Category Archives: malware

New Survey Shows Gap Between Americans’ Online Security Perceptions and Actual Practices

AscentiveInternet Safety News from the Ascentive team

More than nine in ten Americans (92%) believe that a safe and secure Internet is crucial to our nation’s economic security and 81% of Americans want to learn more about being safe and secure online, but there still exists a visible disconnect between Americans’ perceptions of their online safety practices versus the reality of their actual safety practices. These insights were revealed in the 2011 National Cyber Security Alliance (NCSA)-McAfee Online Safety Study, released today by the NCSA and McAfee.

While the study found progress in a number of areas regarding online safety awareness, perception versus reality gaps continue to exist in critical areas:

70% of Americans say that they represent their child/children’s primary source of information for online safety, yet 48% of parents are not completely confident that their children can use the Internet safely.

32% of consumers either back up data only once a year—or never (20%).

15% of Americans have never checked their social networking privacy and security account settings.

According to the survey, only 7% of U.S. parents are worried about cyberbullying even though 33% of teenagers have been victims of cyberbullying, according to the Pew Internet and American Life Survey.

“This new study shows that vast majorities of Americans believe that cyber security is important for our personal safety and our nation’s economic security,” said NCSA Executive Director Michael Kaiser. “Yet this survey also shows that we can do a better job of protecting ourselves and those around us and really focus on the notion that a safe and secure Internet and digital experience represents a shared responsibility.”

“As our digital usage grows exponentially each year with a multitude of different devices connected to the Internet, cyber threats have grown more sophisticated and widespread than ever before,” said Todd Gebhart, co-president, McAfee. “This new survey demonstrates the fundamental importance of better online safety and security awareness for ourselves, our communities, our schools and our businesses.  Consumers need to think beyond just PCs, and also protect their web experiences, their data, and very importantly, their children on all the devices they use.”

Key Findings:


Security Perceptions

Less than half of the population (46%) reports that they feel safe from viruses, malware and hackers while on the Internet.

When it comes to the issue most Americans are concerned about regarding online safety and security, 43% of respondents reported they were most worried about identity theft; 13% were concerned with loss of privacy; and 12% reported their biggest concern was someone monitoring or recording their online activity.

When asked how people would like to learn about staying safe online, 37% of Americans are willing to receive regular information from an organization about safety best practices; 15% are willing to educate others; 13% would attend an in-person education session; 20% are not willing to do any of these and 15% are not sure.

Crime and Law Enforcement

When asked what puts Americans most at risk of a cybercrime or a loss of personal information the largest number of respondents, one-third (33%) said they believe connecting to an unsecured wireless network puts them most at risk yet more than half (53%) of Americans said they have logged onto a wireless network without entering a security password.

One in 5 (18%) Americans have been the victim of a cybercrime and 38% know someone who has been victimized, and 65% of all respondents do not think their local police department is equipped to handle reports and investigate Internet crimes.

Of the 17% who were victims of cybercrime but did not report them, 34% were either unsure what exactly happened or were not sure who to report it to.

More than half (53%) of Americans indicated they have received fake anti-virus warnings but 87% said they did not believe the warning was legitimate. From 2008 to 2010, fake anti-virus scams have grown by 600% and are estimated to victimize one million Internet users per day, according to McAfee research.

Safe Computing Practices

54% of Americans don’t back up their data regularly; with 21% backing up just monthly; 12% backing up only once a year and 20% of consumers never backing up.

21% say they don’t think it’s necessary to change account passwords regularly even though experts believe this is a basic online safety practice.  More than a million password-stealing malware samples were discovered from January 2011 –June 2011, according to McAfee Labs.

25% say they never change their passwords unless prompted.

Social Networks

26% say they are sharing more information on social networks today than one year ago.

Nearly half (47%) of Americans are confident in their ability to use privacy and security account settings in their social networks, but another 47% are only somewhat confident with 24% saying they are not confident at all.

15% of respondents have never checked their social networking privacy and security account settings and only 18% said the last time they checked their settings was in the last year.

