cybersecurity

now browsing by tag

 
 

#cybersecurity | #hackerspace | Accelerator Program for Early-Stage Innovations in Water: An Akamai India CSR Flagship Initiative

Source: National Cyber Security – Produced By Gregory Evans

Written by Neha Jain, Co-Chair of India’s CSR Board

Continuing in our commitment to sustainability, Akamai is excited to announce the launch of our accelerator program supporting innovators and building solutions to address India’s water challenges. A concerted effort by the Akamai India leadership team, the accelerator program is being launched at a time when we are witnessing a rising demand for water globally, caused by exponential population growth coupled with a changing climate that is making rainfall less predictable. Closer to home, here in Bangalore, India, we are witnessing the impact of rapid urbanization on our water resources like never before.

From our past experience with Corporate Social Responsibility (CSR) initiatives and supporting social purpose organizations in India, our India leadership team was eager to build a program that has a strong focus on impact and also reflects Akamai’s core values of innovation, technology, and sustainability. After exploring various thematic areas, we selected water — spanning water conservation, groundwater recharge, water quality, efficient use of water resources, and water governance — all calling for the sustainable management and use of India’s scarce water resources.

After analyzing the available solutions and gaps, we realized that a critical area of need is for solutions that require support with refinement of their products, and ideas allowing for higher market-readiness and scale. We are excited to be a catalyst in this ecosystem and join forces with the Indian Institute of Technology Madras (IIT Madras) — one of India’s premier academic institutions — in this endeavor. IIT Madras has supported over 200 startups through its incubation programs and also houses the International Centre for Clean Water (ICCW), a first of its kind, in-house centre in India, exclusively set up to focus on supporting water innovations.

Together with our accelerator partner, we are excited to embark on this journey, and you will hear more from us and our grantees soon! 

Stay tuned for more updates.

*** This is a Security Bloggers Network syndicated blog from The Akamai Blog authored by Courtney Hadden. Read the original post at: http://feedproxy.google.com/~r/TheAkamaiBlog/~3/1RQSs56DbK8/accelerator-program-for-early-stage-innovations-in-water-an-akamai-india-csr-flagship-initiative.html

Source link

The post #cybersecurity | #hackerspace |<p> Accelerator Program for Early-Stage Innovations in Water: An Akamai India CSR Flagship Initiative <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | DEF CON 27 Monero Village – Francisco Cabanas’ ‘Critical Role Of Min Block Reward Trail Emission’

Source: National Cyber Security – Produced By Gregory Evans

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via the DEF CON Conference YouTube Channel for all to see, enjoy and learn.

Permalink

The post DEF CON 27 Monero Village – Francisco Cabanas’ ‘Critical Role Of Min Block Reward Trail Emission’ appeared first on Security Boulevard.

Source link

The post #cybersecurity | #hackerspace |<p> DEF CON 27 Monero Village – Francisco Cabanas’ ‘Critical Role Of Min Block Reward Trail Emission’ <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | DEF CON 27 Monero Village – Jeremy Gillula PhD: ‘Encrypting The Web Isn’t Enough’

Source: National Cyber Security – Produced By Gregory Evans

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via the DEF CON Conference YouTube Channel for all to see, enjoy and learn.

Permalink

The post DEF CON 27 Monero Village – Jeremy Gillula PhD: ‘Encrypting The Web Isn’t Enough’ appeared first on Security Boulevard.

Source link

The post #cybersecurity | #hackerspace |<p> DEF CON 27 Monero Village – Jeremy Gillula PhD: ‘Encrypting The Web Isn’t Enough’ <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Signal Sciences Introduces Advanced Rate Limiting for Fast, Easy Protection Against Advanced Web Attacks

Source: National Cyber Security – Produced By Gregory Evans

Signal Sciences is excited to announce the availability of new advanced rate limiting features that extend our customers’ ability to detect and stop abusive behavior at the application and API layer.

Over the past several weeks as part of our early access program, we piloted advanced rate limiting in real-world production environments and stopped major attacks for customers from major retailers with large-scale e-commerce operations, financial services firms with mission-critical applications to major online media companies that stream video content to hundreds of millions of users monthly.

