The deadline is nearly a year away, but time flies, so be mindful of the U.S. Department of Homeland Security deadline for obtaining REAL ID identification to enter federal facilities, nuclear power plants or commercial airplanes at federally regulated airports.

A Security Today post makes clear that gaining REAL ID can be taxing to obtain but essential for anyone planning on flying or other forms of specified entry into U.S. locations.

“Check in advance with the federal agency you plan to visit to find out whether identification is required, and if so, what types of identity documents are acceptable. While most federal agencies will continue to accept non-compliant driver’s licenses and identification cards until the enforcement deadline of Oct. 1, 2021, some – like Department of Defense facilities and posts – may no longer accept them.

“Read answers to REAL ID frequently asked questions at www.dhs.gov/real-id-public-faqs.”

It’s been a year, indeed, for computer-based security scams, the KnowBe4 blog reports. “Scamming incidents have increased by 519% in 2020 compared to last year,” Stu Sjouwerman reports, “according to researchers at Baltimore-based ZeroFOX. The researchers compared their own data to a recent report from the Federal Trade Commission, which found that scams on social media have skyrocketed since the start of the pandemic earlier this year.”

Here’s what’s been happening online:
“* 423% increase in Financial Services (scammers/money mulers targeting banking customers)
* 1579% increase in Retail scams
* 226% increase in Consumer Goods scams
* 295% increase in HR scams, which could align with scammers looking to capitalize on work from home opportunities and lay-off/furloughs due to the pandemic
* 164% increase in crypto giveaway scams, where an account is taken over or an impersonator profile is created to look like an influencer to peddle the scam
* 609% increase in money flipping scams
* 100% increase in impersonating profiles that have someone who claims to work for a company in HR, but does not.”

Vigilance is truly needed to keep the Internet as secure and reliable as possible.

The Department of Homeland Security has issued an assessment of threats to U.S. national security and there are seven clusters of them, too many, actually.

Here’s the categories:

1. Cyber Threat to the Homeland – Based in our computers and information technology.
2. Foreign Influence Activity – “Russia remains the number one threat to US democracy as actors continue to use disinformation campaigns to undermine confidence in US institutions, the election, and the COVID-19 pandemic.”
3. Threats to U.S. Economic Security -The COVID-19 pandemic has severely disrupted US supply-chains, ” leaving trade lines, academic institutions, and information and communications industries vulnerable to Russian and Chinese infiltration.”
4. Terrorist Threat – “While foreign terrorists remain a very real threat, lone wolf terrorism and homegrown violent extremists currently pose the most prominent threat to national security…”
5. Transnational Criminal Organization (TCO) Threats to National Security – “Mexico remains the primary source of TCO threats, trafficking drugs and humans across the borders, even though the rates have slowed since COVID-19.”
6. Illegal Immigration – “The pandemic and resulting travel restrictions have led to an influx of illegal immigration via land and sea, as well as human trafficking. While illegal immigration does not equate to a national security threat, there are plenty of opportunities for exploitation on both sides of heavily-traveled migration routes.”
7. Natural Disasters – We’ve been going through an “overactive natural disaster season (particularly wildfires and hurricanes) has complicated response efforts, causing DHS to reevaluate its role in the recovery process.”

Feeling stressed enough?

The U.S. Department of Homeland Security recently hosted one of its periodic Digital Forums on Terrorism Prevention for Atlanta-based civil society leaders The aim is “to combat terrorist use of the internet”.

“Digital Forums on Terrorism Prevention,” DHS explains, “bring community leaders and tech companies together to build the capacity of credible voices against terrorism in the online environment. These forums also provide a platform for community leaders to improve online effectiveness and understand the value of content creation for digital spaces. Ultimately, the goal of the forums is to build authentic, scalable and sustainable local response capacity to counter terrorist recruitment and radicalization.”

The annual forums are typically held in person, but this one was presented virtually, due to the pandemic.

Police departments could benefit from adding training in soft skills, like emotional intelligence, to reduce their reliance on deadly force, Matthew Eldridge on the InPublicSafety blog suggests.

“Soft skills,” Eldridge explains, “are often defined as people skills or skills, abilities, and traits that pertain to personality, attitudes, and behavior rather than to formal and technical knowledge.

“These soft skills include emotional intelligence, which is generally referred to as ‘the ability to monitor one’s own and others’ emotions, to discriminate among them and to use the information to guide one’s thinking and actions.’ This is not to say that hard skills such as firearms marksmanship, defensive tactics, or emergency driving are not essential, but rather that officers should also be better equipped to handle the situations they encounter on a day-to-day basis.

