Doug Bedell — September 18, 2019, 11:50 am

The State of our World: Increasingly Less Secure

The security outlook for the world’s future isn’t all that encouraging, advises a new report from the American Enterprise Institute (AEI).

“The report defines the authoritarian-corruption nexus as ‘the growing convergence of licit and illicit state and non-state actors that facilitates and launders the profits of illegal activity, reinforcing the strength and survival of authoritarian systems of governance everywhere.”

In other words, strong, largely unaccountable leaders have more leeway for mischief.

“All of our enemies are authoritarian regimes…but not all authoritarian regimes are enemies,” Fuller, a fellow said. “We have a lot of authoritarian regimes that we’re friendly with, and that’s okay, but that’s no reason to simply turn a blind eye to the corruption that exists in those countries that’s feeding this nexus.”

The import of the Homeland 411 post is that the world’s security climate is worsening, not great news at all.

(Photo: The North Korean Palace)

Doug Bedell — September 16, 2019, 11:06 am

There’s No Overstating It: Cyber Attacks Are Growing

Cybersecurity may be a business concern, but, warns Security Infowatch, “very few companies have taken the threats seriously.”

“People play Russian roulette with their business decisions all day,” says Dave Tyson, Senior Vice President of Apollo Information Systems, who also formerly served as President of ASIS International. “Cybercrime is more profitable than the drug trade.”

“In fact, statistics show that a business falls victim to a ransomware attack about once every 40 seconds and these attacks, according to Tyson, have begun to move to more vulnerable end-users, such as small and mid-sized businesses, hospitals, and local and state government agencies that don’t have the resources to wage much of a defense.”

We’ve warned of cyber dangers several times in these posts, but they can hardly be overstated. “In physical access control, for example, just because someone has access to one door doesn’t mean they should have access to every door.” Likewise, keeping one’s cyber guard up is key.

Doug Bedell — September 13, 2019, 11:17 am

Good Enterprise Security Has Many Aspects

We do this occasionally – pass along tips on what’s involved in a complete security program for an enterprise. These are from from DarkReading – “Taking a Fresh Look at Security Ops: 10 Tips”.

Security is a team effort, by no means once and done. It involves, notes the post, executive support, strategy, an understanding of risk and pending threats, the security team’s goals and priorities, the skills of your security team, the processes and technology you’ll be using and the eternal organizations you’ll be part of.

Good organizational security is no small challenge, as the above listing makes clear. Right on!

Doug Bedell — September 11, 2019, 10:51 am

On the Internet, the FBI Breaks Into the Fraudulent Email Racket

The FBI is on to the threat of fraudulent emails intended to pry money from unknowing people. “Federal authorities,” reports ThreatPost, “have arrested 281 people and seized nearly $3.7 million in a coordinated effort between multiple agencies to disrupt a massive email-fraud scheme.”

“Perpetrators of a global business email compromise (BEC) scheme” ThreatPost adds, “were the target of a four-month investigation that began in May called Operation reWired, a coordinated effort by the U.S. Departments of Justice (DoJ), Homeland Security, Treasury, State and the U.S. Postal Inspection Service, working with local and state law-enforcement agencies.”

“The news comes on the heels of an alert issued by the FBI that organizations have lost $26.2 billion in the last three years to BEC schemes, which defraud victims by using emails to deceive them into sending wire transfers or personal information so cybercriminals can realize a financial gain.”

There’s more detail in the post, but be assured that the Internet can be a dangerous place, including the transfer of fradulent emails.

Doug Bedell — September 9, 2019, 11:10 am

Biometric Security Has Its Weaknesses Too

Do you think biometrics – the use of fingerprints and other body-based identification techniques – provides foolproof security? Think again. That’s the word from DarkReading in its post “7 Breaches & Hacks that Throw Shade on Biometric Security.”

“Stolen fingerprint, fake hands, voice synthetization, and other nefarious techniques show biometrics has plenty of challenges,” the post advises – and provides examples.

You can never feel too secure about security measures is the lesson here and in many other settings. Bodily measurements, while widely used, have weaknesses too, DarkReading advises.