The Value of Intelligent Rate Limiting to Protect Applications

The primary objective of rate limiting is to prevent apps, APIs and infrastructure from being exploited by abusive request traffic, much of it originating from automated bot operators. Stopping this traffic from reaching your app and API endpoints means availability, reliability and a satisfying customer experience.

Up to this point, customers have used the Advanced Rules capability of our next-gen WAF to monitor and block web request traffic that attempts to carry out application denial-of-service attacks, brute-force credential stuffing, content scraping or API misuse.

Advanced rate limiting from Signal Sciences stops abusive malicious and anomalous high volume web and API requests and reduces web server and API utilization while allowing legitimate traffic through to your applications and APIs.

With our new advanced rate limiting capability, Signal Sciences customers can leverage the ease of use, effective defense and precise blocking they’ve come to expect from our next-gen WAF and RASP solution. In addition to out-of-the-box protection, they also gain immediate insight and understanding of the traffic origins and can take granular custom actions by:

  • Creating application-specific rules to prevent app and API abuse
  • Defining custom conditions to block abusive requests
  • Identifying and responding to a real-time list of IPs that have been rate limited
  • Taking action on the identified source IP addresses with one click

How Signal Sciences Advanced Rate Limiting Works

Leveraging our award-winning app and API web protection technology, advanced rate limiting provides intelligent controls to reduce the number of requests directed at key web application functions such as credit card validation forms, forgot password fields, email subscription sign-ups, gift card balance checkers and more.

Signal Sciences makes it easy to create application-specific rate limiting rules. One-click actions enable further control over automated volumetric web requests.

Our technical approach for this new capability was informed by the expertise our company has gained from protecting over a trillion web requests monthly. This experience shows us that web requests that result in application abuse can blend in with legitimate traffic. Signal Sciences advanced rate limiting is designed to identify such traffic and prevent individual IPs from causing app abuse.

Take the next step and effectively stop and manage abusive traffic

We invite you to learn about other common attack scenarios that customers use advanced rate limiting to thwart and how easy it makes stopping and managing the attack origin traffic: download the rate limiting data sheet or request a demo today.

The post Signal Sciences Introduces Advanced Rate Limiting for Fast, Easy Protection Against Advanced Web Attacks appeared first on Signal Sciences.

*** This is a Security Bloggers Network syndicated blog from Signal Sciences authored by Brendon Macaraeg. Read the original post at: https://www.signalsciences.com/blog/signal-sciences-introduces-advanced-rate-limiting-protection-against-advanced-web-attacks/

Source link

The post #cybersecurity | #hackerspace |<p> Signal Sciences Introduces Advanced Rate Limiting for Fast, Easy Protection Against Advanced Web Attacks <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | hacker | Rogers’ vendor leaves database open

Source: National Cyber Security – Produced By Gregory Evans

A third-party service provider to Rogers Communications left open a database used for marketing purposes, exposing customer PII.

The Canadian telecom provider did not name the firm involved, nor the number of people affected, but reported that the incident was uncovered on Feb. 26, 2020 and involved the service provider leaving a database open to the public for an unspecified amount of time.

The third-party vendor, which handles promotional offer fulfillment for Rogers, exposed customer names, addresses, account numbers, email addresses and telephone numbers. No payment card information nor login credentials were involved.

The data that was exposed can cause a great deal of harm to its owners as cybercriminals can use it to create well-crafted phishing emails from which they may be able to extract even more valuable personal data.

Original Source link

The post #cybersecurity | hacker | Rogers’ vendor leaves database open appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | DEF CON 27 Monero Village – Daniel Kim’s ‘Keynote Speech: Monero Introduction And Investor Perspective’

Source: National Cyber Security – Produced By Gregory Evans

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via the DEF CON Conference YouTube Channel for all to see, enjoy and learn.

Permalink

The post DEF CON 27 Monero Village – Daniel Kim’s ‘Keynote Speech: Monero Introduction And Investor Perspective’ appeared first on Security Boulevard.

Source link

The post #cybersecurity | #hackerspace |<p> DEF CON 27 Monero Village – Daniel Kim’s ‘Keynote Speech: Monero Introduction And Investor Perspective’ <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | hacker | VPNs: Not a cybersecurity slam dunk for telecommuters in the age of COVID-19

Source: National Cyber Security – Produced By Gregory Evans

CISOs and cybersecurity teams around the world are watching their threat surface multiply as millions of staffers find themselves working from home for the first time in order to help constrain the spread of Coronavirus.

