Cyber Connections News Roundup: April 9

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

April 9, 2019

The Legal Industry Must Do More to Address Cyber Threats

Part one of a recent two-part article on www.abovethelaw.com focuses on the cybersecurity risk landscape in the legal industry and what attorneys and firms can do to reduce their exposure to threats and attacks. Considering the value of the information exchanged between client and attorney, including material related to intellectual property, and mergers and acquisitions, it’s reasonable to understand why law firms are particularly vulnerable to breaches and attacks. The article cites two major examples – the breach of 11.5 million documents from Panama-based law firm Mossack Fonseca in 2016 and the 2017 ransom ware attack on DLA Piper. Part two of the article will focus on what firms and attorneys can do to protect their data and mitigate risk. Read more.

The Skills Cybersecurity Pros Need to Develop to Complete in 2019

Regardless of the talent shortage that exits in the cybersecurity industry, professionals still need to gain an edge to compete for the top positions and highest salaries. To help, the website www.darkreading.com offers six sills cyber pros need to in 2019 to stand out. Coding, data science and privacy expertise rank high on the list of the areas of expertise today’s cyber pros should consider honing. Read more.

The State of Cybersecurity in Education: It’s a People Problem

Institutions of higher education face a dilemma, according to a recent article on https://edscoop.com. Restricting users in order to secure networks means limiting the collaborative nature of higher education. The real problem among educational institutions is human error. According to a 2018 report published by the consultancy EdTech Strategies, 54 percent of all digital data breach incidents experienced by K-12 schools were directly carried out or caused by members of the affected school community. Further frustrating schools’ cybersecurity, according to the article, is the open nature of many schools’ networks. The bottom line is that investment in technology and upgrades are not enough to eradicate threats. Read more.

The Emergence of 5G Networks and the Impact on Cybersecurity

As major network operators roll out their 5G plans,  it’s clear that a new era of connectivity is upon us with  5G playing a leading role in shaping our future, according to an article on www.techradar.com. According global telecom company Ericsson, in just five years’ time over 1.5 billion of us will be connected to 5G. In the meantime, the IT community has been voicing its concerns for the cybersecurity landscape. The widespread opinion is that 2G, 3G and 4G were designed for people, whereas 5G is  designed for the Internet of Things (IoT). Given this scenario, it is more important than ever than companies reevaluate their security strategies. Read more.

Companies Will Invest More in Cybersecurity if They Understand the Real Cost of an Attack

According to IBM, the average cost of a cybersecurity breach is now at $3,860,000, a 6.4 percent increase in their estimate for 2017. Perhaps if we examine the cost of a cyber attack to a business, we may do more to address future threats. A recent article on https://hub.packtpub.com puts the cost of an attack in real numbers to help us gain a better understanding of the impact on the bottom line. The article, an excerpt from the book Hands-On Cybersecurity for Financeby Dr. Erdal Ozkaya and Milad Aslaner, uses cost to motivate organizations to come up with better tools and strategies to prevent attacks. Read more.

Cyber Connections News Roundup: March 26

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

March 26, 2019

Building an Effective Cybersecurity Program Starts with the Perimeter

Cybersecurity is not a device, a recent article on www.forbes.com reminds us. No matter the size of your business, an effective cybersecurity program starts with defining and protecting your perimeter, much like you would with your personal property. Defining and defending the perimeter is one pillar of a successful program. Others include understanding your data, controlling access to that data, training, and providing assurance to all stakeholders that the data is protected. Read more.

K-12 Leaders Must Fully Embrace Cybersecrurity

As schools continue to adopt leading-edge technology for teaching, learning, and operations, a lack of cybersecurity expertise at the top may introduce new risks to school district operations, according to an article on www.edweek.com. Local K-12 schools were reported to have the least mature cybersecurity risk-management practices of any state or local government agency, according to a review by the Multi-State Information Sharing & Analysis Center. Similarly, a survey published last year by the National School Boards Association found that school officials are less prepared for cyber attacks than their peers in private sector companies. To combat attacks, superintendents and school board members jointly embrace their cybersecurity governance responsibilities. Read more.

Cyber Competitions Play a Central Role in Closing the Skills Gap

Cybersecurity competitions such as hackathons are among the key activities students can do to get ready to enter the job market, according to a recent article on www.securityboulevard.com. In addition to providing hands-on training to detect security vulnerabilities, competitions offer a number of other not-so-visible benefits for aspiring cybersecurity professionals as they prepare to succeed in the job market and their careers, such as team building, critical thinking and gender parity. Read more.

