Thursday, October 12, 2017

More facts about cyber security and it is scary!

Social media – a hackers’ favorite target

Currently, according to in depth statistics, there are more than 1.6 billion social network users worldwide with more than 64% of internet users accessing social media services online. Moreover, social networking is one of the most popular ways for online users to spend their time, and a preferred way to stay in contact with friends and families.
This is precisely why cyber attackers love social media as well! Users that spend a lot of time on social networks are very likely to click links posted by trusted friends, which hackers use to their advantage. Here are some of the most popular types of cyber attacks directed at social media platforms:
  •  Like-jacking: occurs when criminals post fake Facebook “like” buttons to webpages. Users who click the button don’t “like” the page, but instead download malware.
  • Link-jacking: this is a practice used to redirect one website’s links to another which hackers use to redirect users from trusted websites to malware infected websites that hide drive-by downloads or other types of infections.
  • Phishing: the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by disguising itself as a trustworthy entity in a Facebook message or Tweet.
  • Social spam: is unwanted spam content appearing on social networks and any website with user-generated content (comments, chat, etc.). It can appear in many forms, including bulk messages, profanity, insults, hate speech, malicious links, fraudulent reviews, fake friends, and personally identifiable information.
social media hacking heimdal security
Why are cyber attacks on social media so frequent?
Because social media users usually trust their circles of online friends. The result: more than 600.000 Facebook accounts are compromised every single day! Also, 1 in 10 social media users said they’ve been a victim of a cyber attack and the numbers are on the rise. Now this is a cyber security statistic which we don’t want you to become part of.
How it affects you and what can you do to get protected:
  • Don’t click any strange links.
  • This is courtesy of HEIMDAL.

Friday, October 6, 2017

Secure your systems

To follow is just a quick look at securing your systems. Today threats are everywhere so be vigilant!

Prevent Network Intrusions with Multiple Strategies

A complete network overhaul isn’t always necessary to improve security. Many providers offer easy-to-deploy network solutions that incorporate powerful security features.
Firewalls built into routers, for example, allow IT staff to monitor incoming and outgoing network traffic and decide whether to allow or block specific traffic based on a defined set of security rules. A proven and reliable network security technology, firewalls create a barrier between secure internal networks and untrusted external networks, such as the internet. 
“Leverage next-generation firewalls,” Gheri recommends. “These devices can identify traffic based on applications. And good next-generation firewalls can apply different traffic optimization techniques to different kinds of application traffic.”
An intrusion prevention system (IPS), implemented either as a device or through software, is a powerful tool that examines traffic flows to detect and block vulnerability exploits, an approach attackers frequently use to access or cripple an application.
Intrusion prevention is a standard feature in most next-generation firewalls. “It provides base-line security, but be aware that an IPS should not have a blind spot regarding SSL-encrypted traffic,” Gheri warns. “Encrypted traffic needs to be decrypted and then matched against malware signatures and payload needs to be inspected for advanced malware.”
Segmentation, a technique widely supported by network technology providers, splits a network into multiple subnetworks, commonly known as segments. The approach allows organizations to group applications and related data together for access only by specific users (such as sales or finance staff). This technique can also be used to restrict the range of access provided to a particular user.
Segmentation is perhaps the simplest way to improve an organization’s security posture, since using network address segments to control access hampers cyber attackers. “It can also help to contain malware outbreaks,”
info by viztech

Tuesday, October 3, 2017

What Amazon is thinking for the future and it is well unusual

I want you to read this it is funky and well shows you what the big boy is thinking:

More to come soon.

Joe Rossini

Monday, October 2, 2017

The top 10 e commerce retailers distribution facilities

The 10 Retailers With the Most E-Commerce Distribution Centers

Digital retailing is tough. Not only do retailers need to find innovative ways to drive traffic to their sites and induce a sale, they need to be able to fulfill any and all orders at breakneck speed. Customers are making purchase decisions based on delivery times and the more DCs a retailer has the better its chances of meeting shopper expectations.

