Netherlands Prime Minister Mark Rutte speaks with U.S. President Joe Biden. The U.S. has been putting pressure on the Netherlands to block exports to China of high-tech semiconductor equipment. The Netherlands is home to ASML, one of the most important companies in the global semiconductor supply chain.
Susan Walsh | AFP | Getty Images
Washington has its eyes on the Netherlands, a small but important European country that could hold the key to China’s future in manufacturing cutting-edge semiconductors.
The Netherlands has a population of just over 17 million people — but is also home to ASML, a star of the global semiconductor supply chain. It produces a high-tech chip-making machine that China is keen to have access to.
The U.S. appears to have persuaded the Netherlands to prevent shipments to China for now, but relations look rocky as the Dutch weigh up their economic prospects if they’re cut off from the world’s second-largest economy.
These machines are required to make the most advanced chips in the world, and ASML has a de-facto monopoly on them, because it’s the only company in the world to make them.
This makes ASML one of the most important chip companies in the world.
U.S. pressure on the Netherlands appears to have begun in 2018 under the administration of former President Donald Trump. According to a Reuters report from 2020, the Dutch government withdrew ASML’s license to export its EUV machines to China after extensive lobbying from the U.S. government.
Under Trump, the U.S. started a trade war with China that morphed into a battle for tech supremacy, with Washington attempting to cut off critical technology supplies to Chinese companies.
President Joe Biden’s administration has taken the assault on China’s chip industry one step further.
In October, the U.S. Department of Commerce’s Bureau of Industry and Security introduced sweeping rules requiring companies to apply for a license if they want to sell certain advanced computing semiconductors or related manufacturing equipment to China.
Pressure on the Netherlands to fall in line with U.S. rules continues. Alan Estevez, the under secretary of commerce for industry and security at the U.S. Department of Commerce, and Tarun Chhabra, senior director for technology and national security at the U.S. National Security Council, reportedly spoke with Dutch officials this month.
“Now that the U.S. government has put unilateral end-use controls on U.S. companies, these controls would be futile from their perspective if China could get these machines from ASML or Tokyo Electron (Japan),” Pranay Kotasthane, chairperson of the high-tech geopolitics program at the Takshashila Institution, told CNBC.
“Hence the U.S. government would want to convert these unilateral controls into multilateral ones by getting countries such as the Netherlands, South Korea, and Japan on board.”
The National Security Council declined to comment when contacted by CNBC, while the Department of Commerce did not respond to a request for comment.
A spokesperson for the Netherlands’ Ministry of Foreign Affairs said it does not comment on visits by officials. The ministry did not reply to additional questions from CNBC.
Last week, U.S. Secretary of State Antony Blinken hailed the “growing convergence in the approach to the challenges that China poses,” particularly with the European Union.
But the picture from the Netherlands does not appear as rosy.
“Obviously we are weighing our own interests, our national security interest is of utmost importance, obviously we have economic interests as you may understand and the geopolitical factor always plays a role as well,” Liesje Schreinemacher, minister for foreign trade and development cooperation of the Netherlands, said last week.
She added that Beijing is “an important trade partner.”
Opinions expressed by Entrepreneur contributors are their own.
Statistics on the number of scam websites that litter the internet are disturbing. During 2020, Google registered more than 2 million phishing websites alone. That means more than 5,000 new phishing sites popped up every day — not to mention the ones that avoided Google’s detection. In 2021, the U.S. Federal Bureau of Investigation (FBI) reported nearly $7 billion in losses from cybercrime that is perpetrated through these sites.
What exactly are scam websites? Scam websites refer to any illegitimate website that is used to deceive users into fraud or malicious attacks. Many scammers operate these fake websites and will download viruses onto your computer or steal passwords or other personal information.
Reporting these sites as they are encountered is an important part of fighting back. In other words, if you see something, say something. Keeping quiet, even if you avoid falling prey, allows the scammers to aim at another target.
Perhaps you’ve received a suspicious link in an email? Or maybe a strange text message that you haven’t clicked on. Fortunately, there are many organizations out there that have launched efforts aimed at reducing the threat that they pose. In general, these organizations put scam websites on the radar by collecting and sharing information about them. In some cases, they prompt an investigation into the scammers behind the sites.
It’s free to report a suspicious website you’ve encountered, and it takes just a minute. Here are eight ways you can report a suspected scam website to stop cyber criminals and protect yourself and others online.
1. The Internet Crime Complaint Center
The IC3, as it is known, is an office of the FBI that receives complaints from those who have been the victims of internet-related crime. The IC3 defines the internet crimes that it addresses to include illegal activity involving websites. Complaints filed with the IC3 are reviewed and researched by trained FBI analysts.
2. Cybersecurity and Infrastructure Security Agency
CISA, which is an agency of the U.S. Department of Homeland Security, targets a wide range of malicious cyber activity. It specifically requests reports on phishing activity utilizing fraudulent websites. Information provided to CISA is shared with the Anti-Phishing Working Group, a non-profit focused on reducing the impact of phishing-related fraud around the world.
3. econsumer.gov
The econsumer.gov site, run by the International Consumer Protection and Enforcement Network, is for reporting international scams. It is supported by consumer protection agencies and related offices in more than 65 countries. A secure version of their site is used by law enforcement agencies to share info on scams.
4. Google Safe Browsing
While Google does not have a mechanism for reporting all varieties of website scams, there is a form for reporting sites that are suspected of being used to carry out phishing. Reports made via the form are managed by Google’s Safe Browsing team. Google’s Transparency Report provides information on the sites that it has determined to be “currently dangerous to visit.”
This service was founded by Cisco Talos Intelligence Group to “pour sunshine on some of the dark alleys of the Internet.” Phishtank includes an ever-growing list of URLs reported as being involved in phishing scams. To date, it has received more than 7.5 million reports of potential phishing sites. It says that more than 100,000 of the sites are still online.
Antivirus providers such as Norton, Kaspersky, and McAfee have forms that can be used to identify pages that users feel should be blocked. Scam sites would definitely fall under that category. With some antivirus platforms, reporting forms can only be accessed by registered users. Norton’s is open to anyone.
7. Web host
There is a chance that the DNS service hosting the scam site will take action to shut it down. There are a variety of online resources that can help you to find the DNS of a particular site. Once you identify it, send a message to their customer service reporting the site in question and the experience that you had.
8. Share your experience on social media
This is actually more like sounding an alarm than filing a report, but it might protect one of your connections who stumbles upon the same site or is targeted by the same type of scam. At the very least, it could draw attention to the fact that scam sites affect real people. A post on Facebook about a close call you had with a scam might better equip your network to avoid any dangerous entanglements. If it does, they’ll thank you.
Opinions expressed by Entrepreneur contributors are their own.
For some businesses, fraud is nothing more than an accepted expense casually factored into the company’s bottom line. But for those who understand the true threat, fraud is a risk that must be prevented and stopped at all costs. We’ve become so accustomed to fraud’s existence that it now, unfortunately, seems like a fact of life. It doesn’t have to be this way, but preventing fraud requires a paradigm shift. It requires knowing your customer (KYC) and adopting practices that many companies have shied away from for years. Fraud will keep increasing until the business world embraces prevention from the first stages of customer interaction.
Fraud is a business problem
The internet has made fraud easy. Covid-19 made it even easier, with more businesses moving their workflows to digital platforms. Unfortunately, without a subsequent improvement in security practices, this digitalization exponentially increased the attack surface area for fraudsters worldwide who won’t hesitate to seize the advantage. According to LexisNexis, there was a 19.8% increase in fraud costs from 2019 to 2022.
Fraud costs are a real problem for businesses. Of course, individuals bear the cost of fraud as well, but companies see a significant impact on their bottom line. Each $1 of fraud, according to the same LexisNexis study, costs eCommerce merchants in America an actual $3.75 once the response is all said and done. All told, fraudsters were able to steal about $28 billion in 2021 alone through identity fraud. Our current economic downturn means fraudsters will be more, not less, bold in their attacks.
Clearly, fraud is more than a pesky issue. Not only does it cost both businesses and customers vast amounts of money, but it can also lead to significant damage to a brand. Businesses risk losing customers’ trust if they don’t appear to be tackling the issue and keeping their customers safe. This problem is incumbent upon companies to solve. However, it’s not as hard as we might think.
Most scams start at account creation, where a fraudster impersonates a real person or creates a fake persona to carry out fraudulent activity. KYC has historically consisted of methods like human-based document verification, SSN, knowledge-based authentication (KBA), as well as other database information to identify a person is who they are claiming to be by what they know about the individual. This might have worked 20 years ago, but the traditional methods we have been accustomed to are not cutting it anymore. Too much personal information is available online, and fraudsters can usually find the answers to security questions through data dumps or trolling a victim’s social media. Luckily, the solution already exists, using widely-accepted tools and stopping identity fraud at the source — account creation.
Strong KYC practices at onboarding have often been avoided because of the misconception that they create too much friction for users. Truthfully, the tools are in place to make this a frictionless transaction. All the customer needs to do at the onset is capture their government-issued ID and then take a selfie. Such a small step can significantly reduce problems later on by creating an environment where fraud is prevented from the outset. It also sets the stage for frictionless continued fraud prevention using the selfie biometric for ongoing re-authentication.
The secret behind strong, ongoing KYC
Strong onboarding practices create a highly effective and streamlined re-authentication process for subsequent transactions with a customer. As the customer continues to interact with a business, it can use advanced analytics to build a baseline of behavior to assess risk levels dynamically. All the customer sees is the occasional request for a selfie, which then is compared with multiple other data points to verify a person’s identity.
Another term for this practice is multi-factor authentication (MFA). That’s lazily been construed as “security measures” like SMS-based one-time passcodes. Unfortunately, while such added security measures are standard in business, they’re among the easiest MFA methods to break — a thief can intercept an SMS-based code for as little as $16.
That doesn’t mean MFA needs to be completely thrown out. The concept is based in fact: The most secure identity verification consists of a combination of something you are, something you know and something you have. The hardest to spoof is something you are: biometrics. These include fingerprints, facial scans, voice recognition and retina scans (among many others). Today’s modern biometrics proofing is quickly approaching 100% accuracy.
Incorporating these security measures also creates much stronger assurances for the company, since friendly fraud is a big problem. With facial recognition integrated into the account management process, companies now have time-stamped, verified proof that a person did make that purchase. With some simple tweaks to identity verification, businesses could save over $48 billion per year in fraudulent chargebacks.
The journey doesn’t stop at biometrics, though. A robust orchestration layer is needed to organize the tiny pieces of data spread across the internet into a comprehensive picture of each unique customer. This behind-the-scenes work can help monitor the KYC fundamentals to vet for fraud continuously.
