Promoting better project management with Agile

 

Remaining adaptable in the modern business world is crucial to incorporating new processes and ideas while allowing former methods to evolve within the company.

For IT professionals looking at improving their project management efficiency, making the choice between PRINCE2 certification and Agile can be a tough decision. As with any qualification course or study, it’s important to know what will best benefit you and your skill set before making a commitment.

If you want to know if Agile is the key to building better business teams and delivering on time and within budget, take a look at some of our frequently asked questions below.

Firstly, what is Agile?

Agile courses are a unique type of IT project management training. Unlike others – that cover a fixed framework or methodology – Agile is considered more of an all-encompassing, umbrella term, consisting of many different management approaches.

Including DSDM Atern and Scrum, this family of development characteristics makes up the Agile Manifesto – the overarching shared values of Agile Project Management.

Want to become qualified in the world’s leading framework and certification for Agile Project Management? Sign up to our AgilePM® Foundation / Practitioner Combined course

Agile is being used successfully across a range of industries.Agile is being used successfully across a range of industries.

What’s the benefit of Agile?

The nature of business is competitive, leaving those who wish to select While many project management approaches are inherently competitive, Agile aims to be complementary to these. An expert in Agile will have excellent focus in assessing a project through the development lifecycle.

Agile can help deliver improved and enhanced communications to your team, enabling the efficient planning and management of your projects.

This isn’t the only benefit of understanding Agile, however, as the more structured approach to projects will assist you in:

Effective training will always remain the key to understanding a methodology or framework.

But what if I’ve already studied PRINCE2?

We at ALC Training offer a number of IT project management training courses. If you’ve read the above information about Agile and feel it may be right for you, then take a more extensive look at our Foundation and Practitioner certificate course.

For those who have already achieved PRINCE2 Practitioner status, the combined PRINCE2 Agile framework course offers the flexibility of both approaches.

Covering a number of areas including the integration of Agile approaches into PRINCE2 project structure, our professionally led training course will assist you in understanding the basic concepts of Agile right up to preparation for the combined Practitioner exam.

Is Agile effective?

In a study conducted by Software Advice, the most common Agile feature used by those surveyed was workflow tracking, with some 95 per cent noting this. Further to this figure, 90 per cent of respondents claimed workflow tracking was the feature to most increase the efficiency of a project.

And the top projects managed by Agile? While 52 per cent of users find their projects to be focussed on software and IT, Agile still finds an exceptional range of use in marketing (11 per cent), architecture (5 per cent), and finance (4 per cent).

Agile remains an effective solution for those in software development, as having a clear and understood scope of project timelines will ensure delivery success.

Conquering challenges with ALC Training

While Agile project management software can clearly benefit many at the planning, management and delivery stages, effective training will always remain the key to understanding a methodology or framework.

ALC has an extensive history with a proven track record – we’ve helped over 30,000 enhance their career options and reliably pass their exams with our courses.

If you want to find out more about PRINCE2, Agile or our combined project management course, get in touch with ALC Training today.

Is PRINCE2 IT project management the training course for you?

 

While the benefits of implementing a universal framework will allow a common language to be spoken by everyone in your IT department, it’s crucial that you take the time to consider which architecture framework and methodology will fit into your company dynamic.

That’s why ALC offers a diverse range of options for those wishing to enhance their IT career with PRINCE2 training courses.

The first steps with PRINCE2

The PRINCE2 foundation and practitioner certificate is a five-day course designed to comprehensively cover every aspect of the methodology involved in project management.

Designed for aspiring or current project managers, this program is ideal for individuals who wish to gain a career as a PRINCE2 trainer or consultant.

By the end of the course, you should be able to understand all aspects of the methodology, learn how to deliver projects on time and within budget, and receive a globally recognised certification.

This could then be followed by the “Directing a Project with PRINCE2” course – suitably designed for members of the board, project executives and senior users.

The benefits of choosing training with ALC

ALC has a solid background in project management and IT governance training.

When you choose to undertake a certification or foundation roadmap with ALC, you’re not deciding on just another IT project management training course, but selecting a company that provides a number of unique benefits:

The most crucial part of a training course is that it runs when it needs to – all ALC Training courses are guaranteed to run on time, with offices in Sydney, Brisbane, Melbourne and Perth.

