"iBrute" questions iCloud Security

Even Apple a heretofore breech-less vendor has recently been found responsible for a security breach. It appears that on Sunday August 31, 2014 a number of photos were taken from Apple iCloud.  The vulnerability created the exposure known as “iBrute” and allowed access to the compromising photos, rather than locking the iCloud entry way after numerous attempts left it open.
The vulnerability has been closed by Apple which after five missed attempts has now locked the entry way preventing any further attempts.
There apparently is a python based script, (which was available at GitHub) allowed the would-be attacker  to brute force their way into the “Find My iPhone” service.  The Find My iPhone” service did not lock the gateway after repeated attempts to guess the users password.
The vulnerability allegedly discovered in the Find My iPhone service appears to have let attackers use this method to guess passwords repeatedly without any sort of lockout or alert to the target. Once the password had been matched, the attacker can then use it to access other iCloud functions freely.
Although the Apple breach is the most recent Cloud breach, there have been many others. In April 2011 E-mail services firm Epsilon had a cloud based breach which cost them up to $225 million in total costs as a result of its data breach, a massive event that indicated the often overlooked risk of cloud-based computing systems. In early April Epsilon, the world’s largest permission-based email marketing services company that serves over 40 billion emails annually reported a breach in its security.
Also in 2011 Amazon experienced a disruption to its services to popular sites like Foursquare and Quora. It is another example of a cloud failure that could prove extremely costly in the long run – and a hint of more troubles on the horizon.
With the transition of more and more services to the cloud, it’s imperative that your company secure its cloud infrastructure. There is no one, “right” way to do so. Consult with business experts to ensure that your data is being secured and a sensitive breech like this does not happen to you.
The average cost to a company of a large scale security breech is $3.5 million. If your company is a mid-market size organization, this cost is enough to shut down operations completely. And more and more, hackers are targeting mid-market companies purely because they are aware of the lack of intense focus on cloud security.
Contact your IT experts before this cripples your business entirely. Anytime your company is handling sensitive personal data, whether it’s social security numbers or credit card numbers, it’s imperative that you have a safe security space. Because as you can see, if even the behemoth companies are susceptible, why would your company be any different?
If you have questions about your security infrastructure, contact [email protected] for a consultation. Your first conversation is a free discovery call to assess what your needs may be.
 
Image Provided by Flickr: dekuwa  https://www.flickr.com/photos/dekuwa/
Statistics provided by: Ponemon Institute

Cyber Attack Impacts Another Large Business

Sally Beauty Supply is the latest company to have their systems breached because of a cyber attack. Confidential customer data, including credit card numbers, were stolen.
In early March, Sally Beauty representatives discovered that at least 25,000 credit card numbers were uncovered.
“Our customers remain our top priority,” Chairman, President and CEO Gary Winterhalter said in a press release.
Sally Beauty joins the list of retail organizations to be hacked within the past several months, joining Neiman Marcus and Target.
Start thinking proactively about your security and compliance before it’s too late; nobody is immune. Where are the gaps in your systems?
Find out today. Call Wendy Sanacore at TxMQ, 716-636-0070 (229) or email [email protected]
source: http://m.bizjournals.com/dallas/blog/morning_call/2014/03/sally-beauty-data-breach-is-bigger-than-earlier.html?r=full
(Photo: From screensaver by iProton.)

Cyber Security: 10 Tips For Small- To Mid-Size Businesses

I’ll start with a personal story about cyber security. Quite a few years ago (I won’t bore you with all the detail), my personal trainer’s email was hacked by a slightly saavy and jealous, ex-client’s boyfriend and personal emails between me and my trainer were distributed in a malicious manner to everyone in my trainer’s email network.
Needless to say, the backlash of this saga was incredible. My trainer escaped relatively unscathed, but the beating I took on it served as a lesson to me for the rest of my life. Don’t put anything into words via email or text that you wouldn’t say directly to someone’s face. Words on paper cannot be forgotten and it’s apparently incredibly easy to hack into someone’s “safe” network, download documents and use them as a weapon against said person or company.
When we went to the police with the breach, they scratched their heads, looked at us dumbfounded and essentially told us there was nothing we could do. It wouldn’t have mattered if there was. Reputations were already smashed, relationships and friendships were ruined and that sense of security and invincibility became an abstract thing of the past.
So this may sound like an exaggerated personal problem, but it happened and it was a traumatic event. Now imagine it’s your company and all your secure files. It’s your employees’ social security numbers, your business-banking routing numbers, your personnel files.
TxMQ attended an this morning titled “The Virtual Reality of White Collar Crime” where the discussion was about cyber attacks. The numbers are staggering.
There are an estimated 1 million cyber attacks per day. That breaks down to 50,000 attacks per hour, 840 attacks per minute and about 15 attacks per second. And they’re coming from all areas of the world.
Trends of late have seen organized cyber crime move from aiming at large, hard targets such as banks and financial institutions to softer small- and mid-size businesses.
Why?
Because it’s easier to hack into the SMB space. There are hackers who only focus the hard targets. They beat their heads against the wall until they chip away a brick, they move that brick and get one name and contact info. Then they start all over again, beating their heads against the wall to remove just one more brick, then one more, then one more. A painstaking process…
Now think about the SMB environment, where it’s much easier to export data and multiple files. Chip one brick away and all of a sudden you have the names and personal info of a thousand people. These professional services providers hold deeds and financial records, personal information and trusts.
Fact: 60% of small- and mid-sized businesses that suffer from a cyber attack go out of business within 6 months due to the cost of recovering from the attack. The average cost to recover from a cyber attack is $5.5M. Be proactive.
Fact: Cyber breach represents the largest transfer of wealth in US history. Businesses lose $250 billion a year to cyber breach and lose another $140 billion in downtime from the attack. That’s almost $400 billion per year. Process that for a moment.
And the truth of the matter is, it’s not even a matter of if it happens, it’s when. Within the past year, my personal credit card number has been stolen and used overseas three separate times.
Here are 10 recommendations for how small- and mid-sized businesses can protect themselves against a potential attack:

  1. Employee Background Checks
  2. Signed Security and/or NDA
  3. Written Policy as Part of Employee Handbook
  4. Provide Meaningful Education & Training (make sure what you have works)
  5. Secure Your IT Infrastructure
  6. Establish Password Policy
  7. Protect CC and Bank Accounts
  8. Test Your Systems
  9. Conduct Exit Interviews
  10. Take Immediate Action

Unfortunately, laws are reactive in nature, not proactive. While cyber crime is still being scoped and defined by the justice system, it’s happening all around us every day.
Get your systems reviewed. How likely are you to get hacked? Call TxMQ or a security firm to be proactive in your approach to protecting your company data.
Can you survive a cyber attack? If you’re a small- or mid-size company, likely the answer is no. And if you do survive, what’s the extraneous cost to your reputation, customers and most of all you?