Subscribe to RSS - Cybersecurity

Cybersecurity

What images and color(s) represent the word ‘cybersecurity’?

 - 
Tuesday, November 19, 2019

Some studies have found that the human brain actually processes words by recognizing each word heard through the ears and seen with the eyes as an individual picture. I know when I’m listening to a podcast or lecture, the radio, reading something, etc. and I hear or see a word that is delightful to me, my mind engages, blooming a series of images that represent that word. In other words, I see pictures in my mind related to what I heard or saw.

Let’s say, for example, you just heard the word ‘cybersecurity.” What images popped into your mind? For me, it’s images of hooded people in basements crouched over a laptop, padlocks, computers with data flying out of it as if it’s being stolen, etc. 

Believe it or not, how people “see” the word cybersecurity is a big deal, as images can conjure up false realities of what it actually is and encompasses. And, with digital being such a major part of our lives, pictures/images provide the visual communication we are accustomed to.

The Daylight Security Research Lab, part of the Center for Long-Term Cybersecurity at U.C. Berkeley, compiled a dataset of the most common cybersecurity-related images used on the Internet during a two-year period of Google Image Search results for 28 terms related to privacy and cyber security. Every week for two years, the research team entered terms, such as cybersecurity, camera surveillance, camera privacy and more (you can see all 28 here) into a custom Google Search Engine (Google CSE). For each term searched, 100 images were scraped using a script, resulting in three sets of search terms each aimed at the following: 

  • Set 1: general technologies, technical themes or topics;
  • Set 2: representations of abstract ideas or practices; and
  • Set 3: Dave Eggar’s book, “The Circle,” which at the time of the study was a best-seller and represented topics of interest related to this study. 

Though the Berkeley researchers are continuing to analyze the seven gigabytes of collected imagery data, preliminary analyzations found that the most common colors used in cybersecurity imagery online are blue, grey, black and red, while padlocks and abstract network diagrams are the most common images. 

In my opinion, fear should not be the driver that encourages people to take action to stay safe. Yet, this research shows that the majority of images and colors related to cybersecurity do just that. Dark colors, in this case, blue, grey and black, are frequently associated with evil, mystery and fear. Red is often associated with danger. Just these four colors alone can communicate and evoke fear, and when used along with padlocks and images of computer networks, the message is clear: cybersecurity = fear. 

People should know the truth about cybersecurity —in words and in pictures — so that they can make educated decisions on how to best protect themselves, not fear mongered into it. Therefore, it’s important to create and use realistic imagery and pictures when it comes to discussing and presenting cybersecurity online. 

Do you agree or disagree? Why or why not?

Are you and your company ready for a cyberattack or data breach?

 - 
Wednesday, November 6, 2019

Kind of like the once elusive sound of a car alarm in a packed parking lot in the 80s to the flooded number of parked cars with car alarms today, as is the discussion of cyberattacks, cybercrimes, data breaches and such. 

I remember being around seven years old and in our local K-Mart parking lot with my mom, when a sound emerged from somewhere among the parked cars. That’s the first time I had ever heard a car alarm. Today, a car alarm is an annoyance at best and not really “heard” by many people anymore. 

Likening that to the cyber world, I remember becoming so intrigued with cybersecurity, cyberattacks, cybercrimes and such about 10 years ago, when I became heavily involved in social media. It was something exciting and different than had ever been seen before in true crime stories that intrigue and whet the public’s palates. Fast-forward to today, and it’s become common-place to see these types of stories throughout all aspects of media reporting — online articles and blogs; social media platforms; TV news stories; documentaries; radio reporting; etc., so much so, that people are already or becoming numb to it, passing it off as just “one of those things we have to deal with in life.” However, especially as a security professional, cyberattacks and data breaches not only shouldn’t be taken lightly, they absolutely cannot be, as they have literally ruined business and people. So, I ask you: “Are you ready and prepared?” 

Sad to say, but if you’re like the majority of the over 800 CISOs and other senior executives across North America, Europe and Asia, surveyed (commissioned by FireEye and delivered by Kantar, an independent market research organization), the answer is unfortunately, “no.” The study found that: 

  • 51 percent of surveyed organizations don’t believe they are ready or would respond appropriately to a cyberattack or data breach; 
  • 29 percent of these organizations with response plans in place haven’t tested or updated them in the last 12 months or more; and
  • 76 percent of the organizations plan to increase their cyber security budget in 2020. 

