- Written by Chris Nielsen
One of my favorite site for showing how prevalent cyber attacks are and note who is attacking or being attacked is to visit the Norse interactive real time threat map. http://map.ipviking.com
If you watch this long enough you can get a pretty good visualization of the threat landscape. Keep in mind this only show where the illicit traffic is going to or coming from. It does not show if these were successful or the results from potential penetration. Important though is that the traffic is significant and the odds are very much against you that somewhere along the line someone will eventually find a way in to your site or IT infrastructure.
The key here is to take as many proactive measures as possible to protect and fortify your systems.
Step one: Regardless of where you are in your organization learn about the various kinds of threats and how they could potentially impact your organization.
Step two: Identify the best tools and talent for protecting your assets and reducing risk if an attack on you is successful.
Step three: Have a recovery and response plan. Make sure there is a clear authorization, communication and accountability plan for resolving incidents effectively and efficiently. Remember most often a response will be required in the least convenient times for you and your response team.
Step four: Have a clear follow up plan so you can implement proactive preventative measures in the future and have documentation of lessons learned.
It is imperative if you are a business owner or manager that you you remain involved in the strategic planning and prioritization of security in your business plan. However, most often you are busy running your business and supporting your customers. This means you just need your site to run smooth and have someone looking after and monitoring the state and condition of your web site and IT infrastructure. This is where a carefully matched service provider can assist you in getting the best protection and response plan in place. They can monitor and help you maintain your online assets to protect from costly downtime, intrusion liability, potential public embarrassment or interruption of service to your customers.
In conclusion I would highly recommend that you take the time to carefully craft a security response plan and hire a professional team to help protect and maintain your online programs. Like they say it is always quietist before the storm so it is better to plan ahead vs having to figure this out in response to a crisis.
- Written by Chris Nielsen
Joomla is standing tall as the most secure open source platform and the community continues their proactive response to keeping this a priority. Today Joomla released an important security patch and all Joomla users should immediately upgrade. This is a security release for the 3.x series of Joomla which addresses a critical security vulnerability. All of us here at CNP and throughout the Joomla community recommend that you update your sites immediately. This release only contains the security fixes; no other changes have been made compared to the Joomla 3.4.4 release.
What's in 3.4.5
Version 3.4.5 is released to address three reported security vulnerabilities and includes additional security hardening of the UploadShield system.
Security Issues Fixed
- High Priority - Core - SQL Injection (affecting Joomla 3.2 through 3.4.4) More information »
- Medium Priority - Core - ACL Violations (affecting Joomla 3.2 through 3.4.4) More information »
- Medium Priority - Core - ACL Violations (affecting Joomla 3.0 through 3.4.4) More information »
Please see the documentation wiki for FAQ’s regarding the 3.4.5 release.
- Written by Chris Nielsen
You might think “ I have a small website with no sensitive information” why would anyone want to hack me. Well you are perhaps one of the best candidates for a thrifty hacker since it could be easy to get in and stay stealth in your site without you even knowing they are there. Kind of like a perfect hiding place for them to launch attacks or host files used in what are called phishing schemes. For example they can have a replicat of a banking site with login fields directing username and password emailing after a long path of encryption and passing back and forther over to their email. They would send out scary emails telling you your back account is in jeopardy and that they need you to immediately log in to verify and update their account information.
So with that in mind if you are online you have the same responsibilities and liabilities as much larger organizations with significant IT budgets. The troubling and not so talked about fact is that the ultimate liability will fall on the origination of the hack. So in the Phishing example above as the owner of the site where the hacker breached or collected the information used for illicit purposes, you would ultimately be the one liable. In addition your accounts would be suspended and you could have all of your online content seized or prohibited access to it. Remember those long hosting agreements and terms of service contracts you never read but eagerly in haste agree to? Well most often this is where the hosting companies push the responsibilities on to you. This is in part why you are getting your hosting space in many cases for so cheap since the cost is not in the hardware and disk space they allocate you but in the administration and threat prevention systems the hosting companies need to employ. They pass the potential liabilities on to their customers to avoid potentially extensive legal and administrative costs. It is also often not an area they have under their control since ultimately you are the one responsible for keeping your site secure and up to date.
Here is a report that discusses the current state higher of cyber risks and reduced readyness: http://www.pwc.com/us/en/increasing-it-effectiveness/publications/assets/2014-us-state-of-cybercrime.pdf
The conclusion here is that regardless of how big your site is you need to make sure you are paying attention to the security aspects of your environment. Most of the time this means to have a professional team behind you and making sure you keep your online environment current and up to date. While there is no such thing as a guarantee when it comes to security having a dedicated team available to advise, monitor and ready to respond when an incident arises could protect you from serious liability and significant costs.
- Written by Chris Nielsen
It is summer again and that for me means at least one grand road trip. I will be hitting the road today for a couple weeks to get back to my hometown of St. Paul MN. After a week with family and friends I will be giving a presentation on Artificial Intelligence July 18th at JoomlaDay MN to be held at the Mall of America http://joomladay.mn. Though I am not a computer scientist by any stretch nor an expert on AI, my passion for technology and the Joomla CMS project have led me on a fantastic journey of exploration in this subject. Hanging out with so many smart folks from the community has inspired me to dig in on this new trek of reading to prepare and share what I hope to be an interesting topic for the folks that attend.
I can say that the 12 books thus far and endless web searches and research into the world of AI (and related topics) has truly opened my eyes and scared the shit out of me just a bit. I am though an optimist and excited about the possibilities this new order of technical wonder can offer us. There is so much going on these days and from so many different directions it is almost impossible to keep up on all of the advances in technology, threats to our security, effects on economies and the way all of these things are going to change our entire society.
The exponential rate at which all of the next gen technologies are growing is going to make a very different world. So the challenge for me with this upcoming presentation is first, that there is so much to cover and second, that I have to tie it all back to Joomla. Humm, well for that you are going to have to get to MN for the event or check out my recap when I return. I will also do some follow up presentations at our Business Innovation Center in August http://businessinnovation.center.
JoomlaDay MN event on July 17, 18 & 19 will include some great leaders from the Joomla community and a chance to learn from some of the best in the business. There is a great trek for beginners and a bug squashing event to help make the next version of Joomla even better than the last. I have not gone to a JoomlaDay event yet where I did not walk away with new friendships, golden nuggets of information and plenty of ideas to feed my curious mind.
If you can make it to JoomlaDay.mn I hope to see you there.