now browsing by tag
#nationalcybersecuritymonth | How to Really ‘Own IT’ for National Cybersecurity Awareness Month – Homeland Security Today
National Cybersecurity Awareness Month (NCSAM) is in its 16th year. The theme for 2019 – Own IT. Secure IT. Protect IT. – is focused on encouraging personal accountability and proactive behavior in security best practices and digital privacy. Considering that individually we are picking up our smartphones on average of 77 times a day and spending nearly 12 hours a day in front of a screen, the digital lines between work and personal lives are all but gone. With nearly every facet of our lives impacted by what we do online, NCSAM calls to action this year include:
- Own IT. If you are reading this, you are using a digital device. Whether you own the device or not, we are all responsible for how we use them – from the data they store and transmit to the information we post online about ourselves and others, or share with other third parties. We are all responsible for our digital footprints, including the data apps collect and transmit from these devices.
- Secure IT. If you own it, you must secure it, from strong credentials (unique usernames, passwords/passphrases, and multifactor authentication) to physical access. This includes securing computers, laptops, tablets, smartphones, apps, and website logins.
- Protect IT. If you own it, you must protect it with security updates and safe browsing practices. Stored information, including personal and customer/consumer data that you gather from others, must also be protected. Every organization has a duty to safeguard the confidentiality, integrity, and availability of data obtained from other persons.
Struggle with Passwords Continues
After all of these years, we are still terrible at creating and managing passwords. Year after year the most commonly used (and breached) passwords still include – you got it – ‘password’ and ‘12345678.’ Variations like ‘p@$$w0rd’ are not any better as they contain common substitutions such as ‘@’ for ‘a,’ etc. Given these shortcomings, password hygiene is a leading topic any time of year, but as National Cybersecurity Awareness Month continues it is a good time for another reminder for organizations to do better at helping employees improve password management.
It is no secret that passwords alone are not the best method to safeguard our digital assets, especially weak passwords. Password security firm LastPass recently published its 3rd Annual Global Password Security Report, which highlights how employees’ continued poor password habits weaken the overall organizational security posture. To affect positive password changes, it is up to organizations to take action to improve password hygiene. Read on for three simple and effective low-cost and no-cost solutions companies and their employees should apply today to start improving overall security and reduce risk posed from stolen passwords.
Longer Passwords Take Longer to Crack
Enforcing the use of longer passwords or passphrases can go a long way. Depending on computing power (and other factors), it could take approximately 23 seconds to crack ‘football1’ (or similar) vs. over 10,000 centuries to crack ‘R73&nebp@98backyard45’ or ‘tHe!weatheriscoLd67outside?’. In addition to making passwords longer, not reusing them across multiple sites and services cannot be overstated. Even if a password is stolen, if it is only used for a single site or service, cyber thieves can only potentially compromise that single account, not the entire kingdom.
Passwords Aren’t Perfect, but MFA Could Save the Day
Adding multifactor authentication (MFA) is another quick win. MFA does not guarantee an account will not be compromised, but it does significantly reduce that likelihood. Authenticator apps like Duo, Authy, and Google Authenticator provide low-cost, no-cost, hassle-free options to add an additional layer of security to the authentication process. This extra step reduces the risk a malicious attacker would be able to successfully log in and compromise valuable accounts, even with a stolen password.
The “Problem” with Password Managers
Password managers store passwords and create strong (and long) passwords so you do not have to – what’s wrong with that? Skeptical about password managers? Password managers don’t have to be perfect, they just have to be better than not having one, says cybersecurity expert Troy Hunt (founder of haveibeenpwned). Other quips by Troy: The only secure password is the one you can’t remember, and when accounts are “hacked” due to poor passwords, victims must share the blame. There are several reputable password managers to choose from, but if you are looking for “go here, do this” for picking a “good” one, check out Troy’s post on why he partnered with 1Password. On a final note, the aforementioned LastPass Global Security Report found that password manager adoption increases when it is convenient. If employees can access and use password managers from their smartphone or other device of their choice, they are more likely to use it. So, what IS the “problem” with password managers? They simply are not used enough.
Cybersecurity Awareness All Year
While October is designated NCSAM, cybersecurity awareness is far from a once-a-year activity. NCSAM materials provide proactive awareness content to use throughout the year. So, while you are sipping that long-awaited (or 100th) pumpkin spice latte, review NCSAM materials for tips, resources, webinars, and workshops. In addition, it is not too late to demonstrate your cybersecurity awareness commitment by becoming an NCSAM Champion. Some of the best NCSAM Champions come from the information-sharing community – WaterISAC, Research & Education Networks ISAC (REN-ISAC), Information Technology ISAC (IT-ISAC), Retail & Hospitality ISAC (RH-ISAC), National Council of ISACs (NCI), Faith-Based ISAO (FB-ISAO), InfraGardNCR, and InfraGard Los Angeles – and they are ensuring organizations and consumers have the resources to stay safer and more secure online. Follow #BeCyberSmart and #CyberAware on social media for great security awareness tips from the NCSAM Champions and others.