Orchestration and active monitoring also help keep the good customers while weeding out (or even preventing from the start) the customers you’d rather not do business with. Using a trusted vendor to execute these third-party identity verification actions, on top of the original and ongoing verification methods maintained in-house, helps businesses with underwriting. You can also assess risk in real-time; if a customer is usually in California but trying to sign in from Russia, you’re better able to catch the fraud and stop it in its tracks.
Simple KBA methods alone can’t keep up with advanced identity fraud techniques. Unfortunately, many companies equate better identity proofing with a worsened customer experience, but in reality, fraud prevention can enhance interactions and even streamline workflows for businesses and customers alike. Businesses can have their cake and eat it, too, by incorporating better identity verification from the start of the customer’s journey, along with biometric-based MFA and continuous, active monitoring. Our customers deserve it, and it will take a big bite out of the global identity fraud game.
Opinions expressed by Entrepreneur contributors are their own.
“There is no kind of dishonesty into which otherwise good people more easily and frequently fall than that of defrauding the government.”
These words of wisdom from Benjamin Franklin have, unfortunately, proven timeless. People have been defrauding the government for centuries, but last month, the US hit an estimated $45 billion in COVID-19-related unemployment fraud. Now the government starts the long, costly and inefficient process of recouping the money, conducting investigations and punishing those responsible. This process is often called the “pay and chase” model.
With all that fraud, it can be challenging for government agencies and private companies to separate the wheat from the chaff (or, in this case, the fraud from the noise). For example, is a person calling your call center with a device you haven’t seen before actually an existing customer with a new phone or someone attempting to take over an account?
These issues create room for inefficiencies and cost companies huge operational sums when they cannot tell the difference. But, going too heavy with stricter verification that may dampen the customer experience is also something you have to avoid. The good news is it’s possible to identify fraudulent activity with modern technology better and thus increase efficiency.
At its core, the focus of fraudsters has remained on tricking people into giving access to as much money or data as possible. It’s nothing new; the term “con man” was likely coined in the 1800s. Whether it’s Bill Starbuck’s “The Rain Song” from the musical 110 in the Shade, where the charismatic con man convinces townspeople to give him money to make it rain and end a drought, or someone calling your grandmother and pretending to be a government agency, fraud has always been, and always will be.
Our ability to close fraud loopholes is improving. Still, fraudsters are constantly creating new schemes, and technology continues to enable them to get better at fooling us and covering their tracks. This requires businesses and the government to react to new trends quickly; the best defense against fraud is to be aware of the techniques, remain on guard and educate consumers to do the same. All the while, businesses and governments must walk a tightrope between restricting freedoms too much and being purely reactive to crime.
The public and private sectors utilize call centers for customer account issues and require telephonic calls for some account actions. Unfortunately, these call centers are very susceptible to fraud. The time customer service reps spend trying to distinguish between fraud and noise (i.e., the legitimate calls that get flagged as fraud) distracts from more critical business and carries high costs.
For example, in the financial services industry, the cost of fraud to businesses is $4 for every $1 of actual fraud. That means, on average, if a person defrauds $1,000 from a company, that business’s related costs will be $4,000. And this figure doesn’t include additional costs incurred if a fraudster secures enough information on their first attempt to follow up with more attempts on the same business or its clients, nor the cost of reputational damage post-attack.
One of the big problems, though, is that fraud and noise can often seem similar. For instance, imagine you broke your cell phone and got a new one. When you try to access your bank account from your new phone, your account gets flagged because it doesn’t recognize the device. Now, you have to call to unlock your account, and your bank needs to spend resources confirming your identity. This protects the consumer and the bank but introduces inefficiency for both parties.
Is there a solution? Modern identity proofing continues to progress in leaps and bounds. The technology exists now to implement much better identity proofing that’s device-agnostic and uses powerful, behind-the-scenes algorithms to prove a customer’s identity — often without them even realizing what’s going on. Artificial intelligence (AI) helps us use data points across the web to calculate the risk associated with a person or caller and create a dynamic risk profile. Then, based on their risk level, they may be required to complete additional automated steps to log in to their account or conduct business.
There are more straightforward steps, as well. For example, impersonating the dead has long been a lucrative tactic for fraudsters. Years ago, criminals even got hold of the Social Security Administration’s (SSA) Death Master File, a restricted record with millions of people to impersonate. One of the first steps a company can take during the account creation process is to check the Death Master File. Every time a person initiates a request for money with an agency, a quick screening can be done to ensure the person requesting a payment from the government is not a dead person. That would be a sure sign something’s amiss.
Of course, there’s no end to the trickery. Recently, I watched in real-time as a phone-based scam targeted my stepmother. She received a text that appeared to be from a friend saying her email had been the target of a scam, and my stepmom should call a particular number to make sure hers hadn’t also been compromised. I had to explain that it wasn’t her friend texting but someone using her friend’s number.
Older people are especially susceptible to fraud like this, but scammers have discovered impersonating a government agency or some entity with authority is a winner. If we get a call saying we’re in trouble with a government entity, will we ignore it? Probably not — many of us will do exactly what they say.
We aren’t going to be able to screen out fraud completely. But we can get better at thwarting it, saving operational dollars and resources and providing good customer experiences. The greatest vulnerability in any system is usually the humans using it, so implementing more automated identity-proofing and anti-scam tools can help bridge the gap. We can build efficiency into our systems by keeping up with the latest scam trends and implementing adequate technical controls to stop them.
Opinions expressed by Entrepreneur contributors are their own.
Using a person’s face to authenticate themselves is something that humans have been doing for hundreds of thousands of years. New technological advancements have transformed how we interact with one another, and businesses especially are capitalizing on these advancements to verify identity. Those previous pillars of in-person and digital verification, like knowledge-based authentication (KBA), are no longer adequate protection against fraud.
Why? Just as technology advances, so does fraud. Facial biometric technology has become the foundation that businesses and consumers rely on to verify their identities. In this article, we will provide the top five reasons facial biometrics can help your business.
Facial biometrics offer businesses a high degree of confidence that the customer is a legitimate user and is who they claim to be. The authentication process is streamlined in a way that passwords and traditional two-factor authentication (2FA) never could be — all users need to do is look at their device or any other camera to prove their identity.
In addition to being highly difficult for fraudsters to compromise due to the accuracy of facial recognition technology, the leading algorithms also now produce near-zero bias, performing far better than manual human review. In fact, in one recent study of facial recognition algorithms, NIST found the technology could identify passengers boarding an airplane at an accuracy rate of 99.5%. Furthermore, this success rate (for the top facial recognition algorithms) was the same regardless of demographics, meaning race or gender had no meaningful impact on accuracy.
This level of accuracy can significantly impact a business’s ability to combat a variety of types of fraud. For example, companies can have much more confidence at account creation that the user is real through identity confirmation (as long as they match the selfie with liveness detection and an authentic government-issued ID). It can also prevent account takeover fraud; SMS-based 2FA is notoriously easy to intercept, and modern algorithms are getting ever-better at weeding out sophisticated 3D masks or similar facial spoofing hacks.
2. It’s easy for users
Facial biometrics are also effortless for users to adopt. Customers are easily turned off by clunky authentication measures like KBA, particularly if they’re required multiple times during a transaction. It’s much simpler to look at your camera and take a selfie instead of inputting a password or receiving a text message.
Facial biometrics is also gaining wider and wider acceptance among the general population. As concerns about privacy and accuracy are addressed and corrected, this technology will continue to gain widespread acceptance. While using any biometrics method is better than not using it at all, there is a reason why all of our devices have moved to facial biometrics for unlocking: Simply put, it’s easier for the user. Businesses can take advantage of this growing acceptance and make the user experience simpler and more secure with one step, leading to happier customers.
More and more businesses are adopting heavy underwriting practices to combat fraud and meet regulatory requirements. Friendly fraud is a high cost to modern businesses. Unfortunately, fraudsters may attempt to claim a legitimate purchase occurred, a subscription was renewed or an account change was made fraudulently and request a chargeback to their payment. Merchants overwhelmingly bear the burden of this fraud when they can’t prove identity, but facial recognition can reduce its occurrence significantly.
Just like having an eyewitness at the scene of the crime, facial biometrics provides businesses with a time-stamped, verified image of a person making a transaction. When someone attempts to dispute a charge, that company has irrefutable proof that the person did, in fact, make the purchase. This is also important for meeting regulatory requirements and even protecting businesses from fines and lawsuits. It also provides solid evidence in the case of any future audits on a customer’s account or purchase history.
4. It can reduce operational costs
Facial biometrics can reduce operational costs by removing the need for current labor-intensive security checks that are used to confirm a customer’s identity for suspicious purchases, wire transfers or account changes. This includes texting or emailing a client as well as even calling them to ensure they are the ones behind the event. These customer service costs can quickly add up, not to mention the fact that you’re increasing the opportunities for your users to experience poor customer service as well as opening your business up to fraud via man-in-the-middle attacks.
In addition, the number of analysts needed to review, monitor and even rectify transactions has swelled. The 2022 LexisNexis True Cost of Fraud Study has now calculated that for every $1 in fraud losses, it actually costs the business $3.75 due to an increase in fraud volume, new digital payment methods and the high cost of replacing and redistributing goods.
Facial biometrics render all of this unnecessary. Companies can eliminate substantial operational costs and save time and resources for their fraud teams simply by pairing a quick selfie with liveness detection. You can be sure with a high degree of certainty that the individual is who they say they are, and your team can stop wasting time analyzing transactions or unlocking accounts.
Finally, facial biometrics can be implemented without concern for customer devices because it’s device agnostic. As long as a device has a camera, it can perform the necessary functions for facial authentication. There’s no requirement for fingerprint scanners or microphones in loud, busy areas; these cameras are small, inexpensive and can be installed at any kiosk where such transactions occur. Furthermore, even cheap cameras can offer accurate facial recognition with modern algorithms. It also helps that almost everyone carries a high-quality camera in their pockets via their mobile device.
People use facial recognition to identify others every day. It’s been a strange century, where our move to digital rapidly outpaced the technology to keep using faces. However, we’re quickly moving past that limitation, and facial biometrics are a reliable gateway for businesses to verify their customers’ identities. It’s time to make the move, and companies that are able to implement facial authentication fully will reap the rewards.
Fitness trackers, which help keep tabs on sleep quality, heart rate and other biological metrics, are a popular way to help Americans improve their health and well-being.
There are many types of trackers on the market, including those from well-known brands such as Apple, Fitbit, Garmin and Oura. While these devices are growing in popularity — and have legitimate uses — consumers don’t always understand the extent to which their information could be available to or intercepted by third parties. This is especially important because people can’t simply change their DNA sequencing or heart rhythms as they could a credit card or bank account number.
“Once the toothpaste is out of the tube, you can’t get it back,” said Steve Grobman, senior vice president and chief technology officer of computer security company McAfee.
The holiday season is a popular time to purchase consumer health devices. Here’s what you should know about the security risks tied to fitness trackers and personal health data.
