Cybersecurity Needs to Keep Up With A Changing World

June 10, 2021 Pete Cavicchia

The past year has brought cybersecurity front and center as work-from-home became the norm and the average person had to become better equipped at keeping sensitive data safe and secure. Despite these security friendly cultural and societal shifts, a new survey of tech professionals reveals we might not be quite up to par with best cybersecurity practices.

Tech news website TechRepublic reports that the survey from the Thales Group shows security teams across a wide international range of companies have generally been having difficulty adjusting to the new cybersecurity demands of the COVID-19 era. This means security teams have not been brought up to speed on ever-evolving cybersecurity protocols — from lack of modern infrastructure needed to defend their firms from hacks to improper training in current programs and software.

The extensive report found 20 percent of respondents said their security systems were ready for a sudden shift to the cloud as the pandemic altered overnight how companies handled their workflows. The survey also revealed 82 percent of respondents were concerned about security risks posed by the push for at-home work and 44 percent said they feared their firms’ systems were not equipped to keep data generated and transferred from home-based employees secure.

A need to embrace cloud computing

This doesn’t mean the majority of firms have security teams that are lacking in talent. It’s quite the opposite. Instead, the report reveals that these cybersecurity professionals just haven’t been given the appropriate tools fast enough to handle this changing world.

“Technologies such as encryption and multi-factor authentication (MFA) have not reached saturation levels such that the majority of applications and data are fully protected,” TechRepublic cites in a passage from the report.

One of the main cybersecurity realities that has emerged during COVID-19 is the need to embrace cloud computing. As we continue to normalize working from home — with many workplaces turning to hybrid home-and-office models — the cloud will only continue to be a necessity.

The Thales Group found that just 17 percent of respondents said more than 50 percent of sensitive data hosted on the cloud is encrypted at their firms. If you zero in further, 24 percent reported having full knowledge of where their data is even stored in the first place while 45 percent say their teams have clearly defined company-wide cloud protocols.

What this means is there is a lot of work left to do.

The Thales report lays it out clearly — everyone at a firm needs to be on the same page when it comes to cybersecurity: “Senior executives need to ensure that they obtain a more complete understanding of the levels of risk and attack activity that their front-line staff are experiencing. They can't make effective strategy and security investment decisions when perspectives across the organization aren't aligned."

How Cybersecurity Impacted Working from Home During COVID-19

June 3, 2021 Pete Cavicchia

The past 12 months reoriented daily life in myriad ways. This is represented most starkly in how we work. In 2020, 62 percent of Americans worked from home, with 49 percent doing so for the first time, reports business website B2C.

That high volume of employees in the United States taking their work laptops home and from brought with it a 300 percent increase in cybercriminal activity targeting remote workers. The frequency of these hacks increased during the first six weeks of American quarantine and shelter-in-place orders early last spring.

The business website reports that 20 percent of companies experienced data breaches linked to these home-based workers.

If you’re a business owner — or even just an employee who still sees your home as your “office” for the foreseeable future — it is understandable that numbers like this give you cause for concern. With cybercrime targeting work from home on the rise, one bright spot appears to be the reality that cybersecurity etiquette is also on the rise.

Best practices for keeping your personal and professional data secure are part of the normalized parlance of office conversation. Now, it is becoming second nature for American workers to be cognizant of the importance of keeping their information protected from hackers.

Two-factor authentication, secure passwords, and wariness over phishing and ransomware attacks are increasingly a normalized part of professional life. In short, protecting your data isn’t just reserved for the company’s IT team.

CFO reports that companies are relying on the cloud. One example is the fact that organizations are using cloud-located intranets that use direct, private connections and even virtual desktop interfaces.

Artificial Intelligence (AI) and machine learning are also playing a needed role in identifying threats.

CFO cites a recent Infosecurity Magazine piece that shows how machine learning is detecting phishing attacks, referencing a cloud-based algorithm that scans email header messages to pinpoint what is known as “ratware,” or software that generates automatic mass messages. Then, another algorithm looks for phishing vocabulary in the body of an email. Eventually, this algorithm continues to grow more sophisticated, better picking up on suspicious emails as it collects more information about what is and isn’t malicious information hitting your Inbox.

While the rise of cybercrime is worrying, there is reason to hope. The deployment of canny AI made specifically to fight back against hackers coupled with increased cybersecurity literacy among America’s workforce hints at a future primed for a world that will continue to rely on working from home — safely.

