|
Welcome to Amuleta Computer Security Inc. |
 |
 |
 |
|
Today's business leaders must deal with vastly increased IT security challenges and regulatory compliance. Amuleta provides IT security services including; digital forensics, design of secure network architectures, security assessments and management guidance from our leading security experts. Our forensic experts identify sources of digital evidence, preserve, analyze and present our findings. Amuleta works with a wide range of clients from not-for-profits and small business to law firms and hi-tech science and technology corporations. We are headquartered in Vancouver, B.C. Canada.
Drop us a line today at info(@)amuleta.com to see how we can help you. All enquiries are confidential. |
|
|
What are the top IT security issues we see in companies today? |
|
|
|
|
A) Poor understanding of the seriousness of IT security issues by company management is by far the number one issue we face. An unfortunate side effect of this prevailing attitude is the regular IT staff person throwing in the towel and letting potential security problems slide into real ones. We see this all the time. And often the IT management role has been relegated to individuals who are otherwise not even remotely qualified, from receptionists to accountants. The worst security offenders are management themselves and, indeed, they are the preferred targets by hackers for that reason. Company executives are notorious for ignoring or otherwise getting around their own company's computer security policies. Company executives are also the easiest targets as many publish both their names and their e-mail addresses on the web, and have the least computer skills. Hackers know this full well and act accordingly. One of our recent clients had a very sneaky socially engineered password stealing Trojan e-mailed to their CEO, who promptly forwarded it to the CFO and their senior engineer. We caught and blocked it before the damage was done. Another one brought in an infected personal laptop that was spewing out spam. We detected and blocked that too.
Otherwise, the most severe issues we see are weak or non-existent passwords, operating system and application patches not up-to-date, computers being run in full administrative mode, old firewall technology that doesn't block inbound and outbound malware, rogue laptops that bring malware into the office network, unsecured wireless devices, and un-enforced computer usage policies - if any at all.
We build secure networking environments, and write the policies, that deal with these issues and more. |
|
|
What is a social engineering attack? |
|
|
|
|
A) In the normal world, social engineering could mean anything from a government trying to convince you to believe and act a certain way, or an advertiser attempting to modify your personal purchasing behaviour. If done right, social engineering can be very effective at behaviour modification. The same applies in the computer security world. Most people have now seen phishing attack e-mails which attempt to separate us from our identities and subsequently our hard earned cash. The attackers, all organized crime, have been surprising successful at this criminal form of social engineering and are now focusing more on individual companies. This often involves a targeted e-mail directed at persons within the company from what looks like a known and trusted entity on the outside. Many company web sites give away enough information to create the means for a viable social engineering attack. The latest one I've had to deal with involved a realist e-mail from Revenue Canada with a link to what looked like a PDF attachment. The attachment was a downloadable Trojan designed to steal passwords - and it blew right through two layers of top-of-the-line name brand security defences because it was unknown to both vendors. Here is a great article on Wikipedia on the subject of social engineering attacks. http://en.wikipedia.org/wiki/Social_engineering_(security) |
|
|
