WARNING! Cyber Criminals

Take a glance at the most discussed cybersecurity topics of the week.

Dreadful summer for Canadian companies’ cybersecurity

Welivesecurity on August 20, 2018

This summer, three major cyber attacks in Canada proved the importance of the rule: there is no chance to relax in conducting cybersecurity operations. The ransomware attacks on Ontario municipality of Wasaga Beach, which led to the stealing of most of the city’s data, on the Quebec Taxi Intermediary Reunion (RITQ) and, finally, the breach of CarePartners – what are the lessons to learn?

1. Invest in a trusted security solution.
2. Make regular backups of files and remember: physical backups stored outside your network are more reliable than automated online.
3. Check if your backup works correctly and that your media (read-only, write off or write) are still readable (and that writable media are not always readable).
4. Include communication strategies in your disaster recovery plan to save the trust of your customers.
5. Don’t encourage the cybercrime and check every opportunity to recover your data without paying the ransom.

Criminal teen stole Apple’s critical files

The Hacker News on August 17, 2018

Being an Apple fan does not only mean buying Apple products. A 16-year-old high school student from Melbourne, Australia, managed to hack several Apple servers and download up to 90GB of critical files.

The criminal teen explained that he was a huge fan of Apple and “dreamed of” becoming an employee of the famous company. What is more embarrassing, this attack was not the only one performed by the teen. The teenager finally was caught last year after a raid on his residence. The stolen data was located in a folder called “hacky hack hack” – isn’t much inventive, is it? Also, authorities found a series of hacking tools and files that helped the boy perform a breach.

The teenager has already pleaded guilty to Children’s Court. The magistrate has postponed his sentencing till next month.

Security awareness combating human error

Dark Reading on August 23, 2018

Human error may lead to fatal consequences, that is why security awareness training is a crucial part of all the protection process. According to Wombat Security, in 2018, 95% of companies train end users on how to avoid phishing attacks, in comparison with 86% in 2014. Also, about 54% of security pros confirmed that reductions in phishing susceptibility became notable after the introduction of training activities.

“There’s been an increase in interest over the past year,” noted Gretel Egan, brand communications manager for Wombat Security. These trainings are not perfect though, as the problem of the human factor still exists. And the most important thing here is to find out which improvements in this kind of trainings is to be made.