cybersecurity – Page 3 – Axiom Cyber Solutions

Cybersecurity Skills Gap: Will it improve or widen further?

There is a fast approaching shortage of workers in the workforce across a multitude of industries—and while many think of the healthcare industry as being the most threatened by this shortage as there has been a recent lack of future qualified nurses, there is an alarm being sounded by the cybersecurity industry for fear of the same thing happening within it as well. As the number of cyber threats facing internet users globally increases daily, so does the demand for qualified individuals to combat these risks. While demand for cybersecurity jobs is expected to grow by 53% over the next two years, there are not enough adequately qualified people expected to be available to fill all of these positions. This is what is known as the cybersecurity skills gap.

As of March of 2015, there were more than 209,000 cybersecurity jobs in the US that went unfilled and the number has grown drastically since then. Most experts believe this to be caused by a lack of interest by future workers, meaning that not only is there a lack of attention towards this industry among college-aged students who are not picking cyber-related majors such as Computer Information Systems and Computer Science, but K-12 children as well. In an attempt to increase interest, there are programs such as STEM (science, technology, engineering, and math) that are designed to peak a young tech guru’s curiosity about the possibility of pursuing a career in the IT industry. While some may be interested in a career in cybersecurity, not everyone who tries is adequately qualified for the position which they are applying; for this reason, experts in the field are divided on whether or not the cybersecurity skills gap will improve or be widened further.

Will the gap improve or widen further?

Experts are torn on their opinions as to whether or not the cybersecurity skills gap will be improved or widened in the coming years.

Those who believe that there is no hope for the industry’s workforce to improve argue that while many people may be applying for IT jobs, they are not properly qualified for these positions. Sixty-seven percent of IT professionals do not have any certification that would make them qualified for their jobs—they must simply learn while they are on the job. These naysayers also argue that most of the executives that prioritize cybersecurity are only CIOs and senior IT leaders, prioritizing the threat about 73% compared with CEOs and CTOs who reportedly only consider security approximately 55% of the time on average between the two positions. The experts on this side of the issue believe that if these high ranking executives don’t take the threats that face their companies seriously, how can the gap be improved properly?

Those who believe that the gap will be decreased have two main approaches to improving the industry’s lacking workforce. First, is a people-centric approach that focuses on training our next generation of workers in cybersecurity skills. This requires teamwork between industry professionals and higher education establishments who must not only share the responsibility, but are required to have a cohesive action plan. In May of 2016, IBM security professionals volunteered their time to teach at the University of Warwick to discuss things like security solution design processes as well as endpoint security among others. By educating those interested in a career in IT, the gap will surely be lessened over time.

The second approach that supporters of the skills gap being closed might utilize, primarily as a backup plan (for now), is the use of cybersecurity robot workers. This approach is a little bit less conventional because though it fulfills the needs of companies to have qualified workers, it negatively impacts unemployment rates, so many experts favor the people-centered approach over this one.

Important Cybersecurity Skills Needed

There are many traits that a qualified cybersecurity professional should have, but among the most important of these are (1) intrusion detection, (2) secure software development, and (3) attack mitigation. These are the three essential skills that will aid the cybersecurity industry in lessening the gap in qualified workers. “These skills were in greater demand than softer skills, such as the ability to collaborate, manage a team, or communicate effectively,” reports a researcher with the Center for Strategic and International Studies. While this may contradict what some people have previously thought, knowledge of these three main skills will ensure properly educated workers are placed in positions for which they are appropriately capable of fulfilling.

Because of its unpredictability, it is hard to say just exactly who will be right about the cybersecurity skills gap; however, peaking young people’s interest early and utilizing team work to bring together higher educators as well as industry giants might help for this gap to be lessened in the near future. If you are interested in a career in IT, visit us at https://axiomcyber.com/ to learn more about a small-business-centered cybersecurity career.

Hailey R. Carlson | Axiom Cyber Solutions | 9/23/2016

Image Source

S.T.E.M Careers: Growing Towards the Future

S.T.E.M. Education

Many people have heard of the STEM program but not everyone knows exactly what it entails. STEM is a curriculum based on the idea of educating students in four specific and critical areas — science, technology, engineering, and math — however, STEM does not separate these subjects to be taught individually, rather they are integrated into a cohesive program that teaches the subjects together as compliments to one another. One key point that the program is praised for is its use of real-world applications to train these students for their future careers — making it one of the most successful programs resulting in some of the best-prepared students facing the workforce upon graduation.

More often than not, people think of high school or even college as the starting point for such technical and complex education to begin, but many schools have incorporated STEM into classes to some degree from kindergarten on up through high school! Of course, it is much more basic at the lower grades, but by including it in the curriculum in students’ education from the beginning and adding to it incrementally as they grow, students will be much more interested in the subjects included in STEM. In addition to this, they will be able to notice the correlation between these subjects, which will possibly result in higher numbers of these individuals choosing STEM-related careers. As you can see to the left, 58% of people currently working in STEM decided on this career path prior to graduating high school, meaning that early teaching is critical in creating future workers interested in STEM.

S.T.E.M. Careers

STEM is the second fastest-growing industry, second only to healthcare, with an expected 8.6 million jobs available in the field by 2018. Not only are graduates of STEM-related majors some of the highest paid young professionals right out of college, but they also get those high-paying jobs rather quickly following graduation. While these facts may be enticing, it is important for individuals to know about some of the potential successful careers they could have in their main area of interest when it comes to STEM.

Science & Engineering

Science and engineering careers are the most related when it comes to the workforce and make up 6 of the top 10 careers in STEM including civil engineering, environmental engineering technology, nuclear engineering technology, computer engineering (also related to technology), petroleum technology, and marine sciences. Among the requirements for these careers are strong problem solving skills, chemistry, basic math skills, and deductive and mathematical reasoning.