Federal Cybersecurity Laws Still Face Challenges as States See Progress

A recent report on www.thehill.com suggests that the 2020 presidential race may help advance the issue of cybersecurity standards at the federal level as the legislative records of three top Democratic hopefuls, Sen. Kamala Harris (D-Calif.), Sen. Kirsten Gillibrand (D-N.Y.), and Sen. Elizabeth Warren (D-Mass.), could bring cybersecurity to the forefront. Encouraging as this may be, the report also points out that standardizing cybersecurity practices at the federal level also faces significant challenges, such as jurisdiction issues and the siloing of best practices among federal agencies. Fortunately we’re seeing progress at the state level with regard to proposed regulations. Read more.

Congress Introduces Bill to Address IoT Security

As reported on www.securitytoday.com and elsewhere, members of the U.S. Senate and House of Representatives introduced on March 11 the Internet of Things Cybersecurity Improvement Act, a bill that proposes to bring legislative action to improve cybersecurity in the emerging technology. The Act aims to address the national security threat posed by insecure IoT devices by requiring a bare minimum of security standards for any device used by the federal government. The bill would not establish security standards for IoT companies across the board, just those that want to sell to the U.S. government. Read more.

 

 

Closing the Gender Gap: Assured Identity and Personal Privacy Take Center Stage

By Michelle Hansen

This year’s International Women’s Day theme, “Balance for Better,” calls for gender parity. Closing the gender gap, according to a 2017 World Economic Forum report, is a key to economic development and “the growth, competitiveness and future-readiness of economies and businesses worldwide.”

The report estimates that closing the gender gap in economic participation by 25 percent between 2017 and 2025 will result in a US $5.3 trillion increase in the global GDP. A key factor in women’s ability to contribute to the global economy is their ability to access mobile technology, including handheld devices and wireless Internet connectivity.

Such access can empower more women to become part of the global business world. But leveraging mobile technology to advance the world economy requires an information-managed process focused on security.

The ubiquitous nature of mobile devices provides the paradigm by which our society works, plays, communicates and stays connected. The paradigm with mobile computing involves the computation of information based on user movement and encounter. Smart devices are both personalized, as with smartphones and wearables, and embedded, as with sensors and Internet of Things appliances. All these connected conveniences create pervasive information systems that go where we go, record what we do, and easily connect to any wireless network in range—all without most people knowing it is happening.

Secure human behaviors empowered by publically available information will guide the users of smart technology in protecting their identity and privacy. Human behavior is repetitive and predictable; therefore, people need to be diligent in using mobile devices, downloading apps and content, and wirelessly connecting to the Internet by using prevention, deterrence, and defense. (PDD).

Protecting personal data from nefarious activity starts with choosing behavior over technology. Users who practice personal security tradecraft techniques to mitigate exposure will develop secure habits and behaviors. Furthermore, this practice alleviates a false sense of security based on technology alone. There are four truisms that can be exploited:

  1. Each of us has a distinct pattern of behavior.
  2. If another party has access to your data, you must assume a compromised posture.
  3. Increasing the levels of security, both in behavior and technology, will increase probability of threat detection.
  4. When it comes to defense, simplicity is good, as complexity induces vulnerability.

The use of mobile devices and smartphones in particular exposes both data we have stored and data that is captured by installed apps, towers and networking hardware, and the devices themselves. Hackers can access user data while in transit along insecure connections, as well as through apps that have been installed on personal devices. In 2018, T-Mobile reported that millions of its users had data stolen, including passwords, home addresses, email accounts, and address books.

Assured identity and privacy is protected by authentication and access control systems used to verify account credentials. Email services and apps, device PINs, and network resources including the Internet of Things and real-time systems all use accounts for access and validation.

In constant balance is the need for confidence and trust of users and online entities, with the need to protect the privacy rights of these users and entities. Researchers and businesses continue to look at options for strengthening systems, including using role-based access control (RBAC), biometrics, pervasive surveillance (“Panoptic Effects”), privacy-protecting transformations of data, privacy-protecting data mining methods, privacy regulation (e.g., HIPAA and COPPA), oblivious multiparty computation, and trusted proxy research.

One promising new technology is the use of flexible signatures, whereby a verification algorithm is used to validate credentials in a systematic manner that is quantifiable and trusted. Ultimately, the level to which a person can be confident that their data, identity and privacy are protected is a direct correlation to their own efforts to stay informed of threats and vulnerabilities, and actions to minimize vulnerabilities based on behavior.

