Subscribe
About

Infosec fact and fiction

Personal information, no matter how innocuous, can be of value to a cyber criminal, says Simon Campbell-Young, CEO of Phoenix Distribution.

Information security is littered with misconceptions and exaggerations. Too often, there is little understanding about the threats out there, and risk perspective is based on erroneous information, resulting in people emphasising the wrong facts and worrying about issues that don't really affect them at all, while ignoring the ones that do.

Security vendors are facing huge obstacles - trying to secure systems, and at the same time, trying to educate people on the situation. However, despite this, there are many infosec myths that exist today, and surprisingly, many people still believe them.

Simon Campbell-Young, CEO of Phoenix Distribution, says the first and most common misconception is: "It won't happen to me, because I don't really have anything worth taking."

He says this is little better than abject stupidity. "Personal information, no matter how innocuous, irrelevant or small, can be of value to a cyber criminal, and should it be stolen, the consequences can be catastrophic. Even those with not a shred of information stored on their machines are not safe. The machine itself is a target, as it can be remotely controlled to carry out nefarious deeds. It can be used as part of a botnet comprising thousands of computers, or for use as camouflage for further criminal activities. In this way, innocent users can become unwitting accomplices. Nor do you need to be wealthy to be an attractive target. Cyber criminals steal small amounts from hundreds of thousands of accounts to evade detection."

Another misconception is that software and operating system patches are not that important. "In fact, you would be surprised how many people are not even aware that these patches exist. This naivet'e is making it child's play for cyber criminals to exploit vulnerabilities in unpatched systems.

"Another common misconception is that people believe they will know if they are infected. While several types of malware do make it obvious that the machine is infected, today's threat authors rely largely on obfuscation, and stealth," he says. "Many threats today are silent and operate without the users' knowledge. Malware writers want to remain undetected for as long as possible in order to extract their payload, usually the exfiltration of sensitive information, or the remote hijacking of the machine to be used to send spam or for DDOS attacks."

Another belief that is doing the cyber criminals a big favour is the belief that attachments in e-mails from known sources are always legit. "If you think that it is always safe to open e-mail attachments sent from people you know, think again, because you are putting yourself at risk. While it is common sense to never open attachments from untrusted sources, opening attachments willy nilly, even from people you know, isn't a fantastic idea either. Threat authors often write malware that can infect a machine and send a virus in an e-mail attachment from a friend's computer, so exercise caution."

Finally, people believe that reputable, legitimate Web sites are safe, and it's only dodgy ones that should be avoided. "While this is often the case, even legitimate sites can be compromised, and used to commit drive-by downloads. Cyber crooks have been exploiting weaknesses of legitimate Web sites as a means of distributing their malware for some time. Once an infected site is visited, it can speed malware to a visitor's computer. All Web sites should be treated with caution."

Share

Phoenix Distribution

Phoenix Distribution is currently the leading value-added distributor of software, accessories and peripherals across the African continent, covering software publishing, localisation and product distribution across multiple territories in multiple languages.

The business is segmented into two divisions, namely corporate software licensing and retail product distribution, and Phoenix Distribution dominates the consumer and SME security sectors through key brands which include: Norton/Symantec, AVG, Kaspersky and Bitdefender. Additional brands within the consumer-focused range include Microsoft software and peripherals, Beats by Dr Dre, Trendnet Wireless products, Monster Cables and mobile accessories.

The corporate licensing division sells volume licensing into the enterprise and SME reseller environments, as well as covering architecture and implementation. The ESD division delivers download content into all channels, including B2B and B2C.

The retail division delivers physical product into the retail environment, covering all mainstream ICT, CES, telco, lifestyle, fashion and sports outlets, as well as independents and online stores. This division delivers direct to outlets and or customers across sub-Saharan Africa.

Phoenix Distribution is growing at 70% per annum, with additional acceleration coming from development within the greater African marketplace, as well as the acquisition of significant high-end product lines within the enterprise arena. In addition, the company's UK business, PX Security, is firmly entrenched within the UK retail and SME reseller environments, shipping product through trusted distribution partners into mainstream retail outlets and direct engagement with B2B resellers. The UK operation publishes and distributes Bitdefender, Webroot and Avast.

Additional bespoke services offered to partners include Electronic Software Distribution within the B2B and B2C environments, category management, training and end-to-end merchandising.

Phoenix Distribution, including the UK subsidiary PX Security, was recently acquired by First Technology Holdings.

For more information, visit www.phoenixsoftware.co.za, www.pxsecurity.co.uk and www.pxsoftware.co.za.

For purchasing information in Africa, visit www.kasperskyafrica.com, www.kasperskyangola.com, www.kasperskybotswana.com, www.kasperskymozambique.com, www.kasperskynamibia.com, www.kasperskysouthafrica.com, www.kasperskydrcongo.com, www.kasperskyzimbabwe.com, www.kasperskyzambia.com, www.antivirusangola.com, www.antivirusbotswana.com, www.antivirusmozambique.com, www.antivirusnamibia.com, www.antivirussouthafrica.com, www.antivirusdrcongo.com, www.antiviruszimbabwe.com, and www.antiviruszambia.com.

Editorial contacts

Mia Andric
Exposure
mia@exposureunlimited.net