How to Protect Your Network From Cyber Attacks
There are three measures network administrators can take to avoid the types of network attacks that plagued U.S. and South Korean websites including www.whitehouse.gov, NASDAQ, NYSE, Yahoo!'s financial page and the Washington Post. The three areas to focus on are network based mitigation, host based mitigation and proactive measures.
Network based mitigation * Install IDS/IPS with the ability to track floods (such as SYN, ICMP, etc.) * Install a firewall that has the ability to drop packets rather than have them reach the internal server. The nature of a web server is such that you will allow HTTP to the server from the Internet. You will need to monitor your server to know where to block traffic. * Have contact numbers for your ISP's emergency management team (or response team, or the team that is able to respond to such an event). You will need to contact them in order to prevent the attack from reaching your network's perimeter in the first place.
Host based mitigation * Ensure that HTTP open sessions time out at a reasonable time. When under attack, you will want to reduce this number. * Ensure that TCP also time out at a reasonable time. * Install a host-based firewall to prevent HTTP threads from spawning for attack packets
Proactive measures
For those with the know-how, it would be possible to "fight back" with programs that can neutralize the threat. This method is used mostly by networks that are under constant attack such as government sites.
Business Insider
12 Quick Internet Safety Tips That Will Save Your Digital Life From Getting Hacked

* Lisa Eadicicco * * May 28, 2014, 9:50 PM

If we've learned anything about cyber security in 2014, it's that hackers are becoming more of a threat than ever before.
Within the past two months companies such as Microsoft, AOL, and eBay have been the victim of security breaches.
And let's not forget about the Heartbleed bug — a giant vulnerability that was discovered within an encryption protocol that guards a massive chunk of the internet.
If you've been laid back about your online habits, now might be a great time to change your ways.
Here are some tips to help prevent your digital life from being stolen, whether it be a password breach or an internet-wide vulnerability.
Make sure you've got a superstrong, unique password. In other words, ensure that your password is difficult to guess. One way to come up with a creative password is to brainstorm a random sentence. Take the first letter of each word in that sentence and use that acronym as the base for your password.
Don't use the same password for multiple services. Using the same term for all of your passwords leaves your entire digital life vulnerable to attack. This means that if a hacker has one password, he or she has all of your passwords.
Enable two-factor authentication. Many services, including Google, offer two-factor authentication for logging into your account. Instead of simply entering a username and password to log in, the website will prompt you to enter a code sent to your smartphone to verify your identity.
Apply software updates when necessary. Apple, Google, and Microsoft typically include security bug fixes and patches in their most recent software updates. So don't ignore those annoying prompts and keep your software up-to-date.
Carefully read the permissions before installing apps. This is one of the most prominent ways in which malicious apps can gain access to your personal information. These types of issues have been especially present in the Google Play store. A lot of apps ask for a lengthy list of permissions, and that doesn't mean they're all ill-intentioned. But it's important to be aware of the types of information your apps are accessing, which can include your contacts, location, and even your phone's camera.
Check the app publisher before installing. There have been numerous instances in which scammers have published apps in the Google Play store posing as another popular app. For example, in late 2012 an illegitimate developer posted an imposter app in Google Play pretending to be "Temple Run." A quick look at the publisher shows that the app comes from a developer named "apkdeveloper," not the game's true publisher Imangi Studios.
Avoid inserting hard drives and thumbdrives you don't trust into your computer. If you find a random USB stick, don't let your curiosity tempt you to plug it in. Someone could have loaded malware onto it hoping that an interested person was careless enough to insert it into their device. If you don't trust the source, you're better off not putting your computer at risk.
Make sure a website is secure before you enter personal information. Look for the little padlock symbol in front of the web address in the URL bar. Also, make sure the web address starts with the prefix https://. If these things aren't there, then the network isn't secure and you shouldn't enter any data you wouldn't want made public.
Don't send personal data via email. Sending critical information such as credit card numbers or bank account numbers puts it at risk of being intercepted by hackers or cyber attacks.
Keep an eye out for phishing scams. A phishing scam is an email or website that's designed to steal from you. Often times, a hacker will use this email or website to install malicious software onto your computer. These web entities are designed to look like a normal email or website, which is how hackers convince their victims to hand over personal information. Phishing scams are typically easy to spot, but you should know what to look out for. Many of these emails contain spell errors and are written in poor grammar. Here's a great example of a standard phishing email from Microsoft's security blog:
Microsoft
Avoid logging into your important accounts on public computers. Sometimes you've got no choice but to use a computer at the coffee shop, library, or local FedEx. But try not to do it frequently, and make sure you completely wipe the browser's history when you're finished.
Back up your personal files to avoid losing them. You should keep a copy of all important files in the cloud and on some sort of hard drive. If one of them gets hacked or damaged, you'll still have a backup copy. http://www.businessinsider.com/how-to-prevent-cyber-attacks-2014-5 Read more: http://www.businessinsider.com/how-to-prevent-cyber-attacks-2014-5#ixzz3MjPtIFLs

