Tag: Cybersecurity

How AI Is Shaping the Cybersecurity Landscape | Entrepreneur

[ad_1]

Opinions expressed by Entrepreneur contributors are their own.

As a CTO with over one and a half decades of expertise in the ever-changing field of cybersecurity, I have been observing the immense impact that artificial intelligence (AI) has had on the wide technological landscape. Also, I have witnessed how AI-based solutions have emerged as a crucial aspect of enhancing processes in various fields and disciplines over the years. And the cybersecurity field is no exception.

The ability of AI-based machine learning (ML) models to identify patterns and make data-driven decisions and inferences present a highly innovative approach to quickly identifying malware, directing incident response and even predicting potential breaches before they occur.

Given the significant potential of AI in the field of cybersecurity, this article explores how AI fits into the broader cybersecurity landscape and how it can be effectively leveraged to enhance the security of businesses and their users, along with some of its limitations.

Related: AI For Cybersecurity: Maximizing Strengths And Limiting Vulnerabilities

Exploring the intersection of Artificial Intelligence and cybersecurity

In the modern era of digitization, data is exponentially generated, and a larger amount of metadata is either saved or received online, whether directly or indirectly. Moreover, for the data to attain its intended location or be utilized for specific purposes, it is frequently crucial to transmit it across a network or store it in a specific database or server.

Here is where cybersecurity practices are implemented to ascertain the ultimate safeguarding of data transmission, storage and access — which is a crucial aspect of the battle against cyberattacks.

As the technological landscape advances, cybercriminals tend to execute a diverse array of illicit activities, leading to substantial disruption in the online community. However, businesses can harness the power of AI and cybersecurity to mitigate risks and enhance security by detecting fraudulent activities and cyberattacks.

Having said that, AI serves as a crucial factor in machine-based decision-making. For example, a sophisticated AI system could detect dubious actions on the network and impede access until the requisite authorization is provided. These AI techniques are predicated on machine learning algorithms, empowering programmers to train algorithms using data collected over an extended duration.

The AI algorithm is designed in such a way that it can recognize and differentiate between legitimate access and fraudulent access. Accordingly, it improves a business’s security by making attacks and irregularities more predictable.

Furthermore, AI technologies have a computational and analytical speed that surpasses human efforts and can determine abnormalities far more quickly than present techniques. As a result, AI and ML techniques can together help businesses defend against cyberattacks that could cost them millions of dollars.

Related: How Companies Can Utilize AI and Quantum Technologies to Improve Cybersecurity

How to leverage AI in the cybersecurity landscape

As previously discussed, AI has many advantages and applications in various fields, including cybersecurity. Given the rapidly evolving nature of cyberattacks and the development of sophisticated attacking mediums, AI can benefit businesses by staying up-to-date in terms of security.

AI can improve threat detection through automation and provide a more effective response compared to traditional security systems and manual techniques. This helps businesses optimize their cybersecurity measures and stay ahead of potential threats. Here are some key benefits of leveraging AI in the cyber security landscape.

Threat detection:

Businesses can tremendously benefit from AI-based cybersecurity practices in identifying cyber threats and disruptive activities by cyber criminals. In fact, the proliferation of new malware is happening at an alarming rate, making it extremely challenging for traditional software systems to keep up with the evolving threat landscape.

AI algorithms, however, discover patterns, recognize malware and find any unauthorized activities done before they impact a system. This makes AI a valuable tool for protecting against cybercrime and maintaining the security of business operations.

In fact, AI and ML-based cybersecurity solutions can significantly shorten the time required for threat identification and incident response, and they can immediately notify the business of unusual behavior.

Bot defense:

Another realm where AI is employed to combat digital threats is the defense against bots. In today’s virtual landscape, a considerable volume of web traffic is generated by bots, some of which pose potential security hazards. Bots, also identified as automatic scripts or software, are used by cybercriminals to initiate attacks on websites, networks and systems.

Furthermore, bots can be utilized for a variety of malicious activities, such as Distributed Denial of Service (DDoS) attacks, takeovers of accounts and the scraping of sensitive information.

AI-based solutions can be used to detect and block bot traffic by analyzing the patterns and behaviors of the incoming traffic. Machine learning algorithms can be trained to identify and flag suspicious activity, such as high volumes of artificial traffic coming from bot networks or abnormal requests.

With AI, businesses can effectively discover the answers to questions like “what seems like a normal user journey?” and “what would be a potentially harmful atypical experience?” by looking at data-based behavioral patterns.

Phishing detection:

AI can greatly benefit the cybersecurity landscape by detecting sophisticated phishing attempts. AI-based machine learning models can analyze and classify incoming emails and messages to identify whether they are legitimate or fraudulent.

By leveraging natural language processing techniques, AI can scan for keywords, phrases and other indicators that are commonly associated with phishing attacks. This lowers the possibility of a successful phishing attack by enabling security teams to swiftly identify and address possible risks.

Moreover, AI algorithms can detect and flag suspicious URLs and domains. Phishing attackers often use deceptive URLs to trick users into revealing sensitive information. AI-based cybersecurity systems can analyze URLs and domain names to identify whether they are genuine or fake. These systems can then block access to malicious websites or display warning messages to users before they interact with the site.

Related: The Rise of Artificial Intelligence in Cyber Defense

Limitations of AI in cybersecurity

AI systems, despite their ever-increasing sophistication, remain beholden to limited knowledge. These systems can only function with the aid of their trained data sets, thus making them potentially impotent in the face of novel or intricate threats that lie beyond their recognized realm. Furthermore, such limitations render them susceptible to both false negatives and false positives, thus facilitating both instances of unidentified threats and unnecessary alarms.

Another crucial risk confronting AI systems is the presence of inherent biases and resultant discrimination. Such biases can emerge as a consequence of unbalanced data sets or faulty algorithms, thus engendering either unfair or inaccurate assessments, potentially leading to serious consequences.

Finally, there exists the formidable threat of an over-reliance on AI systems, which can lead to risky complacency and, eventually, a false sense of safety. This could then lead to a regrettable lack of focus on other crucial aspects of cybersecurity, such as user education, the enforcement of policies and regular system updates and patches.

The application of AI in detecting and combating cybercrime is undoubtedly a game-changer, bringing new and improved levels of efficacy to the cybersecurity domain. Also, it goes without saying that incorporating human intelligence along with AI can overcome any possible limitations posed by AI systems.

There’s presently an extensive acceptance that AI plays an important part in data security, and this acceptance is anticipated to expand over the upcoming years as businesses realize its advantages. In fact, the commercial appraisal of AI in data security is expected to attain $66.22 billion by 2029, growing at a CAGR of 24.2% between 2020 and 2027.

In order to stay ahead of cyber threats, businesses ought to invest in developing and implementing novel AI-based cybersecurity solutions. The continued breakthrough of AI expertise will doubtlessly influence the prospect of data security, and businesses that leverage AI effectively will be best postured to safeguard themselves against cyber threats and provide exceptional user satisfaction, thereby sustaining a competitive advantage.

[ad_2]

Deepak Gupta

Source link

April 6, 2023
Hackers Can Open Garage Doors Remotely By Enabling Nexx Devices | Entrepreneur

[ad_1]

On April 4, Sam Sabetan, an offensive security engineer at Amazon, published findings that Nexx’s smart device products are subject to chilling vulnerabilities — including hackers being able to remotely open users’ garage doors without their consent. Other vulnerabilities include being able to take control of alarms and switch smart plugs on and off for any user.

Sabetan stated that hackers could open garage doors from anywhere in the world.

“It is estimated that over 40,000 devices, located in both residential and commercial properties, are impacted,” he wrote in a Medium blog post. “Furthermore, I determined that more than 20,000 individuals have active Nexx accounts.”

Related: Apple to Roll Out First of Its Kind Technology to Protect Users from Hackers, Spyware

Sabetan also stated that Nexx has “consistently ignored” all attempts at communication from him, the media and the Department of Homeland Security. Sabetan advises any Nexx users to immediately disconnect all devices until the issues are confirmed to be resolved.

The Cybersecurity and Infrastructure Security Agency also posted a warning about the Nexx Garage Door Controller, Smart Plug and Smart Alarm’s vulnerabilities.

Nexx has not responded to the claims. However, on its website, the tabs for Garage, Alarm and Plug all show a “Page Not Found” message as of Thursday morning.

Screenshot of Nexx’s Smart Garage tab on Thursday, April 6, 2023, at 11:01 a.m.

Related: Hackers Steal $620 Million in Massive Gaming Crypto Heist

[ad_2]

Madeline Garfinkle

Source link

April 6, 2023
Does Your Company Need Identity Security Training? Here’s How To Keep Everyone’s Data Safe. | Entrepreneur
[ad_1]

Opinions expressed by Entrepreneur contributors are their own.
Customer identity security is crucial, especially in this day and age.

With an increasing number of cyber-attacks and data breaches, businesses must be vigilant in protecting the identities of their customers.

Let’s discuss why customer identity security awareness is crucial for businesses and what they can do to ensure their customers’ information stays safe.

Related: How to Identity Proof in an Increasingly Virtualized World

Importance of protecting personal information

Identity theft can have severe and long-lasting consequences for individuals, including financial losses, damage to their credit score and even legal issues.

Individuals must protect their personal information and be aware of the risks of online sharing. This includes being cautious of phishing scams, using strong and unique passwords, and regularly monitoring their credit reports.

Related: What Is Phishing? Here’s How to Protect Against Attacks.

Organizations are also responsible for protecting their customers’ information and implementing strong security measures to prevent data breaches.

This includes investing in cybersecurity solutions, regularly training employees on best practices, and conducting regular security audits to identify and address vulnerabilities.

Organizations must also be transparent with their customers about data breaches and the steps they take to protect their information. Here’s why customer security awareness is crucial:

1. Protecting customer information

The number one reason customer identity security awareness is important is to protect the customers’ personal information. Info like names, addresses, phone numbers, email addresses, and payment information are valuable assets for cybercriminals.

Related: 5 Ways to Protect Your Company From Cybercrime

If this information falls into the wrong hands, it can lead to severe consequences, including identity theft, financial fraud, and reputational damage to the business.

2. Maintaining trust and confidence

Companies should be responsible for their customers’ data. If a company experiences a data breach, customer trust and confidence in the business can be severely damaged. This can result in long-term consequences for the business and harm to the company’s reputation.

3. Complying with regulations

Businesses must comply with various regulations and laws governing personal information handling.

