Cyber Connections News Roundup: June 4

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

June 4, 2019

Startup BlueVoyant Raises $82.5 Million at a Valuation in Excess of $400 Million

According to a recent article on www.techcrunch.com, New York based cybersecurity startup BlueVoyant, a provider of managed security, professional services and, threat intelligence, has raised $82.5 million in a Series B round of funding at a valuation in excess of $430 million. The funding is coming from a range of new and existing investors that includes fintech giant Fiserv. Read more.

Cybersecurity Stands to Benefit from Advancements in AI

An article on www.globalsign.com reports that cybersecurity may be one of the key beneficiaries of advancements in artificial intelligence (AI). AI, for example, can be used to detect imminent threats by collecting data from different logs and records and identifying new threats that are being spread by hackers. AI can also identify malware and spyware trends by analyzing data across multiple channels. AI lets users detect malware systems faster and before they can do damage on a large scale. Read more.

Middle East and Africa Cybersecurity Market Expect to Take Off

A new report featured on www.researchandmarkets.com predicts that the Middle East and Africa cybersecurity markets will expand at a CAGR of 11.9 percent and is expected to be valued at USD 23.4 billion by 2023. Contributing to this rise is the digitization in verticals such as banking, financial services, government, and the oil and gas industries, which has triggered the risk of cyber attacks. The main reason for the cybersecurity market’s exponential growth rate is improved awareness, and the adoption of various cybersecurity services that are needed to safeguard smart grid devices, digitized businesses, and IoT-based smart cities. Read more.

New Cybersecurity Legislation Aims to Secure Nation’s Election

Sens. Amy Klobuchar, D-Minn., and Susan Collins, R-Maine, introduced legislation to secure the nation’s elections by providing training to state and local election officials, according to a report on www.brainerddispatch.com. The “Invest in Our Democracy Act of 2019” would direct the Election Assistance Commission to provide grants in support of continuing education in election administration or cybersecurity for election officials and employees. The Act would establish a grant program administered by the Election Assistance Commission to cover up to 75 percent of the cost of the yearly tuition of election officials and employees who are enrolled in an accredited certificate program for election administration or cybersecurity. The Act would also provide $1 million for fiscal year 2021 and such sums necessary for each fiscal year between 2022 and 2028. Read more.

Poor Cybersecurity Can Do Damage Beyond Your Bottom Line

A recent article on www.securityboulevard.com enumerates the ways poor cybersecurity measures could harm your business. For example, your initial impression may be that weak cybersecurity only affects your organization, but a lack in cybersecurity can also be problematic for an organization’s customers and wider markets. Companies can steer clear of this fault by taking a top-down approach to cybersecurity. Read more.

 

Cyber Connections News Roundup: May 21

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

May 21, 2019

States Make Strides In Cybersecurity But Is it Enough?

On https://www.govtech.com, blogger Dan Lohrmann offered a report from the National Governors Association Center for Best Practices’ third National Summit on State Cybersecurity (May 14-15, 2019 at the Shreveport Convention Center). The event convened state homeland security advisors, chief information officers, chief information security officers, governors’ policy advisors, National Guard leaders and others to explore cybersecurity challenges and promising practices. Overall, Lohrmann observed “a sense of how far the nation has come regarding cybersecurity, tempered by a recognition of how much more needs to be done.” He also highlighted comments from keynote speaker Chris Krebs, director, Cybersecurity & Infrastructure Security Agency, U.S. Department of Homeland Security, who discussed the actions of Russia during the 2016 election and reminded the audience that ransomware and a host of other cyber trends are also top priorities of the administration. Read more.

IoT Is Major Driver in Growth of Artificial Intelligence Market

According to a new report from B2B research provider MarketsandMarkets, the artificial intelligence in cybersecurity market is projected to reach USD 38.2 billion by 2026 from USD 8.8 billion in 2019. Major drivers for the market’s growth include the adoption of IoT. Other factors are the increasing number of connected devices, rising instances of cyber threats, and increasing vulnerability of Wi-Fi networks to security threats. According to the report, titled “The Artificial Intelligence in Cybersecurity Market,” opportunities include the growing need for cloud-based security solutions and the increased use of social media for business functions. Read more.

