State CIOs weigh in on cybersecurity progress.

From home computer users making sure they have anti-virus and anti-spyware installed, to protecting your kids from online predators, to backing up everything in case of a cyber attack, the federal governments wants you to be sure you're doing everything you can to protect your cyber assets.

"Back in 2004, at the inaugural Cyber Security Awareness Month, almost a third of the Americans polled believed they were more likely to be struck by lightning than to become a victim of a cyber attack or a security breach," Greg Garcia, Cybersecurity and Communications Assistant Secretary at the Department of Homeland Security, said Thursday.

"The times really have changed. We're seeing now phishing, farming, botnets, Wi-Fi, war dialing and domain server spoofing. And we're seeing coordinated cyber attacks against nation states."

With IT systems and networks serving as the "nervous system" of the country's most critical infrastructures, such as food and water processing and purification plants, bridges, electricity generation, online banking, and dispatching emergency personnel, Garcia said, "protecting cyberspace, in my view, is as important to our national interests as protecting our land and our sea borders."

State chief information officers (CIOs) across the country are using this month to hammer home the message to their governments that development and protection of the IT structure is of utmost importance.

"It is utterly important to recognize that information technology not only enables the workings of the country's infrastructure … but also enables all of our commercial activity and as such there's a need for all the stakeholders to work together to ensure that the nation's IT infrastructure is secure," Gopal Khanna, Montana's CIO and president of the National Association of State Chief Information Officers (NASCIO) told HSToday.

State CIOs are responsible for leading technical solutions across their governments, and for coordinating efforts to keeping states' networks safe and secure.

Khanna said it's imperative state governments use a "coherent approach" in securing citizens' data and assets.

"The weakest link can disable the government's ability to deliver content in the classroom, payroll for employees, payouts for Human Services, information for police officers in police cars, and ability for first responders to respond in the case of a disaster," he said.

Posted by Justin Payton in Adware, Spyware and Trojans at 17:09

The Internet has suddenly emerged as an easily accessible place to steal money and identities, as most users still operate through unsafe systems and are blissfully unaware of the dangers that lurk in cyber networks.

The trouble is, Internet users are only as good as their password and i-pin. And phishing (Internet bank account hacking) is the way for miscreants and conmen to get hold of it. Internet users in India are being flooded by e-mails on millions of pounds or dollars they have either won or inherited.

More serious are official-looking mails ostensibly from the bank where an Internet user has his or her account, saying the bank wants to crosscheck their personal data, account numbers and passwords.

It looks official and appears to be exactly like your bank's website, but the moment you write in your personal data, the damage is done. A proxy server in any remote corner of the world, be it Nigeria or Taiwan, uses that information to then siphon off money from your account to theirs. It's that simple.

India has woken up to a plethora of phishing attacks in recent months. Last year, we were ranked 14th in phishing attacks worldwide, and this year we are in the top 10. The Bangalore police, for example, had registered over 40 cases of phishing last year.

This year, there have already been over 30 such cases registered. In November last year, Bangalore's Corps of Detectives arrested a man named Joseph Marci, who, between August 2006 and August 2007, had systematically bled 17 bank accounts in top commercial banks- including ICICI, HDFC, Axis and Citibank-siphoning small amounts regularly to have amassed Rs 3.54 lakh.

It was an eye opener, as he used a simple tool that most Internet users could fall prey to. Marci's modus operandi was to download free software called "key logger" onto public computers in Bangalore's ubiquitous cyber cafes.

Normally in the first week of the month, people check their bank accounts and type all their details. The software recorded the sequence of letters and numbers, giving Marci all the information he needed- bank account number, password, branch and so on.

A survey by Websense in 2007, which spoke to 450 CIOs (chief information officers) in India's biggest companies, revealed that 57 per cent of those companies had received phishing attacks, while 38 per cent had been attacked by a spyware, despite installing rigorous firewalls and anti-virus systems.

And while most organisations were uncertain about the financial losses they incurred due to these attacks, about 55 per cent believed to have received viruses and worms into their network due to their employees surfing the net.

The CIOs felt that some of the ways in which employees exposed their corporate networks to security threats included: free software downloads, use of Instant Messaging tools, proxy avoidance sites, visiting malicious websites and pop-up ads.

Experts also say that the Internet Explorer, a browser that most of India uses, has no built-in anti-phishing mechanism. "Mozilla or Google's new browser, Chrome, have built-in anti-phishing tools, so it's always better if you switch to them," says Ankit Fadia, India's most famous ethical hacker.

Posted by Justin Payton in Adware, Spyware and Trojans at 14:57