Introduction to The internet of things – by Bernard Collin, CEO

Introduction to The internet of things - by Bernard Collin, CEO
Safecoms can be your trusted advisor in all aspects of IT security (including cyber security) for your organization and we'll provide constant protection and innovation to give you continuous peace of mind.

The internet of things – by Bernard Collin

September 2017

Article by Bernard Collin, CEO of SafeComs Network Security Consulting Co., Ltd. in the magazine “EXPAT LIFE in Thailand” about the Internet of Thing (IoT).

Conversation on the IoT (internet of things) is rising as it becomes a more broad and social consideration. It has a wide reach and it also shows that people need to be more aware of their personal impact. What might look like a minor problem hides a greater trouble.

The internet of things is any and every device connected in some way to a network and open to the internet. A home system designed to allow you to set the house to wake up the lights and run the heating/air conditioning ready for your arrival home. A sound system connected wirelessly through your home wifi, a baby monitor you can check from the office. But the term simply applies to any and every device meant to automatically connect to the internet and accomplish a task with little to no oversight.

This is where the problems start, these devices are crafted for simple use and convenience which then become points of weakness. Not designed for high security but simply task completion, many of the devices have now been breached and exploited. The activity isn’t specifically because it targets you, in fact,
that the device is “yours” is incidental, it’s just another bot to them. The devices are not breached to spy on you and aren’t designed to break down and try to ransom the device back to you (See the previous article on Ransomware).

Internet of ThingsWithout your knowledge or consent, any device connected to your internet connection can be used by criminal organisations and general mischief makers against networks and websites. Shutting down a business ability to connect to the internet or simply wielded as a hammer against single uses they have found offends them. People are selling time and activity on your home devices against others, a device you paid for and pay to keep running, on an internet connection you pay for upkeep.

What can we do to combat this new botnet problem?
For one, we should make sure that device creators take their responsibility on creating secure devices more seriously, but on a more personal angle, anyone who likes to add gadgets and devices to their own home should either consider adding security layers to their connection to the internet.

Security is a personal responsibility these days, and being aware of how your devices are being used and exploited is something each household should be concerned about. These are your devices and you should be certain they aren’t being exploited by others for their own ends.

Download the article here

Want to know more?

Key Takeaways from our IT Security Seminar in October

Key Takeaways from our IT Security Seminar in October

Key Takeaways from our IT Security Seminar in October

October 18, 2016

Two weeks ago, we held a talk in cooperation with AustCham Thailand at the Banyan Tree, about the latest threats and dangers in the world of IT security.

We were really happy to have a roomful of people coming and listening to what Bernard Collin, our CEO and Founder, had to say. It turns out that many companies suffer from some of the latest IT threats around, perhaps most of all the very annoying and potentially devastating threat that is ransomware.

 

SafeComs CEO greeting a guest.

SafeComs CEO greeting a guest.

A few takeaways if you missed the talk

Ransomware is on the rise. Even though the search for ransomware on Google has dropped a bit the last month or so, the general trend of 2016 is that it’s indeed a very hot topic, and it poses a real danger to any company these days. Since a frightening amount of companies don’t have a proper data backup system, the consequences of getting struck by a ransomware attack can be financially severe.

 

Ransomware Google Trends

Relatedly, the Google search for data recovery is constantly a hot topic, which means that a lot of people suffer from their data being lost, stolen or encrypted, be it due to ransomware or other evil forces.

 

google-trends-data-recovery

Further, in 59% of the times, ransomware enters your organisation via email. To compare, in 24% of the times a company is hit by ransomware, it’s from a website or web application. Email is losing face – embarrassingly.

It’s highly important that you’re aware of what you click on in your emails, and that you’re 100% sure an email from a person that looks like someone you know, is legit. We’re all very busy these days, so it’s not easy to find time to double-check these things – but it can be crucial to your firm.

Real-life cases

This is a slide from our talk. As we can see, several major companies have suffered from hacks only in the last couple of years. They all had their – and in turn your – data hacked, stolen or leaked. Not good. Not good at all.

