Category Archives: Uncategorized

Hacked at Sea: Concerns Grow Over Lax Cybersecurity for Ships, Ports

With a combined 45 years in IT security, Adsero’s principals have seen it all. There is no problem we can’t solve. By land or sea, we always have your back. Check out what happens when you are hacked at sea,

As hacking risks grow and maritime operations become more digitally connected, experts in industry and government have long said no one is prepared. This summer was a wake-up call.

THE PORT OF New York and New Jersey is the largest port on the east coast of the United States, touted by officials as the “gateway to one of the most concentrated and affluent consumer markets in the world.” But for a few weeks last summer, the goods moving through one of its terminals slowed to a crawl because of a global cyber attack that originated 4,500 miles away.

“The delays were six to eight hours to pick up a container,” said Jeffrey Bader, chief executive of the trucking company Golden Carriers, recalling when a terminal in Elizabeth, New Jersey, switched to manual operations while its systems were down. “The line was many, many miles long. Trucks, trucks, trucks.”

The terminal’s operator, APM Terminals, is a subsidiary of the world’s largest container shipping company, A.P. Moller-Maersk Group. The company, which transports roughly 20 percent of the world’s cargo containers, was among the hardest hit by the NotPetya ransomware. NotPetya sprouted in hacked accounting software in Ukraine in late June, and by exploiting a weakness in Microsoft Windows operating systems, quickly went global as it infected corporate networks and locked down the data of contaminated computers. Hackers would usually restore access after a ransom payment is made, but NotPetya was engineered to cause chaos more than extort funds, cybersecurity experts say.

Maersk and many other global firms affected, such as FedEx and pharmaceutical giant Merck, were not specific targets of the attack, but that didn’t matter. In a “heroic effort” over 10 days, Maersk reinstalled 4,000 servers, 45,000 personal computers, and 2,500 applications, chairman Jim Hagemann Snabe said at the World Economic Forum meeting in Davos last month

Read more »

What your employees need to know about cybersecurity

An IT Security audit merely observes the status of your environment, and always requires follow-up to address the deficiencies the audit identified. Most firms don’t have the staff to effectively execute implementation and develop written policies to continually safeguard their businesses. That is where Adsero Security has demonstrated expertise. Adsero Security can teach your employees what they can do to be safe. Read on to learn some office basics to prevent cybersecurity issues.

f you are not educating your employees on cybersecurity best practices, you are missing the biggest opportunity for improvement in your cybersecurity profile.

Employees have business-need access to a lot of important data, and their ability to protect that data – or to inadvertently let it walk out the door of your organization – is vital.

Lack of education was at the heart of a number of incidents of a major security breach. You probably heard about the new human resources employee who got an email from the president of the organization asking for tax information on every employee, so that person sent them exactly as instructed.

The employee did not recognize the email came from a hacker impersonating the CEO, and there was a major security breach.

Entire business models are based on this kind of fraud. Let’s pretend I am going to build a site with the world’s best collection of cute pet pictures. I’ll give you the first 10 for free (and those 10 are the most adorable pictures you have ever seen), but to see more, you need to set up a username and password. The access is still free, though.

No big deal, right? Wrong. In this scenario, I own this website and I am a criminal, and my business model is to try to use the username and password you just entered at every major banking website, on all major email providers, on your company’s VPN portal, and anywhere else that I think you might have used the same username and password.

Read more »

Equifax, Strava, And Russian Facebook Ads: How To Hold Websites Accountable For Data Breach

Luckily, Adsero Security has the knowledge and experience to prevent data breaches from happening to your organization. You will sleep better at night with Adsero on your side. Read on to see how security breaches happen to other people.

Pollution was the negative product of an industrialized economy. Misuse of Big Data is the new pollution—the negative artifact of a digital economy. And it is occurring with increasing frequency. Strava, a fitness app, may have weakened the U.S. military by posting data that exposes the geographical location of users, many of whom are military personnel. Facebook may have weakened the U.S. democracy by showing ads purchased by foreign manipulators to swing voters. And Equifax may have weakened the U.S. financial security by exposing a large database of consumer finances to hackers.

