Doug Bedell — January 16, 2017, 12:42 pm

Airport Security Requires Pervasive Alertness

airport-security
Airport security, it’s increasingly clear from recent grisly incidents, is a definite concern, one requiring alertness by airport personnel and travelers alike.

“Airport security,” writes Dr. Jeffrey T. Fowler of American Military University on In Homeland Security, “is defined as all security operations necessary to ensure the safety of employees, passengers, visitors and cargo. Typically, airport security systems are integrated and technologically advanced. They include human, physical and cyber security, as well as other technological measures working in concert…”

Doug Bedell — January 10, 2017, 3:43 pm

If It’s on Wi-Fi, Can Even the Fridge Be Trusted?

imgres
Gee, isn’t this great? A refrigerator with a Wi-Fi-accessed camera “so,” for example, “you can look inside from your phone while you’re at the supermarket to see just how much mustard is left in the jar.”

As we keep adding to the Internet-of-Things, we’re also adding to personal security risks. We don’t want to overplay this, but anything that’s out there digitally can, possibly, be hacked and compromised. Not likely, perhaps, but possibly.

So, with our Internet gambols, we take on an added amount of risk as well, even from our refrigerators. Read more about this on Naked Security’s “The Spy, sorry, The Fridge Who Loved Me.”

Doug Bedell — January 2, 2017, 3:37 pm

13 Page-FBI-DHS Report Analyzes Alleged Russian Election Hacking

threatpost_fbi_dhs_election_report
Here’s the report that’s stirred all the fuss over whether the Russians sponsored cyber attacks on the U.S. presidential election process. The 13-page report report was released last week by the Federal Bureau of Investigation and the Department of Homeland Security.

According to Threat Post site that’s posted the document, “The 13-page report (PDF) said attackers masqueraded as third parties, hiding behind false online personas designed to cause the victim to misattribute the source of the attack.’ It said hackers aimed ‘to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities.’”

Expect to be hearing more about this matter in the coming weeks. It’s good to have the report on hand.

Doug Bedell — December 28, 2016, 2:39 pm

Plagued by Passwords? Pick a Solution

imgres
It’s still the holidays, so this “gift” security tip shouldn’t seem too belated. Slow in arriving or not, we’d find it welcome. If you’re plagued with having to remember your computer’s passwords, and have no tool yet for doing so, the Safe&Savvy blog urges you to get one.

Safe&Savvy likes F-Secure , and 1Password is an option as well.

In any event, Safe&Savvy feels “there’s no way that this (juggling passwords) should be a problem in 2016,” much less, of course, 2017. Happy New Year!

Doug Bedell — December 21, 2016, 4:40 pm

Counterfeit Passports: A Troubling Security Concern

forging-passport-picture-532611957_725x483
Here’s another security concern: counterfeit passports. The Homeland Security blog reports that “The trade in fake passports or other forms of government-issued identification continues today, in spite of government attempts to create more sophisticated official documents.”

At a time when the U.S. is especially concerned with the security of its borders, counterfeiters are making it possible for criminals or terrorists to simply walk in, by showing phoney passports. The Homeland Security post provides details of an obviously troubling concern.

Doug Bedell — December 19, 2016, 4:23 pm

CEOs’ ‘Naive’ About About Their Cyber Defenses

images-1
Hard to believe, but Website Magazine reports that CEOs are underestimating their vulnerabilities to cyber attack, threatening the security of their digital systems.

“Specifically,” Website’s Peter Prestipino reports, “PricewaterhouseCoopers’ 2015 Global State of Information Security Survey projected that financial losses from cyber-attacks will jump from $500 billion in 2014 to more than $2 trillion in 2018.”

Now that’s something definitely worth paying assured attention to. Fortunately, “The study found that, while 87 percent of CEOs agree that they need a better way to measure the effectiveness of their cybersecurity investments, 84 percent still plan to increase their spending in the next year.”

Doug Bedell — December 16, 2016, 10:15 am

Why Cyber Security’s a ‘Must’

cyber-security
Computer malware is no security joke. Pay heed to this from The Denver Post: “60% of small companies that suffer a cyber attack are out of business within six months.”

“It seemed like just another ordinary day for a small online retailer in the Midwest,” the post begins. “Little did they know that the simple click of an e-mail link was about to threaten the entire business…

Doug Bedell — December 13, 2016, 10:53 am

Computer Penetration Testers ‘Think Like Hackers Themselves’

imgres
To combat computer intrusions, consider getting a penetration test. Chad Horton on the Security Metrics blog says such tests often are more effective than security software alone, providing the professionals doing the testing are given all the information they need.

“To combat a hacker,” Horton notes, “you need to think like a hacker.” Makes sense, we’d say.

Doug Bedell — December 9, 2016, 3:41 pm

Business Security Starts at the Top – With the CEO and Board

images
On Security InfoWatch, Brian Stafford joins the discussion on closing the web security gap: Sounds good, but “While the idea of a sound security culture sounds promising, it can be extremely daunting to effectively implement and enforce. Part of the challenge involves achieving consistency across organizations and individual business lines.”

Does that mean the scammers are likely to win? Not necessarily. “As companies determine the security posture and culture that work best within their unique corporate environments,” Infowatch continues, “there’s one thing that most can agree on: the tone must be set by those at the highest levels of the organization, including the C-suite, board members, and directors. Not only must these individuals be involved with the creation of the actual information security policies/procedures, they must also follow these guidelines to a T, serving as an example for all others in the organization.”

Doug Bedell — December 5, 2016, 5:09 pm

Warning: Cybersecurity Seems to Be Slipping

imgres
The Dark Reading blog provides a post in the spirit of its ominous name – the confidence of cybersecurity professionals is slipping. Seven hundred professionals were polled for the 2017 Global Cybersecurity Assurance Report Card (by the CyberEdge Group and Tenable) for a global security index and the study “showed that the index fell six points in the last year to an overall ‘C-‘ score of 70 percent.”

C scores don’t cut it anywhere important, and sound cybersecurity practices are important. “A big part of that drop,” Dark Reading notes, “came on the back of a 12 point decline in risk assessment capabilities.” Feeling any better?

What’s going on here? Well, the post notes that “today’s network is constantly changing – mobile devices, cloud, IoT, Web apps, containers, virtual machines – and the data indicate that a lot of organizations lack the visibility they need to feel confident in their security posture…” What is being sensed is certainly disheartening in an era of both cyber necessity and criminality.

Reasonably assured security is indeed challenging. We’d advise assigning it the resources it requires.