The Intersection of Trade Wars and Cybersecurity

A recent article on www.forbes.com highlights the potential for foreign adversaries to create and exploit vulnerabilities in information and communications technology and services. In light of the current trade war with China, the administration has banned two Chinese technology companies from entering U.S. markets. The Commerce Department added Huawei, the telecom equipment giant, to the Bureau of Industry and Security’s “Entity List,” a designation that bars firms from doing business with U.S. companies without a special license from the bureau. Prior to that move, the FCC voted unanimously to deny China Mobile’s application to provide telecommunications services in the United States. Read more.

The Evolution of the Utilities Industry Could Mean a Rise in Cyber Threats

The evolution of the utilities industry to a “smart infrastructure” that relies on digitized equipment and connectivity across devices, plants, and systems will most likely result in a growing number of cybersecurity threats, according to a recent article on www.helpnetsecurity.com. Current security policies of many utilities have not evolved in step with this evolution and could leave companies vulnerable. Of the six risks enumerated in this article, boundary protection tops the list. Read more.

Defining and Deploying a Cybersecurity Culture Is an Ever-Evolving Challenge

A recent article on https://cybersecurity.isaca.org/ by Luis Emilio Alvarez-Dionisi, Ph.D. and Nelly Urrego-Baquero offers a path forward, but the authors concede: “Having a cybersecurity culture is a dynamic process that demands continuous attention.” The main objective of cybersecurity culture is to develop and implement a cybersecurity culture ecosystem to support cybersecurity. Sharing the experience of establishing an advanced social and psychological groundwork may help support cybersecurity. Deploying a cybersecurity culture requires senior leadership buy in. The board of directors and senior management must decide to support and enable a cybersecurity shield to mitigate the risk associated with cyber attacks. Read more.

 

 

Don’t Let Romance Scams Spoil Your Valentine’s Day

By Dr. Richard White

Valentine’s Day is for romance and connection, but scammers are skilled at using emotion as a social engineering tool.

In my book “CYBERCRIME: The Madness Behind the Methods,” I explain in detail how social engineering manipulates how we see and hear what we want to believe. In turn, dopamine released in the brain reinforces our new actualized belief.

There are five areas where scammers are most successful at engineering our beliefs and driving our actions through emotional connections.

1. Email and Phishing scams are always a threat. When romance is in the air, concerns for security may take a back seat to the excitement of finding the perfect romantic gift.

For example, scammers develop ads designed to lure victims to malicious websites or steal their credit card information with promises of gift cards, great discounts or a gift you never knew existed. Be wary of unknown companies and always verify the validity of a company before clicking a link.

2. Facebook and social media are powerful marketing sights for scammers. Perpetrators use the power of search algorithms to seek out the right victims for their scam and ads you clicked in the past combined with your search patterns allow just the right ad to be placed on your screen.

Scammers’ ads may look legitimate and their products or services may be real, but their goal is to steal your information or take your payment without delivering merchandise. Remember that social media platforms are designed to get people to respond to ads. Don’t click on an ad until you research the company with a Google search or the Better Business Bureau to ensure trustworthiness.

3. Fake profiles are a common problem on dating sites. Leading up to and during Valentine’s Day, scammers up their romantic game to establish online relationships. Remember, people tend to see and hear what they want to believe.

A common scam involves a U.S. citizen or service member who is living abroad but soon to return home, conveniently right near were you live. Once the online relationship is established, the scammer comes up with an issue and needs your financial assistance to return home.

4. Variations of the Nigerian prince scam abound. This scam involves receiving something amazing in exchange for documentation, money or a credit card number.

