now browsing by tag


#cybersecurity | #hackerspace | First Amendment Fight: Twitter Threat Ends in Conviction

Source: National Cyber Security – Produced By Gregory Evans First amendment rights in the United States only go so far. Shout “fire” in a crowded room for thrills or threaten to kill someone and you will find yourself on the wrong side of the First Amendment interpretation of what constitutes free speech. Joseph Cecil Vandevere […] View full post on

#nationalcybersecuritymonth | What’s been done to fight cybercrime in East Africa

Source: National Cyber Security – Produced By Gregory Evans

East Africa attracts millions of tourists every year. Over the past 10 years, its earnings from tourism have doubled. Compared to the rest of Africa, the region is experiencing healthy economic growth. This makes it a promising investment destination.

Factors like regional tourism, movement of workers and technology development have catalysed East African integration and cross-border banking.

Many cross-border banks originate from Kenya with branches across the region. One example is Kenya’s Equity Bank, which relies heavily on digital technology. The digital space has many positive attributes but the threat of cybercrime and insecurity is prevalent.

Uganda lost 42 million shillings to cybercrime in 2017. In 2018, Rwanda lost 6 billion francs. In Kenya, between April and June 2019 alone, the country experienced 26.6 million cyber threats.

Across the region, with the increase of digital banking, financial institutions have become targets. These institutions are attractive to cyber criminals because they hold the biggest cash reserves. Africa’s digital infrastructure is ill-equipped to manage the continent’s growing cyber-security risk.

Equity is a pioneer in online and mobile banking with technology that merges banking and telephony. However, it recently suffered a cyber-attack. Last month, Rwandan authorities arrested a cybercrime syndicate comprising eight Kenyans, three Rwandans and a Ugandan. The syndicate had attempted to hack into the Equity Bank system. The group has been involved in similar attacks in Kenya and Uganda.

Early in the year, Kenya’s director of criminal investigation issued warrants of arrest against 130 suspected hackers and fraudsters for alleged banking fraud.

These incidents show that financial losses to cyber insecurity are a growing threat to East Africa’s economy.

Cybercrime occurs through the use of computers, computer technology or the internet. It often results in identity theft, theft of money, sale of contraband, cyber stalking or disruption of operations.

Within East Africa, Kenya, Rwanda and Uganda are taking steps to manage the huge cybercrime risk. But the cyber attack on Equity Bank is proof that these countries need to do more to protect their financial institutions from massive losses going forward.

Regional instruments

The African Union’s Convention on Cyber Security and Personal Data Protection is East Africa’s overarching policy guideline on cybercrime. It was adopted by member states in 2014. The Convention is similar to the Council of Europe’s Cyber Crime Convention which established a cyber security on the European continent.

Rwanda signed the Convention earlier this year, but it’s the only East African country to have done so.

The Convention requires member states to share responsibility by instituting cyber security measures that consider the correlation between data protection and cybercrime. These measures will keep data safe from cyber criminals and preempt its misuse by third parties. It also encourages the establishment of national computer emergency response teams.

The Convention advocates closer cooperation between government and business.

The Convention also creates a provision for dual criminality. This means that cybercrime suspects can be tried either in the country where the crime was committed or in their home country. This provision is meant to ensure smooth cooperation and sidestep any conflict of laws.

There is also a provision on mutual legal assistance. This allows for member states to share intelligence and collaborate on investigations.

Even though Uganda and Kenya aren’t yet signatories, they have nevertheless been establishing legal and policy frameworks provided for under the convention. Rwanda is doing so too, and as a signatory is one step ahead.

Rwandan approach

In 2015, Rwanda came up with a national cyber security policy that established a National Computer Security and Response Centre. The centre detects, prevents and responds to cyber security threats. And in 2016, the Regulatory Board of Rwanda Utilities rolled out network security regulations to protect the privacy of subscribers. They also empower the government to regulate and monitor internet operators and service providers.

The country also has a National Cyber Contingency Plan to handle cyber crises.

Further, Rwanda’s telecom network security regulations require service providers to secure their services by protecting their infrastructure. Every service provider must be licensed and must guarantee the confidentiality and integrity of their services. They must also set up incident management teams. These teams work with the government to manage cyber security threats effectively.