One common thread running through these notorious cases of recent privacy breaches is the potential harm arising from tracking people. Strava, Facebook, and Equifax created phenomenal databases of people’s behavior. Each of these platforms uses the data for many good purposes, but they also, unintentionally and sometimes negligently, expose the data to harmful uses.

Another less noticed a common thread running through these cases of privacy breach is the social nature of the harm they caused. The injury from the exposed data was not always to the individual users being tracked and exposed. Rather, it is more akin to pollution: the injury arises from the aggregation of exposure and it is affecting many others.

Take Strava’s case. The extraction of publicly-shared location tracking data from Strava and using it to map out military locations does not specifically harm the individuals being tracked, but rather the military interests. It is only by clustering many individuals that a meta-picture about the concentrated military activity can emerge. The injury is labeled “privacy” breach, but the informational harm here is distinctly social, not private. Read more »

War room to boardroom: The new era of cybersecurity

The audit is one step in the process. Once the risks have been identified have been addressed, IT Security policy written, risk management standards set and people trained, you can feel confident that probability of a breach has been significantly reduced. Read on to learn how pertinent this is even from a national security perspective.

Facebook’s hire of its first-ever head of cybersecurity policy is recognition that protecting corporations from foreign hacking is an increasingly serious matter. Sophisticated cyber threats presented by state-sponsored actors have long challenged sensitive United States government computer networks. What’s new — as Facebook’s move indicates — is that these complex state-sponsored cyber attacks are now also threatening America’s leading companies to a larger extent than ever.

The resources, skill, and complexity posed by hackers managed by Russian intelligence agencies, for instance, far surpass the motivations and abilities of typical cybercriminals. In this new era, U.S. companies must bolster their defenses and leverage advanced cyber tools designed to stop state-sponsored attacks. The mounting threat against American commerce — the bread and butter of America — must be addressed. It’s not business as usual anymore.

While Russia is not the only state engaging in these activities, its cyber operations are relatively known. Unable to dominate in conventional military terms, Russia views cyber operations as an affordable way to disrupt its adversaries. As part of this effort, Russia has increasingly targeted civil and commercial computer networks. This includes measures to cripple critical infrastructure, financial networks, and internet services and capture proprietary data or sensitive communications, such as a CEO’s emails. While working at the Pentagon, I saw firsthand how Russia tested these capabilities in Ukraine as major coordinated cyber intrusions shut down power grids, interrupted television broadcasts and generally disrupted commerce. Ukrainian President Petro Poreshenko stated that in the space of two months in 2016 alone, 6,500 cyber attacks were conducted against government, critical infrastructure and industrial targets. Read more »

Top 7 Cyber Security Threats of 2018

Clients come to us to solve real-world security problems, not to just check the boxes. At Adsero Security, our job is to make sure you are secure. This is why it is imperative for you to be aware of the threats that could make an impact on your organization. Read on to discover more.

Cyber crime is quickly becoming one of the greatest threats to businesses, government institutions and individuals. This year alone, victims of one type, ransomware, lost $5 billion dollars according to Cybersecurity Ventures research.

In the world of the dark web, 2017 is defined by devastating cyber attacks like the Equifax breach, and that type of impact is something Cyber Security expert Steve Weisman, with Bentley University,predicted both last year.

Here are his Top 7 Cyber Security Threats for 2018:

1. Health Insurance Hacks

“Medical identity theft is the most serious form of ID theft both personally and financially, it’s the only form of Identity theft that can actually kill you and it’s getting worse,” said Weisman.

He says the 145 million involved in the Equifax breach are especially at risk, since their social security numbers may have been compromised. Also, Medicare is still a year away from giving all people new cards with ID numbers not tied to their SS#.

2. Cryptocurrency Scams
This one affects investors, specifically those interested in currency.

“I think scams involving cryptocurrency such as bitcoin are going to be the biggest scams of 2018,” said Weisman.

He says many of the offerings are bogus, but scammers use social media to create hype.

3. Ransomware Spike

To prevent your computer from getting hijacked avoid clicking on unknown links, keep security software up to date, and back-up everything on an external hard drive.

4. Foreign Cyber Attacks on Banks

“A cyber war with North Korea is certainly something that’s not out of the question,” said Weisman. Read more »

Cyber security expert explains what to do if your email is hacked

Our job to make sure you are secure. Hackers do not discriminate and will hack any account. Anyone can be at risk,  Read on to discover how and why emails are hacked.