For example, the European Union’s General Data Protection Regulation (GDPR) requires businesses to protect personal data and report any data breaches to the relevant authorities. Failure to comply with these regulations can result in substantial fines and legal penalties.

4. Preventing cyber attacks

Cyberattacks are becoming increasingly common and sophisticated, and businesses must be prepared to defend against them. Cybercriminals can use various methods to access sensitive information, including phishing scams, malware, and social engineering attacks.

5. Improving customer experience

Customer identity security awareness can also improve the customer experience. When customers know that their personal information is being protected, they can have peace of mind when conducting transactions with the platform and would love to stay with the brand for longer.

Tips to Improve Customers’ Identity Security Awareness

1. Stay educated and informed

It’s crucial to stay up-to-date on the latest threats and trends in cybersecurity, as well as regularly educate your customers and employees on best practices for protecting their information. You can read industry news and articles, attend webinars and training sessions, and stay informed about new security technologies.

As an enterprise, it’s your responsibility to ensure your customers constantly learn about the latest threats and vulnerabilities and are shielded against them.

2. The use of strong passwords and enabling multi-factor authentication (MFA)

These steps can significantly enhance the security of your accounts and help prevent unauthorized access to your information and identity theft. With MFA, enterprises can stay assured that even if one aspect of authentication, like passwords, is compromised, there’s another stringent mechanism to reinforce customer account security.

Related: What You Need to Know About Multifactor Authentication

Educating your customers regarding strong passwords and your enterprise’s security posture and offering frequent training sessions to utilize the identity management tools efficiently can eventually be a game-changer in reinforcing your customers’ identity security awareness.

3. Educate your customers to review security policies

When it comes to identity security, the threat landscape is quite broad. And a single mistake from your customers’ end could lead to severe consequences that may even hamper your brand reputation. It’s a great idea to educate your customers about the potential threats they may encounter while browsing other platforms.

Here’s what needs to be done from your end to ensure robust customer identity security:
- Educate yourself about the importance of regularly reviewing privacy settings: Ask your customers to regularly review privacy settings on social media and other online accounts that can help prevent sensitive information from being shared with unauthorized individuals. This can include checking who can see personal information.
- Understand what sensitive information is: Ensure your customers are well aware of sensitive information, which includes their social security numbers, credit card numbers, health records, passwords, and even their mother’s maiden name. It is essential to keep this information safe because it can be used for identity theft or fraud.
- Identity protection: Identity protection involves keeping an eye out for suspicious activity in their name or an attempt to gain access to accounts that belong to them. This could include someone applying for credit cards in their name or attempting to access bank accounts linked to their social security number.
In a nutshell, identity security is and will be an important aspect of business and client relations. Neglecting identity security can lead to significant consequences for both individuals and businesses. Businesses must educate their customers about the importance of identity security and provide them with the necessary tools and resources to protect themselves.
[ad_2]

ReadWrite.com

Source link
April 5, 2023
Is Your Start Up Safe? Here Are 7 Reminders On How To Protect It From Common Threats | Entrepreneur

[ad_1]

Opinions expressed by Entrepreneur contributors are their own.

There’s a lot of moving parts when it comes to starting a business. And always the topic of security will come up.

Security is one of those things that has been discussed in detail, but to arm your organization, it’s about making sure that you understand what threats you are up against. It requires a number of physical, digital, and mental security measures to protect your startup; here are some tips that can help you protect your company and promote longevity.

Proper identification

If you want to secure your premises, you’ve got to look from the outside in. Exterior security comes in many different ways, like security cameras, security guards, or fencing, but one of the simplest methods you can use to prevent any intrusion is to issue company ID badges for every member of staff. There are a number of external components that you can leverage, but you must think about proper identification as being a simple notion that underpins your entire business.

Communicating properly

It is essential to make sure your employees are knowledgeable in basic security that can minimize threats. Something like phishing scams is still commonplace, and one of the biggest reasons that companies fall foul of these is because they’re not communicating security measures in simple language. When we talk about security and compliance, we can easily start to overcomplicate the language, and providing information in the most basic ways that everybody can understand means you are not suffering from oversimplification but are benefiting from over-communication.

Related: Your Fight-or-Flight Response Can be a Good Thing at Work — Here’s How to Take Advantage of It

Security is something we must work hard at for our business and of the major problems that can be endemic in startups is using overly complicated language, not just in security but in every other aspect of our business. Ensuring we talk about things clearly and in language that everybody understands can get our point across so the message will spread further.

Appropriate surveillance

Whether inside or outside of your business, you can benefit from surveillance like CCTV, but there’s more to it than just the most up-to-date security system. Surveillance is also about providing deterrence. Potential intruders will weigh up a location to see if it is worth breaking into before anything else. While a security camera can be enough to deter a thief, there are other methods, like clear signage and a professional security firm, that provide reassurance. Surveillance is easier to achieve than ever, as long as you ensure your physical surveillance is more robust you should have no problem protecting your assets.

Internal physical startup security

The topic of security is not just about the exterior. Ensuring that we go beyond ID badges and provide greater access to certain members of the business (and limited access to others) is about a logical approach to investing in security. There are a number of methods beyond ID badges you can take advantage of; physical barriers are one approach, but you can also limit access to more sensitive locations, like data centers, where certain members of staff would not be able to infiltrate. While this can go against the grain of transparency in an organization, if you are looking to protect a number of physical assets from within, you have to implement greater supervision. One of the more common methods of theft comes from within.

Related: 3 Biggest Cybersecurity Threats Facing Small Businesses Right Now

Understanding your employees can steal too

When we place a lot of trust in our employees and someone breaks that trust, it can hurt. Breaking trust can make us feel more inclined to increase our security measures. This is partly why simple internal security measures like a security camera can do a lot, but it’s also about making sure that you recognize the signs of a fraudulent employee.

Backing up data

Regular backups are a simple thing but are critical to disaster recovery. The act of regular backups to a cloud system is one approach. However, if you are not utilizing the cloud yet and are still using hard drives, these can be physically stolen. Keeping them under lock and key is one simple approach. On the other hand, you should implement company policies that stipulate backups need to be stored securely.

Embedding a culture of startup security

To increase your security measures, you need to prioritize a security-oriented culture. Many startups are aware of the importance of culture. They see it as a way to increase trust and help onboard new team members. Whenever somebody comes into your business, this is the ideal opportunity to reiterate your security-based objectives. When you start to bring new team members on board, you can start bringing in new rules. You can also start fine-tuning those security practices. We should take advantage of bringing in new practices especially if we found our security methods have been underwhelming in the past.

It is such a simple thing. When you start to bring newer team members on board, you can give them greater understanding in what makes a more secure business. The foresight to adopt new measures and adapt to older ones will provide greater reassurance. A culture of security within your business has nothing to do with your budget or your employee skill set, but it is one component that greatly improves a business in subtle ways.

When employees have a greater level of autonomy, they will work better. For this to work for your business, you’ve got to fine-tune the culture. Fine-tune what makes a great culture in the first place. Employees need to have that peace of mind. However, you must also ensure you are running a safe company. Placing trust in your employees and implementing autonomous practices can significantly enhance your business’s security. This can be done without necessarily requiring additional equipment investment.

[ad_2]

Under30CEO

Source link

March 24, 2023
ORNL malware ‘vaccine’ generator licensed for Evasive.ai platform

[ad_1]

Newswise — Access to artificial intelligence and machine learning is rapidly changing technology and product development, leading to more advanced, efficient and personalized applications by leveraging a massive amount of data.

However, the same abilities also are in the hands of bad actors, who use AI to create malware that evades detection by the algorithms widely employed by network security tools. Government agencies, banking institutions, critical infrastructure, and the world’s largest companies and their most used products are increasingly under threat from malware that can evade anti-virus systems, hijack networks, halt operations and expose sensitive and personal information.

A technology developed at the Department of Energy’s Oak Ridge National Laboratory and used by the U.S. Naval Information Warfare Systems Command, or NAVWAR, to test the capabilities of commercial security tools has been licensed to cybersecurity firm Penguin Mustache to create its Evasive.ai platform. The company was founded by the technology’s creator, former ORNL scientist Jared M. Smith, and his business partner, entrepreneur Brandon Bruce.

“One of ORNL’s core missions is to advance the science behind national security,” said Susan Hubbard, ORNL’s deputy for science and technology. “This technology is the result of our deep AI expertise applied to a big challenge — protecting the nation’s cyber- and economic security.”

Smith, who worked in ORNL’s Cyber Resilience and Intelligence Division for six years, created the technology — the adversarial malware input generator, or AMIGO — at the request of the Department of Defense. AMIGO was created as the evaluation tool for a challenge issued by NAVWAR for AI applications that autonomously detect and quarantine cybersecurity threats. NAVWAR is an operations unit within the Navy that focuses on secure communications and networks.

“ORNL’s Cyber Resilience and Intelligence Division is a world leader in cybersecurity technology,” said Moe Khaleel, associate laboratory director for the lab’s National Security Sciences Directorate. “Moving AMIGO into the marketplace will help protect our nation’s critical infrastructure from attack.”

“We put AMIGO to the test in a realistic environment. It’s been through the wringer and has been validated at a high technical readiness level,” Smith said. “The core technology is designed to build evasive malware, like a virus, that can bypass an existing detection technology.”

Drawing on more than 35 million malware samples — some publicly available and others never before seen — AMIGO generates optimally evasive malware in tandem with the training information needed for a security system to detect it in the future.

Smith likens the process to vaccine development. “It’s as if we generated a million virus variants and a million vaccines to protect against them — we can collapse that into one vaccine and inoculate everyone. They’re protected against the threat, but also all the natural evolutions of the threat going forward.”

Luke Koch, who in 2019 worked on the AMIGO development team through the DOE Office of Science’s SULI, or Science Undergraduate Laboratory Internship program, is now a doctoral student at the Bredesen Center for Interdisciplinary Research and Graduate Education, a collaboration between ORNL and the University of Tennessee, as well as a graduate research assistant in ORNL’s Cybersecurity Research Group. With Smith’s direction, Koch wrote the binary instrumentation code used in AMIGO.

“Cybersecurity commercialization is important because our adversaries are always probing for weaknesses throughout the supply chain,” Koch said. “One single flaw is all it takes to invalidate a clever and expensive defense.”

Amid a growing public understanding of the power of AI, the team is eager to see AMIGO integrated into Evasive.ai and implemented by national security agencies to protect government assets and infrastructure.