The removal of these people from the safe and controlled working environment found in their offices and tossing them into the wild, so to speak, means a greater dependence on VPNs, which may prove problematical as most large enterprises are not prepared to host the majority of their workforce online, and smaller companies may not be set up at all for this type of access.

Then there is the additional threat posed by workers operating outside the direct oversight of IT and security teams possibly making catastrophic decisions that could endanger the entire organization.

Stan Lowe, global CISO for Zscaler, noted that most businesses have enough VPN hardware to generally handle between 20 percent and 30 percent of their workforce working remotely. However, now that entire corporations have been forced to send their employees home with their laptops this is proving not to be anywhere near enough.

It is also no simple nor inexpensive matter to go out and purchase additional equipment, at least the type needed by larger firms that require a high degree of security, Lowe said. Zscaler is a provider of a cloud-based, remote access software.

“If you need more equipment, it takes time—you have to buy it, wait for it to ship and arrive then deploy it, update the hardware and keep it updated. And that’s just the VPN stack. Trying to scale VPNs and other legacy remote access technology, adding tens of thousands of users, can take months and break a corporate network,” he said, adding three to five months is a good guesstimate for such an upgrade.

For those companies that cannot increase their VPN capacity it might become necessary to put their workers onto shifts so the VPN capability that is on hand is spread out, Lowe said.

Even companies well-equipped to handle an influx in VPN usage face the daunting task of bringing those who normally occupy office space up to speed on how to use their VPN and make sure their home network can handle the added bandwidth.

“IT must be sure to educate their users, so they are aware of the impact on everyone and to limit their bandwidth-heavy activity, like Netflix streaming, to outside of office hours. This will ensure that productivity doesn’t drop and that users don’t try to forgo the VPN altogether, which could have dire consequences for the security of the business,” said Justin Jett, director of audit and compliance for Plixer.

Another unique situation that needs to be addressed, Jett said, is that not only are employees at home, but so is the rest of their family. A person attempting to do work at the kitchen table is competing with their spouse who is working from the den and their kids who may be gaming or streaming video in another room. All of these demands need to be balanced so work can get done, perhaps requiring the kiddies to limit themselves to board games during the day and steaming when office hours are over.

Then there is the cybersecurity aspect of this new reality. Using a VPN does not by itself make working from home more secure. Lowe pointed out that with people linking in from all over the world, possibly through an insecure router, a company’s attack surface is vastly increased. Even those with a safe connection can cause problems as cybercriminals are working overtime right now to come up with new phishing lures designed to grab login credentials from all the individuals who are now telecommuting full time.

“A VPN only secures the communication channel between the employee’s workstation and the corporate network. However, as a massive amount of home workers now start to use their personal workstations to access corporate assets, it’s only a matter of time until we see a soaring number of cyberattacks that originate from these personal devices that can be easily breached,” said Tal Zamir, co-founder and CTO of Hysolate.

If just one person makes a mistake a malicious actor could gain the information needed to access a corporate network. Placing even more pressure on the individual is the fact that there is nobody from the company’s IT department or security team within earshot to ask if an email is malicious or legit.

“If devices are infected with malware, even workers who use a VPN client cannot evade attackers who can ride their VPN connection to raise havoc in enterprise networks. The more users are working from home, the greater the risk. Organizations should instruct employees to use trusted dedicated workstations to access sensitive corporate assets and avoid using their multi-purpose personal devices,” Tamir said.

A VPN breach is about as bad as you can get, the ability for someone to travel internally from VPN infrastructure into sensitive data is extremely easy, said Aaron Zander, Head of IT at HackerOne.

Companies able to add VPN capacity are not safe but must takes several extra measures to ensure errors are not made in their haste to deploy the new hardware.

“Triple check all of your network configurations, ACL’s, firewall rules, etc. Without a doubt in 9 months from now, we’ll be looking at news stories about two impacts resulting from COVID-19 — all the babies being born, and all the breaches that have happened because of negligent infrastructure,” Zader said.