Mathematics

Mathematics itself, while an integral element in each of these careers, is not well represented in this top 10 list, making up only one of the listed STEM jobs. Despite this face, Mathematics encompasses a multitude of industries such as statistics, actuarial sciences, economics, and more that differentiate it from its fellow STEM categories. Required skills for mathematically related jobs include deductive and mathematical reasoning, problem solving skills, and facility with numbers. If you love numbers and are interested in STEM, this might be the career path for you.

While science, engineering, and mathematics combine to make up the majority of the top jobs in STEM, technology is one of the fastest growing of these already rapidly rising industries and it affects its STEM counterparts significantly.

Technology

Advancements in existing technology, like smart-phones and computers, as well as the development of new technologies, such as IoT devices and connected car security, make it very apparent that a career in technology has a bright outlook for the future. Jobs are becoming much more technical now and require a better understanding of technology, so STEM programs have been more heavily emphasizing this segment of STEM in recent years.

Of Monster’s top 10 most valuable STEM careers, there are four related to technology: computer and information services, computer engineering (also related to engineering), computer programming, and the #1 most valuable STEM career: information technology. For these careers, there are multiple job titles including Information Security Analyst, Computer Systems Analyst, and Web Developer, among others. These jobs not only require knowledge of the latest technology, high analytical and developmental skills, and logical thinking, but a person seeking one of these jobs must be goal-oriented, passionate, and dedicated to advancing technology and growing the industry as he or she rises throughout a career in tech.

A common misconception about STEM is that it is all about the technical and analytical side of these complex careers, but STEM workers are also creators, innovators, and ground-breakers for the futures of each of their industries. Another fallacy surrounding STEM is that a student must receive traditional training and education in order to gain a successful career in STEM; however, there are alternative ways into a career in these fields.

Alternative Routes to a career in STEM

Many people may look at the training and schooling necessary to attain a STEM-related degree and think that it is not affordable for them or the resources necessary to achieve such certifications required for their future careers are out of reach; however, there are companies out there that try and alleviate these fears by offering alternative routes for those individuals who are interested in a career in technology, but choose to go a different route to get there.

Axiom had the privilege earlier this year to work with IT Works, a Tech Impact program that offers free, immersive IT training to young adults– motivated high school graduates, age 18-26 years old, who have not yet completed a Bachelor’s degree. As part of the 16-week training program, an IT Works student named William Lewis, completed a 5-week internship with Axiom and you can read about his experience interning for Axiom through IT Works here. A career in STEM is not necessarily about going to the highest ranked technology school, but being motivated enough to find your own way to where you want to be in your career, with them help of some companies out there who can get you where you’re headed.

Why S.T.E.M.?

In case you’re still on the fence as to whether or not STEM education and careers are important, the National Science Foundation has this to say on the subject:

“In the 21st century, scientific and technological innovations have become increasingly important as we face the benefits and challenges of both globalization and a knowledge-based economy. To succeed in this new information-based and highly technological society, students need to develop their capabilities in STEM to levels much beyond what was considered acceptable in the past.”

With such a revolution in science, technology, engineering, and mathematics, the modern world is in great need of such advanced, pioneering minds as those interested in having an impact on these crucial subjects.

If you’re interested in learning more about STEM careers, please contact Axiom at https://axiomcyber.com/ to speak to one of our IT professionals about a career in tech. If you are in need of a different route of gaining technological experience and qualifications, please visit http://techimpact.org/ to learn more about their available programs for innovative and motivated individuals.

Hailey R. Carlson | Axiom Cyber Solutions | 9/16/2016

Image Source

Don’t Get Baited by Phishing Scams

It seems that every day there is another company being hit with a new phishing scam—PayPal and Dropbox being some of the more notable of the recent victims. Because it is all over the news, we assume that we know exactly what phishing is; but do we really?

What it is & How it works

Phishing is a scam where cyber-criminals, sometimes referred to as ‘phishers’, impersonate seemingly trustworthy sources in order to send out electronic communication to their contacts (usually customers) in order to do one of two things: (a) to steal credentials and personally identifiable information (PII) from employees and clients, or (b) to infect the computer or company system with malware. The way they are able to do this is a systematic process that includes planning, setup, attack, and collection.

Planning. First, phishers determine which businesses they want to target and how to get their email address list. This is usually by either stealing information from the social media accounts of finance and HR employees from networks such as LinkedIn, or by guessing employee email addresses, which they then use to infiltrate the company. It is easy for hackers to guess some employee emails if the company uses the standard formatting of ‘firstname.lastname@companyname.com.’ While this is easy for employees to remember, it is also easy for phishers to guess.
Setup. Once they have decided their targeted businesses, phishers determine their delivery method for the scam. Most of the time this is through email, however the PayPal phishing scam is an example of one that uses social media as a means of tricking customers. Two fraudulent Twitter accounts were made to appear as though they were legitimate customer service accounts with an urgent message for users of the site. Targets have been lured into entering their PayPal credentials into the seemingly legitimate, but fake pop-up page. This gives these cyber-criminals the information they need to steal PII from the users as well as transfer funds out of their PayPal accounts straight into the scammers’ pockets.
Attack. This is the stage that most people think of when they think of a phishing attack. This is where the phishing message is actually sent out via whichever means the scammer previously chose, again, appearing to be from a reputable source.
Collection or Infection. Not everyone will click on the phishing message, however, 39% of employees click on emails that they originally believe to be suspicious. Those who do end up taking the bait by either clicking on a link in an email or entering in their information into a pop-up, unfortunately have their information recorded by the phishers who can then use this information for their own personal gain. The collection of information is the goal for one type of phishing scam, but as mentioned above, there are some phishing scams whose goals are to infect the computers or systems of the affected individuals. Ransomware, one of 2016’s hottest cyber-threats, is a very popular malware to be included in a phishing scam–now included in 93% of the phishing emails sent out.