The Need for More Cybersecurity Professionals

May 13, 2021 Pete Cavicchia

Whatever it is, the way you tell your story online can make all the difference.

The past 12 months have been uncertain, with the COVID-19 pandemic causing major economic damage to a range of industries, from retail to education to communications.

Cybersecurity is one field that hasn’t necessarily experienced mass job loss, but is still suffering from a different problem — retention and hiring.

A new report from ISACA and HCL Technologies found that a high 61 percent of cybersecurity leaders say their teams are understaffed, while 55 percent say they have unfilled cybersecurity positions in their offices. The survey reached 3,600 information security professionals who revealed they had a hard time holding on to important talent over the past year, reports Help Net Security.

Difficulties with hiring and retention

While the pandemic might not have led to layoffs in the cybersecurity space, the cultural shifts brought about by the health crisis certainly impacted the information security workforce. One big reason for such low hiring and retention numbers seems to be “limited remote work possibilities” at their firms, as work-from-home culture has largely — in many instances, enthusiastically — been adopted by most American workers.

The report also found that 50 percent of cybersecurity leaders say the applicants they do see are “not well qualified.”

Ensuring cybersecurity firms are fully staffed is important given the crisis that has been growing ever grimmer in recent years — the rise of cyberattacks

About 68 percent of those surveyed who said they’ve experienced more cyberattacks also reported being “somewhat or significantly understaffed.” Additionally, 63 percent who have experienced these cyberattacks revealed they have a hard time retaining “qualified cybersecurity professionals.”

Jonathan Brandt, ISACA information security professional practices lead, told Help Net Security that the past year revealed “just how vital cybersecurity is to ensuring business continuity.”

“As a global cybersecurity community, it is imperative that we all come together to recalibrate how we hire, retain and train our future cyber leaders to ensure we have a solid workforce to meet these evolving cybersecurity needs,” Brandt added.

Skills cybersecurity professionals need

If you’re a cybersecurity professional and looking for work, the industry leaders surveyed by ISACA and HCL Technologies highlighted what they’re looking for.

About 95 percent of respondents said they are seeking candidates with hands-on cybersecurity experience, 89 percent cited credentials, while 81 percent cited hands-on training. When it comes to gaps in experience, 56 percent said “soft skills” are often lacking, 36 percent cited security controls and 33 percent referenced software development skills.

To close these gaps and fix this cybersecurity hiring void, they pointed to better training programs for non-security staff who hope to move to security positions, an increased reliance on contract employees and external contractors to better adjust to our modern “gig economy,” more emphasis on artificial intelligence (AI) and automation, as well as better performance-based trainings.

In an ever more complex world full of increased cybersecurity threats, it’s crucial we continue to build and harness a workforce that can keep our companies and personal and professional data safe and secure.

Does the Rise of Machine Learning Bring More Security Risks?

May 11, 2021 Pete Cavicchia

It’s one of those buzzword terms used increasingly over the years — machine learning (ML).

Conjuring images of science fiction films and sentient robots, machine learning refers to computer systems that can utilize algorithms and statistical models to analyze and process data without direct human instruction. As we’ve developed better, more versatile connected devices, our machines have gotten smarter. Just look at IBM’s Watson supercomputer or even your Apple device’s favorite AI assistant, Siri.

The more advanced our AI, the more security risks emerge.

A new report from Tel Aviv startup Adversa tackles this issue.

Cybersecurity blog The Daily Swig recently spotlighted the new paper, discussing how it asserts that in AI systems, “vulnerabilities can exist in images, audio files, text and other data used to train and run machine learning models.”

This makes it easier for these systems to be manipulated by cybercriminals, with AI having a hard time filtering out “malicious inputs and interactions,” the report reads.

Adversa found that AI machine learning systems that processed visual data were most sensitive to these attacks. “Vision” stood at 65 percent of attacks, followed by “analytics” at 18 percent, “language” at 13 percent and “autonomy” at just 4 percent.

“With the growth of AI, cyberattacks will focus on fooling new visual and conversational interfaces,” according to the report. “Additionally, as AI systems rely on their own learning and decision making, cybercriminals will shift their attention from traditional software workflows to algorithms powering analytical and autonomy capabilities of AI systems.”

The big concern is that, given how relatively new these advanced AI systems are, not enough defenses have been put in place to keep them safe and, most crucially, protect the sensitive data in their charge. At many companies today, there unfortunately are not specific security teams put in place to zero in specifically on AI.