Additionally, Rwanda passed an information and communication technology law in 2016. This contains provisions on computer misuse and cybercrime which criminalise unauthorised access to data.

The country has managed to build the foundations of a strong regulatory framework. It has also taken measures to raise awareness around cyber security. In fact, in the attack on Equity Bank, the authorities acted on a tip from members of the public.

Kenyan measures

In 2014, Kenya launched its National Cyber Security Strategy to raise cyber security awareness and equip Kenya’s workforce to address cyber security needs.

In line with this strategy, Kenya amended its information and communications law to criminalise unauthorised access to computer data.

Kenya has also set up a national computer incident response coordination centre to consolidate key cyber infrastructure and create pathways for regional and international partnership.

Generally, Kenya has a robust cyber security policy which includes a legal and regulatory framework. The result has been that impending cyber attacks are discovered before massive damage is done and ongoing attacks are rapidly arrested.

Uganda’s security

Uganda has legislation to protect cyber security. This includes the Computer Misuse Act which ensures the safety and security of electronic transactions and information systems, and the Regulation of Interception of Communications Act to monitor suspicious communications. It also has a national computer emergency response team.

This regulatory framework is similar to those in Kenya and Rwanda. But in addition, Uganda has a National Information and Technology Authority that provides technical support and cyber security training. It also regulates standards and utilisation of information technology in both the public and private sectors. These measures have boosted the countries’ cyber security strategy.

While Uganda has these measures in place, Kenya and Rwanda are two of the top three cyber secure countries in Africa.

Moving ahead

Kenya, Uganda, and Rwanda have taken solid steps to harmonise cybersecurity processes, data protection, and collaborative prosecution and investigation measures.

They have criminalised cybercrime and established frameworks to manage cyber attacks. International cooperation within the region has also enhanced cyber security.

Source link

The post #nationalcybersecuritymonth | What’s been done to fight cybercrime in East Africa appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | IRS Publishes Guidance to Help Taxpayers Fight Identity Theft

Source: National Cyber Security – Produced By Gregory Evans

Security Summit partners including the Internal Revenue Service (IRS), the US tax industry, and several state tax agencies published security guidance and updated content to highlight identity theft precautions to be taken during the incoming holiday shopping season.

Individual and business taxpayers, as well as tax professionals, are advised to boost their security defenses against potential identity theft attempts that will soon surface during the holidays.

“While people are shopping online, identity thieves are trying to shoplift their sensitive information. As the holiday season and tax season approach, everyone should remember to take basic steps to protect themselves,” IRS Commissioner Chuck Rettig said. 

“The Security Summit has made progress in fighting back against tax-related identity theft, but we need people to watch out for common scams that can put their financial and tax data at risk.”

Identity theft safeguards and protection measures

The US tax collection agency provides businesses with an updated ‘Security Awareness For Taxpayers’ PDF document during this month’s National Tax Security Awareness Week, ready to share with employees, clients, and customers

The Security Summit members also recommend taking the following measures to protect personal and financial information online:

• Use security software for computers and mobile phones – and keep it updated.
• Protect personal information; don’t hand it out to just anyone.
• Use strong and unique passwords for all accounts.
• Use two-factor authentication whenever possible.
• Shop only secure websites; Look for the “https” in web addresses; avoid shopping on unsecured and public WiFi in places like shopping malls.
• Routinely back up files on computers and mobile phones.

As part of the Tax Security Awareness Week, the IRS will also provide basic steps for easily recognizing email and phone scams, detecting identity theft attempts, and creating strong passwords for online accounts.

Videos with Easy Steps to Protect Your Computer and Phone and on how to Avoid Phishing Emails are also provided by the IRS and its Summit partners with additional information for taxpayers on how to augment their security.

Security plans and malware warnings

In July, the IRS issued a joint news release with the Security Summit partners to remind professional tax preparers of their obligation to have a data security plan in place with appropriate safeguards to protect sensitive taxpayer information from data theft attacks.

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) also provides a Safeguarding Your Data Security Tip issued through the National Cyber Awareness System.

One month later, an IRS warning alerted taxpayers and tax professionals of an active IRS impersonation scam campaign that used spam emails to deliver malicious payloads.