You receive some type of communication from a person searching for someone with your name who claims to be a long-lost love, family member, or special someone who got away. But he or she is not sure you’re the right person, so asks you to provide information to prove who you are.

Remember who is at risk here, and that you are the one putting yourself out there—possibly in harm’s way. Slow down, think and verify whom you are dealing with.

5. Compromised websites are a great way to spread malware. A website may be real and belong to a legitimate business or person, but it may have been hacked.

Be careful with any type of site that is open to the public for posting comments. Anyone can post a link that will direct you to malware or a compromised website. Whether an advertisement, a product review, or a personal ad from someone searching for you, do not let your emotions get the better of you and do not rush into something out of pure excitement. Research links before clicking on them and don’t ever post personal information online.

Also, don’t forget about the things you can do to mitigate your risk. Here are five:

  1. Always be mindful of phishing emails and attachments. If a link seems to be exactly what you are looking for, beware. Scammers may have targeted you.
  2. Many websites will allow you to test a link before you click on it, such as checkshortURL.com, virusdesk.kaspersky.com/, and scanurl.net/. These sites will let you know if the link has been reported as malicious or if malware was found on the site. Always test a link before clicking on it.
  3. Be careful when sharing personal or financial information with someone you have not met personally.
  4. Protect your privacy when using an online dating site. Do not use the same username and email address used for your normal daily activity and never put your full name on your profile.
  5. Never go off-site to use personal email or instant messaging. Social media and dating sites have a communication platform designed to protect you and keep your information private.

Finally, if you do have a need to send money overseas please follow this advice: Wiring money is the same as sending cash. It is gone as soon as it is sent. The most secure way to send money to a U.S. citizen abroad is through the U.S. State Department. To find out more about this and other options for sending money abroad go to http://www.travel.state.gov and visit the international travel section or contact Western Union and ask about this program.

Remember, your best defense online is combining awareness of cyber threats and risks with recognizing your own personal bias in the moment. Ultimately, if you are not completely comfortable with an email or website, then leave it alone.

Happy Valentine’s Day!

Dr. Richard White is an adjunct professor of cybersecurity and information assurance at University of Maryland University College (UMUC) and the author of Cybercrime: The Madness Behind the Method.”

Cybersecurity Trends for 2019: Hear from University of Maryland University College Faculty Experts

As it was when 2018 began, cybersecurity remains a top global priority at year’s end and, arguably, even more so. We simply need to look back over the past year to see that data breaches have affected just about every aspect of our lives. What can we expect 2019 to bring?

Cybersecurity faculty experts at the University of Maryland University College (UMUC) offer five unique industry predictions, trends and priorities for the coming year.

1) A Broader Investment in Leadership and Hiring Strategies:
Dr. Mansur Hasib, program chair, Cybersecurity Technology, The Graduate School

Organizations appear poised to realize that cybersecurity executives are needed at the highest levels in order to drive organizational digital strategy. In 2019, we will see boards and CEOs get more engaged in the governance aspects of cybersecurity. We may also see some signs of legislation to hold executives accountable for due diligence.

On the hiring end, because companies are finding it harder to poach qualified workers from other companies, they are likely to start investing more in their people. Organizations will begin to engage in more creative ways to hire, including offering internships and apprenticeships, and grooming and investing in their own workforce. Organizations will also begin to look at qualified people with less experience, especially those who can speak the language of business.

2) GDPR Non-Compliance and Renewed Focus on Election Security
Balakrishnan Dasarathy, program chair, Information Assurance

Several companies will be caught for non-compliance with General Data Protection Regulation (GDPR) and a few of them will be fined heavily. This will send shivers through various industries and businesses that steward customer data and predict their behavior. Home Internet of Things (IoTs) are going make the situation dire. On the upside, this will result in better privacy policies and protection of privacy-related data through adequate cybersecurity measures.