 

screen-shot-2016-10-11-at-18-09-16

 

If it can happen to Yahoo, it can happen to you.”

Yes, that’s an incredibly cheesy thing to say, but it doesn’t make it less true. You can’t be too safe these days. As they use to say in the movies, better to be safe than sorry.

So how can you prevent it?

Come to our talk next time, and we’ll tell you.

But we’ll be nice here and give you three key points:

  1. Educate your staff. Your people are your first line of defence against cybercrime.
  2. Enforce procedures. Knowing what to do when things go south can mitigate risks and reduce severe damage.
  3. Get good technology. A proper Antivirus, Anti-Spam/Anti-Malware, and a WAF (Web Application Firewall).

If you have these, you’ve actually come a long way.

 

Ransomware success

Has my email been compromised in any data breach?

That’s certainly the question.

A tremendously good way to find out if your email address has been pwned (that means compromised) in a data breach at any site you have it registered on, pay a visit to havibeenpwned.com, and find out.

If you find that it’s indeed been pwned, you have to do these things – immediately:

  1. Change your password on that site
  2. Go to all other sites where you have that password, and change it
  3. Go for a strong password; minimum 8 character, special signs (!@%), both BIG and small letters, and a number

As of the date of writing this, the recent Yahoo hack is not included in the database.

How can I stay up-to-date of all that’s going on in IT Security?

We’re glad you asked.

On our front page, if you scroll down a bit, you can sign up for our non-commercial, purely educational newsletter. We would never misuse your trust by spamming you or trying to sell you anything if you sign up for it. You have our word.

We would post an update when something noteworthy happens in the industry, but you can expect one email at least every other month.

What’d you get out of it?

  • You’d get valuable, must-have insights from inside the world of IT Security
  • Learn about the latest trends and threats that could potentially make or break your business
  • You’ll get expert advice for free. Come on, who doesn’t like freebies?

Want to know more?

Follow us on

          

6 Burning Questions for the CEO and Founder of SafeComs

6 Burning Questions for the CEO and Founder of SafeComs

6 Burning Questions about the cyber security latest threats for the CEO and Founder of SafeComs

October 13, 2016

cybercrime

These days, companies getting hacked and their data being leaked, stolen or encrypted seems to happen more often than not.

In 2014, it happened to the Japanese conglomerate otherwise known as Sony. A year prior to that, it happened to Target, the US’ second largest retailer, when they had 40 million credit cards stolen. To complete the hattrick, Yahoo had more than 500 million account hacked in 2014, only that it was made known to the public a few weeks ago, in September, 2016. And these cases are far from the only ones.

These are crazy days – but there’s hope.

It turns out, there are ways of staying secure, avoiding financial and image-harming damage in the process. We have turned to our very own IT Security expert, Bernard Collin, CEO and Founder of SafeComs, for the latest trends and threats in the world of cybersecurity.

SafeComs CEO greeting a guest.

Our CEO, Bernard Collin, greeting a guest at a talk we hosted last week with AustCham Thailand. All image rights belong to AustCham Thailand.


1.
 Bernard, you’ve been in this industry for 39 years. What are the hottest cyber security latest threats right now?

Well, we’ve seen two main challenges recently – one being ransomware, and the other one being ID theft.

  • Ransomware is especially dangerous to suffer from for a company, as it totally damages your hard drives and servers, leaving you paralysed without any data until you pay the demanded ransom and get the decryption key – which, by the way, only happens in 30% of the times.
  • The scary thing about ID Theft is that you can be on the damaging end of an incident without actually being compromised or hacked yourself. Today, these types of crimes are so well done and the methods incredibly sophisticated that it’s very easy to be fooled. Their goal is to trick you to pay money to a fake bank account, making it look like it’s to your own bank account, a friend’s bank account, your employer’s bank account, and so on – only that it isn’t. It’s someone else’s – and before you know it, your money is gone.

We at SafeComs always use to say that “people are the first line of defence”, and it’s certainly true. By being completely aware of  the risks, the common methods, and how to spot them, you can rest assured that the chances of you suffering from any of these threats is minimal.

