Thursday, January 28, 2010

BLACKHAT Solutions Urges Custom Information Security as Hackers Target Business Data

While big bank cyber-fraud and exposed military secrets make headlines as the new decade begins, the data secrets of ordinary businesses are equally vulnerable to hacker penetration. In the absence of protective legislation, no company can afford to rely on do-it-yourself network security because liability for leaks remains with the owner of the stolen data.

Off-the-shelf security products still play a role, but on their own are simply not adequate to protect a company’s sensitive data to the foolproof standard of protection that online transactions and data storage requires

(PRWEB) January 28, 2010 -- BLACKHAT Solutions is warning small to medium businesses of their financial and legal susceptibility in the face of increasingly sophisticated data hacking. The company, an IT security specialist, claims the tendency for complacency, despite an increasing dependence on online transactions, is putting business' network security at risk. It predicts that manual analysis and tailored security solutions, rather than the automated alternative, will become standard practice this decade for businesses reliant on e-commerce. Screening systems using off-the-shelf software will not compete with the human touch necessary to protect data and client privacy as hackers’ expertise outstrips even the biggest name software suppliers’ efforts to thwart manipulation.
It’s not the safety of data and business records alone that poses an urgent business threat in the new age of cyber-fraud, according to Max Emeline, Director and Project Manager of BLACKHAT Solutions. Current privacy obligations for Australian business mean that the party that owns the data is liable even when information is stolen and misused.

Web Hacking Incidents Report 2008
Web Hacking Incidents Report 2008
“Depending on how stolen data is used, it’s the original owner of that data that can be sued if personal information particularly, is exploited. The potential for financial impact on an organisation could be disastrous,” said Emeline.

“Off-the-shelf security products still play a role, but on their own are simply not adequate to protect a company’s sensitive data to the foolproof standard of protection that online transactions and data storage requires.”

Recently reported security threats and in some cases infiltration of social networking sites, financial institutions and large online retailers highlight the refinement of hacking to a level able to conquer organisations regarded as operating with the ultimate levels of information security, according to Emeline.

In January 2010, the Australian Department of Defence opened its Cyber Security Operations Centre in Canberra, which is staffed by 130 IT experts. An average of 200 electronic security investigations were carried out at the Department during each month of 2009.

“If the household name companies and government departments are being targeted, it makes sense that average businesses are definitely vulnerable,” said Emeline.
With privacy breaches and their legal implications a genuine threat and generic software reliable only to a point, the best options for business are to block attacks before they happen. To cover all possible hacking possibilities “you need to think like a hacker”, says Emeline.

“Prevention is the best weapon against the risk of cyber-fraud, with manual auditing the only real guarantee of ongoing security. BLACKHAT Solutions has tested systems for retailers, investment companies, software engineers, marketing companies and for social networking sites, among others. The advantage of a hands-on investigation is that variations of likely attack scenarios are trialled according to the unique characteristics of the business. When testing is tailored to a company’s particular dynamics, a 99.9 per cent guarantee of impenetrable protection is realistic, unlike other available methods. Automated systems simply can’t match that level of foolproof security in the face of constantly changing IT threats,” said Emeline.
Increasingly, even IT companies are outsourcing security audits to specialists like BLACKHAT Solutions to scrutinise software and systems. But outside the IT arena, there’s almost no business that wouldn’t benefit from putting its online systems or data storage facilities to the test, whether or not in-house IT support is available.
“Businesses seeking data security services should look for manual testing that offers a mix of relevance depending on their available IT resources. It’s an investment in business security that could save hundreds of thousands of dollars,” said Emeline.

Where high-level in-house system administration or programmers are on staff, Emeline recommends an audit report that simply outlines specific threats. He says companies with only limited IT personnel should go to the next level and commission a summary of the threats along with their technical solutions, “but to be most effective, it’s important in both cases that the analysis is written by the same person who ran the tests,” he says.
Many of BLACKHAT Solutions’ clients engage them for the full service of risk identification, a solution summary followed by total threat elimination, which can involve configuration of server hardware and re-writing of application code.

About BLACKHAT Solutions

BLACKHAT Solutions team addresses the security dangers of online transactions and data protection, providing clients with tailored and precise solutions to information security risks, as well as ongoing support and protection. The company has developed and refined in-house tools and techniques by specialist programmers, consultants and security advisers. BLACKHAT Solutions has earned solid reputation within financial, legal and online retail enterprises for its ethical business practices and top-level confidentiality.

See Also:

[Via Legal / Law]

No comments: