in the U.S. Commerce Department. “It needs to be adaptive, resilient, and scalable.” He continues: “For example, don’t assume that an air-gapped system (unplugged from any network infrastructure) will stay that way. Improperly trained personnel may establish new connections, or the USB drive used for a software update may carry an infection.”

Security by design and necessity

Trust is the new currency; more regulations are coming, and cybersecurity is not an option because we are moving toward digital at the speed of light: Dr. Ilya Kabanov, global director of application security and compliance for Schneider Electric, made these three points at the ASIS 2017 international security conference.

Kabanov urges OEMs to embed privacy and security in the products themselves. “It is not security vs. innovation; security requires innovation,” he explains.

Richard Witucki, the cyber security solutions architect at Schneider Electric, agrees. “Since security by obscurity is no longer a viable option, it is incumbent upon manufacturers such as Schneider Electric to embed cyber security directly into their products,” he says. “By doing this, we enable the end users to take a much more defense-in-depth approach.”

Schneider Electric’s approach includes actively training its development teams and engineers in secure development life-cycle programs, incorporating established security controls into its products, and conducting exhaustive internal and external testing. The ISA99/IEC 62443 set of standards was chosen because it addresses cybersecurity at several levels, including the products, the systems, and the development life cycle of the products and solutions.

“We all rely on products that control our critical infrastructure to perform as expected,” Witucki says. “Ironically, because these systems are so reliable (e.g., PLCs controlling a seldom-used diesel generator for 20 years), they have now become a vulnerability within the shifting threat landscape.”

Predictive maintenance (PdM) system and service providers are also tackling cybersecurity. Paul Berberian, the condition monitoring specialist at GTI Predictive Technology, has heard customer comments ranging from “It is not an issue” and “Nothing in the plant is connected to the outside world,” to concerns about internal secrets being vulnerable through an internet connection.

“Maintenance and reliability departments want to use PdM technology, but some don’t want to fight the battle internally with IT,” explains Berberian. “In my opinion, the concern for most of these companies is that hackers will be able to find a way into their plant network through the PdM data portal.”

To mitigate this risk, GTI uses SSL certificates to ensure the security of its sites; it requires encrypted usernames and passwords for access; it encrypts the stored data, and it uses a secure (HTTPS) web address.

Operational security technology partnerships are also forming. “Manufacturers and utilities want a single, accountable provider with a reputation like Siemens’ rather than a dozen suppliers,” says PAS Global’s Habibi.

The Siemens-PAS partnership looks to help companies that are struggling to establish adequate cybersecurity regimens. The PAS Cyber Integrity analytic detection engine identifies and tracks cyber assets, enabling fleetwide, real-time monitoring of control systems. Forensic and analytics technologists at the Siemens Cyber Security Operations Center apply their expertise to this information so they can dig deeper and provide a more robust response to potential threats.

“There is a 100% probability that any company will suffer from a cyber attack, and these attacks travel with lightning speed – how resilient will your response be?” asks Leo Simonovich, vice president and global head of industrial cyber security at Siemens.

What should you do right now?

First, master the basics: access controls, backup and recovery, software updates and patching, network segmentation, system hardening, and malware prevention on endpoints. Consider using a search engine like Shodan.io to quickly gauge risk exposure.

Cybersecurity should be treated like lean manufacturing and Six Sigma initiatives; it should be a continuous process reviewed and assessed on a regular basis, says Schneider Electric’s Witucki. “It is not a goal, but a journey,” he says.

He suggests selecting a cybersecurity standard appropriate to your industry and organization and then focusing attention where it is needed most with a gap analysis or risk assessment. This starts with an inventory of all computer-based assets (hardware, software, etc.). “When you consider some of this equipment may have been operating for 20 years inside an enclosure, you start to understand why this may be difficult,” adds Witucki.

GTI’s Berberian’s urges both industrial solution providers and end users to establish a strategy and security protocol that suppliers must meet. “A strategy that everyone understands, other than ‘We will never use the cloud,’ is most helpful,” he says.

To secure complete operating environments, companies must begin by addressing the fundamentals: discovery, prioritization, monitoring, and protection of their assets, advises Siemens’ Simonovich. He also advocates that company leaders consider addressing OT cybersecurity as one of their core responsibilities. This requires ownership, a strategy that looks at the challenge holistically, and strategic partnerships with best-of-breed companies.

NTIA’s Friedman suggests the following when acquiring new equipment or devices:

  1. Ask questions regarding security: What are the risks, and how can they be mitigated?
  2. Employ basic security hygiene: Use strong passwords and security credentials; apply patches promptly; employ network segmentation; and “know what’s under the hood” (e.g., which operating system is used).
  3. Partner with other sectors and organizations on design principles: Your problems probably aren’t unique, and others may have developed useful security solutions.