2. What challenges have you helped customers overcome recently?

Recently, we saw an increase in companies who had lost data due to a hard drive crash without proper backup. We helped them recover their data from the damaged drive – and they were very lucky that the drive plates were not damaged. Thanks to that, we could successfully restore their data. 

Also, we are extremely happy to have been able to help a charity organisation that builds bridges to help remote populations in the mountains of Myanmar. These bridges are their only chance of communicating with other people and tribes without spending days hiking in the mountains. The charity organisation had lost data from one of their operations, containing crucial information to these projects. This was a data retrieval we were very happy with.

The other challenge is to make sure our customers understand that technology should never be their first line of defence – awareness is. You can deploy just about any sophisticated technology, if a person replies to an email asking them for their password, or rework a money transfer to another bank account, you will lose money, and you will be compromised.

CEO Bernard and Sales Manager Isak talking shop with a guest.

CEO Bernard and Sales Manager Isak talking shop with a guest. All image rights belong to AustCham Thailand.

3. How has the big Yahoo hack affected the industry?

We have not yet seen the effect of it on hacking statistics, and it will take a little while before anything is known, if ever. The most damaging element is a blow to the credibility of these large data-handling organisations. They are constant targets of hackers; they try hard to protect their data silo, and in the end, someone gets in through a small undiscovered vulnerability. I am eagerly awaiting the results of the forensics to see whether people got in through a technical vulnerability, or as before with LinkedIn or Dropbox, they got in through a staff error.

4. What could’ve been done to prevent hacks like those from happening? Is there anything at all? 

Like I said, it is too early to make a comment, as we still don’t know how they got in. But you need to understand that the game is very unfair. Companies are under pressure to reach their business goals and requirements, there are needs to be cost-effective, all employees need fast access to data wherever they are, and the security team needs to secure every single entry point in the organisation. On the other end, the hacker has plenty of time and automated resources to try every possibility relentlessly. The worst thing is, he (or she) only needs one little entry point to gain access to your systems.

Security is a real challenge.

5. According to Google Trends, ransomware is a very popular search word these days. What are your thoughts about it?

Ransomware Google Trends

I believe it is the most profitable criminal activity around with the least amount of risk. Which is why it’s not going anywhere – it’ll continue to do harm.

On the internet today, you can actually purchase all the tools you need to start a ransomware campaign of your own. There are cloud tools to perform ransomware attacks and exploit existing technology. The bright programmers who have developed the tools are too scared to use them and perform the crime themselves, so they have made their tools available online for others to use.

Although, if you look on the bright side, it’s pretty easy to protect yourself from it, because all that’s required is:

  • Awareness of phishing baits (education, know what signs to look for)
  • Technical protection (regular backups stored remotely with history, and good Antivirus/Anti-SPAM technology

If you have those two, you’ve come a long way in protecting yourself.

Bernard Talking about Cybersecurity

Bernard spreading the word. All image rights belong to AustCham Thailand.

6. What is on the plate right now for SafeComs? 

We are continuing our mission to help all our customers be as secure and safe as possible by bringing the best technology available to them, and by educating them on risk avoidance and mitigation.

These coming months, we are going to host a series of presentations in cooperation with various Chambers of Commerce in Thailand. For instance, last week, we had a really insightful – tooting my own horn here – talk  in cooperation with AustCham Thailand at the Banyan Tree. 

It was a really good turnout and a lot of people had a lot of questions and testified that it’s indeed a dangerous, risky time in the cybersecurity world.

It’s certainly not only large corporations that’s being hacked.


Make sure you never miss a post! Sign up for our non-commercial newsletter, and also don’t forget to follow us on Facebook and LinkedIn.

Want to know more?