Alex Polyakov, co-founder and CEO of Adversa, told the tech blog the tide is changing. His company and others are now advising other organizations on how to address these machine learning threats.

“The technology itself is a double-edged sword and can serve both good and bad,” Polyakov said.

As with all technology, it’s important that a firm stays abreast of developing industry standards to ensure precious data is handled safely. We might be entering an ever more complex AI world, but as always, safety must come first.

How to Make Security Priority No.1 When Buying a New Laptop

October 23, 2020 Pete Cavicchia

As we get deeper into fall and closer to holiday season, you might start to think about finding new tech gifts for your loved ones or … for yourself. Obviously, one of the most popular go-to tech items is a new laptop. Whether for personal or business use, laptops are an essential for most people. About 73 percent of adults in the United States own either a desktop or a laptop computer, according to Pew Research Center. If you’re one of the millions of computer owners thinking about purchasing a new laptop, security must be front-and-center in your mind.

What are some simple, common-sense ways to protect your new laptop?

PCWorld offers some crucial advice:

Install top-notch security software. They write that Internet use poses the greatest threat to laptop safety. While Mac and Windows devices come with their own built-in security protections, they suggest purchasing additional security systems. One example is Norton.
- “Norton is an integral piece of the world’s largest civilian cyber intelligence network, allowing them to see and protect against advanced cyber threats,” the computer magazine writes. “Norton also has the Virus Protection Promise, and Norton is so confident in its protection that it’s guaranteed. If your PC or Mac gets a virus that Norton experts cannot remove, they’ll give you a refund.”
They also suggest using virtual private networks (VPN), which offer privacy by way of a private network when using public Internet connections.
Transportation is always key. If you plan on taking your laptop on trips, to coffee shops or business meetings, you’ll need to also purchase a secure bag for your computer. Make sure you get one with safe internal padding so that your computer doesn’t get damaged from all the jostling around that comes with travel. Also, pick a laptop bag with waterproof fabric on the outside in case you get caught in a rainstorm.
Always purchase insurance for your new computer in case it gets damaged or stolen.
Beyond all of this, discussions around computer security always come back to data. Back up your data on the cloud — like Apple’s iCloud — or use an external hard drive in case your computer either becomes compromised by a hack or gets damaged irreparably. Make sure your precious documents and data are stored and saved so you can retrieve them at a later time.

Top Cybersecurity Tips for Seniors

October 13, 2020 Pete Cavicchia

We live in a world where it is impossible to avoid technology. Everyone is digitally connected through everything from phones to connected “smart home” devices like Amazon’s Alexa. This is increasingly the reality for older adults. About 42 percent of adults 65 and older owns smartphones, according to a 2017 survey from the Pew Research Center. As adoption of modern technology increases among older adults, so, too, does the threat of cybercrime inflicted on seniors.

CNBC reports that online cybercriminals target older people at high rates. Why? They usually are wealthier than the average American adult, more trusting and less likely to report fraud. They cite a 2015 report that U.S. adults in this older demographic lose a sky high $36.5 billion each year to financial crimes and scams.

What can older people do to protect themselves and ensure they are vigilant about their cybersecurity? The U.S. Department of Homeland Security offers some clear-cut recommendations. For one, they suggest that you avoid any online banking or transmitting sensitive information over public Wi-Fi or a kiosk at a library, for instance. Also avoid clicking on any strange links from unknown websites or emails that might be asking for your financial information. When it comes to seeking medical advice online, they prompt older Americans to consider the source. If it’s from an educational or government website, or an official pharmaceutical company page, then you’re good to go. When shopping online, look for the padlock icon at the bottom of the browser, which indicates the site is protected by security software.

For its part, CNBC stresses that there are some key recommendations older Internet users need to take to heart when protecting themselves online:

Password needs to be strong: Make sure you craft an original password that wouldn’t be guessed easily by a third party. They should ideally be 12 to 15 characters with a combination of special characters, numerals, and symbols. They should also be site-specific. Don’t use the same one for every website.
Update antivirus software: Make sure you keep your antivirus software up to date. This applies to your computer, tablet, or smartphone.
Use vetted Wi-Fi: Again, avoid public Wi-Fi signals from libraries, parks, or public transportation. If you’re at a coffee shop, make sure you verify with the business that you are signing on to the correct signal and using the appropriate password.
Protect personal information: No matter what, do not give an unknown party your personal information. This applies to telemarketer phone calls as much as it does to unknown emails or websites.

