ReportWire

Tag: Cybersecurity

  • How to Conduct a Comprehensive Cybersecurity Risk Assessment | Entrepreneur

    How to Conduct a Comprehensive Cybersecurity Risk Assessment | Entrepreneur

    [ad_1]

    Opinions expressed by Entrepreneur contributors are their own.

    In today’s digital landscape, cybersecurity has become a critical concern for businesses of all sizes. However, for small and medium-sized businesses (SMBs), the stakes are even higher. Startups often face numerous challenges, with limited budgets being one of the most significant hurdles.

    Nevertheless, ignoring cybersecurity risks can have devastating consequences. In this article, we will delve into the importance of cybersecurity for startups, the challenges they face and the significance of conducting a comprehensive risk assessment.

    Related: A Business Leader’s Beginner Guide to Cybersecurity

    Importance of cybersecurity for startups

    1. Protecting sensitive data: Startups often possess valuable intellectual property, customer data and other sensitive information. A breach could result in significant financial loss, tarnished reputation and potential legal liabilities.

    2. The evolving threat landscape: Cyber threats are continuously evolving, and attackers are increasingly targeting small businesses due to their potential vulnerabilities. Startups cannot afford to be complacent and must stay ahead of emerging threats.

    3. Regulatory compliance: Many startups operate in industries that have strict regulations regarding data protection and privacy. Compliance with these regulations is not only essential for avoiding penalties but also for building trust with customers and investors.

    Challenges faced by startups with limited budgets

    Startups often operate on shoestring budgets, allocating resources primarily to core business operations. This financial constraint poses unique challenges when it comes to implementing robust cybersecurity measures. Here are some challenges commonly faced by startups:

    1. Lack of expertise and resources: Startups may not have dedicated IT or cybersecurity personnel, making it difficult to address the complexities of cybersecurity effectively.

    2. Budget constraints: Allocating funds for cybersecurity tools, technologies and training can be a significant challenge for startups, especially when competing with other essential business expenses.

    3. Lack of awareness and prioritization: Startups may underestimate the importance of cybersecurity or fail to prioritize it amidst the various demands of growing their business.

    Related: 10 Cyber Security Best Practices for Your SMBs

    Understanding risk assessment

    Risk assessment is a systematic process of identifying, analyzing and evaluating potential risks that could impact an organization’s information assets and systems. It provides a framework for understanding the likelihood and potential impact of threats, allowing businesses to prioritize and implement appropriate security measures.

    To conduct an effective risk assessment, startups should focus on the following key components:

    1. Identifying assets and vulnerabilities: Startups must identify and understand their critical assets, including intellectual property, customer data, financial information and operational systems. Concurrently, vulnerabilities within the infrastructure, software and processes should be assessed to determine potential weak points.

    2. Assessing threats and likelihood: Threat assessment involves identifying potential threats and attack vectors that could target the startup’s assets. Researching current cybersecurity threats relevant to startups is crucial to stay informed about the latest attack techniques. Likelihood assessment evaluates the probability of each threat occurrence, considering both internal and external factors that may influence the likelihood.

    3. Determining potential impact: Assessing the potential impact of successful attacks is vital to understand the consequences a startup may face. The impact can be financial, operational or reputational. By considering the severity of each impact, startups can prioritize their risk mitigation efforts accordingly.

    4. Prioritizing risks based on severity: Once risks have been identified, assessed, and their potential impact determined, startups should prioritize them based on severity. This prioritization enables them to allocate their limited resources effectively and address the most critical risks first.

    Conducting a comprehensive risk assessment

    To ensure effective cybersecurity measures, startups need to conduct a comprehensive risk assessment that encompasses asset identification, vulnerability assessment, threat assessment, likelihood assessment and impact assessment. Let’s explore each of these components in more detail:

    1. Asset identification: Startups need to identify their critical data and systems, ensuring a clear understanding of what requires protection. This includes intellectual property, financial data, customer information and operational systems. By evaluating the value of each asset to the startup, appropriate security measures can be implemented.

    2. Vulnerability assessment: To assess vulnerabilities, startups must identify weaknesses in their infrastructure, software and processes. This can involve conducting vulnerability scans, penetration testing and code reviews. By proactively identifying and addressing vulnerabilities, startups can reduce the likelihood of successful attacks.

    3. Threat assessment: Startups should identify potential threats and attack vectors that could exploit their vulnerabilities. Staying informed about the latest cybersecurity threats and attack techniques is essential. By monitoring industry-specific threat intelligence sources and collaborating with cybersecurity experts, startups can enhance their threat assessment capabilities.

    4. Likelihood assessment: Evaluating the probability of each identified threat occurrence is crucial. Startups should consider internal factors such as existing security measures, employee awareness and incident response capabilities. Additionally, external factors like industry-specific trends, geopolitical risks and emerging cyber threats should be taken into account.

    5. Impact assessment: Assessing the potential consequences of successful attacks is vital for startups to understand the potential impact on their business. Financial losses, operational disruptions, damage to reputation and legal liabilities are some of the key considerations. By understanding the potential impact, startups can implement appropriate safeguards and response plans.

    Related: The Key to Securing Your Small Business in Today’s Cyber Landscape

    In an increasingly digital world, small and medium-sized businesses must prioritize cybersecurity to protect their valuable assets, maintain regulatory compliance and build trust with customers and investors. While startups face unique challenges due to limited budgets, a comprehensive risk assessment approach allows them to identify and prioritize their cybersecurity risks effectively. By conducting asset identification, vulnerability and threat assessments, and evaluating likelihood and impact, startups can make informed decisions and implement the necessary measures to safeguard their operations and future growth.

    [ad_2]

    Jim Koohyar Biniyaz

    Source link

  • Be patient with this red-hot tech stock, as it soars to new all-time high

    Be patient with this red-hot tech stock, as it soars to new all-time high

    [ad_1]

    [ad_2]

    Source link

  • Japan-backed fund to buy critical semiconductor firm JSR for $6.3 billion as chip tensions rise

    Japan-backed fund to buy critical semiconductor firm JSR for $6.3 billion as chip tensions rise

    [ad_1]

    The Japanese Investment Corporation (JIC) proposed a $6.3 billion buyout of JSR, one of Japan’s most critical chip firms.

    Akio Kon | Bloomberg | Getty Images

    A fund backed by the Japanese government on Monday proposed a $6.3 billion acquisition of semiconductor material giant JSR, underscoring the strategic emphasis governments around the world are putting on the critical technology of chips.

    The Japanese Investment Corporation proposed an offer of 4,350 Japanese yen ($30.3) per share to buy JSR, marking a 35% premium to Friday’s closing price.

    JSR shares rallied more than 20% on Monday on hopes of the deal. JIC could put in a tender offer in December, the company said.

    JSR is a major company in the semiconductor supply chain in an area known as photoresists, where Japan is one of the world leaders. Photoresists are light-sensitive materials needed as part of the process to etch patterns into wafers. These eventually are the design of the circuit of a chip.

    “Japan wants to double down on its comparative advantage in materials … needed for semiconductor manufacturing,” Pranay Kotasthane, chairperson of the high tech geopolitics program at the Takshashila Institution, told CNBC.

    The potential acquisition comes at a time when semiconductors are front and center of a broader technology battle between the U.S. and China.

    Last year, the U.S. announced sweeping export restrictions on semiconductor tools and certain chips to China. Countries such as the Netherlands, home to a critical chip firm called ASML, as well as Japan, followed suit with similar restrictions.

    At the same time, countries are trying to secure their own supply chains and build up their domestic chip industries, focusing on areas where they are traditionally strong.

    For Japan, that is with companies such as JSR in chemicals and materials.

    “JIC’s investment in JSR means that the government might have a higher say over its decisions,” Kotasthane said. “Geopolitically, this would make China uncomfortable. Especially since Japan has gone along with its own version of export controls against the Chinese semiconductor industry.”

    [ad_2]

    Source link

  • Protect Your Business with This Three-Year VPN Subscription, Only $29.99 | Entrepreneur

    Protect Your Business with This Three-Year VPN Subscription, Only $29.99 | Entrepreneur

    [ad_1]

    Disclosure: Our goal is to feature products and services that we think you’ll find interesting and useful. If you purchase them, Entrepreneur may get a small share of the revenue from the sale from our commerce partners.

    Cybercrime isn’t just for the Fortune 500 businesses. According to a 2022 article by Alliant Cybersecurity, more than 50% of cybercrime is directed at small businesses. Whether you’re an established business or the sole employee of your own startup, keeping your data safe may need to be a priority you act on quickly. If you want to maintain your privacy even on public Wi-Fi, get UltraVPN. This Secure VPN Proxy has a three-year subscription on sale for $29.99, and it even comes with a free 30-day antivirus.

