Welcome!

Cloud Security Authors: Yeshim Deniz, Zakia Bouachraoui, Liz McMillan, Elizabeth White, Ravi Rajamiyer

Related Topics: Cloud Security, Agile Computing

Cloud Security: Article

Employees 'Must be Taught' How to Protect Confidential Data

One security expert has warned about the increased use of social engineering by cybercriminals

Companies that are undergoing PCI compliance checks will have to ensure they educate all staff working with sensitive materials so that data is kept secure, it has been stated.

Research director at Gartner Australia Rob McMillan explained in an interview with Computer World that one of the biggest security threats of next year is likely to come from deceptive tactics that convince people to hand over information such as access credentials.

Server security behind protecting people's dataHe stated that this social engineering is becoming increasingly popular among cybercriminals looking to take advantage of non-IT personnel who do not have a high degree of technical knowledge and are unfamiliar with the techniques used by scammers. This could be a significant problem that businesses will have to deal with, as it can result in hackers being able to simply bypass advanced security solutions to access details such as customer payment information.

Mr McMillan explained it is becoming common for scammers to perform research into an organisation they intend to target and identity individuals who may be more likely to unwittingly hand over confidential information. He said this demonstrates "the need for stronger education and depth of understanding for non-security professionals who have access to important resources".

Research by Sophos has highlighted some of the most common techniques for this, such as scammers calling individuals within a company claiming to be from the IT department and asking to confirm login credentials. These criminals are often able to provide a high level of detail - such as the name of their target's boss - in order to convince people they are genuine.

Therefore, it will be vital that all staff working with sensitive information are aware of an IT department's policies regarding security so they can be aware of scams such as this.

One example highlighted by Computer World that takes advantage of people's lack of technical knowledge is the Windows Event Viewer scam, which has been in use for some years. This involves criminals calling a user and claiming to be from Microsoft tech support warning them about alleged bugs or viruses in their system. Individuals are then directed to open the Windows Event Viewer, where they will typically see a list of error messages.

While these are usually perfectly normal, the appearance of the display can be enough to convince some people their computer is infected, which leads to them handing over credit card details or downloading fake fixes or anti-virus programs that can actually contain malware.

Mr McMillan observed these social engineering scams have grown in prominence over the last four years and could potentially be a key security challenge for firms in 2013. This could cause serious issues for businesses - particularly in the current environment, where the big data trend means there is more sensitive information than ever being stored in companies' networks.

It was noted by Mr McMillan: "If you think about payment card industry compliance, you've got obligations to protect any of the data that falls under that regime." This means not only having robust security tools in place, but ensuring staff are well-educated in how to avoid falling victim to phishing scams and other attacks.

More Stories By Dominic Monkhouse

Dominic Monkhouse joined PEER 1 Hosting as managing director of the company's new UK operations in January, 2009, bringing more than 14 years of IT industry experience to the team. He is the key executive responsible for building and growing PEER 1 Hosting's expansion into Europe. In his role as managing director, Dominic is responsible for sales, marketing and service delivery across PEER 1 Hosting's UK business and ensuring overall customer satisfaction. His role is integral to the company's continued commitment to customer service.

Before joining PEER 1 Hosting, Dominic served as managing director of IT Lab, where he was able to quickly transform the company into the fastest growing IT service provider in the UK SME market. Prior to IT Lab, he was managing director of Rackspace, which grew from a staff of four to 150 under his guidance.

Dominic has a Bachelor of Science in Agricultural and Food Marketing from Newcastle University and a MBA from Sheffield Business School in the UK. He frequently participates in public speaking events on the topic of creating great places to work and achieving continuous client satisfaction. He also is involved as a judge of the Sunday Times Customer Experience Awards.

IoT & Smart Cities Stories
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors! In this blog post, we provide 7 tips on how, as part of our world-class faculty, you can deliver one of the most popular sessions at our events. But before reading...
Machine Learning helps make complex systems more efficient. By applying advanced Machine Learning techniques such as Cognitive Fingerprinting, wind project operators can utilize these tools to learn from collected data, detect regular patterns, and optimize their own operations. In his session at 18th Cloud Expo, Stuart Gillen, Director of Business Development at SparkCognition, discussed how research has demonstrated the value of Machine Learning in delivering next generation analytics to impr...
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform and how we integrate our thinking to solve complicated problems. In his session at 19th Cloud Expo, Craig Sproule, CEO of Metavine, demonstrated how to move beyond today's coding paradigm and sh...
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time t...
What are the new priorities for the connected business? First: businesses need to think differently about the types of connections they will need to make – these span well beyond the traditional app to app into more modern forms of integration including SaaS integrations, mobile integrations, APIs, device integration and Big Data integration. It’s important these are unified together vs. doing them all piecemeal. Second, these types of connections need to be simple to design, adapt and configure...
In his session at 21st Cloud Expo, Raju Shreewastava, founder of Big Data Trunk, provided a fun and simple way to introduce Machine Leaning to anyone and everyone. He solved a machine learning problem and demonstrated an easy way to be able to do machine learning without even coding. Raju Shreewastava is the founder of Big Data Trunk (www.BigDataTrunk.com), a Big Data Training and consulting firm with offices in the United States. He previously led the data warehouse/business intelligence and Bi...
Contextual Analytics of various threat data provides a deeper understanding of a given threat and enables identification of unknown threat vectors. In his session at @ThingsExpo, David Dufour, Head of Security Architecture, IoT, Webroot, Inc., discussed how through the use of Big Data analytics and deep data correlation across different threat types, it is possible to gain a better understanding of where, how and to what level of danger a malicious actor poses to an organization, and to determ...
To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitoring and Cost Management … But How? Overwhelmingly, even as enterprises have adopted cloud computing and are expanding to multi-cloud computing, IT leaders remain concerned about how to monitor, manage and control costs across hybrid and multi-cloud deployments. It’s clear that traditional IT monitoring and management approaches, designed after all for on-premises data centers, are falling short in ...
We are seeing a major migration of enterprises applications to the cloud. As cloud and business use of real time applications accelerate, legacy networks are no longer able to architecturally support cloud adoption and deliver the performance and security required by highly distributed enterprises. These outdated solutions have become more costly and complicated to implement, install, manage, and maintain.SD-WAN offers unlimited capabilities for accessing the benefits of the cloud and Internet. ...
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructure solutions deliver the adaptive architecture needed to manage this new data reality. Machine learning algorithms can better anticipate data storms and automate resources to support surges, including fully scalable GPU-c...