Nothing is completely un-hackable, but there is a myriad of emerging technologies that can help us navigate the increasingly malicious cyber threat landscape.
Cybersecurity is at a tipping point, the sheer volume of breaches, attacks, and threats has become overwhelming. Juniper Research, suggests that the rapid digitization of consumers’ lives and enterprise records will increase the cost of data breaches to $2.1 trillion globally by 2019. About 1.9 billion data records got exposed in the 918 data breaches that occurred in the first half of 2017—up 164 percent from the last half of 2016. According to a recent AT&T Cybersecurity Insights report, some 80 percent of the IT and security executives surveyed said their organizations came under attack during the previous 12 months.
This rising threat trend, coupled with the rapid growth of sophistication in malware, ransomware, DDoS, and social engineering attacks has created a conundrum. How do we protect ourselves in an increasingly connected world? Continue reading “Emerging Technologies and the Cyber Threat Landscape”
Market forces are at play here, and with a global market, it’s tough to control what gets built, to what specifications, and then find an appropriate way to share that information with potential buyers.
Perspectives From 3 Of The Top SMEs In Information Security
As we approach the new year, I, Chuck Brooks, am very pleased to have a discussion with four of the most prominent technical SMEs in the world of cybersecurity; Kenneth Holley, George Platsis, and Christophe Veltsos. Their answers that follow offer practitioner perspectives and advice on some of the key issues and technologies that encompass the future of information security. It is worthwhile keeping their comments as a source reference for the C-Suite and anyone concerned about protecting their identities and data. Continue reading “2018 & Beyond – Cybersecurity’s Future”
And one from the #CyberAvengers all on Forbes
Attacks on the US government and critical infrastructure
A nation-state sponsored group will commence a 5-day long DDoS attack against a critical US government (non-DoD) agency, shutting it down in order to show their strength—The Cyber Avengers
Read the entire list on Forbes
Frank Abagnale, one of the world’s most respected authorities on the subjects of forgery, embezzlement, cybercrime, and secure documents succinctly states the troubling environment. “The police can’t protect consumers. People need to be more aware and educated about identity theft. You need to be a little bit wiser, a little bit smarter and there’s nothing wrong with being skeptical. We live in a time when if you make it easy for someone to steal from you, someone will.” There are many malicious actors out in the digital landscape and it will be increasingly important to stay ever vigilant.
Email interview held on 30th September 2017 – as follows between Alan Radley (questioner) and Chuck Brooks (relator):
- What are your thoughts on the current state of cybersecurity, both for organizations and for consumers?
The current state is a scary one. Constant breaches have demonstrated that as consumers we are becoming more and more dependent upon digital commerce. Our banking accounts, credit cards, and financial daily activities are interconnected. We are all increasingly vulnerable from hackers, phishers, and malware proliferating across all commercial verticals.
In the past year, the employment of ransomware has become a method of cyber-attack choice by hackers. This is because many networks (especially hospitals, utilities, universities, and small businesses) are comprised of different systems, devices and often lack required patching and updating necessary to thwart attacks. The recent Wannacry, and Petya attacks were certainly wake up calls to the disruptive implications of ransomware. We can expect to see more such attacks because of the ease of infection and because the vulnerabilities to networks still remain. Continue reading “Science of Cybersecurity Interview with Chuck Brooks”
Forgive the security lingo, but if legislators can speak vulnerabilities, two-factor auth, and hard-coded credentials, then it’s a big moment that should be acknowledged.
A recent article by Brian Krebs caught my attention: New Bill Seeks Basic IoT Security Standards. The bill “to improve the cybersecurity of Internet-connected devices” was authored by U.S. Sens. Mark R. Warner (D-VA) and Cory Gardner (R-CO), co-chairs of the Senate Cybersecurity Caucus, along with Sens. Ron Wyden (D-OR) and Steve Daines (R-MT) on August 1, 2017. This is so recent that a search on August 3 for the bill on GovTrack returned only the most generic of messages saying this bill was in the “first stages of of the legislative process” so in the meantime, the full text of the bill can be found on Scribd (posted by Senator Warner). Continue reading “US Legislators Wising Up About Cybersecurity?”