Public Transportation Safety and Security: Protecting Yourself and Others

October 5, 2020 Pete Cavicchia

As we enter October, it is safe to say that 2020 has been a year full of unexpected challenges. That puts it mildly. The COVID-19 pandemic reoriented how we behave in our daily lives, forcing us to reconsider our personal security and what we do to keep others safe.

Among other things, this impacted how we travel. It’s been well reported that public transportation has suffered as less people opt to ride buses and trains, sheltering in place at home or looking for alternate ways to get from point A to point B.

That being said, across the country, local transit authorities have gone to great lengths to not only ensure adherence to public health protocols like wearing masks and disinfecting trains and buses, but they have even been limiting the capacity of travelers per vehicle. In most cases, they’ve been marking seating clearly with directional signs to ensure riders practice social distancing.

The Scientific American reports that little evidence exists to show public transportation poses an increased risk for contracting the coronavirus, largely due to all of these measures that have been put in place.

What can you do to ensure your own security and protect the health and well-being of others around you? The Centers for Disease Control and Prevention (CDC) says that those who use public transportation need to practice proper hygiene — wash your hands — wear a mask, sit away from others, and if you are feeling sick, look out for your fellow travelers by staying home.

Beyond COVID-19, you should also be wary of normal, pre-pandemic travel concerns when riding a subway or a public bus. These common sense concerns should especially be at the front of college students’ minds, particularly freshman who might be traveling and living away from home for the first time this fall. Loyola University Chicago provides some key tips. They include:

Sit near the bus driver if possible.
Chose an aisle seat so you can get up and leave quickly if a problem arises.
When waiting for transportation, choose a well-lit space so you aren’t waiting alone in the dark, particularly at night.
Don’t fall asleep while traveling — be vigilant.

Essentially, the pandemic has made us more cognizant of public safety when on our commutes. While a difficult time, this is a positive thing — it emphasizes that people need to act in the greater good to keep themselves and others safe.

Just How Safe is Cloud Computing?

September 29, 2020 Pete Cavicchia

It’s now been a big part of our lives for the past decade or so, but what exactly is “the cloud?” It’s a method of storing data that isn’t tied to a physical hard drive. Instead, it operates and exists solely on the Internet.

From the iCloud to Google Cloud, it is a ubiquitous way we store information, hold onto precious data, and share documents and photos between our devices with ease.

While it is common, BBC News reports that only 10 percent of the world’s data is stored remotely through cloud computing. Think of it as a way that businesses and individuals can store their information at a relatively affordable rate. You don’t need to have a computer science degree to know how to use it most effectively. Hence, this ease of use is a big part of cloud computing’s appeal.

For those who are accustomed to the cloud or for those who have yet to try it, security is obviously a top issue. How safe is it? The BBC interviewed Gavan Egan, managing director of cloud and IT solutions for Verizon, who offered a few words of wisdom:

“The biggest risk is giving up control of your data to someone else using different data centers in remote places,” Egan said. "What happens in the event of a disaster? You're also putting your data next to someone else’s."

There is the risk that a problem with your cloud system, or a mistake you make, could see your data wiped away, stolen by others, even corrupted by cybercriminals.

ISG Technology outlined why cloud computing is safe. They said as more and more businesses have been abandoning unwieldy and expensive servers for cloud-based systems for file storage, cloud computing companies have become increasingly vigilant about safety.

They cite a Forbes article that highlights three key ways the cloud is safe.

Three key ways the cloud is safe

For one, cloud services usually store at least three copies of each piece of your data in different locations. To lose your data permanently, all of these copies would have to be erased at once, which is unlikely to happen. Additionally, increasingly more sophisticated security protocols — think passwords, two-factor authentication, etc. — mean that you and you alone have access to this data. If you are stringent with other aspects of your personal cybersecurity, such as online banking and email use, then you should be the same way with your cloud computing habits. Safe sharing features also ensure that you have control over who sees your information. You make the final call as to who can access what when and if those links expire permanently.

If you’re still on the fence about cloud computing, security giant Norton puts it in simple terms — you have more to worry about with your email account:

“The data that you save with cloud service providers may likely be safer than the information you've stored in your computer's hard drive. Remember, hackers can use malware and phishing emails to get the information stored on your own devices. They might freeze your computer, demanding a ransom before they'll release the files and data they've frozen,” Norton writes.