October Is Global Cyber Security Month

The month of October has been designated as Cyber Security Awareness Month. It first began in the U.S, with Europe following and is now an Internationally recognized effort to raise awareness to keep citizens safer and more secure online. This year, coming on the heels of the massive Equifax breach, which affected 143 million Americans and several million individuals throughout the UK, you would think everyone would be aware of the need for greater safety.

Unfortunately some sources are reporting that individual awareness is not making people take action to protect their information despite the dedicated efforts by industry leaders to keep citizens safer and more secure online.

According to a recent article at cnbc.com, “Most Americans are sitting ducks for fraud these days after repeated breaches of sensitive data from stores, websites and even a credit-reporting company. Yet few people are doing anything to protect themselves.” The article continues stating, “Only about 61 million Americans — just over a quarter of all consumers — checked their credit score or credit report in the two weeks immediately following the Equifax data breach, according to a recent CreditCards.com report.” And finally and most surprising at least to someone in the cyber security industry, the article says, “Seventy-one million adults said they hadn’t heard anything at all about the data leak even though Equifax’s hack affected as many as 145 million people, including personal information such as Social Security numbers, names and birth dates. That number amounts to more than half the U.S. adult population.”

(https://www.cnbc.com/2017/10/11/despite-equifax-breach-consumers-doing-little-to-guard-against-fraud.html)

With the European Union General Data Protection Regulation (GDPR) deadline approaching, hopefully our citizens are more action oriented and therefore less vulnerable to attack. With the continued efforts of those involved in promoting cyber security on an international level one day we can hope that all the concerted efforts will pay off for us instead of continuing to result in huge payoffs for the cyber criminals.

Cyber security must be the number one priority of any company that does business internationally whether small, medium or large. If your business is not yet compliant with the GDPR, call our offices for a free consultation. The deadline for compliance will be here before you know it.

 

 

Director of VORAS Consulting, Paulius Petretis Writes About Wi-Fi KRACK Attack

Paulius Petretis, leading cyber security expert notifies his readers about the new released information about the KRACK making all Wi-Fi networks and hotspots open and vulnerable to criminal activity.

Vilnius, Lithuania – October 10, 2017 – Paulius Petretis, CEO of VORAS Consulting posted a new article on the company website entitled “ KRACK Disclosed In Wi-Fi Networks.” Mr. Petretis reveals the widespread and potentially devastating consequences of this latest cyber attack.

Petretis points out, “Those of us in the cyber security industry were recently alerted by the United States Computer Emergency Readiness Team (US-CERT) about an imminent attack on the integrity of Wi-Fi communications.” He continues adding, “The attack is one that makes all Wi-Fi networks vulnerable whether working on a private in-office network, at your favorite coffee shop or even in your own home. The announcement was made public just after midnight on October 16.”

“According to an article on ars technica,” says Petretis, “The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks….” https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

Petretis, along with other experts is pulling his information from a variety of sources. From Forbes.com he shares the following from researcher Mathy Vanhoef, from Belgian university KU Leuven, “This (KRACK) can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”

https://www.forbes.com/sites/thomasbrewster/2017/10/16/krack-attack-breaks-wifi-encryption/#3f74948e2ba9

According to Petretis, “The best advice for individuals is to keep your devices up to date. Until updates appear, consumers can still take steps to safeguard against KRACK. The easiest thing would be to simply use a wired ethernet connection, or stick to your cellular connection on a phone. That’s not always possible though.”

The entire article can be read here: http://pauliuspetretis.freeua.agency/krack-disclosed-in-wi-fi-networks/

Paulius Petretis

Paulius Petretis is an Information security expert, Certified Information Systems Security Professional (CISSP®), Certified Information Security Manager (CISM®), Certified Information System Auditor (CISA®), Certified in the Governance of Enterprise IT(CGEIT®) and Certified in Risk and Information Systems Control (CRISC®), Guest speaker at various conferences and seminars, Trainer at information security related training courses.

According to the annual survey initiated by the Info Security Europe, a whopping 93% of large organizations and 76% of small businesses had at least a single information security breach in 2011. Only 18% of the organizations affected by the infringements related to data protection laws had a consistent and effective contingency plan in place. According to Paulius, information is not something static – it evolves and mutates every day. It is the ecosystem of every business and if a single cell fails, it can bring down the entire business.