Meanwhile, one out of ten (11%) Americans reported that their social network has been hacked in the last year, while 81% did not.

Children and Online Safety

70% of Americans say that they represent their child/children’s primary source of information for online safety, yet 48% of parents are not completely confident that their children can use the Internet safely.

According to the survey, parents worry most about contact with strangers (38%) online, 7% worried about bullying and harassment and 9% were worried about identity theft even though 140,000 minors are the victims of ID fraud each year according to ID Analytics.

The concern that ranked second according to parents was exposure to adult content yet 44% of parents admit they have not discussed Internet pornography with their children and 44% don’t have content-filtering software on their computers.

48% of the parents surveyed say they know their child/children have seen pornography online and of the parents who aren’t sure if their kids have seen adult content, 68% think it unlikely that they have.

Of those parents who don’t have content-filtering software, 34% say they trust their kids.

Workplace Cyber Security Practices

The survey also polled a sub-sample of Americans cyber security practices and attitudes in their workplace.  The survey found that a majority say their employer has a formal work Internet usage policy (59%) while 26% do not.

But respondents are split as to whether or not they have had training on keeping their work computers safe and secure (43% to 43%).

Seven in ten (69%) say that a safe and secure Internet is dependent to their job, 45% of which say it is very dependent. Six in ten (61%) say that losing Internet access at their job for 48 consecutive hours during a regular business week would be disruptive, 43% say it would be extremely disruptive.

A 2011 NCSA/Symantec study of small businesses finds that two thirds (66%) say that their business is dependent on the Internet for its day-to-day operations, two fifths of which (38%) would characterize it as very dependent.  Two thirds (67%) of small business owners describe their businesses as more dependent on the Internet than it was 12 months ago.

Age Disparities

Respondents ages 18-54 feel that individual users are most responsible for keeping the Internet safe and secure, whereas users 55 and older believe that it is the Internet service provider who is most responsible.

As the age of the user increases, so does their concern over identity theft, with 40% of 18-29 year olds, 39% of 30-49 year olds, 47% of 50-64 year olds, and 50% of those 65+ citing this as their largest concern.

As respondents’ age increases, a smaller percentage feels safe using smartphones with 23% of 18-29 year olds, 11% of 30-49 year olds, and 2.5% of 50-64 year olds feeling safe accessing the Internet using their smartphones.

Gender Attitudes Towards Cyber Security

If a computer were infected by a virus or malware, and the user was provided step-by-step instructions to fix it, only 31% of females feel very confident in fixing the computer on their own versus 53% of males who feel very confident about pursuing this task.

Nearly one in every five males (or 19%) backup their data and digital information on a daily basis while a less amount of females – only 12% – do so each day.

Thirty-eight percent of females have undergone training to keep their computer safe and secure at work, while 48% of males received training about safe and secure cyber security practices in the workplace.

Photo Credit

Advertisements

National Cyber Security Alliance Announces New Agreement to Promote Cyber Security Education Programs Nationwide

AscentiveInternet Safety information from the Ascentive team

The National Cyber Security Alliance (NCSA) – a non-profit public-private partnership focused on cyber security awareness and education for all digital citizens – has announced that on behalf of the National Cybersecurity Education Council (NCEC) it has signed a memorandum of understanding (MOU) with the U.S. Department of Education (ED) and the National Institute of Standards and Technology (NIST) to formally institute and promote cyber security education programs in K-12 schools, higher education, and career and technical education environments nationwide.

The new agreement paves the way for the continuation of the recently established public private partnership known as the National Cybersecurity Education Council to build a consensus on the future of cyber education in the United States. The multi-stakeholder effort will bring together government, industry, nonprofit, academia and other educational organizations to make recommendations and suggest guidelines on cyber education.  The collaboration will also include all parties participating in a working group to identify the cyber education needs of all young people and the foundational knowledge, skills and competencies needed by government and industry to build a workforce that can protect America’s vital digital assets.

