News By Tag
News By Location
Online Retailing Site Alerts Customers on Security Breach
Recently, online retailing site, play.com alerted users on a security breach incident, which resulted in the disclosure of names and e-mail addresses of thousands of customers.
The alert from the online retailing site came after several customers complained of receiving spam and phishing e-mails. Netcraft.com reported that customers received cleverly crafted but fake e-mails appearing to come from Adobe. The e-mails contained a link luring customers to upgrade Acrobat Reader. The link redirects to a malicious site. However, many browsers have blocked the site and warn users that site has been reported as web forgery. When unwary users proceed to access the site, ignoring the security warning by the web browser, they are offered a fake link to download Acrobat Reader and asked to enter the payment details. The phishing site would then compromise the financial information provided by the unwary users.
Lapses in IT security provide opportunity for cybercriminals to gain unauthorized access to privileged databases containing sensitive information. The extracted information could be misused for sending spam e-mails and initiating targeted attacks on Internet users. The collected information could be used to devise cleverly crafted e-mails containing malicious links and attachments. Data breach incidents may have adverse implications on customers as well as organizations. Security professionals could be encouraged to undertake refresher courses and online university degree programs to improve data protection and information security practices in the organization.
Customer trust is crucial for continued and successful business operation. Security breach incidents lead to loss of customer trust and reputation. Security breach incidents may also have legal implications for the business and attract adverse media exposure. As such, organizations must take adequate steps to ensure information security. They must also ensure that third party service providers have adequate IT security measures in place to ensure integrity, security and confidentiality of customer information. They must conduct regular security audits to test the effectiveness of security measures. Access to computers containing privileged information must be restricted to select authorized employees. As cybercriminals may use social engineering techniques and social media sites to defraud users, employee use of social media sites must be restricted and regularly monitored.Organizations must also have appropriate monitoring mechanisms in place to detect suspicious and unauthorized activity. IT security policy must be enforced and violators must be given appropriate warning. Employees must be apprised of security threats, safe computing practices, and implications of data breach through training sessions, alerts, online degree and learning programs.
Regular in-depth security evaluation of the IT infrastructure through professionals qualified in IT programs such as masters of security science and penetration testing would help in timely detection and mitigation of weaknesses and threat vectors.
EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.
EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.
EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.
# # #
iClass is EC- Council's online training delivery platform. Students can attend live, or recorded training sessions for courses such as Certified Ethical Hacker (CEH), Certified Security Analyst (ECSA) or Computer Hacking Forensic Investigator (CHFI).