How to Identify a Phishing Message

Before any company can protect against a phishing scam, they must first be able to identify one. Here are a few telltale signs that can help you determine a phishing email from a legitimate one (note that these are also included in a previously Axiom blog article on phishing, Gone Phishing: Who’s really on the other end of the line?).

Links- The best way for a hacker to access your information is by making you come to him. Many links in suspicious emails can be verified by hovering your mouse over it; if the link is taking you to an .exe file for example, do not click on it, as these have been known to be the source of various malicious software in other cyber crime situations.
Threats– When there is a threat in an email, such as forcefully taking down an account or being fined if you do not take instant action, this is usually an indicator of phishing. This can come in the form of both email and phone solicitation and threats are easily identifiable by the request of immediate action or otherwise facing the hacker’s consequences.
Posing as a popular company- Seeing a familiar logo or name on an email or other electronic communication can give you a false sense of security that what you are receiving is a legitimate connection from an accredited company. An indicator that a message is phishing is when the hacker includes the company title in a way that is slightly different from the actual company name (i.e. Twitter Co. instead of Twitter Inc.). Also, if you regularly get emails from a reliable company and you receive one that looks different than usual, this is a sign that it may be a phishing scam.
Spelling and Grammatical errors- If there are clear spelling or grammatical errors throughout the email, it is obvious that this email was not carefully looked over by a member of an authentic company and is likely phishing. This not only includes spelling and grammatical errors, but also when key parts of an email, such as the subject line or a signature, are missing or strangely worded.

How your company can combat phishing, Employee Education

Now that we know how to identify a phishing scam, it is important to take the proper steps in protecting businesses everywhere from this type of threat. Companies are the primary targets of phishing attacks, and consequently, they need to amp up their cybersecurity defenses in preparation for combating phishing threats. While employees are some of a company’s greatest assets, they are also the greatest threat to its cyber-defenses. This is why employee education is the most important defense against phishing.

Educate employees—Informing your employees of the indicators listed above will help them to be able to identify a phishing threat.
Take care to assess emails—Encourage your employees to take the time to assess an email before clicking on it or any embedded links it make include. Michele Fincher of Social Engineer, Inc. says, “Adding a couple of seconds on to what you normally do when you receive an email will go a long way (toward safety).”
Utilize checks and balances—Utilizing checks and balances can help to prevent what is known as spear phishing—when hackers pretend to be executives emailing upper level employees in order to gain access to valuable information like financial numbers, wire transfers, and employee information. By having multiple people needed to sign off on something, it is likely that the scam will be caught among them.
When in doubt, ask—Let your employees know that if they are questioning an email, they should ask someone else before clicking on it. It is better to be safe than sorry, and most of the time, if they are questioning it, it is likely a fraudulent email.

If you believe an electronic communication to be malicious or suspicious, do not open it, delete it, and report the incident to your IT department. For small businesses that may not have an IT department or think that cybersecurity is out of reach for your company’s budget, please go to www.axiomcyber.com to learn more about our affordable managed cybersecurity solutions and how we can help your business get and stay secure.

Hailey R. Carlson | Axiom Cyber Solutions | 9/9/2016

Image Source

Protect Your Kids When They Go Online

Children today are amazingly advanced when it comes to technology. They are able to navigate tablets with ease—from flipping through photos to watching surprise egg videos on YouTube, kids have adapted to know exactly how to use your smartphone, tablet, or other electronic devices. In Figure 1, it is apparent that children’s competency levels in regards to tablet functions alone are extremely high—some of which they can do completely unassisted. With their high capability levels as well as the threats the internet poses to them, it is important to ensure they are using these devices safely.

Figure 1: Dubit/University of Sheffield Tablet Use Competence February 2015

As a parent, there are many conversations you’ll have with your child at some point in his or her life. And while some may be more uncomfortable than others, most all of these conversations are necessary and important to your child’s safety and overall well-being. One of the most important of these conversations, and one of the discussions that parents in general do not have much experience in delivering because of its newness, is on cybersecurity.

There are multiple topics of discussion surrounding cybersecurity safety because unfortunately, there are so many threats to people of all ages today. However, there are some key points to keep in mind when battling cybersecurity risks including device safety, web filtering and monitoring, as well as knowing about specific threats like online predators.

Device Safety

As mentioned above, toddlers and other children can navigate electronic devices with surprising ease. While this is incredible, kids do not necessarily know the threats that using these devices can pose and it is important that parents educate them and take action against these threats.

One way to combat this is by turning your devices into safe mode when children are using them. Most tablets and phones have a safe mode including Android and Apple, where you can restrict the apps, internet usage, and even length of time the device can be used in an attempt to help protect your child. By restricting what they have access to in the settings of a device, your children will be protected without you having to sit there and monitor their device usage in person. Parents have too much to juggle, and cannot always be right there with their child while he or she is using this type of device.

In addition to these measures, it is important for you to talk to your child about why they cannot access certain features on their devices. Explaining the reasons why something is not safe rather than just stating that it is in fact dangerous will help your child better understand the preventative actions you’ve taken as well as remind them to keep safety in mind when using electronic devices.

Web Filtering & Monitoring

Whether they are using tablets, phones, or some other devices, if your kids have access to the internet they are exposed to an unimaginable amount of threats. Malware and phishing are especially rampant cyber-threats for people of all ages and children often have a hard time deciphering between legitimate and fake links while online.