The security guidance the IRS will share during the National Tax Security Awareness Week is designed to help both taxpayers and tax pros to defend against attacks such as those that are targeting the tax season with realistic phishing emails bundling malicious attachments.

Attackers are also known to use phone scams as observed in 2016 when they posed as IRS representants and asked their targets to extinguish outstanding debts of thousands of dollars via gift card payments.

Source link

The post #nationalcybersecuritymonth | IRS Publishes Guidance to Help Taxpayers Fight Identity Theft appeared first on National Cyber Security.

View full post on National Cyber Security

Girl #Scouts fight #cybercrime with new #cybersecurity #badge

Source: National Cyber Security News

For the first time, millions of Girl Scouts nationwide are taking on hacking and cybercrime as they work towards earning newly introduced cybersecurity badges.

If you think being a Girl Scout is all camping, crafting, and cooking, think again.

For the first time, millions of Girl Scouts nationwide are taking on hacking and cybercrime as they work towards earning newly introduced cybersecurity badges. Girl Scouts of the USA teamed up with security company Palo Alto Networks to devise a curriculum that educates young girls about the basics of computer networks, cyber attacks, and online safety.

Sylvia Acevedo, CEO of GSUSA, said they created the program based on demand from the girls themselves.

“Protecting their identity online, how to protect themselves when they’re browsing, how to protect their computers, their family networks from being hacked, those are things that are of real interest to girls,” Acevedo said in an interview with NBC News.

In Alameda, California, Girl Scouts of Troop 32749 are already hard at work learning about the basics of coding and computer networks.

“Evelyn, you’re going to be my message sender,” said troop leader Danielle Zorn, holding an unruly ball of green yarn.

Read More….


View full post on National Cyber Security Ventures

‘The #weakest part of #security is us’ – #Ethical hacker on the #fight against #cyber attacks

Source: National Cyber Security – Produced By Gregory Evans

‘The #weakest part of #security is us’ – #Ethical hacker on the #fight against #cyber attacks

‘The weakest part of security is us’

This was the message from ethical hacker Mike G.

Speaking at the Irish Independent annual Dublin Information Sec cyber-security event taking place in Dublin today, Mike G, who helps organisations in their fight against cyber security and hacking, said that humans are very easily hacked.

Citing the hacking of US actress Jennifer Lawrence’s Apple iCloud, Mike G said that the hacking was done through the actresses’ password for iCloud being her dog’s name, and the fact that Ms Lawrence had posted a picture of her dog on Instagram – the hacker went from there and leaked photos apparently showing her in the nude on the internet.

In addition, bad systems design and/or insecure security policies can leave people and organisations vulnerable to hacking.

Mike G, who describes himself as a pilot, engineer, and ethical hacker,  described the various was in which hackers can gain information about a person or a company, including through social media, certain types of jobs – “sales people often give out everything” – and even job listings.

In a sobering talk, he listed spoofing texts, calls and emails among the ways in which people and companies can get hacked.

In addition he said that anything can get hacked including pins, biometrics, TVs, and even our fitbits.

However when a person’s phone can be taken over, it’s “huge” he said.

In what was a stark message to businesses, Mike G asked those present at the event whether their company would be able to recover if the competition had all of their data?

However, the news from the ethical hacker was not all bad.

Mike G and his team do a lot of forensic planning, providing, among other services, cyber security awareness training, and impact penetrating testing to show companies their weak spots and how these can be overcome.

The post ‘The #weakest part of #security is us’ – #Ethical hacker on the #fight against #cyber attacks appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Fight #cyber threats by understanding why #hackers want your info

Source: National Cyber Security – Produced By Gregory Evans

Fight #cyber threats by understanding why #hackers want your info

 Understanding what intruders want is the first step in planning to prevent cyber threats from exploiting business and organization online operations, said panelists Thursday at the 2017 Wyoming Broadband Summit.

Experts in dealing with cyber security threats in Wyoming presented their views as members of a panel on “Cybersecurity – Investing, Growing, Planning and Understanding.” Panelists said not all cyber attackers were looking for the same information.

For a hospital, it might be personal information tied to treatments; for a business, it could be transactions that are needed to keep that business running; for an individual, it may be credit card or bank account access.