Stick to a name brand, even though they are hacked
Fitness devices can be expensive, even without taking inflation into account, but don’t be tempted to skimp on security to save a few dollars. While a less-known company may offer more bells and whistles at a better price, a well-established provider that is breached is more likely to care about its reputation and do things to help consumers, said Kevin Roundy, senior technical director at cybersecurity company Gen Digital.
To be sure, data compromise issues, from criminal hacks to unintended sharing of sensitive user information, can — and have — hit well-known players, including Fitbit, which Google bought in 2021, and Strava. But even so, security professionals say it’s better to buy from a reputable manufacturer that knows how to design secure devices and has a reputation to upkeep.
“A smaller company might just go bankrupt,” Roundy said.
Fitness app data is not protected like health information
There can be other concerns beyond having a person’s sensitive information exposed in a data breach. For example, fitness trackers generally connect to a user’s phone via Bluetooth, leaving personal data susceptible to hacking.
What’s more, the information that fitness trackers collect isn’t considered “health information” under the federal HIPAA standard or state laws like California’s Confidentiality of Medical Information Act. This means that personally revealing data can potentially be used in ways a consumer might never expect. For instance, the personal information could be shared with or sold to third parties such as data brokers or law enforcement, said Emory Roane, policy counsel at Privacy Rights Clearinghouse, a consumer privacy, advocacy and education organization.
Some fitness trackers may use consumers’ health and wellness data to derive revenue from ads, so if that’s a concern, you’ll want to make sure there’s a way to opt out. Review the provider’s terms of service to understand the its policies before you buy the fitness tracker, Roundy said.
Default social, location settings may need to be changed
A fitness tracker’s default settings may not offer the most stringent security controls. To boost protection, look at what settings can be adjusted, such as those related to social networking, location and other sharable information, said Dan Demeter, security researcher at cybersecurity provider Kaspersky Lab.
Depending on the state, consumers can also opt out of the sale or sharing of their personal information to third parties, and in some cases, these rights are being expanded, according to Roane.
Certainly, device users should be careful about what they post publicly about their location and activities, or what they allow to become public by default. This data could be searchable online and used by bad actors. Even if they aren’t acting maliciously, third parties such as insurers and employers could get access to this type of public information.
“Users expect their data to be their data and use it how they want it to be used,” Roane said, but that’s not necessarily the case.
“It’s not only about present data, but also about past data,” Demeter said. For instance, a bad actor could see all the times the person goes running — what days and hours — and where, and use it to their advantage.
There are also a number of digital scams where criminals can use information about your location to make an opportunity seem more plausible. They can claim things like, “I know you lost your wallet at so and so place, which lends credibility to the scammer’s story,” Grobman said.
Location data can prove problematic in other ways as well. Roane offers the example of a women seeking reproductive health care in a state where abortion is illegal. A fitness tracker with geolocation services enabled could collect information that could be subpoenaed by law enforcement or be purchased by data brokers and sold to law enforcement, he said.
Use strong password, two-factor authentication, and never share credentials
Be sure to secure your account by using a strong password that you don’t use with another account and enabling two-factor authentication for the associated app. And don’t share credentials. That’s never a good idea, but it can have especially devastating consequences in certain circumstances. For example, a domestic violence victim could be tracked by her abuser, assuming he had access to her account credentials, Roane said.
Also be sure to keep the device and the app up-to-date with security fixes.
While nothing is foolproof, the goal is to be as secure as possible. “If somebody tries to profit from our personal information, we just make their lives harder so it’s not that easy to hack us,” Demeter said.
Customers shop at the Apple Fifth Avenue store for the release of the Apple iPhone 14 in New York City, September 16, 2022.
Andrew Kelly | Reuters
It’s Black Friday and the official start of the holiday shopping season, and there’s a new iPhone 14 for consumers in the market looking to upgrade their Apple device. From better cameras and longer battery life to faster chips, there are plenty of features consumers will consider when buying a new iPhone — that is, if you can find one amid what’s looking like a season short on supply of some of Cupertino’s newest models.
One new safety feature that has been getting a lot of attention is emergency satellite connectivity. Cybersecurity may not be among the top selling points, but the new iPhone and iOS16 do have some significant security upgrades, too.
The focus on security is nothing new from Apple, which has made user privacy one of its key messages for years, regularly adding new security features within iOS updates and on new phone models, like Face ID facial recognition, app tracking prevention and private browsing.
Improved low-light photo abilities and the extended battery life may have appeal than security upgrades on the new Apple iPhone 14, iPhone 14 Plus, iPhone 14 Pro or iPhone 14 Pro Max. But from the new satellite connectivity features to Apple’s first-ever eSIM-only phones, the iPhone 14 offers a range of new technologies to further protect your privacy, including the brand new Lockdown Mode.
Lockdown: Apple’s most extreme security mode
All models of the iPhone 14 come preinstalled with iOS 16, which features a new form of protection called Lockdown Mode. This tool enables an extreme level of protection that prevents malware from accessing your phone, blocking most message attachment types, FaceTime calls, and more. While in Lockdown Mode, phone calls, plain text messages and emergency features will continue to work.
You are not expected to use this feature, unless you are, or soon plan to become, a CEO or head of state.
“It’s only meant for a small section of users who might be targeted by a nation-state threat actor,” said Kathleen Moriarty, chief technology officer at the Center for Internet Security. “That being said, it could be a CEO for a company … [an] official in the government, and that ability to lockdown the device and prevent execution or access to data on your phone could be critical.”
But the feature may be enticing to a broader base of security-minded individuals.
Research has found that more than 90% of unknown security bugs live in code that is rarely executed, said Justin Cappos, associate professor of Computer Science and Engineering at New York University Tandon School of Engineering and a member of New York University’s Center for Cybersecurity. Lockdown Mode does remove that risk, while making the phone experience “a little more inconvenient” for most users.
After testing out Lockdown Mode, Cappos said the only visual changes he noticed were fonts appearing differently and the icons for health apps not displaying correctly. And due to a very similar user experience and additional security benefits, he plans to use Lockdown Mode as his default and only exempt apps if necessary.
Android phones have offered a function called “Lockdown” since 2018, when the feature became available on Android 9. Designed to block all biometric security and voice recognition, it operates a bit differently than the Apple feature.
Fingerprint, facial and voice identification disable on the Android in Lockdown to prevent someone from accessing your phone. However, once an Android is unlocked via password, pin or pattern, Lockdown is turned off. While the iPhone keeps your device in Lockdown Mode at all times, the Android only ensures this security if users re-enable the feature every time they unlock their device.
Despite the similar names, Android’s Lockdown is more focused on preventing physical hijacking of a phone. Apple’s approach emphasizes protecting a device against digital threats. Both modes are, in most cases, not meant for daily use by the general public, but features that can help individuals in higher-risk situations.
The switch to eSIM-only phones
Steve Jobs never wanted the original iPhone to have a SIM card tray, and the iPhone 14 models are finally achieving this goal. Apple introduced eSIM cards back in 2018, but the new phone series is the first of its kind to eliminate the SIM card tray entirely and use only eSIM for the U.S. market. All iPhone 14 models purchased in the U.S. are eSIM-only, which enables users to easily connect and transfer their plans digitally.
“It stops someone from physically swapping your SIM card out if you leave your phone unattended. This has been used to steal accounts for high-profile individuals like Jack Dorsey, former CEO of Twitter, and also to steal millions in cryptocurrency,” Cappos said.
Although the physical form of identity theft decreases, there are still security risks to consider before switching to the eSIM-only iPhone 14.
“Carriers cite security concerns such as an attacker taking over your phone number due to there not being a physical SIM card required for a carrier change, just the eSIM already on the phone and an SMS code,” Moriarty said. “At the same time, carriers are also concerned because the eSIM allows for an easier transition between carriers for the end user, which could hurt user retention.”
The Android 9 was the first version of the phone to implement the use of eSIM. The company has shown a growing effort to offer both SIM cards and eSIM on its newer phones, but no Android is eSIM-only.
Emergency SOS via satellite
In efforts to expand upon the iPhone’s safety features, the new lineup offers Emergency SOS via satellite which allows users to directly connect to a satellite and contact emergency services when outside of cellular or Wi-Fi coverage. When Emergency SOS is activated, the phone will prompt questions to assess the user’s situation and direct them where to point their phone in order to connect to a satellite. These questions will be sent to Apple-trained specialists who will then call for help.
There is a potential security issue related to this new feature.
“It certainly makes situations where somebody’s stranded or in dire need a lot safer for that person. But, of course, having additional ways to communicate provides opportunities for surveillance and things like this as well,” Cappos said.
Apple notes that messages are sent in encrypted form but are then decrypted by Apple so that emergency services can step in. Your location will also be shared with Apple and its partners when using this feature.
“It makes you have to trust Apple a little more, but it could also potentially save your life in certain situations,” Cappos said.
Emergency SOS via satellite is launching on iPhone 14 models this month with an iOS 16 software update. However, this feature will only be available in the U.S., including Puerto Rico and the U.S. Virgin Islands, along with Canada. Users will be able to utilize this feature for free for two years from the start of their plan. After that, it could become a paid additional service for iPhone users.
Hiroshi Lockheimer, Google’s senior vice president of Android and other Google services, recently confirmed via Twitter that the company is working on satellite connectivity for the Android 14 operating system, which will require hardware changes from companies that build Android phones.
Opinions expressed by Entrepreneur contributors are their own.
Entrepreneurs know that cybersecurity isn’t optional anymore. Especially if you’re working from public Wi-Fi, you need a quality VPN to protect your personal information and ensure a secure connection. Black Friday is a great time to get one.
Windscribe
We’ve been releasing Black Friday doorbusters all month long but as we’ve arrived on the big day, we have a few more even better, one-day-only deals. One such deal is on Windscribe VPN, a leading VPN that you won’t find for a better price than this.
Windscribe VPN goes well beyond being just a VPN. It does offer outstanding VPN service, with a large network of servers in nearly 70 countries and a strict zero-logging policy. It uses AES-256 encryption with SHA512 auth and a 4096-bit RSA key and offers OpenVPN, IKEv2, and WireGuard® protocol configurations for all your devices. With post forwarding, you can access internal resources securely and split tunneling lets you choose which apps go on the VPN and which don’t. Plus, the minimalist client makes getting started a breeze. Its special R.O.B.E.R.T. feature also blocks IPs and ads of your choice on all devices.
The desktop app adds more security features like a firewall to block all connectivity outside of the tunnel, a secure hotspot for your computer, and a proxy gateway to create a proxy server on your network for other devices. Finally, the browser extension lets you spoof your location, change your timezone, block ads, and much more.
Find out why Windscribe VPN has earned 4/5-star ratings from TechRadar and PCWorld, and a 4.4/5-star rating on G2. We’re offering a 3-year Pro Plan to Windscribe VPN for just $55.20 (reg. $207) when you use code WINDSCRIBE. This Black Friday doorbuster is only available today, so jump on it now.
