شرح مبسّط لأنواع الإختراقات الإلكترونية ومختلف فئات المقرصنين وطبيعة عملهم وأهدافهم

Roland-Abi-Najem-GRC-Kuwait-IT-Governance-Risk-compliance-Forum-March-2018-25
تكثر في الآونة الاخيرة عمليات القرصنة والاختراقات الإلكترونية، ونظراً لتشعّب الموضوع ولما يحمله من تعقيدات تقنيّة، سوف أقوم بشرح علمي، واقعي ومبسّط لمختلف أنواع الإختراقات وفئات المقرصنين وطبيعة عملهم وأهدافهم ولماذا تصعب عملية إيقافهم او السيطرة عليهم


أنواع المقرصنين

 Anonymous المقرصن الذي يخدم قضية ما عن إقتناع مثلا : Hactivists

المقرصن الذي يهدف إلى تجنيد إرهابيين مثلا داعش : Terrorists

المقرصن الذي يبتغي العنوي من خلال عمليات القرصنة مثلا عمليات الابتزاز التي تحصل بعد عمليات القرصنة :Criminal Organizations

 المقرصن المجنّد من قبل الدولة حيث أن معظم الدول لديها مقرصنين لحماية أمنها الوطني :Nation States


أما بالنسبة لأهداف هؤلاء المقرصنين فهي التالية

الابتزاز: حيث يقوم المقرصن بإختراق موقع معين ويقوم بإبتزاز صاحب الموقع لدفع مبلغ معيّن من المال مقابل حماية موقعه من الاختراق أو عدم مسح معلوماته… إلخ

الاختراق المدفوع: حيث يمكن لأي جهة معينة أن تدفع مبلغاً من المال للمقرصن لقرصنة أي موقع أو حساب شخصي بغض النظر عن الاسباب وراء ذلك

الانتقام: حيث يقوم المقرصن بالانتقام من أي شخص أو جهة إعتبر إنها أساءت إليه

لذة الاختراق والشعور بنشوة الإنتصار: حيث يعمد بعض المقرصنين إلى إختراق بعض المواقع بهدف التسلية فقط  والتباهي بمهاراتهم وقوتهم


لماذا تصعب عملية إيقافهم او السيطرة عليهم؟

إن موضوع القرصنة وأمن المعلومات هو موضوع دقيق وحساس جداً ولا يمكن لأي جهة رسمية كانت أو أمنية أو شركة أو مؤسسة أن تقول إنها آمنة %100

 Social Engineeringيوجد خلل في جميع أنواع البرمجيات وجميع أجهزة الحماية، والخطر الأكبر يأتي دائما من الانسان (المشغل للبرامج والاجهزة) وهو ما يسمى بالـ


بعد كل ما تقدم، هل نستنتج أنه لا يجب حماية أجهزتنا ومعلوماتنا؟

بالطبع لا، كوننا لا نستطيع حماية أجهزتنا 100% فلا يعني ذلك أنه لا يجب حمايتها بالمطلق ولذلك يجب الاستعانة بخبراء ومختصين لتطوير أنظمة الأمن والحماية والأهم تطوير وتدريب العامل البشري الذي هو الأساس في هذا الموضوع.

والأهم من هذا، أن موضوع الحماية من الاختراق الإلكتروني يجب أن يتم بشكل يومي ومستمر إذ في حال كنت محمياً اليوم فذلك بالتأكيد لا يعني أنني محميٌ غداً وذلك نظراً للتطور السريع في أساليب الاختراقات الإلكترونية والاجهزة والبرامج


ARE YOU PLAYING IT SAFE ONLINE? Interview with Roland Abi Najem

Online Security

The Internet is an irresistible platform to find information about products, people, places, services, jobs, etc. Nevertheless, it has been said time and time again that you are never truly safe on the Internet. Well, it’s true … and you will never be totally safe. Roland Abi Najem, an IT Expert and lecturer at various universities and institutions in Lebanon, offers us tips and advice on how to be more secure on the world wide web and increase our awareness and knowledge on certain points regarding internet security and online surfing/shopping.