Original Source link

The post #cybersecurity | hacker | VPNs: Not a cybersecurity slam dunk for telecommuters in the age of COVID-19 appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | K-12 Remote Learning Checklist: Securing Data in a Remote Learning Environment

Source: National Cyber Security – Produced By Gregory Evans

12-Step Remote Learning Checklist to Help District IT Protect Student and Staff Data

K-12 school districts across the country are shutting down to increase “social distancing” and help slow down the outbreak of COVID-19—the disease caused by exposure to the new coronavirus. Many are either considering or preparing for a shift to remote learning for the remainder of the year.

Technologies focused on learning management, online teaching, collaboration, and video conferencing will help districts provide students and staff with the tools needed to move forward with remote learning. This shift requires a lot of time and effort for district IT teams to vet, implement, and support in the coming weeks.

But K-12 IT teams must also plan for the adjustments in cyber safety and security this shift will require.

Students and staff will be accessing their Google and/or Microsoft accounts from locations outside of the school’s networks. They will also be using new, often OAuth-enabled, EdTech SaaS for a variety of learning and student management purposes. Both of these trends expose district information systems to data security and student data privacy risks.

G Suite & Office 365 Data Security & Student Safety Remote Learning Checklist

What is G Suite and Office 365 security and student safety? It is the district’s ability to have visibility and control into the activity taking place in collaborative cloud software as a service (SaaS) applications—such as Google G Suite and Microsoft Office 365—commonly used by districts today.

If or when your district moves to remote learning, traditional perimeter security safeguards, such as firewalls and content filters, become less effective. This is especially true if your district doesn’t have 1:1 device capabilities. Students will be accessing their school account from an unmanaged device without all the security measures a district device would have.

[FREE] K-12 REMOTE LEARNING SECURITY CHECKLIST: DOWNLOAD & SECURE DISTRICT DATA FROM CYBER ATTACKS >>

 

To help K-12 IT teams securely transition to remote learning and working, we’ve developed this 12-step remote learning checklist focused specifically on cybersecurity and safety protections.

1. Document remote work security policies

Your district’s staff and students are likely not used to working in a remote environment, and may not realize that security tools like firewalls and web content filters are less effective outside your district’s network. If your district hasn’t done so already, now is the time to create and document remote work security policies.

Start by developing a document outlining a list of approved cloud applications to be used for remote learning purposes. If your district doesn’t have a learning management system (LMS) or other remote learning tools already available, consider looking into tools such as BrainPop, Discovery Education, Agilix, Edmentum, and more. Other cloud applications your district’s IT team may want include Zoom, Google Hangouts, Cisco’s Webex, or another popular video conferencing tool that your district is comfortable with using.

Once your team has decided which cloud apps are approved, make sure to include the list in your district’s remote work security policy document. You may also consider including a list of apps that shouldn’t be downloaded and installed.

If your district isn’t 1:1, this will be tougher to enforce due to the fact that students will be accessing their school accounts from an unmanaged device. However, having a guide in place will prove useful in helping students and staff protect their devices, and sensitive data, when logging in to use these apps from home.

2. Create employee cybersecurity training & testing

Simple human error is the number one reason cybersecurity incidents happen in any organization. Educate your district’s staff, students, and parents on common cybersecurity best practices and what to look for in terms of possible red flags.

Create guidelines that encourage students, staff, and parents to look at who emails are coming from. Does the email domain match your district? If there are any links within an email, does the redirect URL match the destination the email claims?

Same goes for file attachments. Are they coming from a trusted source and do the documents pertain to any lessons or assignments students and staff are working with?

You may also want to consider testing your users’ ability to recognize a suspicious email.

One common tool to send out phishing email tests to see how prepared and educated your district stakeholders are regarding cybersecurity is KnowBe4. With this tool, your IT team can conduct phishing tests, password strength tests, email exposure and domain tests, and more. This way, your team has a better picture of where your weaknesses lie and what you need to educate further on during this hectic time.

3. Monitor student and staff account logins

Students and staff will be logging into their school accounts from outside of your district’s security perimeter—and from an unmanaged device if your district isn’t 1:1.

Your IT team must monitor account logins and look for anomalous behavior that may indicate an account takeover attack. Anomalous behavior might include multiple unsuccessful logins, failed multi-factor authentication checks, and successful logins from an unapproved location such as another country.