The MOU’s partnership supports many of the educational efforts responding to President Obama’s 2009 Cyberspace Policy Review, which called for the nation to “build an education system that will enhance understanding of cyber security and allow the United States to retain and expand upon its scientific, engineering, and market leadership in information technology.” Toward this end, in the spring of 2010, the National Institute of Standards and Technology (NIST) within the U.S. Department of Commerce led a team involving many departments and agencies across the government in launching the National Initiative for Cybersecurity Education (NICE). The goal of NICE is to establish an operational, sustainable and continually improving cyber security education program for the nation to use sound cyber practices that will enhance the nation’s security. NICE includes four focus areas, or tracks:  cyber security awareness, formal cyber security education, cyber security workforce structure, and cyber security workforce training and professional development. The public/private partnership, which the MOU fosters, will advance efforts of the formal education track, particularly responding to the needs identified in the Cyberspace Policy Review for a K-12 cyber security education program for digital safety, ethics, and security and for expanded university curricula.

NCEC members are also cognizant of the inherent demand for improved cyber security education in bolstering America’s future workforce.

Today, the U.S. faces a deficit in the number of cyber security professionals in our country, and predictions of our future needs are worrisome. Estimates from a recent study by (ISC)2 and Frost and Sullivan reveal a need of more than 700,000 new information security professionals in the Americas by 2015. What’s more, the U.S. Bureau of Labor Statistics estimate that there will be 295,000 new IT jobs created in the U.S. between 2008 and 2018 – many of which will require cyber security expertise. This data points out a great responsibility within the U.S. education system and other industry groups to help produce cyber capable citizens.

“Our children live in an interconnected technology-based world with a growing need for digital skill sets,” said U.S. Secretary of Education Arne Duncan. “An education that incorporates tools to understand, navigate and operate technology will encourage students to exercise awareness when using digital platforms while helping better prepare them for the jobs of the future.”

“This important MOU will add another dimension to the public/private partnership that is key to cyber security awareness and formal cyber education,” said Special Assistant to the President and Cybersecurity Coordinator, Howard Schmidt.  “Through the partnership, we will continue to increase public awareness of safe cyber behavior, as well as expanding the availability of the cyber education so vital to the future of our workforce.”

“Our future depends on a digital citizenry that can use the Internet safely, securely, ethically and productively,” said Michael Kaiser, executive director of the National Cyber Security Alliance. “Today, the United States faces a daunting challenge. We need to build a cyber security ready workforce trained to deal with a constantly changing digital infrastructure that is protected against a broad range of cyber threats. This broad effort is critical because cyber security and digital safety touches everyone.”

“With cyber threats on the rise, career opportunities in cyber security will continue to grow and students need to have the access to the necessary foundational STEM education and other prerequisites needed to pursue them,” said NICE National Lead, Dr.Ernest McDuffie. “Higher education and technical training must lead to skills and competencies that meet the hiring requirements of government and industry to fill the growing need for cyber security professionals. This working group will help pave the way to achieving this goal.”

“We are proud to convene and lead this new nationwide effort to help make cyber security education widely available and accessible,” said John Havermann, of EMC Corporation and president of the NCSA Board of Directors. “There is no organization or government agency that can tackle this problem alone. It’s going to take a diverse partnership between government, industry, academia and others to work together to develop shared priorities and a path forward.”

Cyber education is also critical to our nation’s economic growth as evidenced by a recent survey, conducted by Zogby International for NCSA and Symantec, of U.S. small business owners that shows a high portion of businesses need employees with cyber security skills. When employers were asked to rate skills necessary for new hires, U.S. small businesses report the following skills are very relevant or essential:

Understanding privacy (51%);

Importance of protecting intellectual property (49%);

Basic knowledge of using technology ethically (47%);

Basic knowledge of Internet security practices (passwords, identifying secure websites) (44%).

In addition, NCSA and Microsoft recently conducted research on the state of cyber security education and the results make clear better cyber education is needed in America’s K-12 classrooms.

 

More than one-third of U.S. K-12 teachers (36%) received zero hours of professional development training by their school districts in issues related to online safety, security and ethics in the past year. (86% received less than six hours of related training).