March is Women’s History Month, an appropriate time to highlight the link between technology and gender parity. Access to all information systems, technologies and connectivity is essential to women’s full economic participation in the global economy. According to USAID, providing online and mobile access to 600 million women could contribute $18 billion to GDP growth in 144 developing countries. But arriving a full participation must go hand in hand with building awareness around behaviors and threat vulnerabilities, and establishing identity and privacy through trusted authentication and access control systems.

As more and more women adopt mobile technology to advance their position in the global economy, they also can have a significant influence on individual privacy and identity by demonstrating safe behaviors and choices, including choosing secure connections to the Internet, safeguarding confidential information, and avoiding malicious third-party apps.

HansenAbout the Author

Michelle Hansen is collegiate professor of cybersecurity and computer forensics at University of Maryland University College.

Cyber Connections News Roundup: March 12

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

March 12, 2019

Hackers Penetrate Three U.S. Colleges

Hackers recently breached admissions files at three private colleges, Oberlin College in Ohio, Grinnell College in Iowa and Hamilton College in New York. According to a www.washingtonpost.com report, applicants to each of the three colleges received a suspicious email offering them the chance to buy their admission files. For a fee, the sender promised access to confidential information in the applicant’s file, including comments from admissions officers and a tentative decision. The emails demanded thousands of dollars in ransom from prospective students for personal information the hackers claimed to have stolen. Read more.

New Study Predicts Steep Growth in Cybersecurity Market

According to a new study by Absolute Markets Insights, the cybersecurity market will grow at a CAGR of 13.5 percent over the forecast years (2019 – 2027). Cyber attacks, predicted as the fastest growing type of crime worldwide during this period, are predicted to drive this increase. Emerging technologies, such as machine learning and big data, are also increasingly causing several industries to become more vulnerable to exploitation and cyber-attacks. Read more.

AT&T Launches Cybersecurity Division

AT&T announced at last week’s RSA Conference (March 4-8) a new standalone security division, AT&T Cybersecurity. The new unit, according to a recent report on www.sdxcentral.com, combines technology and threat intelligence from Alien Vault, which A&T acquired last year, and AT&T’s security consulting and managed services. AT&T also announced that it has become the first North American operator to join the Global Telco Security Alliance, a group launched last year by Etisalat, Singtel, SoftBank, and Telefónica to share threat intelligence and security best practices. Read more.

Winning the War on Cybersecurity Starts Young

In a recent opinion post on www.forbes.com, Danny Pehar, managing director of security awareness at Cytelligence, maintains that instilling cybersecurity knowledge and awareness in the next generation of Internet users is the key to making progress in winning the war on cybersecurity. Sharing digital information has become such a big part of our every day lives that it has become vital that we teach children how to determine whether or not certain information is sensitive and how it needs to be protected. The bottom line, according to Pehar, is teaching young people about risk. “Everything in cybersecurity begins and ends with the understanding that if you have data, then you have cyber risk,” he said. Read more.

Should Selling Products Now Mean Selling Trust?

A recent article Harvard Business Review article illuminates two conflicting trends: an increased reliance on software and technology in just about every aspect of our lives and the inherent privacy and security vulnerabilities that come with the territory. More and more companies are adopting the philosophy that successfully selling products means selling trust – the ability safeguard the relationship with customers by being honest about the dangers of data in the digital age. Read more.

Cyber Connections News Roundup: February 26

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

February 26, 2019

Expect Supply Chain Cybersecurity to Take Center Stage at Upcoming RSAC 2019

According to a recent report on www.techtarget.com, supply chain and infrastructure security are expected be the main focus of this year’s RSA Conference from March 4-8 at the Moscone Center in San Francisco. RSAC 2019. According to Britta Glade, senior content manager for RSAC, the most popular topic submissions this year were third-party risk and supply chain cybersecurity; network architecture and infrastructure changes; geopolitics; privacy; and frameworks. The conference agenda features seven sessions that primarily focus on supply chain issues. Read more.

