Subscribe to RSS - Cybersecurity

Cybersecurity

Phishing, smishing and vishing: what do they mean and how to protect yourself

 - 
Wednesday, September 4, 2019

I have a special affinity toward cybersecurity, probably because I’ve witnessed it grow from not even being a word, much less a concept to indoctrinating itself into society on a second by second basis. People must be alert, knowledgeable and actionable in order to stay safe from cybercriminals, and thankfully, there are various organizations available to help. 

During August, I attended the National Cyber Security Alliance and Infosec webinar that explored the cyber threats phishing, smishing and vishing, and offered steps of protection. Daniel Eliot, director of education and strategic initiatives, National Cyber Security Alliance moderated as Tiffany Schoenike, chief operating officer, National Cyber Security Alliance and Lisa Plaggemier, chief evangelist, Infosec took center stage.

“At their core, phish are just tools criminals use for social engineering, which is the use of deception to manipulate individuals into doing something they wouldn’t normally,” Plaggemier explained during the webinar. “Thieves are generally after two things: money and things they can turn into money, and over three billion phishes are sent every single day” to try and gain access to private information, engage with people to develop trust, present links that download malware when clicked, modify data, etc.

Here’s some common types of phish you need to know about: 

  • Spear phishing: a targeted attack that usually involves cybercriminals gathering intel to use to send emails that appear to be from a known or trusted sender.
  • Whaling: attacks that target senior-level employees. 
  • Credential harvesting: an attack that allows unauthorized access to usernames and/or emails with corresponding passwords. 

To identify phishes, Plaggemier said to look for things such as spoofed sender addresses that may be off by a letter or two; misspelled words and bad grammar; strange URLs; the use of scare tactics; buzzwords such as cool job offers and last but not least, use your own senses. If you feel something isn’t right, you’re probably correct. 

With smishing, the cybercriminal uses text or SMS messaging to try and trick people into giving out private information while vishing uses the phone via a call. 

To protect yourself and your organization against phishing, smishing and vishing, consider the following: 

  • Enable strong authentication.
  • Think before you share personal information. 
  • Never give personal information over the phone. 
  • Use unique and the longest passphrases possible as passwords
  • Keep your computer system and smartphone’s software updated. 
  • Only download apps from trusted sources. 
  • Train employees. 
  • Establish, maintain, use and enforce policies and procedures. 
  • Report all phishing incidents to DHS Cybersecurity and Infrastructure Security Agency and the Federal Trade Commission

For more information on how small and medium-sized businesses can be safer and more secure online, visit National Cyber Security Alliance’s national program, CyberSecure My Business, which consists of in-person, interactive workshops, monthly webinars, an online portal of resources and monthly newsletters that summarize the latest cybersecurity news.

Cyber:Secured Forum 2019 rehash

A discussion about connecting cyber and physical security
 - 
09/04/2019

DALLAS—About a month ago, Cyber:Secured Forum made its way to the Lone Star state and now with the pumpkin spice latte (PSL) trend well on its way in early September, it’s time to grab one and reflect on cyber and physical security.

State of the access control market, part I

Current physical access control (PAC) trends shaping the security industry
 - 
08/20/2019

YARMOUTH, Maine—The concept of access control is simple — to allow or restrict people, animals or things from gaining access to a particular space.

The first-ever Cybersecurity Women of the Year Awards

Infosec industry comes together to recognize innovators and leaders
 - 
08/01/2019

ROSEVILLE, Calif.—An influencer, a hacker, a top legal mind and a “barrier breaker” … sounds like the start of a very interesting joke or riddle, doesn’t?

Artificial Intelligence (AI) necessary to respond to cyberattacks

 - 
Wednesday, July 24, 2019

Being born in the late 70s, it’s been amazing to watch the evolution of computers, the Internet, cyber and the like. I remember sitting in my junior high computer class—7th grade, I believe. Working with Basic on an Apple 2e, I created white coding on a black screen that made a man (stick figure) jump, dance and run when the user got the correct answer to the math problem presented on the screen. That, my friends, was high tech! 

Now, the graphics are realistic and some even interact with voice; data is being produced and shared at the rate of zettabytes; and computers are turning into machine learners, all of which is absolutely amazing but at the same time scary as bad people have turned it into a free-for-all of mass hacking that is detrimental to people and society. 

Human security experts work tirelessly each and every day to keep people like you and me, and the world safe; however, being human, they have their limits. For example, cybersecurity involves repetitiveness and tediousness, scouring through big data to identify anomalous data points; long, exhausting hours of data analysis; and relentlessly monitoring data going in and out of enterprise networks. Enter the age of artificial intelligence (AI) penetrating into the cyber realm in terms of security, obviously known collectively as cybersecurity. Working along-side humans, AI can complement cybersecurity by performing the repetitive, tedious tasks; it can be trained to take predefined steps against attacks and learn the most ideal responses going forward; and AI is fast and accurate with data analysis. This enables and empowers human security experts to use their talents and skills on other projects to further enhance cybersecurity. 