Therefore ensuring a consistent and up-to-date information protection policy must be the priority for all businesses – no matter how big or small they are. As it might be unrealistic to believe that any young or experienced entrepreneur can be the jack of all trades, the really smart decision is to rely on specialists who dedicate their professional lives to getting to know everything there is to know about protecting important business information.

With more than 16 years of experience in helping people, small businesses, and government organizations to protect their business secrets, Paulius believes that information security must help businesses achieve goals but not vice versa.

 

###

 

 

 

 

 

Director of VORAS Consulting, Paulius Petretis On The New Cyber Security Regulations.

Paulius Petretis, leading cyber security expert talks about the adoption of cyber security regulations in the U.S., China, Singapore and UK as threats of cyber attacks pick up speed and force saying the regulations may not be enough to stem the tide.

Vilnius, Lithuania – October 10, 2017 – Paulius Petretis, CEO of VORAS Consulting posted a new article on the company website entitled “Wave of Cyber Security Regulations Starting To Spread”, in which Mr. Petretis talks about the need for cyber security to be the number one priority of businesses.

Petretis points out that, “In our digital age things happen fast. New technologies, new abilities and new threats appear at lightning speed, so quickly that everyone is having a difficult time keeping up.” He continues elaborating, “The thrill of new possibilities with new solutions often takes precedence over keeping up with security measures. That is even more dangerous with ransomware and other threats coming like an endless stream of waves, hitting large worldwide organizations as well as individuals. Stemming the rate of or putting an end to the attacks seems impossibly overwhelming.”

“The EU set the stage for companies by establishing the GDPR regulations for any company in the EU or doing business with any company in the EU,” writes Petretis, adding, “The EU deadline for being compliant is coming up on May 25, 2018. Now the U.S. is starting to follow the example as well as China, Singapore and the UK. While the regulations may not go into effect soon enough nor be tough enough to make companies compliant, it is a start.”

According to Petretis, “The need for the new regulations came out of the fact that many of the biggest cyber attacks were largely preventable. By now everyone already knows that the WannaCry criminals exploited a patching code vulnerability.” He continues adding, “This has led to the wave of new regulations as forbes.com has said, “We’re now seeing new regulations emerge that are forcing organizations to get their proverbial houses in order. These regulations feature a new characteristic: They’re hitting companies where it hurts, with steep penalties for those that don’t comply.” (https://www.forbes.com/sites/forbestechcouncil/2017/08/25/the-cybersecurity-regulatory-crackdown/#373818f64573)

Petretis is adamant is stating, “Cyber security protocols must become the number one concern of businesses if they want to survive the growing wave of threats. Literally, the threats are coming from everywhere. I just read in another recent forbes.com article, an announcement that an app has been created that allows cybercriminals to create ransomware on their mobile devices.” (https://www.forbes.com/sites/leemathews/2017/08/25/new-mobile-app-lets-wannabe-cybercriminals-create-ransomware-with-ease/#24ee85a832c4)

He says, “This makes it rather obvious that there is very little sophistication required to cause disruption on a wide scale basis.”

The entire article can be read at http://pauliuspetretis.freeua.agency/wave-of-cyber-security-regulations-starting-to-spread/

 Paulius Petretis

Paulius Petretis is an Information security expert, Certified Information Systems Security Professional (CISSP®), Certified Information Security Manager (CISM®), Certified Information System Auditor (CISA®), Certified in the Governance of Enterprise IT(CGEIT®) and Certified in Risk and Information Systems Control (CRISC®), Guest speaker at various conferences and seminars, Trainer at information security related training courses.

According to the annual survey initiated by the Info Security Europe, a whopping 93% of large organizations and 76% of small businesses had at least a single information security breach in 2011. Only 18% of the organizations affected by the infringements related to data protection laws had a consistent and effective contingency plan in place. According to Paulius, information is not something static – it evolves and mutates every day. It is the ecosystem of every business and if a single cell fails, it can bring down the entire business.

Therefore ensuring a consistent and up-to-date information protection policy must be the priority for all businesses – no matter how big or small they are. As it might be unrealistic to believe that any young or experienced entrepreneur can be the jack of all trades, the really smart decision is to rely on specialists who dedicate their professional lives to getting to know everything there is to know about protecting important business information.

With more than 16 years of experience in helping people, small businesses, and government organizations to protect their business secrets, Paulius believes that information security must help businesses achieve goals but not vice versa.

 

###