The internet in general is pretty scary and malicious for people of any age, let alone children. Merely misspelling a word can send you to a completely wrong address that you never intended on visiting. One way to help protect your children’s online usage is to set up parental controls through web filtering applications such as OpenDNS which gives you the ability to decide which sites your child can and cannot access. By taking this simple measure, you can stop your child from accessing websites that may have inappropriate or malicious information on them.

In addition to setting up filtering defenses, monitoring your child’s internet usage is important as well. For some children who are a little bit older, there are things like homework and social media that they use daily on the internet. But how do you know if they are doing what they are supposed to be doing while online?

One simple way is to check their internet history. While this is an effective way to see where your child has been looking online, there are some tech savvy teens and tweens that may be able to figure out how to clear their histories. In this case, you can also use a monitoring software such as SafetyWeb or SocialShield which will give you a detailed list of where your kids have gone while surfing the net.

Again, communication is key here. Talking your child about the dangers of going to unfamiliar sites as well as possibly letting them know you are monitoring their online activity will keep your child aware of their actions online and remind them of the safety threats that you are trying to protect them from.

Cyber experts tell their kids, in regards to social media security, that once they’ve posted something online, it can never truly be deleted. This helps to remind children to be careful about what they are saying. In the same vein, with regards to cyber-bullying and ‘trolling,’ they tell their children not to say anything online that they would not say face-to-face. Oftentimes, the somewhat anonymity of the internet can bring out the cruelest words from even the nicest people, so reminding your children that their words still have meaning even if they are posted online is a very important conversation to have.

Online Predators

Unfortunately, even with all of these defenses set in place, there are malicious online predators who are actively trying to get to children of all ages. Twenty-five percent of children online have been exposed to unwanted pornographic material and only 25% of children who are exposed to this type of material notify an adult about the situation.

While this is the scariest cyber-threat of them all that your children might face, this crime really only has one defense. Education. This is where the talking really needs to be serious because if predators can somehow get passed your defenses, your child needs to know how to deal with this. Let your child know that it is okay to talk to an adult about any online situation that makes them uncomfortable. In addition, make sure they know not to put out any of their important information online. This information, otherwise known as personally identifiable information, can lead these bad people directly to your child’s computer—or worse, straight to your home.

While there is no surefire way to make sure your child is safe from the bad guys on the internet, talking to them, setting up what defenses you can, and making sure that you all are keeping up to date on current threats can help to strengthen the open dialogue needed to keep families safe from the threats that the internet poses.

Hailey R. Carlson | Axiom Cyber Solutions | 9/1/2016

Image Source

Back-to-School Cybersecurity: What College Students Need to Know

“It’s that time of year again.”

Everyone is so original with their ad campaigns around this time of year. Nevertheless, August means that millions of students across the country will be going back to school. Among them, an astonishing 20.5 million university and college students will or already have started back in full force for the Fall 2016 semester in the U.S. alone. From seniors itching to graduate to wide-eyed freshmen trying to take it all in, universities are about to be jam packed with bodies eager to learn and have fun.

Amid the countless things packed in the bags of these students, a laptop, tablet, or some other sort of computer is essential for almost every single class, be it in-class or online. While the online components of college classes allow for more open communication between students, peers, and professors, there are some drawbacks to having all of these people online. Even though college-age students are generally more tech savvy than most other demographics, hackers and cybercriminals are targeting both the students and institutions alike more and more aggressively and there is a myriad of cyber threats that are trying to hurt or steal these students’ personal information.

Unsecured Public Wi-Fi Connections

While it is an incredibly convenient thing for students to be able to be connected on campus via free Wi-Fi, it could also potentially be extremely dangerous. The use of any public Wi-Fi connection, be it at the library, coffee shop, or anywhere else on or around campus, can be very risky because these networks are very rarely secured properly and consequently are a big target for cyberattack. Due of the openness of the connection, almost anyone who knows how could view what you are doing online while you’re connected.

The best way to avoid this threat is to not use unsecured public Wi-Fi. While this is a nice thought, it is not necessarily a realistic solution for all students, especially those that live on-campus. If you must use an insecure public Wi-Fi connection, make sure to not unveil any personal or financial information and only use secure, encrypted sites. Most universities do offer separate secure networks with a unique login for each student that is usually made up of either the individual’s student ID number, email address, or some other personal identifier. If your university offers such a connection, this is the best route to take.

Phishing Scams

Phishing attacks target different groups of people for different reasons. Email phishing scams that target college students are usually designed to try and steal personal information such as account names, passwords, and banking information.

The threat of phishing has been a big issue for North Carolina State University for several years now. N.C. State has seen rather targeted attacks where cybercriminals have performed reconnaissance to make their messages seem more realistic to students. Scammers have created virtually perfect copies of multiple N.C. State login pages with reference to the university and other specifics related to specific students’ involvement. With hackers working diligently to make their schemes appear legitimate, it is extremely important that students take defensive action against phishing scams into their own hands.

The first defense against phishing attacks is knowing how to identify them. If the message has an urgent request or is poorly worded, it is likely to be a phishing email. One thing that is fairly consistent in all emails of this nature is that they include a malicious link that appears to be legitimate. Students can verify the authenticity of a link by hovering his/her mouse over it. Scammers want to appear as true-to-the-original as possible, and will often use logos they find online. Examine these images to see if they are of the professional quality that your university would actually use, and this could be helpful in indicating a false sender.

The best plan of attack for combatting phishing emails is to not open any email from a strange, unrecognized source and report the incident to your university immediately so that your peers do not fall victim to this same scam.