In its Top 500 Guide Internet Retailer ranks the top e-commerce retailers across numerous metrics including number of fulfillment centers. The entire report is available here, and a quick look at the 10 retailers with the most DCs is below.

Amazon. No surprise here that Amazon tops the list, nearly tripling second place finisher IKEA. Amazon has fulfillment centers in 19 states, to help process the 350 million SKUs the online giant carries. Number of e-Commerce Distribution Centers: 109.

IKEA. While the furniture retailer is known for its sprawling, warehouse-like showrooms, over $134 million of its revenue comes from web-based sales. In fact, IKEA's web sales increased 25% in 2015, with eight million monthly visitors.   Number of e-Commerce Distribution Centers: 39.

O'Reilly Auto Parts. O'Reilly is growing not only its physical footprint as it looks to enter the lucrative northeast market, but its only presence as well. The auto parts retailer's web sales increase 14% last year and not account for over $176 million in revenue.  Number of e-Commerce Distribution Centers: 23.

W.W. Grainger. The hardware and home improvement retailer stocks over 1.4 million SKUs. It has over 9 million visitors browse its site each month — a huge jump from the 4.5 million that visited each month in 2014. Number of e-Commerce Distribution Centers: 18.

Safeway Inc. While digital grocery sales are still in their infantcy many of the nation's top supermarket chain have made significant investment in the space. Safeway's web sales have been relatively flat year-over-year, but it still accounts for nearly $230 million in revenue. Number of e-Commerce Distribution Centers: 17.

Bed Bath & Beyond. The New Jersey-based home goods retailer continues to scale up its digital shopping efforts, with web sales increasing 25% year-over-year. The retailer is investing heavily in the mobile experience to capture busy on-the-go shoppers. Number of e-Commerce Distribution Centers: 17.

Sears Hometown/Outlets. The retailer operates two brands, Sears Hometown and Hardware storea nad the Sears Outlet Stores, with revenues north of $325 million. It sells home appliances, lawn and garden equipment, tool and hardware, and has fulfillment centers located in 10 states. Number of e-Commerce Distribution Centers: 16.

Estee Lauder. The cosmetics and fragrance manufacturer and retailer have over 8.6 million monthly visitors, and sports a 4% conversion rate. Its web sales have been growing by leaps and bounds, increasing to over $860 million in 2015, an increase of nearly 28% from 2014's total. Number of e-Commerce Distribution Centers: 14.

GameStop Corp. With the vast majority of its shoppers 34 years old and younger the video game retailer has a massive digital presence. Web sales topped the $1 billion mark in 2015, representing a 25% bump over 2014 totals. Number of e-Commerce Distribution Centers: 13.

Systemax. The industrial supplies, computers and electronics supplies retailer has web sales north of $1.4 billion, and hosts 3.7 million unique visitors per month. It sells over 450,000 SKUs and an average ticket value of $440. Number of e-Commerce Distribution Centers: 13.

Tuesday, September 26, 2017

Company cyber security and why we are at risk!

 To follow are parts of articles written by SolarWinds MSP:

Companies are overlooking seven basic security principles: 1. Security policies are inconsistently applied. 2. User training is massively under-prioritized. 3. Only basic technologies are being deployed. 4. Vulnerability reporting is often weak, or even nonexistent. 5. The majority of organizations make no changes to their technology or processes following a breach. 6. Widely accepted prevention techniques and processes remain overlooked. 7. Detection, response, and resolution times are all growing.