Opinions expressed by Entrepreneur contributors are their own.
If you were to ask five random strangers from different walks of life what the major threats to the future of small businesses are, you’re likely to get similar answers. The potential responses would likely include rising inflation and possible recession, job market volatility, the speed of technological advancement, supply chain issues and more.
The real question is, what insidious threat is far too often shunted to the back burner, passed on to the next operating budget? What issue is left to address when revenue is on the right trajectory, inventory is viable, growth is stable and scaling up is starting to take shape?
Ignoring the warnings is the easy — and shortsighted — path for SMBs
Ignoring the gravity of cyber threats is a dangerous gamble. The risk is undeniable:
61% of small businesses suffered a cyber attack in 2021
Small businesses account for 43% of all data breaches
More than half of small businesses that suffer a cyberattack close within six months
Acknowledging the harsh reality the majority of individuals choose to ignore is a crucial stepping-off point. A true understanding of the situation results in knowing what protective measures must be taken. Creating and implementing cybersecurity measures must be a high priority for businesses of all sizes, particularly SMBs, where the margin for error is razor-sharp.
Pressure to allocate resources effectively undercuts cybersecurity efforts
There are few endeavors as nerve-wracking, terrifying, and potentially disastrous — yet 100% worth it — as starting and running a small business. I’ve experienced the passion that drives those dedicated to seeing it through. I’ve felt the fuel that burns within team members fully committed to taking an idea and nurturing it into a viable, self-sustaining entity.
It’s no secret that the odds are stacked against us. The numbers don’t lie. It’s widely reported that, on average, 8 out of 10 small businesses fail within the first year. The odds get even grimmer within five years, with nearly half of all new small businesses closing up shop.
Given the evident confidence and enthusiasm founders exude, why do the majority of small businesses trivialize or wholly ignore cybersecurity? Why is the immense potential for all-too-truly disaster lurking around every corner? It’s a matter of resources and a lack of an informed perspective.
Addressing cybersecurity as a small business is a necessary undertaking that sees greater complexity and effort over time. There are foundational steps that need to be taken, which are strengthened with increased security measures. Given the undeniable threats lurking, the stronger a business’s protection features, the better.
Here are some crucial measures to take from the get-go:
Internet and firewall security software. It is important to have both antivirus and firewall software running, as they address distinct issues. Firewalls prevent outside access to any data on a private network; integrating trusted security software, operating systems, and web browsers is essential armor for network-connected usage of that data.
Data backup. If a cyberattack occurs involving hijacking or corrupting company data, a quality, reliable backup will be a lifesaver. Data backups must be regularly updated to ensure prompt utilization.
Secure Wi-Fi. A simple, straightforward measure, a secure Wi-Fi setup is a powerful piece of the protective puzzle. Going above and beyond the basic security offered by your provider may be necessary.
Controlled access and authority. The most effective way to avoid potential crises is to implement controlled access to data and limit user authority. This action helps ensure employees don’t inadvertently install or operate compromised programs, weaken cybersecurity settings or access data and information that falls outside the scope of their responsibilities.
Awareness, education and formal policies are vital for cybersecurity defense
One of the most critical steps a business can take is employee cybersecurity education. Without a thorough awareness and understanding of the myriad ways cybercriminals attack, employees are weak links that will inevitably be compromised. Basic instruction on the severity of the threat and critical risks to avoid will go a long way in bolstering the strength of active cybersecurity defense.
Equipping your company with established cybersecurity policies and action plans strengthens the foundational steps outlined above; these steps ingrain a defensive mindset and preparedness essential to countering adaptive cybercriminal attacks. The specific plans created will vary in correlation to the size and structure of a business but can include the following:
Securing survival and success as an SMB in a challenging economic landscape
Every small business is unique. Every owner, every leadership team and every staff member — everyone has their own story. It’s hard to say if they will all get told.
When navigating the endless parade of pressing concerns, looming threats and demands on dwindling resources of time, the energy and effort required can seem overwhelming. Lumping cybersecurity measures into the to-do list to tackle another day may seem to make sense at the moment, but reality paints a much different picture.
When leading a small business, there are appropriate levels of time and resources to invest in any given issue. Finding the right level for their business will be a call they have to get right.
The Chinese telecoms giant is pushing out its pedigreed Western lobbyists, retrenching its European operations and putting its ambitions for global leadership on ice.
The reasons for doing this have little to do with the company’s commercial potential — Huawei is still able to offer cutting-edge technology at lower costs than its competitors — and everything to do with politics, according to interviews with more than 20 current and former staff and strategic advisers to the company.
Pressed by the United States and increasingly shunned on a Continent it once considered its most strategic overseas market, Huawei is pivoting back toward the Chinese market, focusing its remaining European attention on the few countries — Germany and Spain, but also Hungary — still willing to play host to a company widely viewed in the West as a security risk.
“It’s no longer a company floating on globalization,” said one Huawei official. “It’s a company saving its ass on the domestic market.” Like most of the other Huawei employees interviewed for this article, the official spoke on the condition of anonymity to freely describe the company’s travails.
Huawei’s predicament was summed up by the company’s founder Ren Zhengfei in a speech to executives at the company’s Shenzhen headquarters in July. He laid out the trifecta of challenges the company has faced over the last three years: hostility from Washington; disruptions from the coronavirus pandemic; and Russia’s invasion of Ukraine, which upended global supply chains and heightened European concerns about over-dependence on countries like China.
“The environment we faced in 2019 was different from the one we face today,” Ren said in his speech, which wasn’t made public but was seen by POLITICO. “Don’t assume that we will have a brighter future.”
“We previously had an ideal for globalization striving to serve all humanity,” he added. “What is our ideal today? Survival!”
‘The moment globalist Huawei died’
As the company goes into hibernation in the West, it’s sidelining or pushing out the senior Western managers it hired just a few years ago to counter the U.S. assault on its business.
“Westerners were listened to,” one Huawei official working in Europe said. “This is no longer the case … No one is listening.”
Huawei’s Brussels office — once a key hub for the company to lobby against European restrictions on its kit — has been folded fully into European management, now headquartered in Düsseldorf.
The office this summer lost its head of communications, Phil Herd, a former BBC journalist who joined the company in October 2019 at the start of its pushback against political pressure in Europe. The office has also recently lost at least three other key staff members handling lobbying and policy. (Tony) Jin Yong, the chief representative to the Brussels institutions, is now in charge of government affairs across Western Europe and spends most of his time in the Düsseldorf office.
Employees sits in a meeting room inside Huawei Technologies Co. Cyber Security Transparency Centre in Brussels | Yuriko Nakao/Bloomberg via Getty Images
In London, Huawei’s U.K. Director of Communications Paul Harrison left his role in October, with other officials leaving around the same time. Harrison joined Huawei from a senior news editing job at U.K. broadcaster Sky News in 2019.
In Paris, the company’s Marketing and Communications Director Stéphane Curtelin left his role in September, the local magazine Challenges reported. Before then, the Paris office lost its Head of Government and Security Affairs Vincent de Crayencour, a veteran French cybersecurity official with extensive government experience who joined Huawei in 2020. The company’s Chief Representative of the Paris Office Linda Han also left her role before the summer.
In Warsaw, the company’s local PR manager Szymon Solnica departed Huawei in September. “The crises I’ve dealt with on a daily basis in recent years were colossal ones,” he wrote in a LinkedIn post announcing his departure.
Huawei officials speaking in authorized interviews dismissed the departures as regular turnover. “There is a fluctuation always in companies, not only in Huawei … Some people are leaving and some other people are coming,” a spokesperson for Huawei Europe said in an authorized interview last week.
But others in the company privately acknowledged the departures reflect a radical shift that began in September 2021.
“The moment Meng got off the plane was the moment the globalist Huawei died,” one official said.
As the daughter of the founder — and the presumptive heir to the company’s leadership — Meng had played a key role in the legal and public relations fight between Huawei and Washington. Since returning from Canada, she reached Huawei’s top ranks as deputy chairwoman at the company’s headquarters and triggered a corporate reshuffle at the top.
(Catherine) Chen Lifang, who led the firm’s global communications department during the height of American pressure, was moved off the board of directors and into a role on the supervisory board.
The global comms department is now represented on Huawei’s board by Peng Bo, known in Europe as Vincent Peng, the former president of Huawei’s Western Europe region. Peng’s ascendency is part of the company’s efforts to move its European operations closer to Shenzhen.
The agenda to streamline public affairs in Europe is led by Guo Aibing — a former journalist for Bloomberg News in Hong Kong. Guo was parachuted into Europe and is executing cuts and consolidation of the firm’s lobbying and communication across the Continent.
The company is also restructuring its activities in Europe. The company’s plans — previously unannounced — are to consolidate the entire Continent into just one area of operations, headquartered in Düsseldorf.
Hampers and gifts at the new Huawei store in Barcelona | Paco Freire/SOPA Images/LightRocket via Getty Images
Huawei currently divides the Continent into two markets: Western Europe, run from Düsseldorf; and Eastern Europe and the Nordics, with a top executive based in Warsaw.
The restructuring “will help us to bring more synergies within the whole European business operation; will bring more value more directly to our customers here in Europe,” said the Huawei Europe spokesperson.
Broadly, the company’s staffing levels, currently around 12,000 people, will remain “stable,” the spokesperson said.
The company is also retrenching elsewhere, according to Ren. “We will give up markets in some countries,” the firm’s founder said in his speech this summer. “For example, we will give up markets in the Five Eyes countries and India.”
The “Five Eyes” refers to an intelligence-sharing arrangement between the U.S., U.K., Canada, Australia and New Zealand. All five countries have banned or are in the process of banning Huawei and other Chinese companies from their critical infrastructure because of security concerns.
Instead, Huawei is concentrating on its domestic market, which accounts for a large proportion of global 5G and where Sweden’s Ericsson and Finland’s Nokia are struggling to maintain market share.
Trump effect
Huawei’s strategic retreat is remarkable for a company that until recently poured millions of euros into lobbyists and PR campaigns in an effort to expand and maintain its European foothold.
Throughout most of the 2010s, Huawei was considered by many in Europe to be a friendly face among the tech firms cuddling up to power. Peculiar in its approaches, yes, but cordial and — to many — beneficial to the Continent’s interests because it increased competition and cut the price tag on the next generation of telecoms networks.
The company became known for its generous gift bags, often including a Huawei phone, and lavish parties in glamorous venues featuring fancy buffets and dance performances — like its reception celebrating the Chinese new year at the Concert Noble in Brussels.
Glitzy bashes later became part of a supercharged response to political headwinds from Washington over concerns that the Chinese-built telecoms infrastructure poses a serious security and spying risk.
Those headwinds started blowing under U.S. President Barack Obama’s administration but reached hurricane force following Donald Trump’s election. By 2019, the company was under American sanctions, with Ren’s daughter Meng in Canada awaiting the result of a U.S. extradition request.
