Subscribe to RSS - Cybercrime

Cybercrime

Are you and your company ready for a cyberattack or data breach?

 - 
Wednesday, November 6, 2019

Kind of like the once elusive sound of a car alarm in a packed parking lot in the 80s to the flooded number of parked cars with car alarms today, as is the discussion of cyberattacks, cybercrimes, data breaches and such. 

I remember being around seven years old and in our local K-Mart parking lot with my mom, when a sound emerged from somewhere among the parked cars. That’s the first time I had ever heard a car alarm. Today, a car alarm is an annoyance at best and not really “heard” by many people anymore. 

Likening that to the cyber world, I remember becoming so intrigued with cybersecurity, cyberattacks, cybercrimes and such about 10 years ago, when I became heavily involved in social media. It was something exciting and different than had ever been seen before in true crime stories that intrigue and whet the public’s palates. Fast-forward to today, and it’s become common-place to see these types of stories throughout all aspects of media reporting — online articles and blogs; social media platforms; TV news stories; documentaries; radio reporting; etc., so much so, that people are already or becoming numb to it, passing it off as just “one of those things we have to deal with in life.” However, especially as a security professional, cyberattacks and data breaches not only shouldn’t be taken lightly, they absolutely cannot be, as they have literally ruined business and people. So, I ask you: “Are you ready and prepared?” 

Sad to say, but if you’re like the majority of the over 800 CISOs and other senior executives across North America, Europe and Asia, surveyed (commissioned by FireEye and delivered by Kantar, an independent market research organization), the answer is unfortunately, “no.” The study found that: 

  • 51 percent of surveyed organizations don’t believe they are ready or would respond appropriately to a cyberattack or data breach; 
  • 29 percent of these organizations with response plans in place haven’t tested or updated them in the last 12 months or more; and
  • 76 percent of the organizations plan to increase their cyber security budget in 2020. 

The survey also highlighted varying global viewpoints. In Asia, Japan plans to prioritize detection capabilities in 2020 and expresses concerns regarding cloud security, while Korea believes nation states are the most likely source of cyberattacks. The U.S. is leading the transition to cloud; Germany is concerned about cloud security and France believes employee training to be a top protection measure. 

I urge you, don’t become a parked car in a sea of cyberattacks and data breaches with your alarm going off and people just walking by like nothing is wrong. Prepare by creating a plan and know/understand exactly how to execute that plan before, during and after a cyberattack or data breach. This is a must. Think about it – it can’t be underestimated just how smart cybercriminals really are; it’s all they focus on day in and day out. They are experts at their craft and we must know how to prevent as must as possible and reciprocate, when necessary, to stay safe.

Cybersecurity pledge signed by over 20 countries

 - 
09/27/2019

YARMOUTH, Maine—As ink was flying and signatures made on Monday, September 23, on the Joint Statement on Advancing Responsible State Behavior in Cyberspace, representing the 27 countries committed to upholding this international rules-based order, an evolving framework that guides responsible state behavior in cyberspace, memories resurfaced of my dad and grandmother, both of whom never got to see, much less interact with, the Web.

5 important facts you need to know about the Texas-based ransomware attacks

 - 
Wednesday, August 21, 2019

Whomever is the culprit for all these ransomware attacks on local U.S. government entities sure is getting a ton of notoriety in the media. With 22 reported and known public-sector attacks so far this year, and none tracked by the federal government or FBI, according to CNN, I say, the more information available the better for those needing to protect themselves. 

The most recent ransomware attack happened in my home state of Texas against 22 small-town governments, and while our “Don’t mess with Texas” campaign is aimed at road-side litter, I think it’s appropriate that we take out the trash on cybercrime, too! Here’s 5 important facts you need to know about these attacks: 

Names of the attacked municipalities are undisclosed, except for two. The city of Borger, Texas, located a few miles north of Amarillo in the Texas Panhandle, issued a statement noting that as of Monday, August 19, 2019, birth and death certifications are offline, and the city is unable to take utility or other payments. The city reassured residents that no late fees would be assessed nor would any utilities be shut off.

Keene, Texas, located just outside Ft. Worth, Texas, was also affected in a similar fashion as Borger. They, too, are unable to process utility payments via credit card. Keene Mayor, Gary Heinrich, told NPR, that hackers breached the information technology software used by the city and managed by an outsourced company, which according to the Mayor also supports many of the other targeted municipalities. 

Heinrich also noted that the hackers demanded a collective ransom of $2.5 million but also said there’s no way his city will be coughing up the dough!
“Stupid people,” Heinrich told NPR, referring to the cyber attackers. “You know, just no sense in all this at all.” 

Attacks seem to be from one, single threat actor. This means only one cybercriminal or cyber-criminal group is responsible for the attacks. 

Attacks are coordinated. What’s so alarming about these attacks is that they simultaneously targeted approximately two dozen cities, dubbing it as a “digital assault.”