Sextortion and Webcam Hacking

While it is pretty scary to lose your important personal and financial data, it is even more terrifying to have a cybercriminal harassing you by threatening to expose sexually explicit photos of you all over the internet unless you pay up or give them more photos. This cybercrime is called sextortion and some of its primarily targets are young people, specifically young women.

In May of this year, two students at George Mason University in Virginia reported to police that they were the victims of sextortion. Both victims claimed that their respective “sextortionists” demanded a $5,000 payment in lieu of him exposing the compromising photos online. This is a threat that the FBI says is increasingly growing and is in desperate need of being stopped.

There are a few ways to help combat this cybercrime:

Don’t send explicit photos of yourself to anyone.
Do not talk to people you don’t know personally online.
Turn off or cover your webcam when not in use—many cases of sextortion happen even if the victim has never sent out explicit photos. Hackers get into a person’s webcam and snap pictures without the target ever suspecting it. Just a piece of tape over the camera can be the difference between being safe or becoming a victim of sextortion.

Universities themselves are fighting cybercrimes like data breaches and ransomware that are targeting the student body as a whole—putting your and your classmates’ information in danger. Because of this, it is important for you to take your cybersecurity protection into your own hands. By taking a few simple steps, you can protect yourself against lurking hackers in a café, scammers trying to steal your information via phishing emails, and sextortionists who only want the worst out of you. When you protect your personal cybersecurity, you can truly enjoy the best years of your life without worrying about your personal data.

Hailey R. Carlson | Axiom Cyber Solutions | 8/25/2016

Image Source

Why is cloud security not a good thing?

With everyone moving to the cloud, internet service providers will try to sell you on a cloud based firewall. There are hundreds of companies that will scrub your traffic “in the cloud” before it comes into your business.

The benefits are obvious. No need for expensive on premise firewalls. No need for an IT professional on staff to manage, monitor and update security equipment. Your internet traffic will magically be cleansed of threats by the cloud security police and you will only receive the cleanest, purest internet traffic.

There is only one problem with this. Hackers don’t play by the rules!

Just like a traffic cop, your internet service provider directs traffic through their cloud scrubbing center and then on to you. Your internet traffic has to follow very specific routes designated by your internet provider. Hackers don’t follow red lights, yield signs or wrong way signs.

In 100% of businesses there is a router placed there by the internet service provider. This device is the internet handoff from the ISP to the business. Hackers target these devices via unique identifiers, MAC address or IP address. Even if these devices are hidden by the ISP, hackers have tools to identify them. They then attempt multiple attack schemes to gain access to this device.

If they are successful, they own 100% of the business network. Remember that you have moved your firewall into the cloud. There is no longer a firewall at your edge to protect you. Just like the gate to your castle, you can’t remove it and assume the traffic cop down the street will keep the bad guys out.

This is where Axiom excels. With our SecureAmerica® program, we provide you with a fully configured firewall for your edge. It is the first stop into the business and the last stop out. We monitor threats coming in and going out to protect your business from Ransomware, malware, intrusion attempts, cross site scripting, SQL injections, distributed denial of service attacks and many others.

The secret is in the automation we have built into the threat intelligence gathering and deployment. Axiom’s customers get updates to their firewalls every ten minutes based on real world threats that are identified by global agencies such as the FBI, Homeland Security and the IANA. Other companies wait 3 months or longer to patch holes in their firewalls, leaving them vulnerable to attack. Our proprietary update automation collects this data from trusted sources in real time and creates a firewall update via an ETL process (Extract, transform, and load). That update is checked for integrity and quality assurance and then pushed to our entire client base every ten minutes meaning our customers are on the cutting edge of protection. If a threat is detected by one of our client’s Axiom firewalls and it meets the threshold of a verified attack, the entire ETL process begins again, building a custom update that is pushed out to all of our client base within ten minutes. As our clients grow, our artificial intelligence engine will become smarter, creating a community of well protected and happy clients.

Our team of cybersecurity experts monitor clients 24 hours a day to ensure protection is up to date and none of our clients are under attack. All updates, monitoring, configuration, support, reporting and the equipment is included in our monthly subscription prices. Protection starts at $199 per month. At that price, who could afford not to have Axiom SecureAmerica®?

Scammers Go for Gold: Rio 2016 Olympics Cybersecurity

As the Olympics draw to a close this coming Sunday, we can reflect on these two weeks full of the sport, glory, and friendly competition that the Games are meant to bring to the world stage. However, this year’s Olympics in Rio De Janeiro have also been riddled with security threats. Be it participants & journalists being robbed at gun point when venturing outside of the Village at night, terrorist threats, or multiple limbs washing ashore on Rio beaches—these Olympics have been full of terrifying surprises. But one of the greatest dangers facing the Games that does not get as much attention is cybersecurity. Any event that is presented on such a grand scale attracts not only millions of spectators, but hackers as well—and none are quite as famous as the Olympics.

“Cyber intelligence companies and western government officials warn that the two-week sporting festival, which began last Friday, could lead to some of the highest levels of cybercriminal activity in years.” — Financial Times

Phishing

Brazil is known for having one of the weakest cybersecurity defenses year round, so having the public eye completely focused on them means a challenge for cyber experts in the country and across the globe. The biggest cyber threat facing people in Brazil and around the world is phishing. In fact, Kaspersky Lab has seen an 83% jump in phishing attempts surrounding the months leading up to and weeks during the Olympics. Scammers are doing this by buying low-cost SSL certificates to make their fake websites appear authentic and trustworthy by using domains that include “Rio” or “Rio2016” and many are using these malicious URLs as a delivery method for ransomware.