“Bad actors are already using artificial intelligence to advance their attacks,” Bruce said. “As open AI tools improve, attempts to penetrate security systems will increase in volume and sophistication.”

Additionally, long-term use of the Evasive.ai platform could inform a more complete understanding of the mechanisms that contribute to adversarial samples. This insight will make the next generation of machine learning defenses more robust.

And what does any of this have to do with penguins? The company’s playful name is a riff on the problem of a small mutation enabling a virus to evade existing defenses — a penguin disguised with a mustache.

ORNL commercialization manager Andreana Leskovjan negotiated the terms of the license. For more information about ORNL’s intellectual property in information technology and communications, email ORNL Partnerships or call 865-574-1051. To connect with the Evasive.ai team, complete the online form on the Evasive.ai website.

The Bredesen Center program is part of the University of Tennessee Oak Ridge Innovation Institute.

UT-Battelle manages ORNL for the Department of Energy’s Office of Science, the single largest supporter of basic research in the physical sciences in the United States. The Office of Science is working to address some of the most pressing challenges of our time. For more information, please visit energy.gov/science.

[ad_2]

Oak Ridge National Laboratory

Source link

March 23, 2023
What the hell is wrong with TikTok?

[ad_1]

Press play to listen to this article

Voiced by artificial intelligence.

Western governments are ticked off with TikTok. The Chinese-owned app loved by teenagers around the world is facing allegations of facilitating espionage, failing to protect personal data, and even of corrupting young minds.

Governments in the United States, United Kingdom, Canada, New Zealand and across Europe have moved to ban the use of TikTok on officials’ phones in recent months. If hawks get their way, the app could face further restrictions. The White House has demanded that ByteDance, TikTok’s Chinese parent company, sell the app or face an outright ban in the U.S.

But do the allegations stack up? Security officials have given few details about why they are moving against TikTok. That may be due to sensitivity around matters of national security, or it may simply indicate that there’s not much substance behind the bluster.

TikTok’s Chief Executive Officer Shou Zi Chew will be questioned in the U.S. Congress on Thursday and can expect politicians from all sides of the spectrum to probe him on TikTok’s dangers. Here are some of the themes they may pick up on:

1. Chinese access to TikTok data

Perhaps the most pressing concern is around the Chinese government’s potential access to troves of data from TikTok’s millions of users.

Western security officials have warned that ByteDance could be subject to China’s national security legislation, particularly the 2017 National Security Law that requires Chinese companies to “support, assist and cooperate” with national intelligence efforts. This law is a blank check for Chinese spy agencies, they say.

TikTok’s user data could also be accessed by the company’s hundreds of Chinese engineers and operations staff, any one of whom could be working for the state, Western officials say. In December 2022, some ByteDance employees in China and the U.S. targeted journalists at Western media outlets using the app (and were later fired).

EU institutions banned their staff from having TikTok on their work phones last month. An internal email sent to staff of the European Data Protection Supervisor, seen by POLITICO, said the move aimed “to reduce the exposure of the Commission from cyberattacks because this application is collecting so much data on mobile devices that could be used to stage an attack on the Commission.”

And the Irish Data Protection Commission, TikTok’s lead privacy regulator in the EU, is set to decide in the next few months if the company unlawfully transferred European users’ data to China.

Skeptics of the security argument say that the Chinese government could simply buy troves of user data from little-regulated brokers. American social media companies like Twitter have had their own problems preserving users’ data from the prying eyes of foreign governments, they note.

TikTok says it has never given data to the Chinese government and would decline if asked to do so. Strictly speaking, ByteDance is incorporated in the Cayman Islands, which TikTok argues would shield it from legal obligations to assist Chinese agencies. ByteDance is owned 20 percent by its founders and Chinese investors, 60 percent by global investors, and 20 percent by employees.

There’s little hope to completely stop European data from going to China | Alex Plavevski/EPA

The company has unveiled two separate plans to safeguard data. In the U.S., Project Texas is a $1.5 billion plan to build a wall between the U.S. subsidiary and its Chinese owners. The €1.2 billion European version, named Project Clover, would move most of TikTok’s European data onto servers in Europe.

Nevertheless, TikTok’s chief European lobbyist Theo Bertram also said in March that it would be “practically extremely difficult” to completely stop European data from going to China.

2. A way in for Chinese spies

If Chinese agencies can’t access TikTok’s data legally, they can just go in through the back door, Western officials allege. China’s cyber-spies are among the best in the world, and their job will be made easier if datasets or digital infrastructure are housed in their home territory.

Dutch intelligence agencies have advised government officials to uninstall apps from countries waging an “offensive cyber program” against the Netherlands — including China, but also Russia, Iran and North Korea.

Critics of the cyber espionage argument refer to a 2021 study by the University of Toronto’s Citizen Lab, which found that the app did not exhibit the “overtly malicious behavior” that would be expected of spyware. Still, the director of the lab said researchers lacked information on what happens to TikTok data held in China.

TikTok’s Project Texas and Project Clover include steps to assuage fears of cyber espionage, as well as legal data access. The EU plan would give a European security provider (still to be determined) the power to audit cybersecurity policies and data controls, and to restrict access to some employees. Bertram said this provider could speak with European security agencies and regulators “without us [TikTok] being involved, to give confidence that there’s nothing to hide.”

Bertram also said the company was looking to hire more engineers outside China.

3. Privacy rights

Critics of TikTok have accused the app of mass data collection, particularly in the U.S., where there are no general federal privacy rights for citizens.

In jurisdictions that do have strict privacy laws, TikTok faces widespread allegations of failing to comply with them.

The company is being investigated in Ireland, the U.K. and Canada over its handling of underage users’ data. Watchdogs in the Netherlands, Italy and France have also investigated its privacy practices around personalized advertising and for failing to limit children’s access to its platform.

TikTok has denied accusations leveled in some of the reports and argued that U.S. tech companies are collecting the same large amount of data. Meta, Amazon and others have also been given large fines for violating Europeans’ privacy.

4. Psychological operations

Perhaps the most serious accusation, and certainly the most legally novel one, is that TikTok is part of an all-encompassing Chinese civilizational struggle against the West. Its role: to spread disinformation and stultifying content in young Western minds, sowing division and apathy.

Earlier this month, the director of the U.S. National Security Agency warned that Chinese control of TikTok’s algorithm could allow the government to carry out influence operations among Western populations. TikTok says it has around 300 million active users in Europe and the U.S. The app ranked as the most downloaded in 2022.

A woman watches a video of Egyptian influencer Haneen Hossam | Khaled Desouki/AFP via Getty Images

Reports emerged in 2019 suggesting that TikTok was censoring pro-LGBTQ content and videos mentioning Tiananmen Square. ByteDance has also been accused of pushing inane time-wasting videos to Western children, in contrast to the wholesome educational content served on its Chinese app Douyin.

Besides accusations of deliberate “influence operations,” TikTok has also been criticized for failing to protect children from addiction to its app, dangerous viral challenges, and disinformation. The French regulator said last week that the app was still in the “very early stages” of content moderation. TikTok’s Italian headquarters was raided this week by the consumer protection regulator with the help of Italian law enforcement to investigate how the company protects children from viral challenges.

Researchers at Citizen Lab said that TikTok doesn’t enforce obvious censorship. Other critics of this argument have pointed out that Western-owned platforms have also been manipulated by foreign countries, such as Russia’s campaign on Facebook to influence the 2016 U.S. elections.

TikTok says it has adapted its content moderation since 2019 and regularly releases a transparency report about what it removes. The company has also touted a “transparency center” that opened in the U.S. in July 2020 and one in Ireland in 2022. It has also said it will comply with new EU content moderation rules, the Digital Services Act, which will request that platforms give access to regulators and researchers to their algorithms and data.

Additional reporting by Laura Kayali in Paris, Sue Allan in Ottawa, Brendan Bordelon in Washington, D.C., and Josh Sisco in San Francisco.

[ad_2]

Clothilde Goujard

Source link

March 23, 2023
MEPs cling to TikTok for Gen Z votes

[ad_1]

Press play to listen to this article

Voiced by artificial intelligence.

It may come with security risks but, for European Parliamentarians, TikTok is just too good a political tool to abandon.

Staff at the European Parliament were ordered to delete the video-sharing application from any work devices by March 20, after an edict last month from the Parliament’s President Roberta Metsola cited cybersecurity risks about the Chinese-owned platform. The chamber also “strongly recommended” that members of the European Parliament and their political advisers give up the app.

But with European Parliament elections scheduled for late spring 2024, the chamber’s political groups and many of its members are opting to stay on TikTok to win over the hearts and minds of the platform’s user base of young voters. TikTok says around 125 million Europeans actively use the app every month on average.

“It’s always important in my parliamentary work to communicate beyond those who are already convinced,” said Leïla Chaibi, a French far-left lawmaker who has 3,500 TikTok followers and has previously used the tool to broadcast videos from Strasbourg explaining how the EU Parliament works.

Malte Gallée, a 29-year-old German Greens lawmaker with over 36,000 followers on TikTok, said, “There are so many young people there but also more and more older people joining there. For me as a politician of course it’s important to be where the people that I represent are, and to know what they’re talking about.”

Finding Gen Z

Parliament took its decision to ban the app from staffers’ phones in late February, in the wake of similar moves by the European Commission, Council of the EU and the bloc’s diplomatic service.

A letter from the Parliament’s top IT official, obtained by POLITICO, said the institution took the decision after seeing similar bans by the likes of the U.S. federal government and the European Commission and to prevent “possible threats” against the Parliament and its lawmakers.

For the chamber, it was a remarkable U-turn. Just a few months earlier its top lawmakers in the institution’s Bureau, including President Metsola and 14 vice presidents, approved the launch of an official Parliament account on TikTok, according to a “TikTok strategy” document from the Parliament’s communications directorate-general dated November 18 and seen by POLITICO.

“Members and political groups are increasingly opening TikTok accounts,” stated the document, pointing out that teenagers then aged 16 will be eligible to vote in 2024. “The main purpose of opening a TikTok channel for the European Parliament is to connect directly with the young generation and first time voters in the European elections in 2024, especially among Generation Z,” it said.

Another supposed benefit of launching an official TikTok account would be countering disinformation about the war in Ukraine, the document stated.

Most awkwardly, the only sizeable TikTok account claiming to represent the European Parliament is actually a fake one that Parliament has asked TikTok to remove.

Dummy phones and workarounds

Among those who stand to lose out from the new TikTok policy are the European Parliament’s political groupings. Some of these groups have sizeable reach on the Chinese-owned app.

