Subscribe to RSS - cyber security

cyber security

Is your merger and acquisition process as secure as you think?

 - 
12/02/2019

A merger or acquisition is extremely sensitive. You’re looking at millions of dollars potentially changing hands, to say nothing of all the sensitive data and intellectual property. It should go without saying that security should be your number one priority; yet for some reason, many businesses seem to ignore it entirely.

100 Women in 100 Days Cybersecurity Career Accelerator announces next class

 - 
11/21/2019

SACRAMENTO, Calif.—The free cybersecurity training and accreditation program, 100 Women in 100 Days (100w100d), founded and managed by Sacramento-based cyber risk consulting firm, Inteligenca, will help another 100 students reboot their careers at Japan’s Saya University.

What images and color(s) represent the word ‘cybersecurity’?

 - 
Tuesday, November 19, 2019

Some studies have found that the human brain actually processes words by recognizing each word heard through the ears and seen with the eyes as an individual picture. I know when I’m listening to a podcast or lecture, the radio, reading something, etc. and I hear or see a word that is delightful to me, my mind engages, blooming a series of images that represent that word. In other words, I see pictures in my mind related to what I heard or saw.

Let’s say, for example, you just heard the word ‘cybersecurity.” What images popped into your mind? For me, it’s images of hooded people in basements crouched over a laptop, padlocks, computers with data flying out of it as if it’s being stolen, etc. 

Believe it or not, how people “see” the word cybersecurity is a big deal, as images can conjure up false realities of what it actually is and encompasses. And, with digital being such a major part of our lives, pictures/images provide the visual communication we are accustomed to.

The Daylight Security Research Lab, part of the Center for Long-Term Cybersecurity at U.C. Berkeley, compiled a dataset of the most common cybersecurity-related images used on the Internet during a two-year period of Google Image Search results for 28 terms related to privacy and cyber security. Every week for two years, the research team entered terms, such as cybersecurity, camera surveillance, camera privacy and more (you can see all 28 here) into a custom Google Search Engine (Google CSE). For each term searched, 100 images were scraped using a script, resulting in three sets of search terms each aimed at the following: 

  • Set 1: general technologies, technical themes or topics;
  • Set 2: representations of abstract ideas or practices; and
  • Set 3: Dave Eggar’s book, “The Circle,” which at the time of the study was a best-seller and represented topics of interest related to this study. 

Though the Berkeley researchers are continuing to analyze the seven gigabytes of collected imagery data, preliminary analyzations found that the most common colors used in cybersecurity imagery online are blue, grey, black and red, while padlocks and abstract network diagrams are the most common images. 

In my opinion, fear should not be the driver that encourages people to take action to stay safe. Yet, this research shows that the majority of images and colors related to cybersecurity do just that. Dark colors, in this case, blue, grey and black, are frequently associated with evil, mystery and fear. Red is often associated with danger. Just these four colors alone can communicate and evoke fear, and when used along with padlocks and images of computer networks, the message is clear: cybersecurity = fear. 

People should know the truth about cybersecurity —in words and in pictures — so that they can make educated decisions on how to best protect themselves, not fear mongered into it. Therefore, it’s important to create and use realistic imagery and pictures when it comes to discussing and presenting cybersecurity online. 

Do you agree or disagree? Why or why not?

Are you and your company ready for a cyberattack or data breach?

 - 
Wednesday, November 6, 2019

Kind of like the once elusive sound of a car alarm in a packed parking lot in the 80s to the flooded number of parked cars with car alarms today, as is the discussion of cyberattacks, cybercrimes, data breaches and such. 

I remember being around seven years old and in our local K-Mart parking lot with my mom, when a sound emerged from somewhere among the parked cars. That’s the first time I had ever heard a car alarm. Today, a car alarm is an annoyance at best and not really “heard” by many people anymore. 