SafeComs hires Isak Johansson to drive the company’s growth in Southeast Asia

SafeComs hires Isak Johansson to drive the company’s growth in Southeast Asia
Latest news about IT security from Safecoms
News and Events
Isak
SafeComs hires Isak Johansson to lead the company’s development in Southeast Asia
September 21, 2016

SafeComs is happy to announce the hiring of Isak Johansson as Senior Sales Executive. Isak has an important and wide-ranging professional background after several years in industries such as Retail Banking and Financial Services on two different continents. SafeComs looks forward to having him onboard as the company is continuing to grow.

CEO and Founder of SafeComs, Bernard Collin, says: “Isak brings key skills to the team. With the ability to quickly connect with people and to genuinely care for what is in the best interest of the customer, we are convinced he will make a great contribution to our continuous growth in the region. We are happy to have him.”

Most recently, Isak has gathered significant experience in the Southeast Asian region working as an Independent Financial Advisor (IFA) for a firm based in Bangkok. In accordance with the mission of SafeComs, Isak is ready to offer “Peace of Mind” to the company’s customers through its innovative, reliable, first-class products and services.

I have a great appreciation and respect for IT, since I believe it is at the foundation of business, both today and even more so in the future. Without an IT infrastructure that supports the long-term goals of the company, businesses have a hard time making the most of their potential. I am very excited to join SafeComs in this regard, because I believe the company is truly all about helping businesses reach their goals while not having to worry about how their IT infrastructure might slow them down.”

After almost two years of working closely with business owners, decision-makers and C-level executives from his time as an IFA, Isak is well-versed in the art of creating, developing and managing reliable relationships with customers – a skill that is crucial in the IT industry.

Continuing to show his passion for IT, Isak says:

“People tend to take IT for granted, and simply assume that it is working. As I learnt how IT actually works, how it empowers and strengthens businesses, I realized how severely it can damage a business when it is not working. The chance to help companies reach their goals through reliable, cutting-edge IT is what attracted me to the industry in general and to SafeComs in particular.”

He concludes, “I have come in contact with CEO and Founder Bernard Collin in several business networking events in Bangkok, and was always impressed by the passion he emits. I am very glad to have joined the team.”

Isak Johansson
Senior Sales Executive
+66 (0) 8 6116 0060
isak.johansson@safecoms-wordpress.jpxyza.easypanel.host
linkedin.com/in/isakjohansson

About SafeComs

SafeComs Thailand is a privately-held, Bangkok-based company established over a decade ago by a group of security engineers, based on the expertise they acquired in Australia. We are committed to building the best security solutions possible with the minimum number of features necessary to make your company safer, your life easier, and our products affordable.

“How can a Small and Medium Business afford a Team of Security Experts and the tools to protect their business from the dangers of Internet and Cyber Crime and stay in control at all times?”

The answer required business-savviness mixed with technology expertise, and took several years to build; a complete suite of services and systems adapted to the size and budget of SMB/SME, backed up by a team of experts – nothing more, nothing less.

We build systems solutions with the exact required functionality to monitor your business. We stripped all nice-to-have features to focus exclusively on the vital ones. We develop software to report on issues that could seriously impact your productivity and to block threats that could take your company down. And to reduce the cost to a minimum, we base all our solutions on Open Source Technology.

The result is a family of products requiring minimal investment, offered in a totally outsourced model, giving you, our customer, complete security from the Internet. We provide the reports you need to maintain control over your business. We are your Security Partner at an affordable price.

Want to know more?

Ransomware Risk… did you get caught?

Ransomware Risk... did you get caught?
Latest news about IT security from Safecoms
News and Events

Ransomware… did you get caught?

My enduring advice on computer security:

Do not solely rely on technology or systems to resist hackers, your first and best line of defense should always be your employee awareness and education program! Technology will assist and can also help in the recovery after a case of damage but first make sure your employees are trained to react appropriately.

Ransomware is the act of using malware to penetrate a computer and encrypts its hard drive, and then, requesting a payment (ransom) from the owner to decrypt his data.

But in fact, how bad is it and what are the Ransomware risks?

PhishingThis past year has seen some of the most devastating cyber-attacks and highly profitable ransomware for the perpetrators. They added up to astronomical costs for the companies that got caught. Despite the resistance to give in to the threat, some had no choice but pay extremely high value ransoms.