    UltraVPN could be a valuable tool for the ongoing cybersecurity of your business. This easy-to-use VPN offers fast speeds on a reliable server network spanning 100+ global locations. Connect to any of 1,000+ servers and enjoy high-speed access with few geographical restrictions to blocked content and streaming, no buffering, and keeping safe on public and private WiFi.

    UltraVPN can maintain multiple simultaneous connections so that you can connect up to 10 Mac, PC, iOS, and Android devices. While browsing, your data is locked behind military-grade AES-256 encryption, and UltraVPN comes with a kill switch that disconnects your device from the internet if it loses VPN connection. That way, no data is exposed while your VPN is down. If anything malicious gets through, the free 30-day antivirus may help you eliminate it.

    Even if your business is still young, you may want to invest in robust cybersecurity software.

    Get a three-year subscription to UltraVPN Secure USA VPN Proxy and 30-day antivirus protection for $29.99 (reg. $239).

    Prices subject to change.

    [ad_2]

    Entrepreneur Store

    Source link

  • Five questions with … Bank of America SVP Amanda Sorensen | Bank Automation News

    Five questions with … Bank of America SVP Amanda Sorensen | Bank Automation News

    [ad_1]

    Amanda Sorensen
    Amanda Sorensen, senior vice president of the Business Information Security Office, Bank of America

    Bank of America’s Amanda Sorensen, senior vice president of the Business Information Security Office, is focused on risk mitigation, staying ahead of cybercriminals and monitoring cyberattacks at the $3.1 trillion bank.

    The Charlotte, N.C.-based bank announced that it had increased its projected technology spend by $400 million for 2023 to $3.8 billion at a conference hosted by wealth management firm Bernstein this month. That spend is geared toward generative AI and payment development, Chief Executive Brian Moynihan said at the event.

    Additionally, the bank was granted 608 patents in 2022, a 19% increase year over year, about 27% of which were related to information security, according to Bank of America.

    In an interview with Bank Automation News, Sorensen discussed cybersecurity efforts throughout the bank, including monitoring ransomware, staying ahead of cybercriminals and using a threat-led approach. What follows is an edited version of the conversation:

    Bank Automation News: What cybersecurity trends are you following in 2023?

    Amanda Sorensen: At Bank of America, we continue to make investments in our people and technology to keep clients’ information secure. The cyber landscape continues to evolve. Ransomware is a common tactic of cybercriminals, so I’m definitely following the nuances of these attacks.

    There have been headlines lately on generative AI and what that may mean for cybercriminals, as well as cybersecurity teams, and I think it will be interesting to see how that develops.

    We continue to invest in partnerships to build a trusted community among banks for cyberthreat information sharing and to keep an open dialogue and debate on cybersecurity. We also offer educational tools and resources to our clients so they can stay current with trends.

    BAN: What is your role on Bank of America’s cybersecurity team?

    AS: I lead the BISO team at Bank of America. The team enables the cybersecurity organization and the technology teams, as well as the frontline business units by advising on cybersecurity matters and driving reduction of cybersecurity risk.

    I would describe my leadership style as very hands on. I like to understand the work that I’m leading in the organization, and I enjoy getting to know my teammates. Through a working relationship with my team, we establish a mutual level of transparency, which is effective in solving potential issues early.

    BAN: What technologies are at the forefront for innovative cybersecurity teams?

    AS: By using a threat-led approach to cybersecurity, you’re continuously monitoring for anything new or changing in the landscape and adapting your defenses accordingly. Understanding how controls perform against known threats gives security teams visibility into where evolution is needed to defend against the threat.

    BAN: How do you plan and stay ahead of cybersecurity for the future?

    AS: The Business Information Security Office (BISO) team partners effectively across the broader company to solve problems and share current information, allowing the bank to be nimble in its response to the evolving threat landscape. We’re part of the bank’s nearly 3,000 cyber experts located across 17 countries operating around the clock and around the world to identify, prevent and mitigate information security risks.

    BAN: What is the best leadership advice you’ve received? How do you relay that advice to your team?

    AS: When I was a new manager, it was difficult for me to give feedback. Then, someone suggested that I change my perspective, reframing feedback from a negative experience to one that helps the recipient. So now when I have to give uncomfortable or difficult feedback, I follow that advice and really think about it as something that I owe this person. Feedback provides opportunities for improvement and potential career advancement at all levels.

    [ad_2]

    Whitney McDonald

    Source link

  • How Leaders Can Create a Strong Cybersecurity Culture | Entrepreneur

    How Leaders Can Create a Strong Cybersecurity Culture | Entrepreneur

    [ad_1]

    Opinions expressed by Entrepreneur contributors are their own.

    In today’s interconnected digital landscape, cybersecurity has become a paramount concern for organizations of all sizes and industries. The increasing frequency and sophistication of cyber attacks highlight the critical need for robust security measures. However, effective cybersecurity goes beyond implementing technical solutions; it requires the establishment of a strong cybersecurity culture within the organization.

    This article delves into the role of leadership in creating a cybersecurity culture and how it fosters awareness and accountability across the organization.

    Related: The Importance of Training: Cybersecurity Awareness like a Human Firewall

    Understanding the elements of a cybersecurity culture

    A cybersecurity culture refers to the collective beliefs, values, attitudes and behaviors within an organization that prioritize and promote the protection of digital assets and information. It encompasses several key components that work together to create a secure environment:

    1. Awareness and education: A cybersecurity culture starts with educating employees about the risks and threats associated with cyber attacks. By raising awareness about the potential consequences of security breaches, leaders can empower employees to make informed decisions and take proactive measures to protect organizational assets.

    2. Accountability and responsibility: Leaders play a pivotal role in instilling a sense of accountability and responsibility among employees regarding cybersecurity. By setting clear expectations, defining roles and responsibilities, and establishing policies and procedures, leaders can ensure that everyone understands their role in safeguarding the organization’s digital assets.

    3. Continuous improvement and learning: Cybersecurity is an ever-evolving field, and organizations must foster a culture of continuous improvement and learning. Leaders should encourage employees to stay updated on the latest security practices, share knowledge and experiences related to cybersecurity incidents and provide opportunities for professional development to enhance their skills.

    4. Integration into organizational processes and practices: A strong cybersecurity culture integrates security considerations into all aspects of the organization. By incorporating cybersecurity into decision-making processes, performance evaluations and rewards systems, leaders can reinforce the importance of security as a core element of the organization’s operations.

    The role of leadership in fostering awareness

    Leadership plays a crucial role in fostering awareness of cybersecurity risks and promoting a proactive approach to mitigating those risks. Here are some key strategies that leaders can employ:

    1. Leading by example: Executives and senior leaders should serve as cybersecurity advocates by demonstrating their commitment to security measures. This includes adhering to best practices, following security protocols and actively engaging in cybersecurity initiatives.

    2. Implementing regular training programs and workshops: Leaders should establish comprehensive training programs and workshops to educate employees about cybersecurity threats, best practices and the organization’s policies and procedures. These initiatives should be ongoing to ensure that employees stay updated on emerging threats and security measures.

    3. Communicating the importance of cybersecurity: Leaders should effectively communicate the significance of cybersecurity to all employees, emphasizing the potential risks and consequences of security breaches. Regular communication through various channels such as meetings, newsletters and intranet updates can reinforce the importance of cybersecurity as a shared responsibility.

    4. Encouraging a proactive approach: Leaders should encourage employees to be vigilant and proactive in identifying and reporting potential security threats. Creating a culture where employees feel empowered to report suspicious activities or vulnerabilities fosters a sense of collective responsibility toward cybersecurity.

    Related: 3 Ways to Make Employees Your Best Cybercrime Fighters

    The role of leadership in fostering accountability and responsibility

    Leadership plays a critical role in instilling accountability and responsibility for cybersecurity practices throughout the organization. Here are some effective strategies:

    1. Setting clear expectations and standards: Leaders should establish clear expectations and standards regarding cybersecurity practices. This includes defining acceptable use policies, password protocols and guidelines for handling sensitive information. Clear communication and documentation of these standards ensure that employees understand their responsibilities.

    2. Establishing policies and procedures: Leaders should work with IT and security teams to develop comprehensive policies and procedures that outline the organization’s approach to cybersecurity. These documents should cover areas such as data protection, incident response, access control and employee training. Regularly reviewing and updating these policies ensures that they remain aligned with evolving threats and industry best practices.

    3. Assigning roles and responsibilities: Leaders should assign specific roles and responsibilities to individuals or teams responsible for managing and overseeing cybersecurity initiatives. This ensures accountability and provides a clear framework for addressing security issues, incident response and continuous improvement.

