Super-Malware has become intense, more common
You already know about malware and you’ve learned not to click stupid links, but your company is vulnerable in more ways than just simple viruses sent over emails, with threats coming from new and increasingly intelligent sources.
To help us better navigate these vulnerabilities for every company (even a one person operation), we tapped the wisdom of Maddie Grant, who outlines below the rise of the Super-Malware:
Threats outpace the rise of awareness
Over the last few years the volume and intensity of malicious web security attacks has grown dramatically, thanks mainly to greater access to high-powered distributed systems and automation; and exploit kits that make execution and distribution simpler for cybercriminals. The strength of attacks is daunting and though the internet community is growing more aware of general risks, the threats seem to outpace it. 2013 is dubbed the year of the mega breach, where we witnessed 253 major breaches that exposed 552 Million identities including credit card data, addresses, passwords and other personal information. This was a 62% increase over 2012 (according to Symantec).
Website vulnerability has been a very attractive starting point for cybercriminals to inject and launch their attacks. Symantec’s state of web security report reveals that 77% of the websites they researched had exploitable vulnerabilities and 1-in-8 was critical. With unchecked access to websites, cyber-criminals are left to roam free executing zero-day exploits that covertly infiltrate to not only steal data but also cripple legitimate networks.
The battle to protect your website and guarantee availability for your clients and other site visitors is a critical area of focus for your company. Depending on the reach and scope of your business and the number of clients being served, a data breach can easily cost you upwards of $5.4 Million. Thankfully, it costs significantly less to protect your web assets.
The Types of Attacks & Risk to your Business
Protecting your website and networks requires input and insight for all aspects of the services you’re providing both to clients and internally. If you’re primarily delivering a service online via a software-as-a-service model, you may be inclined to focus solely on making your web application secure at the code level; ignoring the establishment of internal network usage policies and other types of gateway level protection that will help mitigate denial of service attacks, for example.
Complete security requires an approach that not includes your developers, but IT staff, your web host and other security service providers and resources serving the application, network and human layers.
Some of the most common application layer threats are typically directed towards compromising private user data for the sake of financial gain. Through the injection of code to pull data and trick users into sharing private information cybercriminals gain access.
Examples of the most attacks include:
- Cross-Site Scripting (XSS)
- Injection Flaws
- Malicious File Execution
- Insecure Direct Object Reference
- Cross Site Request Forgery (CSRF)
- Broken Authentication and Session Management
- Insecure Cryptographic Storage
- Insecure Communications
- Failure to Restrict URL Access
While other attacks like distributed denial of service attacks (DDos) are designed to completely cripple your business’ ability to serve clients and access critical network assets. These are simply meant to hemorrhage and take your business down causing unimaginable and sometimes irreparable damage.
For these types of attacks, you certainly cannot rely on your web server host for protection. And investing in the physical infrastructure and staff to manage, implement and monitor mitigation appliances and services will definitely put a dent in your cashflow.
DDos Could be the Greatest Threat
DDos works by overloading and flooding network servers with data packets and requests to the extent where the server is unable to respond; therefore, taking down the network. DDos attacks have grown more sophisticated with packet floods growing larger, maxing out at around 100 Gbps. In a six-month campaign against U.S. banks, for which a group of alleged Muslim hacktivists claimed credit, the volume of attack traffic regularly surpassed 30 Gbps – throughput rarely seen a decade ago. The 1st quarter of 2014 saw a 240% increase in botnet activity.
Attackers also have targeted other parts of the network infrastructure. Corporate domain name service servers are a common target, and in this case, customers can no longer access a company’s service. Under these attacks, the number of data center capacity a company has is irrelevant as the requests will never reach the data center. Network availability is a critical focal point for ensure business uptime and deliverability.
These attacks have evolved far beyond the capabilities of the typical in-house network security appliance that will inevitably face an overwhelmed network. The safest and most effective approach is through a hybrid approach from a security company which offers web application firewalls, CDNs, real-time monitoring and high-class network security appliances to detect and block unwanted traffic in the earliest possible instance.
You’re Not Alone in the Fight & Where to Start
Security companies offering a security-as-a-service model mean that your business is saved from investing in staff and infrastructure to acquire a world-class security system. For instance, the load balancing and failover service offered by Incapsula, is very affordable, starting from $19 per month. Incapsula offers an enterprise-grade cloud-based solution supporting all in-datacenter and cross-datacenter scenarios ensuring high availability and protecting against the most powerful DDos attacks, offers instant propagation and distribution algorithms that will guarantee routing to healthy servers.
First-class infrastructure coupled with real-time monitoring capabilities mean that you and Incapsula’s team are accountable for the health of all your network assets. This is very valuable in the case of zero-day attacks that do not have known fixes, giving you the resources and data to act quickly to prevent loss.
Making the decision to migrate the management and protection of your network assets to a security-as-a-service solution, may be the best investment you could make for ensuring reliable disaster recovery and threat mitigation. It’s a sure-fire way to keep your business on the cutting edge of web security as cybercriminals become more covert and powerful.
iOS 15 beta has blur nude photos opt-in, but its not without fault
(TECH NEWS) To protect children from explicit content, the most recent beta version of iOS 15 includes a feature that allows users to blur nude photos.
In a move to protect children from explicit content, the most recent beta version of iOS 15 includes a feature that allows users to blur nude photos received in the Messages app. Amid privacy concerns, the feature has yet to be released.
This iteration of the feature is distinct from the original one insofar as it will no longer alert a parent or guardian when nude photos are encountered. While this may seem like a controversial change, several experts pointed out that exposing nude content on a child’s device in some households could result in abuse or, as Harvard Cyberlaw Clinic instructor Kendra Albert suggests, the outing of “queer or transgender children to their parents.”