 

[FREE] K-12 REMOTE LEARNING SECURITY CHECKLIST: DOWNLOAD & SECURE DISTRICT DATA FROM CYBER ATTACKS >>

 

4. Check for unsanctioned 3rd party SaaS apps

Now that students will be using their school device—or a personal device—outside of school, monitoring for risky 3rd party apps is especially important. This is because malicious apps and apps with insufficient infrastructure security pose far-reaching risks to your district’s information systems.

Additionally, the flood of “free” teaching and learning apps on the market creates openings for serious OAuth security risks. Teachers and students alike may take advantage of these tools with the best intentions, but EdTech that hasn’t been properly vetted can lead to a variety of cybersecurity risks.

Your IT team should monitor which apps are granted OAuth access to district Google and/or Microsoft accounts, check what permissions are granted, and be able to remove the apps that don’t meet your infrastructure security, data security, and/or student data privacy policies.

5. Monitor for improper file sharing and access

Student data privacy laws still apply when your district transitions to remote learning, and keeping track of data becomes more difficult when students and staff access everything remotely.

To help prevent any financial, staff, and/or student data from leaving your district’s G Suite or Office 365 environment, look for drives, folders and files that have given external accounts access to view and/or edit. If any external shares are found, make sure to break them and set up policies to automatically remediate when a future external share is granted.

6. Secure personally identifiable information (PII) and create data loss prevention policies

Data loss prevention is a strategy to ensure the sensitive information of students and staff are protected and don’t inadvertently leave the network. Have your IT team start by checking email and files for PII, such as social security numbers, W2s, and bank account information. Then, delete, quarantine, or revoke access to any information that is being improperly shared.

Once complete, set up automatic policies to remediate all PII that leaves your district’s network to ensure FERPA requirements are met.

7. Create student safety monitoring & policies

Just because your district’s students are distanced from one another as a result of school closures and self-isolation, doesn’t mean that they aren’t communicating via their school Google or Microsoft accounts.

Students may be using their school accounts to send emails or use Google Docs as a chat board. It’s important for your IT team to continue monitoring for signals of cyberbullying, self-harm, inappropriate content, abuse, and other forms of student safety threats. Unfortunately, it may be easier for these issues to go undetected during this time.

8. Enable anti-phishing and anti-malware protection

With dispersed students and staff, cybersecurity risks in your district are going to increase. Your IT team will need to ensure they have anti-phishing and anti-malware protection enabled.

Students and staff will be logging in from their home networks and maybe from a personal device, which means school firewalls, web content filters and endpoint security may not be effective for the time being.

The best option for your team at the moment is to start with configuring your district’s G Suite and Office 365 anti-phishing and anti-malware capabilities, and layer additional safeguards to ensure district cloud applications are protected—regardless of the device or the location.

9. Monitor for lateral phishing activity

In the event a student or staff member at your district does fall victim to a phishing scheme, it’s important for your IT team to be monitoring the activity that is taking place within district cloud apps.

This means not only monitoring the email traffic coming from external sources, but also monitoring and analyzing emails sent from internal accounts to others. Doing so is critical to reveal signs of an account takeover and lateral phishing attack.

[FREE] K-12 REMOTE LEARNING SECURITY CHECKLIST: DOWNLOAD & SECURE DISTRICT DATA FROM CYBER ATTACKS >>

 

Are you getting phishing email alerts from an internal email address? Is a student or staff member sending an unusual number of emails to other school accounts that they don’t usually interact with? Is an account suddenly sharing and/or downloading more files than usual? These are a couple of examples of trends your team will need to look for more often in a remote learning environment.

10. Make multi-factor authentication mandatory

Multi-factor authentication requires your district’s students and staff to take a second step, after entering the correct password, to prove they have authorized access. Students and staff will be logging in from unrecognized devices, which makes this security tool a critical one for your district to have enabled during this time.

It’s also incredibly quick and easy to set up through your Google and/or Microsoft admin portal.

Multi-factor authentication typically includes entering a code that is sent to their phone via SMS. It can also include phone calls, answering security questions, mobile app prompts, and more.