Only 51% of teachers agree their school districts do an adequate job of preparing students for online safety, security and ethics.

Few K-12 educators are teaching topics that would prepare students to be cyber-capable employees or cyber security-aware college students. In the past year, a mere 4% taught about careers in cyber security; 20% taught about knowing when it is safe to download files; 23% taught about using strong passwords; and just 7% taught about the role of the Internet in the U.S. economy.

 

Photo Credit


Cyberattacks on the Rise

AscentiveCybersecurity information from the Ascentive team

New cybercrime statistics published by HP reveal that the cost of cyber attacks has risen more than 50%* since last year, and IT security expert Stu Sjouwerman cautions that number is likely to grow. As the founder and CEO of Internet Security Awareness Training (ISAT) firm KnowBe4, Sjouwerman (pronounced “shower-man”) has made it his mission to learn the increasingly sophisticated tactics used by the latest generation of cybercriminals – and to educate small and medium enterprises (SMEs) on how to recognize and avoid them.

According to the Second Annual Cost of Cyber Crime Study, which was sponsored by ArcSight (an HP company) and conducted by the Ponemon Institute, survey respondents reported losses between $1.5 million and $36.5 million per year due to cyber attacks. Collectively, their median annualized cost was $5.9 million – a 56% increase over the $3.8 million figure reported in the July 2010 study. Other key findings announced by HP: the frequency of cyber attacks has increased nearly 45%, and the time and cost to resolve them has risen. The study’s findings indicate that a single attack now takes an average of 18 days and $416,000 to correct.

As many executives and entrepreneurs have learned the hard way, today’s cybercriminals are stepping up their efforts with stealthy tactics and sophisticated technology. This latest study shows that cyber attacks and their related costs are rapidly growing, so business need to be proactive in combating cybercrime if they want to avoid financial loss,” cautioned Sjouwerman.

To educate SMEs on the evolution of cybercrime – and help them better understand what they’re up against today – KnowBe4 provides an overview of the “Five Generations of Cybercrime” on its website. “While the first generation of hackers were more interested in notoriety than financial gain, today’s cybercriminals – Generation Five – are more likely to be operating within organized crime syndicates and profiting handsomely from their schemes,” Sjouwerman explained. “Coding skills are no longer required. Tools and malware are readily available through a thriving underground market, so even a relative novice could quickly get in on the action.”

Among the alarming developments Sjouwerman and his KnowBe4 colleagues are seeing today are:

  • · Licensed malware complete with technical support
  • · Cybercrime social networks with escrow services
  • · “Pay-for-play” malware infection services
  • · Botnet rentals for cybercrime sprees

Sjouwerman believes that the reason so many companies are falling victim to cybercrime is because they’re not taking proactive measures to prevent it. He attributes the growth of the criminal enterprise to a false sense of security among executives at SMEs and a lack of training among their employees. “Many people assume antivirus software and an IT team are sufficient protection against cyber attacks. But the fact is that cybercriminals can bypass corporate security measures simply by tricking one employee into clicking a link. With one click, malware can be instantly downloaded to a computer and quickly spread across an entire network. And in most cases, the employee is completely unaware he or she has just given cybercriminals open access to company systems.”

Photo Credit


New Studies show that Parents don’t Properly Protect Children from Cyber-Bullying

AscentiveSafe Internet Use Tips from the Ascentive team

With about half of young people experiencing some form of cyberbullying or other harassment online, a majority of parents with children under 18 say they are concerned about their children’s social networking activities and want to find ways to protect them. Most parents also admit, however, that they do not have the tools, knowledge or time to properly monitor their children on social networks—and many admit that they take no precautions at all. That’s according to two new studies released today by an online monitoring service.

According to the studies, over 69% of parents with children ages 10 – 17 say they are concerned about their children visiting social networking sites, with their biggest fears being, in order, contact from strangers, information being displayed online that shares their child’s physical location, postings that could tarnish their child’s reputation, and their child getting cyberbullied.