DNC Issues Updated Cybersecurity Recommendations Ahead of 2020 Election

The Democratic National Committee has issued updated cybersecurity recommendations to prevent a recurrence of the hacking that affected the 2016 elections, according to an article on www.washingtontimes.com. The DNC’s six-page “security checklist” contains steps for campaigns to safeguards their devices and accounts. The latest checklist, which updates similar guidance issued ahead of the 2018 midterm races, repeats earlier advice, such as using password managers and securing accounts with two-factor authentication, and adds new measures, such as reviewing privacy settings of social media accounts and answering online security questions without disclosing sensitive information. Read more.

Latest HIMSS Survey Points to Growing Influence of Security Leaders

A recent summary of the 2019 HIMSS U.S. Leadership Workforce Survey on http://www.healthleadersmedia.com suggests that rising cybersecurity, privacy, and security concerns in hospitals may overshadow other technology projects. Among the key takeaways for hospitals is the emergence of information security leaders as the third influential member of hospital IT leadership teams—following CIOs and senior clinical IT leaders, which may create tensions for some organizations. Read more.

Are the Responsibilities of Today’s CISO Taking a Mental Health Toll?

No doubt, stress is a big part of the job of a Chief Information Security Officer (CISO). But a new global study of cybersecurity professionals may reveal the true extent to which the stresses and pressures of the job may negatively impact the health of today’s CISO. In an article on www.forbes.com about a new survey, Life Inside the Perimeter: Understanding the Modern CISO report, commissioned by Nominet, 17 percent of respondents said that they had turned to medication or alcohol to help deal with that stress. Perhaps more alarming is that 91 percent of the CISOs surveyed said the levels of stress they were suffering was moderate or high and 60 percent rarely disconnected from their work role. Where does this stress come from? According to the survey, mainly from a lack of engagement with the C-Suite and the board. Read more.

CDSA Releases First TV, Film Cybersecurity Guidelines

The Content Delivery and Security Association (CDSA), which advocates for protection of media content, has issued its first TV and film security guidelines, notably focusing on cybersecurity. The goal of the guidelines is to create an industry security standard for preventing and otherwise defending against the unauthorized or unintentional access to intellectual property in an era of evolving security threats, particularly cyber threats, according to an article on www.broadcastingcable.com. The guidelines are billed as a must-have for any producer or crewmember that needs to secure their intellectual property on-set, near-set or on-location. Read more.

 

 

 

Cyber Connections News Roundup: February 12

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

February 12, 2019

Strategic Alignment Top Concern for CISOs in the New Year

In a recent article on http://www.techtarget.com, chief information security officers (CISOs) from a variety of industries weighed in on their top priorities for 2019, which focus mainly on aligning their objectives with their organization’s strategic roadmap. In the article, Mansur Hasib, chair of the cybersecurity technology program in The Graduate School at UMUC, said that CISOs should develop strategic plans based on what the business needs and on its appetite for risk. Read more.

K-12 Schools Experienced 100-Plus Cyber Attacks in 2018

According to an article on http://www.campussafetymagazine.com, U.S. K-12 schools experienced 122 cyber attacks last year at 119 K-12 public education institutions, averaging out to an attack every three days, according to a new report on the misuse of technology in U.S. public schools from the K-12 Cybersecurity Resource Center. The report also found that data breaches were the most common type of attack, making up 46.7 percent of the 2018 cyber incidents in K-12 schools. Read more.

Could Huawei’s Access to 5G Expand China’s Surveillance State?

In a recent report on www.washingtonpost.com the Rob Strayer, the State Department’s top cyber official, said that allowing Huawei and other Chinese companies into next-generation 5-G telecommunications networks may allow Beijing to expand its surveillance state around much of the globe. The argument from Strayer makes a compelling case against Huawei’s inclusion in 5G networks and supports pressure by U.S. officials to ban the Chinese telecom giant from 5G in Canada, Britain, Europe and elsewhere. Read more.

Automotive Cybersecurity Market to Reach USD 912 billion by 2026

According to a new report by Acumen Research and Consulting, a provider of market intelligence and consulting services to information technology among other markets, the automotive cybersecurity market’s current worth is nearly USD 191 million and projected to reach USD 912 million by 2026. The overall spending on cybersecurity, according to the report, is expanding to keep pace with the rise in cybercrimes and malware assaults. As a result, the automotive sector has rolled out new capabilities, but a surge in cybercrime is driving the need for efficient automotive cybersecurity solutions over the forecast period. Read more.

