Super-Malware has become intense, more common
You already know about malware and you’ve learned not to click stupid links, but your company is vulnerable in more ways than just simple viruses sent over emails, with threats coming from new and increasingly intelligent sources.
To help us better navigate these vulnerabilities for every company (even a one person operation), we tapped the wisdom of Maddie Grant, who outlines below the rise of the Super-Malware:
Threats outpace the rise of awareness
Over the last few years the volume and intensity of malicious web security attacks has grown dramatically, thanks mainly to greater access to high-powered distributed systems and automation; and exploit kits that make execution and distribution simpler for cybercriminals. The strength of attacks is daunting and though the internet community is growing more aware of general risks, the threats seem to outpace it. 2013 is dubbed the year of the mega breach, where we witnessed 253 major breaches that exposed 552 Million identities including credit card data, addresses, passwords and other personal information. This was a 62% increase over 2012 (according to Symantec).
Website vulnerability has been a very attractive starting point for cybercriminals to inject and launch their attacks. Symantec’s state of web security report reveals that 77% of the websites they researched had exploitable vulnerabilities and 1-in-8 was critical. With unchecked access to websites, cyber-criminals are left to roam free executing zero-day exploits that covertly infiltrate to not only steal data but also cripple legitimate networks.
The battle to protect your website and guarantee availability for your clients and other site visitors is a critical area of focus for your company. Depending on the reach and scope of your business and the number of clients being served, a data breach can easily cost you upwards of $5.4 Million. Thankfully, it costs significantly less to protect your web assets.
The Types of Attacks & Risk to your Business
Protecting your website and networks requires input and insight for all aspects of the services you’re providing both to clients and internally. If you’re primarily delivering a service online via a software-as-a-service model, you may be inclined to focus solely on making your web application secure at the code level; ignoring the establishment of internal network usage policies and other types of gateway level protection that will help mitigate denial of service attacks, for example.
Complete security requires an approach that not includes your developers, but IT staff, your web host and other security service providers and resources serving the application, network and human layers.
Some of the most common application layer threats are typically directed towards compromising private user data for the sake of financial gain. Through the injection of code to pull data and trick users into sharing private information cybercriminals gain access.
Examples of the most attacks include:
- Cross-Site Scripting (XSS)
- Injection Flaws
- Malicious File Execution
- Insecure Direct Object Reference
- Cross Site Request Forgery (CSRF)
- Broken Authentication and Session Management
- Insecure Cryptographic Storage
- Insecure Communications
- Failure to Restrict URL Access
While other attacks like distributed denial of service attacks (DDos) are designed to completely cripple your business’ ability to serve clients and access critical network assets. These are simply meant to hemorrhage and take your business down causing unimaginable and sometimes irreparable damage.
For these types of attacks, you certainly cannot rely on your web server host for protection. And investing in the physical infrastructure and staff to manage, implement and monitor mitigation appliances and services will definitely put a dent in your cashflow.
DDos Could be the Greatest Threat
DDos works by overloading and flooding network servers with data packets and requests to the extent where the server is unable to respond; therefore, taking down the network. DDos attacks have grown more sophisticated with packet floods growing larger, maxing out at around 100 Gbps. In a six-month campaign against U.S. banks, for which a group of alleged Muslim hacktivists claimed credit, the volume of attack traffic regularly surpassed 30 Gbps – throughput rarely seen a decade ago. The 1st quarter of 2014 saw a 240% increase in botnet activity.
Attackers also have targeted other parts of the network infrastructure. Corporate domain name service servers are a common target, and in this case, customers can no longer access a company’s service. Under these attacks, the number of data center capacity a company has is irrelevant as the requests will never reach the data center. Network availability is a critical focal point for ensure business uptime and deliverability.
These attacks have evolved far beyond the capabilities of the typical in-house network security appliance that will inevitably face an overwhelmed network. The safest and most effective approach is through a hybrid approach from a security company which offers web application firewalls, CDNs, real-time monitoring and high-class network security appliances to detect and block unwanted traffic in the earliest possible instance.
You’re Not Alone in the Fight & Where to Start
Security companies offering a security-as-a-service model mean that your business is saved from investing in staff and infrastructure to acquire a world-class security system. For instance, the load balancing and failover service offered by Incapsula, is very affordable, starting from $19 per month. Incapsula offers an enterprise-grade cloud-based solution supporting all in-datacenter and cross-datacenter scenarios ensuring high availability and protecting against the most powerful DDos attacks, offers instant propagation and distribution algorithms that will guarantee routing to healthy servers.
First-class infrastructure coupled with real-time monitoring capabilities mean that you and Incapsula’s team are accountable for the health of all your network assets. This is very valuable in the case of zero-day attacks that do not have known fixes, giving you the resources and data to act quickly to prevent loss.
Making the decision to migrate the management and protection of your network assets to a security-as-a-service solution, may be the best investment you could make for ensuring reliable disaster recovery and threat mitigation. It’s a sure-fire way to keep your business on the cutting edge of web security as cybercriminals become more covert and powerful.