* Rhoda Woo & Mike Monday * October 31, 2011 * Featured Article, Governance
How to Make Executive Boards Unattractive to Cyber Threats
Once symbolizing a guiding light to safety, beacons have taken on a more insidious meaning in cyberspace. To cyber criminals, they signal the ease with which sensitive corporate data that is potentially related to CEO succession planning, mergers or other board activities may be compromised or stolen. It’s a growing problem with serious consequences largely due to: * Increasingly sophisticated techniques to target individual executives * Dual-business and personal use of mobile devices * Unsecured dissemination of information through portals via open networks * The trend of greater transparency in board interactions and communications
Without proper safeguards, executive boards are attractive targets for cyber criminals looking to exploit digital vulnerabilities to gain access to sensitive corporate data and intellectual property. To defend against this, boards must examine how their own usage practices may be contributing to greater organizational risk.
Here are three critical areas of exposure to consider:
1. Phishing
Phishing is the criminally fraudulent process of attempting to acquire sensitive information—such as usernames, passwords or other personal credentials—by masquerading as a trustworthy entity in an electronic communication. Hackers typically go “phishing” by email or instant messaging, instructing users to enter details at a fake website that looks like the legitimate one. This form of cyber threat is on the rise as hackers increasingly target mobile devices and use social networking data to legitimize phishing requests.
At issue: Once primarily directed towards consumers, phishing now increasingly targets corporate board members, raising the stakes. Known as “whaling,” this technique is used by cyber criminals to steal board members’ personal identities and system credentials to gain access to enterprise systems, sensitive corporate information and intellectual property.
Many organizations have yet to position themselves effectively to ward off evolving threats posed by phishing and its selective targeting methods. But if attacks are successful, they can cause damage to both brands and board member reputations.
2. Mobile Devices
Valued as convenient productivity tools, mobile devices are here to stay. As board members serve on multiple boards and subcommittees worldwide, they are rapidly adopting and extending their use of smartphones, tablets and laptops. And they are demanding greater choice, flexibility and capabilities. Frequently leveraging these devices for personal and business use, they are often commingling personal and business data in the process.
At issue: Among the most obvious risks is the loss or theft of devices and the sensitive board information and other confidential materials that may have been stored on them. Mobile devices also are highly susceptible to malware threats.
For example, common attacks can involve enabling remote control of a smartphone via malware that interacts with the smartphone’s short message service (SMS) to steal contacts, messages and International Mobile Equipment Identification (IMEI) and International Mobile Subscriber Identification (IMSI) numbers. Attackers use IMEI and IMSI numbers to uniquely identify the victim device so they can send messages that appear to originate from that user’s device.
Without policies to address security gaps caused by Bring Your Own Device (BYOD) practices, organizations leave the door wide open to cyber intruders intent on data theft.
3. Hacktivism
A new breed of hackers, “hacktivists” engage in cyber schemes to further their own political or social agendas, including shareholder activism. They do so by taking advantage of public intelligence found on the Internet to target people of interest. Board members can be in the crosshairs based on information to which they have access, and common knowledge that most of that information may be stored on devices outside of enterprise control.
At issue: Hacktivists collect public intelligence on targeted board members to initiate social engineering, or seemingly legitimate contact, with a goal of fraudulently gaining access to sensitive information, including personal system credentials. Through social engineering hacktivists are often able to gain access to enterprise systems leading to deeper levels of sensitive corporate information. Hacktivists may also have access to details that expose technical security vulnerabilities that may be exploited to carry out future cyber attacks.
How to prevent cyber attacks
Through phishing, hacktivism and other sophisticated techniques, cyber criminals are targeting high-profile board members by capturing sensitive digital information and using it for their own purposes. The widespread use of mobile devices in the workplace—and a lack of appropriate security measures— has made this easier. Organizations can take steps to combat these threats:
Promote Ongoing Security Awareness
The failure of users to understand and follow enterprise security policies is a major reason for data loss. To that end, actions should be taken to refresh board members on the basics such as mobile device standards, current phishing schemes and how to encrypt documents. Also essential is an ongoing communication and awareness plan to consistently reinforce policies and advise the board of any updates or changes.
Prevent Phishing and Hacktivism
Mitigating these threats takes a proactive and collaborative approach, including the adoption of a cyber-intelligent security strategy focused on the collection and careful analysis of timely, relevant and actionable threat data. By better understanding what may constitute risk—and predictive modeling that gauges the likelihood of an attack— organizations can take preventative measures to thwart possible intrusions.
Protect Mobile Devices from Intrusion
When a mobile device is lost or stolen, enterprises can employ remote “wiping” techniques that delete all data from the device in question. Management of this function may require corporate management of all mobile devices used for business, as well as modification to any existing BYOD policy. In addition, encryption capabilities strengthen security and should be activated on all mobile devices. Ultimately, a thorough assessment should be performed to prevent infection from existing and emerging malware attacks.
Cyber attackers are hard at work, devising new methods of intrusion to disrupt business and embarrass corporate boards through targeted data theft. Because of the potential fallout, enterprises must operate from a state of readiness—and take appropriate, intelligent action—to combat the threats they pose.
This article contains general information only and Deloitte is not, by means of this article, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This article is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte, its affiliates, and related entities shall not be responsible for any loss sustained by any person who relies on this article.
This publication contains general information only and Deloitte is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor.
Deloitte shall not be responsible for any loss sustained by any person who relies on this publication.
Copyright © 2011 Deloitte Development LLC & Corporate Compliance Insights. All rights reserved. 1. How To Prevent Cyber Attacks - Corporate Compliance Insights ... www.corporatecomplianceinsights.com/is-your-cyber-beacon...