Ensure that the default passwords are changed, especially in the settings of variable-frequency drives, energy monitoring devices, and other connected systems adds MotorDoc’s Penrose. Also, never let a vendor bypass security to connect to the network. “We once found that a USB WiFi card had been installed on a secure network so a vendor could access the system remotely, eliminating the isolation of the critical system's network,” he says. He adds that if the IT personnel are capable, they should be performing device vulnerability analyses.

Indegy’s Grove says that while active, passive, and hybrid ICS security monitoring approaches all have advantages, a hybrid approach is likely to provide the best value for most organizations because it “gives organizations total visibility into their OT network and environment.”

Applied Control Solutions’ Weiss reminds us that it isn’t always clear what is or isn’t a cyber event, and SCADA is not a fail-safe to identify potential cyberattacks. By design, in some cases it may not detect critical malfunctions. Weiss suggests getting involved in the new ISA99 working group and sharing your ICS cyber incidents with him (This email address is being protected from spambots. You need JavaScript enabled to view it.).

Finally, and perhaps of most importance, cautions Schneider Electric’s Kabanov, everyone from executives to end users must decide whether cyber protections make sense. If they don’t believe they do, they’ll work around them.

Much more needs to be done to protect the critical industrial sector. The bad actors already are planning their next move. What’s yours?

Source: This article was published plantservices.com By Sheila Kennedy

Categorized in Internet Privacy

With more organizations introducing technology-based systems such as cloud computing into their work culture, the threat of a cyber-security breach has increased manifold.

Internet accessibility has only enabled the critical role of information technology in our daily lives. It has always been an inevitable part of organizational functioning, however access to the internet puts a lot of power in the hands of organizations and individuals alike.

Some recent examples include the leaking of several episodes from the wildly popular Game of Thrones series. While fans eagerly awaited to see what happens next, little did they realize that this excitement would be dampened by spoilers spread across the internet and social media.

The latest season of the hit fantasy TV show has been marred by several cyber security breaches. Apart from the hackers’ attack, the channel itself leaked the penultimate sixth episode accidentally.

This has been an example of C-suite executives everywhere that even one-time cybersecurity threats can greatly hamper a business, regardless of its size. In spite of its scale, the company has been reeling, attempting to fix holes in their cybersecurity procedures while keeping up with Game of Thrones fan hysteria.

In fact, its size makes it more vulnerable to the negative impacts that such instances can have on its reputation and revenue. Organizations must ensure that they accord top priority to data security as any low-level threat can percolate to the wider network and cause the organization to face financial penalties, lose revenues, incur customer wrath and have its brand image and future business suffer.

The cons of a security breach

A Drain on Money and Other Resources

The first and foremost impact of a breach is the economic losses to an organization, which go beyond just sales. Once confidential data is leaked, companies would need to spend heavily on forensics to investigate the breach as well as re-establishing stricter security protocols. Lawyer fees, filing of lawsuits and payment of fines to data protection authorities, all add up. Further, resources of time, energy and money are diverted to fire-fighting rather than growth and development. Companies should just avoid incurring double costs and disruptions by having cybersecurity hygiene from the get-go.

Loss of trade secrets/Disruption of Operations

Computer hacking primarily involves theft of proprietary and confidential information such as research, strategies, and financial reports. Compromised information and intellectual property can make an organization fall behind its competition by affecting its business operations and continuity.

Loss of trust and valuation

Customer relationship is built on trust and such attacks can lead to loss in reputation for a service provider. Cyberattacks can damage the reputation of a company and shake the faith that its customers place in it. A study conducted recently has shown that there is a strong relation between cyber breach in a company and its share price performance with some breaches having wiped off as much as 15% off companies' stock market valuations. For instance, Yahoo’s massive hacks raised questions on the company's deal to sell itself to Verizon Communications.

The lesson to be learnt

It is imperative for companies to be proactive about putting resilient systems in place to safeguard a company against possible cybersecurity threats. There are courses available which can equip people with the core concepts of network security and an in-depth understanding of cybersecurity mechanisms. Here are some other things to consider for professionals and executives in any organisation working with technology-based systems:

Invest in protection

This assumes importance as technologies which help protect against possible breaches can detect network intrusions before hackers have the chance to access sensitive data. Assessing and identifying organizational vulnerabilities and then formulating procedures to avoid them is the very first step. Some companies choose to employ a security firm for this or many prefer specialised training for their own trusted and employed professionals.