 

Can you define Online Security for our readers?

Online Security has many meanings, but we will try to define it in a simple way. “Online” means the moment you are connected to the Internet, you are online. Regardless whether you open a browser or any social media platform, or you check an email with Outlook or any other application, you are online. So whenever you are connected to the Internet, you are NOT secure anymore. When we are talking about business and telecom, we use the term Security to check if our private data is secure where no one can access the data. When we are talking about social media, we talk more about privacy instead of security since people are afraid that all their actions online (check in) or photos, videos, and data that they intend to share with friends only, would become public for all people. We also cannot ignore mobile security since now we are talking about smart phone devices that are connected to the Internet all the time – and all smart phones contain valuable information.

How can someone be safe in the unsafe world of the Internet?

There is nothing called 100 % security in Internet world. All you can do is use the maximum precaution possible. In other words, if you want to be 100% safe, don’t use the Internet. I am saying this because sometimes it is not always the end user’s mistake when it comes to safety, sometimes we have issues related to some platforms and companies – like what happened to some of the biggest companies (Microsoft, Apple, Google, etc) and to the biggest platforms (LinkedIn, Facebook, Twitter etc.) where they did admit that some security breach in their systems lead to hackers stealing valuable information.

How can one protect himself/herself from hackers?

On a personal level, there are many precautions that everyone should take into consideration for online behaviour:

· Create complex passwords and change them regularly.

· Be careful when opening any email, especially from unknown senders.

· Have a strong Antivirus and Firewall installed on your local PC.

· Do not download any attachment before checking the file type.

· Do not click on any external link before checking the link.

· Read continuous news and updated about latest security features since even if you are protected today, it doesn’t necessarily mean you will be tomorrow.

On a professional level, there is much more to worry about in terms of networking security, infrastructure, backup and disaster recovery, hosting security, cloud security, etc.

What are the most common mistakes people make online?

We can define the common mistakes as the following:

· People never read! They click on “Yes, I agree,” “Download,” and “Accept” without reading further information.

· Some people trust unknown resources.

· Some people don’t have online common sense on how to surf the web safely… there are lots of tools that can help.

· They do not value the risk of bad online behaviour.

Are there any secure websites for buying and shopping online?

Sure, there are many well known e-commerce websites that are very secure like amazon.com and ebay.com. But we have a main issue in Lebanon which is that most of these websites use Paypal as the payment method when Paypal is currently not available in the country. Note that it is always better to have an internet card with a limited amount to use online, and this is always to be on the safe side.

For businesses that have a large amount of data online, what are the risks? What advice can you offer businesses?

This is a very important question. The main issue here is that there’s a great risk to have to your data online, but nowadays, you MUST have online resources. The main advice to offer includes:

· Keep a backup copy of all data offline.

· Try to use encryption for all sensitive data.

· Try to use a secure channel of communication while accessing your data (VPN- Virtual Private Network Tunneling – HTTPS)

· Try to host your data at a reputable hosting company (Rackspace, Peer1, Amazon, Google)

By: Hasmig Boyadjian

Article Source: http://fitnstyle.com/Details/388/fashion-style-news-Lebanon/highlights-Lebanon/Are-You-Playing-it-Safe-Online?


The Easiest way to have your systems hacked and losing all Data: Social Engineering! by Roland Abi Najem

Roland-Abi_Najem-Cyber-Security-Social-Engineering
The Easiest way to have your systems hacked and losing all Data: Social Engineering!
What is it? And How to Protect Yourself & Your Companies!

We all know there is nothing called 100 % Security when it comes to IT & Cyber Security.

All companies tend to increase the Security Level against any hack attempt to a certain website or local Datacenter and servers by increasing the Firewalls and blocking all access and traffic from outside to inside. This is GREAT! But not enough at all.

It is Highly Important to FOCUS on the Traffic going out from your network and local computers also! You might be losing sensitive data going out from your network to an external network!