Likening that to the cyber world, I remember becoming so intrigued with cybersecurity, cyberattacks, cybercrimes and such about 10 years ago, when I became heavily involved in social media. It was something exciting and different than had ever been seen before in true crime stories that intrigue and whet the public’s palates. Fast-forward to today, and it’s become common-place to see these types of stories throughout all aspects of media reporting — online articles and blogs; social media platforms; TV news stories; documentaries; radio reporting; etc., so much so, that people are already or becoming numb to it, passing it off as just “one of those things we have to deal with in life.” However, especially as a security professional, cyberattacks and data breaches not only shouldn’t be taken lightly, they absolutely cannot be, as they have literally ruined business and people. So, I ask you: “Are you ready and prepared?” 

Sad to say, but if you’re like the majority of the over 800 CISOs and other senior executives across North America, Europe and Asia, surveyed (commissioned by FireEye and delivered by Kantar, an independent market research organization), the answer is unfortunately, “no.” The study found that: 

  • 51 percent of surveyed organizations don’t believe they are ready or would respond appropriately to a cyberattack or data breach; 
  • 29 percent of these organizations with response plans in place haven’t tested or updated them in the last 12 months or more; and
  • 76 percent of the organizations plan to increase their cyber security budget in 2020. 

The survey also highlighted varying global viewpoints. In Asia, Japan plans to prioritize detection capabilities in 2020 and expresses concerns regarding cloud security, while Korea believes nation states are the most likely source of cyberattacks. The U.S. is leading the transition to cloud; Germany is concerned about cloud security and France believes employee training to be a top protection measure. 

I urge you, don’t become a parked car in a sea of cyberattacks and data breaches with your alarm going off and people just walking by like nothing is wrong. Prepare by creating a plan and know/understand exactly how to execute that plan before, during and after a cyberattack or data breach. This is a must. Think about it – it can’t be underestimated just how smart cybercriminals really are; it’s all they focus on day in and day out. They are experts at their craft and we must know how to prevent as must as possible and reciprocate, when necessary, to stay safe.

9 tips to stay cyber safe while traveling

 - 
Wednesday, October 9, 2019

As October presents itself in terms of pumpkin-spiced “everything,” cooler temps, colorful leaves, National Cyber Security Awareness Month (NCSAM) (ICYMI – we are 2019 Champions) and the announcement of SecurityNext’s program, Fall is a whirlwind of excitement! This time of year also reminds me of the extensive travel that takes place to family and friends’ homes for holiday gatherings, industry conferences and other work trips, vacations and the like. And, since the world is so hyper-connected, it is critical and crucial that everyone plans for and takes cybersecurity action when traveling. 

Based on information provided by National Initiative for Cybersecurity Careers and Studies (NICCS), an online resource for cybersecurity training that connects government employees, students, educators and industry with cybersecurity training providers throughout the nation, as well as the Department of Homeland Security, and in honor of our SecurityNext conference, February 9-11, 2020 at the Royal Sonesta in NOLA, and NCSAM, here are some tips to keep yourself, family and friends safe before and during travel:

Before Travel

Update mobile software. Keep the operating system software, web browsers and apps updated will improve your device’s ability to defend against malware. Sign up for and/or turn on automatic updates; set security software to run regular scans; and use anti-virus software.

Back up information. Put contacts, financial data, photos, videos and other mobile data onto another device or external hard drive, or in the cloud. 

Keep devices under lock (and key). Lock your device when you’re not using it; it only takes a few minutes for someone to steal/destroy your data. Set devices to automatically lock after a short time; use strong PINs and passwords. (This is a cool video from HABITU8 for establishing passphrases!) 

Double your login protection. Enable multi-factor authentication (MFA) for email, banking, social media and other services that require logging in. Enable MFA on trusted mobile devices, an authenticator app or a secure token (a small physical device that you can hook onto your key ring, for example.) 

During Travel

No auto-connecting. Disable remote connectivity and Bluetooth to prevent wirelessly connecting automatically to other devices — headphones, automobile infotainment systems, etc. Be choosey when deciding which wireless and Bluetooth networks to connect to. 

Think before connecting. Before connecting to any public wireless hotspot, confirm the network name and exact login procedures with appropriate staff. Your personal hotspot is usually a safer alternative to free Wi-Fi, and only use sites that begin with “https://”.

Play hard to get with strangers. If an email looks “phishy,” do not respond or click on any links or attachments. Use the “junk” or “block” option to no longer receive messages from the sender. 