YOUNGSTOWN, Ohio (WYTV) – It’s a question many people have, “Am I at risk for hacking?” One local cyber security expert says everyone has some sort of risk because hackers do not discriminate.

Computer hackers will target big businesses, small businesses and individual people.

“It’s a game like Russian Roulette, we’re gonna keep trying every single place. They can do thousands at a time,” said Cyber Express Manager David Stanley.

You can have virus protection on your computer or take precautions with your passwords, but Stanley says emails are the easiest things to spoof.

“We can actually use your email address and send out emails under your own name and it looks just like you,” he said.

Since many hackers are outside of the U.S., the justice system has no legal ability to arrest them once they’ve scammed.

“A lot of businesses don’t take steps in preventing it, they rely on their IT people,” Stanley said.

While there’s no foolproof way to protect your email, Stanley says there are signs to look for in other people’s emails that you receive, things like strange links or grammatical errors.

“Click on the actual email address behind it and make sure it says ‘davidstanley@gmail.com’ or whatever their email is,” Stanley said.

If you find out your email account has been hacked, Stanley says to change your password and email all of your contacts to a different provider.

Once you’ve taken those steps, you can file a complaint with the Federal Trade Commission. This keeps them in the loop of websites or hackers that are scamming people.

To read more, http://wytv.com/2018/01/26/cyber-security-expert-explains-what-to-do-if-your-email-is-hacked/

Healthcare Data Breaches: 4 Tips for Healthcare Execs

With a combined 45 years in IT security, Adsero’s principals have seen it all. There is no problem that we can’t solve. This includes maintaining a safe cyber network for hospitals. Read on to discover why this is so pertinent.

Despite the fact that healthcare hacking was rampant in 2017, only one in five healthcare professionals—registered nurses (RNs) and health administrators—say they have experienced patient data breaches.

According to the University of Phoenix College of Health Professions survey findings, 20% of RNs and 19% of health administrators said their facility has experienced a breach of patient data, and just as many responded that they didn’t know if their facility has experienced a data breach.

University of Phoenix College of Health Professions surveyed 504 U.S. adults working full time in healthcare as either registered nurses or administrative staff who have worked in their position for at least two years.

Other findings include:

·       Despite record-breaking cybersecurity issues in the healthcare industry in 2017, 48% of RNs and 57% of administrative staff said they are “very confident” in their facility’s ability to protect patient data against potential theft.

·       Additionally, when asked where they have seen the most changes occur in the industry over the last year, including quality of care, safety, digital health records, prevention, and population health, only 25% of RNs and 40% of administrative staff cite data security and privacy.

·       About eight in 10 RNs (79%) and administrative staff (77%) think big data is important to their jobs; however, about two in three RNs (65%) and over half of administrative staff (55%) have never received training on it.

·       More than three in five RNs (64%) and administrative staff (62%) say their facility has invested in electronic medical records in the past year.

   Both groups said their organizations are taking the following steps to ensure patient data is protected:

o   Updated privacy and access policies (69% of administrative staff, 67% of RNs).

o   Role-based access (60% of administrative staff, 59% of RNs).

o   Data surveillance (55% of administrative staff, 56% of RNs).

“The results show that there is a disconnect between the level of confidence that healthcare professionals have in their organization’s ability to prevent data breaches and the reality of today’s cybersecurity landscape,” says Doris Savron, executive dean for the Colleges of Health Professions at the University of Phoenix.

Read more »

Facebook to roll out global privacy settings hub — thanks to GDPR

Adsero Security is unique in the IT security industry. Integrity, honesty, and fairness are the core of who we are. We also like to highlight businesses that enforce this same model. Facebook is making some changes to its privacy setting so that its users will be safer. We applaud that action.  Read on to find out more.

Facebook COO Sheryl Sandberg has said major privacy changes are coming to the platform later this year, as it prepares to comply with the European Union’s incoming data protection regulation.

Speaking at a Facebook event in Brussels yesterday, she said the company will be “rolling out a new privacy center globally that will put the core privacy settings for Facebook in one place and make it much easier for people to manage their data” (via Reuters).