    4. Implementing monitoring and reporting mechanisms: Leaders should establish mechanisms to monitor and track compliance with cybersecurity policies and procedures. This can include implementing security controls, conducting regular audits and assessments and utilizing technologies for threat detection and prevention. Transparent reporting mechanisms enable leaders to identify vulnerabilities and take proactive measures to address them.

    Continuous improvement and learning

    A key aspect of a cybersecurity culture is a commitment to continuous improvement and learning. Leaders can foster this culture by implementing the following strategies:

    1. Promoting ongoing learning: Leaders should encourage employees to stay updated on the latest trends, threats and best practices in cybersecurity. This can be achieved through providing access to relevant resources, organizing training sessions and webinars, and encouraging participation in industry conferences and events.

    2. Sharing knowledge and experiences: Creating opportunities for employees to share their knowledge and experiences related to cybersecurity incidents fosters a collective learning environment. This can be done through regular team meetings, knowledge-sharing platforms or dedicated forums where employees can discuss and learn from real-life security incidents.

    3. Conducting regular assessments and audits: Leaders should conduct regular assessments and audits to identify areas for improvement in the organization’s cybersecurity practices. This includes vulnerability assessments, penetration testing and audits of security controls. The findings from these assessments should be used to drive enhancements and strengthen the organization’s security posture.

    4. Investing in professional development: Leaders should invest in the professional development of employees to enhance their cybersecurity skills and knowledge. This can be achieved through certifications, specialized training programs and opportunities for cross-functional collaboration. By equipping employees with the necessary skills, leaders empower them to contribute to the organization’s cybersecurity efforts.

    Related: 50 Things You Need To Know To Optimize Your Company’s Approach to Data Privacy and Cybersecurity

    Integrating cybersecurity into organizational processes and practices

    To create a robust cybersecurity culture, leaders must integrate security considerations into all organizational processes and practices. Here are some effective approaches:

    1. Incorporating cybersecurity into decision-making: Leaders should ensure that cybersecurity is considered in all strategic and operational decision-making processes. This includes evaluating the security implications of adopting new technologies, selecting vendors and defining the organization’s risk tolerance. By making security a core element of decision-making, leaders ensure that it becomes ingrained in the organization’s DNA.

    2. Including cybersecurity in performance evaluations and rewards: Leaders should incorporate cybersecurity performance metrics into employee evaluations and rewards systems. Recognizing and rewarding individuals and teams who demonstrate exemplary security practices and contribute to the organization’s security goals reinforces the importance of cybersecurity and motivates employees to prioritize it.

    3. Collaborating with IT and security teams: Effective leadership requires collaboration between leaders and IT/security teams. By working closely with these teams, leaders can ensure that security measures align with business objectives, provide the necessary resources and support, and establish effective communication channels to address security-related concerns.

    4. Developing incident response plans: Leaders should work with IT and security teams to develop robust incident response plans that outline procedures for detecting, containing and recovering from cybersecurity incidents. Conducting regular drills and simulations helps identify gaps and ensures that the organization is prepared to respond effectively to security breaches.

    Creating a cybersecurity culture is a shared responsibility that requires effective leadership. By fostering awareness and accountability across the organization, leaders play a crucial role in protecting the organization’s digital assets and maintaining trust. Through strategies such as promoting awareness, instilling accountability, encouraging continuous learning, and integrating cybersecurity into organizational processes, leaders can build a strong cybersecurity culture that permeates every level of the organization.

    Leaders must lead by example, demonstrating their commitment to cybersecurity through their actions and behaviors. By implementing regular training programs and workshops, leaders ensure that employees are equipped with the knowledge and skills to mitigate cyber threats. Effective communication about the importance of cybersecurity helps create a shared understanding of its significance and encourages employees to be proactive in identifying and reporting potential risks.

    Accountability and responsibility are key elements of a strong cybersecurity culture. Leaders should set clear expectations and standards for cybersecurity practices, establish policies and procedures, and assign roles and responsibilities to ensure that everyone understands their part in protecting the organization’s digital assets. Regular monitoring and reporting mechanisms help track compliance and identify areas for improvement.

    Continuous improvement and learning are vital to staying ahead of evolving cyber threats. Leaders should promote a culture of ongoing learning, providing employees with opportunities to stay updated on the latest security practices and encouraging knowledge sharing. Regular assessments and audits help identify vulnerabilities and drive enhancements, while investing in professional development empowers employees to contribute to the organization’s cybersecurity efforts.

    Integrating cybersecurity into organizational processes and practices is essential for embedding it into the organization’s DNA. By considering security implications in decision-making processes, including it in performance evaluations and rewards systems, collaborating with IT and security teams, and developing robust incident response plans, leaders ensure that cybersecurity becomes an integral part of the organization’s operations.

    In conclusion, the role of leadership in creating a cybersecurity culture cannot be overstated. By fostering awareness and accountability, leaders set the foundation for a secure environment. Through continuous improvement, learning and integration into organizational processes, leaders establish a culture where cybersecurity is prioritized at every level. With effective leadership, organizations can build resilience, protect their digital assets and maintain the trust of customers, employees and stakeholders in an increasingly interconnected world.

    [ad_2]

    Jim Koohyar Biniyaz

    Source link

  • Judge bars Trump from disclosing — or keeping — evidence in documents case

    Judge bars Trump from disclosing — or keeping — evidence in documents case

    [ad_1]

    Former U.S. President Donald Trump delivers remarks during an event following his arraignment on classified document charges, at Trump National Golf Club, in Bedminster, New Jersey, U.S., June 13, 2023. 

    Amr Alfiky | Reuters

    A federal judge issued a protective order Monday barring former President Donald Trump from disclosing — or keeping — evidence set to be turned over to him by the government in the classified documents case on social media.

    The order against Trump and Walt Nauta, his co-defendant in the criminal case alleging he mishandled national security information, prohibits them from sharing evidence federal investigators are set to begin turning over to their lawyers as part of the discovery process in the case.

    “The Discovery Materials, along with any information derived therefrom, shall not be disclosed to the public or the news media, or disseminated on any news or social media platform, without prior notice to and consent of the United States or approval of the Court,” Magistrate Judge Bruce Reinhart said in the order.  

    Read more from NBC News
    Spy balloon ‘chapter should be closed’ after China talks, Blinken tells NBC News
    U.S. and China hail progress but no breakthrough after Blinken meets with Xi
    Blinken: Meeting with President Xi an ‘important start’ to stabilizing ties between U.S. and China

    It bars them from disclosing information about the government’s evidence to people not directly involved in the case without explicit permission from a judge, and warns they could face criminal contempt charges if they violate the order.

    It also puts limits on Trump’s access to the material.

    “Defendants shall only have access to Discovery Materials under the direct supervision of Defense Counsel or a member of Defense Counsel’s staff. Defendants shall not retain copies of Discovery Material,” the ruling said.

    The ruling largely tracks with a request for a protective order the government filed in the case on Friday. The government said in that filing that Trump and Nauta’s lawyers had “no objections to this motion or the protective order.”

    Trump attorney Todd Blanche declined comment on the order.

    The information prosecutors sought to guard includes “sensitive and confidential information,” including “information that reveals sensitive but unclassified investigative techniques; non-public information relating to potential witnesses and other third parties (including grand jury transcripts and exhibits and recordings of witness interviews); financial information of third parties; third-party location information; and personal information contained on electronic devices and accounts.”

    “The materials also include information pertaining to ongoing investigations, the disclosure of which could compromise those investigations and identify uncharged individuals,” their Friday filing said.

    Trump, 77, was indicted earlier this month on 37 federal felony counts, including willful retention of national defense information, making f

    alse statements and representations, and conspiracy to obstruct justice.

    He pleaded not guilty at his arraignment last week. Nauta, whose lawyer has declined comment on the case, is expected to enter a not guilty plea next week.

    Trump was slapped with a similar order in the New York criminal case where he’s charged with dozens of counts of falsifying business records. Trump’s attorneys had objected to portions of the order in that case.

    Prosecutors from the Manhattan district attorney’s office said those restrictions were necessary because the “risk” that Trump would use the evidence “inappropriately” was “substantial.”

    “Donald J. Trump has a longstanding and perhaps singular history of attacking witnesses, investigators, prosecutors, trial jurors, grand jurors, judges, and others involved in legal proceedings against him, putting those individuals and their families at considerable safety risk,” the DA’s office had argued in a court filing.

    Trump has pleaded not guilty in that case.

    [ad_2]

    Source link

  • Microsoft says early June disruptions to Outlook, cloud platform, were cyberattacks

    Microsoft says early June disruptions to Outlook, cloud platform, were cyberattacks

    [ad_1]

    Thomas Trutschel | Photothek | Getty Images

    In early June, sporadic but serious service disruptions plagued Microsoft’s flagship office suite — including the Outlook email and OneDrive file-sharing apps — and cloud computing platform. A shadowy hacktivist group claimed responsibility, saying it flooded the sites with junk traffic in distributed denial-of-service attacks.