11. Reset passwords across all accounts and set a password strength policy

Set policies and standards for your district’s cloud app passwords now that students and staff are accessing remotely.

At a minimum, enable your system’s “require a strong password” feature. You can also set minimum and maximum password lengths, password expiration, and more.

If your district already has policies in place, now is a good time to check current passwords to see if there are any passwords that are out of compliance and force password changes through your admin console.

12. Run a G Suite & Office 365 data security & student safety audit

With this checklist, now is an opportune time to run a cloud security audit of your district’s G Suite and/or Office 365 environment. An audit will check for any configuration errors, sharing risks, files containing sensitive information, risky 3rd party SaaS apps, and more.

It’s also important to run an audit on a periodic basis more frequently now that districts are closing or moving to remote learning. Weekly reports can be automated and provide you with detailed information into the security health of your cloud applications, and the activity taking place between students, staff, and external environments.

If your district uses SaaS applications such as G Suite and Office 365, protecting the data and accounts in these apps is a critical layer in your cybersecurity infrastructure.

Without it, monitoring and controlling behavior happening on the inside is impossible. This blind spot creates critical vulnerabilities in your district stakeholders’ sensitive information and is now a much bigger blind spot given the current circumstances.

The post K-12 Remote Learning Checklist: Securing Data in a Remote Learning Environment appeared first on ManagedMethods.

*** This is a Security Bloggers Network syndicated blog from ManagedMethods authored by Jake Kasowski. Read the original post at: https://managedmethods.com/blog/k-12-remote-learning-checklist/

Source link

The post #cybersecurity | #hackerspace |<p> K-12 Remote Learning Checklist: Securing Data in a Remote Learning Environment <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | Could fighting coronavirus compromise cybersecurity?

Source: National Cyber Security – Produced By Gregory Evans

The COVID-19 pandemic has become a sobering experience in many ways. We are witnessing firsthand the negative impact that a fragmented national public health system has on our safety, health and economy. 

Social isolation has become a stark reality and necessity for people around the globe, including here in the United States. While social distancing has become the operational approach to slow down the spread of the COVID-19 virus (or at least flatten the infection curve), this isolation has ripple effects across other components of our lives. A vast number of people will telecommute and work from home. Schools at the K-12 and university levels are instructing students to stay away from campus and suspending face-to-face teaching. Faculty are moving all classes online. The entertainment and sports industries are canceling events and premiers, and restaurants and bars are closing. Major studios are rushing to push content to streaming services; the list will continue. 

While these responses are prudent, the result is that more of our daily routines are dependent on the internet, internet technologies and telecommunications. This strategy to move to the online cyber and virtual realm, at least in the interim, is happening with no real thought about the cybersecurity implications.

Historically, cybercriminals have used crises to increase criminal activity and scams related to stealing personally identifiable information, as well as financial and personal health Information to defraud victims. Foreign actors have spread disinformation and attempted to disrupt recovery operations as a means of causing more chaos. The same thing is happening and will continue to happen with the COVID-19 crisis. 

We already see cyberattacks against the U.S. Health and Human Services Department, and similar attacks in Europe. Scammers are sending fake emails and setting up fake COVID-19 health information websites, trying to phish user IDs and passwords. Other scammers are pretending to raise money to assist with replacement lunch programs for students or the isolated elderly. No one should be surprised to see a jump in cyber-criminal activity, as these people are opportunistic. We find ourselves in the perfect storm for cyberattacks.

Increased cyberattacks are not the only ripple effect we could see. The telecommunications and mobile network operators’ critical infrastructure must absorb an exponential increase in demand, with little or no ramp-up time. Similar to the public health system, these industries are fragmented and equally unprepared or capable across companies and regions. Internet and mobile network operators will find their resources pushed to the maximum. 

We need only to look at recent natural disasters such as floods and tornadoes to see how fragile this infrastructure is. The ability to communicate either via email or mobile phone with emergency services, loved ones or the media to get information disseminated is essential during a crisis and the ensuing recovery period. 

Social isolation will put a significant burden on the telecommunications and mobile network infrastructure. We will now have millions of people working from home using local or regional providers to connect to company networks. K-12 and university students are trying to resume their studies online using e-learning, placing more burden on networks and the infrastructure. People will increase their use of streaming media for news and entertainment purposes, including on their mobile devices. 

