A disaster by any other name...is still a disaster

There was a hurricane, her name was Katrina. Now I realize it's 2014, not 2005. But I have point, I promise. 

Most people remember Katrina, vividly, in fact. About 3 years ago I worked with a CIO that had been at Tulane University at the time she hit. He recalled after the disaster, the IT folks, himself included, got into small boats and recovered servers that were under water or in standing water inside the university. 

What?! Yes, they actually did this and it's not that much of a surprise, unless he lied to me. Either way, it's a great example of a poor disaster recovery. While most people probably wouldn't have cared an ounce if those servers were recovered or not, it is impressive that they went to such lengths to retrieve that data. Although, should they have had too? 

In our modern world, we have crazy weather (coughKatrinacough), people blowing up buildings, earthquakes, auto/plane/train accidents, fires, etc. that can cause the need of a disaster recovery plan in place for an organization to try to secure the integrity of their data and recovering it, should they need too. 

But how does a company do that? Well they build what's called a contingency plan.  Analyzing the business impact and their response plan should something disaster-ish. Then they develop a disaster recovery and business continuity plan. Granted it's a lengthy process, but the worthwhile is not having to get in a boat after a huricane and go "rescue" servers from a server room. Had they planned their disaster recovery better it would have been backed up, off site, and those servers could have floated away and it wouldn't have mattered. 

While we (IT professionals) tend have a lot of different issues on our plate with regards to making our IT world go round...I think we sometime miss the important stuff. Like disaster planning. 

My mom always told me, "it's better to have it and not need it...than need it and not have it."

Well said mom! Now to get the IT folks on board with this mind set.

Oh Sony, Poor Sony...

Cnet once again has reported that Sony has been hacked. Seriously? Dang Sony, you can't catch a break! This time though it was the Playstation Network, unlike two weeks ago where malware hit Sony Movie studio by presumably by a North Korean group; Guardians of Peace. 

This week the Sony Playstation store was taken offline by a so claimed group or individual named; the Lizard Squad. Their actions bringing users to a halt when trying to access the online store and while it's not clear if private information was compromised or not, it still caused some frustration to users. However, the previous incident of the Sony Movie Studio was reportedly claimed to compromise employee social security numbers and passwords. The group claiming that Sony needed to "immediately showing the movie of terrorism which can break the regional peace and cause the War (cnet.com, 2014)!" 

While if anyone remembers this year in the summer of 2014, Sony's Playstation store was hit at that time as well. Sony, oh Sony. Why do you keep getting hacked? Where are your safe guards? Clearly, Sony needs a re-vamp on their security. 

These re-occurring incidents seem to scream loudly “come at me bro”. And while it might be apparent they keep getting their security breached, I am curious what steps they are taking to resolve these frequent incidents?  With Christmas fast approaching, those PS4’s flying off the shelves…I wouldn’t put much faith that while you are enjoying your high def video game at $60 bucks a pop…that your private information is really secure. 

Well…at least not yet.

Source: http://www.cnet.com/news/sony-hacked-again-this-time-the-playstation-store/

Tis the season for Cyber Crimes

Alright lets be honest here, every time is the time for cyber crimes in our modern day lives, but the holidays tend to bring more to the for front than most.

While days like Black Friday and Cyber Monday drive shoppers to bargains in stores and online for their holiday gift purchases, the cyber criminal also plans ahead. Sending out Phishing emails from supposed banks, reporting account issues. It includes a link to the "website" which looks like the bank's site, but isn't. The user attempts to login and BAM personal information stolen. OR even more clever, the criminals send out sale announcement type email with a popular store or brand. Luring the customers to click on the link inside the email that again takes them to a fake website that looks like the real one, getting them to buy items and stealing their information. The customers never get their items and their privacy has been compromised.

How do consumers avoid this? Well there are a few things to remember. Never click on links inside emails, just go directly to the site. Also check the site for security; it will have a https vs. http AND many have a icon that looks like a pad lock either in the top of the browser window or the bottom.

The big thing is to go slow, double check everything, keep confirmation emails/numbers for all purchases, use a credit card (those are easier to fight a identity theft problem, and if it seems to good to be true...it probably is. And keep in mind that while Black Friday and Cyber Monday may have gone, the criminals and their attempt to trick you, have not.

Source: http://www.cnet.com/news/cyber-monday-beware-the-malware/

Try as we might….Malware will still bite…

Most people don’t really think about malware too much or if they do, they lump it in the same category as a virus. And while most IT professionals or folks that consider themselves the un-novice computer user, think they are immune. Sorry folks…your not, and neither is apparently anyone now a days. Just this week my husband, who has setup networks and build towers back in the day found malware on his machine.

When a personal computer for the home user get malware it’s a rough process to clean their computer. However, when companies get malware, it makes for ticked off customers and for the company, a whole lot of money, time and clean up. 

Trending this week the new malware of the day is Regin. According to Cnet.com, it is a tricky little bugger, “Regin avoids detection with a specialized design as it ferrets out critical information. It's been used since 2008 to infiltrate email databases, monitor network traffic, steal passwords, snag screenshots and record mouse clicks (cnet.com, 2014).”

And while it appears that that this malware in particular doesn’t affect the English speaking world, but rather the non-English speaking parts of the world; I say it’s only a matter of time. Although the so-called experts are claiming this one wouldn’t be worth the modification to be used in the English speaking world…again I say only a matter of time. The technology used to infiltrate and steal confidential information (credit card numbers, social security numbers, etc.) , is advancing and its not going away anytime soon. It might not be Regin, but it will be something.

If we, as a society, don’t get a handle on our information security…someone else well and it probably won’t be the good guys. More steps need to be taken to create policies, accountability, and better security for the consumer or else companies like Target or Home Depot will lose customer loyal if they lack the faith in the organizations procedures to keep them safe. I think it's time companies...bite back! 

Source: http://www.cnet.com/news/advanced-regin-malware-poses-biggest-threat-outside-us/