With Democrats controlling the U.S. House of Representatives —and with Marcia Fudge playing a key role in the new House—we will see more scrutiny of both the 2018 midterm and 2016 national election processes and controls. The cybersecurity of election systems, voter registration and disenfranchisement are among the many areas that will get their due attention.

3) Decentralization, Assured Identity & Privacy, and HCI Take Center Stage
Michelle Hansen, collegiate professor, Cybersecurity and Computer Forensics

Blockchain, a model for distributed, decentralized frameworks used for information sharing, has quickly become a popular technology based on its financial uses, such as Bitcoin cryptocurrency. Cybersecurity will focus on securing these types of frameworks so that they are impenetrable and more suitable for businesses.

Authentication schemes and access control systems need to provide assured identity and individuals’ privacy. Flexible signatures, which use a verification algorithm to validate credentials in a quantifiable and trusted manner, will play a critical role with new technologies, including IoT and real-time systems.

Finally, people have long been identified as the weakest link with any information technology, system, or device. This vulnerability will be of great focus soon, as human-computer interaction aims to persuade user activity and mitigate security incidents, such as using new machine integration technologies in identifying users’ phishing susceptibility.

4) Cloud-based Breaches Rise, Machine Learning Gains Larger Role in Carrying Out Attacks
Jimmy Robertson, program chair, Software Development, Security and Computer Science

As more agencies and companies move to the cloud, shortages in skilled personnel who fully understand the shared-responsibility security model will result in more cloud-based security breaches. Putting security first before deployment is a best practice.

The application of artificial intelligence—in particular, machine learning—to both offensive and defensive cyber operations promises to offer more efficient and more effective tools for carrying out attacks that occur at machine speeds.

Resurgence of Battle Tested Attacks
Richard White, PhD, adjunct professor and course chair, Cybersecurity Information Assurance

Ransomware will continue to plague large and small businesses alike. The ransomware paradigm has proven highly successful and extremely profitable for bad actors, so it’s a safe bet that we have not seen the last of these types of attacks.

Phishing attacks also will continue, simply because they are tried and true techniques for duping the good guys into ‘mousing over,’ clicking, or downloading packages that provide a range of services to bad actors, such as credential theft, key stroke logger, remote control, and back door.

We also will see more attacks against entire industries, including watering hole attacks or NotPetys, which are both easy to deploy, present very little risk to the bad guys, and are extremely successful regarding their evil objective. Due to the many attributes associated with these types of attacks, it is likely that we will see similar attacks across 2019. 

 

Cyber Connections News Roundup: December 4

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

December 4, 2018

Global Cybersecurity in Healthcare to Reach 10.7 Billion By 2024

According to a report by Zion Market Research, the global cybersecurity in healthcare market was valued at approximately USD 6.6 billion in 2017 and is expected to reach USD 10.7 billion by the end of 2024. Major factors driving the growth of cybersecurity in healthcare include: an increase in cyber attacks; increased use of laptops, mobile devices, and smartphones with healthcare applications; and the introduction of advanced technology solutions. North America and Europe are projected to lead the way in cybersecurity in healthcare globally. Read more.

Will the Marriott Breach Lead to New Cybersecurity Laws?

News of the recent Marriott hotel hack that affected approximately 500 million guests may result in renewed calls for new federal legislation, according to a recent www.mediapost.com report. Senator Ed Markey (D-Mass), for one, is pushing for Congress to pass comprehensive consumer privacy and data security legislation that would require companies to follow strong data security standards, direct them to only collect the data they actually need to service their customer, and create penalties for companies that fail to meet them. Read more.

Dell Computer Breach Most Likely Avoided Data Extraction

US-based computer hardware manufacturer Dell announced on Nov. 9 that an unauthorized intruder (or intruders) attempted to extract Dell.com customer information from its systems, such as customer names, email addresses, and hashed passwords. The company stated in a press release that its internal investigations found no conclusive evidence that any data was extracted. According to a www.zdnet.com report, Dell is still investigating the incident, but said the breach wasn’t extensive, with the company’s engineers detecting the intrusion on the same day it happened. Read more.