Never click and tell. Limit the type of information shared on social media and other online places. Keep your full name, address, birthday and vacation plans private, and disable location services. Before posting pictures, make sure there is nothing in it to identify your location such as an address on a building, a street sign, the name of a business, etc. 

Physically guard mobile devices. Never leave devices or components, such as USBs or external hard drives, alone and keep them secured in taxis, at airports, on airplanes and in hotel rooms, lock them up in the commonly provided safe if you don’t want to lug them around with you.

How to assess your company’s cybersecurity risk

 - 
Wednesday, July 31, 2019

It finally happened. Temps reached into the 100s in Dallas as Cyber:Secured Forum helped some security professionals stay cool inside The Westin Dallas Park Central while learning actionable takeaways and best practices related to maintaining and improving cybersecurity of security systems and solutions. While I gather my thoughts to bring you a detailed rendition of the past two days, now would be a great time to do a cybersecurity risk assessment on your system. 

Here are my “4 Preliminaries” (4Ps) to help you get started on your assessment:

  1. Perspective. Make a list of all information stored on your computer, online, in different apps and in the cloud, for example, work documents, apps, music, passwords, pictures, videos of your family, banking and credit card credentials, etc. Physically seeing how much precious data you have should be a wakeup call to protect it against cyber threats and attacks.
  2. Passwords. Make a list of all online accounts and their login credentials. 
  3. Peruse. Look through the list and carefully think about the value of each type of stored data. If it would be detrimental if anyone gained access or a particular piece or data or online account was lost, deleted or leaked online, put a star by it or highlight it. 
  4. Posture. Take a position of defense against cyberattacks, cybercriminals and cyberthreats. To start, make sure all the passwords on your list are strong to prevent access to your data. Each account needs a DIFFERENT, robust password consisting of at least 12 or more of the following: upper- and lower-case letters, and numbers and symbols in various combinations and locations within the password. 

Once you’ve completed the 4Ps, google the phrase “cybersecurity risk assessment checklist.” This tool is available for free from different organizations and businesses. Choose the checklist that resonates most closely with your business, or take bits and pieces of a variety of checklists to create a custom list. Then, using the information you’ve already gathered from the 4Ps, get started answering the questions. You’ll be well on your way to learning exactly where your company is postured for cybersecurity as well as areas that need improvement. 

 

Data forensics: time is of the essence

 - 
07/03/2019

AUSTIN, Texas—Huge volumes — think terabytes, petabytes, exabytes, zettabytes, yottabytes and up into the quintillion bytes — of complex, digital data is constantly being generated and scattered into different physical and virtual locations such as online social networks, the cloud and personal network-attached storage units.

Americans’ trust issues, or lack thereof, with IoT devices and other security-related issues

 - 
Wednesday, May 1, 2019

The last blog I wrote, “What your connected smart home IoT devices are really doing,” highlighted the fact that there are no security standards for IoT manufacturers to follow when creating networked devices. This should cause concern or at least pause for people using such devices, especially in their homes. But, just how aware are consumers about potential risks and do people actually trust the devices they use every day? 

ASecureLife conducted a survey of 300 Americans nationwide to determine how much participants trust the technology they use regularly in their homes as well as people’s biggest concerns related to smart home technology, home security and online privacy. The survey found:

1. A quarter of Americans are NOT concerned with being monitored online by criminals. This nonchalant attitude resulted in 23 percent of American households having someone victimized by cybercriminals in 2018, according to GALLUP

Additionally, in 2017, the FBI’s Internet Crime Complaint Center received more than 300,000 complaints, totaling more than $1.4 billion in monetary losses for victims. 

2. Americans are more concerned about being monitored online by the government than by businesses.

3. Two-thirds of Americans believe their smart devices are recording them. While it’s time consuming, and to be honest, boring, thoroughly read a company’s terms and conditions so you know what personal information that company is collecting from you, and how they’re using it.

Tip: Adjust the settings on your smart equipment to maximize your privacy. For example, turn off Amazon Echo’s “Drop In” setting to prevent the it from automatically syncing and conversing with other Echo devices. 

