Tracking down the perpetrators
BY SANDY STRASSER
(Published in The Produktkulturmagazin issue 4 2016)
As people conduct more of their private lives online, attackers are increasingly focused on using the intersection of the physical and digital world to their advantage. In 2015, the American software company Symantec saw a resurgence of many tried-and-true scams. Cybercriminals revisited fake technical support scams which saw a 200 percent increase last year.
Symantec Corporation, the world’s leading cyber security company, helps organisations, governments and people secure their most important data wherever they are located. Organisations across the world look to Symantec for strategic, integrated solutions to defend against sophisticated attacks across endpoints, Cloud and infrastructure. Its Internet Security Thread Report (ISTR), Volume 21, reveals an organisational shift by cybercriminals: They are adopting corporate best practices and establishing professional businesses in order to increase the efficiency of their attacks against enterprises and consumers. This new class of professional cybercriminals spans the entire ecosystem of attackers who exploit lucrative security loopholes – collecting and selling on the data of private individuals in the process. “Advanced criminal attack groups now echo the skill sets of nation-state attackers. They have extensive resources and a highly-skilled technical staff that operate with such efficiency that they maintain normal business hours and even take the weekends and holidays off,” said Kevin Haley, Director, Symantec Security Response. “We are even seeing low-level criminal attackers create call centre operations to increase the impact of their scams.”
Advanced professional attack groups are the first to leverage zero-day vulnerabilities, using them for their own advantage or selling them to lower-level criminals on the open market where they are quickly commoditised. But also data breaches continue to impact the enterprise. In fact, large businesses that are targeted for attack will on average be targeted three more times within the year. “The increasing number of companies choosing to hold back critical details after a breach is a disturbing trend,” said Haley. “Transparency is critical to security. By hiding the full impact of an attack, it becomes more difficult to assess the risk and improve your security posture to prevent future attacks.”
As attackers evolve, there are many steps businesses and consumers can take to protect themselves. For companies, Symantec recommends some best practices. They should use advanced threat and adversary intelligence solutions that can help to uncover indicators of compromise and respond faster to incidents. Furthermore, they should implement multi-layered endpoint security, network security, encryption, strong authentication and reputation-based technologies and cooperate with a managed security service provider. Consumers should use strong and unique passwords for their accounts and change them every three months. And: the information you share online puts you at risk for social engineered attacks. So the amount of personal information you share on social networks and online should be limited.
Within the context of the increasingly important topic of cyber security, Symantec has also looked at just how well European companies are preparing themselves for the EU General Data Protection Regulation (GDPR) which comes into force in May 2018. 96 percent of companies still do not have a full overview of what this new regulation means for them and the associated challenges. This actually affects 99 percent of companies in Germany. The results of Symantec’s State of European Data Privacy Survey, which was conducted through interviews with 900 business and IT decision makers across the UK, France and Germany, shows 91 percent of respondents have concerns about their ability to become compliant. The study also revealed only 22 percent of businesses consider compliance a top priority in the next two years, despite only 26 percent believing their organisation is fully prepared for the GDPR. “These findings show businesses are not only underprepared for the GDPR – they are underpreparing,” said Kevin Isaac, Senior Vice President, Symantec. “There is a significant discrepancy between how important privacy and security is for consumers and its priority for businesses. The good news is there’s still time to remedy the situation – if firms take immediate action.”
The study also found many businesses have not started working out the necessary organisational and cultural changes they need to make ahead of May 2018. “Businesses should recognise that privacy, security and compliance with GDPR are extremely important brand differentiators,” said Kevin Isaac, Senior Vice President, Symantec. “Businesses’ response to the GDPR should become a core element of organisational design and culture. Adopting a fragmented, piecemeal approach as part of a tick box exercise will create more problems than it solves”.
A brief portrait of Bertsch Innovation
Bertsch Innovation GmbH is one of the leading cross-channel product communication software and services providers. Mediacockpit – the standard product information management (PIM) and media asset management (MAM) software product – and e-proCAT, the standard for creating, classifying and formatting electronic catalogues, support and optimise central, media-neutral data management and publication of product data in all channels and at all touch points. Based on many years of experience and expertise and implementations in many applications focusing on the topics of product, media and content, and its own technological platform, the market is regularly supplied with innovative digital transformation products. One example here is PiraDE, an innovative solution for combating product piracy. With this, manufacturers are able to use an app to ensure their own products are secure, by tracking down and directly controlling counterfeit products – for instance at trade fairs – in a hands-on manner. A further example is the ‘How-to Video’ product. Here, users have a platform to hand that allows them to autonomously create professional videos. Using the associated app, videos are recorded using pre-configurable storyboards which can then be compiled and published in a web portal. This is particularly suitable for instruction (repair, assembly), further training (induction, knowledge transfer) and sales promotion (product presentation) activities. The team comprises 94 employees, is headquartered in Stuttgart with further sites in Markdorf and Freiburg and has successfully implemented more than 500 projects over the course of the last 20 years. As an innovative and reliable partner, Bertsch Innovation maintains long-standing client relationships, dedicated to them in accordance with the Bertsch Innovation ‘smart product information’ and ‘we take care of the most valuable data you have’ corporate mottoes.
Bertsch Innovation has all the decisive competencies for supporting companies in achieving more comprehensive and more successful product communication. The result: optimum management of all product data and hence tangible market and competitive advantages.
Picture credits © R. Kikuo Johnson