    Initially reticent to name the cause, Microsoft has now disclosed that DDoS attacks by a murky upstart were indeed to blame.

    But the software giant has offered few details — and would not comment on the attacks’ magnitude. It would not say how many customers were affected or describe the attackers, who it has named Storm-1359. A group that calls itself Anonymous Sudan claimed responsibility on its Telegram social media channel at the time. Some security researchers believe the group to be Russian.

    Microsoft’s explanation in a blog post Friday evening followed a request by The Associated Press two days earlier. Slim on details, the post said the attacks “temporarily impacted availability” of some services. It said the attackers were focused on “disruption and publicity” and likely used rented cloud infrastructure and virtual private networks to bombard Microsoft servers from so-called botnets of zombie computers around the globe.

    Microsoft said there was no evidence any customer data was accessed or compromised.

    While DDoS attacks are mainly a nuisance — making websites unreachable without penetrating them — security experts say they can disrupt the work of millions if they successfully interrupt the services of a software service giant like Microsoft on which so much global commerce depends.

    It’s not clear if that’s what happened here.

    “We really have no way to measure the impact if Microsoft doesn’t provide that info,” said Jake Williams, a prominent cybersecurity researcher and a former National Security Agency offensive hacker. Williams said he was not aware of Outlook previously being attacked at this scale.

    “We know some resources were inaccessible for some, but not others. This often happens with DDoS of globally distributed systems,” Williams added. He said Microsoft’s apparent unwillingness to provide an objective measure of customer impact “probably speaks to the magnitude.”

    As for Storm-1359’s identity, Williams said he doesn’t think Microsoft knows yet. That would not be unusual. Cybersecurity sleuthing tends to take time — and even then can be a challenge if the adversary is skilled.

    Pro-Russian hacking groups including Killnet — which the cybersecurity firm Mandiant says is Kremlin-affiliated — have been bombarding government and other websites of Ukraine’s allies with DDoS attacks. In October, some U.S. airport sites were hit.

    Edward Amoroso, NYU professor and CEO of TAG Cyber, said the Microsoft incident highlights how DDoS attacks remain “a significant risk that we all just agree to avoid talking about. It’s not controversial to call this an unsolved problem.”

    He said Microsoft’s difficulties fending of this particular attack suggest “a single point of failure.” The best defense against these attacks is to distribute a service massively, on a content distribution network for example.

    Indeed, the techniques the attackers used are not old, said U.K. security researcher Kevin Beaumont. “One dates back to 2009,” he said.

    Serious impacts from the Microsoft 365 office suite interruptions were reported on Monday June 5, peaking at 18,000 outage and problem reports on the tracker Downdetector shortly after 11 a.m. Eastern time.

    On Twitter that day, Microsoft said Outlook, Microsoft Teams, SharePoint Online and OneDrive for Business were affected.

    Attacks continued through the week, with Microsoft confirming on June 9 that its Azure cloud computing platform had been affected.

    On June 8, the computer security news site BleepingComputer.com reported that cloud-based OneDrive file-hosting was down globally for a time.

    Microsoft said at the time that desktop OneDrive clients were not affected, BleepingComputer reported.

    [ad_2]

    Source link

  • Save Over $100 Off This Top-Rated VPN for a Limited Time | Entrepreneur

    Save Over $100 Off This Top-Rated VPN for a Limited Time | Entrepreneur

    [ad_1]

    Disclosure: Our goal is to feature products and services that we think you’ll find interesting and useful. If you purchase them, Entrepreneur may get a small share of the revenue from the sale from our commerce partners.

    Cybersecurity is of paramount importance in industry today for good reason. Many companies use corporate VPNs as a base level of security but don’t think that because your organization is small, you can worry less about cybersecurity. According to CyberTalk.org, 46% of all cyber breaches target companies with fewer than 1,000 employees. And in the world of hybrid work, when more people than WiFiare working on public Wi-Fi regularly, it’s imperative to protect your browsing.

    A Windscribe VPN Pro Plan is a great base layer of security, and we’re offering a Flash Sale price that’s discounted through June 20.

    Windscribe has earned 4 stars out of 5 from PCWorld and Tech Radar and a 4.4-star rating on G2. More than just a VPN, Windscribe offers a desktop application and browser extension that work together to protect your online privacy, unblock websites, remove ads, and improve your everyday browsing experience. It offers an AES-256 cipher with SHA512 auth and a 4096-bit RSA key and can generate OpenVPN, IKEv2, and WireGuard® configurations for all your devices.

    With an extensive network of servers in more than 69 countries and no identifying logs, you can browse anonymously and bypass geo-restrictions anywhere in the world. The desktop app also offers a firewall, a secure hotspot, and a proxy gateway for extra security when you’re getWiFi on public WiFi. With the browser extension, you can block ads and trucks that follow you around the web, track and delete cookies you collect while browsing, and use split personality to reduce the chance of basic fingerprinting as you jump to different sites.

    Windscribe also gives you unrestricted and private access to entertainment, news sites, and blocked content in over 69 countries.

    Through June 20 at 11:59 p.m. PT, you can get a three-year subscription to the Windscribe VPN Pro Plan for just $79.97 (reg. $207) — the best price on the web.

    Prices are subject to change.

    [ad_2]

    Entrepreneur Store

    Source link

  • Why In-Office Work Is The Real Threat to Cybersecurity | Entrepreneur

    Why In-Office Work Is The Real Threat to Cybersecurity | Entrepreneur

    [ad_1]

    Opinions expressed by Entrepreneur contributors are their own.

    Imagine a home filled with sophisticated locks, CCTV cameras, and a state-of-the-art security system. Yet, the owner leaves the back door wide open. This is precisely what’s happening in the world of corporate cybersecurity. As organizations fret over the potential risks of remote work, new research suggests the real dangers lurk within the office itself. That finding from a groundbreaking study from the Farmer School of Business at Miami University is definitely a surprise to me and my clients who I help transition to hybrid and remote work, and it will inform some valuable conversations going forward.

    The unexpected benefits of remote work on cybersecurity

    The Farmer School of Business researchers discovered that remote workers exhibit a higher level of cybersecurity awareness and take more security-related precautions than their in-office counterparts (forthcoming in the July issue of Computers & Security). That’s right — working from home might actually make employees more vigilant when it comes to cybersecurity. In my emailed interview with the author Joseph K. Nwankpa, he told me “When we surveyed remote workers, we expected the results to reveal cybersecurity complacency, but surprisingly, the survey revealed remote cyber vigilance.”

    This surprising outcome can be attributed to the so-called “Peltzman Effect” and the complacency framework, which the study draws upon to explore how remote working may trigger a moral hazard regarding employee cybersecurity awareness and security-based precaution-taking. Remote employees tend to feel a heightened sense of responsibility for their own cybersecurity, while office workers often become complacent, trusting their companies to handle cyber threats on their behalf.

    Related: Employers: Hybrid Work is Not The Problem — Your Guidelines Are. Here’s Why and How to Fix Them.

    Complacency: The Achilles’ heel of office workers

    Imagine being on a cruise ship with an impeccable safety record. You might feel so secure that you skip the safety drill and neglect to learn the location of the lifeboats. This is the complacency effect in action. Office workers, surrounded by the perceived safety of their company’s cybersecurity measures, may be less likely to follow best practices and take necessary precautions.

    The study cites prior research that reveals how employees working within the corporate office and boundaries trust their firms to develop, maintain and update security countermeasures to mitigate cybersecurity threats and risks. As a result, these employees are not apt or mindful of security threats and concerns, leading to constrained cybersecurity awareness.

    On the other hand, remote workers, like sailors navigating stormy seas, understand that they must be constantly vigilant. This heightened awareness leads them to take more security-based precautions, ultimately keeping their company’s digital assets safer.

    Indeed, the human element of security is enhanced through a switch to remote work. Thus, Nwankpa stated “Our study found that working from the office within corporate firewalls and security boundaries induced employees to exhibit risky cybersecurity behavior, such as diminished cybersecurity awareness and precaution-taking. However, switching to remote work made employees feel insecure, leading to heightened cybersecurity awareness and cybersecurity precautionary measures.”

    The pivotal role of information security policy compliance

    The study also found that information security policy compliance played a significant role in remote workers’ heightened cybersecurity awareness. This suggests that companies must prioritize and enforce their security policies to ensure that all employees, whether in the office or at home, are adequately prepared to handle cyber threats.

    The research model used in the study examined the impact of remote working on security-based precaution-taking and the role of cybersecurity awareness in the relationship between remote working and security-based precaution-taking. The data collected from 203 remote workers across the U.S. provided strong support for the research model, indicating that remote working is positively associated with cybersecurity awareness and security-based precaution-taking.