Educate employees

Very often, employees may unknowingly download viruses, install unauthorized software, register weak passwords or transfer work files to their home computers. This can result in data breaches and vulnerabilities. It is important to educate employees about best practices and how they can use the internet securely. Besides the education of employees, management and senior executives should also undergo basic training. One such course that we offer at Acadgild is 'Ethical Hacking' which introduces people to hacking concepts, network security, viruses, sniffers, cryptography and more.

Encrypt company data

There is research to back the fact that about 60% of those companies who faced a data breach did not encrypt their data. This is an essential step to avoid possible hacking and loss of information.

Screen vendors

Organizations that provide any third-party with access to confidential data, must do some research on their policies. This will help in understanding whether they comply with security best practices. The first Game of Thrones leak occurred owing to an outsourced agency that did some work for HBO’s Indian content distribution partner.

In conclusion

Apart from all the above measures, organizations should have a contract in place that protects them from liability in case of a security breach. Technology is bringing the world together and therefore, the likelihood of cyber-attacks will only amplify in the future. However, companies should constantly update themselves about both the scale and sophistication of cyber security threats and take adequate precautions to safeguard themselves.

Source: This article was published tech.economictimes.indiatimes.com

Categorized in Internet Privacy

CREDIT: Getty Images

Cloak & Dagger vulnerability uses Android's own features to fool users.

Do you like downloading and trying a wide range Android games and apps? You may want to rethink that habit, or at least proceed with caution. A newly disclosed Android vulnerability means miscreants can use apparently harmless apps to fool you into giving them "permission" to take control of your phone or tablet and watch everything you do with it.

Researchers at UC Santa Barbara and the Georgia Institute of Technology recently revealed a vulnerability they call Cloak & Dagger that can let miscreants use your phone's own permissions against you. It works like this: You download and run a new app. As so many apps do, it pops up an opening screen that asks you to to agree to something. That something could be almost anything: Click here to watch our tutorial video. Or proceed to the game. It doesn't really matter what the app appears to be asking you to do. What it's really doing is asking your permission for administrative powers that let it use your phone for...whatever it likes.

How does it manage to fool you? Using an Android feature called "Draw over other apps," in which an image or dialog box appears on top of anything else that might be on your device's screen. The "chat heads" used by Facebook Messenger are one example of how this works.

Google routinely grants apps the right to draw over other apps if they request it. They can be highly useful, but a cleverly crafted drawing could be laid on top of an Android warning about granting an app extensive permissions, while making it appear that you're saying OK to something completely different. One example is that it can activate accessibility functions. That allows the nefarious app to see and record your keystrokes, as some accessibility functions need to do in order to function.

This (silent) video shows how it works:


What can you do about it? Unfortunately current versions of Android do not ask for your permission for a newly installed app to draw over other apps. So to find out if you're affected, begin by going into Settings, clicking on apps, and then clicking on settings from the app listing (the gear in the upper right). At the bottom of the list that appears, you'll find "Special access." Click that to see which apps have the right to draw over other apps. You can get detailed information about this vulnerability and how to check your device here.

Google has known about this vulnerability for some time now--the researchers alerted the company months before telling the rest of us. And the company says it is able to detect and block Play Store apps that take advantage of it. So a good place to start would be to avoid downloading Android apps from anywhere other than the Play Store unless you know and trust the source. And hope that Google finds a way to close this security loophole soon.

Source: This article was published on inc.com by Minda Zetlin

Categorized in Internet Privacy

Hiring a hacker could reveal security flaws in your organisation.

The global cost of cybercrime could reach £4.9 trillion annually by 2021, according to a recent report from Cybersecurity Ventures. Cyber crime incidents continue to plague organisations globally, even as businesses pour money into boosting their security. 

But how do businesses deal with vulnerabilities they cannot identify? It only takes one smart hacker to discover a backdoor and get access to your sensitive data and systems. 

Organisations must identify the weaknesses in their cyber security, before -- not after -- they’re exploited by hackers. However, to beat a hacker you’ll need to think like one. Here’s how -- and why -- you should hire a hacker in 2017.

 

The stakes have never been so high 

State sponsored hacking wreaked havoc in 2016 when Yahoo revealed that 1billion accounts were compromised in the largest data breach in history. And as cyber crime becomes increasingly advanced, the threat hackers pose to businesses will only increase. 

Leave your organisation open to a data breach and it could cost you a massive £4.25m (on average). And that’s without considering the painful remediation and brand damage you’ll be subject to as a result. 

These attacks aren’t restricted to huge multinationals, the latest Government Security Breaches Survey found that 74% of small organisations reported a security breach in the past year. 

