Formalize well defined Cybersecurity Policy

The first concern in development is security and emerging online threats. According to the Global Development Survey 2017, released by Evans Data Corporation (EDC), only 31% of companies formalize cybersecurity policy. The 34 percent have an informal policy adopted by various departments, while roughly 25 percent have a piecemeal system defined within departments or none at all.
The data size of the survey was 1500 developers from different regions in different languages. The report reveals that APAC companies are most likely to have an overall formal cybersecurity strategy. The businesses in North America and the EMEA region have informal policies, and businesses without policies are most common in EMEA.
The report shows 26%of developers globally developing apps to run on secure and trusted systems, but within the next six months, 19% expect to start doing so.

Internet threats and its solution

Threats

• The vulnerabilities like Heartbleed and ransomware like WannaCry, Spectre, and Meltdown flaws in Intel chips
• Growing hackers exploitation with sophisticated tools that hunt for known vulnerabilities of any website.
• A network of infected computer and devices
• Malicious internets traffic attacks such as an HTTPS Flood and DNS Amplification DoS Attack
• According to the survey conducted by Clutch, a leading research and reviews platform for business services, over 50% of websites collect visitors' email addresses, creating the possibility of privacy breaches. Inconsistent security measures increase the risk of visitor's privacy and greatest security risk to consumers. Clutch's 2017 Website Security Survey included 302 site managers who built or maintain a web site for personal, business or other use.
• SSL misconfiguration
• Cross-site scripting attacks
• Malicious domain registrations & Phishing: According to the report of Anti-Phishing Working Group (AWPG), 2016, malicious use of the domain name system reached an all-time high, accounted for half of all domain names used for phishing in 2016. The AWPG report reveals 255,065 unique phishing attacks globally in 2016.
• Phishing: Cybercriminals set up web pages that masquerade as reliable brands, such as banks and e-commerce sites (PayPal, Yahoo, Apple), where they lure victims and by trick get sensitive information such as usernames, passwords, and credit card details. The intensity and sophistication of phishing techniques are constantly rising. The hackers by using deviously coded phishing sites attempt to steal login credentials and ultimately seek monetary gain or insider information. Even the fake login pages found to have had valid Secure Sockets Layer certificates, giving the phishing landing pages a veneer of legitimacy.
• Domain shadowing: When an unsuspected company’s DNS settings are manipulated to insert multiple phishing sites onto the firm’s servers.
• Defacement: Original content replaced with the material put by cyber-criminals to push their agenda.
• SEO spam attacks: Once hacker gain access to the site, deploy files containing SEO keywords and link them to untrustworthy websites.
• Mobile web browsers unintentionally help obfuscate phishing URLs by truncating them, making it harder to discover the deception

Solution

• Automatically and regularly updated antivirus software and anti-spyware: Automation of security products in response to changing the environment and to protect against viruses, spyware, and other malicious code.  Fast removal of malware, hack repair and blacklisting by Google, Norton, and McAfee.
• Deployment of Firewall to block malicious traffic and requests. It would encrypt information and make it secure and hidden.
• Continuous monitoring and scanning to detect security holes or issues and get automatic remediation capabilities.
• Site owners keep their systems up to date which includes Operating System, applications, and add-ons.
• Proper Server Ecosystem: To keep the business running smoothly, hosting provider offers Backup & Restore Solution. Even if worst happens, a perfect backup makes it possible. Even, if you are on cloud computing, it is recommended to have a robust backup solution.
• Businesses take active measures to protect their web hosting and email services.
• Pay attention to the destination URL, while entering credentials.
• Get familiar with file Structure and review it periodically for changes or suspicious content.
• Use strong passwords which include capital letters, lowercase letters, numbers, special characters and random structures.
• Necessary education and basic precautions to avoid phishing attacks. Users must be able to make distinction between legitimate and fake website.
• Pay attention to email content containing links or prompts to download an attachment, as they can trigger malicious activity.

CyberInsurance – Insuring against hacks and breaches

According to the Organisation for Economic Co-operation and Development, the US cyber-insurance market is blooming with around $3 billion in premiums and growing steadily at a rate of 30% every year. The insurance company has created the model or algorithm to quantify different types of risks to calculate the premium.

The policies tend to accommodate:

• First-party liability coverage which includes online extortion payments, renting temporary facilities during an attack, and lost business due to systems failures, cloud or web hosting provider outages, or even IT configuration errors.
• Lower deductibles and coverage for hardware replacement costs
• Third-party liability coverage associated with breach class-action lawsuits or settlements.
• The additional coverage for customers adopting specific technology partners.

Cyber-Insurance Companies

• Allianz in partnership with Aon, Apple, and Cisco
• Chubb with CrowdStrike and FireEye
• XL Catlin with Clarium, Venable, and NetDiligence
• Zurich with access to Deloitte cybersecurity consulting services

Organizations & Laws

• From May 25, The European Union General Data Protection Regulation would go into effect
• Malware and Mobile Anti-Abuse Working Group M3AAWG, an organization that aims to fight abuse of internet infrastructure
• eQualit.ie, a Canadian-based nonprofit offers Deflect Service to protect against DDoS
  co-founder: Dmitri Vitaliev

Latest News

• (October 28, 2019) BBC and other media reported, a massive cyber-attack on a server owned by Proservice. It takes down 15,000 defaced websites, which includes the private sector, personal, business, a local newspaper & media organizations, general jurisdiction courts, state agencies, government, and Georgian President Salome Zurabishvili. The home pages replaced with images of former President Mikheil Saakashvili and a banner stating, “I'll be back.” Saakashvili is wanted on multiple criminal charges in Tbilisi and is in self-imposed exile in Ukraine.
• (October 24, 2019) Security firm Lookout Inc. detected and publicized sophisticated mobile-aware spear-phishing campaign that has been live since March 2019 targets United Nations, UNICEF, Red Cross and other humanitarian aid organizations . It attempts to gain account credentials for Okta, Office 365 and Outlook. It can detect mobile devices. An attempt was made to grab user credentials using fake websites, by logging keystrokes in real time. The keylogger negates the need for a victim to complete attempting to log in, capturing the password regardless of that final process.
• (Aug 07, 2018) Tabitha Isner, the Democratic candidate, is a minister and business and policy analyst in Alabama's 2nd Congressional District, says Russian hackers tried to breach her website and made 1,400 attempts in July 2018. She reveals that hackers were trying to log in manually to the site. The web hosting company reported a sudden surge of traffic to the campaign website. The activity reported to the Federal Bureau of Investigation and the Democratic Congressional Campaign Committee.
• 21st Black Hat 2018 in Las Vegas on 08 August
  The most extensive information security event in which the cybersecurity community which includes more than 17,000 security experts, analysts, and hackers expected to attend for a combination of 80 training and 120 briefings by experts.
• (2017) Equifax, United States data breach exposed personal information of 145+ million people. The Property Claim Services estimates that cyber-insurance would cover approx. $125 million of loses from the incident. The company collects the consumer's data, which includes social security information, full names, addresses, credit card information, and payment history.
• In June 2010, Cybersecurity researchers revealed the Stuxnet explicitly designed to target equipment used by Iran’s effort to develop nuclear weapons.