4. About one in five parents would let Alexa entertain their kids while they’re away. WOW! Parents are actually trusting their children’s safety and security to the virtual world!? (We’ll be discussing this later on in this blog post! Read on!) 

5. Seventy-five (75) percent of Americans believe smart homes can be easily hacked, but 33 percent have and use some type of smart home technology. This indicates that consumers are indeed buying these gadgets. In fact, a joint-consumer survey conducted by Coldwell Banker Real Estate and CNET found 47 percent of Millennials, aged 18 to 34 years, have and use smart home products. 

6. Women are typically more concerned with home security than financial security, and the opposite is true for men. Participants were asked if they fear a home invasion more than identity theft: 53 percent of women participants said “yes,” compared to 44 percent of men.

Participants were also asked which of the following they would rather do: stop locking your doors or change all your passwords to “1234.” Men’s responses were split evenly, while 59 percent of women preferred to change their passwords to this all-to-common numerical sequence. 

7. Americans aged 55 and older are more protective of their financial security than their home security; the opposite is true for younger people. Participants over age 54 were asked if they feared home invasion more than identity theft to which 70 percent answered “no.” However, participants under age 34 were more likely to fear home invasion. 

While all the findings were eye-opening, for me personally, the one that haunted me pretty deeply was the one about Alexa “babysitting” kids. It’s one thing for parents to allow their children to use Alexa under their supervision, but to allow minors to access Alexa while they are away can be extremely dangerous, in my opinion and based on the news we see every day concerning criminals hacking into security systems, devices recording home-based conversations, apps giving away data to advertisers, and the list goes on and on. 

Question for you parents out there: Would you allow your children to access Alexa when you aren’t at home? Why or why not? 

 

Robots: the next big thing? They'll be at PSA-TEC

 - 
Wednesday, April 13, 2016

PSA-TEC will have some new attendees this year: Robots.

There will be drones and ground-based robots at PSA Security’s annual education and training event PSA-TEC, which will takes place May 8-13 in Westminster, Colo.

Bill Bozeman, PSA Security CEO, believes security robotics is the next big opportunity—and challenge—for the security industry.

“We’ll have three sessions [related to robotics] at TEC,” Bozeman said. He noted that PSA Security led the industry on the cybersecurity front, holding its Cyber Security Congress early in 2015.

“We like to start the conversation at TEC about what the future will look like [in terms of technology],” he said.

In the days leading up to PSA-TEC, Bozeman will be attending a drone conference in New Orleans, where he’ll get a close look at aerial, ground and marine-based drones.

Bozeman said that he expects Security Robotics to be the next committee created by PSA Security.

PSA currently has five committees, relatively recently created, that explore topics of interest to security integrators. The committees are tasked with sharing information at PSA-TEC, through the PSA website and elsewhere, coming up “playbooks” for integrators and developing best practices and standards to save integrators time, money and resources.

The five committees are: Project Management Committee, Sales & Marketing Committee, Technical Committee, Leadership Committee, and the  Cyber Committee.

It seemed like everyone was talking about cybersecurity at ISC West. I had a chance to speak to Andrew Lanning, co-founder of integration firm IST, and chairman of the PSA Security Cyber Committee, at the show. Lanning’s group plans to share its preliminary cybersecurity playbook with integrators at PSA-TEC in May.

Lanning’s group is looking at processes and products with the goal of helping integrators, from the super IT-savvy integrators, to those who are just starting to educate themselves about IT best practices and cybersecurity, he said.

Anthony Berticelli, PSA director of education, oversees all of the committees. “There will be nine committee-led session at TEC,” Berticelli said. “There will be peer-to-peer sessions and roundtable sessions and several of the sessions will overlap [committee jurisdiction],” he said. 

PSA-TEC is open to everyone in the security industry. One does not have to be a PSA member to attend PSA-TEC. Here’s a link to information about the conference.

 

Specifically Speaking: Roger Hutchins, principal, GHD

Specifically Speaking: Roger Hutchins, principal, GHD
 - 
09/09/2014

Specifically Speaking features Q-and-A with a different security consultant every month. In July, we spoke to Roger Hutchins, principal at Washington, D.C.-based GHD.

Pages