Capgemini, a global leader in consulting, technology services and digital transformation, recently published “Reinventing Cybersecurity with Artificial Intelligence Report,” finding 61 percent of enterprises said they cannot detect breach attempts today without the use of AI technologies. That’s over half of the 850 senior executives surveyed from IT information security, cybersecurity and IT operations in seven sectors across 10 countries. And if that’s not eye-opening enough, check out these findings: 

  • 69 percent believe AI will be necessary to respond to cyberattacks; 
  • 73 percent are testing AI use cases for cybersecurity; 
  • 64 percent said AI lowers the cost and reduces overall time taken to detect and respond to breaches by 12 percent; and
  • 56 percent said their cybersecurity analysts are overwhelmed and approximately 23 percent are not able to successfully investigate all identified incidents. 

With numbers like these, it’s easy to see AI and machine learning are essential to cybersecurity now and into the future. So, here at SSN, we’ve taken a huge step to bring you the latest and greats cybersecurity news with the addition of a “cybersecurity” tab on our website. Yep, that’s right … a whole section dedicated to all things cybersecurity!

To get a taste of our cybersecurity content check out the articles “Federal government aims to modernize physical security practices” and “Data forensics: time is of the essence,” and as always, we value your feedback. 

 

 

Cybersecurity on tap at SSN

 - 
Friday, July 19, 2019

For the past few years here at SSN we have been paying more and more attention to cybersecurity and its role within physical security, looking at it from as many different security perspectives as possible — end user, consultant, specifier, commercial integrator, supplier — you name it and we’ve probably written about it!

With cybersecurity playing such a prominent role in physical security today, we have added a section on our site that is completely devoted to our cybersecurity coverage. The convergence of physical and IT security is happening, and what better place to stay up to date on the latest happenings in the cybersecurity space than right here at SSN.

Some of our recent cyber-related stories include a great piece from SSN Contributing Editor Lilly Chapa, who attended the recent SIAGovSummit, about how the federal government aims to modernize physical security practices. As she points out, government agencies intend to evolve their security approach to address changing technology, threats and budgets, including working closer with cybersecurity and IT professionals.

Another interesting story worth checking out is by SSN Managing Editor Ginger Schlueter, who spoke with Cyber Criminologist Dr. Peter Stephenson about the art of data forensics.

Plus, she will be attending Cyber:Secured Summit at The Westin Dallas Park Central, July 29-31, and providing full coverage of the event here on the site as well, which you can find by just clicking on the Cybersecurity tab at the top of the site.

Dive right in here.

Federal government aims to modernize physical security practices

Government agencies intend to evolve their security approach to address changing technology, threats and budgets.
 - 
07/19/2019

WASHINGTON—The Security Industry Association’s 16th annual GovSummit in Washington, D.C. was jam-packed with sessions outlining the physical security challenges the federal government is facing and what the security industry can do to help address them.

Data forensics: time is of the essence

 - 
07/03/2019

AUSTIN, Texas—Huge volumes — think terabytes, petabytes, exabytes, zettabytes, yottabytes and up into the quintillion bytes — of complex, digital data is constantly being generated and scattered into different physical and virtual locations such as online social networks, the cloud and personal network-attached storage units.

Infocyte and Solutions Granted partner

Enables MSPs to deliver comprehensive, cost-effective endpoint security solutions to small, mid-sized organizations
 - 
06/18/2019

AUSTIN, Texas—Infocyte, a pioneer proactive threat detection and instant incident response (IR), has partnered with Solutions Granted, a master managed security service provider (MSSP), providing managed security solutions to the channel.

Cyber:Secured Forum helps heat up the Lone Star State

 - 
Wednesday, May 29, 2019

Things are heating up here in the Lone Star State which means air conditioning bills are about to go up, water will be consumed by the gallons, the smell of sunscreen and sun block will be everywhere, but most importantly, it means the Cyber:Secured Forum will be here before we know it at The Westin Dallas Park Central, July 29-31.

Senior Technical Director for NSA’s Cybersecurity Threat Operations Center (NCTOC), David Hogue, will be taking the stage on July 31st, 11:30am to 1:30pm, keynoting about fostering innovation and public-private partnerships in cyber defense. 

“The NSA is one of the most forward-thinking security organizations in the world,” Joe Gittens, director of standards, SIA told SSN. “David Hogue has been a technical expert on many of the agency’s cybersecurity threat mitigation efforts and a lead researcher on a number of high-profile breaches, like the Sony Pictures hack.” 

Attendees can look forward to the following take-aways from Hogue: 

  • Principles on how NSA is approaching cybersecurity innovation
  • How the security industry can partner in this overall mission; and
  • Ways the industry can develop solutions for: managing gateways and cyber perimeters, hardening endpoints to meet best practices and standards, embrace comprehensive and automated threat intelligence and cultivate a culture of curiosity and innovation. 

 

“I believe there is not a better voice to educate our industry on the emerging threats that enemies are deploying to interfere with the ever-connected nature of our nation,” Gittens said. “Security battlefronts are constantly changing, and David’s presentation will offer rare insights into how partnership and innovation within the security industry can lead to increasing success in the public and private sectors.”

I look forward to seeing everyone at Cyber:Secured and taking lots of notes on what Hogue has to offer! 

 

Pages