their

now browsing by tag

 
 

#deepweb | Has Samsung learned from their Galaxy Fold bendy mistakes?

Source: National Cyber Security – Produced By Gregory Evans

Dreaming deep, sound asleep

As machines become increasingly intelligent, they are also becoming more artistic.

Google’s Deep Dream is making a huge splash on the web. It was originally coded by Alexander Mordvintsev, a programmer working in security systems who liked to play around with artificial intelligence as a side project. In the middle of the night last May, he discovered the lines of code that would cause Google’s neural net to generate original images that look like a psychedelic combination of Salvador Dalí and Lisa Frank. He posted his images on Google’s internal Google + account, and was soon paired with young programmer Chris Olah and software engineer/sculptor Mike Tyka to develop Deep Dream.

bar

REM for your RAM

The Deep Dream team has created an entire gallery of surrealistic art. Animal parts of different species combine to form fantastical beasts, backgrounds fill with swirling patterns, and spiders emerge from cloudless skies.

In July, the Deep Dream team released the software on GitHub so that the general public could turn their family portraits and vacation photos into bizarre art pieces. New apps are popping up, several grotesque portraits of presidential candidates have been produced, and the band Wilco used a Deep Dream image on the cover of its latest album. Samim Winiger, who created software that makes animations from Deep Dream images, says that “in five years we won’t recognize Photoshop,” alluding to the possibility for Deep Dream technology to become a major feature in our visual world.

But is there more to it?

Winiger refers to Deep Dream as “creative AI [artificial intelligence].” But can a computer be said to have creativity? The dreamlike (or, at times, nightmarish) quality of Deep Dream images has certainly caused some observers to posit that Deep Dream is pulling images from the “subconscious” of Google’s mind. But a computer, no matter how smart, is not a brain. So is Deep Dream just the robot equivalent of a cool party trick?

Deep learning in the neural net

But Deep Dream wasn’t created just to blow our minds with freakish four-eyed kittens and giant tarantulas crawling from the sky. It’s also a useful way for programmers to study artificial intelligence. Computers can now achieve what programmers call “deep learning” by processing information through a neural net (NN). Neural nets are meshes of artificial neurons layered one over the other, like spider webs. Information is passed through several layers of the NN, and each layer analyzes it from a different angle. The topmost layer is responsible for the output of information that has been “learned” by deeper layers of the net.

Google has made great strides towards teaching its neural net to visually recognize objects by having it produce an image of whatever it’s viewing, which is then graded for accuracy and fed back into the computer, giving the NN an opportunity to learn from its mistakes and eventually come to automatically correct itself.

Layered learning, and pattern detecting

So far, it has been hard for researchers to really know for sure what is happening at each layer of the neural net. But a researcher can have a computer produce a Deep Dream image from a specific layer of its neural net, thus revealing exactly what that layer is learning. In this way, researchers are discovering more about what happens inside an artificial mind.

What researchers have found is that computers may have higher perception and better pattern-recognition than humans. It’s like having a highly imaginative child watch clouds. If a cloud looks a little bit like a ship, the neural net will run the image through a feedback loop until a highly detailed ship emerges. This is why Deep Dream is able to create images even out of random noise – it can detect patterns that a human wouldn’t even notice.

This has far-reaching implications for how artificial intelligence may eventually replace humans. For example, researchers are using neural nets to read ultrasounds, detecting tumors invisible to the human eye.

Final thoughts

So, is artificial intelligence becoming creative? Is a computer an artist? That depends on how you define creativity, and where you draw the line between the “real” and the “artificial.” But Deep Dream engineer Mike Tyka is impressed: “If you think about human creativity, some small component of that is the ability to take impressions and recombine them in interesting, unexpected ways,” – the same ability Deep Dream displays.

Regardless of whether or not this is true “creativity,” the world seems to agree with Tyka that when you let a computer come up with original art, “it’s cool.”

Steven Levy was granted the first interview with the Deep Dream team. You can read his report at Medium.com.

#DeepDream

Source link
——————————————————————————————————

The post #deepweb | <p> Has Samsung learned from their Galaxy Fold bendy mistakes? <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Indian authorities arrest their first crypto dark web drug dealer

Source: National Cyber Security – Produced By Gregory Evans

  • The suspect, Dipu Singh, is accused of selling psychotropic and prescription pills on the dark web.
  • He was taken into custody by the central anti-narcotics agency under the Narcotic Drugs and Psychotropic Substances (NDPS) Act.