Google Maps will soon display traffic lights
(TECH NEWS) The addition of traffic light positions to Google Maps promises to boost navigation accuracy. Now you won’t run a light while looking at navigation.
At over 150 million monthly users, Google Maps’ value is not to be understated. With a new feature that shows traffic light positions rolling out to select devices and locations soon, one can expect that trend to continue.
A common issue with navigation via an app–especially when navigating solo–is a lack of precision that can lead to confusion, missed exits, potentially dangerous driving, and, worst of all, spilled coffee. By adding the location of traffic lights, Google Maps will improve both landmark recognition and automated navigation by providing drivers with more accessible information.
It’s worth noting a couple of arguing points, the first of which is the assertion that Google is starting from scratch on this feature. They aren’t. In fact, Japan-based Google Maps users have had access to traffic light positioning for years; Google is simply expanding the feature to include a larger number of cities and population density.
In a similar vein, Google also isn’t the first company to implement an ease-of-access feature such as this. Apple Maps has incorporated traffic light recognition since the release of iOS 13, and while its use is hit-or-miss (my iPhone 11 fails to pick up most traffic lights in my admittedly rural town of residence), the option to have Siri direct users to the nearest traffic light rather than saying “in 213.7 feet, turn left” is helpful.
That said, Apple Maps is a service which sees a little over 20 million monthly users–a far cry from Google Maps’ monthly base. For Google, accuracy and speed of updates will be paramount for a successful, routinely helpful launch.
At the time of this writing, Google plans to release the traffic light feature in New York, San Francisco, and a few other United States cities. The feature will be available on Android devices–sorry for now, Apple users–and will ideally expand to encompass most of the country if the initial release is successful.
It will be interesting to see how comprehensive Google’s coverage is and how quick the company is to adjust positioning of lights as cities do what cities do best. For now, if you have an Android device, keep an eye on your Maps app–good things are coming your way.
How Microsoft plans to upskill millions of workers during COVID-19
(TECH NEWS) Microsoft is providing affordable and accessible resources to upskill workers during the COVID-19 economy.
While the undeniable amount of job loss in the Unites States, thanks to COVID-19, may have lost some steam in the news, there are many people out of work and job searching. As of June 6, 2020, “Total nonfarm payroll employment rose by 4.8 million in June, and the unemployment rate declined to 11.1 percent, the U.S. Bureau of Labor Statistics reported today.”
This means many Americans are quietly pondering their next move. Some are freaking out over what their next place or type of employment will be, while others are taking a minute to pause and re-design their life’s path. Both may be hopeful that their career is aligning with their ultimate goals or ways in which they would prefer to live their life via professional pursuits and family preferences. There may be an optimistic outlook as well if they have been able to score interviews and feel some excitement about new opportunities amongst the angst and uncertainty.
However, as you may likely know, after a job loss, the job seeker has some extra time to think and this can be scary for some. They may catch themselves with extra worry or spinning in the what ifs? What if I don’t have the skills for the jobs in demand? What if I’m too old? What if they are not looking to hire someone with my credentials? What if I am unable to replace my salary?
Let’s look at the data when we cannot get out of our heads. What are jobs that are in demand and will be growing? According to VentureBeat and Microsoft, here are the top 10 jobs that are in demand and likely to grow over the next decade:
- Software developer
- Sales representative
- Project manager
- IT administrator
- Customer service specialist
- Digital marketing specialist
- IT support / help desk
- Data analyst
- Financial analyst
- Graphic designer
In tandem, Microsoft is providing access to “learning paths” and resources for users to develop skills for these jobs, which will be available from today until the end of March 2021, and includes a series of videos to help jobseekers start off on the right foot for each role. Microsoft will also connect more technical roles with other resources and tools, including its bot-powered GitHub Learning Lab where budding coders can practice new skills. And feeding into this, Microsoft said that it will join the dots through to qualifications, by offering “low-cost access” to industry-recognized Microsoft certifications “based on exams that demonstrate proficiency in Microsoft technologies,” Microsoft President Brad Smith said in a separate blog post.”
Venture Beat goes on to say that “Microsoft has announced a slew of new initiatives designed to open up access to new digital skills, including cash grants, providing access to data, affordable certifications for Microsoft products, and a new learning app baked directly into Microsoft Teams.”
Looks like those software developers aren’t going away and you can hate on sales all you want, but those are needed for companies to keep their doors open and sell their products or services.
It seems apparent that the tech giant is looking to make a positive impact and help upskill workers to be able to explore and gain the skills they need to pursue these available and growing job opportunities. They are utilizing the data available within the LinkedIn platform to provide insights on job postings, as well as pledged to support access to learning and non-profit organizations. Microsoft is also making smart moves to grow and expand in an area where they see some major growth opportunities (within the LinkedIn Learning platform and MS Teams). Microsoft CEO mentioned that we have seen a 2-year digital shift in about two months due to COVID-19.