However, the data also shows that most parents do not take the proper precautions to ensure their child’s safety when visiting social networks. For example, even though 68% of parents believe that daily monitoring is a must because news on social networks spreads fast and needs to be resolved quickly, only 32% of parents say they actually monitor their child’s social networking activities every day, and 28% of parents admit they only occasionally, rarely or never monitor their child’s social networking activities.

Meanwhile, 66% of parents believe they should monitor all of their child’s Facebook activity including emails and chats, yet the most common monitoring technique stated—”friending” their child—does not allow the parent to monitor email, chats or many other activities where dangers could lurk. Even if a parent were to “friend” their child, it would be practically impossible and extremely time-consuming to monitor what all of their child’s friends are doing, especially since the average teenager has more than 200 friends on social networks. Many parents don’t realize that the greatest danger posed to their child on social networks isn’t what their child does, but what others do to or say about their child.

“Almost all parents agree that they have a responsibility to look out for their kid’s safety and well-being while they’re on social networks, but there is a serious gap between what most parents believe is sufficient monitoring and what they are actually doing, which in most cases is far from sufficient,” said George Garrick, chief executive officer of SocialShield. “Our goal is to evaluate every friend request, every comment, every photo and all other activities regarding our customer’s children—including by all their friends—so that we can alert the parents if there’s anything suspicious. It’s ironic that so many parents insure their cellphones or protect their computers with anti-virus software, yet fail to properly protect their children from potential threats that can be both physical and psychological.”

Unfortunately, suicides by teens who have been cyberbullied on social networks are a fact of life today, as are incidents of predators stalking and contacting young teen girls, with such contact often leading to tragic outcomes. About half of young people have experienced at least some form of cyberbullying, and 10 to 20 percent experience it regularly, according to the Cyberbullying Research Center, which also found that cyberbullying victims are almost twice as likely to attempt suicide compared to youth who had experienced no cyberbullying.

Since using a social network essentially requires the use of your real name and identity, many people (younger, more vulnerable teens in particular) often post excessive amounts of personal data including their daily habits and locations, not realizing they are leaving a real-life trail of who they are, what they do, and where they can be found.

Other findings from the report include:

  • 62% of parents feel that occasionally looking over their child’s shoulder while he/she sits at the computer in the family room is enough to monitor his/her activities effectively, even though 71% admit their child also accesses social networks from other places, such as at a friend’s house or the library.
  • 50% of parents admitted that “properly monitoring would take a lot of time and I’m sure there are things I’m not seeing”
  • 63% of parents say they frequently review who their child is friending on social  networks to make sure it is only people that he/she knows in real life (although it’s impossible for any parent to really know who a particular “friend” is)
  •  54% of parents say they monitor their child’s social networking account by logging into his/her account as him/her on occasion; only 5% say they are currently using a monitoring application that alerts them if there is something they should be aware of.

Steve DeWarns, a San Francisco Bay Area police officer said: “Whenever I’m speaking to parent organizations, I always tell them that you don’t know what you don’t know, and this data proves that while parents want to protect their kids on social networks, they don’t necessarily have time or even know the most effective way.  And at the most basic level, a large proportion of parents really don’t understand what social networks are and how they work, thus where the risks lie.”

 Photo Credit


New case study reveals that Training can reduce your Vulnerability to Cybercrime

Internet safety tips from the Ascentive team

New statistics published by Internet Security Awareness Training (ISAT) firm KnowBe4 indicate that formal training can substantially reduce an organization’s vulnerability to cybercrime. The findings, which are based on a case study of three KnowBe4 clients, revealed that between 26% and 45% of employees at those companies were susceptible to phishing emails. Implementation of ISAT immediately reduced that percentage by 75%; with subsequent 4-week phishing testing resulting in a close to zero phishing response rate across all three companies.