Attacks are mostly rural. Small-town governments usually don’t have the budget to staff in-house IT, instead using outsourced specialists. This could mean valuable time that should have been used to quickly assess each incident was spent bringing the outsourced specialists up to speed about the details of the attack before any response could begin. 

The overarching goal is response and recovery. The affected municipalities are assessing and responding and, as quickly as possible, moving into remediation and recovery to get back to operations as usual as soon as possible. 

 

How to assess your company’s cybersecurity risk

 - 
Wednesday, July 31, 2019

It finally happened. Temps reached into the 100s in Dallas as Cyber:Secured Forum helped some security professionals stay cool inside The Westin Dallas Park Central while learning actionable takeaways and best practices related to maintaining and improving cybersecurity of security systems and solutions. While I gather my thoughts to bring you a detailed rendition of the past two days, now would be a great time to do a cybersecurity risk assessment on your system. 

Here are my “4 Preliminaries” (4Ps) to help you get started on your assessment:

  1. Perspective. Make a list of all information stored on your computer, online, in different apps and in the cloud, for example, work documents, apps, music, passwords, pictures, videos of your family, banking and credit card credentials, etc. Physically seeing how much precious data you have should be a wakeup call to protect it against cyber threats and attacks.
  2. Passwords. Make a list of all online accounts and their login credentials. 
  3. Peruse. Look through the list and carefully think about the value of each type of stored data. If it would be detrimental if anyone gained access or a particular piece or data or online account was lost, deleted or leaked online, put a star by it or highlight it. 
  4. Posture. Take a position of defense against cyberattacks, cybercriminals and cyberthreats. To start, make sure all the passwords on your list are strong to prevent access to your data. Each account needs a DIFFERENT, robust password consisting of at least 12 or more of the following: upper- and lower-case letters, and numbers and symbols in various combinations and locations within the password. 

Once you’ve completed the 4Ps, google the phrase “cybersecurity risk assessment checklist.” This tool is available for free from different organizations and businesses. Choose the checklist that resonates most closely with your business, or take bits and pieces of a variety of checklists to create a custom list. Then, using the information you’ve already gathered from the 4Ps, get started answering the questions. You’ll be well on your way to learning exactly where your company is postured for cybersecurity as well as areas that need improvement. 

 

New tech holds the key to stopping cybercrime, study finds

 - 
Tuesday, February 12, 2019

You don’t have to look too hard to find a sobering example of cybercrime, as it's as pervasive as ever these days, even on the national level with recent reports that cyber criminals have access to critical infrastructure such as our national power grids and gas lines. The good news, though, is technology may be our best weapon against these invisible criminals.

In fact, the use of big data and blockchain technologies are key to fighting cybercrime, according to a new study from Frost & Sullivan that looks at how effective machine learning is in aiding early detection of cyber anomalies, and how good blockchain is at creating a trustworthy network between endpoints.

Frost and Sullivan noted that the rise of the Internet of Things has opened up numerous points of vulnerabilities, compelling cybersecurity companies, especially startups, to develop innovative solutions to protect enterprises from emerging threats. As cybercrime becomes more sophisticated and even a method of warfare, the research firm found, technologies such as machine learning, big data, and blockchain will become prominent.

"Deploying Big Data solutions is essential for companies to expand the scope of cybersecurity solutions beyond detection and mitigation of threats,” Hiten Shah, research analyst, TechVision, said in the announcement of the findings. "This technology can proactively predict breaches before they happen, as well as uncover patterns from past incidents to support policy decisions."

The study, Envisioning the Next-Generation Cybersecurity Practices, presents an overview of cybersecurity in enterprises and analyzes the drivers and challenges to the adoption of best practices in cybersecurity. It also covers the technologies impacting the future of cybersecurity and the main purchase factors.

"Startups need to make their products integrable with existing products and solutions as well as bundle their solutions with market-leading solutions from well-established companies," noted Shah. "Such collaborations will lead to mergers and acquisitions, ultimately enabling companies to provide more advanced solutions."

Technologies that are likely to find the most application opportunities include:

•    Big Data: It enables automated risk management and predictive analytics. Its  adoption will be mostly driven by the need to identify usage and behavioral patterns to help security operations spot anomalies.
•    Machine Learning: It allows security teams to prioritize corrective actions and automate real-time analysis of multiple variables. Using the vast pools of data collected by companies, machine-learning algorithms can zero in on the root cause of the attack and fix detected anomalies in the network.
•    Blockchain: The data stored on blockchain cannot be manipulated or erased by design. The tractability of activities performed on blockchain is integral to establishing a trustworthy network between endpoints. Furthermore, the decentralized nature of blockchain greatly increases the cost of breaching blockchain-based networks, which discourages hackers.

Envisioning the Next-Generation Cybersecurity Practices is part of Frost & Sullivan’s global Information & Communication Growth Partnership Service program.