Keith Krach, a former under-secretary of state in the Trump administration, recalled how Washington was “hitting the panic button.”
He recalled asking European ministers about their relationship with China. “And they’d say, ‘Well, they’re an important trading partner’ and all that. And then they looked at both sides of the room, there’s nobody in the room, and whispered to me: ‘But we don’t trust them.’”
To navigate the geopolitical storm, the firm offered six-figure salaries to top operators across the Western world. It assembled a high-caliber team of former Western journalists and politicians with direct lines to places of power like the Elysée and Westminster, POLITICO learned from several who received such offers.
Initially, the gambit seemed to work.
Huawei’s message — that the U.S. itself posed spying risks and that Washington’s aggression was driven by economic interests — gained traction, particularly in places like Germany, where Trump proved a useful foil.
“The case that Trump made was almost more counterproductive,” said Thorsten Benner, director of the Global Public Policy Institute in Berlin. Huawei also received support from big telco operators, who saw value in the cheap equipment combined with responsive customer service.
By the beginning of 2020, Huawei seemed to have weathered U.S. calls for all-out bans. On January 28, then-U.K. Prime Minister Boris Johnson gave the company the green light to build part of the country’s 5G infrastructure. Just a day later, the European Union presented a plan to shift away from over-reliance on Chinese vendors but left the door open for Huawei to lobby national governments to keep market access for its technology.
Keith Krach said the U.S. was hitting the panic button | Riccardo Savi/Getty Images for Concordia Summit
Then came the pandemic. With the coronavirus originating from Wuhan killing thousands, Trump ramped up his anti-China broadside in May 2020 with fresh sanctions against Huawei that basically cut off their supply of semiconductors.
By July, the U.K.’s Johnson completely reversed course and announced all Huawei equipment would have to be stripped from British 5G networks, even as the government estimated the move would delay the rollout of the technology and add half a billion pounds in costs.
Throughout 2020 and 2021, European governments including France, Sweden, Romania, the Baltic countries, Belgium and Denmark either banned Huawei equipment in key parts of the country’s 5G network or required its operators to wean themselves off its kit in the medium term.
Huawei’s smartphone business — once on its way to challenging Apple and Samsung in Europe — meanwhile was crushed by U.S. sanctions that cut its devices off from Android, the Google-owned operating system.
Putin changes the calculus
These setbacks were painful, but they weren’t yet considered fatal. Trump’s election loss and the ebbing of the pandemic in Europe seemed to offer an opportunity for a counteroffensive.
At the beginning of 2021, Huawei’s Brussels lobbyists were still optimistic that Europe’s hunger for cheap, speedy 5G installation would win out over security concerns. They even had meetings lined up in the European Parliament to make their case.
Those meetings got canceled on February 24, the day Putin launched his all-out invasion of Ukraine. For many in Europe, the risk-benefit calculation regarding Huawei had changed overnight.
“The biggest change I’ve seen came from the realization that we’re dependent on Russian gas — especially in Germany,” said John Strand, a telecoms analyst who has tracked Huawei’s market impact in Europe for the past years. “It begs the question: What’s worse, being dependent on Russian gas or on Chinese telecoms infrastructure?”
Under President Joe Biden, pressure on Huawei only increased, and Washington’s warnings now come from a more sympathetic messenger. In October, the European Commission issued a fresh warning against using Huawei technology to underpin 5G networks, and the U.K. government reaffirmed its requirement to strip Huawei equipment from British telecoms infrastructure.
The company’s travails have knocked the legs from underneath its lobbying efforts — and eaten into its market share.
Before the pandemic, the company regularly hosted European politicians, journalists and business leaders at its Shenzhen headquarters, a massive campus with buildings in different European architectural styles showcasing its global ambitions.
China’s zero-COVID policy made that impossible.
The company for years was the biggest spender at the annual Mobile World Congress in Barcelona, the world’s largest telecoms industry event. This year, the company’s on-the-ground presence was a pale imitation of previous showings, which it used to launch new products with razzle-dazzle and astronomical marketing budgets.
But perhaps no high-flying event illustrates the extent of the turnaround than the World Economic Forum in Davos, which once counted Huawei among its main sponsors. On January 21, 2020, just a week before Johnson sided with Huawei over Trump, Ren was onstage at the alpine resort, discussing the future of AI with “Sapiens” author Yuval Noah Harari.
The next year, the global gathering of political power players and financial titans in Davos was, thanks to the pandemic, canceled. When it reconvened in the summer of 2022, Huawei top chiefs missed the gabfest. Under Beijing’s zero-COVID policy, they couldn’t leave China.
Geopolitics hits the balance sheets
The firm still has a solid share in some big national markets, among them Germany and Spain, industry analysts say.
A 2020 study by Strand Consult — still the most comprehensive public overview of Huawei’s footprint in Europe — showed just how deeply the Chinese firm was ingrained in European markets: In 15 out of 31 countries Strand studied, more than half of all 4G radio access network equipment (RAN) came from Chinese vendors.
But in many of these markets, authorities have imposed measures forcing operators to phase out or at least significantly limit the use of “high-risk vendors” — commonly understood to be state-affiliated Huawei and the Chinese military-linked telecom ZTE — in coming years.
These are beginning to bite.
In the early race to implement 5G, Huawei outpaced its rivals in Europe. However, as of early last year — right as European officials were changing direction on 5G security — Sweden’s Ericsson overtook Huawei in market share of new European sales of radio access networks, according to proprietary figures compiled by boutique telecoms research firm Dell’Oro, shared with POLITICO by an industry official. Radio access networks make up the largest chunk of network investment and include base stations and antennas.
The latest update, from the second quarter of 2022, showed Ericsson at 41 percent, Huawei at 28 percent and Finnish Nokia at 27 percent. This includes new sales of base stations and antennas across 3G, 4G and 5G — some of which is part of running contracts with operators.
For 5G RAN specifically, the shift is even clearer: Huawei lost its initial position as market leader at the start of the rollout; it now provides 22 percent of sales, with Ericsson at 42 percent and Nokia at 32 percent in Europe, Dell’Oro estimated.
Industry analysts say Huawei’s move to consolidate and scrap key public affairs roles could hurt the company in countries where it still has skin in the game: Most importantly, Germany, Italy and Spain. In these large European markets, governments have been slow to impose measures on “high-risk vendors” — and particularly slow and soft in enforcing them.
Europe’s largest operators, like Deutsche Telekom and Vodafone, also have running contracts with Huawei, meaning the Chinese firm is at least still providing maintenance and keeping networks running — and potentially still supporting parts of the 5G rollout.
But in Germany, at least, Olaf Scholz’s new government has taken a more critical stance on Chinese technology. This month, Economy Minister Robert Habeck — who has taken a hawkish approach to China — formally blocked Chinese investors from buying a German chip plant over potential security threats.
Budapest nights
Huawei, of course, hasn’t completely given up on Europe.
Those still giving the company face time in Brussels this summer were presented with a weighty gift bag.
In addition to glossy hardcovers from the company’s PR operation — with titles like “Choose a Smarter Future: A contribution to Europe’s next digital policy” and “Ten Years of Connecting Europe” — the bag contained a memoir by Frédéric Pierucci. A former executive with the French infrastructure manufacturer Alstom, Pierucci was arrested by the FBI on bribery charges in 2013 — just as the American conglomerate General Electric was negotiating to take over Alstom’s nuclear operations.
Titled “The American Trap,” the book argues that its author was a hostage in Washington’s secret economic war on its allies.
“One after the other, some of the world’s largest companies are being actively destabilized to the benefit of the U.S., in acts of economic sabotage that seem to be the beginning of what’s to come…” reads the publisher’s summary.
It’s a narrative with deep appeal inside the company, and one that creates a natural rapport with other governments that see themselves as standing up to liberal superpowers. As Huawei searches for friends on the Continent, Hungary — increasingly in opposition to the rest of the EU on how to engage with China and Russia — remains a vocal ally, and the company is leaning into that relationship.
This year, in September, Huawei’s CEE & Nordic region unit held its annual Innovation Day event in Hungary, home to the company’s largest European logistics center.
On the banks of the Danube, tech entrepreneurs schmoozed in English and Hungarian, with some Chinese and German mixed in, over made-to-order coffee and plentiful canapés at Budapest’s cupola-topped Castle Garden Bazaar.
Inside the conference hall, bilingual hosts teed up mini-documentaries about protecting local salmon breeds in Norway and preventing floods in Hungary. Small business execs highlighted drones that monitor crops in Austria and potential forest fires in Greece, all on Huawei 5G networks.
With simultaneous translation available in Hungarian, Huawei featured research it commissioned from the Economist Intelligence Unit reiterating Europe’s laggard status on 5G use and implementation. It was an implicit reminder that dismantling Huawei’s infrastructure will have real consequences.
But the company also highlighted what it hopes will be a bigger part of its portfolio: products less likely to inspire security concerns, like inverters for solar panels.
Foreign Affairs and Trade Minister Péter Szijjártó said Hungary will stand firm against international pressure | Laszlo Balogh/Getty images
“Huawei is committed to the vision of a green Europe,” said Jeff Wang, the company’s current head of public affairs and comms, in a video address to the Budapest crowd, where he noted the 10 years he spent working on the Continent.
For weeks leading up to the event, Huawei officials were pushing to get Prime Minister Viktor Orbán to speak. While that didn’t pan out, Orbán sent one of his top lieutenants — Foreign Affairs and Trade Minister Péter Szijjártó — to deliver a message.
“We are not going to discriminate [against] any investing company because of their country of origin,” Szijjártó said. Budapest will stand firm against “international pressure” he added, to block “the presence of Huawei here in Hungary.”
Radoslaw Kedzia, Huawei’s vice president for the CEE & Nordic region (and the first non-Chinese to achieve CEO status inside the company, in the Czech Republic in 2015), said there was no political calculation behind the double-down in Hungary.
“Let’s not demonize us, OK? We are like any other company,” Kedzia said.
If a business assessment offers the “prospect of the next 10-20 years of stable operation, then you think it is good to concentrate some of your resources in that particular country,” he added.
Likewise, the European spokesperson insisted, Huawei communicates with every country in the “same way, on the same level.” The company focuses on technology and does “not engage,” he said, in “political games.”
One thing is certain: When it comes to the great European game, Huawei has lost — and sent all its political players home.
Peter O’Brien, Elisa Braun, Stuart Lau and Matt Honeycombe-Foster contributed reporting.
BlackBerry was once at the top of the smartphone market in the U.S. In 2010, almost half of smartphone subscribers in the U.S. used BlackBerrys, according to Comscore.
The phones were well-known for having a tactile keyboard and for BlackBerry’s advanced cybersecurity — often favored among businesses and governments.
