Doug Bedell — May 28, 2017, 8:10 am

President Trump Prods the Feds on Cybersecurity

We trust that President Trump’s executive order on cybersecurity will have the result with federal agencies the President wants, and the nation needs.

For, as SecurityInfoWatch reports, “more than 190 federal agencies who previously all have been running disparate cybersecurity programs will have the opportunity to create a unified framework that will not only help protect the nation’s critical data and information resources but modernize some agencies that have IT systems that are between 30 to 50 years old.

“For example, the Commerce, Defense, and Treasury departments, along with HHS and VA report using 1980s and 1990s Microsoft operating systems that stopped being supported by the vendor more than a decade ago, and many other departments are using unsupported operating systems and components.”

Truly, there’s plenty of room for coordination and improvement of federal cybersecurity efforts.

Doug Bedell — May 24, 2017, 12:06 pm

Digital Security Breaches Setting World Records

Amid all the coverage of digital security breaches so far this year, it’s not surprising to learn that “data breaches and software vulnerabilities look set to break new records in 2017, if first quarter trends are any indication.”

That’s DarkReading’s conclusion as it reports that “Risk Based Security’s analysis of Q1 data showed there were a total of 1,254 publicly reported data breaches worldwide, which together exposed a mind-boggling 3.4 billion records containing sensitive data.

“Two breaches alone accounted for over 2.5 billion of those breached records. One involved River City Media and exposed 1.34 billion email addresses while the other at Chinese Internet Service Provider NetEase Inc. exposed nearly 1.3 billion email addresses and passwords that were later sold on the Dark Web.”

So don’t, it bears reminding, operate a computer without malware protection, like, for example, Norton Internet Security. And be mindful of what emails you’re opening – if in doubt, it’s probably best to delete.

Doug Bedell — May 20, 2017, 8:14 am

Bollard Barriers Stopped the Times Square Carnage

A television station in Los Angeles makes a point to remember about the chaotic scene in New York’s Time Square in which a speeding, careening car was brought to a halt by security bollards.

One woman was killed and 23 other people were injured in the incident. But “Investigators,” the TV report added, “said the tragedy could have been a lot worse if not for one Southern California company that makes the steel security barriers that stopped the careening Honda.”

The bollards were made by Calpipe Security Bollards based in Compton, CA, and were installed in late 2016. For its part PRO Barrier engineering offers the B-Cube basic bollard barrier which can be deployed in many creative ways.

Doug Bedell — May 17, 2017, 8:05 am

Insight Into the ‘Wanna Cry’ Ransomware Attacks

SecurityInfoWatch takes us into the digital chaos produced by the “Wanna Cry” ransomeware attacks. The infection was spread via a massive email spam, exploiting a vulnerability in the Windows OS, which Microsoft released a security patch for in March. Computers and networks that did not install the patch to help protect their systems are at risk.

“Think about it,” says Rob Clyde, Board Director for ISACA, an international IT governance association. “Earlier, even a simple computer crime involved two steps to get to monetization. First, the criminals have to break-in and steal personal information like credit card details and then secondly, sell it on the dark web, often to organized crime groups, in order to get paid. The buyers, in turn, use the credit card or other information to commit fraudulent transactions,” Clyde explains.

“With ransomware, crime has become an easy one-step monetization process. They break into a computer system, install ransomware and get the payment directly from the person or organization impacted. It’s a one-to-one interaction and payment is easily received. So from a cyber criminal’s perspective, ransomware has become a superior way of monetization.”

Doug Bedell — May 13, 2017, 9:54 am

U.S. Beefing Up Cybersecurity Defenses

Thanks to an executive order from President Donald Trump, the U.S. is strengthening its cybersecurity defenses.

Government Security News advises that: “James Carder, the chief information security officer for LogRhythm, said the executive order encompasses many of the recommendations his firm makes to its clients. In particular, Carder, who has nearly 20 years of experience in IT security consulting, said he was pleased that Trump’s directive includes language for funding the improvements and holding officials responsible.

“It’s about time the government and critical infrastructure organizations take cybersecurity seriously,” Carder said. “Protecting these assets is imperative to protecting the American people and our way of life.”

Doug Bedell — May 11, 2017, 3:26 pm

NTT Security Provides a ‘Global Cyber Threat’ Report

How to stay “heads up” with the latest cyber security risks, especially when they’re growing? That’s not an easy question for an assured answer, but Security InfoWatch tries its best, and helpfully.

“Despite the grim outlook,” InfoWatch notes, “”there’s also a great deal of research being done on various cyber crime trends to help keep cybersecurity professionals well-informed on the threat landscape. NTT Security’s recently published “2017 Global Threat Intelligence Report” provides a wealth of data points on the aforementioned cyber threats and how hackers continue to vary their tactics…”

And here’s a link to NTT Security’s report.

Doug Bedell — May 7, 2017, 8:50 pm

Beware What You Think You See If You’re Meddling In Security

On DarkReading, Joshua Goldfarb provides a meditation on rushing to judgement and/or mocking the makers of mistakes. “Do you think that if someone were to mock me,” Joshua asks, “it would make me feel better about the mistake I’ve made, or somehow encourage me to learn from it?”

Just the opposite. “Mocking people causes them to dig in deeper, and to avoid listening to anything the mocker says at all costs.”

It’s like a bird that can’t see anything through a window, only a reflection of itself.

Doug Bedell — May 5, 2017, 9:39 am

Robots, Too, Can Be Subject to Hacking

We’ve been noting the arrival of industrial and security robots, but as with their human counterparts, they’re not without problems. DarkReading reports on how researchers hacked an industrial robot, causing it to draw a “slightly skewed” line when the mechanism thought it was a perfectly straight one.

The robot’s “straight line” was off by off by only two milimeters. But, notes Dark Reading’s source, “It made a defect in manufacturing. If that was an airplane…it can be a catastrophic event.” So, a timely question – How do you assuredly hold robots to the straight and narrow?

Doug Bedell — May 3, 2017, 8:59 am

Beware: Small Businesses Subject To Hacking Too

Big businesses or small – both sizes are subject to cyber security attacks. There’s no safety in smugness for either size.

Security Infowatch warns that “Many small businesses fall under the false impression that criminals will only target large or even medium-sized businesses given the higher potential pay out; however, nearly half of all cyber-attacks target small organizations.” There’s a lot more of pertinence (for small businesses especially) in this very helpful post…

Doug Bedell — May 1, 2017, 9:56 pm

‘Penetration Testers’ Can Readily Check Your Security

If you have any doubts about the effectiveness of the security measures you’ve taken at your workplace – and you should have, actually – consider hiring or retaining penetration testers – or “pentesters” for short. That’s the advice of SecurityInfoWatch in a post, “Inside the Mind of Hackers”. This holds for both perimeter and digital security, though InfoWatch is concerned primarily about computer hackers.

From the work of Australia-based cyber security firm Nuix, InfoWatch quotes insights from a survey of penetration testers – good guys who think like bad guys – who make computer hacking sound like a vainglory affair, which it indeed is. There’s pride, after all, in breaking in quickly.

As to protecting a physical perimeter and entryways, ProBarrier Engineering is similarly proud of its own abilities on behalf of clients.