Many of these phishing scams include fake ad banners that have similar logos to the Official Rio 2016 sign. Some make bogus promises like the recipient of the email has won an all-expenses paid trip down to Rio for the Games in a lottery-style announcement, while still others claim to be selling magic pills that would allow the user to become an “Olympic-level Athlete.” While these situations are ridiculous and even laughable, far too often, people click on the links only to find those hopes have been squashed.

How to avoid: The best way to avoid being caught in a phishing/ransomware scam is to not click on any email or links sent to you by people you do now personally know. If you do decide to click on a link, make sure that it has the secure “https” in front of the web address in order to ensure its validity. If an email from a random person seems too good to be true, it likely is.

Fake Rio 2016 Apps

In addition to the email phishing scams surrounding the Olympics, the Rio 2016 app—meant to keep fans and spectators up-to-date on things like breaking news and medal count per country—has 4,500 copycat versions across Android and iOS platforms that are malicious and could potentially put your smart phone at risk. Many attempt to take over the infected phone or the victim’s social media accounts and some steal data right off of the smartphone itself. If a victim had sensitive information on her phone such as banking information, this would have been an even greater loss all because of a malicious app download.

How to avoid: The best way to avoid this is only downloading apps from trusted sources and not third-party app download providers. Of course you want to stay updated on just how many medals Simone Biles or Michael Phelps have won, but by using the legitimate Rio 2016 app, you can feel more assured that your phone is not compromised in the process.

Tourist Cyber Threats

Now, for those who decided to make the once-in-a-lifetime trip down to Brazil to witness the Games in person, there are many different, targeted threats that you may be facing. Bank fraud, insecure Wi-Fi, and stolen electronics are among the biggest threats to tourists at the Summer Games this year. Here are some tips for avoiding these in-person cyber threats:

How to avoid:

Don’t use insecure Wi-Fi—Especially for sensitive professional or personal information, using unsecured Wi-Fi connections could result in your data being compromised and possibly stolen. Use this time for vacation and not work so as to protect your employer and the company you work for.
Keep your electronic devices with you at all times while traveling—Our mobile devices have so much personal information on them now, so by keeping them on our person or somewhere else where we know they will be safe, we can lessen our chances of data being stolen in that way.
Do not give out your information to anyone who does not need it—Banking, personal, and other information could be dangerous if they fell into the wrong hands. Make sure you do not give any of this out to people who are not required to have access to it. Giving out your bank information specifically, is a surefire way to get your accounts wiped out or other information linked to them stolen or compromised.
Monitor your bank accounts while abroad—Though you should always monitor this information, when travelling it is especially important to be aware of when your money is going. If something looks fishy, notify your bank immediately. When in doubt, exchange your money for the local currency so as to further protect your bank accounts.
Keep your passport close and other IDs close—Though this has less to do with cybersecurity and more personal security, in addition to bank fraud, your passport in the hands of a criminal makes it that much easier for your identity to be stolen. By keeping your passport safe, you’re protecting yourself in the long run as well.

The Olympics are meant to promote unity across nations through friendly competition, but hackers will always view global events such as this as huge targets for attack. By being informed and informing others of potential risks, we can help protect against these threats and enjoy the Games as they were meant to be enjoyed.

Hailey Carlson | Axiom Cyber Solutions | 8/18/2016

Image Source

Why is HIPAA Data so Valuable to Hackers?

15 August 2016
by: Hailey Carlson
in: Cybersecurity,Data Breach
Tags: cybersecurity, data breach, Healthcare
note: no comments

One of the few things that we all have in common is that we need to take some degree of care when it comes to our health. Healthcare providers—like doctors, dentists, nurses, and more—are there for us to take advantage of their extremely vital services in order to keep up with all aspects of our health. In order to properly know our healthcare needs, these providers need to have some pretty sensitive information about every one of us. But what if that very sensitive information was stolen by cybercriminals with plans to distribute it across the dark web? That’s exactly what could happen when healthcare providers fall victim to a data breach.

Figure 1: Total HIPAA Compliance’s List of 2015 Healthcare Data Breaches

In 2015, the healthcare industry saw more data breaches than any other industry—you can see some of the biggest breaches in Figure 1 above—and data breaches have cost the healthcare industry upwards of $6.2 billion over the last two years. Hackers and cybercriminals target healthcare providers because of the valuable information they have on their patients, often referred to as protected health information (PHI), personally identifiable information (PII), or HIPAA data. The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 with the goal of protecting this PHI data and is a regulatory standard across the healthcare industry to this date.

Data protected by HIPAA includes health status, provision of health care, or payment for health care that can be linked to a specific individual. This data is valuable to healthcare providers because it is individually identifiable health information related to the patient’s past, present, and future medical conditions—this means it helps the doctor or dentist to make informed decisions about what their patient’s needs are and what means of medical attention are necessary to address these requirements. This is the good side of HIPAA data. However, hackers want this information just as much as healthcare providers, but for a few different reasons.

HIPAA data is attractive to hackers and other cybercriminals because it is one of the biggest gateways into stealing a person’s identity. Even more than credit card information, medical data is the easiest way to steal a person’s identity because of the sheer amount of information that is readily available. Medical records include sensitive information like patients’ full names, social security numbers, credit card numbers, signatures, and more—everything a malicious person would need to steal a person’s identity, or in the case of a data breach, multiple people’s identities. Unlike credit card-induced identity theft, ID theft via stolen medical records does not show up as quickly as credit card fraud. In addition to this fact, healthcare information sells online for ten times that of credit card data.

In addition to stealing identities, hackers can utilize HIPAA data that is stolen in health insurance and Medicare fraud. Dark web users who buy full medical files could use patient numbers with false provider numbers to file fraudulent claims with payers. When they do this, the victim does not know about the fraud because bills are being sent to his medical provider without his knowledge and the insurance provider does not know that he is not the one filing.