Russian Hackers Back in Action After Midterms

According to a recent article on www.thehill.com, Russian hackers carried out a widespread campaign that targeted the federal government, media outlets and think tanks after the Nov. 6 midterm elections. American officials detected activity by a Kremlin-linked hacking group that took place days after the polls closed. The article suggested that the post-midterm attacks are a sign that hackers are exploring the new political landscape now that Democrats will be in control of the House starting in January. Read more.

What Is the Role of the SEC in Cybersecurity Regulation?

A recent article posted on www.lawfareblog.com examines the relationship of the Securities and Exchange Commission (SEC) and cybersecurity regulation. According to a White House Council of Economic Advisers report released earlier this year, malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016. Yet, despite major breaches like the Equifax hack, Congress has not passed new legislation, even though SEC leadership has acknowledged that the greatest threat to our markets right now is the cyber threat. What should the role of the SEC be in regulating cybersecurity? Read more.

Securing the Cloud Is a Shared Responsibility

Cloud computing—using a network of remote servers hosted on the Internet to store, manage, and process data—is an attractive solution for business owners and government agencies from a security standpoint. If used properly, cloud computing can result in fewer security concerns and greater cost savings. But what about security?

Last month at CyberMaryland 2018, Jimmy Robertson, program chair, Computer Science and Software Development and Security at University of Maryland University College, sat down with us to explain how cloud security is a shared responsibility among all stakeholders and to offer his  insights into the security implications of moving into the cloud. Watch the video below:

Cyber Connections News Roundup: Sept. 25

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

New Document Lays Out Trump Administration Cyber Strategy

The new White House cybersecurity strategy, announced on Sept. 21, according to national security adviser John Bolton, suggests a more aggressive posture, including authorizing offensive cyber operations against foreign adversaries. The directive — called National Security Presidential Memorandum 13, or NSPM 13 – aims to deter malicious actors from launching digital attacks against the United States. However some argue that the 40-page document lacks new proposals, according to a recent Washington Post report. Read more.

Three “Out of the Box” Solutions for Closing the Cyber Skills Gap

Recently on http://www.wsj.com, Janaki Chadha reported on three proposals for closing the cybersecurity skills gap – a “Cybersecurity Peace Corps” (proposed by Scott Shackelford, chair of the cybersecurity program at Indiana University, Bloomington); a Cyber ROTC (proposed by Michèle Flournoy, a former senior official in the Defense Department); and financial incentives in the form of tax breaks for employers that develop training programs for cybersecurity jobs. Read more.

US House Introduces Cyber Workforce Bill

In other cybersecurity workforce news, http://www.zdnet.com reported that US lawmakers have introduced a bipartisan bill meant to address the current shortage of cybersecurity professionals. The bill, called the Cyber Ready Workforce Act (H.R.6791), would establish a grant program within the Department of Labor to support the creation, implementation, and expansion of apprenticeship programs in cybersecurity. Read more.

Many US Adults Lack Awareness of Cyber Careers According to New Survey

Meanwhile, a recent report on http://www.securityboulevard.com suggests that closing the cybersecurity skills gap may be difficult because many adults lack awareness of the opportunities in the field. A new national University of Phoenix survey found that 80 percent of U.S. adults have never considered a career in cybersecurity. These findings owe a lot to a greater lack of awareness and familiarity with cyber jobs and job titles, according to the report. Read more.

Healthcare Industry Must Keep Pace With Growing Number of Cyber Threats to Mobile Devices

A recent article on http://www.healthtechmagazine.net outlines what healthcare organizations must to do to keep pace with the inherent cybersecurity threats to the growing number of health mobility programs available to patients and medical staff. The article cited 2017 HIMSS Cybersecurity Survey data, which indicate that health industry users are generally aware of phishing or typical threats that affect a desktop computer, but less aware of threats that impact mobile devices such as smartphones or tablets. Read more.