This increased demand will also not follow the regular demand cycles, at least in the foreseeable future — school time, the typical workday and leisure activities no longer have rigid schedules; they will be somewhat blended together. This lack of regular routines could potentially magnify the demand and further negatively impact bandwidth and availability.

We must understand that with our increased dependence on technology and cyber, there are increased risks that we need to be aware of and plan for. Governments, businesses and schools need to provide some direction and advice to the general public on how to follow not only appropriate “anti-COVID-19 hygiene” but also “cybersecurity hygiene.” 

Since networks will now be extended to homes during this time, similar cybersecurity policies, practices and standards that someone would adhere to if they were physically sitting at work or school need to apply.

We may also need to consider metering our online behavior to essential activities such as those related to our work, education or critical communications, or at the very least following the more regular rhythm of the day — routine work or school hours.

We will learn many lessons from the COVID-19 pandemic, and the cost will be high in terms of lives and the economy. Hopefully, when we come out on the other side of this crisis, we will also have a better understanding of how to protect our critical infrastructures and the real risks of living even deeper in cyberspace.

Dr. Marcus Rogers is a professor and executive director of cybersecurity programs at Purdue University; he has over 25 years of experience in public- and private-sector consulting in the area of information technology security, and has consulted for the military, law enforcement and for some of the largest financial and health care providers in the world.

Source link

The post #cyberfraud | #cybercriminals | Could fighting coronavirus compromise cybersecurity? appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Coronavirus and cybersecurity crime – Security Boulevard

Source: National Cyber Security – Produced By Gregory Evans

Consumers and businesses alike have been scrambling to take steps to protect themselves from the coronavirus, from flocking to stores to buy out supplies of hand sanitizer, to encouraging workers to avoid large gatherings and work remotely. While we hope our customers are taking the necessary steps to stay healthy (check out best practices from the World Health Organisation here), in addition to health risks, there are increased cybersecurity risks, too. The European Central Bank recently issued a warning to banks about the heightened potential for cybercrime and fraud, as many users are opting to stay at home and use remote banking services during the coronavirus outbreak. At a time of uncertainty and vulnerability for many, hackers and fraudsters are taking advantage of fear surrounding the virus as it continues to spread across the globe. We pulled together the following tips to help you improve your cybersecurity hygiene during this time:

1) According to recent PCI Pal research, almost half (47%) of Americans use the same password across multiple sites and apps. We all know this is a big cybersecurity no-no, but it’s especially important during times of heightened risk that we ensure our passwords are unique and secure. Consider updating your passwords and using a password manager tool to improve account security.
2) In addition to varying passwords, consider adopting two-factor authentication for accounts – most services offer some sort of two-factor authentication, yet 23% of Americans report they have never used these tools to protect passwords or payments! Take advantage of these tools – especially if you’re going to be engaging with more digital services while you stay home to wait out coronavirus.
3) In addition to online fraud, there’s also an increased risk for phone fraud – whether you’re engaging with a customer service agent from your bank over the phone or simply ordering takeout. When speaking with a customer service representative, make sure you double check their credentials and only use the phone number provided by the company’s website.
4) For businesses looking to protect customer data during this time, consider PCI compliance, the strongest standard for payment security. PCI compliance standards can help protect your customers from data breaches and hacks – even when they ignore the above steps to protect themselves!
5) Phishing scams relating to Coronavirus will be prevalent, including emails pretending to offer advice from governments and the World Health Organisation. Scammers will use such techniques to infect your laptop/PC and gain access into your systems. Every care should be taken before opening such communications.

Contact us today to learn how PCI Pal’s solutions can help ensure your customers’ sensitive payment information is safe from opportunistic fraudsters.

The post Coronavirus and cybersecurity crime appeared first on PCI Pal.

*** This is a Security Bloggers Network syndicated blog from Knowledge Centre – PCI Pal authored by Stacey Richards. Read the original post at: https://www.pcipal.com/en/knowledge-centre/news/coronavirus-and-cybersecurity-crime/

Source link

The post #cybersecurity | #hackerspace |<p> Coronavirus and cybersecurity crime – Security Boulevard <p> appeared first on National Cyber Security.

View full post on National Cyber Security