The health care business was particularly targeted with ransoms in the thousands of US Dollars, paid in bitcoins to recover access to their patient data, which in some cases were vital as their life could have been at risk.

Despite the increase in monitoring software and serious deployment of sophisticated automated technology with the latest generation of firewalls, anti-virus, intrusion detection, web traffic filtering and so on, specially crafted spear phishing attacks ultimately reached their high value target.

But low value targets were also in the line of fire. Automated phishing targets anyone and the ransom is proportional to the size of the business. Some small companies got away with paying 0.99 bitcoin, some with a couple more, but it is always costly, a serious waste of time and energy, lots of frustration and stress, and
you never know if you will get your data back, even if you pay. Moreover, even if you think you are clean there is no guarantee they haven’t left a backdoor and won’t be coming back for more…

In many cases, we have to admit the failure of the legacy perimeter defenses to identify and stop the most basic phishing attacks, and there is a serious risk that sooner or later one unprepared employee will click on a tempting email link that will bypass the lines of defense. Hackers are now adapting their email subject lines making it impossible to preemptively block them.

Is Ransomware slowing down?

Not really and we are trying to predict what’s cooking for this year. Analysts are observing the skyline as the demise of Dyre malware in 2015 seems to indicate a preparation of something far more dangerous. The next wave will probably propagate through worms crawling from site to site and disk to disk, and stay dormant for a long time before emerging. Which indicates that the last line of defense, the backup needs to seriously increase to keep data history unaffected. History of Backup allows you to go back in time to a version of the data without malware… but how much recent development will you have lost?

A serious preparation for all companies is paramount, and it is not really clear how the next attack will develop.

It is certain that mobile technology is the prime target as it is so pervasive in everyone’s life. Some employees don’t even have a PC any more and manage their e-life on their phone with a bigger screen. As a result, most IT managers have lost total control and are desperate in their attempt to protect the company’s network and assets (see our article on EMM –Enterprise Mobility Management to see the difficulty)

ransomware

New tools are being developed, new defenses are being crafted and it is a race with time to get a response as quickly as possible when the next threat emerges. Companies must deploy the latest technology for their peripheral protection and sharpen their intrusion detection tools, with a strong emphasis on behavioral analysis. However, is it available to all? And at what cost?

Your chances of surviving an attack will increase with the amount of sophistication you can afford for your periphery but the first line of defense remains the education of your staff.

The most disturbing trends are now:

  • Phishing emails are smarter with adaptive subject lines
  • Phishing emails use fake company names targeting those close to you
  • Worms will stay dormant for longer limiting the capacity to recover

What you need to do:

Train your staff, show them what phishing is, explain Trojans and worms, and consult with a competent security company to reduce the risks. Be prepared if you get hit, so the damage is limited and you can recover without paying up.

Always be aware of the threat and expect the worse so you are prepared to survive any incident. The government is not close to catching the bad guys, they are potentially far away and extremely well organised, so you need to take your security very seriously.

The Author:

Bernard Collin is the CEO of SafeComs, a security firm based in Bangkok Thailand, with offices in Myanmar. Bernard started his IT career with Apple in 1997 in Paris, then moved to Digital Equipment in Geneva and specialised in IT security in 1987 with the evolution of DECnet network and later on the Internet. Bernard Started SafeComs in 1999 in Australia and throughout his life consulted with large businesses in Europe and in Australia. His expertise includes office automation and network security, and he is a regular speaker at Security events and at Chambers of Commerce. His company SafeComs has been awarded numerous prizes including SIPA (Software Industry Promotion Agency) in Thailand for creative software development.

Want to know more?

Cyber security Thailand – Interview of Bernard Collin by Le Paris Phuket

Cyber security Thailand - Interview of Bernard Collin by Le Paris Phuket
Safecoms can be your trusted advisor in all aspects of IT security (including cyber security) for your organization and we'll provide constant protection and innovation to give you continuous peace of mind.
News and Publications

Cyber Security in Thailand – Interview of Bernard Collin

April, 2016

Interview of Bernard Collin, CEO of SafeComs Network Security Consulting Co., Ltd. by the French Magazine “Paris Phuket” about IT security and hacking in Thailand. SafeComs has extensive  expertise in dealing with hacking and offers many solutions tailored to the situation. Do not hesitate to call if you need any help.

