Interesting and important security stories
and tips to be shared.
WEB PAGE   l   ABOUT US   l   CONTACT US   l   ARCHIVES   l   SUBSCRIBE   l   BLOG 
Feature Story:
 
If you're keen to use all the cool new gadgets that are coming on the market, but are wondering how you can protect your network from their inevitable vulnerabilities, I have a suggestion for you: Three Dumb Routers.

First, I'll explain, in simple terms, what it takes to set this configuration up, and then I'll try to briefly explain why it is a good approach to protecting your network from the Internet of Things, assuming you really have your heart set on playing with these things, or at least showing them off.

Read More...
Data Breach Story:
The security fairy isn't going to close your open vulnerabilities for you

If you have a feeling you should one day do some kind of check to see if you have anything from your network exposed on the Internet, you're probably right. In fact, nobody else - including the security fairy - is going to do it for you. This goes for both home networks and businesses, although it's probably a little more likely that employees of businesses may have installed things with severe vulnerabilities that management or the IT group doesn't know about than people at home. But it does happen everywhere.

In a recently documented case, the simple exposure of printer ports to the Internet led to a white supremacist being able to send racist messages to be printed on thousands of exposed printers over the Internet.
Data Breach Stats: 70-90 percent of malware attacks on businesses are unique to the organization

If you're wondering why malware is still such a problem for security software companies to detect, it seems to be because attackers literally change the signature for almost every organization they target with malicious code. It doesn't mean they have to build it from scratch, though. They only have to change it enough to make it look different to the scanning software.

Here are a couple of other interesting things about the state of enterprise data breaches that I learned from the 2015 Verizon Data Breach Investigations Report.
IT Managers:
Hospital ransomware attacks are just a stepping stone to your industry

This week, hospital chain Medstar Health in Washington, D.C. was hit with a crippling ransomware attack that encrypted file systems on computers throughout the organization's network.

This is the third such case I've heard of in the past month, and the trend seems to be increasing within the healthcare industry, with hospitals being common victims. The outage costs for MedStar are thought to be about $1 million per day, yet the ransom being asked to decrypt all of the organization's files is less than $20,000.

Why are all these hospitals being hit with ransomware?
Terminology:

Router

While you may not care much about the technical details of your home network, or even your office network, routers are things you're going to hear more about in the future.  A router, in most home networks, at least, is what provides the first layer of protection for your computers, printers and other smart home devices from many types of attacks and threats on the Internet. It's like the front door lock on your house.
 
Routers are usually set up to enable devices on the "inside" of your network to communicate with each other, and even to communicate with websites and servers around the world via the Internet, but only when the communication is initiated from the "inside".  When configured for home use, almost all routers have a special feature called NAT that prevents most external computers or devices from reaching the computers on the inside of your network directly.
 
So, if you hear about a security vulnerability in a certain brand of router, and if you have that type of router, it could be a very important thing for you to look into. 
 
Shared Security Podcast:
Episode 52 - Creepy New Social Network, Phishing Dangers, Ransomware

This is the 52nd episode of the Shared Security Podcast sponsored by Security Perspectives - Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston and Scott Wright. This episode was recorded March 9, 2016.

Topics we cover in this episode include:


Scott's Update

This was a shorter version of the newsletter than usual, due to the fact that March is the year-end for many of my consulting clients, and things have been extremely busy. Being busy is a good thing in my business!

But I'm looking forward to a little bit of a break in April.

You should be able to find all of the above articles on my Security Views Blog.

Finally, if you know of anyone who might benefit from receiving this newsletter, I'd appreciate it very much if you would pass it on to them, and invite them to subscribe. You can always subscribe by clicking HERE.

Sincerely,

Scott Wright
The Streetwise Security Coach
STAY CONNECTED BY FOLLOWING OR CONNECTING WITH ME:

Security Perspectives Inc. | 2720-104 Queensview Dr. | Ottawa | Ontario | K2B 1A5 | Canada