Consisting of a genuine and dedicated team of staff, we’re always happy to answer any of your questions.

ALC has a solid background in project management and IT governance training. We’ve been training IT professionals in PRINCE2 since 1999, COBIT 5 from 2006, and have a consistent record of personal success assisting thousands of individuals in gaining industry qualifications.

Training can often seem like hard work. ALC is here to help. Training can often seem like hard work. ALC is here to help.

Making the right choice with ALC

If you’re set on PRINCE2 certification, or would like to know more about the process of project management that being effectively trained in this framework can provide, there is no better choice than ALC.

Reach out to us today, and find out how our expert qualification courses can help you distinguish yourself amongst the IT crowd.

Choosing the right security framework for your business

When deciding on a security framework, it’s important that you choose the most applicable and appropriate set of foundation technology and software that suits your business and company needs.

Below, we’ll look at our SABSA® offerings, and how our courses are structured to provide you with the most effective and relevant IT security training possible.

Discovering SABSA framework

SABSA (Sherwood Applied Business Security Architecture) is a foundation framework and methodology that is applicable for service management and enterprise security architecture.

It can be considered the world’s leading open security framework and allows trained individuals to conceptualise, design and manage security in a business.

In fact, we at ALC believe the term “business-driven” is key to SABSA’s power, as the framework allows a company to conduct business on their own terms, while having constant assurance of the security level in the network.

The SABSA roadmap

So you’re considering SABSA training for yourself or the IT team in your business – what’s next?
Our training program is split in three distinct areas, providing a clear pathway for any individuals wanting to undertake SABSA training while remaining flexible about their career options:

In contrast to other training courses, the SABSA roadmap provides a non-specific, mix-and-match process, opening up any of the main career areas upon completion; risk, assurance and governance, architectural design, crisis management and more.

SA

Click to open a larger view

What to expect from your first training course

When you set out to begin your training, it’s unlikely that you’ll know exactly where you want to go. With the flexibility offered in the training courses, you can ensure that no matter the direction your training takes you, we’re here to help guide you on the best career path.

Within the SABSA foundation course, we cover security strategy and planning, as well as service management and design, with the five-day course leading to SABSA Foundation certification and further IT governance training.

Expert support with ALC Training

We at ALC can provide an extensive range of training courses that cover a wide range of topics and specialisations. Above, you can see how following the SABSA pathway can lead to many different career paths, but this is only one of the courses offered by ALC Training.

To discover more about our range of courses and programs that includes ITIL, ISO 27001 and COBIT 5 training, get in touch with our specialist team of trainers today.

Government hacks highlight international security concerns

 

The recent data breach of the Democratic National Committee (DNC) shows not only that governments aren’t above being hacked, but that the greatest opponents may be foreign governments themselves.

The scope of government-funded cybercrime was recognised in September, 2015, when a deal made between the US and Chinese presidents called for neither government to knowingly conduct or support the theft of intellectual property through the use of cybercrime tactics.

Securing your network is crucial to protecting your company's data.Securing your network is crucial to protecting your company’s data.

In a report released by FireEye, the IT security company suggests that public reports exposing the level of involvement China has in economic espionage gave the US government sufficient knowledge and support to confront China about the level of cybercrime.

Russia joins the cyberwarfare battlefield

The report from FireEye indicates a steady decrease in Chinese-led cyberespionage. However, that hasn’t stopped Russia-based hacker groups from positioning themselves at the front of this global security war, highlighting the need for increased IT security training.

In a recent post on Peerlyst – an online information security community – Jarno Limnell of Aalto University in Finland detailed how increased cyberaggression from Russia could have terrifying implications further down the line if not met with resistance.

“Russia has the ability and will to carry out denial-of-service attacks, develop sophisticated malware, and exploit unknown software vulnerabilities,” he noted.

In contrast to China – where cyberespionage has shown a large direction toward economic disruption – Russia-based hackers are more led toward scouting networks and determining the feasibility of future attacks.

“Russian cyber activities focus primarily on intelligence gathering and military reconnaissance of critical infrastructure networks. It has to be remembered that today’s intelligence operations enable tomorrow’s actions, and Russia is mapping networks to determine the resources necessary for future attacks,” Limnell wrote.