With all of this information needed by healthcare providers, it is their duty to their patients to protect this data. Here are a few ways healthcare providers can protect their PHI from data breaches and attack:

Educate staff members—Education is key in all aspects of life, but protecting data is one of the biggest areas where education is required. When staff members know what is and is not HIPAA data, they can take the necessary amount of care in keeping that data safe. Phishing is one of the main ways hackers get into hospitals’ networks, so informing employees of things to look for that could potentially be malicious is vital when it comes to securing your information.
Consider Encryption—Be sure to encrypt both your hard drive and any electronic communication that you can. When hackers have to work harder to get your data, they are likely to skip you and move onto the next, more vulnerable victim.
Protect your network—Having multiple stages of protection is key to keeping your PHI and HIPAA data secure. This includes wired networks, wireless networks, and connected medical devices via IoT. One of the best ways to do this is by installing a next-generation firewall. Axiom Cyber Solutions offers its SecureAmerica® Firewall as well as HIPAA compliance help as a partner to those healthcare providers that need to be HIPAA Compliant.

It is important to secure your networks in any industry, but it is even more crucial in those industries where real customers and clients could be compromised in the event of a breach of security. Healthcare has faced many hurdles in cybersecurity recently, but hopefully by creating multiple barriers for hackers to overcome, the industry will see a turn for a safer, more secure environment.

Hailey Carlson | Axiom Cyber Solutions | 8/15/2016

Image Source

IoT: The Internet of Things, or the Insecurity of Things?

Everything is connected in 2016, it seems. What many people do not know is that this connectivity of everything through the internet is called IoT, or the Internet of Things. Any device connected to the internet is considered an IoT device. There are the connected things you’d expect like smartphones, tablets, laptops, and even gaming consoles, but there are somewhat less conventional devices as well. These are the things that a few years ago, we’d never have imagined would be connected to the internet—like cars, drones, solar panels, toys, and more—anything made with built-in Wi-Fi capabilities and sensors is a part of the IoT.

Cars

While it is amazing that so many things are now connected via IoT, this also means that all of these devices are vulnerable to hackers. For example, vehicles have become a big target by cyber-criminals recently because many newly released cars have on-board Wi-Fi.

Last year, Charlie Miller and Chris Valasek were able to remotely hack into a Jeep Cherokee’s entertainment system which allowed them access to dashboard functions, steering, brakes, and transmission—all while it was going 70 mph. Hackers were even able to hijack a big rig’s accelerator and brakes just last month!

In addition to on-board Wi-Fi, automotive leaders and innovators like Tesla have implemented an autopilot feature on their newest Tesla S model. While this is an amazing feat that gives us some insight into the future of transportation, in May of this year, a Tesla S in autopilot mode failed to detect, and consequently ended up cutting off, a tractor-trailer, running it off of the road and killing the driver. Though this was of course accidental, researchers at universities in South Carolina and China have found that they could trick the car’s autopilot sensors into thinking objects were present when they weren’t or made them fail to sense real objects that were there. Were they malevolent, they could have caused accidents that could have killed several people. This is why IoT security is so important.

Solar Panels

At this week’s BlackHat conference in Las Vegas, experts plan to discuss the growing security threats to IoT. Security researcher, Frederic Bret-Mounet, scheduled to speak on Friday, has been able to hack into his own solar panels.

Had he been malicious, Bret-Mounet realized that he could have overheated the panels to the point of being knocked offline—or worse, installed spyware which could have watched and listened to all that he and his family did in the privacy of his own home. This is something many people would not expect needed protection because they are unaware of the cloud connectivity of these devices.

Medical Equipment

As scary as it might be to think of your car, big rig, solar panels, or toys being hacked, it is even more terrifying to think of what malicious people might do to connected medical equipment. A Kaspersky lab researcher found that he was able to hack into a hospital’s Wi-Fi and utilize that connection to get into an MRI machine. “It was scary because it was really easy,” he explained. He goes on to say how a hacker could have changed a person in the hospital’s system to be categorized as ‘well’ when they are in fact still very ill, or vice versa. The fact that human being would do this is reprehensible, but that fact remains that the IoT of the medical devices on poorly-secured networks is leaving people not only vulnerable to cyber-attack, but could have fatal, life-changing consequences as well.

Protecting your IoT devices

While IoT security threats can be intimidating as they threaten every Wi-Fi enabled aspect of our lives, there are still a few things we can do in our own lives to help better protect against such attacks:

Do your research before purchasing IoT products—Many people just buy what looks nicest or is most affordable when it comes to buying a new item with a variety of different options to choose from; however, when it comes to buying an IoT product, looking into the security or lack thereof in a product could be the difference in having peace of mind or worrying about your family’s household security.

Video baby monitors are a big concern in this area. These sorts of monitors are gaining popularity because they allow parents to watch their babies from almost anywhere to make sure they’re getting a good night’s sleep. But if this monitor were to be insecure, hackers—or worse, predators—could potentially watch or even talk to your baby. This is why it is so important to make sure that the IoT devices you are buying are secure.

Do not use the default settings—Though this might take some more time than some like to put into their new product purchase, changing from the basic, factory-installed default settings makes it harder for hackers to get into your IoT products. Simple steps like these could mean the difference between being secure or being hacked.

Use secure Wi-Fi connections—Free, public Wi-Fi, though convenient, is rarely properly-secured. Using your IoT devices on this kind of network could result in higher likelihood of cyber-attack.