“The majority of law enforcement officers will never use their firearm in the line of duty. A recent study found that only 27% of officers have ever fired their weapon,” Eldridge adds. “Yet, according to a study by statistician Dr. Brian A. Reaves, law enforcement trainees in police academy spend an average of 71 hours on firearms training compared to 43 hours collectively learning “cultural diversity, human relations, mediation, conflict management, community partnership building, collaboration, and problem-solving approaches.”

Know your office telephone system and its emergency communication capabilities, if it has them. That’s the advice of SecurityInfoWatch writer Paul Timm, a physical security professional (PSP).

“The facilities in which I conduct security assessments typically have excellent telephone systems,” Timm notes. “When I ask an employee about the emergency communication capabilities, however, that person is often unfamiliar with feature specifics and how to access them.

“If and when a critical incident occurs, individuals may not be able to notify others or receive emergency notifications. Employees may not be able to answer questions, such as – Is there an “all call” feature? What is the main desk extension? Can the telephone access the public address system?”

For Timm, the lesson in this is “The value of your telephone system is determined by the individuals who utilize it. Make them aware of emergency communication features. Ensure they are prepared to utilize those emergency features.”

That’s your ring.

What’s the value in information security? Nigel Sampson on The State of Security blog notes that, although business boards are pushing back on cybersecurity investments, “executives do not understand that one successful phishing email could cost the company millions of dollars.” (Phishing, Wikipedia explains, “is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details, by disguising oneself as a trustworthy entity in an electronic communication.”)

The problem is that “Information Security leaders have to demonstrate the value and purpose for each solution that’s purchased and prove the solution that was chosen is doing the job it was procured to do. Executives are therefore requiring Information Security leaders to prove the value of the solutions in ways they understand. They need to see the value not in security metrics but in dollars and cents.”

Fair enough. Yet keep always in mind the cost of a successful intruder’s hack.

Businesses mostly have been holding their own against cybersecurity attacks during the pandemic, Robert Lemos on the DarkReading blog reports.

There has been an increase in attacks, yes. “Yet, advises Lemos, “the increase in attacks has not led to an increase in breaches, with 16% of firms experiencing a breach in the past 12 months compared with 15% for the same period in 2019, according to a report by threat-hunting tools provider DomainTools. More than half of the surveyed companies (56%) stated they are prepared to support a fully remote workforce, with about a third tightening security policies and settings.

“Overall, fears that the chaos of the coronavirus pandemic and the massive shift to remote work would lead to more frequent security incidents and breaches have failed to be realized, says Tim Helming, security evangelist at DomainTools.

“‘In general, organizations held their own pretty well,” he says. ‘Obviously, COVID represented a dual problem for security shops — the shift to remote work encompasses all kinds of complexities — but on top of that, you had a bunch of attackers seizing on the moment and preying on the hunger for information on COVID.'”

This holding of the fort occurred “with most companies shifting employees to work from home”. Good cyberlearning has been occurring.

So-called ‘superspreader events’ are a big cause of coronavirus infections. What are they?

In Homeland Security advises that they occur “when a single person infects a large number of other people, or when a gathering is linked to a large number of cases”.

“There’s no rule for when a cluster of cases is big enough to be called a superspreader event. But these are not instances of spread within one household. Instead, these are large clusters of cases where infection occurs in settings such as churches, restaurants or bars.”

“To prevent superspreader events, we need to better understand them, said Anne Rimoin, an infectious diseases expert at the University of California, Los Angeles.

“She has called for detailed contact tracing of the infections around President Donald Trump, including those who attended a Sept. 26 Rose Garden ceremony and indoor White House reception for Supreme Court nominee Judge Amy Coney Barrett.

“The timing of the event and the number of people infected suggests the possibility of superspreading, she said.”

Computer security blogger Graham Cluley calls our attention to the 2020 (ISC)2 Security Congress which is being held entirely online this year. “Yup, it’s the same great content as always, but from the comfort of your own PC, without having to worry about any health concerns or battle any travel restrictions your company may have in place.”

Cluley himself will be a conference keynoter. He’ll be discussing “what’s going on in the world of IT security, and how cybercriminals are exploiting the COVID-19 pandemic, taking advantage of the disruption to steal information from organizations, compromise networks, scam the unwary, and even endangering lives.

“For more information about the Security Congress, and to register, please visit: securitycongress.brighttalk.live.”