But after its phones fell out of favor with users, BlackBerry altered its course, taking some of the cornerstones of the business with it.
“After a few years, we realized that we would never get the volume up — and it’s a volume game,” said John Chen, CEO of BlackBerry. “And so we made that pivotal shift to a software-only company and focus on security and cyber and things of that sort.”
“Currently, BlackBerry has two main business units, a cybersecurity business unit and an IoT business unit within the cybersecurity business unit,” said Charles Eagen, chief technology officer of BlackBerry.
Its cybersecurity unit focuses on securing things such as smartphone applications and mobile banking websites. Its internet of things unit focuses on the communication of technology within connected and autonomous cars.
“We now have the lion’s share of embedded software in most of the cars,” Chen said.
BlackBerry’s technology is in roughly 215 million cars and this side of BlackBerry is continuing to grow, according to the company.
“If we look at the industry opportunity itself, it’s our expectation that the auto software industry is going to roughly triple in size from 2020 through 2030,” said Luke Junk, senior analyst at Baird.
However, BlackBerry does face competition in the cybersecurity industry, and in 2021 its revenue from cybersecurity was $500 million.
“I think that the company can reach likely a lower peak than we’ve seen in the past but a more sustainable growth trajectory and potentially more profitable future as well on a margin percentage basis,” Junk said.
CNBC visited BlackBerry’s Autonomous Vehicle Innovation Center and interviewed Chen to find out what’s next for the company.
Opinions expressed by Entrepreneur contributors are their own.
The booming numbers of cybersecurity threats have compelled every C-suite executive and board members to pay closer attention to their cybersecurity hygiene. However, they don’t share the same lens while watching their information security posture. And here’s where a disconnect arises.
A recent global survey of C-suite executives indicates that around 71% of board members have severe gaps in knowledge regarding cybersecurity and threats their organizations face.
Whether we talk about data breaches compromising sensitive business information or exploiting consumer identities, executives and heads of information security (InfoSec heads) are already geared for the worst. But the senior management isn’t sure why they need to spend more on their cybersecurity budget.
While InfoSec heads often emphasize security and risk management as a part of their job, board members often link cybersecurity as a part of their business but hardly consider it as one of the foundations of modern business success.
In a nutshell, no matter how much they’re aware of cybersecurity risks and increasing threats, most board members can’t understand how cybersecurity and cutting-edge technologies translate into the underlying business risks.
So, what needs to be done from an executive’s end to translate the risks? Let’s figure it out.
Communicate risks of cybersecurity through effective storytelling
The way you interact with your board leaders makes all difference. And effective storytelling is undoubtedly the best way to convince them.
Though storytelling isn’t a new concept since humans have used it for centuries to convey a strong message, executives can leverage its true potential to help process crucial information.
Stories have been a part of our lives from childhood, and various studies suggest that the human brain is wired for stories. And a compelling narrative could eventually evoke an emotional connection and change behavior and attitude.
Now, while talking with your leadership while utilizing storytelling, you must ensure that you’ve done your homework to support your story to leave an impact. Otherwise, it would be good for nothing.
Share some data and insights, and talk about the latest tools and technologies that can be incorporated into your processes that could make a huge impact. Moreover, depicting your competitor’s cybersecurity best practices can also help impact your board leaders.
Also, you could use real-life examples of organizations that ignored their overall cybersecurity hygiene, which resulted in financial and reputational losses. This could be a great way to reinforce your opinion besides the story you crafted.
How to prepare for your conversation with board members
As a board member, you need to be sure enough that you understand your board’s mindset to connect with them at an individual level. And it would be great if you could first know how they look at the importance of cybersecurity and threat management for the organization.
Once you understand their perspective, it’s time to create your steps of action to convey your message and ensure they’re convinced that cybersecurity is an absolute necessity and not a luxury for your business growth.
Here’s what you need to do before beginning a conversation with your board members:
Educate them about the latest compliances: Most of the time, your senior management isn’t aware of the latest data privacy and security compliances. And this could be the reason they aren’t in favor of stretching their cybersecurity budget. You must educate them regarding the latest compliances and the consequences of non-compliance. One great example is non-compliance with the General Data Protection Regulation (GDPR), which eventually lead to hefty fines and reputational damages.
Board member’s background research: Researching the background of your board members could be the first step to understanding their mindset and approach toward overall business growth. Analyze their past experiences, educational background and personality to ensure you hit the right chord while convincing them about cybersecurity and underlying risks.
Learn their goals and priorities: Another crucial step is to learn about your leader’s priorities and goals. Do they often think about organizational growth without increasing the overall security budget? Do they keep cybersecurity as a part of their business but not a priority? Is there any way they could relate to organizational growth through cybersecurity best practices for customers and employees? Once you’ve figured out these questions, the next step is to portray your version of information security and its direct impact on your business growth. And for this, you can leverage the latest stats, competitor data and data related to the latest breaches.
And ultimately, your C-suite executives, like everybody else, would be convinced that cybersecurity hygiene is undeniably a foundational aspect of their business. It’s your responsibility to ensure you’re on the right track and narrating the right story through which they’ll relate and act.
The modern executive’s role is undoubtedly predominantly people-focused. And getting trapped between highly technical IT staff and leadership that focuses on growth while making cybersecurity-related decisions could be an uphill battle.
However, the key to business success without compromising security lies in incorporating cutting-edge technology that fosters growth, builds customer trust and maintains compliance.
And a modern executive must navigate business success by convincing board members regarding the need for cybersecurity best practices to jump on the digital transformation bandwagon.
After Elon Musk bought Twitter — and fired almost anyone whose job it was to deal with regulators — the social networking giant is now facing a flood of legal challenges across the European Union.
The question now is whether the EU’s watchdogs can live up to their ambitions to be the world’s digital policemen.
Ireland’s privacy regulator wants to know whether the company’s data protection standards are good enough. The European Commission doesn’t know who to ask about its upcoming online content rules. The bloc’s cybersecurity agencies raise concerns about an increase in online trolls and potential security risks.
Twitter’s unfolding turmoil is precisely the regulatory challenge that Brussels has said it wants to take on. The 27-country bloc has positioned itself — via a flurry of privacy, content and digital competition rules — as the de facto enforcer for the Western world, expanding its digital rulebook beyond the EU’s borders and urging other countries to follow its lead.
Now, the world’s richest man is putting those enforcement powers to the test.
Europe’s regulators have the largest collective rulebook to throw at companies suspected of potential breaches. But a lack of willingness to act quickly — combined with the internal confusion engulfing Twitter — has so far hamstrung the bloc’s enforcement role when it comes to holding Musk to Europe’s standards, according to eight EU and national government officials, speaking privately to POLITICO.
“This will be a major test for European regulators,” said Rebekah Tromble, director of the Institute for Data, Democracy & Politics at George Washington University. She is part of the advisory board of the European Digital Media Observatory, a group helping to shape the EU’s online content rulebook, known as the Digital Services Act (DSA).
“If Musk continues to act with intransigence, I think there’s an opportunity for European regulators to move much more quickly than normal,” she added. “These regulators will certainly be motivated to act.”
A representative for Twitter did not return requests for comment.
Regulatory firepower
The bloc certainly has the firepower to bring Twitter to heel.
Under the EU’s General Data Protection Regulation, companies can be fined up to 4 percent of their annual global revenue for failing to keep people’s personal information safe. The Irish regulator, which has responsibility for enforcing these rules against Twitter because the company’s EU headquarters are in Dublin, has already doled out a €450,000 penalty for the firm’s inability to keep data safe.
As part of the bloc’s upcoming content rules, which will start to be enforced next year, the Commission will have powers to levy separate fines of up to 6 percent of a company’s yearly revenue if it does not take down illegal content. Brussels also has the right to ban a platform from operating in the EU after repeated serious violations.
“In Europe, the bird will fly by our rules,” Thierry Breton, the French commissioner, told Musk — via Twitter | Kenzo Tribouillard/AFP via Getty images
Thierry Breton, the European internal market commissioner, reminded Musk of Twitter’s obligations under the bloc’s upcoming content rules in a call with the billionaire soon after his acquisition of the social network. Musk pledged to uphold those rules, even as he has pushed back at other content moderation practices that could hamper people’s freedom of expression on the platform.
“In Europe, the bird will fly by our rules,” Breton, the French commissioner, told Musk — via Twitter.
Yet over the last three weeks, European regulators and policymakers have struggled to navigate Twitter’s internal turmoil, according to four EU and national officials who spoke on the condition of anonymity to discuss internal deliberations.
The likes of Damien Kieran, Twitter’s chief privacy officer in charge of complying with Europe’s tough data protection standards, and Stephen Turner, the company’s chief lobbyist in Brussels, were among scores of senior officials who left since Musk took over.
Two of the EU officials, speaking about internal discussions on condition of anonymity, told POLITICO that multiple emails to Twitter executives bounced back after those individuals were laid off. One of those policymakers said he had taken to Twitter — scrolling through the scores of posts from the company’s employees announcing their departures — in search of information about who was still working there. A third official said the current confusion could prove problematic when the company had to reveal long-guarded information about the number of its EU users early next year.
Others have been fostering wider connections within the company, just in case. Arcom, France’s online platform regulator, for instance, has built ties with high-level executives outside of France and still had a contact in Dublin at the company to answer its pressing questions.
The policymaking blackholes — fueled by mass layoffs — have been felt beyond the EU.
Julie Inman Grant, Australia’s eSafety commissioner who previously ran Twitter’s public policy team in Asia, told POLITICO she had written to the company last week to remind them about its obligations to clamp down on child sexual exploitation on the platform. She had yet to hear back from Musk or other senior officials.
“We did have a meeting on the books with Twitter,” Melanie Dawes, chief executive of Ofcom, the U.K.’s communications regulator, told POLITICO ahead of her trip to Silicon Valley this week to meet many of the social media companies. “It was canceled.”
What about privacy?
Another open question is how Twitter with comply with Europe’s tough privacy rules.
Although the company’s chief privacy executive had been fired — and rumors swirled Twitter could pull out of Ireland in its cost-saving push — the Irish Data Protection Commission told POLITICO it had yet to open an investigation into the firm.
A spokesman for the agency said Twitter executives had assured Irish regulators on Monday that Renato Monteiro had been appointed as the company’s acting data protection officer — because it’s a legal requirement to have one — and no changes to how Twitter handled data had been made.
A data protection official said it was likely that Musk would move such decision-making powers to his inner circle in the United States | Justin Sullivan/Getty images
A key unanswered question is whether, in the wake of the mass layoffs, Twitter’s operations in Dublin are either shuttered or cut back to an extent that regulatory decisions are made in California and not Ireland.
Such a change would lead the company to fall foul of strict provisions within Europe’s privacy regime that require legal oversight of EU citizens’ data to be made in a firm’s headquarters within the 27-country bloc.