Did you know that:
77% of respondents reported tangible loss (monetary, legal action, loss of customer) from a security incident 23% of survey respondents reported intangible loss (of brand reputation, etc)

So, in hard commercial terms, what does this vulnerability cost a typical SMB or enterprise? Beyond the readily identifiable impacts of a lost customer or downtime leading to lost opportunity, what are the wider implications? In their “2016 Cost of Data Breach Study: Global Analysis,” 1 IBM and Ponemon calculated a standard cost per lost or stolen record of USD $158/ GBP £122. This calculation included direct expenses (e.g. engaging forensic experts, outsourcing hotline support, and customer relationship remedial costs such as discounts on products and services) and indirect costs (in-house investigations and internal communications). It also extrapolated typical values of lost customers and the impact of brand damage on future customer acquisition. This may not seem like a lot but $158.00 x tens of thousanmds and now you see what they mean! I have often heard that hackers go into banks mostly small banks and they dont steal thousands but maybe $1.00 or less! Tink if you did this to thousands of banks and once again you see a lot of loss. Banks will not do much for a loss of that size so the hackers come back and back until they are stopped!

Based directly on our research, the following represent the top seven pitfalls that are opening UK and US businesses up to massive financial liabilities, with the potential for something as serious as an extinction event. 1. INCONSISTENCY IN ENFORCING SECURITY POLICIES A security policy is clearly worthless unless it is correctly enforced and its suitability is regularly checked. However, only 32% of respondents could claim their security policies are reliably applied and regularly audited. On top of this, less than half or 43% enforce them only occasionally, 17% fail to audit their suitability, and 7% have no policies in place.

2. NEGLIGENCE IN THE APPROACH TO USER SECURITY AWARENESS TRAINING Despite all the commentary about its importance, only 16% of respondents considered user security awareness training a priority. A massive 71% pay lip service to it by either including security awareness as a one-off event at employee onboarding or reinforcing it once a year. The remainder, 13%, admitted they do nothing

3. SHORTSIGHTEDNESS IN THE APPLICATION OF CYBERSECURITY TECHNOLOGIES Six of the nine most typical cybersecurity technologies had been deployed by only a minority of respondents. Web protection, email scanning, and anti-malware had each been rolled out by 50-61%, but the remaining six (including SIEM, firewall rules, and patch management) had been deployed by only 33% at the most (SIEM), or 25% at the lowest (intrusion systems)

4. COMPLACENCY AROUND VULNERABILITY REPORTING Only 29% of respondents could call their vulnerability reporting robust, with the majority, 51%, optimistically classifying it as adequate. Surprisingly, as many as 19% have no reporting, and 11% even said they categorically had no plans to investigate its deployment or usefulness.

5. INFLEXIBILITY IN ADAPTING PROCESSES AND APPROACH AFTER A BREACH Following a breach (experienced by 71% of respondents), only 44% implemented new technology, and only 41% changed their processes. Meanwhile, 42% started looking into new technology, while 14% purposefully did nothing

6. STAGNATION I N T H E A P P L I C A T I O N O F K E Y P R E V E N T I O N T E C H N I Q U E S Of the nine key prevention techniques listed, only a minority of respondents had implemented all of them. The most prevalent technique was full disk encryption on mobile and portable endpoints, but even this was only performed by 43%. Application white listing was implemented by only 38%, and logging of authenticated users’ activity was used by only 41%.

7. LETHARGY AROUND DETECTION AND RESPONSE Over the past 12 months, detection times had risen for 40% of respondents; response times were up for 44%; and resolution times had increased for 46%. In contrast, in our 2016 report, detection times had risen for only 28% of respondents; response times were up for 28%; and resolution times had increased for 27%. This shows that the rate of decay (and complacency) is growing