Doug Bedell — September 6, 2019, 1:36 pm

DHS Guidance on Protecting ‘Soft Targets and Crowded Places’

The U.S. Department of Homeland Security has made a specialty out of strategies for reducing risks at Soft Targets and Crowded Places (ST-CPs). “ST-CPs do not have to be buildings and can include open spaces such as parks and pedestrian malls,” DHS advises.

“Preventing attacks against ST-CPs and reducing impacts of attacks that do occur is a shared mission among many stakeholders, including the general public; ST-CP owners and operators; private industry; State, local, tribal, and territorial(SLTT) partners; and the Federal government.

“Since its inception, the Department of Homeland Security (DHS or Department) has played a role in this area, executing programs intended, directly or indirectly, to enhance the security of ST-CPs. Recent changes in the threat landscape and trends in global and domestic incidents call
for a renewed level of focus on this problem.”

We won’t go into any detail here, but the department’s Security Plan Overview for Soft Targets and Crowded Places is on its website and includes a good deal of information on the subject.

Doug Bedell — September 4, 2019, 9:38 am

School Districts Increasingly the Target of Hacker Attacks

Computer hackers have been turning to educational institutions and school systems to enter and disturb, SecurityInfowatch advises.

“Educational institutions have become one of the top ten lists of preferred hacking targets,” the post notes, “joining the ranks of popular targets like finance (Capital One, Equifax), retail (Target), manufacturing and transportation. As a sector known for tight budgets and limited technical staffs, it was somewhat inevitable cybercriminals would increase targeting of school data, seeing a relatively weaker universe of potential targets.”

InfoWatch lists security measures school systems can take against hackers, including engaging students to become part of the Cyber Defense Team. “IT can work with teachers and administrators to help students understand school data breaches affect them personally and can cause great harm to their peers and their school.”

Doug Bedell — August 30, 2019, 1:16 pm

Suicides Plague the U.S. Air Force

The U.S. Air Force, Homeland Security advises, has a suicide crisis. The post is written by Wes O’Donnell, a veteran of the U.S. Army and Air Force,1997-2007.

“Since 2010, almost 1,000 airmen have committed suicide,” he writes. “As of August 1, 78 airmen have killed themselves, up from 50 at the same time last year. The USAF is on track to lose 150 service members or more this year to suicide.”

O’Donnell goes on to present ideas “from enlisted airmen to squadron, group and wing commanders” on what might be done to lessen the incidence of suicides in the Air Force. May they be done, and prove effective.

Doug Bedell — August 28, 2019, 11:41 am

Reflections of a Security Professional on the Walmart Shootings

A writer for Security Magazine (a law enforcement and private security professional) appraises the August 3rd shootings at a Walmart store in El Paso, Texas, to suggest what went wrong.

“There is no evidence,” he writes, “that there was an off-duty law enforcement officer or armed, professional security officer on duty at Walmart. There should have been on-site, an expertly-trained, well-paid and professionally-certified security officer who possesses law enforcement level training. Had this one security measure alone have been in place, there is a good chance this shooting would have been prevented.”

This isn’t second-guessing so much as reflections by a trained security professional. His appraisal is well worth considering by others with security responsibilities.

Doug Bedell — August 26, 2019, 2:32 pm

Heed This: It’s Increasingly Dangerous Out on the Web

Here’s a treatise, via ThreatPost, on how “fraudsters are using social media to spam, steal information, spread propaganda and execute social=engineering campaigns.”

Indeed, the web is becoming a rollicking setting for harm, should one be unaware of the hazards of surfing on an inviting computer screen.

“From an overall digital fraud perspective,” ThreatPost advises, “Arkose examined more than 1.2 billion transactions spanning account registrations, logins and payments from financial services, e-commerce, travel, social media, gaming and entertainment industries, and found that one in 10 transactions overall are malicious, ranging from automated bots to humans carrying out scams.”

“The Arkose Labs Q3 Fraud and Abuse Report found that social media platforms see a variety of attacks from bots as well as malicious humans, including account takeovers, fraudulent account creation, spam and other abuse. More than three-quarters (75 percent) of attacks on social media are automated bot attacks, according to the analysis.”

Oh, be ever-so-careful on the web.