    Furthermore, the study reveals that as remote workers gain cybersecurity awareness, they are more likely to apply security-based precaution measures. This reinforces the idea that fostering cybersecurity awareness among remote workers can lead to better protection of organizational information assets against threats.

    Related: Why Cybersecurity Needs to be Prioritised as Small Businesses Face the Cost-of-Living Crisis

    Remote Work: A potential solution to cybersecurity woes

    Contrary to popular belief, the findings of this study demonstrate that remote work can actually improve cybersecurity. Companies can leverage this knowledge to their advantage, promoting remote work arrangements and fostering a culture of vigilance and cybersecurity responsibility among their employees.

    One way to achieve this is by understanding the relationship between cybersecurity awareness and security-based precaution-taking. By focusing on this relationship, organizations can clarify how and when remote working can create positive cybersecurity behavior among end-users, as suggested by the study.

    Organizations should not shy away from embracing remote work arrangements, as the study reveals that these can lead to better cybersecurity outcomes. By fostering a culture of trust, personal responsibility, and cybersecurity awareness among remote employees, companies can empower their workforce to take the necessary precautions and maintain a high level of vigilance, ultimately leading to a more secure digital environment.

    The importance of training and employee engagement

    To further enhance cybersecurity in a remote work setting, organizations should invest in comprehensive training programs that cover both technical and behavioral aspects of cybersecurity. By making employees aware of the potential threats and risks, as well as providing them with the tools and knowledge needed to protect themselves and the company, businesses can significantly reduce their vulnerability to cyberattacks.

    In addition, organizations should actively engage their remote employees and encourage open communication about cybersecurity issues. By involving employees in the decision-making process and addressing their concerns, companies can create a sense of ownership and shared responsibility for the organization’s cybersecurity.

    Reevaluating Cybersecurity Strategies for a Hybrid Workforce

    As the business world moves towards a more hybrid workforce, with a mix of office-based and remote employees, it is crucial for organizations to reevaluate their cybersecurity strategies. Companies must consider the unique challenges and opportunities presented by remote work and adapt their policies and practices accordingly.

    This may involve updating security protocols, implementing new technologies, and rethinking the traditional office-centric approach to cybersecurity. By embracing the unexpected benefits of remote work and adapting to the evolving digital landscape, organizations can create a more secure and resilient future.

    The groundbreaking study from the Farmer School of Business at Miami University opens the door for further research into the distinctions between remote and office work and their implications on cybersecurity. Future research could explore how different remote work arrangements, such as hybrid models or fully remote workforces, may impact cybersecurity awareness and precaution-taking behavior among employees.

    Moreover, researchers could investigate the role of various factors, such as organizational culture, leadership, and technology, in shaping employees’ cybersecurity behavior in both remote and office environments. This would provide valuable insights to help organizations develop more effective strategies for managing cybersecurity in an increasingly connected and remote world.

    Related: Cybersecurity Practices That Protect Your Small Business

    Cognitive Biases and their Impact on Cybersecurity

    Cognitive biases can significantly influence how employees perceive and respond to cybersecurity threats, both in remote and office settings. By understanding the impact of these biases, organizations can tailor their cybersecurity strategies to address these psychological factors and promote more effective security behaviors among their workforce. Let’s explore two specific cognitive biases that may impact cybersecurity in the context of remote work and office environments: the status quo bias and the optimism bias.

    The status quo bias refers to the tendency for people to prefer maintaining their current state or situation, even when change could potentially bring about benefits or improvements. In the context of cybersecurity, employees working in a corporate office environment may be more prone to the status quo bias, as they might assume that their organization’s existing security measures are sufficient to protect them from cyberthreats.

    This complacency can lead to a lack of personal responsibility and a decreased likelihood of adopting new security behaviors or updating existing practices. The Farmer School of Business study highlights this issue, revealing that employees working in corporate offices often trust their organizations to handle cybersecurity threats and, as a result, may neglect their own role in safeguarding company data and assets.

    To counteract the status quo bias, organizations should continuously emphasize the evolving nature of cyber threats and the importance of individual responsibility in maintaining security. Encouraging employees to stay updated on the latest security best practices and providing regular training on new threats can help keep cybersecurity at the forefront of their minds and reduce the impact of the status quo bias.

    The optimism bias refers to the inclination of individuals to underestimate the likelihood of negative events occurring, while overestimating the probability of positive outcomes. In the context of remote work and cybersecurity, the optimism bias may manifest as office-based employees believing that they are less likely to fall victim to cyberattacks than their remote counterparts.

    This overconfidence may lead office-based workers to overlook potential security risks and neglect precautionary measures, such as adhering to company security policies. The Farmer School of Business study supports this assumption by showing that remote workers are more likely to have a higher level of cybersecurity awareness and take more security-related precautions than those working in an office.

    To mitigate the effects of optimism bias, organizations should provide remote employees with clear and realistic information about the cybersecurity risks associated with remote work. Sharing real-life examples of cyberattacks targeting office-based as well as remote workers and emphasizing the importance of personal responsibility can help raise awareness and encourage employees to be more vigilant.

    Conclusion

    The study from the Farmer School of Business at Miami University serves as a wake-up call for organizations to rethink their approach to cybersecurity in the age of remote work. By embracing the benefits of remote work, fostering a culture of cybersecurity awareness, and adapting their strategies to the evolving digital landscape, companies can ensure the protection of their valuable digital assets and navigate the treacherous waters of the cyber world with confidence.

    [ad_2]

    Gleb Tsipursky

    Source link

  • Enjoy Enhanced Security With Microsoft Windows 11 Pro, Now Just $29.99 | Entrepreneur

    Enjoy Enhanced Security With Microsoft Windows 11 Pro, Now Just $29.99 | Entrepreneur

    [ad_1]

    Disclosure: Our goal is to feature products and services that we think you’ll find interesting and useful. If you purchase them, Entrepreneur may get a small share of the revenue from the sale from our commerce partners.

    With reports of cyberattacks targeting small businesses on the rise, the good news is that there are ways to beef up your cybersecurity and protect yourself against threats. And one is super simple: upgrade your operating system.

    If you saved money on your computer purchasing a refurbished device, it may not have come with the newest operating system. If you upgrade to Windows 11 Pro, you’ll enjoy enhanced security among other perks, like improved performance and customizable options. And right now, you can enjoy all the benefits of Microsoft Windows 11 Pro for just $29.99 (reg. $199) for a limited time.

    This license to Microsoft Windows 11 Pro is ideal for use in business. And this license provides one activation key that can be used for three different devices, so you can enjoy all the perks of this improved operating system. You’ll enjoy Windows Information Protection, which helps you separate personal and work data, while only allowing authorized apps to access certain data. And you can rest easy knowing Microsoft Information Protection Integration will be protecting your important files from data leaks.

    BitLocker Encryption encrypts your data on the hard drive, so it will be unreadable without the correct decryption key. You’ll also enjoy Windows Hello for Business that gives you management tools for remote deployment like multi-factor authentication, while also supporting certificate-based authentication. You’ll quickly see why Microsoft Windows 11 Pro scored 4 stars on both PC Magazine and TechRadar.

    Enjoy all the perks of Microsoft Windows’ latest operating system, Microsoft Windows 11 Pro, for just $29.99 (reg. $199).

    Prices subject to change.

    [ad_2]

    Entrepreneur Store

    Source link

  • Get Lifetime Access to More Than 90 Cybersecurity Courses | Entrepreneur

    Get Lifetime Access to More Than 90 Cybersecurity Courses | Entrepreneur

    [ad_1]

    Disclosure: Our goal is to feature products and services that we think you’ll find interesting and useful. If you purchase them, Entrepreneur may get a small share of the revenue from the sale from our commerce partners.

    Cybersecurity is top-of-mind for most businesses these days, but not all can afford to give it the proper attention in the budget — especially solopreneurs and very small businesses. Rather than enlist an entire cybersecurity team, however, you can learn the skills you need to protect your business online. With an InfoSec4TC Platinum Membership, you’ll get lifetime access to more than 90 courses designed to give you a modern cybersecurity education that will keep your business safe from hackers and snoops.

    InfoSec4TC has earned a 4.4/5-star instructor rating and boasts one of the highest certification passing rates among online training providers. Through their self-paced certification courses, you can train to earn certifications in GSEC, CISSP, CISA, CISM, and many more internationally recognized IT certifications. InfoSec4TC gives you access to the latest exam questions and course materials to help you pass each exam on your first try.