Democrats lose their trump card

Following the data breach of the DNC – in which hackers spent months within the system to target the opposition research on Donald Trump – Russia-based cyberattacks were declared the greatest threat to the United States’ national security, according to Director of National Intelligence James Clapper.

A single record of healthcare or education data is valued at US$355 and $246 respectively.

Choosing the appropriate security framework is an essential first step to addressing this type of threat, as a security framework will provide a common language that can be shared by professionals.

This means that any potential network attacks or undesirable situations that may arise can be handled swiftly and with clear communication – providing a solution to the problem before the issue can exacerbate itself.

Data breaches across all industry

For any company, no matter how small, a loss of data can be a costly thing. According to research sponsored by IBM and conducted by Ponemon Institute, while Australia is one of the two least likely countries in the world to experience a data breach, having your business’ data compromised is still a financial nightmare.

The report estimates the cost of data breaches across a number of industries – with a single record of healthcare or education data valued at US$355 and $246 respectively.

With the lowest average figure belonging to the public sector at $80 – and data breaches reported by Symantec exposing up to 191 million records in a single attack – it’s clear that this kind of network assault can cause serious damage regardless of the industry.

Choosing the right security framework is vital to the health of your business.Choosing the right security framework is vital to the health of your business.

The framework of security with ALC Training

Keeping yourself at the forefront of security technology is as crucial as deciding on the right security framework. Offering expert knowledge across a number of essential framework courses, choosing ALC as your IT governance training provider is the first step to advancing your career in IT.

Ensure that your business has the best advantage when it comes to preventing data breaches or unwanted access to your network – get in touch with ALC Training today.

Weaponising encryption through zero-day vulnerabilities

 

When Symantec released its Internet Security Threat Report in April, 2016, a number of disturbing trends were highlighted in the world of information security.

Some of the key trends that were identified in the report covered large data breaches in companies, an increase in zero-day vulnerabilities and the growing use of ransomware for extortion techniques – highlighting the importance of information security training.

Stolen data not fully disclosed

Large businesses have always been a target for cybercriminals. When a company holds a lot of data in its network, valuable information to either the business or potential competitors, it can become a clear target for an attack.

The report notes that at the end of 2015, the largest data breach ever publicly reported – a total of 191 million records – rounded out a year of nine mega-breaches. This level of data leak is defined as containing more than 10 million records, but this figure isn’t the most unsettling discovery in the report.

Symantec estimates that the number of companies that chose not to disclose the amount of records lost in data attacks increased 85 per cent in 2015, with the excluded data moving the total figure of personal records stolen to over half a billion.

It doesn’t matter why the companies decided not to release the detailed extent of their data breaches; the lack of information supplied provides a painful blow to internet security. The crux of effective security is knowledge, and the lack of clarity around the data breaches means a lessened ability to react and adapt to the methods used by cybercriminals.

Four of the five most popularly exploited zero-day vulnerabilities were discovered in Adobe Flash.

The hunt for zero-day vulnerabilities

A zero-day exploit is a flaw in a piece of software that is unknown to the developers and undisclosed to the general public, receiving its name due to the window of time available to patch or implement a response procedure.

The majority of zero-day vulnerabilities are found in very common and popular applications – four of the five most popularly exploited zero-day vulnerabilities were discovered in Adobe Flash.

Despite the large amounts of unique and emerging malware discovered in 2015, data from McAfee Labs estimates backdoor and botnets only account for 2 per cent of total network attacks. However, malware coders have always been particularly fond of these types of exploits, as it allows them to utilise other means of network entry.

Cybercriminals who write malicious code can incorporate this into a website, causing anybody who visits the page to activate a vulnerability in their web browser. When you consider how many popular web browsers we really have, having continuous exploits in one of the most widely used is a worrying prospect for cybersecurity.

Locking a company out of their data is a popular ransomware method.Locking a company out of their data is a popular ransomware method.

Big data held at ransom

Crypto-ransomware has moved to the forefront of security statistics lately, as we see hackers placing a heavier emphasis on the encryption of data over the more traditional method of locking the user from their computer screen.

This type of attack remains extremely profitable to hackers, and 2015 saw a move away from the more traditional targets of PC’s toward Mac, Linux and mobile phone users.