All political groups with a TikTok account said they will use dedicated computers in order to skirt the TikTok ban on work devices | Khaled Desouki/AFP via Getty Images

The largest group, the center-right European People’s Party, has 51,000 followers on TikTok. Spokesperson Pedro López previously dismissed the Parliament’s move to stop using TikTok as “absurd,” vowing the EPP’s account will stay up and active. López wrote to POLITICO that “we will use dedicated computers … only for TikTok and not connected to any EP or EPP network.”

That’s the same strategy that all other political groups with a TikTok account — The Left, Socialists and Democrats (S&D) and Liberal Renew groups — said they will use in order to skirt the TikTok ban on work devices like phones, computers or tablets, according to spokespeople. Around 30 Renew Europe lawmakers are active on the platform, according to the group’s spokesperson.

Beyond the groups, it’s the individual members of parliament — especially those popular on the app — that are pushing back on efforts to restrict its use.

Clare Daly, an Irish independent member who sits with the Left group, is one of the most popular MEPs on the platform with over 370,000 subscribed to watch clips of her plenary speeches. Daly has gained some 80,000 extra followers in just the few weeks since Parliament’s ban was announced.

Daly in an email railed against Parliament’s new policy: “This decision is not guided by a serious threat assessment. It is security theatre, more about appeasing a climate of geopolitical sinophobia in EU politics than it is about protecting sensitive information or mitigating cybersecurity threats,” she said.

According to Moritz Körner, an MEP from the centrist Renew Europe group, cybersecurity should be a priority. “Politicians should think about cybersecurity and espionage first and before thinking about their elections to the European Parliament,” he told POLITICO, adding that he doesn’t have a TikTok account.

Others are finding workarounds to have it both ways.

“We will use a dummy phone and not our work phones anymore. That [dummy] phone will only be used for producing videos,” said an assistant to German Social-democrat member Delara Burkhardt, who has close to 2,000 followers. The assistant credited the platform with driving a friendlier, less abrasive political debate than other platforms like Twitter: “On TikTok the culture is nicer, we get more questions.”

[ad_2]

Eddy Wax and Clothilde Goujard

Source link

March 23, 2023
Cybersecurity Expansion Doesn’t Have to Be an Uphill Battle. Here’s Why | Entrepreneur

[ad_1]

Opinions expressed by Entrepreneur contributors are their own.

How much cybersecurity does a person actually need?

Well, it depends on who you ask. Cyberattack damage will rise to $10.5 trillion by 2025, and security advocates say you can never be too careful when fortifying your data and devices. Of course, cybersecurity on both home and office devices is essential to navigating any digital space, and it’s vital to keep one’s information and sensitive data protected. But in day-to-day life, trying to keep your devices secured can quickly get convoluted.

That’s partially because of the disparate state of the cybersecurity industry. Users are spoiled with protection options from multi-factor authentication (MFA) to VPNs, password managers and good old antivirus programs. But the issue doesn’t come from the selection available. Rather, it’s that most of these cybersecurity tools are not in conversation with each other.

Yes, having your cybersecurity products connected can put them at risk to some extent should one of them become compromised. However, when an individual exclusively uses a password manager, a Google-generated “difficult” password, or MFA on one single account, are they really any safer?

Related: Amazon Ring Is the Latest Target of Notorious Ransomware Gang

Likewise, if a cybersecurity feature a consumer uses gets compromised or hacked, it could discourage them from exploring other security products while they cope with being burned by a clever hacker. Of the millions of accounts exposed in the LastPass breach, many of the consumers using the program probably assumed they were properly fortifying their devices and sensitive information.

Although it’s likely not the best idea to merge every cybersecurity measure under one umbrella, entrepreneurs should see the value in trying to connect the industry’s loose threads.

Making cybersecurity more seamless could end up keeping more people safe in the long run. Building bridges to improve user experience and creating solutions that cover multiple bases also spreads out the long-term viability of a cybersecurity company by expanding its security reach.

If an entire security company’s business rests on the stability and success of one product, it will undoubtedly lose revenue and consumer trust should that one product get breached. And they would need plenty of luck to build up that goodwill without the PR artillery that Big Tech companies have.

Another factor to consider in helping unify cybersecurity lies in its cost. While many programs operate through donations or are free to use in exchange for user data, most serious cybersecurity products come with a price tag.

Around 61% of users in the U.S. rely on free antivirus software, according to an annual report from Security.org. No surprise there, but the same report states roughly 33 million households pay for some type of security software, albeit with no distinction as to how that is spread across VPNs, secure browsers, and other features. This indicates users are willing to pay for personal protection, but only for certain kinds of products.

Likewise, while an individual might pay for an antivirus program or a VPN, it can be hard to convince users to pay for multiple security products unless the individual is a business owner or regularly deals with highly sensitive information.

Related: A Successful Cybersecurity Company Isn’t About Fancy Technology

Outside of home-bound device security, mobile devices have also pushed privacy and security issues to the forefront of tech conversations as they reach near-universal use. Consumers, in general, have become much wearier about their data privacy and how to secure smartphones from malware and attacks, given how much personal information these devices now hold.

But most people don’t read the permissions they allow apps and programs to access on devices, and many don’t go the extra mile to secure their phones outside of the built-in safeguards developed by Apple or Android. As more users search for ways to “declutter” their mobile experience, this shows another clear gap in cybersecurity interoperability.

Companies such as privacy-preserving mobile developer Unplugged are already banking on the need for cybersecurity convergence, offering a multi-pronged app suite to boost mobile and desktop privacy and security. The project operates through a subscription-based model, which creates a new pathway to access high-level security products without having to pay exorbitant fees for each new program.

Despite the siloing of cybersecurity, changes are clearly on the horizon from both a developer and regulatory level. In March 2023 alone, the U.S. government unveiled a beefed-up National Cybersecurity Strategy to set new regulatory standards and corporate responsibilities surrounding cybersecurity. The extensively-updated strategy outlines key pillars, including support for critical infrastructure, addressing the cybersecurity skills gap, setting regulatory baselines and fostering collaboration between the public and private sectors.

Although we have yet to see how these new frameworks will affect consumer-level cybersecurity, the U.S. government, echoing collaboration and connection, shows its necessity in building a resilient cybersecurity future.

Security should be a tenet of any tech product, given how sophisticated attacks can get. As more facets of our daily lives move to the digital realm, there is an imperative to improve security processes before it turns catastrophic. Entrepreneurs should be considering projects in this sector that are working to build common ground and security seamlessness to cut through the general malaise that users might have around protecting their devices.

[ad_2]

Ariel Shapira

Source link

March 21, 2023
UK bans TikTok on government devices following U.S. move

[ad_1]

The U.K. plans to ban TikTok on government phones following similar moves in the U.S. and European Union.

Dan Kitwood | Getty Images News | Getty Images

LONDON — The United Kingdom on Thursday announced plans to ban the use of Chinese-owned video app TikTok on government corporate devices.

Cabinet office minister Oliver Dowden said that, following a review by Britain’s cybersecurity experts, it is “clear that there could be a risk around how sensitive government data is accessed and used by certain platforms.”

Dowden added that apps collect huge amounts of data on users, including contacts and location. On government devices, that “data can be sensitive,” he said.

“The security of sensitive government information must come first, so today we are banning this app on government devices. The use of other data-extracting apps will be kept under review,” the minister said in a press statement.

The TikTok ban begins with immediate effect, according to Dowden, who noted that the move was “precautionary.”

He confirmed the ban would not extend to personal devices for government employees. “This is a proportionate move based on a specific risk with government devices.”

Exemptions for the use of TikTok on government devices are being implemented where necessary for work purposes, but “will only be granted by security teams on a case-by-case basis, with ministerial clearance as appropriate, and with security mitigations put in place,” the government said.

The minister also said that government devices will only be able to access third-party apps that are on a pre-approved list.

In lockstep

Britain’s move follows similar rules in the U.S. and European Union. In late February, the White House gave government agencies 30 days to make sure TikTok was not installed on federal devices. The European Commission, the EU’s executive arm, also banned employees from installing TikTok on corporate and personal devices.

Lawmakers in Washington have repeatedly expressed concern that American user data from TikTok could be sent to China and get into the hands of the government in Beijing.

TikTok has, on several occasions, highlighted the work they’re doing to protect U.S. user data. The company unveiled “Project Texas” last year to “fully safeguard user data and U.S. national security interests.”

TikTok said it is working with U.S. firm Oracle to store all U.S. data by default on the American firm’s cloud, in a move to assuage Washington’s fears.

Pressure is mounting globally on TikTok. The U.S. Committee on Foreign Investment in the United States (CFIUS) told ByteDance to sell its shares in TikTok, or the app could face a U.S. ban. Any ban would choke TikTok off from the massive American market.

[ad_2]

Source link

March 16, 2023
ThreatHunter.ai Launches Comprehensive FIVE EYES Solution to Revolutionize Cybersecurity
[ad_1]

ThreatHunter.ai is proud to announce the launch of its comprehensive FIVE EYES cybersecurity solution, designed to provide complete coverage and protection against all manner of threats

Press Release
–

Mar 14, 2023 21:00 EDT
BREA, Calif., March 14, 2023 (Newswire.com)
–
Leading cybersecurity firm ThreatHunter.ai has announced the launch of its comprehensive FIVE EYES solution, a cutting-edge approach to cybersecurity that provides unparalleled protection to organizations. FIVE EYES represents the most comprehensive and advanced suite of cybersecurity services on the market, utilizing the latest advancements in AI, machine learning, and human expertise to provide complete coverage and protection against even the most sophisticated threats.

The FIVE EYES solution is built on a foundation of five core components: First Eyes, More Eyes, Extra Eyes, Secret Eyes, and Private Eyes.
- First Eyes helps businesses without robust cybersecurity programs to manage potential risks and protect against cyber attacks, providing an essential supplement to their existing cybersecurity measures.
- More Eyes offers advanced capabilities for threat detection and response, including 24/7 monitoring and dedicated cybersecurity experts to manage potential threats.
- Extra Eyes provides businesses with real-time mitigation and hands-on support, including MSSP services and vCISO programs, to help them manage potential cyber threats.
- Secret Eyes offers businesses a live threat feed of intelligence, specific and unique to each customer, providing an unmatched level of protection against cyber threats.
- Private Eyes offers dark web monitoring and customized threat intelligence, helping businesses to keep track of data that may have leaked and protecting them from reputational and financial damage.
“At ThreatHunter.ai, we believe that cybersecurity is more than just a series of tools and technologies,” said CEO James McMurry. “It’s about combining advanced AI and machine learning with expert human threat hunters to deliver a comprehensive solution that truly provides complete coverage and protection. That’s what the FIVE EYES solution is all about.”