    With access to all new and future courses, all social media groups, and even a free career consulting and planning session, your Platinum Membership will ensure your cybersecurity skills always stay on the cutting edge. From ethical hacking and network security to implementing secure enterprise systems, you’ll develop a comprehensive skill set that will come in handy not just in protecting your business, but in giving you a strong foundation to move into a lucrative new career should you choose. After all, every business could use some cybersecurity help these days, and InfoSec4TC will make sure that your skills always keep up with demand.

    Protect your business from cybersecurity threats both present and future.

    Get a lifetime InfoSec4TC Platinum Membership for 75% off $280 at just $69.99 for a limited time.

    Prices subject to change.

    [ad_2]

    Entrepreneur Store

    Source link

  • Trump charged with 37 counts in classified documents case, indictment says

    Trump charged with 37 counts in classified documents case, indictment says

    [ad_1]

    A 37-count criminal indictment against Donald Trump for retaining classified government records and conspiring to prevent their return to U.S. officials was unsealed Friday.

    The charging document was made public a day after the former president was indicted by a grand jury in U.S. District Court in Miami.

    Among other allegations, the indictment says that Trump showed classified documents to other people in the summer of 2021, after leaving office.

    Follow our live coverage of Donald Trump’s indictment in the classified documents case.

    One of those documents was a “plan of attack” that he said was prepared by the Pentagon, while the other was a classified map related to a military operation, the indictment alleges.

    Also charged in the indictment was Trump’s valet, Walter Nauta, who faces several of the same charges as his boss, with whom he allegedly conspired to keep classified records and hide them from a federal grand jury.

    The FBI raid of Trump’s Florida home last August discovered hundreds of classified documents, which he had failed to turn over to U.S. officials despite months of efforts to recover them.

    Former U.S. President Donald Trump is seen in Midtown on April 03, 2023 in New York City. Trump is scheduled to be arraigned tomorrow at a Manhattan courthouse following his indictment by a grand jury.

    Gotham | Gc Images | Getty Images

    The indictment says Trump was aware of the highly sensitive nature of the documents, quoting him at one point as saying: “As president, I could have declassified it … but this is still secret.”

    Trump and Nauta are due to be arraigned in Miami on Tuesday, the day before the ex-president’s 77th birthday.

    He and Nauta each face a maximum possible sentence of 20 years in prison if convicted of the most serious charges, which are conspiracy to obstruct justice and counts related to withholding and concealing the government records.

    Thirty-one of the counts accuse Trump of willful retention of national defense information. He is also charged with conspiracy to obstruct justice; withholding a document or record; corruptly concealing a document or record; concealing a document in a federal investigation; scheme to conceal; and false statements and representations.

    Trump was put under criminal investigation in the spring of 2022, after the FBI was notified that classified documents were found in the 15 boxes of government records he gave to the National Records and Archives Administration after months of effort by NARA to recover documents the agency believed were missing.

    By law, presidents must give NARA all government records when they leave office.

    The indictment notes, “As he departed the White House, TRUMP caused scores of boxes, many of which contained classified documents, to be transported to The Mar-a-Lago Club in Palm Beach, Florida, where he maintained his residence.”

    “TRUMP was not authorized to possess or retain those classified documents,” the indictment says.

    Trump later suggested to any attorney that he lie to the FBI and a grand jury by saying that he did not have the documents they were seeking, and directed Nauto to move boxes of documents to conceal them from Trump’s own lawyer, the FBI and the grand jury, the indictment alleges.

    Trump also is accused in the indictment of suggesting to his lawyer that the attorney hide or destroy documents, that he gave the FBI and the grand jury only some of the documents he had kept while claiming he was fully cooperating.

    And Trump caused a certification to be submitted to the FBI and grand jury, falsely representing that all documents had been produced when he knew that was not true, according to the indicment.

    The indictment estimates that Trump’s trial would take between 21 and 60 days.

    Earlier Friday, two of his lawyers resigned from representing him in the classified documents case, and in another pending federal criminal investigation for his efforts to overturn his loss in the 2020 presidential election.

    Read the indictment against Donald Trump

    This is breaking news. Check back for updates.

    [ad_2]

    Source link

  • ManagedMethods Wins Best IT Solution at EdTech Breakthrough Awards 2023

    ManagedMethods Wins Best IT Solution at EdTech Breakthrough Awards 2023

    [ad_1]

    The cybersecurity vendor has once again been recognized for their efforts in the field of education technology


    BOULDER, Colo., June 8, 2023 (Newswire.com)

    ManagedMethods, the Google Workspace and Microsoft 365 cybersecurity, safety, and compliance platform for K-12 school districts, today announced that it is receiving the EdTech Breakthrough award for “Best Overall IT Solution for the Education Market.” 

    ManagedMethods received the award at the annual awards program conducted by EdTech Breakthrough—a leading market intelligence organization that recognizes the top companies and solutions in the global educational technology market. 

    This is not the first time that ManagedMethods has received acclaim in the EdTech Breakthrough Awards—they previously held the accolades of Cloud Security Startup of the Year in 2019, Overall Threat Detection Solution of the Year in 2020, and Overall Enterprise Cloud Security Solution of the Year in 2021.

    The EdTech Breakthrough Awards aims to celebrate outstanding achievements and acknowledge the innovation, dedication, and accomplishments in various educational technology sectors. These sectors include Student Engagement, School Administration, Adaptive Learning, STEM Education, e-Learning, Career Preparation, and more. The award cements ManagedMethods as a credible and trustworthy cybersecurity vendor purpose-built for education organizations.

    ManagedMethods’ platform monitors school district Google Workspace and Microsoft 365 email, file sharing, chat, and video apps 24/7/365 and empowers district IT admins with visibility and control of their cloud environment. The platform leverages advanced artificial intelligence to defend against malware and phishing threats, swiftly identifies and resolves account takeovers, and safeguards data from both deliberate attacks and accidental breaches.

    ManagedMethods CEO, Charlie Sander, stated: “We are honored to be recognized by the EdTech Breakthrough Awards for the fifth consecutive year. The team at ManagedMethods is committed to keeping schools and students safe online. I’m proud of the work that my team has accomplished and of the partnerships we’ve developed with schools throughout the US and around the world.”

    ABOUT

    ManagedMethods is on a mission to make securing sensitive information stored in the cloud easy and affordable for K-12 school districts. The cybersecurity and compliance platform provides a centralized command center for managing Google Workspace and Microsoft 365 cybersecurity and student safety risks. This supports automated controls to prevent data security breaches, account takeovers, ransomware, and phishing attacks, and detect student safety signals.

    CONTACT

    Name: Emily Trujillo

    Phone: 1-646-480-0356

    Email: emily@publicize.co

    Source: ManagedMethods

    [ad_2]

    Source link

  • New Framework Protects Consumers’ Privacy, Keeps Advertisers’ Utility

    New Framework Protects Consumers’ Privacy, Keeps Advertisers’ Utility

    [ad_1]

    Newswise — The use of mobile technologies to collect and analyze individuals’ location information has produced massive amounts of consumer location data, giving rise to an elaborate multi-billion-dollar system in which consumers can share personal data in exchange for economic benefits. But privacy risks prevail.

    In a new study, researchers used machine learning to create and test a framework that quantifies personalized privacy risks; performs personalized data obfuscation; and accommodates a variety of risks, utilities, and acceptable levels of risk-utility tradeoff. The framework outperformed prior models, significantly reducing consumers’ privacy risk while preserving advertisers’ utility.

    The study was conducted by researchers at Carnegie Mellon University (CMU), the University of Virginia, and New York University. It is published in Information Systems Research.

    “The global market for location analytics alone is projected to reach $25.5 billion by 2027,” notes Beibei Li, associate professor of IT and management at CMU’s Heinz College, who coauthored the study. “As industries increasingly unleash the power of location big data, our study offers a much-needed framework to balance privacy risks and data utilities, and to sustain a secure and self-governing multi-billion-dollar location ecosystem.”

    Massive volumes of mobile location data are being generated daily through smartphone location-based services (e.g., navigation, ride share, food delivery services). Such data track consumers’ behavior—where they eat and shop, what products they buy—to enable applications of commercial value (e.g., restaurant recommendations, location-based advertising, market research). Advertisers, who gain access to location data through data aggregators, can predict consumers’ next location with 25% success and next activity and timing with 26% success.

    But there are considerable risks to consumers of sharing location data, which includes personally identifiable information like names and home addresses. Some advertisers may carry out malicious acts using the data, usually for short-term revenue gains. Therefore, data aggregators need a personalized and flexible framework to balance diverse types of risks and utilities for different kinds of consumers and advertisers.

    In this study, researchers developed a machine learning-based framework that quantifies individual consumers’ privacy risk, quantifies advertisers’ utility, and features a personalized and flexible obfuscation scheme. The scheme suppresses a subset of locations visited by a consumer based on his or her personalized suppression parameter proportional to the individual’s risk level; it also accommodates different types and different acceptable levels of risks and utilities.