With the most recent version of this feature enabled, children who receive inappropriate photos via the Messages app would be able to do two things: choose to avoid (or see) the content, and choose to send a report to a trusted adult if they see fit to do so.
Blurring photos is just one of several aspects of Apple’s Communication Safety suite, a feature that aims to prevent child sex abuse by making it easier for children to avoid and report predatory content.
Another feature that Apple has tested – but not released – is their Child Sex Abuse Imagery Detection (CSAM-detection), which scans and reports iCloud content that shows child pornography or abuse to Apple moderators for further review. As one can imagine, the feature drew mixed criticism, the majority of which came from privacy advocates.
While the vast majority of humanity can (hopefully) agree that fighting against child exploitation is a noble cause, these groups argue that scanning and reporting individuals’ personal photos via an algorithm opens the door to government interference and increased surveillance. Switching the algorithm’s baseline to scan for things like anti-government content, for example, would be easy, these groups posit, making the feature extremely dangerous in principle.
There is no current release date set for any of these aforementioned features, though iPhone users can reasonably expect them to drop at some point during iOS 15’s development.
Amazon Music debuts synchronized text transcripts for popular podcasts
(TECH) The first feature to hit Amazon Music is auto-generated and synchronized text transcripts for their most popular podcast shows. Sign us up!
Amazon set out to accelerate the growth and evolution of podcasts last year by acquiring the podcasting network, Wondery. Now, the company is doing just that with the launch of its auto-generated and synchronized podcast transcripts feature on Amazon Music.
According to an Amazon Music tweet, with this feature, you’ll be able to “Roll it back, jump ahead, and follow along” with the podcast you’re listening to. For instance, you can scrub through the transcript to find that line of text with that quote or movie and book suggestion you can’t quite remember. When you tap on a particular line of text in the transcript, you’ll be able to jump straight into that specific part of the podcast. I can already see all the time saved! But, if you just want to read along as you listen, you can do that, too. The transcript will match the audio as you’re hearing it.
Right now, the company is only rolling out podcast transcripts in the US on both iOS and Android devices. When it will expand to other countries isn’t known, and the feature isn’t available for all podcasts yet. For now, it is only available on a selection of popular podcasts like Smartless, Crime Junkie, This American Life, Uncommon Ground, and Modern Love, but more are coming.
To use it, all you have to do is open the podcasts tab on Amazon Music and select one of the podcasts you’d like to listen to. Of course, you’ll need to select a show with the podcast transcription feature to see it. When your show is playing, on the top of the album art and in fullscreen mode, the transcriptions will be available for you to read along to.
Oh, and if you’re worried about having to read through the ads, you have nothing to fret about. Ads won’t be transcribed. Instead, the transcription will read “audio not transcribed” when they are playing.
So far, Amazon seems to be going strong in the podcasting game with the release of podcast transcripts. The feature makes it easy to search and find what you are looking for in a show. And, for those on a long and noisy bus and subway ride, you’ll finally be able to read the information you previously couldn’t hear.
UX design: If you don’t have it, get yourself an audit made easy
(TECH NEWS) UX design is important. By conducting a simple audit to make sure your site is accessible, you can minimize the number of people that quickly go away.
A good UX design is essential in attracting and retaining customers. A seamless and positive experience will keep customers happy and bring your business many benefits, like increasing audience engagement and sales.
But, how do you know if your user experience is in need of help, so people don’t bounce away quickly? Well, if UX is not your forte, the best thing to do is to hire a good UX designer. Unfortunately, sometimes hiring one isn’t always within the budget.
So, what do you do then? The next best thing is to conduct a UX audit of your website or app. Not sure where to begin? Fulcrum’s Do It Yourself UX Audit kit is one place to start.
According to the website, this DIY UX audit “can help you gain valuable insights about the usability of your product.” The tool detects problems in your UX, prioritizes them for you, and finds out how you can fix any existing issues.
The tool is made out of free easy-to-use Notion templates. These UX audit checklists are all customizable, and you can print them or save them on your Notion dashboard to use later.
Inside each template, there are cards with descriptions and examples. Depending on if you meet certain criteria or not, you drag and drop the card into the “Yes” or “No” column. When you’re finished, you will easily see what issues you have, and you can work on fixing them.
The templates are divided into Junior and Middle-level templates.
The Junior level has templates for things such as field and forms, login, mobile UX, and architecture. Most of these templates help make sure you cover your basic UX bases. For instance, it looks at whether your website is desktop and mobile-friendly, and if each element makes sense and is easily identifiable.
The Middle Level dives in a little deeper. The “Visibility of system status” audit checks if you are keeping your audience informed on what’s going on. Things like battery life, loading, or Wi-Fi connection indicators can make a huge difference. No one wants to stare at a screen with no clue if what they clicked on is working or not.
If you can afford it and want a UX virtuoso to do the work for you, you can get a UX audit from Fulcrum. The experts will conduct a full-fledged UX audit and create wireframes with solutions for your UX issues.
However, no matter how you go about it, a good UX design is important. Higher rate conversions and user retention won’t happen if your product is just pushing people away.
Business News1 week ago
Everyone should have an interview escape plan
Opinion Editorials4 days ago
The actual reasons people choose to work at startups
Opinion Editorials1 week ago
7 ways to carve out me time while working from home
Opinion Editorials3 days ago
10 tips for anyone looking to up their professional work game
Opinion Editorials5 days ago
4 simple tips to ease friction with your boss while working from home
Business Entrepreneur5 days ago
4 easy ways to keep track of inventory this holiday season
Business News4 days ago
Corporate-franchise relationships: How has COVID affected them?
Business News5 days ago
What to do if you think you have been wrongfully terminated