“As cyberheists continue to make headlines, it’s become clear that Small and Medium Enterprise underestimate the prevalence of cybercrime and the ability of cybercriminals to hack into their networks and bank accounts,” said Stu Sjouwerman, founder and CEO of KnowBe4. “Many executives erroneously assume that their IT departments and antivirus software will identify and block any cyberheist attempts. The fact of the matter is though, that all it takes is one employee clicking on a phishing email gives the bad guys a backdoor to your network. Cybercriminals use that weak link (employees) to bypass your antivirus software and gain full access to your systems. Our research has proven that Internet Security Awareness Training can close that hole; but organizations need to take the initiative to implement a formal, company-wide program.”

KnowBe4’s recent client case study showed that between a quarter to a half of employees were phish-prone before receiving Internet security training. If a cybercriminal had targeted any of those companies prior to their implementation of ISAT, there could have been serious implications. The initial test involved sending a simulated phishing email to employees before the first ISAT session to see how many would fall for a phishing attempt. The results were alarming; KnowBe4’s phishing statistics revealed an average 36.67% click rate among the three companies:

•   Company A (28 users):  45%

•   Company B (95 users):  39%

•   Company C (76 users):  26%

Following the preliminary free phishing security test, KnowBe4 conducted company-wide training. After that 30-minute on-line training, a series of five different simulated phishing emails were sent to users. The emails and the order in which they were sent varied by company; and the simulated phishing attacks encompassed a number of different topics, which ranged from bank account unauthorized access alerts, to Twitter notifications, to requests that appeared to be sent from the companies’ own IT departments. After the first email in the post-training test campaign, Company A’s Phish-prone percentage dropped to 28%, while Company B and Company C had a 0% click rate; resulting in an average of 9.33% across the three organizations. That represents an immediate overall 74.55% reduction in phishing susceptibility after the first training session.

Supplemental training decreased the phishing response rates even further. The second email in the campaign netted only a 7.10% response rate from Company A, while Company B and Company C held steady at 0%. Following the third email in the series, Company A had joined Company B at 0% phishing susceptibility, while Company C had a 1% response rate. The fourth email in the campaign – a message that appeared to have been sent from the companies’ own IT departments – fooled some employees at Company A (3.5%) and Company B (10%), while Company C had no clicks. By the fifth email in the test campaign, all three companies had achieve a 0% Phish-prone rate; representing a full 100% reduction in susceptibility to phishing tactics.

Sjouwerman noted that the initial pre-testing phishing response rates are indicative of phishing susceptibility among small and medium enterprises (SMEs) as a whole, making these businesses especially vulnerable to cybercrime. “The media often tend to focus on high-profile cases, like the recent hacking incidents at Sony and Lockheed Martin. Cybercriminals target smaller companies and non-profits all the time; it’s just that those cases don’t always make national news. As a result, many SMEs have a false sense of security, thinking that nobody is going to bother going after them with so many larger, more successful targets out there. The reality is that cybercriminals know SMEs are less likely to have effective security measures in place – and they’ll go anywhere they can find an easy way in. We recently published a case study about an attempted $150,000 cyberheist at a Boston branch of the United Way. If someone at the charitable organization hadn’t been especially vigilant, those funds would be in the hands of overseas criminals instead of helping local citizens in need. My point is that cybercrime can – and does – happen everywhere. That’s why Internet security awareness training is so important.”


Cybercrime Statistics Expose Five Industries Most Susceptible to Phishing

Business news from the Ascentive team

Internet security awareness training firm KnowBe4 has released new cybercrime statistics that identify the nation’s most Phish-prone industry sectors, which are those most susceptible to cybercrime ploys. The top five industries vulnerable to cybercrime include travel, education, financial services, government services and IT services. These findings are based on a recent phishing experiment KnowBe4 conducted among small and medium enterprises featured in the latest Inc. 500 and Inc. 5000 listings.

Using the Inc.com website to obtain domain names and a free data-gathering service to find publicly available email addresses, KnowBe4 sent out a simulated phishing email to employees at more than 3,500 companies. Individuals who clicked the link were directed to a landing page that informed them they had just taken part in phishing research. The emails were successfully delivered to about 29,000 recipients at 3,037 businesses; and in nearly 500 of those companies, one or more employees clicked the link. Because of the potential for Internet security breaches among these businesses, KnowBe4 dubbed them the “Fail 500.”

