The Steps The Target Hackers Took | And How You Can Use This Knowledge to Prevent Further Attack

IBM Security Services reports that there were 1.5 million cyber attacks in the US in 2013. The greatest security risk to companies is, currently, data breach, and one successful attempt was the attack on the retailer Target. Thor Olavsrud of IT World reported on an investigation by the leading research company Aorato on the hacking incident that afflicted the retailer Target. The incident led to the theft of personal identifiable information (PII) and seized credit and debit card data from the point of sale system. The US Department of Homeland Security and the US Secret Service have reported that the hackers currently have possession of widespread data that they continue to sell. The hackers obtained the PII of 70 million customers by first penetrating Target’s system using stolen data from the HVAC vendor. An email phishing technique obtained data and provided access to Target’s web services. Vulnerabilities that existed within Target’s web applications allowed the hackers to upload a PHP file and execute commands. The attackers made little attempt to disguise their files. Their intent was to sell credit cards on the black market, and the window of opportunity was small before the attackers would be discovered by credit card companies. The attackers located the servers that hosted credit card information. Using IP addresses, Domain Admin privileges, and the creation of a new Domain Admin account attackers obtained password control. The attackers bypassed firewalls and performed processes remotely on targeted servers. Aorato’s lead researcher, Be’ery, stated that monitoring user lists and access patterns is a simple step that can alert companies of hacking activity. The payment card industry compliance...

Get Your IT Career on Track with These Four Tips

The warning signs are hard to miss. You may have been passed over for promotion, or you may feel stagnant and stuck in a rut. When the feeling that you are less than dynamic in your current position does not abate after a significant period, it may be time to proactively change your trajectory. Networking is always advisable, and joining industry groups such as the Association of Information Technology Professionals can broaden your horizons and change your perspective. The IT world is constantly evolving and staying on top of industry news can invigorate your outlook. An objective perspective can help you formulate the best strategy depending on your circumstances. Rich Hein of IT News presents some warning signs that your IT career needs adjusting and how to do it. If important projects and clients are not coming your way, or you have sensed criticism, you may have lost favor among your peers and colleagues. Take an objective perspective. Have you reached a comfort zone that has made you complacent? If you have lost enthusiasm, expanding your knowledge or taking a break may provide impetus to jump-start your creativity. Try engaging in industry trends and exploring activities that interest you. Attend an IT conference. Increase your industry knowledge and share it with colleagues by social media or through company channels. It is difficult to judge your own performance if you don’t receive feedback. It is also difficult to remain engaged, to know your strengths, and to improve upon weaknesses. Talk to your manager or your peers. There may be an interest by others to institute feedback mechanisms that can allow...

Simplify IT to Help Save Your Bottom Line

IT News contributor, Dan Muse, counter-intuitively espouses the simplification of IT systems and processes to improve company profits. This, at a time when cloud technology, mobile devices, and remote access are creating complex business decisions for companies unsure of IT future directions. Muse suggests that old infrastructure and established legacy systems and applications do not blend well with newer, remote devices and the social networking environment. A study by International Data Corporation (IDC), and sponsored by Oracle, included nine companies from various industry sectors found that simpler IT systems save considerable financial resources. The report found that IT complexity is compounded by mergers and acquisitions, organization decentralization, business demands, legacy systems, the rapid pace of IT change, conflicting systems and regulations, and mobile and remote device infrastructure and support. Companies often require complex IT infrastructure and resources to enter the competitive IT market. Ironically, as iphones, ipads, websites, and applications become simpler and more user-friendly, the systems required to support these devices are becoming more complex. Companies must assess existing applications, systems, and data centers and determine if they are really necessary, are up-to-date, and whether any can be consolidated. Additionally, functions that do not fit with new operating systems should be outsourced. IDC has created a Simplification Road Map to guide companies in simplifying IT infrastructure. The road map suggests the following: • Support from company leadership is required because IT simplification requires significant investment and culture change. Training may be required throughout an organization. • Avoid building new layers of integration or applications. Adopt an innovative spirit that does not include old infrastructure and systems. • Employ...