A data protection official, who asked to remain anonymous to speak candidly, said it was likely that Musk would move such decision-making powers to his inner circle in the United States. That potential pullback could allow any European regulator — and not just the Irish agency — to go after Twitter for potential privacy violations under the bloc’s data protection regime, the official added.
This story has been corrected to specify how multiple European privacy regulators may target Twitter for breaching the bloc’s rules if the company pulls out of Ireland.
[ad_2]
Mark Scott, Vincent Manancourt, Laura Kayali, Clothilde Goujard and Louis Westendarp
In this photo illustration, the FTX website is seen on a computer on November 10, 2022 in Atlanta, Georgia. Binance, the world’s largest cryptocurrency firm, agreed to acquire FTX, another large cryptocurrency exchange, in a rushed sale in order to prevent a liquidity crisis, which is known as the “Lehman Moment” in the crypto industry.
Michael M. Santiago | Getty Images
John Ray, FTX’s new CEO and chief restructuring officer, said the bankrupt crypto exchange is “in the process of removing trading and withdrawal functionality” and it is “moving as many digital assets as can be identified to a new cold wallet custodian,” according to a statement tweeted by the company’s general counsel, Ryne Miller.
The suspected hack was announced by an admin in FTX’s Telegram Channel, according to blockchain analytics firm Elliptic and was followed by a tweet from Miller indicating that the wallet movements were abnormal.
Elliptic found that stablecoins and other tokens are being rapidly converted to ether and dai on decentralized exchanges, a technique the firm says is commonly used by hackers in order to prevent their haul from being seized.
“The way that these assets have been moved is highly suspicious,” said Tom Robinson, Elliptic’s chief scientist. “Very similar transaction patterns have been seen with large-scale thefts in the past — whereby the stolen assets are quickly swapped at decentralized exchanges, in order to avoid seizure.”
The new FTX chief said the exchange is coordinating with law enforcement and relevant regulators about the breach and that it was making “every effort” to secure all assets globally.
Miller, FTX’s general counsel, said the decision to push digital assets into cold storage was meant “to mitigate damage upon observing unauthorized transactions.”
People who choose to hold their own cryptocurrency can store it “hot,” “cold,” or some combination of the two. A hot wallet is connected to the internet and allows owners relatively easy access to their coins so that they can access and spend their crypto, whereas cold storage generally refers to crypto stored on wallets whose private keys are not connected to the internet. The trade-off for convenience with hot storage is potential exposure to bad actors.
— CNBC’s Rohan Goswami contributed to this report.
Western security advisers are warning delegates at the COP27 climate summit not to download the host Egyptian government’s official smartphone app, amid fears it could be used to hack their private emails, texts and even voice conversations.
Policymakers from Germany, France and Canada were among those who had downloaded the app by November 8, according to two separate Western security officials briefed on discussions within these delegations at the U.N. climate summit.
Other Western governments have advised officials not to download the app, said another official from a European government. All of the officials spoke on the condition of anonymity to discuss international government deliberations.
The potential vulnerability from the Android app, which has been downloaded thousands of times and provides a gateway for participants at COP27, was confirmed separately by four cybersecurity experts who reviewed the digital application for POLITICO.
The app is being promoted as a tool to help attendees navigate the event. But it risks giving the Egyptian government permission to read users’ emails and messages. Even messages shared via encrypted services like WhatsApp are vulnerable, according to POLITICO’s technical review of the application, and two of the outside experts.
The app also provides Egypt’s Ministry of Communications and Information Technology, which created it, with other so-called backdoor privileges, or the ability to scan people’s devices.
World leaders, including Egyptian President Abdel Fattah El-Sisi and United Nations Secretary-General António Guterres pose for a group photo during the Sharm El-Sheikh Climate Implementation Summit of the COP27 climate conference in Egypt | Sean Gallup/Getty Images
On smartphones running Google’s Android software, it has permission to potentially listen into users’ conversations via the app, even when the device is in sleep mode, according to the three experts and POLITICO’s separate analysis. It can also track people’s locations via smartphone’s built-in GPS and Wi-Fi technologies, according to two of the analysts.
The app is nothing short of “a surveillance tool that could be weaponized by the Egyptian authorities to track activists, government delegates and anyone attending COP27,” said Marwa Fatafta, digital rights lead for the Middle East and North Africa for Access Now, a nonprofit digital rights organization.
“The application is a cyber weapon,” said one security expert after reviewing it, who spoke on the condition of anonymity to protect colleagues attending COP.
The Egyptian government did not respond to requests for comment. Google said it had reviewed the app and had not found any violations to its app policies.
The potential security risk comes as thousands of high-profile officials descend on Sharm El-Sheikh, the Egyptian resort town, where so-called QR codes, or quasi-bar codes that direct people to download the smartphone application, are dotted around the city.
Participants at COP27 include global leaders like French President Emmanuel Macron, British Prime Minister Rishi Sunak and U.S. Secretary of State Antony Blinken, though such high profile politicians are unlikely to download another government’s app.
The experts who spoke to POLITICO said that much of the data and access that the COP27 app gets is fairly standard. But, according to three of these specialists, the combination of the Egyptian government’s track record on human rights and the types of people who would downloaded the app represent a cause for concern.
Strange and extensive access
Three of the researchers said the app posed surveillance risks to those who download it due to its widespread permissions to review people’s devices, though the extent of the risk remains unclear.
Elias Koivula, a researcher at WithSecure, a cybersecurity firm, reviewed the Android app for POLITICO and said he had found no evidence people’s emails had been read. Many of the permissions granted to the climate change conference app also have benign purposes like keeping people up-to-date with the latest travel information around the summit, he added.
But Koivula said other permissions granted to the app appeared “strange” and could potentially be used to track people’s movements and communications. So far, he said he had no evidence that such activity had taken place.
Not all the experts agreed on the risks.
Paul Shunk, a security intelligence engineer at cybersecurity firm Lookout, said he had found no evidence the app had access to emails, describing the idea that it posed a surveillance risk as “strange.” He was confident the app was not built as typical spyware, pouring cold water on claims the app functioned as a listening device. Shunk said it could not record audio if it was running in the background, which makes it “almost completely unsuitable for spying on users.”
The COP27 app uses location tracking “extensively,” Shunk said, but seemingly for legitimate purposes like route planning for summit attendees. It lacked the ability to access location in the background, based on Android permissions, which would be what the app would need for continuous location tracking, he added.
The other two cybersecurity analysts who reviewed the app spoke on the condition of anonymity to safeguard their ongoing security work and to protect colleagues attending the climate change conference.
“Let me put it this way: I wouldn’t download this app onto my phone,” said one of those experts. Those two the researchers also warned that once the application had been downloaded onto a device, it would be difficult, if not impossible, to remove its ability to access people’s sensitive data — even after it had been deleted.
POLITICO checked the app’s potential security risks via two open cybersecurity tools, and both raised concerns about its ability to listen to people’s conversations, track their locations and alter how the app operates without asking for permission.
Both Google and Apple approved the app to appear in their separate app stores. All of the analysts only reviewed the Android version of the app, and not the separate app created for Apple’s devices. Apple declined to comment on the separate app created for its App Store.
Egypt’s track(ing) record
Adding to rights groups’ concerns is the track record of the Egyptian government to monitor its people. In the wake of the so-called Arab Spring, Cairo has clamped down on dissidents and used local emergency rules to track its citizens online and offline activity, according to a report by Privacy International, a nonprofit organization.
As part of the smartphone app’s privacy notice, the Egyptian government says it has the right to use information provided by those who have downloaded the app, including GPS locations, camera access, photos and Wi-Fi details.
“Our application reserves the right to access customer accounts for technical and administrative purposes and for security reasons,” the privacy statement said.
Yet the technical review, both by POLITICO and the outside experts of the COP27 smartphone application discovered further permissions that people had granted, unwittingly, to the Egyptian government that were not made public via its public statements.
These included the application having the right to track what attendees did on other apps on their phone; connecting users’ smartphones via Bluetooth to other hardware in ways that could lead to data being offloaded onto government-owned devices; and independently linking individuals’ phones to Wi-Fi networks, or making calls on their behalf without them knowing.
“The Egyptian government cannot be entrusted with managing people’s personal data given its dismal human rights record and blatant disregard for privacy,” said Fatafta, the digital rights campaigner.
This article is part of POLITICO Pro
The one-stop-shop solution for policy professionals fusing the depth of POLITICO journalism with the power of technology
Has the internet of things — the vast, interconnected, computer-centered ecosystem of today — reached a point where it is so complex, so multilayered, has so many architects, and has so many national interests embedded in it that it has become a threat to itself?
Will the electric grid, the financial system or the air traffic control apparatus implode not by the hand of a malicious hacker but because the system — which is now systems of systems — has become the most subtle threat it faces?
Worse, as the speed of telephony increases with 5G, will that speed up the system implosion with devastating consequences?
Will this technological meltdown be triggered from within by a long-forgotten piece of code, a failed sensor or inferior products in vital, load-bearing points in this system?
This kind of disaster from complexity is known as “emergent behavior.” Remember that concept. Likely, you will hear a lot about it going forward.
Emergent behavior is what happens when various objects or substances come together and trigger a reaction which can’t be predicted, nor can the trigger be predetermined.
Robert Gardner, founder and principal at New World Technology Systems and a National Security Agency consultant, tells me that the computer ecosystem is highly subject to emergent behavior in the so-called complex, adaptive system of systems which is today’s cyberworld. It is a world which has been built over time with new layers of complexity added willy-nilly as computing, and what has been asked of it, has become a huge, impregnable structure, beyond the reach of its present-day architects and minders, including cybersecurity aficionados.
In At The Creation
Gardner, to my mind, is worth listening to because he was, if you will, in at the beginning. At least, he was on hand and worked on the computer evolution, starting in the 1970s when he helped build the first supercomputers and has consulted with various national laboratories, including Lawrence Livermore and Los Alamos. He has also played a key role in the development of today’s super-sophisticated financial computing infrastructure, known as “fintech.”
Gardner says of emergent behaviors in complex systems, “They can’t be predicted by examining individual components of a system as they are produced by the system as a whole — facilitating a perfect storm that conspires to produce catastrophe.”
Complexity is the new adversary, he says of these huge, virtual systems of systems.
Gardner adds, “The complexity adversary does not require outside assistance; it can be summoned by minor user, environmental or equipment failures, or timing instabilities in the ordinary operation of a system.
“Current threat detection software does not seek or detect these system conditions, leaving them highly vulnerable.”
Gardner cites two examples where the system failed itself. The first example is when a tree branch which fell on a power line in Ohio set in motion a blackout across the Michigan, New York, and Canada. The system became the problem: It went berserk, and 50 million people lost power.
The second example is how something called “counterparty risk” sped the demise of Lehman Brothers, the Wall Street colossus. That was when a single default embedded in the system initiated the implosion of the whole structure.