In an investigation done by the Narcotics Control Bureau (NCB), India has caught its first darknet crypto drug dealer. The authorities have seized 55,000 tablets in the arrest. The NCB participated in “Operation Trance” – a multinational crackdown on illicit dark web drug sales using couriers, international postal services, and private parcel deliveries.

Global post offices and international courier services were used as logistics for illicit trade. The payments gateways of cryptocurrency were used by the operators to conceal the transactions from law enforcement agencies.

The accused, Dipu Singh, is a 21-year old whose father is a retired army officer. Singh is accused of selling many psychotropic and prescription pills on the dark web and shipping them to the US, Romania, Spain, and other countries.

He started out by selling health supplements and erectile dysfunction medication on major dark web markets. Later, he began selling tramadol, zolpidem, alprazolam and other psychotropic prescription medications. The suspect was taken into custody by the central anti-narcotics agency under the Narcotic Drugs and Psychotropic Substances (NDPS) Act. 

 

Source link
——————————————————————————————————

The post #deepweb | <p> Indian authorities arrest their first crypto dark web drug dealer <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Opinion: Three Spurs players who were far from their best against Man City – Spurs Web

Source: National Cyber Security – Produced By Gregory Evans Tottenham Hotspur recorded a famous 2-0 win over Man City this afternoon in the Premier League, leapfrogging up to fifth in the table. Goals from Steven Bergwijn and Heung-min Son sealed a delightful win and clean sheet for the Lilywhites against the current champions. However, a […] View full post on AmIHackerProof.com

#cybersecurity | #hackerspace | Smaller Companies Need to Step Up Their Cyber Security Efforts

Source: National Cyber Security – Produced By Gregory Evans

Whenever we hear about major cyber security attacks such as data breaches, it’s typically larger enterprises that are the victims. That makes sense, considering those events can potentially impact a lot of people and therefore are more likely to grab headlines and garner attention.

But that doesn’t mean small and mid-sized companies (SMBs) are immune to such attacks. In fact, smaller organizations are frequent targets of cyber incidents, and they generally have far fewer resources with which to defend themselves.

A recent study by the Ponemon Institute, which conducts research on a variety of security-related topics, presents a clear picture of the cyber security challenges SMBs are facing. The report, “The 2019 Global State of Cybersecurity in SMBs,” states that for the third consecutive year small and medium-sized companies reported a significant increase in targeted cyber security breaches.

For its report, Ponemon conducted an online survey of 2,391 IT and IT security practitioners worldwide in August and September 2019, and found that attacks against U.S., U.K., and European businesses are growing in both frequency and sophistication.

Nearly half of the respondents (45%) described their organization’s IT posture as ineffective, with 39% reporting that they have no incident response plan in place.

Cyber criminals are continuing to evolve their attacks with more sophisticated tactics, and companies of all sizes are in their crosshairs, noted Larry Ponemon, chairman and founder of the Ponemon Institute. The report shows that cyber attacks are a global phenomenon, as is the lack of awareness and preparedness by businesses globally, he said.

Overall, cyber attacks are increasing dramatically, the report said. About three quarters of the U.S. companies surveyed (76%) were attacked within the previous 12 months, up from 55% in a 2016 survey. Globally, 66% of respondents reported attacks in the same timeframe.

Attacks that rely on user deception are on the rise, the study said. Overall, attacks are becoming more sophisticated, with phishing (57%), compromised or stolen devices (33%), and credential theft (30%) among the most common attacks waged against SMBs globally.

Data loss is among the most common impact of cyber security events. Worldwide, 63% of businesses reported an incident involving the loss of sensitive information about customers and employees in the previous year.

SMBs around the world increasingly are adopting emerging technologies such as mobile devices and apps, the Internet of Things (IoT), and biometrics, despite having a lack of confidence in their ability to protect their sensitive information.

Nearly half of the survey respondents (48%) access more than 50% of their business-critical applications from mobile devices, yet virtually the same portion of respondents said the use of mobile devices to access critical applications diminishes their organization’s security posture.