ThreatHunter.ai’s FIVE EYES solution is available now, and interested organizations can contact the company for more information.

About Threathunter.ai

ThreatHunter.ai, a 100% Service-Disabled Veteran Owned Small Business, is a leading provider of AI-driven threat hunting solutions. Its advanced machine learning algorithms and expert analysis help organizations detect, identify, and respond to cyber threats. Its solutions are designed to supplement existing security resources and provide a fresh perspective on how to address today’s complex cyber threats.

For more information about ThreatHunter.ai and the “Five Eyes” program, please visit www.threathunter.ai/eyes-platform.

Source: ThreatHunter.ai
[ad_2]

Source link
March 14, 2023
How Phishing Is Threatening the Cybersecurity Landscape | Entrepreneur
[ad_1]

Opinions expressed by Entrepreneur contributors are their own.
In our recent Consumer Cybersecurity Trends report, RAV researchers delved into the threats facing consumers over the last year. It was relatively unsurprising when once again, phishing took the top spot for cybercriminal activity.

There are various types and various ways for threat actors to pull off a phishing attack. Let’s dive into the most prevalent, and also the sneakiest, of ways that phishing is currently threatening the cybersecurity landscape for consumers today.

Related: What Is Phishing? Here’s How to Protect Against Attacks.

Email phishing

It may sound like old news by now, but phishing attacks by email don’t seem to stop coming — and it’s surprising how many people still fall victim to them.

This February, Reddit employees were victims of an email phishing campaign that affected hundreds of company contacts and employees. According to a Reddit statement at the time, “the attacker sent out plausible-sounding prompts pointing employees to a website that cloned the behavior of our intranet gateway in an attempt to steal credentials and second-factor tokens.”

Whether this attack could have been avoided is up for debate. At the very least, the fact that an employee was aware enough to understand what was underway and raise the alarm to their security team is vital. The sooner an attack can be mitigated, the better.

As well as email phishing via malicious links and attachments, the weaponization of office documents sent via email has also increased. Office documents that hide macro code are still very common, and 2022 saw many files sent as phishing documents to lure users to run the malicious code.

Related: 4 Things Your Employees Are Doing Right Now That Are Compromising Your Network

Spear phishing

Unlike the traditional “spray and pray” approach, whereby mass phishing emails are sent to as many recipients as possible in the hopes they’ll get at least a few hits, “spear phishing” is a targeted phishing attack aimed at a specific individual or organization.

Cybercriminals will research their target in order to personalize the attack and increase their credibility, with the intent of persuading the target to disclose sensitive information or trick them into making payments.

While finance teams and executives would seem to be the most likely targets of spear-phishing campaigns, sales departments might also see an increase — mainly because a sales team member is more likely to receive emails from outside an organization. These employees could be a viable entry point for hackers trying to infiltrate an organization.

Social media is also a factor here, as many employees that use social media, either for personal or professional use, underestimate just how vast their digital footprint may be. In Q1 of 2022, LinkedIn users accounted for 52% of all spear-phishing targets globally, and users were cautioned to be on their guard for a rise in spear-phishing campaigns.

The biggest takeaway here should be that criminals are looking for the weakest link in a company, no matter who they are trying to target. One wrong click from an unsuspecting employee is all it takes, so they will keep trying again and again to ensnare their next victim.

And taking spear phishing attacks to the next level, “whale phishing” targets the most senior-level company members, like the CEO or CFO. Whaling phishing techniques may involve impersonating these figureheads, in order to trick an employee into authorizing high-value money transfers to the attacker or disclosing vital company information.

Related: Is Your Business Prepared for a Cyber Attack? (Infographic)

Smishing

In general, users are misguidedly more trusting of text messages than they are of email. In actual fact, as most smartphones can receive text messages from any number in the world, smartphone users aren’t really afforded any SMS privacy at all.

Phishing conducted via SMS, also known as “smishing,” will entice a victim into revealing personal information via a link through compelling SMS text messages. Unfortunately, not enough users are aware of the dangers of clicking links in text messages.

These links may lead to credential-phishing sites or inject malware designed to compromise the phone itself. The malware can then be used to spy on the victim’s smartphone data or silently send sensitive data to an attacker-controlled server.

Compromised privacy

But what is it that we are afraid of? What can a phishing attack lead to? Once a threat actor has access to data, they can set to work to use it for their own nefarious purposes — be it holding the data ransom, using it for financial theft or creating further disruption for a company (e.g., doxing or cyber espionage).

For example, Atlassian recently suffered a cybersecurity breach in the form of a phishing attack that compromised customers and business insider information, including company floor plans. The attack is thought to have been achieved through using an employee’s credentials. We see from this that phishing can lead to unwanted and unwarranted prying eyes into a company’s inner sanctums, and it puts both consumers and businesses at risk for further interference. The plethora of phishing techniques is presumably why it ranks as the preferred method of attack for so many cybercriminals.

To protect against phishing attacks, whether as a consumer, employee or business owner, following some basic guidelines will be invaluable:
- Be wary of unsolicited mail and unexpected emails, especially those that call for urgency.
- Double-check transactions or data disclosure through a secondary means of communication (e.g., phone calls or face-to-face).
- Watch out for telltale signs of phishing attempts, such as the misspelling of words, the incorrect use of URLs and completely irrelevant messaging.
- Additionally, pay attention to emerging technologies on the market — it remains to be seen whether newly available clever AI chatbots could be used to construct phishing emails.
Above all, ensure all staff has cybersecurity training. All employees should be aware of basic tactics used in spear phishing emails, such as tax-related scams, CEO fraud and other social engineering tactics via email. Education and awareness are key defense skills as the majority of these phishing techniques will only actually succeed due to human error.
[ad_2]

Andrew Newman

Source link
March 13, 2023
The Role of Cybersecurity in Building Trust with Customers and Investors | Entrepreneur
[ad_1]

Opinions expressed by Entrepreneur contributors are their own.
The number of cyber attacks launched each year is growing rapidly. Data shows that in 2019, up to 60% of small businesses went bankrupt and had to shut down within six months after falling victim to cyberattacks.

Everything suggests these numbers will only grow. The digitized world presents many opportunities but also risks. Companies are often targeted not only by malicious individuals but even by politically engaged groups.

Related: The Impact of Bad Bots Can Be Devastating for Your Business. Here’s How.

They need to protect themselves, but what is at stake? When it comes to cyberattacks, most executives worry about the loss of profits and essential data. Not everyone thinks about what a cyberattack could mean for their brand’s reputation.

This leads to a perception of cybersecurity as a simple tool designed only to protect data. For many, it is just an item to cross off the to-do list rather than an investment.

How hackers can destroy a brand’s reputation

In the age of digitization and social media, word travels fast. This means that your business can lose its reputation in a matter of days or even hours. This is especially true for startups and young companies. While the biggest fish in the market usually recovers, a startup’s reputation is priceless and often cannot be rebuilt.

Related: 3 Ways You Can Be Successful Without Falling into the ‘Hustle Culture’ Trap

Customers trust the recommendations and opinions of their friends and the people they interact with, so reputation and trust are key, especially when it comes to cybersecurity. If a company falls victim to a cyberattack, its customers are likely to simply turn away from it – even if they were not directly affected by the breach.

Current customers are informed and opinionated. They pay attention to their privacy and data protection. Many clients and investors can and will check that their services are secure, especially if they involve financial transactions. One breach can lead to a mass of social media posts and articles, cementing the brand as untrustworthy and unsafe. This often leads to bankruptcy for a small company without a strong customer base.

What are the most common threats leading to reputational damage?
- Phishing scams. Phishing relies on human error. The scammer contacts the victim via email, phone, or other means and impersonates a trustworthy person or organization (such as a company executive or co-worker). Phishing scammers lure victims into sharing confidential data or downloading malicious files disguised as reports, financial documents, etc.
- Ransomware. Ransomware is a type of malicious software designed for one purpose: to encrypt important files so they are inaccessible and to exploit them so that the victim pays a ransom to regain access to the data. Hackers using ransomware also often threaten to leak data. This type of attack many times ties to phishing scams.
- Data breaches. A data breach occurs when unauthorized individuals gain access to sensitive data. They don’t all require hacking into systems – sometimes, data breaches occur simply by accessing employees’ devices (e.g., by stealing them).
- Man-in-the-middle attacks. A man-in-the-middle attack means that a hacker (or hackers) intercepts and decrypts (if necessary) information passing between two seemingly secure parties. Hackers oftentimes ransom or sell stolen data.
How to protect companies’ reputations in the digitized world?

As proven, a single data breach can lead to a huge drop in a company’s overall credibility. Cybersecurity can no longer be a simple checkbox to check but should be at the heart of all operations. Building and maintaining trust is the key. How to achieve it?

Related: 5 Reasons Why Strategic Planning is Vital for Entrepreneurs

Here are some tips:

Implement a zero-trust policy: A zero-trust policy means that no one in your company can be trusted. It sounds harsh, but it is one of the best ways to minimize the risk of human error and unauthorized access to data. Make sure that no one in your company can join the network without permission and that employees only have access to the data they need.

Invest in technology: Modern security goes far beyond strong passwords and avoiding suspicious ads. If you want your operations to be secure, you need the right hardware and software. Tools like VPNs will help you encrypt and protect your data, while firewalls will block some attempts to access your network without permission.

Use split tunneling: What is split tunneling? A feature offered by recommended VPNs. It allows you to split your traffic between two “tunnels” – a normal one and an extra-protected one. This feature is great for businesses, as it will enable them to use their internal networks normally while protecting the data sent over the web.

Build awareness in your company: Train your employees and conduct regular simulations to reduce the risk of human error. After all, phishing is one of the biggest threats to businesses. If you want your employees to be immune to it, make sure they know what they are dealing with.

Build your organizational culture around cybersecurity: Treat security as something that is an integral part of your business – not just an add-on. Make sure every process is integrated with best practices and everyone in the company is on the same page.
[ad_2]

Under30CEO

Source link
March 10, 2023
Top Morningstar strategist names a deeply discounted tech stock, in a sector poised for strong growth

[ad_1]

[ad_2]

Source link

February 26, 2023
Entrepreneur | The Key Ingredient Company’s Miss Trying to Be Energy Efficient

[ad_1]

Sustainability and green initiatives have grown in importance for businesses in recent years. Although firms are implementing many eco-friendly activities and policies, there is increasing pressure to take positive steps regarding technology and IT equipment.