No Nefarious Actors
Of these, Gardner says, “There were no nefarious actors to defend against; the complex, heterogeneous nature of the systems themselves led to emergent behaviors.”
Going forward, the best practices in cyber hygiene won’t defend against catastrophe. The entwined systems are their own enemy. Utilities take note.
And the danger may get worse, according to Gardner.
The villain is 5G: the super-fast phone and data system now being deployed across the country. It will come in what are called “slices,” but for that you can read stages.
· Slice one is what is being built out now: It is faster than today’s 4G, which is what phones and data use currently. It features mobile broadband.
· Slice two, called “machine to machine,” is faster yet.
· Slice three will move vast quantities of data at astounding speeds which, if the data is damaging to the system and has occurred at an unidentifiable location, represents a threat to a whole tranche of human activity.
Self-destroying machines will be unstoppable when they have 5G slice three to speed bad information throughout their system and connected systems. Tech Armageddon.
Newswise — The University of Arkansas at Little Rock has received a nearly $150,000 grant from the National Security Agency to hold a year’s worth of free cybersecurity educational events for junior high and high school students in Arkansas.
UA Little Rock will partner with Philander Smith College to host the 2nd Arkansas GenCyber Strength Training camp in Arkansas, which will support the state’s long-term investment in secondary school cybersecurity education.
The grant will fund a free two-week cybersecurity summer camp at UA Little Rock in July 2023. In addition to the summer camp, UA Little Rock will host a series of quarterly education events designed as escape rooms with cybersecurity challenges to get Arkansas students excited about cybersecurity education.
Those working on the grant include Dr. Philip Huff, assistant professor of cybersecurity at UA Little Rock, Sandra Leiterman, managing director of the UA Little Rock Cyber Arena, and Dr. Suzan Anwar, a UA Little Rock graduate, assistant professor, and department chair of computer science at Philander Smith College.
The Arkansas GenCyber Strength Training program will be offered at no cost to up to 100 rising 7th-12th grade students in Arkansas. There will be both a virtual and in-person camp option so that students from across the state can participate even if they are unable to travel to Little Rock.
Students will also participate in hands-on activities in cyber attacks and defense provided through UA Little Rock’s Cyber Arena, which already provides cloud-based cybersecurity labs to more than 500 virtual students in Arkansas.
“Students will learn how to think like a hacker and stop cyber criminals in their tracks,” Leiterman said. “Each day will feature a world-renowned expert speaker in cybersecurity and the top hands-on cybersecurity training in the region. We will bring partners from industry, academia, and professional development organizations to provide multiple pathways to a cybersecurity career.”
This two-week camp focuses on the GenCyber Cybersecurity Concepts. Participants will hear from industry experts about career opportunities and will learn about cybersecurity with state-of-the art hands-on activities that allows the students to experience cyberattacks from both the victim and adversary side.
“I will teach portions of the camp, provide assistance to the teachers teaching the camp, assist in content and curriculum development to ensure it is relevant and unbiased to the target audience,” Anwar said. “Philander Smith College undergraduate student researchers will assist with camp preparation and develop cybersecurity labs and the GenCyber escape room used for outreach activities.”
Opinions expressed by Entrepreneur contributors are their own.
The past few years have been devastating for mental health. We can blame it on social media, Covid-19, war, climate change fears or even a growing dependency on dangerous and over-prescribed pharmaceuticals — the fact remains that mental health around the globe is in the midst of a precipitous decline. People around the world in ever-growing numbers are struggling with anxiety, depression, stress and sleeplessness, all of which can impact mental acuity and focus.
When our mental health suffers, our identity health suffers. We can define “identity health” as a person’s overall state relating to their sense of self and having a defined purpose for their life. Any deficiencies in our mental health detract from our focus, attention and confidence — critical factors of our identity health. But just as technology has arguably worsened some of these problems, it can also hold the solution.
Several companies are developing ways to monitor and treat mental health through digital mediums. For example, Dana Brain Vital, a U.S.-based software company, is developing a cognitive testing platform to help doctors and patients capture and treat cognitive vital signs in clinical testing. It’s designed for mobile platforms, which means patients and their healthcare providers can flexibly administer it to suit each patient’s unique circumstances.
VR-EVAL is another company doing yeoman’s work in telehealth delivery. It uses cutting-edge virtual reality technology to help victims of human trafficking share their experiences and receive care for their trauma in a safe place. Solutions like this provide a safe and comfortable way for trauma survivors worldwide to receive targeted care from professionals without feeling judgment or pressure from others. It’s another tool in helping people improve their own mental health.
The tools themselves aren’t the only breakthroughs. Online identity management is a crucial component of this move to telehealth. With intimate personal medical details out in the ether, we must ensure the entire process is secure. This is where digital identity wallets factor in; such technologies can ensure that personal information is safe, accessible and relevant only to the patient and their provider. Such developments are part of the innovations that will completely revolutionize how people manage their identity health.
Innovations for your identity
Innovations in identity health aren’t limited solely to mental health apps, although this is an essential component. Online identity health and management can also cause mental distress as people worry about how much of their data is susceptible to thievery or how secure their online transactions are. The digital world has brought many incredible benefits to humanity, but it’s also brought significant stressors. We have to find innovative ways to overcome these stressors so people can once again feel whole in their identities.
In reality, we’re after our authentic identities — more than just a collation of personal data that makes up our identity in a “legal” sense. Our authentic identity is much more than our work history, identification or credit score. It’s who we are at our core: our thoughts, feelings, sense of purpose, and yes, our mental health. Identity innovation solutions, when at their most effective, can aid us in our journey to gain clarity on who we are, which can multiply our impact and influence on the world around us.
The more we can define and gain confidence in our sense of self, the more our identity becomes our foundation for growth and innovation in who we are. That, in turn, helps drive self-investment, where we take those insights (that innovation has helped us discover) and use them to help improve our own self-care in mind, spirit and body. With innovation, we can take control of our own health and well-being like never before.
All of these technologies in telehealth, identity management and others create an opportunity for everyone on the planet to have access to help wherever they are. Improving everyone’s mental health provides a solid foundation for (and can even accelerate) enhancing our identity health. Imagine the problems we could solve and the healthy communities we could create if we each had a greater capacity to invest more time in our identities.
As humans, we need others to challenge us, care for us and inspire us. Unfortunately, our move to a digital world has left many feeling isolated from the people around them for too long. Instead, we need to shift the paradigm. Our identity is tied to our mental health and sense of self, and innovation helps us to discover more about ourselves. These tools have the potential to improve quality of life, but it has to be done in connection with others. So, stay connected and empathetic to those around you, and buckle up for the innovation and change that will lift humanity.
Though 48% of the respondents admit to have fallen for a scam; 74% of consumers still think they can recognize scams before it is too late.
Press Release –
Oct 27, 2022 13:30 CEST
AMSTERDAM, October 27, 2022 (Newswire.com)
– According to research conducted by The Global Anti Scam Alliance and ScamAdviser of 3,500+ internet users, 73% of respondents are either sure or think that they have been exposed to a scam last year.
74% believe they can recognize scams; 48% fell for them
Similarly, this year’s survey has found a small increase of 3 percent, from 71% to 74%, of respondents that claim they can confidently identify a scam. In spite of this, however, 48% of respondents still fell for a scam. It is worth noting that this figure also bodes well for internet users given that in the previous year the reported figure was 67%, thereby illustrating a 19% improvement in victimization from the previous year.
Investment & Crypto Scams are the most reported
The types of scams that internet users were confronted with in the past year have notably changed, with cryptocurrency (28%) being the most popular, followed by unexpected promises of money (22%) and phishing (22%). In terms of the frequency of exposure, the results from the two surveys were notably similar with reported figures of 43% and 42% respectively in 2022 and 2021.
Consumers still rely on outdated methods to check for scams
In terms of how internet users check the safety of websites, unsafe methods such as “checking for an SSL certificate” have increased from 5% to 12% whilst checking for reviews has declined from 41% to 26%. This might serve as an indicator that internet users are putting less faith in online reviews given the increasing problem of fake reviews.
Consumers report scams less; especially to the police
In terms of where internet users report their negative online experiences there has been a drop in the use of review websites from 21% to 15% and reporting to the national police remains the least popular option at 6%.
Furthermore, 46% of respondents choose not to report scams with the most popular reason being that they do not know who to report to (25%), that the process seems too complicated (17%), and general apathy in terms of their opinion that reporting victimization would not in their eyes make a difference (14%).
Lastly, one of our most significant findings is that the respondents still rate police and government efforts in combatting scams as poor. In fact, this figure has increased from 64% in 2021 to 72% in 2022.
On the 9th and 10th of November, GASA will organize the Global Anti Scam Summit to identify new solutions to fight the rise of scams.
In a new proposed settlement, the Federal Trade Commission is seeking to hold a tech CEO accountable to specific security standards, even if he moves to a new company.
The agency announced Monday that its four commissioners had voted unanimously to issue a proposed order against alcohol delivery platform Drizly and its CEO James Cory Rellas for allegedly failing to implement adequate security measures, which eventually resulted in a data 2020 breach exposing personal information on about 2.5 million consumers.
The FTC claims that despite being alerted to the security concerns two years before the breach, Drizly and Rellas did not do enough to protect their users’ information.
While settlements like this are not that uncommon for the FTC, its decision to name the CEO and have the stipulations follow him beyond his tenure at Drizly exemplifies an approach favored by Democratic Chair Lina Khan. Some progressive enforcers have argued that naming tech executives in their lawsuits should create a stronger deterrence signal for other potential violators.
The proposed order, which is subject to a 30 day public comment period before the commission votes on whether to make it final, would require Rellas to implement an information security program at future companies where he’s the CEO, a majority owner or a senior officer with information security responsibilities, provided the company collects consumer information from more than 25,000 people.
Though Republican Commissioner Christine Wilson voted with the agency’s three Democrats to impose the proposed settlement against Drizly, she objected to naming Rellas as an individual defendant. In a statement, Wilson wrote that naming Rellas will not result in putting “the market on notice that the FTC will use its resources to target lax data security practices.”
“Instead, it has signaled that the agency will substitute its own judgement about corporate priorities and governance decisions for those of companies,” she wrote, adding that given CEOs’ broad overviews of their businesses, it’s best left to companies rather than regulators to determine what the chief executive should pay regular attention to.
In a joint statement, Khan and Democratic Commissioner Alvaro Bedoya responded to Wilson’s argument, writing that “Overseeing a big company is not an excuse to subordinate legal duties in favor of other priorities. The FTC has a role to play in making sure a company’s legal obligations are weighed in the boardroom.”
The order against Drizly would also require the company to destroy personal data it has collected but no longer needs, limit future data collection and establish a comprehensive security program including training for employees and controls on who can access data.
“We take consumer privacy and security very seriously at Drizly, and are happy to put this 2020 event behind us,” a Drizly spokesperson said in a statement.