Protecting Your Data by Minimizing the ROI for Hackers

Verizon’s 2014 Data Breach Investigations Report revealed that the majority of hackers, approximately 60 percent, seek financial gain from cyber activities. Industry spying for intellectual property accounts for approximately 25 percent, and few hack merely for fun. The implication is that hacking is all about the resale value of data, which affects the return on income (ROI) for hackers. Taylor Armerding of IT News emphasizes the need for organizations to invest in security systems to the extent that it raises the cost for hackers to steal company data. The more it costs a hacker to break through your firewalls or security systems, the lower the ROI for the hacker. Multiple security levels can deter hackers who will find another, cheaper target. A company does not need the latest and greatest defense, but just enough that the possible pay-off for hackers is not worth the cost of an offensive. Hacking is big business. The value of the data that can be stolen is an indicator of the level of investment a company should consider. The following are suggestions to ensure that your organization is an undesirable target. Analyze your data and its value. Credit card data is valuable information that can be easy to sell. Email lists should be protected; email addresses are often the names of multiple accounts that can be accessed. Intellectual property is only valuable to a limited market such as competitors. If this information is hacked, it is likely that there is a pre-determined buyer. Social security numbers are a hacker’s gold, facilitating assumed identities and access to credit lines. Security precautions should be diffused and...

Four Tips on Building Trust as a New IT Executive

In new role as an IT executive, or manager, you are charged with learning the ropes in a new organization while also attempting to gain people’s trust. Your IT and leadership expertise does not make you inured to the trials of being new and learning the machinations of a new company. Use your early days to show that you are vulnerable and that you require the support of your team. Understand the organization and the key personnel who will help you achieve business objectives. Start by building an organizational map and meeting as many personnel as you can. Only when you grasp the lay of the land, should you try to effect it. Enlist the help of your team. Invite their feedback, hold meetings, and learn. The most valuable information and ideas are often from those who work directly with clients and who experience day-to-day operations. Listening is a leader’s most powerful tool. Vanessa Merit Nornberg of Inc. reports on the ways that a casual remark can carry substantial business implications. As the listener, you receive valuable information that can be useful in formulating strategy. The speaker processes information in its delivery, which is of benefit in itself. If the listener acts on the information; mutual trust is established. According to Rich Hein of IT News, if the company is in crisis mode, quick action will not help and may cause more damage. Unless staff trust and respect you, your efforts will be in vain. If imminent action must be taken, identify those most likely to understand the situation and target them initially. Only when you have a solid...

Three Must Have IT Reforms in Washington

Kenneth Corbin from IT News reported on recent events at meetings between leading IT industry representatives, White House officials and members of Congress. These meetings represent efforts to lobby for policy action. The policies that technology stakeholders hold dear relate to the availability of skilled labor and maintaining a competitive and innovative IT industry that can sustain a strong presence in the global market. Immigration. Many IT firms find difficulty in recruiting high-level talent and rely on skilled foreign workers admitted to the US on H-1B visas.  The industry would like to see immigration reform that raises current visa limits to increase the availability of much needed resources. According to Kenneth Corbin of IT News, approximately 120,000 applications for H-1B visas are submitted each year for which only 85,000 are available. Critics lament that this is a ploy for companies to exploit cheap labor. Some are concerned that foreign workers who are trained in the US are ultimately sent back to their country and join companies that compete with US firms. STEM education. The IT industry is lobbying for improved K-12 education in science, technology, engineering, and math. Only 2,500 high schools offer an AP computer science course. A spokesperson from Microsoft stated that inadequate education in the US, and failing to allow enough skilled workers from other countries, is causing jobs to move elsewhere. Intelligence Gathering. Intelligence gathering practices have been detrimental to IT companies and innovations such as cloud technology. Companies such as Microsoft, Google, and Yahoo are demanding transparency in government access to digital information. Other policies that the IT industry is emphasizing include faster broadband...