• Home
  • Blog
  • Facebook
  • LinkedIn
  • Twitter
Menu

Peter Cavicchia

Street Address
City, State, Zip
Phone Number

Your Custom Text Here

Peter Cavicchia

  • Home
  • Blog
  • Facebook
  • LinkedIn
  • Twitter

Why the European Parliament is Looking at Facial Recognition Ban

October 21, 2021 Pete Cavicchia

From social media tagging on popular platforms like Facebook to a way to unlock your iPhone, facial recognition technology is an increasingly sophisticated tool utilized by nearly every major tech company. It has been a part of law enforcement, building security, and personal computing.

Now, the European Parliament is looking to reign in its use in public spaces.

Earlier this month, the European governing body called on police to pull back on its use of artificial intelligence (AI) services that use facial recognition — a call to limit the application of this tech in mass public surveillance programs.

Members of the parliament voted 377 in favor, 248 opposed on a non-binding resolution that asked European Union lawmakers to ban automatized facial recognition and put in place safeguards for how police forces use this AI, Engadget reports.

What these political leaders are saying is that everyday citizens should only be monitored by AI tools if they are suspected of an actual crime. They are suggesting this shouldn’t be an automatic protocol applied to all people in public spaces.

Engadget’s Kris Holt writes that the big concern centers on what is known as “algorithmic bias” in AI programs. The legislators are pointing to past research that suggests these kinds of facial recognition AI systems tend to misidentify minority ethnic groups, LGBTQ+ individuals, women, and senior citizens at higher rates than other people who are scanned by the same programs.

“Those subject to AI-powered systems must have recourse to remedy,” the resolution reads. They also are calling for a ban of private databases of facial recognition information and what is being called “predictive policing based on behavioral data.”

Holt adds that this latest resolution comes after recommendations earlier this summer from the European Data Protection Board and the European Data Protection Supervisor that said this tech should not use biometric data to classify people into “clusters based on ethnicity, gender, political or sexual orientation.”

Essentially, use of this AI could be mishandled in a discriminatory way, according to the Engadget writer.

What this news further underscores is that the use of ever more sophisticated AI technology will continue to be debated by policymakers and the public alike. As it becomes applied more and more in our daily lives, we will see calls for regulation, and discussions over how best it can be used.

Tags Facial Recognition, Engadget, AI

Keeping Security at the Forefront When Apple Operating System Updates

September 29, 2021 Pete Cavicchia
smartphone-1894723_640.jpg

If you are one of the more than 1 billion Apple iPhone users in the world, it was a big day for you. On Monday, September 20, the tech giant unveiled iOS 15, the latest version of its smartphone operating system.

It offered important changes to how your phone will operate — from being able to make FaceTime calls to Android users to more sophisticated artificial intelligence (AI) capabilities to better identifying plants and animals in your photos, CNBC reports.

Among these updates are improved security protections. One feature of the update is “App Privacy Report,” which will notify you how often an app that is utilizing your location and your microphone over the past week. Additionally, it will let users be aware when apps are communicating back to their own servers. Those who pay for Apple’s popular iCloud have a feature called “iCloud Privacy Relay,” which will hide IP addresses, preventing your location from being revealed to unwanted third parties, CNBC adds.

While all of this should put you more at ease that your data is better protected than it had been through older operating systems, it doesn’t mean that you can take a back seat and not be proactive about enabling many of these new features.

Wired offers a comprehensive review of privacy settings you should change once you update your iPhone. Here’s an overview of some of their recommendations:

  • Block email tracking: There are still trackers that exist in the emails you send — they can be in the pixels that are situated in the footer, header, or body of emails, shooting back your information to the email sender. Wired says that Apple’s Mail Privacy Protection tool stops this. To set it up, go to Settings, Mail, Privacy Protection, and then turn on “Protect Mail Activity.”

  • Check up on your apps: Turn on the aforementioned App Privacy Report. Tap “Record App Activity” in Settings.

  • Hide IP addresses: In order to hide the sharing of IP addresses of the sites you visit, go to Settings, Safari, “Hide IP Addresses” and then turn on “Trackers and Websites.”

  • Apple’s authenticator: As is always a good idea when it comes to proper cybersecurity hygiene, make sure you utilize two-factor or multi-factor authentication for all online accounts you use. You can put in place verification codes for these two-factor authentication practices by going to Settings and then “Passwords.” You can set verification codes to autofill whenever you log on to Safari for web browsing on your iPhone.