For any organisation, a security flaw passing undetected is a huge risk, and when GDPR hits in 2018 the stakes will only increase.    

The EU General Data Protection Regulation will come into force in 2018 and will govern how businesses handle customer data. Compliance won’t be easy, and the risk of non-compliance is massive, with potential £17million fines.

  

Big businesses aren’t safe from this, and they’ll need to boost their data security to ensure compliance. Tesco were recently lucky to escape a £1.9bn fine for a recent data breach. 

How hackers will boost your cyber security 

Not every hacker wants to attack your business and leak your sensitive data. There are hackers out there who are paid to protect, not provoke. 

Known as ‘white hat’ or ‘ethical hackers’, these security professionals strive to defend organisations from cyber criminals.   

They’re not your conventional dark web lurking delinquents. Ethical hackers are IT security experts -- trained in hacking techniques and tools -- hired to identify security vulnerabilities in computer systems and networks.   

According to ITJobsWatch, the average salary for an ethical hacker is £62,500. Considering the average cost of a data breach sits at £4.23m, that’s a small price to pay.  

Businesses and government organisations serious about IT security hire ethical hackers to probe and secure their networks, applications, and computer systems. 

But, unlike malicious ‘black hat’ hackers, ethical hackers will document your vulnerabilities and provide you with the knowledge you need to fix them.  

Organisations hire ethical hackers to conduct penetration tests - safe attacks on your computer systems designed to detect vulnerabilities.   

To test their security, businesses often set goals or win states for penetration tests. This could include manipulating a customer record on your database, or getting access to an admin account –potentially disastrous situations if they were achieved by malicious hackers. 

Ethical hackers leverage the same techniques and tools used by hackers. They might con employees over email, scan your network for vulnerabilities or barrage your servers with a crippling DDoS attack.   

But instead of exploiting your business, ethical hackers will document security flaws and you’ll get actionable insight into how they can be fixed. It’s your responsibility to act on the ethical hacker’s guidance - this is where the hard work begins. 

Without these harmless penetration tests security holes remain unseen, leaving your organisation in a position that a malicious hacker could exploit.   

Not your typical dark web delinquents 

Thankfully, the days of hiring underground hackers and bartering with bitcoins are over. There’s now a rich pool of qualified security professionals to choose from, complete with formal ethical hacking certifications.   

Ethical hackers, or penetration testers, can be hired just like any other professional, but be certain to get tangible proof of your ethical hacker’s skills.   

Ethical hackers, or penetration testers, can be hired just like any other professional, but be certain to get tangible proof of your ethical hacker’s skills. 

Candidates with the CEH certification have proved they know how to use a wide range of hacking techniques and tools.     

What’s more, CEH certified professionals must submit to a criminal background check. These experts are committed to their profession and do not use their hacking knowledge maliciously. 

Despite the relative youth of the ethical hacking field, these professionals have already proved their worth to some of the largest businesses in the world. 

This year Facebook awarded a white hat hacker £32000 -- its largest ever bounty -- for reporting one ‘remote code execution flaw’ in their servers.   

That’s not the first time Facebook have paid out either. They’ve long supported the efficacy of bug bounties, having paid more than £4 million to ethical hackers since it’s program debuted in 2011. 

How to hire a hacker (legally) 

It’s important to understand what you actually want from your ethical hacker. Do this by creating a clear statement of expectations, provided by the organisation or an external auditor. 

Ethical hackers shouldn’t be hired to provide a broad overview of your policies, these professionals  are specialised experts with a deep knowledge of IT security. Instead, ask specific questions like “Do we need to review our web app security?” or “Do our systems require an external penetration test?” 

Before hiring an ethical hacker to conduct a penetration test, businesses should ensure an inventory of systems, people and information is on-hand.   

Instead of hiring, many organisations develop ethical hacking skills in their own businesses by up-skilling team members through ethical hacking courses, like EC-Council’s CEH or the more advanced ECSA.   

Your staff will get the skills they need to conduct ethical hacking activities on your own businesses, finding and fixing security flaws that only a hacker could find.   

Secure your business now 

Complex threats -- like rapid IoT expansion -- are set to dominate 2017. To defend your organisation in 2016, you’ll need to think like a hacker. 

Source : itproportal.com

Categorized in Internet Privacy
Page 1 of 2

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.
Please wait

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Newsletter Subscription

Receive Great tips via email, enter your email to Subscribe.
Please wait

Follow Us on Social Media

Book Your Seat for Webinar GET FREE REGISTRATION FOR MEMBERS ONLY      Register Now