ADVICE FOR MSPS The data and conclusions in this report make one crucial point overwhelmingly clear: Enterprises and SMBs alike are overconfident in their cybersecurity preparedness. This being the case, what opportunities do managed services providers (MSPs) have? Opportunity #1: Offer cybersecurity training to your customers. Training can make a huge difference in your clients’ security, so it’s absolutely essential that you arm them with the knowledge they need to prevent breaches. Whether you offer it as a service to build revenue or you offer it free to provide retention, training can cut down on the number of security incidents. That translates to fewer emergency calls and, ultimately, happier clients. Opportunity #2: Make sure your own house is in order. MSPs need to make sure their own security practices are up to par. You should review your practices and security technology stack not only for current best practices, but with an eye to the future as well. Does your security meet the current and future needs of the typical SMB or enterprise? Does it work well across on-premises, cloud, and hybrid environments? Can you serve clients in highly-regulated verticals? Opportunity #3: Prepare with disaster drills. MSPs can also offer to stress test their clients’ security via “war games.” Many industries run drills to help them deal with worst case scenarios: marketing teams practice their responses to PR crises, financial services organizations stress test their portfolios, and logistics teams plan for transportation hubs closing down unexpectedly. As an MSP, you can practice disaster events with your clients, both in terms of technology and processes, to discover weak points and make improvements. Are the lines of communication and equipment sufficiently robust? Are expectations and metrics reasonable? You’re likely to find a few upsell opportunities in the process. Opportunity #4: Determine the partnerships or skillsets you’ll need. Many security incidents require specialists to handle, so make sure to prepare before you need it. Whether it’s warding off DDoS attacks, protecting IoT at an architectural level, or implementing digital forensics incident response, you should either look to hire expertise in-house or partner with someone who can handle these for you. You never want to have to build new skills in the middle of a crisis. Organizations’ overconfidence combined with the prevalence of the seven pitfalls of cybersecurity create a perfect storm on which cybercriminals are bound to capitalize. But with the right approach, dialogue, relationships, and tools, MSPs can turn these flaws into lucrative opportunities. CYBERSECURITY: CAN OVERCONFIDENCE LEAD TO AN EXTINCTION EVENT? 1

I think that the above will happen. I worry about breaches to our national security, our infrastructure, our banks and more. Be prepared!!!

More to come from Joe Rossini

Mobile e commerce is growing fast

Some info on mobile e commerce:

  • Target is enhancing its mobile app with beacon and Bluetooth technology that shows a customer’s location on the app’s map as they move about the store, Target’s chief information and digital officer Mike McNamara said in a company blog post. In a video, he likened the technology to driving with GPS. 
  • Target's app will also point shoppers to nearby promotional prices, dubbed "Cartwheel" deals, for users of its mobile app. The new features are is set to go live in about half of Target’s stores for the holidays. 
  • The mapping capability comes a few weeks after Target began to move its Cartwheel savings app to its flagship mobile app.
  • A new voice technology integration from Unata, an enabler of digital solutions for grocers, will allow grocery retailers to offer voice ordering to their customers, according to a press release.
  • The new capability was developed in-house by Unata and can be used through a grocer's website or mobile app, a company spokeswoman told Retail Dive. Unata plans to showcase the voice ordering technology next week at the Digital Retail Conference in Los Angeles.
  • The technology supports a number of conversation-driven shopping interactions, including comprehensive list building, updates on sales and offers specialized for the shopper, placing orders, finding store information and more, according to the company.  

Dive Brief:

  • More millennial-age consumers visit multiple stores in search of deals than their baby boomer elders do, according to research from consumer engagement firm First Insight. Some 71% of millennials frequent a variety of stores, compared to 57% of baby boomers, according to a report emailed to Retail Dive.
  • While most millennials do go online to search for deals (82%), the study found that same shopping behavior within both generational groups, as more baby boomers (65%), especially those with higher incomes, are also looking online for the best price rather than in-store, First Insight said.
  • Most millennials (92%) this holiday season plan to spend money in a physical store, according to other research from the International Council of Shopping Centers, which is forecasting a 3.8% year-over-year growth in retail sales for the season. On average, they plan to spend $554.40 on holiday gifts and related items, according to an ICSC report emailed to Retail Dive.

There is no doubt to me that the use of mobile by all generations is up and that being able to be found is important.

More to come.

Joe Rossini