    To test their framework, researchers partnered with a leading data aggregator that integrates location data across more than 400 commonly used mobile apps (e.g., news, weather, maps, fitness) from a quarter of the U.S. population who are in compliance with privacy regulations. The data, collected in five weeks from September to October 2018, are representative of the U.S. population and the sample analyzed covers a major U.S. metropolitan area. Researchers validated the framework on a million trajectories (where and when consumers move) generated by 40,000 consumers in a major U.S. metropolitan area.

    The study’s framework accounts for distinct characteristics of individual-level location data, and outperforms multiple benchmark methods from recent studies, according to the authors.

    Using the proposed framework, the authors say, a data aggregator can effectively curtail a potential invasion of consumer privacy by performing personalized data obfuscation without sacrificing the utility of the obfuscated data to an advertiser. The aggregator may also fulfill personalized and diverse demands from both consumers and advertisers by flexibly accommodating multiple types of risks and utilities, as well as a wide array of acceptable levels of a specific risk, utility, and risk-utility tradeoff.

    “Location-based marketing is rapidly becoming a primary venue for planning marketing campaigns and targeting consumers, enriching both traditional and digital marketing strategies,” explains Meghanath Macha, a graduate of CMU’s Heinz College, who led the study. “Our framework fills a critical void and offers an important tool for the privacy-aware practices of big data location-based applications and services, providing a balance between privacy risks and data utilities.”

    Among the study’s limitations, the authors note that the data they used contain no information about individual consumers’ demographics, which would allow greater understanding of privacy issues. In addition, their proposed framework considered only one-shot data sharing with an advertiser; it did not consider more complex scenarios with multiple risks or utilities, or what happens when an advertiser combines multiple batches or sources of shared data.

    [ad_2]

    Carnegie Mellon University

    Source link

  • 5 Ways to Spot and Avoid Deepfake Phone Scams | Entrepreneur

    5 Ways to Spot and Avoid Deepfake Phone Scams | Entrepreneur

    [ad_1]

    As AI technology advances, the rise of deepfakes poses an ever-evolving threat. These manipulated images, videos, and audios use artificial intelligence to create convincing but false representations of people and events.

    Of particular concern is voice spoofing, also known as voice cloning, which uses AI to create a realistic-sounding recording of someone’s voice. Fraudsters have used voice deepfakes to replicate familiar voices, such as a relative or a bank representative, tricking consumers into parting with money or providing sensitive information.

    In one recent incident, scammers tricked a couple of grandparents into thinking their grandson was locked in prison and needed money for bail, using a replica of his voice to plead for help.

    “We were sucked in,” the poor grandma told The Washington Post. “We were convinced that we were talking to Brandon.”

    How do you protect yourself against such sophisticated trickery?

    “Consumers should be cautious of unsolicited calls saying a loved one is in harm or messages asking for personal information, particularly if they involve financial transactions,” says Vijay Balasubramaniyan, co-founder and CEO of Pindrop, a voice authentication and security company that uses artificial intelligence to protect businesses and consumers from fraud and abuse.

    He offers these five signs that the voice on the other end may be AI.

    Related: How Deepfake Tech Could Affect the Journalism Industry

    Look for long pauses and signs of a distorted voice

    Deepfakes still require the attacker to type sentences that are converted into the target’s voice. This often takes time and results in long pauses. These pauses are unsettling to the consumer especially if the request on the other end is urgent and has a lot of emotional manipulation.

    “But these long pauses are tell-tale signs of a deepfake system being used to synthesize speech,” says Balasubramaniyan.

    Consumers should also listen carefully to the voice on the other end of the call. If the voice sounds artificial or distorted in any way, it could be a sign of a deepfake. They should also be on the lookout for any unusual speech patterns or unfamiliar accents.

    Be skeptical of unexpected or out-of-character requests

    If you receive a phone call or message that seems out of character for the person you know or the organization contacting you, it could be a sign of a deepfake attack. Especially if you are subjected to emotional manipulation and high-pressure tactics that are trying to compel you to help the caller, hang up and independently call back the contact using a known phone number.

    Verify the identity of the caller

    Consumers should ask the caller to provide personal information or to verify their identity using a separate channel or method, such as an official website or an email. This can help to confirm that the caller is who they claim to be and reduce the risk of fraud.

    Stay informed about the latest deepfake technology

    Consumers should keep up-to-date with the latest developments in voice deepfake technology and how fraudsters use it to commit scams. By staying informed, you can better protect yourself against potential threats. The FTC lists the most common phone scams on their website.

    Invest in liveness detection

    Liveness detection is a technique used to detect a spoof attempt by determining whether the source of a biometric sample is a live human being or a fake. This technology is offered by companies such as Pindrop and others to help companies detect whether employees are speaking to a real human or a machine pretending to be one.

    “Consumers also need to ensure they do business with companies that are aware of this risk and have taken steps to protect their assets with these countermeasures,” says Balasubramaniyan.

    [ad_2]

    Entrepreneur Staff

    Source link

  • Making cybersecurity a cornerstone of digital transformation | Bank Automation News

    Making cybersecurity a cornerstone of digital transformation | Bank Automation News

    [ad_1]

    These days, financial institutions have a great deal more to manage than their customers’ money. They must also manage their customers’ personally identifiable information safely and in accordance with an increasing number of regulations — data that makes this sector attractive and therefore more susceptible to cybercriminal attention.

    Headshot of Michael Brown
    Michael Brown, field CISO for financial services, Fortinet

    In addition, if a company doesn’t uphold security standards in accordance with the Payment Card Industry Data Security Standard, it could completely lose its ability to process credit card payments.

    The potential attack surface grows as financial institutions step up their digital operations. A possible vulnerability exists with every work-from-anywhere (WFA) login, service integration and mobile app. As an illustration, many American banks were handed a combined $1.8 billion penalty last year because staff members were using personal messaging apps for work-related purposes.

    Financial institutions require complete cybersecurity solutions that include WFA capabilities, secure networking for branch locations and next-generation firewalls in order to adapt to the current regulatory and threat landscape. These solutions must provide advanced threat prevention from the data center to the endpoint to the edge.

    Real-world impacts of insufficient cybersecurity

    We’ve seen it time and time again — cyberattacks can cause significant and, sometimes, irreparable harm. The concrete repercussions of insufficient cybersecurity can have a lasting impact and a ripple effect.

    These include:

    • Data loss — Financial services organizations hold very sensitive and proprietary information that you don’t want bad actors getting their hands on, whether it’s investment portfolio information or customers’ personally identifiable information like passwords and Social Security numbers.
    • Operational outages — Security teams typically need to identify the attack’s origin and assess the extent of the damage. And when a distributed denial-of-service attack occurs, the intention is to halt business as usual. Both scenarios result in a loss of productivity, both internally and externally. Customers are unable to access their money and employees can’t do their jobs.
    • Fines — In some cases, a company may receive penalties from several regulators for a single incident. The Securities and Exchange Commission and the New York State Department of Financial Services have fined companies for issues like inadequate disclosure controls and cybersecurity-related procedures.

    Additionally, if the penalty includes revoking licenses or charters that you need to operate, one of your business lines or even the entire company could be shut down for noncompliance.

    Reputational damage — It can be quite challenging to bounce back once an organization has shown that it is unable to protect the personal information of its customers. For instance, years after the initial occurrence, the Equifax breach remains a cautionary tale.

    Bolstering strategy with the right features

    To ensure proactive regulatory and cybersecurity compliance, a well-managed solution from a reputable cybersecurity provider can make all the difference. When choosing a solution, financial organizations should consider these aspects:

    • Cloud capabilities — Due to the prevalence of multi-cloud and hybrid cloud networks, many financial services companies need to collaborate with cybersecurity suppliers that provide products that can operate natively in both public and private cloud settings. To provide uniform policy enforcement, the solutions must perform smoothly across on-premises networks and cloud environments. Organizations should choose a cybersecurity provider with a history of innovation and scalable, accessible and safe security solutions.
    • AI/ML and automation — Every day, new cybersecurity risks surface and bad actors are increasingly leveraging artificial intelligence, machine learning and automation. Likewise, these technologies should be part of the arsenal for defending against cyberattacks. Automation can help increase accuracy and decrease human error. Many cybersecurity suppliers employ point solutions to patch vulnerabilities.
    • Seamless customer experience — For customers to be unaware that the cybersecurity solution is operating in the background, it must be seamless. The solution must operate with the current architecture without placing an excessive load on the network. Seconds count; if a customer can’t connect right away, they might go elsewhere for their business.
    • Adaptability — Every milestone on the digital transformation journey should involve cybersecurity. Businesses require adaptable cybersecurity solutions when they change their focus and enter cross-industry disciplines. Financial firms require dependable cybersecurity solutions when the core elements of the business shift or the network grows in unanticipated ways.