The survey also highlighted varying global viewpoints. In Asia, Japan plans to prioritize detection capabilities in 2020 and expresses concerns regarding cloud security, while Korea believes nation states are the most likely source of cyberattacks. The U.S. is leading the transition to cloud; Germany is concerned about cloud security and France believes employee training to be a top protection measure. 

I urge you, don’t become a parked car in a sea of cyberattacks and data breaches with your alarm going off and people just walking by like nothing is wrong. Prepare by creating a plan and know/understand exactly how to execute that plan before, during and after a cyberattack or data breach. This is a must. Think about it – it can’t be underestimated just how smart cybercriminals really are; it’s all they focus on day in and day out. They are experts at their craft and we must know how to prevent as must as possible and reciprocate, when necessary, to stay safe.

Formjacking, a newer way of stealing personal data online

 - 
Wednesday, October 16, 2019

Cyber Security Awareness Month is in full swing; social media is buzzing with extremely helpful content and resources, mostly of which is free to help businesses and individuals gain and stay in control of their digital worlds. As the saying goes, “you learn something new every day,” or you should. Through social media related to #NCSAM, #cybersecurityawarenessmonth and #BeCyberAware, I heard about a newer way hackers are stealing data – formjacking.

I knew the term “jacking” meant stealing, but combing it with the word “form,” it could mean a variety of things, so I reached out to my friends at the Security Industry Association (SIA) for some guidance. 

“Formjacking is the injection of malicious code into a seemingly trustworthy website form that relays a copy of the field inputs to an attacker,” Joe Gittens, director of standards, SIA, explained. “In these cases, the victim’s transaction with the trust source is not interrupted; however, information from the from, which could include sensitive data, is relayed to the attacker.” 

That literally gave me chills. I can’t speak for you, but I know I have filled out at least hundreds of forms in my digital life; reflecting back over my past 20 years, there’s no telling what data I’ve shared. And, with formjacking, here’s the kicker – there are no red flags for the average online user to look for. 

“Unlike with spoofing and phishing, there are very few tell-tale signs that a form has been compromised,” Min Kyriannis, head, technology business development, Jaros, Baum & Bolles and member of SIA’s Cybersecurity Advisory Board. In fact, the only way to detect formjacking is looking at the code, “and, unless you’re trained, it’s hard to detect,” Gittens said. 

It looks like the regular, every day Joe who is going online and filling out forms has absolutely no way of knowing his data could be at risk, although end users can self-sabotage through installing browser plug-ins, Gittens said. Therefore, it’s mainly up to the company behind the online form to ensure people and their data are protected. 

“Companies need to ensure that all software, plug-ins and any third-party applications or extensions have been vetted and check for vulnerabilities,” Kyriannis advised. “These need to be continuously checked, since software is constantly being updated.” 

It amazes me how smart cybercriminals/hackers truly are, and it’s important to never underestimate them. Think about it in these terms: once a threat is recognized and identified by the “good guys,” the “bad guys” have already moved on “looking for more covert ways to harvest data,” Gittens said, in a way that’s the “easiest to hide and what’s most lucrative” for them,” added Kyriannis.

Gittens identified partner trust as key and noted that formjacking can and has affected large and mom-and-pop institutions. “Just like with other attacks, understanding exactly what type of privileges a third-party service has on your website or your browser and only allowing the most trusted services into your ecosystem can help protect you and your business. Also, be careful about what types of information you are collecting in forms in case you are attacked. If you don’t have to collect sensitive data, don’t do it – contract a trusted third party to perform the transaction for you who has better security protocols in place and can provide you and your customers with assurances. The SIA Cybersecurity Advisory Board will soon look to provide guidance on how security stakeholders can foster more trust within the device and application ecosystem.”

Kyriannis concurs that trust is key, but “people with malicious intent will always find new ways to sneak under the radar. The industry must lead in bringing awareness to their clients, customers, etc., and self-awareness is critical – for end users, that means setting up security parameters for themselves,” such as tagging credit cards to constantly monitor charges. 

Formjacking Key Takeways

  1. Any and all information shared via an online form is at risk of being stolen. 
  2. The only way to detect formjacking is to look at the code. 
  3. Ensure software, plug-ins and any third-party applications or extensions have been vetted and regularly check for vulnerabilities.
  4. Understand the exact privileges a third-party service has on your website/browser. 
  5. If you don’t have to collect sensitive data, don’t. 
  6. Set up security parameters for yourself.

Cybersecurity pledge signed by over 20 countries

 - 
09/27/2019

YARMOUTH, Maine—As ink was flying and signatures made on Monday, September 23, on the Joint Statement on Advancing Responsible State Behavior in Cyberspace, representing the 27 countries committed to upholding this international rules-based order, an evolving framework that guides responsible state behavior in cyberspace, memories resurfaced of my dad and grandmother, both of whom never got to see, much less interact with, the Web.

Security Systems News recognized as a 2019 NCSAM Champion Organization

 - 
Wednesday, September 25, 2019

As the saying goes, “it takes a village,” and nothing is farther from the truth when confronting cybersecurity. It will literally take everyone working together to combat cyber risks and threats. As more and more organizations take the necessary steps to become and stay cyber safe, these same and other organizations are reaching out and showing their support of various campaigns centered around cyber. 

And, now an important announcement … drum roll please!

As of this blog post, Security Systems News is proud to be the only security industry publication recognized as a 2019 Champion Organization of National Cybersecurity Awareness Month (NCSAM) co-led by the National Cyber Security Alliance (NCSA) and the Cybersecurity and infrastructure Agency (CISA) of the U.S. Department of Homeland Security. 

In just five days, October will be here, the month of ghouls and goblins, candy and trick-or-treating, and perhaps most importantly, NCSAM, a collaborative effort among businesses, government agencies, colleges and universities, associations, nonprofit organizations and individuals to be committed to this year’s NCSAM overarching team of “Own It. Secure It. Protect It.” This theme serves as encouragement to everyone to #BeCyberSmart through personal accountability and proactive behavior in security best practices and digital privacy.

“Cybersecurity is important to the success of all businesses and organizations,” Kelvin Coleman, executive director, NCSA, said. “NCSA is proud to have such a strong and active community helping to encourage proactive behavior and prioritize cybersecurity in their organizations.” 

So, what does this amazing news mean for you, our amazing readers? Well, throughout the month of October, we will provide you with the latest and greatest tips, discussion topics, free resources, videos, quizzes and more to ensure you are cybersafe!  

To gain access to these must-have tools, be sure to: 

  1. Follow SSN Managing Editor, Ginger Hill, on Twitter @SSN_Ginger; 
  2. If you miss any tweets, search on Twitter using #SSNTalks to see all our previous tweets.
  3. Follow SSN/SecurityNext on LinkedIn; and 
  4. Follow SSN on Facebook

When you see our posts on Twitter, LinkedIn and Facebook, be sure to comment, using #SSNTalks and #BeCyberSmart, like and share! We will respond to all comments! 

Everyone here at SSN is super excited to be a 2019 NCSAM Champion and to join in the fight for cybersecurity!

Phishing, smishing and vishing: what do they mean and how to protect yourself

 - 
Wednesday, September 4, 2019

I have a special affinity toward cybersecurity, probably because I’ve witnessed it grow from not even being a word, much less a concept to indoctrinating itself into society on a second by second basis. People must be alert, knowledgeable and actionable in order to stay safe from cybercriminals, and thankfully, there are various organizations available to help. 

During August, I attended the National Cyber Security Alliance and Infosec webinar that explored the cyber threats phishing, smishing and vishing, and offered steps of protection. Daniel Eliot, director of education and strategic initiatives, National Cyber Security Alliance moderated as Tiffany Schoenike, chief operating officer, National Cyber Security Alliance and Lisa Plaggemier, chief evangelist, Infosec took center stage.

“At their core, phish are just tools criminals use for social engineering, which is the use of deception to manipulate individuals into doing something they wouldn’t normally,” Plaggemier explained during the webinar. “Thieves are generally after two things: money and things they can turn into money, and over three billion phishes are sent every single day” to try and gain access to private information, engage with people to develop trust, present links that download malware when clicked, modify data, etc.

Here’s some common types of phish you need to know about: 

  • Spear phishing: a targeted attack that usually involves cybercriminals gathering intel to use to send emails that appear to be from a known or trusted sender.
  • Whaling: attacks that target senior-level employees. 
  • Credential harvesting: an attack that allows unauthorized access to usernames and/or emails with corresponding passwords. 

To identify phishes, Plaggemier said to look for things such as spoofed sender addresses that may be off by a letter or two; misspelled words and bad grammar; strange URLs; the use of scare tactics; buzzwords such as cool job offers and last but not least, use your own senses. If you feel something isn’t right, you’re probably correct. 