Sustainability reports are considered the norm in many companies. With new patterns of remote or hybrid working, green companies, however, strive to do more by sourcing eco-friendly products, identifying energy-efficient equipment (and processes), and investing in renewable energy.

But online security is another significant area that many organizations miss.

As companies expand and become more collaborative and connected through technology, their critical systems must stay secure. Can this strategy truly be considered energy-efficient?

Related: A Job in This Industry Is Not Only In Demand in 2023 — Our Future Depends on It

How much energy your technology drains

Energy consumption by IT equipment, computers, servers, and thousands of other IoT (Internet of Things) devices is notoriously lacking in measurable data. A whitepaper by The Shift Project summarized that digital technologies are essential in the global effort to end dependence on fossil fuels. But the energy impact of this growing use could cause a ‘net increase’ in sectors’ carbon footprint.

It’s almost impossible to estimate every device’s usage as it pertains to a company’s energy-preservation efforts. Even more challenging is the challenge of estimating the electricity consumed in securing devices, networks, and systems. In addition, you will also need to calculate the energy costs in protecting a business’ IT equipment from cyber-attacks.

Tech experts will usually be the first to highlight how energy-efficient modern digital devices and systems are within a company. Meanwhile, there is a counterargument that argues that the IT industry’s share of energy use is steep, producing total emission levels similar to that of global transport.

Despite the evidence that IT and cybersecurity cannot be considered 100% green and renewable, it’s only fair to applaud the industry’s efforts at finding renewable sources to use. Modern digital technology can optimize how more energy-intensive activities can be conducted.

Safeguarding your cybersecurity

It’s easy to overlook the amount of energy used when using essential devices, appliances, and systems every day, whether for work, school, or personal enjoyment.

All of these everyday devices emit energy, including mobile phones, computers, boilers, washing machines, lights or heating systems, and the reality is, all of these devices are necessary. These devices’ adequate and appropriate protection is also crucial and fundamental for their successful operation and synchronicity.

The risk of cyber threats has only grown in scale and severity over the years. Cyberthreats range from financial crime, ransomware, DDoS (distributed denial of service), and malware to hacking secure networks and systems to gain access to sensitive information.

The threat landscape remains volatile for companies across all industries, and, ironically, the energy industry is particularly susceptible. Cybercriminals may be financially, economically, or politically motivated, with attacks severely disrupting activities. Not just daily activities and operations, but long-term strategic ones, too.

Recently the cybersecurity firm Redscan surveyed 180 CFOs, CEOs, and other financial executives worldwide about cybersecurity. The results showed an ‘overconfidence’ around cyber risks, according to Mark Nicholls, Chief Research Officer of Redscan.

“Almost 87% of the surveyed executives expressed this confidence, yet 61% of them had suffered at least three significant cyber incidents in the previous 18 months,” he said.

Companies that are taking steps to improve global energy efficiency might be severely stunted if they do not implement proper security controls to protect networks and infrastructure.

Simply ignoring cybersecurity is not an option, so what can businesses do to make sure this requirement is addressed in a way that doesn’t prohibit their energy preservation?

Enhancing energy efficiency through tech

Investing in environmentally friendly technology is one of the most effective ways a business can save more energy. This can range from small changes such as LED lighting, green switches, and smart heating controls to large-scale systems like wind turbines, solar panels, geothermal heating, or water conservation plans.

Establishing widespread use of energy-efficient technologies requires companies to be mindful of future cyber needs. Building owners will likely need to upgrade IT infrastructure to accommodate modern safeguarding, so they must be supported to ensure all changes are handled with excellent care and consideration for preserving energy.

[ad_2]

Ryan Kh

Source link

February 17, 2023
By the Numbers: Nearly half of security execs report an FI cyberthreat in past year | Bank Automation News

[ad_1]

Despite strategic investments in cybersecurity, the financial services sector is no fortress. Attacks are constant regardless of the amount of money and talent poured into the sector, according to “Global Perspectives on Threat Intelligence,” a report released on Monday by cyberthreat intelligence firm and Google subsidiary Mandiant. In a survey of 1,350 security executives in […]

[ad_2]

Brian Stone

Source link

February 17, 2023
The inventor of the web thinks everyone will have their own personal A.I. assistants like ChatGPT

[ad_1]

More control over your data. No blockchain. And your own personal artificial intelligence assistant, like ChatGPT.

These are all part of the vision of the future of the web, according to internet inventor Sir Tim Berners-Lee and CEO of Inrupt John Bruce, who spoke on CNBC’s Beyond The Valley podcast published Friday.

Inrupt is a company they co-founded which aims to deliver the web inventors’ original vision of the way the internet should work.

Berners-Lee said that when he invented the web in 1989, “if you were sufficiently switched on geeky, you could get yourself a computer. And you could put a web server on it, you could plug it into the internet. And you could have a website.”

“The spirit of the web was incredibly empowering to individuals,” he said.

But in his view, something has gone wrong since, with the concentration of power now in the hands of large internet companies.

Through their company Inrupt, Sir Tim Berners-Lee, the inventor of the World Wide Web, and John Bruce, are trying to change the future of the internet. Their vision is a future where users have more control over their data.

Sam Barnes | Sportsfile | Getty Images

“Well, everybody’s on Facebook, so they don’t have the website. They all use Mark Zuckerberg’s website,” Berners-Lee said.

“When people look you up on Facebook, you don’t control actually what they see … Mark Zuckerberg’s algorithms control what news gets fed to them as they’re looking at your stuff,” he told CNBC.

“That’s very disempowering. It is very useful to Facebook. They have a lot of data about people that they they use for targeting them with advertisements … but what we’ve lost is the ability for individuals to have power.”

In control of data

His solution? A product that allows users to control their data and how it’s used. Currently, internet companies collect data on users by default, as a way of using their services.

But Berners-Lee and Bruce’s start-up Inrupt is working on a different way forward. The aim is for users to have a single sign-on across different products and services on the internet.

Data will be stored in so-called “pods,” which are basically a person’s personal data online storage container. Individuals can grant a website or service access to their pod, or silo of data, rather than websites taking data by default.

The system is built on an open protocol on the internet called Solid.

“And that’s the ‘yin’ and the ‘yang’ of Inrupt, which is the personal empowerment. And the opportunity for individuals to take more command over their role on the web,” Bruce told CNBC’s Beyond The Valley.

Such an idea would require buy-in from large internet players. But Bruce said there is an “endless trudge” from companies to get more data on users, so they can target them with products and services. But the endeavour is showing diminishing returns for companies, he said.

“The other way of doing it is instead of, you know, figuring out blindly ‘Are you the likely candidate for my product or service?’ How about I just ask you in a legitimate way? And you tell me,” Bruce said, referencing the idea that users would be able to share the data that they want with companies from their pod.

Users will also need to change their behavior, and there needs to be a desire to control their data in this way. Berners-Lee admitted this change wouldn’t come overnight but instead “bit by bit.”

Your own personal A.I. assistant

In the wide-ranging Beyond The Valley episode, Bruce and Berners-Lee also addressed new artificial intelligence product ChatGPT which was developed by OpenAI.

Backed by Microsoft, ChatGPT is an AI-powered chatbot, that responds to questions from users.

Berners-Lee said that users can run their own AI, much like their own personal version of Amazon’s Alexa or Apple’s Siri, when they have their own data pods.

That’s because in the future that Berners-Lee sees, users will have all sorts of data stored in their pods — from fitness information to online shopping habits. The AI could use all that data to learn and be able to assist a user.

“Sometimes you have the whole data spectrum — all of the data to do with your collaborations and your coffees and your projects and your dreams. And the books you’re reading and … all of your life, then that is in your pod. You run AI on that. That could be sweet,” Berners-Lee said.

Web3 or Web 3.0?

What Berners-Lee and Bruce are working on at Inrupt is all part of the future of the internet.

Some have termed it Web3, which proponents say will be a decentralized version of the internet — one that is not dominated by a handful of powerful players such as Amazon, Microsoft and Google.

Many Web3 advocates suggest it will be built on some sort of blockchain technology. Blockchain is the technology that first came to light with bitcoin but has since evolved.

But Berners-Lee is keen to call the next generation of the internet Web 3.0, emphasizing the dot.

“It’s not blockchain,” he said.

Web3 proponents suggest blockchain could be used to underpin the future of the internet. But Berners-Lee said the technology is not fast enough nor does it afford enough privacy.

He also said cryptocurrencies like bitcoin are “only speculative.”

Gavin Wood, founder of blockchain infrastructure company Parity Technologies, coined the term “Web 3.0.”

Wood spoke to CNBC last year about his vision for the future of the web in a previous episode of Beyond the Valley. He advocated blockchain technology as part of the future web make-up.

[ad_2]

Source link

February 17, 2023
Cybersecurity Defenders Are Expanding Their AI Toolbox
[ad_1]
Newswise — Scientists have taken a key step toward harnessing a form of artificial intelligence known as deep reinforcement learning, or DRL, to protect computer networks.

When faced with sophisticated cyberattacks in a rigorous simulation setting, deep reinforcement learning was effective at stopping adversaries from reaching their goals up to 95 percent of the time. The outcome offers promise for a role for autonomous AI in proactive cyber defense.

Scientists from the Department of Energy’s Pacific Northwest National Laboratory documented their findings in a research paper and presented their work Feb. 14 at a workshop on AI for Cybersecurity during the annual meeting of the Association for the Advancement of Artificial Intelligence in Washington, D.C.

The starting point was the development of a simulation environment to test multistage attack scenarios involving distinct types of adversaries. Creation of such a dynamic attack-defense simulation environment for experimentation itself is a win. The environment offers researchers a way to compare the effectiveness of different AI-based defensive methods under controlled test settings.

Such tools are essential for evaluating the performance of deep reinforcement learning algorithms. The method is emerging as a powerful decision-support tool for cybersecurity experts—a defense agent with the ability to learn, adapt to quickly changing circumstances, and make decisions autonomously. While other forms ofAI are standard to detect intrusions or filter spam messages, deep reinforcement learning expands defenders’ abilities to orchestrate sequential decision-making plans in their daily face-off with adversaries.

Deep reinforcement learning offers smarter cybersecurity, the ability to detect changes in the cyber landscape earlier, and the opportunity to take preemptive steps to scuttle a cyberattack.