Last year the company told us it had assembled “the largest cross-functional team” in the history of its family of companies to support General Data Protection Regulation (aka GDPR) compliance.

From May 25 this year, the updated privacy framework will apply across the 28 Member State bloc — and any multinationals processing European citizens’ personal data will need to ensure they are compliant. Not least because the regulation includes beefed-up liabilities for companies that fail to meet its standards. Under GDPR, penalties can scale as large as 4% of a company’s global turnover.

In Facebook’s case, based on its 2016 full-year revenue, the new rules mean it could be facing fines that exceed a billion dollars — giving the company a rather more sizable incentive to ensure it meets the EU’s privacy standards and isn’t found to be playing fast and loose with users’ data.

Sandberg said the incoming changes will give the company “a very good foundation to meet all the requirements of the GDPR and to spur us on to continue investing in products and in educational tools to protect privacy”.

“Our apps have long been focused on giving people transparency and control,” she also remarked — a claim that any long-time Facebook user might laugh at rather long and hard. Read more »

The New Rules Of Cybersecurity

We are solutions, builders who provide comprehensive, complete IT security management programs. In an IT security solutions initiative involving many vendors, we are the project managers who pull it all together and make sure it works as planned- for the long term. This is a needed service in today’s times where threats lurk around every corner.

Read on to discover why these threats are so imminent,

The man who built the U.S. Army’s cyber command says online threats are going get worse before they get better. But that doesn’t mean leaders are powerless. To win, focus on your culture and your people to create a sense of urgency to protect what you value and ensure you’re ready for the threats focused on you. Some hard-learned lessons from the war for cyberspace.

My 37-year career in the U.S. Army spanned the digital revolution we continue to experience today. From being assigned to the Army’s first digitized division to leading the army’s human resources command during a time of war, to creating, in 2010, a global command with 17,000 cyber professionals charged to not only conduct defensive operations, but when directed, to be able to do offensive operations, I witnessed and helped lead the transformation of our military into a new age.

Over that time, the ability of cyber threats to try to take advantage or limit America’s ability to conduct uninterrupted operations—both militarily, and commercially—increased dramatically. Yet, until recently, many leaders assumed that, despite the occasional interruption, these adversaries would not have the ability to seriously interrupt operations. We took our freedom to operate in cyberspace for granted. That assumption is no longer true. There is a growing threat from sophisticated cybercriminal networks and individual actors that might have a political cause or something that they want to try to impact through cyberspace. Most significant are the growing cyber threats from nation-state actors—especially Russia, China, Iran and North Korea—that have the potential to commit not only cybercrime or espionage but launch disruptive and potentially destructive attacks. Read more »

4 lessons for businesses on South Africa’s biggest data breach

“Some of our business is reactive, which is unfortunate. Smart clients come to us before their exposure evolves into trouble. We urge you to be proactive.”- Cody Wray, Co-Managing Partner, Adsero Security. Cyber Security is a global issue. Read on discover what could have prevented this massive data breach.

While massive data breaches are associated with international companies such as Ashley Madisonor LinkedIn, South Africa is no stranger to customer data being released into the public domain by cybercriminals.

In fact, it was in October 2017 when security expert Troy Hunt stumbled across the largest data breach in South African history.

The personal data of millions of South Africans was compromised when a database backup file titled “masterdeeds.sql” was leaked publicly online. The data contained millions upon millions of ID numbers, as well as contact details, addresses and income of certain individuals. It’s rumoured that even President Jacob Zuma’s cellphone number was available in the data.

This data had been publicly available for over seven months — an alarming amount of time for the leak to go undetected.

With over 60-million unique ID numbers (more than the country’s population) available in the file, it’s likely that the majority of South Africans were affected. Even certain deceased citizens had their information exposed.

Dracore Data Sciences was identified as the possible source the information, which was collected and then made available to clients. However, while they may have collected the information, it was not through their servers that the data was leaked. Rather, the data was leaked from the servers of property company Jigsaw Holdings.

The seriousness of the situation is evident from the launch of Home Affairs and Hawks investigations into the breach.

So what can other companies learn from this breach to ensure they don’t find themselves in a similar situation? Read more »