Doug Bedell — June 29, 2022, 9:34 am

Pressures on Allied Support of Ukraine

David E. Johnson on the RAND blog raises the question of how long can the U.S. and its allies “afford the massive transfer of weapons to the Ukrainians, lest they jeopardize the readiness of their own militaries? When does the arsenal of democracy shift to the arsenal for self?”

“The contributions by the United States and Ukraine’s other supporters have been immense,” Johnson notes. “Chairman of the Joint Chiefs of Staff General Mark Milley said that as of mid-April approximately 60,000 anti-tank weapons and 25,000 anti-aircraft weapons went to Ukraine.” And there’s more on the way.

“This is not unlike the pushback to President Franklin Roosevelt’s March 1941 Lend Lease policy that rushed U.S. materiel support to Great Britain and the Soviet Union, including aircraft and warships. Arguably, this assistance kept the besieged British in the war.”

War brings stark choices. For Ukraine and its allies, this is one of them.

Doug Bedell — June 27, 2022, 11:45 am

Real Security Requires Training

The collapse of the Champlain Towers South 12-story condominium in Surfside, Florida last year provides  an example of  how important training is to insure the security of  everyone involved, in this instance the residents of the building. Megan Gates  on Today in Security reports on the consequences of the omission of training for all the security guards “to use the alert system to evacuate residents.”

“When you are responsible for protecting people, especially in a high-rise residential building, certain safety measures must be in place—including alarm systems, Russell Kolins, CEO of Kolins Security Group, says. Those measures must work, and security staff must be trained on how to use them so they can be deployed when an incident occurs.

“Training is overseen by supervisors who are responsible for assuring their client that the security officers working at their property have the capability to perform the duties according to the client’s requirements,” Kolins explains. “This means that not only do officers need to pass the initial test of their duties at a specific property, but also have to receive training consistently to test the officers’ knowledge of the property and skills to facilitate the security measures in place designed to save lives. To confirm the validity of the requisite to supervise, train and test, look at settlement in this matter. Securitas paid over half!”

Not all the Securitas guards at Champlain Towers “were trained to use the alert system to evacuate residents” the post notes.

Doug Bedell — June 24, 2022, 11:35 am

Cyberspace – A Stressful Place Indeed

The cybersecurity workforce is becoming stressed to the point of quitting, Claire Meyer reports on Today in Security.

“Ransomware. Nation-state attacks. Massive data breaches. The headlines are full of cybersecurity threats and incidents, and the persistent pace of attacks is driving “increasing and unsustainable stress levels” in the cybersecurity workforce, according to a report from cybersecurity company Deep Instinct…

“Remote work has made cybersecurity management even more challenging. Remote work leads to diminished oversight of devices and IT security practice compliance, according to ZDNet, and the Deep Instinct survey found that 52 percent of C-suite professionals said securing a remote workplace was their biggest cause of concern.

“Security operations teams are also juggling larger workloads and longer hours in the face of heightened cybersecurity threats. Of cyber professionals outside the C-suite, 47 percent told Deep Instinct that they felt pressured to stop every threat—despite acknowledging that this is impossible—and 43 percent said there was an expectation to be always on call or available.”

We’ve noted this before. Cyberspace is, clearly, a stressful place – too many attackers.

Doug Bedell — June 22, 2022, 12:44 pm

Organizations Can Use ‘DRI’ Against Hackers

Jeff Orloff on SecurityWeek.com suggests that organizations use the Defense Readiness Index to defend against cyber attackers on their computers.

“In many cases,” he explains, ” organizations simply don’t take the time, or have the background, to craft a roadmap that allows them to measure and improve cyber competencies. Developing this roadmap can be time-consuming and expensive but, fortunately, there is a better option — a framework called the Defense Readiness Index (DRI).

“DRI is inspired by the Cybersecurity Maturity Model Certification, a program initiated by the United States Department of Defense in order to measure defense contractors’ capabilities, readiness, and cyber security sophistication.

“DRI has five levels of controls and practices. The first level covers basic cyber hygiene. At this level there are no defined differences in security practitioner roles (such as security management, engineering, and analysis). Higher indexes add more controls and practices, rising from Intermediate Cyber Hygiene to Good Cyber Hygiene, to Proactive, to Advanced/Progressive.”

Sounds like a good way to tune up an organization’s resistance to cyber foes.

Doug Bedell — June 20, 2022, 7:59 am

‘First Light 2022’ Nets Thousands of Scammers Worldwide

Graham Cluey on the State of Security site advises that “Law enforcement agencies around the world appear to have scored a major victory in the fight against fraudsters, in an operation that seized tens of millions of dollars and seen more than 2000 people arrested.

