Threats Archives - BAI Security

Big Data

TOP CYBER SECURITY THREATS AND TRENDS FOR 2015

Predicting the future is easy – take a long look at what’s happening now and hit the mental fast forward button. But in 2015 the rewind button will be equally useful. We don’t have a fail-proof crystal ball but we suspect that old-school style hacktivisim will share the headlines with emerging threats against devices and virtual payment systems. And we think this might be the year when hackers and data scientists will wage their own personal war, with both sides using Big Data as their weapon of choice. Read on for the details and more of our predictions. Data Destruction Look for an increase in malware that extracts information and then destroys the systems that housed the data. This capability could be

BAI Security December 4, 2014

Computer Security

LIVE EXPERIMENT DEMONSTRATES DISREGARD FOR BANK SECURITY POLICY

An experiment carried out within London’s financial district has demonstrated what security experts have been saying for years: employees – even those working with ultra-sensitive financial data – are unaware of or are far too loose with basic security practices. In the experiment, Flash Drives were handed out to commuters as they entered the city. Recipients were told the disks contained a special Valentine’s Day promotion. In reality, though, the Flash Drive contained nothing more than code that informed the company performing the experiment how many of the recipients had tried to use the Flash Drive. Among those who were duped were employees of a major retail bank and two global insurers. Clear warning Making these results even more ridiculous, the Flash

BAI Security November 20, 2012

Assessment

ARE YOUR EMPLOYEES GIVING AWAY CONFIDENTIAL SECURITY INFORMATION?

A man calls the receptionist at a competitors company and asks for the name of the Sales Manager. The receptionist says the person you are looking for is Bob Jones. Later, the man calls back to the same company and says he needs to speak with the IT helpdesk. When the helpdesk operator answers the man says “Hi, my name is Bob Jones and I seem to have forgotten my new password. I am on my way to an important meeting can you reset it right away?” In an effort to help the user regain access to the system, the helpdesk operator resets the password and tells the man the new password. The man then accesses the employee area of

BAI Security October 23, 2012

Banks Take Action

WARNING: LARGE BANKS FACE DOS THREATS – SMALL BANKS TAKE ACTION

When the Financial Services – Information Sharing and Analysis Center (FS-ISAC) raises its threat level from “elevated” to “high”, banks need to take action. The combination of the recently publicized rise in cyber-attacks against financial institutions and the number of institutions increasingly vulnerable make this a time for action. While the headlines are focusing on Denial-of-Service (DoS), the most common and serious hacking schemes involve remote access, keyloggers, and more generalized Trojan software. The foundation for many of these threats that result in a successful compromise often relate directly to the underlying weaknesses (i.e., vulnerabilities) in operating systems and applications. Hackers and organized cyber criminals using techniques like phishing, webpage redirection, and other common social engineering tactics are taking advantage

BAI Security October 16, 2012

Assessment Tool

4 TECH TIPS FOR ORGANIZATIONS PLANNING A MERGER

Mergers, Acquisitions and Divestitures require special handling when bringing together two distinct organizations or separating a business from the remaining IT infrastructure. The technical environment can be rife with unsecure access points, un-patched servers, and incorrectly configured firewall settings. Information on the acquired company technical environment may be non-existent or incomplete and depending on the nature of the merger, it may be difficult to work with people during the transition. The idea of bringing together two organizations under one leadership requires understanding the risks. This risk analysis requires multiple tasks to uncover any underlying vulnerabilities in the architecture. So where do you start to untangle the colliding technical environments? 1. Vulnerability Scanning 2. Firewalls 3. Remote Access 4. Compliance Audits We

BAI Security October 31, 2012