Despite a steady decline in traditional ransomware in 2015 – with February and June providing the highest figures of recorded usage – crypto-ransomware grew from around 10 to over 50 per cent from July to December.

It makes sense why this type of attack is popular with hackers – locking someone out of their own data provides little option for recovery outside of paying the demand. Unlike a credit card or bank exploit, where monetary loss can be replaced and insured, recovery of data can potentially be impossible.

The number of infected apps listed in the Symantec report total as high as 4,000.

Life imitating art and Xcode exploits

One crypto-ransomware tactic being employed by hackers is to increase pressure on a victim by destroying the encryption key after a set amount of time – causing the locked data to be lost forever. We’ve seen this method popularised on the television show, Mr Robot, where a similar situation of data ransomware led to the total collapse of the world economy and global riots.

Previously thought to be immune to attack, users of Apple products should be more vigilant than before – a malicious code known as XcodeGhost has been discovered in Xcode, Apple’s integrated development environment.

The number of infected apps listed in the Symantec report total as high as 4,000, with victims opening themselves up to a range of attacks once they’ve installed the software.

After a user downloads and installs one of the infected apps, their data is uploaded to a central command server and allows the hacker to perform a terrifying variety of actions, including generating false alerts to steal the username and password of the victim and remote opening of specific websites, potentially leading to further infection if coupled with a zero-day exploit of a web browser.

Arm yourself with knowledge to limit the risk

It’s imperative to the health of a business that the scope of exploits and malware be understood. ALC offers a range of IT security training courses including SABSA security architecture, CISMP and CISSP credentials and a selection of security awareness courses.

To learn how effective training can help safeguard your business, get in touch with ALC today.

The ITIL Expert career pathway

 

Choosing the correct certification in IT can be a challenging task. With a plethora of curriculum and specialisation options – and just as many instructors and consultants – choosing the most beneficial training course with the right provider can prove a great success to your career.

ALC Training has been a market leader in IT project management training since 1994, assisting over 30,000 people in gaining the right certification. One of these is Information Technology Infrastructure Library (ITIL) – an IT Service Management framework.

Below, we’ll look at the ITIL course pathway – from foundation to intermediate certificates, through to ITIL Expert qualification.

ALC Training has been a market leader in IT project management training since 1994.

The foundation of knowledge

The first step to achieving an ITIL Expert qualification is to learn the framework and structure of ITIL itself. The 3-day foundation course provides an overview of ITIL and an extensive list of topics; including the service lifecycle structure and strategy, design and service operation.

The course will also prepare you for the Foundation Certificate exam – the first step toward achieving ITIL Expert certification.

Intermediate capabilities

Once you’ve completed the initial course and gained your foundation certificate, you can move on to capability or lifecycle modules. There are five capability certificate courses that cover the core service management aspects of ITIL.

The five-day course encompasses how to maintain control and maximise the quality of an IT service, the prevention of recurring errors and faults, issue reporting, response to customer and market requirements, and future strategic vision.

Gaining ITIL certification can provide great benefits to your IT career.Gaining ITIL certification can provide great benefits to your IT career.

What makes an ITIL Expert?

The concluding and mandatory module of the ITIL Expert qualification is Managing Across the Lifecycle. This final course addresses the identification of management and business problems, risk management and organisational challenges.

Once you’ve finished the training and successfully passed your final exam, you’ll achieve your ITIL Expert qualification – proof of the new skills available to your team and business. With this certification, you can demonstrate a comprehensive approach to service management, and learn a common language to assist the ease of further learning.

Reliable ITIL training with ALC

Choosing the best course to benefit your career can be a tricky decision. ALC is a trusted ITIL certification provider with over 20 years of professional training experience.

Get in touch with ALC Training today, and we can discuss a personalised ITIL Expert course program to help you make a difference in your IT career.

Hacking the amygdala with social engineering

On the bus trip to enjoy your shopping, a lovely young man sits next to you.You strike up a conversation and are happy to find you have similar interests. He also owns a dog, the same breed as yours, and he even demonstrates a love of the same films and sports.

You’re surprised to find out that you both grew up in the same area of the city, and you give the young man your phone number when he asks if you’d like to see the new Star Wars film next week. As you get off the bus, you wave goodbye and carry on with your shopping journey.

Before you can make your first purchase that day – perhaps even prior to entering the shopping centre – your email and social media accounts are compromised and your bank account is emptied.

Don't let hackers use your information against you.Information security training can protect you from cybercrime.

Congratulations. You’ve become another unsuspecting addition to the statistics of social engineering.

Emotional extortion of information

Humans have long been the easiest targets for anyone wishing to compromise an information system. We don’t actively seek to accuse everyone of deception – if we did, our daily lives would be a paranoid mess – but this noble part of our psyche is also its greatest opportunity for exploitation.

Hackers – or anyone wishing to manipulate another person into revealing something – employ these tactics by targeting the vulnerabilities in our emotional response. In the example above, we see a few pieces of common password information change hands; pets and their breeds and names, favourite films and sports, and the area you grew up in.

By giving the hacker the bonus information of your phone number, they have everything they need to attempt a password crack on your accounts.

Humans have long been the easiest targets for anyone wishing to compromise an information system.

Passwords appearing closer to sudoku

SplashData has complied it’s annual Worst Passwords list in a continued attempt to bring light to the lax security around many individuals’ security. According to the data, “123456” and “password” are still the two most commonly used, with the rest of the list looking equally shocking.

As websites and apps demand greater security – with most passwords now requiring 8 digits or more – “12345678” has risen to third place, showing that, despite the attempt for increased protection, users are still falling short on their side.

Also on the list were the familiar sports themes of “football” and “baseball” alongside newcomers “letmein”, “passw0rd”, and “starwars”.

The faceless crime of identity theft

But even with a weak password and a friendliness toward strangers on the bus, you may still be wondering what anybody could want to break into your life for.

Identity theft can lead to hackers opening false bank accounts or making online purchases in your name. Even worse, recent scandals show that our most private photos and information in the cloud is able to be compromised. Blackmail of any sort can lead an individual to divulging political, business, or individual information.

A report by software company Symantec revealed that more than 550 million identities were exposed online. Looking at this figure, it’s clearly more important than ever to ensure your online identity and information are kept safe from attack.

Protecting the information core

Your brain is the most powerful weapon against cybercrime. By recognising the potential warning signs of social engineering techniques, you can keep your identity and financial details secure.

Effective training is one way to identify and eliminate these social engineering threats. Reach out to ALC Training today and find out how information security training courses can turn your brain into a mental Fort Knox.

Mobile social engineering and the rise of ransomware

Human psychology is a remarkable thing. How humans behave, how they interact with each other, what and who they trust – all of these can be tools for someone attempting to compromise network security. Understanding human behaviour or thought patterns and exploiting this knowledge to control or guide the actions of an individual is known as social engineering.

Social engineering tactics can involve all kinds of manipulative behaviour – a scam reported by the Australian Communications and Media Authority in 2016 discovered fake messages sent from seven leading banks. This event highlights the need for two-factor authentication on the internet, with a 2015 Verizon Data Breach report stating the effectiveness of this measure – it is the recommended strategy for 24 per cent of all security incidents. 

Most of us are familiar with email spoofing – you receive an email from a friend that contains an exciting or alarming subject line, shortly followed by another email from the same friend urging their contacts not to open the last one. 

Nobody can completely resist manipulation under the right circumstances, and this idea is the backbone of social engineering.

In 2015, 528 mobile phone vulnerabilities were discovered, a 214 per cent increase over the figure in 2014.

The 2016 landscape of cybercrime

Symantec recently released its 2016 Internet Threat Security Report, with the extensive collection of data revealing a number of new methods hackers are incorporating into their attacks. One of the alarming increases seen is the amount of information that is used and collected for the purpose of ransomware. 

The report states that in 2015, 528 mobile phone vulnerabilities were discovered – a 214 per cent increase over the figure in 2014. While the total figure of new vulnerabilities saw a 15 per cent drop in 2015 from the previous year, the amount of zero-day vulnerabilities increased 125 per cent. 

This would seem to suggest that increased deadline demands on technology programmers is forcing them to unleash applications to the market without putting them through proper testing. 

As we move toward a future that looks to incorporate things like smart cities and utilities that are connected to the cloud, it's timely that we begin addressing these sorts of software vulnerabilities before the data taken from them is locked and used for ransom. 