Turn off your devices when not in use—Devices that are allowed to run all the time, even while no one is using them, not only drains their battery lives, but can result in an insecure connection for hackers to be able to attack. This is one of the easiest steps a person can take, and yet it is one that is often overlooked. If your device works without an internet connection as well, simply disconnecting it from the internet when those features are not needed can do the same thing for your IoT security.

Password protect anything and everything you can—Though passwords are not the only line of defense which should be taken in securing your IoT devices, adding in this extra security step makes hacking into your devices that much more difficult.

The Internet of Things has connected so many new and unique devices, but it has also exposed them to a myriad of new attacks. Staying informed on the latest IoT news and what hackers are coming up with are some of your greatest defenses in cybersecurity. To find out more about how to protect the things you hold near and dear, contact us at https://axiomcyber.com/ or (800) 519-5070.

Hailey Carlson | Axiom Cyber Solutions | 8/5/2016

Image Source

Phone System Security: What to do When Hackers Come Calling

Most everyone is aware that hackers are trying relentlessly every day to get into your company’s private network so they can steal your and your customers’ important data that would be harmful to your company if it were to fall into the wrong hands. But something most people are not aware of is the fact that phone systems are incredibly vulnerable to attack—and they can be a hacker’s fastest link into your private network.

PBXs, or private branch exchanges, are phone systems that allow for communication out of and across a large number of phones in a single organization. Companies have made a turn toward digital IP PBXs over traditional Analog systems because it is easier for them to have everything—computers and telephones—connected in one network. Analog PBXs only provide telephone services, requiring the company to find their own provider to deliver a separate connection to the internet; however, with IP PBXs both internet and phone are connected and come into the company from the same provider via one wire—making things more connected and easier to use for the company.

Unified Messaging

Along with the increased connectivity between telephone and private networks, there are some additional advantages to choosing an IP PBX including lower costs both upfront and for traditionally expensive calls, as well as increased ease-of-use and accessibility for employees via unified messaging. Unified messaging, or unified communication, simplifies and connects all forms of communication—text, voicemail, email, video conference, fax, etc.—and allows them to be handled in a single mailbox that the user can access from anywhere. This can be via an app that allows you to check your voicemail remotely, or via an email attachment with a soundbite of the voicemail. This allows users to be connected to their office telephones from anywhere.

However, with all of this network connectivity, there are some potential drawbacks as PBXs are among some of the most vulnerable office equipment out there.

Threats to your PBX

Many people are unware of the vulnerabilities that their phone systems pose to their company and consequently, these people leave their phones unprotected—and hackers are well aware of this knowledge deficit. Criminals can ring up a huge phone bill by making unapproved domestic and international calls, costing your business big bucks if gone undetected—and that’s just the minor threat PBX hacking can pose!

With the vulnerabilities of unprotected IP PBX phone systems, it raises the question—if my private network and my phone network are connected, wouldn’t it be easy for hackers to get into a private network via the connected, weakly-protected phone system? The short and simple answer is yes.

The greatest and most dangerous threat to your company is when hackers use your vulnerable phone system to hack into your private network—where you store your customer, employee, and financial data, among other vital things. This is the information computer hackers long to take from every company that they can, and weakly protected phone systems are the best direct channels to getting that information from your business.

Protecting your PBX

Though the revelation of yet another point of entry for hackers into your business might be pretty disconcerting, there are some simple defenses you can put in place in order to better protect your company’s PBX system and consequently all of your sensitive data.

Use strong authorization codes or passwords. Each phone and/or user should have their own individualized login and password in order to strengthen the security of the PBX. Many providers of PBX systems leave user passwords at their default settings or simply make them something easy to guess like the user’s birth date or extension number, thus leaving the door wide open for hackers to easily guess and check in order to infiltrate the system. Use of complex, hard to guess authentication codes/passwords is a simple step that allows for less risk to threaten your phone system security.
Delete or deactivate unused accounts. Say an employee leaves your company for whatever reason, her phone’s inactive voicemail box is now an unmonitored entry point for hackers to sneak into your company through your phone system. Deleting extra passageways for hackers takes little time to accomplish and can be a major benefit to your company’s cybersecurity.
Frequently check your outgoing voicemail to ensure that it is in fact your voicemail message. One way hackers ring up your phone bill is by changing your outgoing voicemail message to something like “Yes, I will accept the charges,” then the hacker collect calls this compromised number, charging it on the company’s dime. By not only checking, but changing your voicemail regularly, you can prevent this type of threat to your company. Though this is more of a minor threat, you could save your business thousands of dollars in phone bills by checking something as simple as your outgoing message.
Restrict or monitor certain types of phone calls made to/by your phones. Consider restricting international or long distance calling destinations if your company does not require contact with them regularly. You can set this up either directly into your phone system, or by having your provider notify you of attempts of this kind.
Use Firewalls to protect your data. By having your phone system shielded by a strong firewall, you are providing your company’s phone system with the best possible defense. Intrusion detection will notify you of any attempts or breaches to your phone system and is a key feature this firewall should have; a next-generation firewall will be the toughest one for a hacker to attack.
- Axiom provides a PBX system that has a built-in firewall and we encourage our users to put an additional Axiom SecureAmerica® Next-Generation Firewall in front of that in order to protect your phone system two-fold. Learn more about Axiom’s PBX from our CEO, Troy Wilkinson, here.

Though an unexpected route for hackers to take, securing your phone system is not only key to keeping calls and other means of communication safe from attack, but your private networks and all of the dignified information they store as well.

If you’d like to find out more about securing your phone system or private network, give us a call at (800) 519-5070 or visit our website at https://axiomcyber.com/ to speak with one of our IT experts.

Hailey R. Carlson, Marketing Inter, Axiom Cyber Solutions 7/21/2016

Image Source

Tag Archives:cybersecurity