Certainly, information collaboration is a key component of any successful cybersecurity initiative effort, and the relationship between industry and government is no exception.
This past month cybersecurity legislation, called Promoting Good Cyber Hygiene Act of 2017, was introduced that would mandate the National Institute of Standards and Technology (NIST), the Federal Trade Commission (FTC), and the Department of Homeland Security (DHS) to establish baseline best practices for good cyber hygiene, authentication and cooperation.
Specifically the legislation states that the list of best practices established “shall be published in a clear and concise format and made available prominently on the public websites of the Federal Trade Commission and the Small Business Administration.” It also recommends including “other standard cybersecurity measures to achieve trusted security in the infrastructure.” Continue reading “Cyber Hygiene and Government–Industry Cooperation for Better Cybersecurity”
A pragmatic IoT cyber threat consequences for connected devices, wireless and wired networks. The strategy requires stepping up assessing situational awareness, policies & training, technology integration, information sharing, mitigation capabilities, and cyber resilience. The end goal is to optimize solutions and services and determine what level of security is required for implementation.
Loosely defined, the Internet of Things (IoT) refers to the general idea of things that are readable, recognizable, locatable, addressable, and/or controllable via the Internet. It encompasses devices, sensors, people, data, and machines. As broad as the definition of IoT are the cybersecurity challenges that pose a threat to anything and everyone connected. A well thought out risk-management security posture for the evolving cybersecurity threats to IoT is an imperative. Continue reading “IoT Pose A Threat To Anything And Everyone Connected”
The more digitally interconnected we become in our work and personal lives, the more vulnerable we will become. Mitigating the cyber threats will grow as a priority and requires security awareness and that data be secure and reliable.
In 2017 we are facing a new and more sophisticated array of physical security and cybersecurity challenges that pose significant risk to people, places and commercial networks. The nefarious global threat actors are terrorists, criminals, hackers, organized crime, malicious individuals, and, in some cases, adversarial nation states. Everyone and anything is vulnerable, and addressing the threats requires incorporating a calculated security strategy.
According to Transparency Market Research, the global homeland security market is expected to grow a market size of $364.44 billion by 2020. A large part of the spending increase over the past year is directly related to cybersecurity in both the public and private sectors. Continue reading “Meeting Growing Security Challenges”
Furthermore, the mass hysteria over “cybersecurity” now in 2017 requires some context. If one examines the core of the issues we face today, such as networks being inherently vulnerable, they are not all too different from the ones professionals faced in the 1980s, except that many of the past lessons have been ignored and magnitude and complexity of today’s challenges are just that much more overwhelming.
The title of this piece is quite obvious, but it is also an unappreciated fact. Consider for a moment the change we have seen over the last 30 years: access to cyberspace was scarce, often limited to enterprise users such as governments, educational institutions and the largest corporation, whereas today, there are billions of users that treat the Internet as some basic need for living – just like electricity – with access points into this domain continuing to grow. Continue reading “The Human Factor: Technology Changes Faster Than Humans”
Protecting industrial control systems is a component of the dynamic threat environment and response matrix that constitutes the whole of cybersecurity. IT security is also a broader part of cybersecurity. Because of the vital role of industrial control systems, enhanced security measures, including more isolated networks, multi-layered (software and hardware hardened) defense-in-depth and specialized protocols, are needed to protect these assets.
In an interview with Ludmila Morozova-Buss, Mr. Chuck Brooks – one of the world’s known experts, the industry guru, your future reference for the most competent and comprehensive quest and analysis on cybersecurity, explains what is an industrial cybersecurity control system (ICS) and why it is different than IT security. Continue reading “Chuck Brooks explains the difference between ICS and IT security”