Cybersecurity in your pocket: The essentials of mobile malware

An increasing number of businesses are embracing the ‘bring your own device’ policy, allowing employees to use their smartphones and tablets to access the company’s information and work on the go.

This policy can add a new dimension to IT project management training, with products now able to be developed remotely and flexibly using mobile devices. However, it also means that a greater emphasis now needs to be placed on mobile cyber security to ensure that businesses are keeping their information secure.

Threats being detected in the Android app store

Although all kind of devices has risks associated with them, those operating on the Android platform are shown to be particularly vulnerable to malware from apps. It’s therefore essential that companies with employees using Android devices are extra vigilant and aware of the possible threats.

The most prominent threat to Android users is apps, with the Google Play Store being invaded by numerous applications containing malware. Google Play Protect detected and removed 1,700 Android apps infected with the malware Bread (also known as Joker) before ever being downloaded by users.

Likewise, an analysis by G DATA showed that the number of malicious apps reached a record level in 2019. This problem is growing, and businesses have to look out for ransomware and Trojans that might compromise their data for money.

How can businesses protect themselves?

Due to the magnitude of this risk, it’s important for businesses to know the security measures they should take to defend employees mobile devices from malware. Lukas Stefanko, expert at security solutions company ESET, emphasises that the best approach to security is preventative.

“Don’t delay taking security measures until something unusual happens – in most cases it’s too late as the device may already be compromised and the data lost,” he said in an interview with We Live Security.

Businesses should require that all employees using their personal devices to access company information to have the latest operating system and antivirus software installed to defend against cyber threats. They should also encourage people to be careful of the apps they download, and always check the reviews before installing anything.

It is apparent how mobile security has become an integral aspect of information security training, and companies need to ensure they protect all channels of data access. ALC Training can help by educating employees in all aspects of cyber security, resulting in better protection for businesses in the long run.



Google Security Blog – Read the full details here .

G Data IT Security Trends 2020

InfoSec Skilled Workforce Shortfall – Reality?

I have been in the infosec sector for over three decades and have seen the rise and fall of demand for IT and security professionals on a number of occasions. Y2K, the dot com bust and the GFC did not help our industry. Currently, we are on an upward trend, delivering training across Australia, NZ, Malaysia, Singapore and Dubai. I have seen year-on-year growth as people take up the call to either upskill, try to get a foot in the door or just learn about on-trend topics, such as cyber security, architecture, cloud, big data, artificial intelligence, digital forensics or incident response.

ALC recently added privacy to our portfolio by partnering with the International Association of Privacy Professionals (IAPP) and we’re making great inroads due to the pent-up demand in Australia and New Zealand. At the recent IAPP conference, the key message emerging from presenters, is one of accountability – having a key individual within an organisation drive the privacy agenda forward; it is all about privacy by design. And no wonder, every week, there is an article on a new privacy breach, quite often coupled with staff dismissals and a hefty fine.

Our cloud portfolio is also strengthening. ALC made a strategic decision to add Certified Cloud Security Professional (CCSP) to the portfolio in 2017, along with other cloud courses, and Australia now has more certified CCSPs compared to Germany! Running the numbers, we can proudly say we have trained two thirds of those certified in Australia alone. For those who hold a CISSP or have anything to do with cloud, I highly recommend the (ISC)2 CCSP® certification.

So is it all hype, or is there a genuine need for training? In reality, it’s a little hype, but also a genuine need to fill a gap. Increasingly, we have delegates cite several reasons for becoming certified: personal challenge, company requirement, or simply to learn. Many delegates are from organisations that are typically under-resourced when it comes to security and privacy, expecting miracles with existing staff numbers.

Remember, security and privacy are solved by people, process and technology. Therefore, it is everyone’s responsibility. We need effective awareness training and to skill those people on technologies, to look after security in their own domains – rather than expecting a security professional to become a master of all trades. There is a plethora of courses out there to do precisely that.

ALC’s focus is to deliver industry recognised training and certifications that are needed now and into the future. ALC has always been at the forefront of Information Security education since our very first course on Information and System Security in 1995. Our flagship set of courses on SABSA® security architecture and industry standard certifications such as CISSP® and CISM® are designed to meet the needs of the security professional. (FACT: Did you know ALC is an ISACA Training Partner!) Also, in the past three years we’ve placed a very strong focus on addressing the needs of newcomers to Cyber Security to help enable the industry to broaden its skills base with our Cyber Security Foundation+Practitioner Certification. 

Cyber Security is a prominent, highly-regarded profession offering many varied career paths. The ALC Cyber Security Portfolio offers a formal route to becoming a recognised and respected cyber security professional through a modular program of certificate and non-certificate courses. Whatever stage you are at in your career, or if you are an Executive in need of improving capabilities within your organisation, we are here to help you, your team or your company, locally and worldwide.

Get in touch with our team to see how we can assist to deliver optimal training suited to your needs.

Peter Nikitser, Director of Cyber Security – ALC

Online Voting – Why are we so afraid?

We live and breathe in a world that is a bizarre dichotomy.

On one hand, we want anonymity and privacy, on the other, many people pump full details of their private lives into social media and online services, happily enrolling personal questions such as mother’s maiden name, favourite colour, first pet, streets names, and so on; site after site after site. These are mostly in the hands of private enterprise, and we happily and blindly use these online services, placing trust in the hands of a third-party to get it right.

