Businesses, cyber security firms are coming up with creative ways to fight hackers

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.digitaltrends.com/computing/businesses-and-cyber-security-firms-are-coming-up-with-creative-ways-to-fight-hackers/#!bkGW8s

Hackers continue to play havoc with our computers and networks. Many
viruses and other traps are designed primarily to damage your system in
some way—by, say, corrupting your data, scrambling the operating system, or
crashing the system somehow.

Then there are the more nefarious forms of hacking that entail
exploitation, by either accessing his or her financial data and using it to
embezzle funds, or by encrypting or removing data from the victim’s PC and
then holding it hostage, refusing to restore the data until a fee is paid.

One of the most nefarious of these viruses is Cryptolocker, a nasty little
piece of ransomware that, though it has been around for a while (and
therefore it’s “treated” by most antivirus software), PC and computer
security technicians report that they are still treating
CryptoLocker-infected machines.

They’re also busy healing many PCs inflicted by closely related viruses,
such as Cryptowall on a regular basis. Ransomware and other data-hijacking
viruses, in addition to other types of data hacking methods, costs
companies millions in recovery and other fees each year.

In response, an increasing number of companies are resorting to
countermeasures, such as creating decoy servers that collect information on
would-be hackers, staking out online forums to watch out for stolen data,
and even planting misinformation or alluring fakes on company servers to
confuse and thus help snare thieves. As former assistant secretary for
policy at the Department of Homeland Security, Stewart A. Baker told The
New York Times recently, some security experts are advising companies to
take even more proactive precautions.

“Companies want better results than are being delivered by law
enforcement,” Baker says. Baker went on to question whether government
agencies have the resources to monitor corporate networks, and whether
businesses would willingly give the government increased access to its
networks.

Red Sky Alliance vice president Jeffery L. Stutzman thinks there should be
a “Second Amendment right in cyber,” alluding to the right to bear arms.
Red Sky Alliance, a cyber-security firm, handles intelligence for several
top corporations—many of which are trying to gauge just how much hacking
prevention the company itself can take on. What are the ramifications of
trying to essentially take the law into your hands?

The problem with any non-law enforcement agency taking matters into its own
hands is that often doing so entails performing acts that are illegal to
all but law enforcement bodies, and often even law enforcement must acquire
warrants and navigate through other legal hurdles to justify many types of
investigative activities.

In addition, cyber criminals often conduct their activities through
innocent third-party machines, making it difficult to single out the actual
criminals. Besides, companies that try to find and retaliate against
hackers, especially if the retaliation entails recovering data from the
alleged hacker’s computers, are, by the nature of the act itself,
committing trespassing and theft.

But that’s not to say that countermeasures always fail or cause additional
problems. Samir Kapuria, vice president of Symantec’s Cyber Security Group,
recently talked about how his company helped one of its clients plant
counterfeit blueprints. The blueprints were subsequently found for sale on
the Internet and traced back to their source, saving Symantec’s client
millions of dollars.

As our lives and businesses become more and more data-driven, it also
becomes increasingly more important for data to retain its integrity. The
perpetual back-and-forth between hackers and legitimate companies, as
unfortunate as it is, won’t let up anytime soon. However, you can ward off
most cyber-thieves and save yourself a lot of grief by remaining vigilant.

To close, here are seven basic ways to help you protect your data. If you
don’t take these precautions you’ll likely experience some sort of
catastrophic data loss.

- Back up your data and create recovery discs and drives. It’s always much
safer to have at least one set of backup files off-site. Use the backup
software’s automatic scheduling as well.
- Use virus and security software, and make sure you keep it updated.
- Delete all unsolicited requests for personal information.
- Know exactly who and why—before entering your information on a Website.
- Think before clicking a link or banner. You have no idea what it does, or
where it will take you.
- Don’t install software from untrusted or unknown sources.
- Be careful about using banking and other high-security apps over public
and free Wi-Fi hotspots, as they’re generally unsecure.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!