“You have to understand what data you have that they want,” said Sean Sanchez, of Optiv Solutions, a cybersecurity firm.

Phishing scams are the most common cybersecurity threats facing enterprise, panelists said. Lack of a cybersecurity plan, or not following one, was another problem.

James Drever, a regional director for the Wyoming Small Business Development Center, said bad password management was a problem he often finds when helping clients with less than 50 employees that have suffered a cyber-attack.

“It’s common for people to use the same password everywhere,” Drever said. “I’ll have them check a website called to find out if their email password has been ‘owned.’ Most of the time I can go to that website and find that they’ve been owned. And those are just the ones we know about.”

Failure to have an adequate back up system is another common issue for small businesses, he said. Backing up data is essential to recovering from a cyber-attack or even a fire that may destroy a business. But that backup can’t be on the same premises as the business. If not using a cloud-based backup, then use an external drive but take the business drive home and take your home backup drive to work after updating.

Robert Pettigrew, director of Information Services/Clinical Engineering for the Wyoming Medical Center in Casper, outlined how a cyber security plan helped the hospital work through the aftermath of an email phishing scam that only hit two computers but left the system down for 10 minutes. Security protocols helped prevent the spread of invasive software, but it was discovered that information connected to 2,000 patients might have been compromised. That triggered a federal review of the hospital’s cyber security operations, but thanks to a management and recovery plan that it was in place, the hospital was cleared of any violations. It still cost the hospital several hundred thousand dollars over a couple of years to satisfy federal reviewers.

Because of the phishing scam, Pettigrew said the hospital convinced employees to use two-factor authentication for their email accounts to reduce the possible of a repeat incident. Cyber security training has also been stepped up.

Sanchez and Mike Borowczak, University of Wyoming Cybersecurity Education and Research director, said researchers at higher educational Institutions can be reluctant to place security protocols on their research because it slows down work.

“The federal government is requiring cyber security protocols as part of grants,” Borowczak said.

Asked by moderator Dave Ritz, U.S. Department of Homeland Security in Cheyenne, what the federal government could to help improve response to cyber threats, the panelists responded that more timely information would help.

“Vulnerability and exploit information should be shared faster,” Sanchez said

Ritz agreed, but said that national security considerations and bureaucracy can slow down the information flow.

The post Fight #cyber threats by understanding why #hackers want your info appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Mayweather vs McGregor fight: 239 illegal streams detected, says cybersecurity firm

Source: National Cyber Security – Produced By Gregory Evans

The much-hyped megafight between Floyd Mayweather and Irishman Conor McGregor may be over, but it has sparked a fierce battle outside the ring over piracy. According to data collected by cybersecurity firm Irdeto, a total of 239 illegal streams were found to have redistributed the boxing match this past weekend,…

The post Mayweather vs McGregor fight: 239 illegal streams detected, says cybersecurity firm appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hacked! ISU intensifies fight against cyber theft

Hacked! ISU intensifies fight against cyber theftSource: National Cyber Security – Produced By Gregory Evans Months before graduation, Ben Bradley ’17 already had a cybersecurity job lined up as an analyst searching for threats to his employer’s computer network. But he couldn’t disclose the name of the company. Months before graduation, Ben Bradley ’17 already had a cybersecurity job lined up […] View full post on | Can You Be Hacked?

Hackers Target Your Mobile Bank App; You Can Fight Back

Hackers Target Your Mobile Bank App; You Can Fight BackSource: National Cyber Security – Produced By Gregory Evans BRAVE NEW BANK This NerdWallet series delves into what’s new in retail banking and what’s in it for you. We explore some of the surprising things in store for products, tech and security and look at how they’ll affect consumers. By 2021, millions more of us […] View full post on | Can You Be Hacked?

Malcolm Turnbull faces Silicon Valley fight on encryption

Source: National Cyber Security – Produced By Gregory Evans

If Malcolm Turnbull presses forward on threats to force technology companies to better cooperate on countering terrorism — by unlocking secret encrypted messages and data belonging to suspected violent plotters — the Prime Minister can expect a heated tussle with America’s powerful Silicon Valley. Turnbull intends to nudge world leaders…

The post Malcolm Turnbull faces Silicon Valley fight on encryption appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures