Internet Security has never been more important. Trend Micro recently predicted that targeted attack campaigns would increase in 2015, as part of its annual security predictions report. Trend Micro outlined how targeted attacks are increasingly originating not just from China and Russia but also Vietnam, India, and the United Kingdom. Targeted attacks are already broader than just the countries that we typically think of. Everyone is a target, including you and your company. Too often, we have the pre-notion that it wouldn’t happen to me.
IT security threats are a key concern for business and for 2014 in Singapore, two of the more noteworthy attacks/breaches had been on Kbox and Government portals. The motivations behind these campaigns include obtaining financial information, personal data, and classified government data.
Overall 2015 promises to be a year that will test defenders as we see an ever expanding world of threats and attacks. Threats are growing in many different areas, in particular, social media and mobile devices. With the increasing nature of Bring Your Own Devices (BYOD), cybercriminals can look towards exploiting personal devices, through rogue applications or other device vulnerabilities. Social media is another concern area due to the easy access to personal information which would increase susceptibility of individuals to social engineering. All these will pose a challenge for IT security and network teams.
“What we are seeing today is not a huge surprise. Cybercriminals have increased their velocity and the brutal measures they use to steal information. Users should expect that at least one of their accounts, whether on web services or online portals, will be compromised.”
– Dhanya Thakkar, Managing Director, Asia Pacific, Trend Micro.
A chilling statement indeed and an organisation’s security is often made vulnerable at these individual links. For businesses, Trend Micro alongside cyber threat monitoring service provider e-Cop and security service distributor M.Tech announced the launch of Custom Defence-as-a-Service to help enterprises in this area. The service combines hardware, software, and monitoring to help enterprises detect, analyse and respond to targeted attacks. Key advantages are an OPEX financing model, comprehensive protection and improved visibility of attacks.
What about for individuals?
Over last year, we have seen data breaches at massive organisations, e.g. Target, eBay and local companies such as Kbox were not spared. It has become increasingly clear that the question to ask is no longer would I be breached but rather when would I be breached. Breaches are bound to occur and with so much of our data resting with so many varied providers, the ability to isolate the impact is extremely crucial. One of the most common flaw is using the same password for multiple sites. Convenient, I know but yet extremely dangerous. When one site is breached, it immediately put at risk or your other services.
There’s a couple of options – such as LastPass or KeePass. Alternatively, there’s also open-source options. This is an open-source app that I tweak and am currently using (DiffPass – lets you create different passwords for different sites easily) It was customised from Labnol Secure Passwords. It uses the open source bcrypt algorithm. It’s a standalone HTML file, so you can save it and run it either offline or online from your phone or computer. You only have to remember the master key (pass phrase) and DiffPass will generate unique passwords that is varied based on the site name. So if one site ever gets compromised, the rest of your data is still secure.