DRL: Decisions in a broad attack space

“An effective AI agent for cybersecurity needs to sense, perceive, act and adapt, based on the information it can gather and on the results of decisions that it enacts,” said Samrat Chatterjee, a data scientist who presented the team’s work. “Deep reinforcement learning holds great potential in this space, where the number of system states and action choices can be large.”

DRL, which combines reinforcement learning and deep learning, is especially adept in situations where a series of decisions in a complex environment need to be made. Good decisions leading to desirable results are reinforced with a positive reward (expressed as a numeric value); bad choices leading to undesirable outcomes are discouraged via a negative cost.

It’s similar to how people learn many tasks. A child who does their chores might receive positive reinforcement with a desired playdate; a child who doesn’t do their work gets negative reinforcement, like the takeaway of a digital device.

“It’s the same concept in reinforcement learning,” Chatterjee said. “The agent can choose from a set of actions. With each action comes feedback, good or bad, that becomes part of its memory. There’s an interplay between exploring new opportunities and exploiting past experiences. The goal is to create an agent that learns to make good decisions.”

Open AI Gym and MITRE ATT&CK

The team used an open-source software toolkit known as Open AI Gym as a basis to create a custom and controlled simulation environment to evaluate the strengths and weaknesses of four deep reinforcement learning algorithms.

The team used the MITRE ATT&CK framework, developed by MITRE Corp., and incorporated seven tactics and 15 techniques deployed by three distinct adversaries. Defenders were equipped with 23 mitigation actions to try to halt or prevent the progression of an attack.

Stages of the attack included tactics of reconnaissance, execution, persistence, defense evasion, command and control, collection and exfiltration (when data is transferred out of the system). An attack was recorded as a win for the adversary if they successfully reached the final exfiltration stage.

“Our algorithms operate in a competitive environment—a contest with an adversary intent on breaching the system,” said Chatterjee. “It’s a multistage attack, where the adversary can pursue multiple attack paths that can change over time as they try to go from reconnaissance to exploitation. Our challenge is to show how defenses based on deep reinforcement learning can stop such an attack.”

DQN outpaces other approaches

The team trained defensive agents based on four deep reinforcement learning algorithms: DQN (Deep Q-Network) and three variations of what’s known as the actor-critic approach. The agents were trained with simulated data about cyberattacks, then tested against attacks that they had not observed in training.

DQN performed the best.
- Least sophisticated attacks (based on varying levels of adversary skill and persistence): DQN stopped 79 percent of attacks midway through attack stages and 93 percent by the final stage.
- Moderately sophisticated attacks: DQN stopped 82 percent of attacks midway and 95 percent by the final stage.
- Most sophisticated attacks: DQN stopped 57 percent of attacks midway and 84 percent by the final stage—far higher than the other three algorithms.
“Our goal is to create an autonomous defense agent that can learn the most likely next step of an adversary, plan for it, and then respond in the best way to protect the system,” Chatterjee said.

Despite the progress, no one is ready to entrust cyber defense entirely up to an AI system. Instead, a DRL-based cybersecurity system would need to work in concert with humans, said coauthor Arnab Bhattacharya, formerly of PNNL.

“AI can be good at defending against a specific strategy but isn’t as good at understanding all the approaches an adversary might take,” Bhattacharya said. “We are nowhere near the stage where AI can replace human cyber analysts. Human feedback and guidance are important.”

In addition to Chatterjee and Bhattacharya, authors of the AAAI workshop paper include Mahantesh Halappanavar of PNNL and Ashutosh Dutta, a former PNNL scientist. The work was funded by DOE’s Office of Science. Some of the early work that spurred this specific research was funded by PNNL’s Mathematics for Artificial Reasoning in Science initiative through the Laboratory Directed Research and Development program.

# # #
[ad_2]

Pacific Northwest National Laboratory

Source link
February 16, 2023
How AI and Machine Learning Are Improving Fraud Detection in Fintech

[ad_1]

Opinions expressed by Entrepreneur contributors are their own.

Internet fraud is a menace in our various financial institutes, and many fintech companies have been victims of this fraud game. Detection of these attacks comes in two ways: through inconsistent traditional methods or using ever-growing artificial intelligence mechanisms.

Traditional methods, such as the rule-based method, are still widely used by most fintech companies in contrast to AI. At the same time, some are adjusting to leverage machine learning and artificial intelligence, improving ways to detect fraud. Hence, bringing us to the question below.

How have AI and machine learning improved fraud detection in the fintech industry? What specific applications does this technology touch, and what mechanisms complement it? We have compiled key areas where its application has become highly beneficial.

Related: Fraud Detection In Fintech: How To Detect And Prevent Frauds In the Lending Industry

Fishing out identity thieves before they penetrate a server

Identity theft is common, but with the rise of AI, its effect on the fintech industry has been reduced drastically. Users are bound to become more susceptible to fraud in this area when activities like creating accounts, submitting applications or filing tax returns become more computerized. Digitized data is easier to access, giving identity thieves more possibilities to penetrate the server. For instance, identity thieves can create accounts in someone else’s name, get access to that person’s benefits or even steal their tax returns using the stolen identification information. In curbing these anomalies, AI is to the rescue. AI-driven identity theft detection systems such as pattern recognition are pretty good at reducing the danger of such scams and spotting them early on. Depending on the circumstance, the models may be able to identify suspicious transactions, behaviors or information in the supplied documents that do not fit the customer’s usual patterns of behavior, therefore averting a possible danger.

Quick detection of credit card fraud through identification of unusual transactions

Customers may secure their credit card and account information in various ways, such as by utilizing virtual private networks or virtual cards or checking the website certifications. However, with fraud tactics becoming more sophisticated, organizations handling credit card transactions and transfers must scan them to avoid any risks. AI methods such as data mining have been provided with a sizable dataset that includes both kinds of transactions (i.e., card transactions and transfers) to be trained to spot fraudulent behavior. By analyzing it, the model can spot fraud red flags. Are there possible ways the illegal transaction can be flagged and detected on time? Yes, for instance, a rapid spike in the customer account’s weekly or monthly transaction values or a purchase made in a store that doesn’t ship to the country where the account holder resides. All these can be swiftly detected with the help of AI, and fraud can be mitigated on time to avoid running losses.

Related: How Artificial Intelligence Is Changing Cyber Security Landscape and Preventing Cyber Attacks

Detection of money laundering amidst account activities

Fintech companies and banks use deep learning AI algorithms such as neural networks to uncover undiscovered connections between criminal conduct and account activity. Money laundering is difficult to identify with traditional approaches since the signs are frequently quite subtle. Still, since the emergence of artificial intelligence, every action is carefully considered because such practice typically involves large sums of money and is carried out by organized criminal organizations or entities that appear to be genuine.

Despite a thorough mechanism put in place, individuals are undoubtedly susceptible to errors. It gets challenging to spot money laundering-related acts among cover-up activities because they leave no room for suspicion, but AI has been at the forefront of detecting such. For instance, a wrong transfer of funds might be the key to revealing a set of illegal activities. In addition, there are situations when several transactions on an individual’s account come together but don’t appear legitimate when scrutinized. These patterns could be quickly identified by AI systems put in place, and fraudulent activity could be prevented on time.

Early detection of fraudulent loan and mortgage applications

In recent times, most fintech companies and banks heavily rely on fraud detection AI technologies to assess loan and mortgage applications by fraudsters. It is a crucial component of their risk assessment and aids the analysts in their day-to-day job. With machine language, they can extract pertinent data from the applications and analyze them using a model developed through a dataset that includes both legitimate applications and those flagged as fraudulent. The essence of AI in this area is to detect trends that can likely lead to fraud so that alarms can be swiftly raised, whether accurate or not. It allows the analyst in charge to scrutinize further, which could either lead to acquittal or fraud prevention. It also helps fintech companies to predict the chance of a customer committing fraud as it can help forecast trends by examining consumer behavior data.

Related: Digital Twins: AI & ML Transforming the Fintech Landscape

Banks and fintech companies still occasionally believe that rule-based methods are safer and more straightforward. Traditional rule-based methods and AI tend to support one another but will likely change sooner. This is due to the complexity of rule-based systems having their bounds and the fact that fraud efforts are getting more sophisticated and dynamic than in the past. The rule-based method is a losing struggle since it necessitates the creation of new rules each time new patterns appear. Instead of constantly being one step behind, fintech companies can actively foresee fraud using AI and machine learning techniques to safeguard their financial integrity.

[ad_2]

Taiwo Sotikare

Source link

February 14, 2023
How to Protect Your Business and Personal Bank Accounts
[ad_1]

Opinions expressed by Entrepreneur contributors are their own.
In 2021, Americans lost approximately $5.8 billion from identity theft. There were 2.8 million consumer identity theft incidents reported, which means there could have been much more. Of that, $2.3 billion were from imposter scams, and $392 million were from consumer online shopping. For businesses, 47% of all businesses had one form or another of fraud affect them. According to the FBI, in 2020, scams cost U.S. businesses over $1.8 billion. And since 2020, fraud cases are up by over 70%.

If you’re not alarmed by this info, you should be.

The hard truth is that even though many companies you deal with will try to keep your personal and business information private and inaccessible to these criminals, it ultimately comes down to you being fully aware of the various types of identity theft there are, and most importantly, how to prevent it from happening. If you take the stance that this is someone else’s responsibility, you’re placing yourself and your business at high risk simply by having the wrong attitude!

So, here is some great info that you can take action on for both your business and personal protection:

Related: How to Prevent Identity Theft in Today’s Digital World

1. What is identity theft?

The below definitions come straight from the Bureau of Justice Statistics website: The definition of personal identity theft includes three general types of incidents:
- unauthorized use or attempted use of an existing account
- unauthorized use or attempted use of personal information to open a new account
- misuse of personal information for a fraudulent purpose.
The definition of business identity theft (also known as corporate identity theft) is:
- The illegal impersonation of a business.
In that broad description of business fraud, it includes any type of business structure that has an Employee Identification Number (EIN), also known as a Tax Identification Number (TIN) — meaning that this can range from a sole proprietor making peanuts to a large C-corp generating millions.