Furthermore, a large majority of respondents (80%) think it is likely that a security incident related to unsecured IoT devices could be catastrophic. Still, only 21% monitor the risk of IoT devices in the workplace.

The report also suggests that biometrics might finally be moving toward the mainstream. Three quarters of SMBs currently use biometrics to identify and authenticate users or have plans to do so soon.

Small and mid-sized companies can take several steps to bolster their cyber security programs. One is to educate users and managers throughout the organization about the importance of strong security and taking measures to keep data safe.

Because so many attacks begin with employees opening suspicious email attachments or clicking on links that lead to malware infestations or phishing, training users to identify these threats is vital. Companies can leverage a number of free training resources online to help spread the word about good security hygiene.

Smaller companies, particularly those will limited internal cyber security skills, can also consider hiring a managed security services provider (MSSP) to help build up a security program. Many of these firms are knowledgeable about in the latest threats, vulnerabilities, and tools, and can help SMBs quickly get up to speed from security standpoint.

And companies can deploy products and services that are specifically aimed at securing small businesses. Such tools provide protection for common IT environments such as Windows, macOS, Android, and iOS devices. They are designed to protects businesses against ransomware and other new and existing cyber threats, and prevent data breaches that can put personal and financial data at risk.

Some of these offerings can be installed in a matter of minutes with no cyber security or IT skills required, which is ideal for smaller companies with limited resources and a need to deploy stronger defenses quickly.

Source link

The post #cybersecurity | #hackerspace |<p> Smaller Companies Need to Step Up Their Cyber Security Efforts <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | When CISOs Lose Their Jobs…

Source: National Cyber Security – Produced By Gregory Evans In his recent CSO Online article, 7 Security Incidents That Cost CISOs Their Jobs, writer Dan Swinhoe looks at some of the most high profile breaches in recent history that resulted in the CISO either leaving or being fired. In the article, Swinhoe quotes Dr. Steve […] View full post on AmIHackerProof.com

#cybersecurity | #infosec | Man jailed for using webcam RAT to spy on women in their bedrooms

Source: National Cyber Security – Produced By Gregory Evans

A British man has been jailed for two years after police caught him using a notorious Remote Access Trojan (RAT) to hijack the webcams of young women, and spy upon them.

27-year-old Scott Cowley, of St Helens, Merseyside, was arrested last November as part of an international investigation into purchasers of the Imminent Monitor RAT.

Imminent Monitor (also known as IM-RAT) had been sold online since 2012, purporting to be a legitimate remote access tool.

Imminent Monitor’s claims of legitimacy, however, are somewhat undermined by some of its abilities – such as the ability to allow remote users to disable a subject’s webcam light while they are being monitored. One version of the software even introduced the ability to mine for cryptocurrency on victim’s PCs.

Security researchers at Palo Alto Networks claim that they have observed Imminent Monitor being used in attacks against its customers on over 115,000 unique occasions.

International law enforcement agencies were finally able to dismantle the infrastructure behind Imminent Monitor last November, in an operation that executed 85 warrants, seized 434 devices, and arrested 13 people.

And, of course, when police cracked the IM-RAT’s distribution network they were also able to seize records detailing thousands of purchasers, which resulted in the arrest in Merseyside of Scott Cowley.

At Liverpool Crown Court prosecutors described how the Cowley had used a PayPal account connected to his own name and personal email address to buy the IM-RAT software. Cowley successfully managed to have the software installed on the computers of three women, and seized remote control of their webcams in order to allow him to secretly film them as they undressed and had sex.

Specialist police officers from the North West Regional Organised Crime Unit (NWROCU) were able to forensically examine Cowley’s own laptop computer, finding the software as well as furtive video recordings of his victims.

The court found Cowley guilty, and sentenced him to two years imprisonment for computer misuse and sexual offences.

“Today we welcome the sentencing of Scott Cowley who used highly technological methods to obtain private videos and images of innocent victims for his own sexual gratification. This conviction demonstrates that despite the high tech nature of the Cyber Crime, offenders have no place to hide,” said Detective Sergeant Steve Frame from the NWROCU. “We take all reports of cybercrime seriously and are absolutely committed to tackling and undermining this evolving threat. If you have been the victim of a similar crime, or suspect somebody is involved in committing this type of crime please call 101 and report it to your local police force.”