With smishing, the cybercriminal uses text or SMS messaging to try and trick people into giving out private information while vishing uses the phone via a call. 

To protect yourself and your organization against phishing, smishing and vishing, consider the following: 

  • Enable strong authentication.
  • Think before you share personal information. 
  • Never give personal information over the phone. 
  • Use unique and the longest passphrases possible as passwords
  • Keep your computer system and smartphone’s software updated. 
  • Only download apps from trusted sources. 
  • Train employees. 
  • Establish, maintain, use and enforce policies and procedures. 
  • Report all phishing incidents to DHS Cybersecurity and Infrastructure Security Agency and the Federal Trade Commission

For more information on how small and medium-sized businesses can be safer and more secure online, visit National Cyber Security Alliance’s national program, CyberSecure My Business, which consists of in-person, interactive workshops, monthly webinars, an online portal of resources and monthly newsletters that summarize the latest cybersecurity news.

Cyber:Secured Forum 2019 rehash

A discussion about connecting cyber and physical security
 - 
09/04/2019

DALLAS—About a month ago, Cyber:Secured Forum made its way to the Lone Star state and now with the pumpkin spice latte (PSL) trend well on its way in early September, it’s time to grab one and reflect on cyber and physical security.

State of the access control market, part I

Current physical access control (PAC) trends shaping the security industry
 - 
08/20/2019

YARMOUTH, Maine—The concept of access control is simple — to allow or restrict people, animals or things from gaining access to a particular space.

The first-ever Cybersecurity Women of the Year Awards

Infosec industry comes together to recognize innovators and leaders
 - 
08/01/2019

ROSEVILLE, Calif.—An influencer, a hacker, a top legal mind and a “barrier breaker” … sounds like the start of a very interesting joke or riddle, doesn’t?

Artificial Intelligence (AI) necessary to respond to cyberattacks

 - 
Wednesday, July 24, 2019

Being born in the late 70s, it’s been amazing to watch the evolution of computers, the Internet, cyber and the like. I remember sitting in my junior high computer class—7th grade, I believe. Working with Basic on an Apple 2e, I created white coding on a black screen that made a man (stick figure) jump, dance and run when the user got the correct answer to the math problem presented on the screen. That, my friends, was high tech! 

Now, the graphics are realistic and some even interact with voice; data is being produced and shared at the rate of zettabytes; and computers are turning into machine learners, all of which is absolutely amazing but at the same time scary as bad people have turned it into a free-for-all of mass hacking that is detrimental to people and society. 

Human security experts work tirelessly each and every day to keep people like you and me, and the world safe; however, being human, they have their limits. For example, cybersecurity involves repetitiveness and tediousness, scouring through big data to identify anomalous data points; long, exhausting hours of data analysis; and relentlessly monitoring data going in and out of enterprise networks. Enter the age of artificial intelligence (AI) penetrating into the cyber realm in terms of security, obviously known collectively as cybersecurity. Working along-side humans, AI can complement cybersecurity by performing the repetitive, tedious tasks; it can be trained to take predefined steps against attacks and learn the most ideal responses going forward; and AI is fast and accurate with data analysis. This enables and empowers human security experts to use their talents and skills on other projects to further enhance cybersecurity. 

Capgemini, a global leader in consulting, technology services and digital transformation, recently published “Reinventing Cybersecurity with Artificial Intelligence Report,” finding 61 percent of enterprises said they cannot detect breach attempts today without the use of AI technologies. That’s over half of the 850 senior executives surveyed from IT information security, cybersecurity and IT operations in seven sectors across 10 countries. And if that’s not eye-opening enough, check out these findings: 

  • 69 percent believe AI will be necessary to respond to cyberattacks; 
  • 73 percent are testing AI use cases for cybersecurity; 
  • 64 percent said AI lowers the cost and reduces overall time taken to detect and respond to breaches by 12 percent; and
  • 56 percent said their cybersecurity analysts are overwhelmed and approximately 23 percent are not able to successfully investigate all identified incidents. 

With numbers like these, it’s easy to see AI and machine learning are essential to cybersecurity now and into the future. So, here at SSN, we’ve taken a huge step to bring you the latest and greats cybersecurity news with the addition of a “cybersecurity” tab on our website. Yep, that’s right … a whole section dedicated to all things cybersecurity!

To get a taste of our cybersecurity content check out the articles “Federal government aims to modernize physical security practices” and “Data forensics: time is of the essence,” and as always, we value your feedback. 

 

 

Pages