What is Social Engineering? What does it mean?

A simple explanation would be in a simple example:

Microsoft, Facebook, Google, Apple… etc. are tops companies online, but still, we always hear that this Facebook account has been hacked and this Hotmail account was hacked and so on…

What can we conclude? We can clearly identify that even if you have the highest level of security in your organization, but the end user wasn’t trained well and he/she doesn’t know the basics of IT, all the security will be meaningless!!!

You would be surprised that the easiest way of hacking is making the end-user gives you his username and password without even knowing that he did so!

This is the simplest way to explain Social Engineering!

Any Security Measures that doesn’t take into considerations the 3 Main aspects of IT Security & Cyber Security (Monitoring Outbound Traffic & Inbound Traffic & Social Engineering) is useless.

Protect yourself against Social Engineering! Train your Staff from Chairman, CEO to Data Entry people!!!

Roland Abi Najem

IT & Digital Marketing Consultant – Public Speaker – Trainer

[email protected]

www.rolandabinajem.com


Why Creating a Strong & Professional Online Presence is Something We All Need? – By Roland Abi Najem

Why Creating a Strong & Professional Online Presence is Something We All Need - By Roland Abi Najem

Everything is Online! Whenever we want to search for anything “Brand, Images, Products, Services… etc” or even our own name, we go and search online!

The result you get will tell you if whatever you are searching for is something valuable or trustable.

Have you ever tried to search for your brand name or your name? Are you satisfied from the results? Is the search engine result page reflect your image? Do you consider that this result (in terms of links, Images, Video, Social Media… etc) tells exactly who you are?

If the answer in no, and I am sure it is no since creating a strong online presence is a continuous process that never ends, here is what you should do.

Having a strong online presence is a crucial component of your marketing strategy and image reputation, no matter what size your business is or what industry it belongs to or even if you are working on a personal level.

So here are three of the first things you need to look at when building your online presence:

  1. Your Website

All businesses, no matter how small, should have a website. It can be extremely basic, but it should contain the fundamental information customers whether existing or potential need.

The main issues to focus at when creating your website nowadays are:

  • Responsive Website: where your website should adapt to any screen size where people can open your website from Desktop, Laptop, Tablet & Smartphone.
  • Friendly User Interface: Where users should navigate easily your website and directly find whatever they are looking for.
  1. Search Engine Optimization

Almost 90 % of consumers use search engines to research a product, service or business before making a decision. To take advantage of this, you need to make sure to look at search engine optimization (SEO) for your website.

In case you’re not completely sure what SEO means, how it works, or why it’s important, here’s a quick introduction:

  • SEO is to make it easy for search engines (Like Google) to find your website.
  • People tend to trust search engines, so websites that appear high in results pages are more likely to receive traffic.
  • You can implement SEO using search-engine friendly methods to improve your website Ranking
  • Everyone should use SEO because anyone who has information that people want to find on the internet should be using SEO techniques.
  • SEO is an ongoing process. It’s important to monitor the information on your website and make sure it’s current and correct. Search engines also love new content, which is why starting a blog can do wonders for your SEO
  1. Social media (SMO – Social Media Optimization)

Having a strong presence on Social Media will enhance your online presence Big Time!

Why? Simply because top websites worldwide nowadays are social media websites, meaning when you search for anything, you will get Facebook, LinkedIn, Twitter, YouTube …etc results first!

Do I need to be present & active on all social media Platforms? Sure NO!

You have to be present on Main Social Media Platforms like Facebook, LinkedIn, Twitter, YouTube, Instagram & Google +, in addition to the social media platforms related to your business (for example if you work in fashion, go to Pinterest!

Use the Social Media Life Cycle (Recruit More Followers – Engage Your Followers – Convert Them into Loyal Customers) and this will generate direct ROI (Return On Investment)

All above points are basics to start building your online presence.

Do you want to know more and build a professional online presence, just contact me J

Don’t forget to Google my name first!

Roland Abi Najem

www.rolandabinajem.com