Finally, NCSAM is a great time to bolster or jump-start your cybersecurity awareness program. Interested in a ready-made program to plug into your organization? The Cyber Readiness Institute (CRI) may have just the program! Founded by the CEOs of Mastercard, Microsoft, the Center for Global Enterprise, and PSP Partners, CRI’s Cyber Readiness Program is a no-cost, practical, step-by-step guide to help small- and medium-sized enterprises become cyber ready. Completing the program will help make your organization safer, more secure, and stronger in the face of cyber threats.
15 Steps to Keep Foes from Hacking and Hurting Our Water Infrastructure
(Visited 50 times, 1 visits today)
View full post on National Cyber Security
One reason people switch to Linux is to have better security. Once you switch to Linux, the thinking goes, you no longer have to worry about viruses and other types of malware. But while this is largely true in practice, desktop Linux isn’t actually all that secure.
If a virus wants to wreck shop on your free and open source desktop, there’s a good chance that it can.
Why Malware Is Less Common on Linux Desktops
Malware is unwanted code that somehow made its way onto your computer in order to perform functions designed with malicious intent. Sometimes these programs slow down a machine or cause it to crash entirely. The creators may then demand a ransom in order to fix the machine.
Sometimes malware uploads information to remote servers, giving someone access to your saved data or vital credentials that you type, such as passwords and credit card numbers.
People tend to create malware for Windows because that’s the operating system found on the most PCs. This increases the odds that a virus will spread from one computer to another.
Virus makers tend to target less technical users that are easier to fool with bogus web banners and phishing scams. Viruses also spread among people who know how to pirate music and TV shows but don’t understand how these files may be infected.
There are antivirus programs for Linux, but even their purpose is often to help protect Windows users.
Linux Desktop Malware Exists, But It’s Rare
One piece of malware has recently made news for targeting the Linux desktop. EvilGNOME runs on the GNOME desktop environment by pretending to be an extension.
GNOME is the most common Linux desktop environment, found as the default interface on two of the most popular Linux distros, Ubuntu and Fedora, and on computers that ship directly from Linux manufacturers such as System76 and Purism. Legitimate extensions allow you to alter many aspects of the GNOME desktop.
The malware known as EvilGNOME is able to take screenshots and record audio from your PC’s microphone. It can also upload your personal files. A more detailed breakdown is available in a report by Intezer Labs, who gave EvilGNOME its name.
This malware didn’t attract attention for being particularly likely to impact large numbers of people. It was considered newsworthy because it existed at all.
Most Linux Malware Targets Servers
Linux is relatively rare on desktops, but it’s the most prominent operating system found on servers powering the web and managing much of the world’s digital infrastructure.
Many attacks target websites rather than PCs. Hackers often look for vulnerabilities in network daemons that they can use to gain access to Linux-powered servers. Some will install a malicious script on a server that then targets visitors rather than the system itself.
Hacking Linux-powered machines, whether they are servers or IoT devices, is one way to go about infecting the web or creating botnets.
Linux’s Design Is Not Inherently Secure
Desktop Linux in its current form is hardly a fortress. Compared to Windows XP, where malicious software could gain administrator access without prompting for a password, Linux offered much better security. These days, Microsoft has made changes to close that gap. Since Vista, Windows has issued a prompt.
Yet fretting about the security of system files almost misses the point. Most of the data we care about isn’t saved in our root system folders. It’s the personal data in our home directory that’s irreplaceable and most revealing. Software on Linux, malicious or otherwise, doesn’t need your password to access this data and share it with others.
User accounts can also run scripts that activate your microphone, turn on your webcam, log key presses, and record what happens onscreen.
In other words, it almost doesn’t matter how secure the Linux kernel is, or the safeguards surrounding various system components, if it’s the vulnerabilities in apps and the desktop environment that can put the data you care most about at risk.
EvilGNOME doesn’t install itself among your system files. It lurks in a hidden folder in your home directory. On the positive side, that makes it easier to remove. But you have to first know it’s there.
4 Reasons Why Linux Relatively Safe to Use
While Linux isn’t immune to exploits, in day-to-day use, it still provides a much safer environment than Windows. Here are a few reasons why.
1. Multiple Distros, Environments, and System Components
App developers have a hard time developing for Linux because there are so many versions to support. The same challenge faces malware creators. What’s the best way to infiltrate someone’s computer? Do you sneak code in the DEB or RPM format?