    Transform safely

    Even as financial service organizations strive to better serve their customers via digital transformation, they are facing more — and more sophisticated — threats. As data multiplies with frightening speed, organizations must keep that data secure and compliant. If not, fines and loss of reputation and even the whole business can result. Consider the best practices noted above when vetting cybersecurity providers to ensure a safe and compliant business foundation.

    Michael Brown, field CISO for financial services at Fortinet, is a global security evangelist and advisor, helping financial services firms implement digital transformation while enhancing security and resilience. He specializes in cybersecurity regulations, ESG impact, SD-WAN, SD-Branch, Zero Trust, low-latency electronic trading security, SASE, and multi-cloud solutions.

    [ad_2]

    Michael Brown

    Source link

  • A.I. poses human extinction risk on par with nuclear war, Sam Altman and other tech leaders warn

    A.I. poses human extinction risk on par with nuclear war, Sam Altman and other tech leaders warn

    [ad_1]

    The Microsoft Bing App is seen running on an iPhone in this photo illustration on 30 May, 2023 in Warsaw, Poland. (Photo by Jaap Arriens/NurPhoto via Getty Images)

    Jaap Arriens | Nurphoto | Getty Images

    Artificial intelligence may lead to human extinction and reducing the risks associated with the technology should be a global priority, industry experts and tech leaders stated in an open letter.

    “Mitigating the risk of extinction from AI should be a global priority alongside other societal-scale risks such as pandemics and nuclear war,” the statement on Tuesday read.

    Sam Altman, CEO of ChatGPT-maker OpenAI, as well as executives from Google‘s AI arm DeepMind and Microsoft were among those who supported and signed the short statement from the Center for AI Safety.

    The technology has gathered pace in recent months after chatbot ChatGPT was released for public use in November and subsequently went viral. In just two months after its launch, it reached 100 million users. ChatGPT has amazed researchers and the general public with its ability to generate humanlike responses to users’ prompts, suggesting that AI could replace jobs and imitate humans.

    The statement Tuesday said that there has been increasing discussion about a “broad spectrum of important and urgent risks from AI.”

    Read more about tech and crypto from CNBC Pro

    But it said it can be “difficult to voice concerns about some of advanced AI’s most severe risks” and had the aim of overcoming this obstacle and opening up the discussions.

    ChatGPT has arguably sparked much more awareness and adoption of AI as major firms around the world have raced to develop rival products and capabilities.

    Altman had admitted in March that he is a “little bit scared” of AI as he worries that authoritarian governments would develop the technology. Other tech leaders such as Tesla’s Elon Musk and former Google CEO Eric Schmidt have cautioned about the risks AI poses to society.

    In an open letter in March, Musk, Apple co-founder Steve Wozniak and several tech leaders urged AI labs to stop training systems to be more powerful than GPT-4 — which is OpenAI’s latest large language model. They also called for a six-month pause on such advanced development.

    “Contemporary AI systems are now becoming human-competitive at general tasks,” said the letter.

    “Should we automate away all the jobs, including the fulfilling ones? Should we develop nonhuman minds that might eventually outnumber, outsmart, obsolete and replace us? Should we risk loss of control of our civilization?” the letter asked.

    Last week, Schmidt also separately warned about the “existential risks” associated with AI as the technology advances.

    [ad_2]

    Source link

  • DOJ charges former Apple engineer with alleged theft of autonomous car tech for China

    DOJ charges former Apple engineer with alleged theft of autonomous car tech for China

    [ad_1]

    A former Apple software engineer was charged with allegedly stealing Apple’s autonomous technology for a Chinese self-driving car company, the Department of Justice announced Tuesday.

    Weibao Wang worked as a software engineer at Apple from 2016 to 2018, a DOJ indictment said. Wang worked on Apple’s Annotation Team, and was granted “broad access” to databases which the Justice Department said could only be accessed by 2,700 of Apple’s 135,000 employees.

    Wang is the third former Apple employee to be accused of stealing autonomous trade secrets for China.

    Wang has been charged with six separate counts involving the theft or attempted theft of Apple’s “entire autonomy source code,” tracking systems, behavior planning for autonomous systems, and descriptions of the hardware that was behind the systems.

    A year into his employment, four months before he quit his job at Apple, Wang accepted a job at the U.S.-based subsidiary of an unnamed Chinese company which was developing autonomous driving technology and began to siphon “large amounts” of sensitive commercial technology and source code, the indictment alleged.

    In April 2017, only 5,000 of Apple’s 135,000 full-time employees had been informed about the project, the DOJ indictment alleges, or around 4% of the company. An even smaller segment, around 2%, had access to “one or more” of the databases Wang accessed, the indictment continues.

    Law enforcement executed a search of Wang’s home in California on Jun. 27, 2018, where they found large quantities of stolen, confidential, and proprietary data, the indictment alleges. Wang was able to flee the country even after law enforcement executed the search, despite promising that he wouldn’t.

    Wang boarded a flight to Guangzhou, China from San Francisco International Airport. In a press conference, U.S. Attorney for the Northern District of California Ismail Ramsey said Wang was in China and would face ten years in prison for each count if extradited and convicted.

    The charges were announced as part of a sweeping enforcement action led by the Disruptive Technology Strike Force. Four other cases were unveiled across the United States, involving criminal behavior to supply Iranian forces with sensitive ballistic technology, Russian intelligence and research units with quantum technology, and sanctions-violating exports.

    The allegations against Wang come after another Apple employee, Xiaolang Zhang, pleaded guilty in San Jose federal court to a similar theft involving trade secrets in Apple’s car division.

    Like Wang, Zhang had planned to flee to China. Both Zhang and Wang were working at Apple’s autonomous division at the same time, and both left their employment at Apple in 2018.

    Another employee, Jizhong Chen, was also facing federal charges over his alleged 2019 theft of sensitive information. Chen also attempted to flee to China, according to court documents. Chen’s case is proceeding in California federal court.

    Apple did not immediately respond to a request for comment.

    Read the indictment here:

    — CNBC’s Kif Leswing contributed to this report.

    [ad_2]

    Source link

  • Immigration experts on Title 42, analysis of immigration policies, and other migrant news in the Immigration Channel

    Immigration experts on Title 42, analysis of immigration policies, and other migrant news in the Immigration Channel

    [ad_1]

    Title 42, the United States pandemic rule that had been used to immediately deport hundreds of thousands of migrants who crossed the border illegally over the last three years, has expired. Those migrants will have the opportunity to apply for asylum. President Biden’s new rules to replace Title 42 are facing legal challenges. The US Homeland Security Department announced a rule to make it extremely difficult for anyone who travels through another country, like Mexico, to qualify for asylum. Border crossings have already risen sharply, as many migrants attempted to cross before the measure expired on Thursday night. Some have said they worry about tighter controls and uncertainty ahead. Immigration is once again a major focus of the media as we examine the humanitarian, political, and public health issues migrants must face. 

    Below are some of the latest headlines in the Immigration channel on Newswise.

    Expert Commentary

    Experts Available on Ending of Title 42

    George Washington University Experts on End of Title 42

    ‘No one wins when immigrants cannot readily access healthcare’

    URI professor discusses worsening child labor in the United States

    Biden ‘between a rock and a hard place’ on immigration

    University of Notre Dame Expert Available to Comment on House Bill Regarding Immigration Legislation, Border Safety and Security Act

    American University Experts Available to Discuss President Biden’s Visit to U.S.-Mexico Border

    Title 42 termination ‘overdue’, not ‘effective’ to manage migration

    Research and Features

    Study: Survey Methodology Should Be Calibrated to Account for Negative Attitudes About Immigrants and Asylum-Seekers

    A study analyses racial discrimination in job recruitment in Europe

    DACA has not had a negative impact on the U.S. job market

    ASBMB cautions against drastic immigration fee increases

    Study compares NGO communication around migration

    Collaboration, support structures needed to address ‘polycrisis’ in the Americas

    TTUHSC El Paso Faculty Teach Students While Caring for Migrants

    Immigrants Report Declining Alcohol Use during First Two Years after Arriving in U.S.

    How asylum seeker credibility is assessed by authorities

    Speeding up and simplifying immigration claims urgently needed to help with dire situation for migrants experiencing homelessness

    Training Individuals to Work in their Communities to Reduce Health Disparities

    ‘Regulation by reputation’: Rating program can help combat migrant abuse in the Gulf

    Migration of academics: Economic development does not necessarily lead to brain drain

    How has the COVID-19 pandemic affected immigration?

    Immigrants with Darker Skin Tones Perceive More Discrimination

     

    [ad_2]

    Newswise

    Source link