However, this does pose a question – how long will it take for hiring managers to catch up on reviewing resumes of those that had to make a job switch and may not have the previous experience they typically look for when hiring? There is fair room for a discussion that those reviewing resumes will also need to be informed of the career shifts of candidates due to COVID-19 and may need to spend a little bit more time making sure they are not dismissed for looking to make a switch after their upskill experience.
There may also be some questions from employees if they do not feel they resonate with any of those jobs listed as growing over the next decade. We may see a spike in entrepreneurial activity and people setting out to create and design their own work-life harmony – especially if the remote work opportunities are only going to grow exponentially.
Study finds 1,000 phrases that accidentally activate smart speakers
(TECH GADGETS) Don’t worry about accidentally activating your nosy smart speakers… unless, of course, you utter one of these 1,000 innocuous phrases.
It’s safe to say that privacy concerns, especially in today’s digital era, are unquestionably valid. With new video recording technology making it easier to identify people at a glance (whether they like it or not) and concerns that your smart speakers are eavesdropping on you, it may feel like you’re bordering on slightly paranoid around modern technology.
After all, even though there have been cases of smart speakers picking up on intimate conversations, there’s absolutely no risk of them overhearing private things without your consent, right? Even though it’s been documented that these devices — including Cortana, Alexa, Siri, and Google Home — have listened in relationship spats, criminal activity, and even HIPAA-protected data, you’re totally in the clear.
Oh yeah. The thing is, everything that gets broadcast into your smart speaker? There’s a completely random chance that someone back at headquarters may decide to sift through it in order to improve AI learning.
And while most of the time these conversations are totally benign, it doesn’t change the fact that a complete stranger is getting an earful of your private life. In fact, these transmissions? Are actually completely admissible in court, as several murder cases have already demonstrated. Their key evidence was none other than poor Alexa herself.
But wait, wait. These smart speakers can only get your information if you activate them, and that requires you to clearly enunciate their names. Right? Um. Not exactly. Even though you may think that you need to speak crisply into the speaker to activate it, it turns out that these devices are highly sensitive to any suggestion that you might be talking to them. It’s almost like your dog when you even remotely glance at his bag of doggie treats in the corner: one crinkle and Fido comes running, begging for some kibble and ready to serve you.
It’s the same for your smart speakers. As it turns out, there are over a thousand words or phrases that can trigger your device and invite it to start recording your voice. These can range from the perfectly reasonable (Cortana hearing “Montana” and springing to attention) to the downright absurd (Alexa raising her hackles over the words “election” and “unacceptable”). Well, crap. Now what?
It’s no secret that someone is listening in on your conversations. That’s been clearly documented, researched, dissected, and even accepted at this point. However, if you thought that they’d only listen to it if you gave them implicit permission by activating your device (which, to be fair, should not even count as permission in the first place), you were wrong.
So what’s a privacy-loving person to do? Just suck it up and try to choose between the lesser of two evils? On one hand, yes, these smart speakers are super convenient and can make your life easier. On the other?
Well, if you’re a fan of your privacy, then perhaps these devices aren’t meant for you. At this point, you’ve got little recourse. These companies will continue to use your data, and there’s nothing stopping them from spying on you. That is, unless you prevent them from doing it in the first place.
If you want to keep your private conversations private, either unplug your smart speaker when you’re not using it, or don’t get one in the first place. Otherwise, you’ll continue to give your implied consent that you’re totes cool with them butting in on your personal life, and they’ll continue to be equally totes cool with using it without your permission.
Working from home could be permanent for many after COVID
Could TikTok soon be banned in the U.S for privacy breaching?
Clyde helps smaller brands to offer product protection programs
Will cash still be king after COVID-19?
Google Maps will soon display traffic lights
HEROES Act could increase unemployment stimulus benefits, add return to work bonus
A closer look at the HEROES act, and who stands to benefit the most
The White House pushes for $450 per week return to work bonus
Managing bipolar disorder and what I wish my employers understood
Google Glass didn’t succeed, but Apple’s AR glasses might
Anti-surveillance mask – creepy, ingenious, or potentially illegal?
Amy’s Ice Cream founder on Austin’s business risks and rewards #WhyAustin
Turns out a lot of people are in between introverted and extroverted
P. Terry’s founder on the booming economy in Austin #WhyAustin
Ladies and gentlemen, the U.S. National Anthem
Our Great Partners
news neatly in your inbox
Subscribe to our mailing list for news sent straight to your email inbox.
Thank you for subscribing.
Oh boy... Something went wrong.
Opinion Editorials2 weeks ago
What to do when you can’t find your passion and you’re feeling lost
Opinion Editorials5 days ago
The truth about unemployment from someone who’s been through it
Business News2 weeks ago
New company beats Amazon with next morning delivery?
Opinion Editorials2 weeks ago
Idea: Color-coded face masks as the new social contract to combat COVID-19
Business News2 weeks ago
International start up turns LinkedIn profiles into resumes
Business Marketing2 weeks ago
Stand out with video as part of your resume (but be careful)
Opinion Editorials2 weeks ago
Women-owned businesses make up 42% of all businesses – heck yeah!
Business News2 weeks ago
Google offers ample support for work from home employees