“Any business that provides access to email or access to its networks via the Internet is only as safe from cybercrime to the degree that its employees are trained to avoid phishing emails and other cyberheist schemes. The more employees within an organization that use email or go online, the greater the risk of exposure to cybercrime,” said KnowBe4 founder and CEO Stu Sjouwerman.

KnowBe4 conducted a comprehensive data analysis of its FAIL500 study results, which included categorizing the companies into 25 industry sectors. The findings revealed that some industries are particularly vulnerable to cybercrime. Based on the percentage of companies in each sector that responded to the phishing email, the most Phish-prone industries are:

  • Travel – 25%
  • Education – 22.92%
  • Financial Services – 22.69%
  • Government Services – 21.23%
  • IT Services – 20.44%

Cybercriminals have become very sophisticated in their tactics, and Sjouwerman notes that they often target businesses through official-looking emails that appear to be sent by government agencies, business partners or even company executives. “Many of the top Phish-prone industries are regulated and subject to compliance rules, so well-meaning employees can be tricked into clicking a link if they believe an email was sent by a government or law enforcement agency, or by someone they know and trust. And with just one click, malware can be instantly uploaded to a system – bypassing both antivirus software and IT firewalls. A cyberheist can be underway within minutes.”

According to YourMoneyIsNotSafeInTheBank.org, small-business accounts suffered more than $40 million in cybercrime losses as of 2009. The website also cites FDIC figures indicating this type of crime increased five-fold within a 12-month period, and notes that the FBI is tracking hundreds of related cases. Small and medium-sized organizations have become the primary targets of the Eastern European hacker gangs behind this frightening new crime wave. These cybercriminals tend to prey on smaller businesses and banks that lack the cyber-fraud controls many larger institutions have in place.


Sony Apologizes for Network Breach

From FinallyFast

On Sunday Sony executives bowed in apology for a security breach in the company’s PlayStation Network that compromised the personal data of some 77 million user accounts. Kazuo Hirai, chief of Sony Corp.’s PlayStation video game unit, said parts of the service would be back this week and that the company would increase security measures, and promised that the company’s network services were under a basic review to prevent a recurrence. He also said the FBI and other authorities had been contacted to start an investigation into what the company called “a criminal cyber attack” on Sony’s data center in San Diego, California.

Sony said account information, including names, birth dates, email addresses and login information, was compromised for players using its PlayStation Network. Hirai asked all users to change their passwords, and noted that even though it had no direct evidence the data were even taken, it cannot rule out the possibility. He said data from 10 million credit cards were believed to be involved, and that Sony still does not know whether information was stolen or not.

Sony has now added software monitoring and enhanced data protection and encryption as new security measures, and will offer complimentary downloads and 30 days of free service worldwide. The network, which serves both the PlayStation video game machines and Sony’s Qriocity movie and music services, has been shut down since April 20. It is a system that links gamers worldwide in live play, and also allows users to upgrade and download games and other content. Hirai said Sony suspected it was under attack by hackers starting April 17.

According to Sony, of the 77 million PlayStation Network accounts, about 36 million are in the U.S. and elsewhere in the Americas, while 32 million are in Europe and 9 million in Asia, mostly in Japan. Pressure is mounting on Sony to restore services and compensate players. U.S. lawmakers have sent a letter to Hirai demanding answers by May 6 about the security breach and Sony’s response. Hirai said he had read the online version of the letter and would answer the questions as soon as possible.

Last month, U.S. lawyers filed a lawsuit against Sony on behalf of Kristopher Johns for negligent protection of personal data and failure to inform players in a timely fashion that their credit card information may have been stolen. The lawsuit seeks class-action status. Hirai said the network problems would not hurt or delay Sony’s product plans, which includes an upgrade to the PlayStation Portable and a gradual global rollout of the Qriocity service. Hirai denied Sony had purposely held off on releasing information about network problems, a criticism that some have expressed. He also said the service was shut down to prevent damage, and that time was needed to find out what had happened and who was responsible.