New Synopsys/SAE Study Highlights Risks in the Automotive Industry

In a survey conducted by the Ponemon Institute, Synopsis, Inc. and SAE International found that automotive manufacturers and suppliers are struggling to incorporate cybersecurity best practices throughout product development life cycle. Titled “Securing the Modern Vehicle: A Study of Automotive Industry Cybersecurity Practices” and based on a survey of global automotive manufacturers and suppliers, the report also reavealed that the majority of automotive professionals have concerns that their organizations’ cybersecurity practices are not keeping pace with evolving technologies. Moreover, many organizations lack an established cybersecurity program or team. Read more.

 

Don’t Let Romance Scams Spoil Your Valentine’s Day

By Dr. Richard White

Valentine’s Day is for romance and connection, but scammers are skilled at using emotion as a social engineering tool.

In my book “CYBERCRIME: The Madness Behind the Methods,” I explain in detail how social engineering manipulates how we see and hear what we want to believe. In turn, dopamine released in the brain reinforces our new actualized belief.

There are five areas where scammers are most successful at engineering our beliefs and driving our actions through emotional connections.

1. Email and Phishing scams are always a threat. When romance is in the air, concerns for security may take a back seat to the excitement of finding the perfect romantic gift.

For example, scammers develop ads designed to lure victims to malicious websites or steal their credit card information with promises of gift cards, great discounts or a gift you never knew existed. Be wary of unknown companies and always verify the validity of a company before clicking a link.

2. Facebook and social media are powerful marketing sights for scammers. Perpetrators use the power of search algorithms to seek out the right victims for their scam and ads you clicked in the past combined with your search patterns allow just the right ad to be placed on your screen.

Scammers’ ads may look legitimate and their products or services may be real, but their goal is to steal your information or take your payment without delivering merchandise. Remember that social media platforms are designed to get people to respond to ads. Don’t click on an ad until you research the company with a Google search or the Better Business Bureau to ensure trustworthiness.

3. Fake profiles are a common problem on dating sites. Leading up to and during Valentine’s Day, scammers up their romantic game to establish online relationships. Remember, people tend to see and hear what they want to believe.

A common scam involves a U.S. citizen or service member who is living abroad but soon to return home, conveniently right near were you live. Once the online relationship is established, the scammer comes up with an issue and needs your financial assistance to return home.

4. Variations of the Nigerian prince scam abound. This scam involves receiving something amazing in exchange for documentation, money or a credit card number.

You receive some type of communication from a person searching for someone with your name who claims to be a long-lost love, family member, or special someone who got away. But he or she is not sure you’re the right person, so asks you to provide information to prove who you are.

Remember who is at risk here, and that you are the one putting yourself out there—possibly in harm’s way. Slow down, think and verify whom you are dealing with.

5. Compromised websites are a great way to spread malware. A website may be real and belong to a legitimate business or person, but it may have been hacked.

Be careful with any type of site that is open to the public for posting comments. Anyone can post a link that will direct you to malware or a compromised website. Whether an advertisement, a product review, or a personal ad from someone searching for you, do not let your emotions get the better of you and do not rush into something out of pure excitement. Research links before clicking on them and don’t ever post personal information online.

Also, don’t forget about the things you can do to mitigate your risk. Here are five:

  1. Always be mindful of phishing emails and attachments. If a link seems to be exactly what you are looking for, beware. Scammers may have targeted you.
  2. Many websites will allow you to test a link before you click on it, such as checkshortURL.com, virusdesk.kaspersky.com/, and scanurl.net/. These sites will let you know if the link has been reported as malicious or if malware was found on the site. Always test a link before clicking on it.
  3. Be careful when sharing personal or financial information with someone you have not met personally.
  4. Protect your privacy when using an online dating site. Do not use the same username and email address used for your normal daily activity and never put your full name on your profile.
  5. Never go off-site to use personal email or instant messaging. Social media and dating sites have a communication platform designed to protect you and keep your information private.

Finally, if you do have a need to send money overseas please follow this advice: Wiring money is the same as sending cash. It is gone as soon as it is sent. The most secure way to send money to a U.S. citizen abroad is through the U.S. State Department. To find out more about this and other options for sending money abroad go to http://www.travel.state.gov and visit the international travel section or contact Western Union and ask about this program.

Remember, your best defense online is combining awareness of cyber threats and risks with recognizing your own personal bias in the moment. Ultimately, if you are not completely comfortable with an email or website, then leave it alone.

Happy Valentine’s Day!

Dr. Richard White is an adjunct professor of cybersecurity and information assurance at University of Maryland University College (UMUC) and the author of Cybercrime: The Madness Behind the Method.”