You may try to exploit a vulnerability in the Xorg display server or in a particular window compositor, only to find that users have something else installed.
2. App Stores and Package Managers Shield Linux Users
Traditional Linux package management systems put app maintainers and reviewers between users and their software source. As long as you get all of your software from these trusted sources, you’re very unlikely to run into anything malicious.
Avoid copying and pasting command line instructions to install software, especially when you don’t know exactly what the command is doing and you’re unsure of the source.
3. Newer Technologies Actively Consider Security
New app formats like Flatpak and Snap introduce permissions and sandboxing, limiting what apps can access. The new Wayland display server can prevents apps from taking screenshots or recording happens onscreen, making it harder to exploit.
4. The Source Code Is Open for Anyone to Read
The primary advantage of Linux comes from being able to view the code. Since Linux is open source rather than proprietary, you don’t have to worry about the desktop itself working against you, acting as spyware itself or suffering from exploits that haven’t been disclosed for commercial reasons.
Even if you can’t make sense of the code, you can read the blog posts or reports by someone that does.
Should You Be Afraid of Linux Malware?
It’s a myth that Linux users don’t have to worry about viruses, but if you stick to your distro’s app stores or other trusted sources such as Flathub, you’re unlikely to stumble across anything dangerous.
No matter which operating system you use, it’s important that you adopt safe digital habits. Don’t make the mistake of believing that switching to Linux means you can download from sketchy sites without concern.
Yet for most of us, the biggest risk probably isn’t malware. If you’ve created a large number of online accounts or depend on cloud services, phishing scams are a much larger threatto your data, whether or not you use Linux.
The post #linuxsecurity | Is Linux Really Immune to Viruses and Malware? Here’s the Truth appeared first on National Cyber Security.
View full post on National Cyber Security
Amidst the escalating number of high-profile hacks and cyber attacks, organizations are now embracing various forms of artificial intelligence (AI) – including machine learning technology and neural networks – as a new cyber security defense mechanism. At a time when human skills and competencies appear to be overmatched, the thinking goes, machines have a nearly infinite ability to analyze threats and then respond to them in real-time.
Is machine learning really the silver bullet?
However, putting one’s faith in the ability of machines to defend entire organizations from hacker attacks and other forms of security intrusions ignores one basic fact: cyber security is an arms race, and the same weapons that are available to one side will soon be available to the other side. Put another way, the same machine learning technologies being embraced by the world’s top corporations and data scientists will soon be co-opted or adopted by the world’s top hackers.
Moreover, there is still quite a bit of work to be done before any machine learning cyber defense is fully robust. Right now, machine learning excels at certain tasks, but still needs significant human intervention to excel at others. For example, machines are extremely good at “classification,” which enables them to label and describe different types of hacker attacks. As a result, machines can differentiate between spoofing attacks, phishing attacks and other types of network intrusions.
The idea here is simple: just show a machine many different examples of hacker attacks, and they will eventually learn how to classify them very efficiently. The more raw data and data points you show machines (think of all this data as “training data”), the faster they will learn. In many ways, it is similar to the machine learning techniques used for image recognition tools – show a machine enough photos of a dog, and it will eventually be able to pick out a dog in any photo you show it.
Thus, it’s easy to see an obvious implication for machine learning and cyber security: machines can help security teams isolate the most pressing threats facing an organization and then optimize the defenses for those threats. For example, if an organization is facing a hundred different potential threats, a machine can easily sort and classify all of those threats, enabling humans to focus only on the most mission-critical of these.
The use cases of machine learning in cyber security
One of the most obvious ways to apply machine learning in cyber security involves the creation of stronger spam filters. For many organizations, a constant security threat is the ability of hackers to get inside the organization simply by sending spam emails filled with all kinds of malware. Once an employee clicks on a bad link or opens a bad attachment that makes it past conventional spam filters, it may be possible for malware to spread throughout an organization’s network.
Thus, you can immediately see why adopting machine learning for email security makes so much sense – it can provide a first layer of defense against these spam emails laden with malware. If you frame email as a “classification” problem, then machines can play an important role in sifting out the “good” emails from the “bad” emails. You simply show a machine many, many different examples of “bad” emails as well as many, many different examples of “good” emails, and it will eventually become 99.9% efficient in sorting them out (or so one common myth about machine learning goes).
Another common use case for machine learning in cyber security involves spotting irregular activity within an organization’s network traffic. For example, an unexpected surge of network activity might signal some sort of looming cyber attack (such as a DDOS attack). Or, activity in the accounts of certain employees that is out of the norm might indicate that one or more of these accounts have been compromised. Again, it matters how you frame the problem for machines: organizations must be able to show them what “normal” looks like, so that they will then be able to spot any irregular deviations from the normal state of network affairs.