And so it is, that there is an apparent distrust when we come to think of electronic voting, because these are in the hands of the government. Claims abound of errors, outcomes being rigged or platforms being hacked. These are all valid concerns, and let’s face it, can happen.

On the path of being honest, in the physical world, I can be also coerced into voting through bribes or incentives; papers can go missing; votes can be added up incorrectly because the process is manual, I can be threatened in some parts of the world just because of who I am, who I want to vote for or perhaps because of my gender. Some of this happened in our most recent elections here in Australia; not too sure about the bribes though – my bank account remains incredibly thin.

I have had the benefit of working on one of the world’s largest electronic voting systems, consulting to the Electoral Commission of NSW in Sydney, Australia. At the time, late 2013, we were asking, why would anyone be interested in swaying the outcome of an election using electronic or any other means? Fast forward to 2016, and we had our answer – Donald vs Hillary. The Medicare scare by the Australian Labor Party (ALP) on the morning of the federal election in 2016. They term is being labelled cyber tampering.

However, it wasn’t any electronic voting platform to blame. In the first instance, it was social media (Facebook) being used to leverage data mined from potential voters (Cambridge Analytica) who would ultimately show up in their masses to vote for the Don. In the second instance, it had enough of a disruptive impact to sway voters in Australia to move their vote away from the Liberal National Party (LNP). Sure, the ALP was fined, but did the level of the fine send the right message? Did anyone go to gaol?

Voters complain in Australia how long it takes to produce an outcome for the federal election, or even state elections. How can we solve the problem? We are smart people, aren’t we? Secure software development. Dedicated voting systems. Apps for mobile devices. Good Governance. The ability to tabulate results in the blink of an eye.

Can a vote in the electronic world be discounted just like a vote in the physical world? Yes it can, and the electoral commission knows this. Ever put “Jon Snow – King of the North” on your ballot paper in the House of Representatives? If so, your vote is not legal. Ever written a kebab menu on your Senate ballot paper? If yes, then provided you filled out the rest of the form correctly, your vote still counted. Ever done a donkey vote? 1234567 or 7654321? Your vote still counts, but it is an “I don’t care” vote.

In many ways, good governance and a well-developed secure software development lifecycle with well-tested, reusable code would steer voters into not spoiling ballot papers.

Now I hear you cry, but it is my democratic right to show up and vote for Jon Snow or order a kebab. I hear you. And we need to include an option for “I showed up because we have mandatory voting but I am selecting the DO NOT CARE” option. Or just use 1234567.

We have to get over our phobias in order to transcend and embrace the inevitable of electronic voting. It is not a matter of if, but when it will happen. I am a big proponent of it happening here in Australia, and just like we showed the world when it came to WiFi, the Lawnmower and bionic hearing, I am sure we here in Australia can be world thought leaders to make a secure, online voting system.

Why I have switched my search engine away from Google

The Internet used to be a friendlier place. In the late 1990’s, it was Microsoft versus the rest of the world. We had Gopher and WAIS as early pre-cursors to Internet search engines, then along came AltaVista, Yahoo and Google. I was never keen on Yahoo, AltaVista was kind of interesting, but Google was it for me; as a geek with a UNIX and security background, it was the search engine I constantly used, until recently. I used to say to people, “Have you tried using Uncle Google to find what you are looking for?”

Over the years, it has become apparent that many online services are not only annoying, but downright invasive. I read a book called Future Crimes by Marc Goodman which outlined succinctly how companies such as Google, Facebook and many others mine your data and target you with advertisements, or sell your mined data to others so they can bombard you with services. Even the browsers we use, by default, usually connect into Google somewhere, so I am constantly being mined. There is no such thing as a free Internet service.

Isn’t this a perverse situation? For those of us who read George Orwell’s 1984 about a future world where there is no privacy, aimed at the former Soviet Union, it is perverse that we are in exactly the same position in the so-called free world; perhaps my improved ration of cabbages will appear after all.

According to recent surveys, most of the world (approximately 80%) uses Android by Google, especially in developing countries. Countries such as Australia, Canada, New Zealand, the United States, United Kingdom and much of the EU use the Apple ecosystem. Switching to Apple doesn’t safeguard you either, you still need to go to your settings and select a different search engine. If you are a diehard Android fan, consider CopperheadOS, a stripped-down version of Android that works on a modded version of the Nexus or Pixel range. Blackberry, Windows Mobile or SymbianOS anyone?

So, I have switched my search engine to DuckDuckGo. Why? Because it is what Google used to be. Light. Simple. Non-invasive. Anonymous. Private. And most importantly, I am not being tracked. Am I missing out on any search results? Yes, I am – I am not getting paid-for Ad services appearing at the top of my search results – what a relief! In reality, you get less search results, but is that such a bad thing? When was the last time you went beyond the fifth page of search results? With DuckDuckGo, you receive higher quality results without the data mining and cross-milling of junk you don’t need.

I value my anonymity and privacy, and specifically try to keep a light footprint wherever I go. DuckDuckGo is the new default search engine for me. #ComeToTheDuckSide