No doubt police investigations into the users of IM-RAT will continue, and we can hope for more successful prosecutions for those who preyed on innocent computer users.


Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

Source link

The post #cybersecurity | #infosec | Man jailed for using webcam RAT to spy on women in their bedrooms appeared first on National Cyber Security.

View full post on National Cyber Security

#hacking | HITCON 2019 winners book their place for DEFCON 2020

Source: National Cyber Security – Produced By Gregory Evans

Cash prizes handed out to top three teams at multi-national hacking competition in Taiwan

UPDATED A team of hackers from China has triumphed at HITCON’s Capture the Flag (CTF) final in Taiwan over the weekend (December 14-15).

The two-day event in Taipei, where four-person teams compete in offensive and defensive cybersecurity challenges, saw China’s Tea Deliverers top the leaderboard and earn a $10,000 prize.

LC↯BC, representing Russia, finished in second place, receiving a check for $5,000, while Japan’s TokyoWesterns scooped up $2,000 for finishing in the bronze medal position.

China’s Tea Deliverers topped the leaderboard and earned a $10,000 prize at this year’s HITCON

Balsn, one of three teams representing the host nation, won a $1,000 prize for being the top-ranked Taiwanese outfit participating in the event, which was hosted by the Association of Hackers in Taiwan and Taiwan’s Industrial Development Bureau.

Teams from the US, Poland, Vietnam, and Hungary were also among the 14 finalists for the HITCON CTF, whose October qualifiers featured 662 teams.

The champions of two other CTF events – the Balsn CTF and Trend Micro’s Raimund Genes Cup – qualified for the HITCON final, whose winner subsequently qualifies for next year’s DEFCON CTF, widely seen as the most illustrious hacking competition of all.

HITCON winning teams have been entering DEFCON CTF since 2014, winning in 2017, and finishing second or third in the other years.

“Training of information security talents is not a one-day effort, nor can it be completed behind closed doors,” said Lee Lun-Chuan, who was in charge of running HITCON CTF.

“HITCON CTF scores 96 points in the international contest, attracting foreign information security teams to attend.

Lun-Chuan added: “By inviting international teams to share their experience, HITCON CTF trains domestic information security talents while demonstrating Taiwan’s strength in information security worldwide.”

Organizers of the DEFCON, CODE BLUE and Trend Micro CTFs, meanwhile, joined the HITCON team at the HITCON CTF Forum, to discuss the creation of a platform in Taiwan aimed at promoting young hacking talent and sharing best practices.

Launched in 2005, HITCON – short for Hacks In Taiwan Conference – has additionally launched a public service vulnerability notification platform (ZeroDay), an ‘escape the room’ competition (HackDoor), and an enterprise security attack and defense competition (DEFENSE).

More information on the HITCON CTF can be found on the Association of Hackers in Taiwan website.

This article has been updated with comments and further information from the organizers of HITCON.

RELATED Polish hacking team triumphs in Trend Micro CTF competition

Source link

The post #hacking | HITCON 2019 winners book their place for DEFCON 2020 appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | But Their Emails: Many 2020 Campaigns Still Risk Phishing Attacks

Source: National Cyber Security – Produced By Gregory Evans

Phishing is still a vector to attack presidential campaigns. Many 2020 candidate organizations still aren’t using best practice by implementing a proper DMARC policy.

It seems they’ve not learned from the hack on Hillary’s campaign. In 2016, John Podesta got tricked by a crude phish—and it easily could happen again.

Things are better now, but there’s still acres of room for improvement. In today’s SB Blogwatch, we dig their DNS records.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: a decade in three minutes.


Can You Spell DMARC?

What’s the craic, Zack? Mister Whittaker reports—“Only a few 2020 US presidential candidates are using a basic email security feature”:

 DMARC, an email security protocol that verifies the authenticity of a sender’s email and rejects spoofed emails … could prevent a similar attack that hobbled the Democrats during the 2016 election. … Only Elizabeth Warren … Joe Biden, Kamala Harris, Michael Bloomberg, Amy Klobuchar, Cory Booker, Tulsi Gabbard and Steve Bullock have … improved their email security.