Machine learning, cyber security and the enterprise
To get cyber security executives thinking more deeply on the matter (without delving too deeply into the complex data science behind machine learning), the technology research firm Gartner has proposed a PPDR model, which corresponds to the various uses of machine learning for cyber security within the enterprise:
In short, with machine learning technology, organizations will be able to predict the occurrence of future attacks, prevent these attacks, detect potential threats, and respond appropriately. With the right machine learning algorithms, say experts, it might be possible to shield even the largest and most vulnerable organizations from cyber attacks. In the big data era, when organizations must grapple with so much data, it’s easy to see why they are turning to machines.
With that in mind, Amazon is leading the way with an application of machine learning for the cloud. At the beginning of 2017, Amazon acquired a machine learning startup, harvest.ai, for just under $20 million. The goal of the acquisition was to be able to use machine learning to search for, find and analyze changes in user behavior, key business systems and apps, in order to stop targeted attacks before any data can be stolen or compromised.
Then, in November 2017, the company’s cloud business, Amazon Web Services (AWS), unveiled a new cyber security offering based on machine learning called Amazon Guard Duty. The allure of the new offering is easy to grasp: companies with a lot of data in the cloud are especially vulnerable to hackers, and they are easy “sells” for any company that is able to promise that their cloud offerings will be safe from attack. Already, big-name companies like GE and Netflix have signed on as customers of Amazon’s new machine learning-based offering.
Clearly, there is a tremendous amount of potential for machine learning and cyber security within the enterprise. Some industry experts have estimated that, in the period from 2015-2020, companies will spend a combined $655 billion on cyber security. Other estimates have been even more aggressive, suggesting that the total could be closer to $1 trillion.
If companies are spending so much money on cyber security, though, they will want to be certain that new solutions featuring machine learning actually work. In order for machine learning to live up to the hype, it will need to offer a fully robust security solution that covers every potential vulnerability for a company – including the network itself, all endpoints (including all mobile devices), all applications and all users. That’s a tough order to fill, but plenty of organizations are now betting that machines will be up to the task.
The post Does #Cyber Security Really Need #Machine Learning #Technology? appeared first on National Cyber Security .
View full post on National Cyber Security
2017 was a spectacular year for cyberattacks, including some previous ones only recently and reluctantly disclosed by embarrassed victims. They include a veritable who’s who of government, business and technology, including some of the world’s most technically sophisticated organizations.
Their misfortune raises a critical question: Is anything really safe?
View full post on National Cyber Security Ventures
Source: National Cyber Security – Produced By Gregory Evans The Cyber Security Challenge has had its latest Face 2 Face (F2F) competition in Manchester. The event was sponsored by NCC Group and saw attendees challenged to break into a number of IoT devices. There were 24 players in all who were split across five teams. […] View full post on AmIHackerProof.com | Can You Be Hacked?
To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ I dated a lot, but I never really had anyone who was worthy of an anniversary. And most girlfriends never made it to a year, anyway. Wale The post I dated a lot, but I…
View full post on Become007.com
To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ As I’ve told Tyler, there’s not a really easy place between being single and being married for us now. We’re just so busy that the logistics of our career make dating impossible. I think I’ll find…
The post As I’ve told Tyler, there’s not a really easy place between being single and being married for……….. appeared first on Become007.com.
View full post on Become007.com
How can we manage security in a world built on Open Source and Cloud? Innovation is the death of cybersecurity. Consider the rise of IOT and wearables. These technologies have developed rapidly over the last few years, gaining traction not just within the business and technology sectors, but also creating…
The post Can cybersecurity really keep up with technological change? appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
When you hear the word Tinder, what’s the first thing that comes to mind? If you said “hooking up” you’re certainly not alone, but of course there are plenty of people who’ve swiped their way to a soulmate and lived happily ever after, too. So which is it? And why does it even matter? Well, new data out Wednesday from Tinder shows that kind of true love story may indeed be what the app’s users are really after. Read More….
The post Tinder really, really wants you to think you’re swiping around for lasting love appeared first on Dating Scams 101.
View full post on Dating Scams 101
We’re dating differently now. Often on multiple apps at once, users can swipe through dozens of profiles every minute and plan multiple dates, whether in hopes of a love match or a hook-up. Decisions to meet arise from limited information: A convenient location; a sultry glance captured in pixels; a mutual interest in “banter.” In 2014, Tinder users were spending as long as 90 minutes a day on the site. But fake profiles abound, sexual predators use the sites, and some common online dating behavior—like meeting alone after scant acquaintance, sharing personal information, and using geolocation—puts users at risk. Read More…. View full post on Dating Scams 101