Social engineering increases

Another trend emerging is that hackers are using more personal techniques to compromise a system and gain access to information. The amount of websites found hosting malware decreased between 2014-15, with only 1 in every 3,172 sites discovered to contain the malicious software. 

This isn't exactly new, however; as virus detection software has proved itself more capable, social engineering has accounted for an increasing amount of cybercrime. Instead, hackers are finding that the easiest way to penetrate a system is from the inside, using a business or company's own employees to their advantage.

Our social lives are also being pulled into the mix, with cybercriminals using methods that appeal to our need for popularity and to be noticed. As the technology to digitally protect a system advances, we could see fewer attempts to infect a network through traditional methods – requiring security training to adjust itself accordingly.

One scam noted by Symantec promised a large amount of Instagram followers, which tricked users into revealing their passwords. Other attacks included the impersonation of a bank via text message, and a fake tax office email that attempted to trick individuals into opening a malicious attachment. 

Cybercriminals are using social engineering techniques over traditional malware attacks.Cybercriminals are using social engineering techniques over traditional malware attacks.

Preventative training with ALC

ALC offers a range of information technology training courses, designed to teach those who have access to your network the warning signs that they may be targeted by a cybercriminal. The information security awareness programme details common computer and email viruses, what to do if you suspect an attack, and internet scams and phishing.

To equip your business and employees with the knowledge and tools they need to prevent a security attack before it happens, get in touch with ALC Training today.  

Which training course can you most benefit from?

If you've been to university in the past two decades, you can attest to the number of individuals who find themselves confused or lost by choosing the wrong training course or degree. Despite this, employers and students alike still place great significance on acquiring a qualification to prove their ability. 

There are a range of certification options available in almost any career, but IT training will always benefit individuals with unique and diverse skill sets. Any individual or business that values specificity and competency in their work will know the improvements that well-designed training courses can bring. 

ALC offers a selectively designed program to ensure that all trainees return to their jobs able to make an impressionable and instant difference to their role. So, which training course is right for you? 

Choosing the right IT training course can greatly benefit your career.Choosing the right IT training course can greatly benefit your career.

Below, we'll take a look at the selection of courses provided by ALC Training across three of their five key areas.

ITIL is an essential qualification for those wishing to make a difference in IT service management.

IT Service Management

The Information Technology Infrastructure Library (ITIL) is an IT Service Management framework, an essential qualification for those wishing to make a difference in IT service management. The foundation course covers a number of areas to help you learn the fundamental features of ITIL and prepare for the foundation certificate exam.

The 3-day training comprehensively details all foundation subjects – from the history of ITIL itself through to service management, strategy and design and much more. The foundation course finishes with an ITIL certification exam and its relation to other key training areas, including:

Further ITIL training is also offered, with the ITIL Expert qualification awarded to those who successfully complete the range of training modules. 

Project, Programme and Portfolio Management

PRINCE2 training can offer a number of benefits to team project management – whether it's aiding the clear communication between a team, integrating client requests into an existing project or bringing on new staff to a project. 

The 5-day foundation and practitioner course provides effective training for those who wish to grasp the key concepts and frameworks of PRINCE2 while also gaining recognised qualifications. 

The first part of the course covers the seven principles, themes and processes of PRINCE2, with the second half committed to the implementation of PRINCE2 and management of a project – with practitioner certification held at the closing of the course. 

SABSA training provides improved competency in business-driven security strategy and architecture.

Information Security

ALC offers a diverse array of information security training courses, including SABSA, CISSP, CRISC, ISO 27001 and CISM.

Whether you want SABSA training for improved competency in business-driven security strategy and architecture, or ISO 27001 certification gained from practical teaching, ALC Training can provide a structured career path. 

These courses aren't limited to network administrators or engineers, however. The Information Security for Executives presentation uses pertinent scenarios to help those in higher positions better understand the roles and challenges of security professionals. 

For those with a large roster of staff, the Information Security Awareness Program addresses social engineering – the use of humans as manipulatable targets for hackers – and can be incredibly effective in identifying malicious cyber-tactics. 

ALC Training from foundation to expert

ALC is a supplier of expert training and services for businesses and individuals – able to provide and implement effective IT solutions. ALC Training courses are designed to equip professionals with the skills needed to make an immediate difference in their role. 

With classes offered in New Zealand, Australia and areas of Southeast Asia, now is a great time to get in touch with ALC Training and find out how specialised courses can help you take the next step in your IT career.

Social engineering alert signs you should be aware of

Australians lost almost half a billion dollars to scammers in 2018 according to the latest figures in the ACCC’s Targeting Scams report. Australian businesses are also being targeted by sophisticated ‘business email compromise scams’ with reports of losses to Scamwatch and other agencies exceeding $60 million in 2018. View more statistics

ALC Training - Scam Target 2018

The techniques of cybercrime are evolving to include the programming of human beings, through social engineering techniques employed to gain access to your company.

Identify and report suspicious behaviour before it can compromise a network.

Understanding social engineering

Social engineering is a technique employed by criminals to obtain classified or confidential information.

The methods used to trick information from the target are almost as varied as the types of information gained; hackers will find a use for almost anything.

A report released by Symantec showed that real names, social security numbers and dates of birth were the three types of information breached most often. The remaining six cover emails, usernames and passwords, as well as addresses, medical records, insurance details and financial information.

It would seem that there isn’t much that hackers can’t make use of, which could prompt many of us to feel that the only solution is to unplug our modem and live in a cave. Thankfully, the world of information security training has proved more than capable of meeting the demands set by hackers.

Fighting the good fight

Nobody wants to let fear control them, in the same way that a business should have confidence in its employees’ abilities. Whether this be the most complex of IT security procedures or simply knowing if an attachment is safe, every interaction is important.

The ability to identify and report suspicious behaviour before it can compromise a network can be crucial to the long-term health of your business. Below are a few alert signs that every employee, and employer, can benefit from looking out for today.

A good rule of thumb

As a general rule, if it looks too good to be true, or like a scam, then chances are it is.

Use common sense before opening external links, downloading attachments, or thinking about putting anything onto a work computer.

ALC Training offers expert information security training, designed to help your employees learn the best and safest online practices. Reach out to us today, and find out how effective training can prevent cyberattacks before they happen.

ALC Training - 15969

Don’t let your employees be the weakest link in your network chain.

 

 

 

The escalating incidents of financial cybercrime

On November 8, 2008, the world of financial cybercrime changed forever.

According to the Federal Bureau of Investigation (FBI), within the space of just 12 hours a team of hackers and 'cashers' – thieves employed by the hackers – targeted more than 2,100 automated teller machines (ATM) worldwide. After the electronic dust had settled, the amount of stolen funds exceeded US $9 million.

A year later, the FBI Cyber Division commented on the heist.

"It was a highly sophisticated and cleverly orchestrated crime plot," they wrote, "and unlike any we've ever seen before."

So how exactly did a team of only three 20-something European hackers in separate countries manage to pull off an attack that redefined cybercrime?

"The end user remains the weakest link in the chain during an online transaction."

The timeline of the attack

When a Moldova-based hacker discovered an exploit that enabled him to access the computer network of a credit card company, he forwarded this information to an Estonian hacker.

After investigating the weakness of the network to the exploit, the Estonian passed this information to another hacker based in Russia.

With the exploit tested, the Russian and a small team of associates compromised the network of the credit card company and began raising the withdrawal limits of prepaid payroll debit cards. After the limits had been set and card PIN codes reverse-engineered from the network, the hackers deployed their team of cashers to extract the funds from over 2,000 ATMs.

Just 12 hours later, and using only 44 cards in total, the criminal team walked away with the staggering $9 million sum.

Financial cybercrime rises

While 2008 marked the moment that cybercrime on a worldwide scale was brought to the public attention, the following years only showed an increase in financial institutions being compromised.

Recent news reports show that hackers are no longer looking at figures in the millions as a challenge. One event in Bangladesh saw a spelling error stop hackers in their tracks: the spelling of 'foundation' as 'fandation' prevented cybercriminals from stealing over US $1 billion.

With this in mind, the approach toward information security training needed to evolve with the methods employed by hackers. 

In February 2016, the Australian Communications and Media Authority (ACMA) released a warning to users of online banking software and applications indicating that hackers were using fake SMS messages to trick individuals into revealing sensitive information.

One of the most effective ways to protect yourself is to understand the use of social engineering, and how hackers deploy this tactic when committing cybercrime. 

Identifying social engineering techniques can keep your money safe.Identifying social engineering techniques can keep you safe from cybercrime.

The rise of social engineering

According to a report released by Symantec Security Systems, the number of financial malware software or trojans that were detected in 2015 decreased from 2014 by over 70 per cent. While the exact reasoning behind this remains of a mystery, improved security software has resulted in technical exploits becoming less and less viable. So who or what is the biggest risk? 

"The end user remains the weakest link in the chain during an online transaction," the Symantec report says.

Social engineering, or the psychological manipulation of another human to have them perform an action or reveal information, is one of the most effective methods used by hackers and cybercriminals in their mission to extract information or gain access to a network. 

ALC Training offers its Information Security Awareness Programme, a unique training course covering social engineering, identity theft and email-based threats including worms and viruses in attachments.

Ensuring the online security of your employees is crucial to the success and health of your network. The appropriate IT training security training course can arm your company with the tools needed to identify a cyberattack before it can compromise your system.

For more information on our information security programmes along with our extensive range of ITIL, COBIT 5 and PRINCE2 courses, reach out to ALC Training today. 

How can PRINCE2 benefit your digital marketing strategy?

In today's busy global marketplace there are a huge number of international and domestic companies vying for space. For businesses to survive, it is essential to have a point of difference or a unique selling point (USP). For some businesses it could be having highly trained staff, such as individuals with ITIL certification, for others it might be a patented product or service.

PRINCE2 training can help managers deliver digital marketing projects.

However, a company's point of difference is only as good as the marketing strategy it uses to communicate its brand to consumers. So how can PRINCE2 training help individuals implement an effective and successful marketing strategy.

What is digital marketing?

By now most people will have heard of the term digital marketing. But what does it mean? In its simplest form, digital marketing is the communication and promotion of products, brands and people through one or more types of electronic media. 

One of the major distinctions between digital and more traditional forms of marketing is that the former involves the use of techniques and channels that allow businesses to assess the effectiveness of a campaign. Through real-time information, marketers can learn what is and what is not working. From monitoring customer touchpoints to measuring the success of sales conversations, digital marketers have the ability to access up-to-date information from a range of channels, including social media platforms and instant messaging. 

Digital marketing is important for a number of reasons. With consumers having near instant access to information no matter where they are, customers are not only exposed to what a company says about its brand but what other sources say too. As such, it's highly important a business stays in control of its image

How could PRINCE2 help digital marketers?How could PRINCE2 training help digital marketers?

So how can PRINCE2 be used in digital marketing?

Like many other industries, digital marketing can be founded on a range of projects – depending on the style and structure of the business. With PRINCE2 being one of the world's leading project management methodologies, it is well positioned to successfully deliver variety of small to medium-sized digital projects

PRINCE2 has a number of tools that project managers can use to deliver successful and on-point projects. Management by Exception is an example of a principle that can be of value to digital marketers. 

As today's commercial world is characterised by disruptive forces and quick changes in consumer behaviour, projects need to be delivered on time and to budget. Management by Exception ensures that project managers are not overloading senior leaders with too much detail as the project transitions between stages. This principle ensures projects are delivered according to the outlined timeline and without becoming bureaucratic and static. 

PRINCE2 training courses can ensure senior management is not inundated with information.PRINCE2 training courses can ensure senior management is not inundated with information.

What can make a digital marketing project better?

PRINCE2 training can ensure managers clearly define roles while offering strong, directed guidance, helping them and their teams remove the challenge from executing strategy. With rigorous project control through the method's guidance, a project manager can reduce risk and ensure that they complete the goals they set up.

Digital marketing is characterised by cross-disciplinary approaches, for instance, web designers can find themselves working side by side with copy editors. Teams comprised of people with a range of different skills and experiences can be an obstacle to the clear understanding of their duties. 

One way to boost the effectiveness of PRINCE2 is to have an entire team trained in its method, not just the project manager. By doing this, team members can speak a common project management language and bring a level of clarity to the project. 

If you would like to know how PRINCE2 training courses can benefit your organisation, talk to a representative at ALC Training today. With clear terminology and processes, companies can reduce the tension that comes from misunderstandings and ensure projects are executed effectively.