2. Various types of identity theft

There are many ways that people can get your business/personal information. Here are the most common:
- Online: This is what most folks think of when they think of identity theft. This involves crimeware, which is considered malicious software used to steal personal information. We usually call these things worms. The most common types include phishing, spyware and Trojan horses through emails. And the best way to prevent this from happening is to avoid unsecured networks, such as those found in airports, coffee shops, etc. Delete any emails that seem suspicious. Another idea is to keep your spyware protection software on your computer systems as up-to-date as possible.
- Offline: This is almost 90% of how all fraud starts! Let’s call this one “old school.” This is when you receive calls or emails that request your business and/or personal information. Scammers will impersonate any number of companies, like banks, insurance and even IRS agents! The scammers will always say that you owe them money for one reason or another (by the way, did you know that your bank will never call and say you owe them money? Nor will the IRS). What’s the best way to fight this type of fraud? First, never give out your business or personal information to any company, no matter how legitimate the phone call or email seems. Second, simply hang up if it’s a phone call and/or do not reply to any email — just hit delete.
- Large-scale identity theft: This is when a hacker gets past a firewall at a company like Target and can then access your account numbers, credit card and/or debit card numbers along with PIN numbers. In this type of instance, there isn’t much you or I can do to prevent this type of breach from happening. What we can do is be prepared for a rapid reaction. This type of theft will make national news, so if you hear of this happening, respond immediately by changing your all usernames and passwords and canceling and then ordering new debit and credit cards.
- Internal employee identity theft: This is when you have employees with access to vital banking and account information. They may wire or Zelle funds to themselves or anyone. They can steal checks from your office and write those checks to themselves or others. They can also sell this information to people for cash if they choose to. The reality is that if you have provided this employee with access to your bank account, then the banks cannot do much since you allowed someone access. Therefore, the bank is not at fault, and while they will do what they can to help and get some money back, they are not responsible, you are. The good news is that the court system can do something about this situation. The only way to prevent this is either by doing all your banking yourself, and/or being REALLY picky about who gets access and to what information.
Related: Make Your Businesses Invulnerable to Corporate Identity Theft

3. Examples of business identity theft
- Bogus social media accounts: Check your social media accounts, and see if there are any Facebook pages, Instagram pages or other social media sites you use that are pretending to be your business.
- Bogus websites: Naïve customers are directed to these sham websites through search engines, various social media ad campaigns or phishing email scams.
- Phishing emails: These fake emails are sent by scammers to employees and usually have a type of spyware attached to them that will activate once you click on a link.
- Bogus tax information: Scammers use stolen business information to file fraudulent tax returns in order to attempt to receive a refund.
- Ransom of your trademark: Criminals steal your business name/logo and register it as an official trademark of their own. Then, after they wreak havoc, they’ll actually demand a ransom to release the trademark!
- Bogus invoices: You’ll get this from a scammer pretending to be your vendor asking for money. It will look legit as it will have the logo, etc. on it.
4. How to prevent personal and business identity theft:

There are many, many ways to help prevent identity theft. Here is a short list to get you started:
- Shred any and all statements: Credit cards, bank, mortgage, etc. Better yet, set up auto-pay and use online statements instead.
- NEVER provide personal/business info over the phone: Never do this unless you made the call and can identify the person/company.
- Software protection: Consider getting some type of protection onto your personal and business computer.
- Get identity theft protection: Think of companies like LifeLock.
- Don’t keep your SS card in your wallet/purse: Maybe even consider this for ALL your credit and debit cards?
- Create longer passwords: If you can get 10-15 digits in there, with a mix of letters, numbers and special characters, then you have a good one.
- Check your credit reports: Be sure to check your credit reports at least monthly if not more often. You can get them from the actual credit companies, not the knockoffs.
- Be wise about shopping online: Practice common sense here. Use sites like Amazon and not some unknown site.
- Be wise about social media: Maybe only send friend requests to folks you actually know, and give a double-check on an account that looks weird or off in some way.
- Unsecure networks: Stay away from places like coffee shops that have Wi-Fi but are not secure.
- Healthy skepticism: When someone is contacting you by email or phone, be VERY sure of who they are before clicking any links or providing any info.
Pro Tip: Ninety percent of fraud is still initiated by receiving a phone call, NOT from someone mysteriously accessing your bank account. I help customers each week with fraud, and the truth is that the fraud happened because they GAVE a fraudster the username and password over the phone. Every. Single. Time. Just be smart, folks.

Related: How to Protect Yourself and Your Business From Fraud
[ad_2]

John Kyle

Source link
February 13, 2023
This Type of Cyber Attack Preys on Your Weakness. Here’s How to Avoid Being a Victim.
[ad_1]

Opinions expressed by Entrepreneur contributors are their own.
You may not realize it, but social engineering attacks are the most common form of cyber attack out there. And, do you know why they are so popular?

For starters, to carry out a cyber attack, social engineering is incredibly effective. You can gain access to systems and data simply by tricking the owner into giving up their login credentials or other sensitive information. Social engineering attacks are difficult to detect because they rely on human interaction. Yes, there have been so many successful attacks using this method, but it’s interesting to know that it can be controlled. In this article, I’ll be exposing you to different forms of social engineering attacks and how you can protect yourself from them.

Related: How Small Businesses Can Shield Themselves Against Cyberattack

What is social engineering?

Social engineering is the art of gaining unauthorized access to a network or sensitive information by exploiting human behavior or psychology. Social engineering is a popular component used as an initial access vector to gain access to a network.

Social engineering is carried out mostly via email — phishing. One example of such an attack is the 2016 FACC hit. According to this report, the CEO and CFO of FACC got fired as a result of the whaling incident that cost the company $47 million. An email, claiming to be from the CEO, asked an employee to transfer funds to support an acquisition. After the cybercriminal was long gone with the funds, it was discovered that both the email and the deal were fake. This describes how dangerous social engineering is — as it relies on human error and not some sort of software or operating systems.

In recent years, there has been an increase in sophisticated social engineering attacks plaguing organizations. Examples of sophisticated social engineering attacks are reverse tunneling and URL shorteners, which are used by cybercriminals to launch virtually undetectable phishing campaigns.

While cyber attackers often use social engineering tactics to try and get their targets to reveal sensitive information such as passwords and financial data, it is very important you know that this method of attack is so effective and has a high success rate because people are often the weakest link in an organization’s security. Hackers can use social engineering to bypass technical security measures, such as firewalls and antivirus software, by exploiting the trust and willingness of individuals to help others or follow instructions. More so, social engineering attacks are often relatively low cost, as they don’t require the attacker to invest in expensive tools or infrastructure.

Additionally, social engineers are very calculative, clever and manipulative. Most cybercriminals employ social engineering to gain initial access to a network because it’s easier to manipulate and fool people than break into a secure system. Here are the four major types of social engineering to watch out for:

Phishing: Phishing attacks are the most widely used form of social engineering you need to watch out for. It involves acquiring personal and sensitive information about an individual or an organization via email by disguising itself as a trustworthy entity in electronic communication.

Pretexting: Pretexting is also another type of tricky social engineering technique to watch out for. In this kind of attack, the threat actor creates a false scenario where the victim feels compelled to comply. The attacker typically acts as someone in executive rank to intimidate and persuade the victim to follow their order.

Vishing: Vishing is another type of social engineering attack technique that has a high rate of success. It is important to watch out for this kind of attack that is done over voice communication. Typically, the visher pretends to be from a legitimate company and tries to urge you to share your sensitive information, like the example highlighted earlier.

Baiting: Baiting is another form of social engineering that exploits human weakness. The attacker puts up something enticing or compelling to lure the victim into a social engineering trap. For example, you might get “Congratulations, you are a lucky winner of an iPhone 14. Click on this link to claim it.” “Download this premium Adobe Photoshop software for $69. Offer expires in two hours.”

As an active internet user, you might have come across this or not; well, it’s advisable to pass without clicking because it’s most likely a trap!

Related: Hackers Aren’t The Only Unseen Enemy Behind Cyber Attacks — Your Board’s Ignorance Could Be To Blame, Too. Here’s What You Can Do About It.

Social engineering attacks are successful because they exploit human vulnerabilities

In this digital age where so much of our personal information is out there for the taking, it is easy for cyber attackers to gain our trust and get what they want. Moreover, it is not just clicking on phishing emails that can leave you open to an attack. It can be as simple as answering a phone call from someone who is pretending to be from your bank or tech support.

Social engineering attacks are incredibly easy to execute. All it takes is a little bit of knowledge about how people work and some basic hacking skills. Then with it, a skilled hacker can easily get information from innocent victims, information that can be used to gain access to networks or steal identities.

However, that does not mean you are powerless against them. Well, here are key tips that can help you recognize and prevent social engineering attacks from happening to you.

Common telltale signs that indicate you’re under the web of social engineering attackers:
1. When you keep receiving unusual emails and phone calls from unknown sources especially when they contain attachments and links to click on.
2. When an unknown person keeps requesting your sensitive and personal information such as name, address, DOB, credit card numbers and so on.
3. When an unknown person creates a sense of urgency and pressure just to get you to act swiftly without proper thoughts or analysis on matters related to work or personal accounts. And many more.
How can you protect yourself from social engineering attacks?
- Firstly, be aware of the dangers of social engineering attacks. These attacks are becoming more and more common, so it is crucial to be vigilant.
- Be suspicious of unsolicited emails, calls or texts and never give out your personal information unless you are sure who you are dealing with. For example, if you receive an email from someone you do not know asking for sensitive information, do not respond. If you are not sure whether an email is legitimate or not, do not hesitate to reach out to the sender to verify its authenticity.
- Only enter your information on trusted websites and make sure the URL starts with “HTTPS.”
- Make sure the security software of your computer is up-to-date.
- Use two-factor authentication, which is an extra layer of security that requires something you know (like a password) and something you have (like a physical security key or mobile app).
- Make sure your passwords are strong and unique. Do not use the same password for multiple accounts, and ensure that your passwords are a mix of letters, numbers, and symbols.
- Keep your personal information private. Do not share your passwords or login credentials with anyone, and be careful about the information you post online. Keep your personal information private!
Social engineering attacks thrive in exploiting the human factor. People are often the weakest link in cybersecurity, and attackers know how to take advantage of that using social engineering.

Remember that this is one of the most common ways cyber attackers gain access to your systems. That means they use deception to gain your trust and then extract information from you, like your passwords or login credentials.

Now you have learned what you can do to keep yourself safe, remember that cyber attackers are experts at getting people to click on links and open attachments. Therefore, be vigilant when you are browsing the web and emailing.

To fortify yourself against social engineering attacks, you have to stay up-to-date on the latest security threats. How do you do that? Do that by subscribing to a cybersecurity newsletter and reading blog posts on cybersecurity, such as this one, to stay informed.
[ad_2]

Ejiofor Francis

Source link
February 9, 2023