WELCOME !

THANK YOU FOR VISITING THIS SITE. I HAVE BEEN USING BOTH SWAHILI AND ENGLISH LANGUAGE TO EXPRESS ISSUES - I HAVE ATTACHED ENGLISH VERSION TO SOME OF THE SWAHILI NEWS/STORY AT THE END.

Saturday, 24 May 2014

CYBERTHREATS CONTINUE TO RISE

If a single theme dominated the Credit Union InfoSecurity Conference that was held at the beautiful Red Rock Casino, Resort and Spa Las Vegas in May 21 – 23 this year (2014), It was Cyberthreats are multiplying and the criminals are getting better at their jobs. One of the key questions before the nearly 50 credit unions in attendance at the confab was are they taking the necessary steps to win the battle?

Opening speaker Andy Robbins, a network penetration expert with TrustCC, said many networks are vulnerable to penetration by hackers. Sometimes, the network and its firewall are set up with easily-prevented vulnerabilities baked in. Often, though, the biggest vulnerability may be a credit union’s employees who can be easily tricked into giving up their login credentials. “This is your largest threat,” Robbins said.

He offered a hypothetical: Imagine if many employees receive an official looking email from human resources telling them that, because of Obamacare, they need to fill out an insurance questionnaire. A link to the questionnaire is included and to authenticate who they are, they need to provide their login credentials. Robbins insisted that typically, there is a stampede of employees filling out questionnaires.

The first five to complete the survey will receive $15 Starbucks gift cards for their time. However, that HR email is spoofed but the link to a site with a toxic payload is real. “We can turn a $5 gift card into a $5 million data breach,” he noted. What is the cure for this type of scenario? Robbins advised not trusting anyone and urged attendees to reiterate that message throughout their organizations.

Demetrios Lazarikos
Demetrios Lazarikos, an IT security consultant with risk assessment firm Blue Lava Consulting LLC in San Jose, Calif., and the former chief information security officer at the Sears Online Business Unit, offered a stern warning. “Don’t think you are not a target. You will be found and you will be probed.”

In many cases, criminals are moving faster than legitimate organizations, some of which are struggling with dire shortages of qualified information security staff. Lazarikos’ other major takeaway was in order for IT security to succeed it has to have buy-in from the very highest levels of the organization. Without that, efforts could fail.

At the conference, a panel of three vendors spoke on Distributed Denial of Service or DDoS mitigation services. Marc Gaffan, a co-founder at Redwood Shores, Calif. mitigation company Incapsula, opened the discussion with this: “The size of DDoS attacks we are seeing is going through the roof.” He said many more are multi vector, meaning they mix modes of inflicting DDoS, which makes defense strategies that much harder.

“DDoS is starting to look more like (advanced persistent threat),” Gaffan explained. “Attacks no longer last for hours or days. We see some lasting for weeks.” Miguel Ramos, a product manager at Neustar, a Sterling, Va.-based telecommunications analytics company, said his firm has been seeing similar DDoS attacks. 

“Q1 2014 was an inflection point in terms of size of the attacks,” Ramos said. “They are much bigger.” According to a Neustar survey, 71% of respondents, which included many credit unions, said they experienced DDoS, said Ramos, who did not offer more details about the experiences of credit unions.

Kyle Stutzman, chief operating officer at disaster recovery services CUSO Ongoing Operations in Hagerstown, Md., said the only way to successfully combat DDoS in the near term is to be agile. Attackers continue to adapt their techniques and that means credit unions will have to be quick and flexible with their reactions, he advised.


Ongoing Operations is exploring ways to better pool DDoS mitigation tools, and thus costs, so that the protections can be affordable to more credit unions, Stutzman said. While he did not go into detail about the new strategies he did say this is a top of mind focus at the CUSO.