” ‘Operation “First Light 2022’, running for two months from March 8 2002 until May 8 2022, saw 76 countries clamp down on organized crime rings behind a variety of scams, seizing criminal assets, and providing new investigative leads around the world.”

Obviously, this is good news. Read about the full extent of the assaults against internet mobsters.

Doug Bedell — June 17, 2022, 9:30 am

Information Sources on the Jan. 6, 2021 Melee

JustSecurity.org, based at the New York University School of Law,  is a good place to go for information on the charges emerging against Donald Trump in connection with the January 6 2021 storming of the U.S. capital. Of course,  for fingertip access to such information, nothing beats heading to Google and simply typing January 6, 2021. “About 1,960,000,000 results” emerges in just 0.87 seconds or less, Google proudly announces. (A couple of hours later the number was 9,560,000,000 in 0.57 seconds.)

Wow!

Doug Bedell — June 15, 2022, 11:37 am

More About Passwords, and Replacing Them Entirely

Back to passwords for a bit. Lance Whitney on Tech Republic  writes that “Faced with the challenge of adopting a unique and complex password for each account, many people instead turn to simple and vulnerable passwords, putting themselves and their organizations at risk.”

In other words, passwords are definitely worth fussing over.

Meanwhile, Ping Identity discusses “Our Passwordless Future: A New Era of Security.”

While we’re still using passwords, it’s smart to make them hard to crack.

Doug Bedell — June 13, 2022, 11:07 am

Ransomware Attacks Growing on the Internet

Writing on the State of Security, Mary Manzi reports on Sophos Labs’ “annual global study, State of Ransomware 2022. which covers real-world ransomware experiences in 2021, their financial and operational impact on organizations, as well as the role of cyber insurance in cyber defense.

“The report, which surveyed 5,600 IT professionals in mid-sized organizations across 31 countries, shows that ransomware attacks are increasing and becoming more sophisticated. In 2021, 66% of organizations were hit with ransomware, an increase of 29% compared to 2020.

“Cybercriminals are finding more complex ways to launch ransomware attacks. An average of 57% of the companies surveyed reported an increase in the volume of attacks, and 59% said the complexity of attacks had increased. With the everything-as-a-service model, even those criminals without the skills and financing required to deploy a unique ransomware attack can use ready-made packages.”

And, “Ransom payments are becoming inflated. The number of organizations that paid a ransom of $1 million or more rose to 11%, up from 4% in 2020. Whereas the percentage of organizations paying less than $10,000 dropped from 34% in 2020 to 21% in 2021.”

Thus, the Internet continues to become a dicier communication realm.

Doug Bedell — June 10, 2022, 6:56 pm

Barriers Are For Stopping, Not Yielding

Barriers are for stopping, not evading. This thought came to mind in reading about a fairground in Gastonia, North Carolina, where  “a man drove (a  pickup truck) over a barrier and into the center of the fairgrounds… The driver of that truck, who police say was driving under the influence, still made it about half the distance of a football field before stopping just yards away from 9-year-old Dre McNeil.”

At PROBarrier Engineering, our PB-12 barrier was designed with a situation like that at the North Carolina fairground in mind. “It can be readily deployed to control vehicle traffic at street fairs, parades, construction sites, military bases, farmers markets, schools, and colleges – anywhere vehicle access control is considered necessary.

When stopping cars or trucks is the aim, a barrier’s design is all-important. It comes first,  and needs to be demonstrated.  “The PB-12 is engineered for a K4 (M30) rating. That rating translates to stopping a 15,000-pound vehicle traveling at 30 miles per hour, or a 3,700-pound vehicle traveling over 60 mph.”

The truck at the Gastonia fairgrounds was going a lot slower than that.

Doug Bedell — , 11:17 am

Security Risks Faced by Elderly People Online

Lyle Solomon on The Last Watchdog on Privacy & Security  discusses “The Top 5 online privacy and data security threats faced by the elderly.”

“Unlike many younger users online,” Solomon writes,  “they may have accumulated savings over their lives — and those nest eggs are a major target for hackers. Now add psychological variables to the mix of assets worth stealing.

“Perhaps,” he adds,  “elderly folks who haven’t spent a lot of time online are easier to deceive. And, let’s be honest, the deceptive writing phishing assaults and other cyber threats today employ are skilled enough to fool even the most trained, internet-savvy experts.”

Solomon goes on to discuss specific online threats in this helpful contribution of reflections for older computer users. A California lawyer, he works for the Oak View Law Group as a Principal Attorney.