The remaining candidates, including … Donald Trump, are not rejecting spoofed emails. … That, experts say, puts their campaigns at risk from foreign influence campaigns and cyberattacks.

In the run-up to the 2016 presidential election, Russian hackers sent an email to Hillary Clinton campaign manager John Podesta, posing as a Google security warning. [It] tricked Podesta into … allowing hackers to steal tens of thousands of private emails.

Or perhaps you prefer a different topical angle? G’day, David Braue—“You may be targeting Black Friday bargains, but cybercriminals are targeting you”:

 Security firms are warning shoppers to be careful online as cybercriminals increase their activity in the runup to [the] retail season. … Shoppers need to be particularly wary of online scams and malware propagated through emails spoofing legitimate retailers.

Despite efforts by the Australian Signals Directorate to promote the use of next-generation DMARC email anti-fraud tools … research suggests that just 45 percent of Australia’s biggest online retailers have actually begun implementing DMARC – and just 10 percent have adopted the strictest level of security.

Returning to this hemisphere, Agari’s Armen Najarian claims, “2020 Presidential Candidates Remain Vulnerable”:

 The kinds of email attacks that helped derail Hillary Clinton’s candidacy in 2016 are only getting more sophisticated. [But some] campaigns are not taking the threat as seriously as they should.

Meanwhile, we’re seeing new trends in how cybercriminals execute … advanced threats, which are liable to throw an entire candidacy off-course. After all, it only requires one campaign employee or volunteer to click on one link in a malicious email.

It’s likely only a matter of time before the unthinkable happens once again. … The Mueller Report … squarely pointed to spear phishing as the primary attack vector for Russian hackers seeking to gain access.

Unfortunately, candidates must not only be concerned about email directed to them and their campaign staff. … Imagine the damage that can be done by emails that appear to come from the legitimate domain of the candidate, but actually come from a malicious criminal who uses that domain to spread false information to potential … donors, voters, and the media.

This is entirely possible, and likely even probable, unless candidates take the steps they need to protect against it by implementing DMARC with a p=reject policy.

DMARC: HOWTO? Chad Calease obliges—“A Definitive Guide”:

 This is the time of year we’re all too aware how much phishing really sucks. … While technology isn’t able to catch all of it 100% of the time, DMARC is one of these important layers of defense that helps to dramatically minimize the amount of phishing emails that get through to our inboxes.

DMARC stands for Domain-based Message Authentication, Reporting & Conformance. [It] is a set of 3 DNS records that work together to ensure email is sent only from authorized … mail servers, thereby helping block fraudulent messages.

DMARC sets a clear policy for what to do if a message hasn’t been sent from an authorized source. … DMARC helps prevent criminals from spoofing the “header from” or “reply-to” address: … First it checks that the DKIM … digital signature is a match. Then it checks the SPF record to ensure the message came from an authorized server. If both DKIM and SPF pass these checks, DMARC delivers the message.

But if one or more of these tests fails, DMARC behaves according to a policy we set:

‘none’ [which] doesn’t impose any actions …
‘quarantine’ [which] Flags messages … to be directed to the recipients’ spam or junk folders …
‘reject’ [which] outright refuses messages that fail … (this is the end goal of a good DMARC configuration).

OK, so why aren’t all the candidates on board? Here’s lostphilosopher:

 I see this as a reflection of the candidates ability to find and listen to experts. I don’t expect a candidate to understand how to do tech “right” – I’m in the industry and still get half of it wrong! However, when you’re running a multi million dollar campaign you can afford to bring in experts to set this stuff up and audit your practices.

I assume these candidates are already doing this and that if they are still not following some basic best practices it’s because they are actively ignoring the experts. … That’s what worries me: If they can’t find or listen to these people now, what makes me think they’ll be able to in office?

And this Anonymous commentator agrees:

 Think about this for a second! If the … candidates don’t care enough about their own email traffic, why would anyone vote for them to secure this nation? If your own private info is easily up for grabs, what do you honestly think national security would be like under any of them?

But gl4ss spots an oint in the flyment:

 If you rely on DMARC … and just trust it blindly then you know what? You’re gonna get ****ed by someone on whthouse.org.co.uk.acva.com.

Sure the email is sent from that domain, but so what? The domain isn’t right.

It was ever thus. Ryan Dunbar—@ryandunbar2—looks back:

 In 1980 we knew internet email was not secure.
2003 get email SPF
2007 get email DKIM
2012 get DMARC
2019 get ARC, BIMI
2025 get QUIC, yet email will still not be secure.
2050 get internet3
Why does it look like the ones running the internet don’t want a secure internet?

Meanwhile, El Duderino knows who to blame:

 This is Al Gore’s fault because he invented the internet.

And Finally:

10 Years; 100 songs; 3 minutes

Previously in And Finally


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites… so you don’t have to. Hate mail may be directed to @RiCHi or sbbw@richi.uk. Ask your doctor before reading. Your mileage may vary. E&OE.

Image source: Tia Dufour (public domain)

Source link

The post #cybersecurity | #hackerspace |<p> But Their Emails: Many 2020 Campaigns Still Risk Phishing Attacks <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | 30 years after the Convention on the Rights of the Child was signed, the IACHR calls on States to renew their commitment to children – World

Source: National Cyber Security – Produced By Gregory Evans

Washington, D.C. – On November 20, when the Convention on the Rights of the Child celebrates its 30th anniversary, the IACHR recalls that children still face enormous barriers to the enjoyment of their rights. In this regard, the Commission calls on the OAS member states to renew their commitment to children and adolescents through the implementation of effective national protection systems.

Thirty years ago, the international community came together to take a crucial step in the protection of children around the world, by negotiating and approving a broad regulatory framework that meant a paradigm shift in the matter. It is from the Convention that the States consolidated the recognition of children as holders of their own rights, universally guaranteed, and not as mere objects of protection. Today, the Convention on the Rights of the Child is the human rights treaty with the highest number of ratifications, as it has 196 States Parties, which underlines the universality of its scope.

Although the Commission recognizes the progress achieved during the three decades since the Convention came into force, it also expresses its concern about the deep gap between the rights established therein and the reality in which millions of children live in the region. According to UNICEF, in Latin America alone, 72 million children aged 0 to 14 still live in poverty, 1 in 5 have their physical growth affected by the lack of access to adequate nutrition and 12 million do not attend to school. In addition, almost 25,000 adolescents between 10 and 19 years old are victims of homicide each year in the region and half of those under 15 years of age are subjected to corporal punishment at home.

This scenario requires that the States renew and strengthen their commitment to protect children from any type of violation of their rights. In this regard, the Commission reiterates the need for States to implement national systems that effectively execute special and reinforced public protection policies aimed at guaranteeing the integral development of children, as well as allowing them to live a dignified life and free from all forms of violence.

“The protection of the rights of children requires a joint effort of all social actors, not only at this time of celebration of the 30th anniversary of the Convention, but permanently, with the States occupying a central place in guaranteeing these rights”, said Commissioner Esmeralda Arosemena de Troitiño, President of the IACHR and Rapporteur on the Rights of the Child. “This renewed commitment, which must continue through the years, needs to hear the voice of children who have the right and are increasingly interested in participating in the decisions that affect them”, she added.

The Commission notes that the United States of America is the only country that has not ratified the text of the Convention. In this regard, the IACHR takes this opportunity to urge the State to adopt measures to ratify the treaty for the benefit of more than 70 million children living in the United States.

A principal, autonomous body of the Organization of American States (OAS), the IACHR derives its mandate from the OAS Charter and the American Convention on Human Rights. The Inter-American Commission has a mandate to promote respect for and to defend human rights in the region and acts as a consultative body to the OAS in this area. The Commission is composed of seven independent members who are elected in an individual capacity by the OAS General Assembly and who do not represent their countries of origin or residence.

Source link
——————————————————————————————————

The post #deepweb | <p> 30 years after the Convention on the Rights of the Child was signed, the IACHR calls on States to renew their commitment to children – World <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | American Consumers Recognize Their Role in Preventing Cybercrime, are Bothered by Perceived Inconveniences of Advanced Security

Source: National Cyber Security – Produced By Gregory Evans

BROOKFIELD, Wis.–(BUSINESS WIRE)–

55% of consumers understand they need to do more to protect their personal data; but 59% are bothered by temporary inconveniences of advanced security measures

Only 45% of consumers have received formal cybersecurity training from their employer

According to the 2019 Cybersecurity Awareness Insights Study released today by Fiserv, most Americans consider themselves at least somewhat informed of cybersecurity threats, yet many fall short at proactively protecting their personal data. Despite this lack of action, more than half (55%) of American consumers understand they need to do more to protect their data, presenting significant opportunity for businesses to reinforce best practices.

Conducted in the summer of 2019 and originally commissioned by First Data, now Fiserv, the study gathered insights from 1,005 Americans ages 18 to 73. The study explores how aware American consumers are of online privacy and security risks, and how they behave when it comes to protecting themselves from cyber threats.

“While cybercrime continues to grab headlines, our study shows that many Americans have not taken action to protect themselves, and the majority say they are bothered by temporary inconveniences brought about by advanced security measures,” said Jay Ablian, Head of Merchant Security and Fraud Solutions, Fiserv. “There is a clear opportunity for businesses to educate consumers and employees to help them understand both the potential impact of inaction and how security measures are designed to protect them.”

Consumer Awareness

The more consumers know, the better they’re able to protect their personal information online. According to the 2019 Cybersecurity Awareness Insights Study, 75% of consumers consider themselves at least somewhat informed of cybersecurity threats. In addition, 55% of respondents understand they should do more to beef up their online security – especially when using social media, online banking, or online shopping.

Despite this, more than half of consumers can be classified as ambivalent, in denial, or oblivious to cybersecurity risks, with only 6% currently taking the steps needed to proactively protect themselves.

Consumer inaction may be driven by perceived inconveniences. To that end, 59% of consumers report they are bothered by temporary inconveniences brought about by advanced security measures that help ensure higher levels of protection.

Consumer Behavior and Data Protection

Although many consumers consider extra cybersecurity precautions a hassle, they are taking some steps to protect themselves. According to the study, dodging inbound phishing attempts is a strong suit of consumers, but additional vigilance around password security is needed:

  • The top measure consumers take to protect themselves is refusing to click email links or open attachments from people they don’t know, cited by 61% of consumers
  • On the other hand, changing passwords is a cybersecurity step 42% of consumers take only if they are required to
  • Of consumers surveyed, 33% have a go-to password they modify slightly to meet password requirements, and 20% use names of significant people, places or pets. Neither of these methods is considered a best practice.

Cybersecurity Awareness at Work

Consumers often look to their employer to provide cybersecurity training, but aren’t always getting the support they expect. Fifty-eight percent of consumers said their employer sends regular cybersecurity updates, and 45% said their employer offers formal cybersecurity training. Of consumers who aren’t provided cybersecurity training, only 9% said their employer has a plan in place to do so.

Employers have a vested interest in cybersecurity awareness, as educated employees can secure their own information and that of the business. Best practices for employers launching their own cybersecurity training include:

  • Emphasize education at work Ongoing education about new cybersecurity threats equips employees to recognize them and understand potential implications
  • Encourage lockdown at home – Employees can secure their home networks, starting with changing all default passwords – especially for internet routers. Those with families can teach children about the dangers of cybercrime
  • Keep information out of the public eye – Whether on personal or business computers, covering up screens when entering passwords and credentials in public areas helps keep information safe.

Additional Resources

About Fiserv

Fiserv, Inc. (FISV) aspires to move money and information in a way that moves the world. As a global leader in payments and financial technology, the company helps clients achieve best-in-class results through a commitment to innovation and excellence in areas including account processing and digital banking solutions; card issuer processing and network services; payments; e-commerce; merchant acquiring and processing; and the Clover® cloud-based point-of-sale solution. Fiserv is a member of the S&P 500® Index and the FORTUNE®500 and is among the FORTUNE Magazine World’s Most Admired Companies®. Visit fiserv.com and follow on social media for more information and the latest company news.

FISV-G

View source version on businesswire.com: https://www.businesswire.com/news/home/20191016005304/en/

Source link

The post #cyberfraud | #cybercriminals | American Consumers Recognize Their Role in Preventing Cybercrime, are Bothered by Perceived Inconveniences of Advanced Security appeared first on National Cyber Security.

View full post on National Cyber Security