Download the French article here or read it online here on page 65
English translation of the article coming soon

Want to know more?

IT Security seminar in Yangon, Myanmar

IT Security seminar in Yangon, Myanmar
Latest news about IT security from Safecoms
News and Events

IT Security seminar

10-11 September 2015 in Yangon, Myanmar

IT security seminar - Yangon, Myanmar on September 10 and 11 2015Bernard Collin, CEO and founder of SafeComs, provided a review of the fundamentals of IT security and discussed the latest technology in two IT security seminars in Yangon in September 2015.

Both sessions were full and in each case, the one-hour presentation was followed by another hour of Q&As, showing the keen interest and awareness from the business sector and those working in IT security in Yangon.

Myanmar is a great Country where IT people always have interesting questions and they are very keen to debate

noted Bernard in an interview that was broadcasted on MITV, the international news channel of Myanmar, that same evening during the 8pm evening news.

We’re pleased to be working here and being part of the IT solutions as Myanmar is undergoing significant growth across many sectors.

Held at the Myanmar Information and Technology Park (MITP), the presentation on IT security covered the latest risks that people are facing everyday, including the very popular phishing to steal employee identities, together with mitigation mechanisms to maintain networks free from attackers and malware. Using original software and programs was discussed as a way to address some IT issues.

Educating people about the risks of internet security is an important task,

Bernard said.

It’s the first defence in protecting business operations and sensitive information. Being aware and vigilant about IT security will ultimately reflect well in business performance.

Want to know more?

Bernard Collin interviewed by Now26

Bernard Collin interviewed by Now26
Latest news about IT security from Safecoms
News and Events
How to outsmart smartphone hackers
June 18, 2015

Interview with Bernard Collin, CEO of SafeComs Network Security Consulting, on channel “Now 26” discussing about security on smartphones and how you can protect yourself from hackers.

Want to know more?

Launch of SafeComs Myanmar office

Launch of SafeComs Myanmar office
Latest news about IT security from Safecoms
News and Events
Launch of SafeComs Myanmar office
May 26, 2015
Safecoms Myanmar, IT Security Myanmar, IT Consulting Myanmar

Myanmar is South East Asia’s growing hub, and the presence of internet security firm SafeComs is an indication of the growth and development to come. Having established a Yangon office in October 2014, the company is ready to help integrate local and foreign businesses with internet security issues, building secure IT solutions and architecture into the foundations of doing business in Myanmar’s rapidly-developing online environment.

With headquarters in Thailand and a regional office in Yangon, SafeComs CEO Bernard Collin foresees online security threats that Myanmar needs to address. “In a developing place, with things going as fast as they are, we want to ensure that people can conduct business safely, securely and in full confidence that their sensitive information is protected.”

Security for banking and e-commerce transactions is a priority. “You need to trust the online systems,” said Bernard. “In the past, Myanmar hasn’t been known as a place with strong security. But people are increasingly seeking technological freedom, along with a trustworthy platform, for their everyday affairs.”

SafeComs advises businesses on the best IT solutions for their needs, with tailored systems and full ISO and legal compliance. The mix of local and foreign IT engineers on staff ensures that they understand the local business environment, and that they can respond quickly to immediate issues. “We know there’s been occasions where the infrastructure hasn’t worked, or it’s been unreliable in the past”, said Stefan Paule, Director of Operations. “With SafeComs, you can be guaranteed that whatever the situation, your data is safe and sound.”

SafeComs’ network operations centre is based in Thailand, which allows the firm to monitor regional trends and performance. Thailand is a more developed market, but there are expectations that Myanmar will match its neighbor in infrastructure, development growth and quality with the latest telecommunications infrastructure.

Want to know more?