  • Turn on iCloud Private Relay: To utilize the iCloud Privacy Relay if you’re a paying iCloud user, go to Settings, click on your name, go to iCloud, then turn on Privacy Relay.

As always, if you download a new operating system update on any device — and this recommendation is universal and can apply beyond Apple products — don’t just assume all of the new patches are automatically enabled. With any aspect of your personal data protection, you have to be vigilant.

Tags iPhone, FaceTime, App Privacy, Peter Cavicchia

These billion-dollar anti-hacker plans reveal flaws in companies’ cybersecurity defenses

September 15, 2021 Pete Cavicchia
iStock-1148091792.jpg

Recently, major tech companies left a meeting with President Joe Biden pledging to spend billions on cybersecurity defenses. Google, for instance, pledged to invest more than $10 billion on cybersecurity programs over the next five years, while IBM said it would train more than 150,000 people in proper security measures. Computing giant Microsoft said it would commit to $20 billion in more sophisticated cybersecurity tools, CNBC reports.

The focus on cybersecurity initiatives during these White House discussions were important given the rise of major hacks of companies such as Colonial Pipeline and SolarWinds. At the same time, smaller-scale cybercriminal activities have been on the rise, especially during the past year of social and economic disruptions due to the COVID-19 pandemic.

In an era when shoring up defenses around our sensitive personal and corporate data is paramount, it is understandable why these major companies will put cybersecurity at the forefront.

That might not be enough. Detailed in a recent CNBC piece by Eric Rosenbaum, one vulnerability in these lauded initiatives has been the fact that all of the increased spending on cyber protections hasn’t resulted in a drop in hacks. One big issue centers on the shortage of workers who are trained in cybersecurity. Essentially, there aren’t enough trained professionals to utilize these new tools to push back on cybercrime.

“It’s a big problem,” Larry Ponemon, chairman and founder of information security think tank Ponemon Institute, said in the article. “We see lots of organizations making investments in technology that never get deployed.”

Another expert, David Kennedy, founder and CEO of Trusted Sec, told the financial news network “these companies will buy products, but not include direct staff to support it or else they can’t get the internal funding approval to support it.”

“So, the cybersecurity investments are only half installed or not at all and just languish,” he added.

One big solution to this issue is directing more resources to recruitment and training initiatives to usher in a new generation of cybersecurity professionals. Major companies like Google have put significant energy into training new staffers. Beyond this, universities and colleges nationwide have been answering the call, increasing degree programs specifically in cybersecurity.

In his article, Rosenbaum also points to the threat of artificial intelligence (AI), which will only continue to be leveraged by hackers.

In an incredibly complex world of modern cybersecurity and data protection, both companies as large as Apple and small businesses alike will need to respond on multiple fronts. They’ll have to increase funding for cyber defense programs, hire and train more people to use them, and meet the challenges of more sophisticated AI and new tactics for carrying out cybercrime.

Tags President Biden, CNBC, Colonial Pipeline, SolarWinds

Data Leak Exposes 38M Records, Including COVID-19 Public Health Data

September 3, 2021 Pete Cavicchia
matrix-434033_1280.jpg

A new report from cybersecurity firm UpGuard unearthed data leaks from 47 different organizations. This compromised 38 million records.

The leak is due to default permissions tied to Microsoft Power Apps portals. This latest data reveal is significant because some of the affected companies and businesses included state governmental public health organizations.

Healthcare IT News spoke with a Microsoft representative who made clear that just a small subset of customers had the portal configurations set to make this data vulnerable. Microsoft asserts that Design Studio, the portal designer, “uses strong privacy settings by default.”

“Our products provide customers flexibility and privacy features to design scalable solutions that meet a wide variety of needs. We take security and privacy seriously, and we encourage our customers to use best practices when configuring products in ways that best meet their privacy needs," the spokesperson told Healthcare IT News.

The data that was leaked is certainly sensitive. It includes personal information used for COVID-19 contact tracing, vaccination appointments, health worker employee IDs, and Social Security numbers, among other data.

"In cases like registration pages for COVID-19 vaccinations, there are data types that should be public, like the locations of vaccination sites and available appointment times, and sensitive data that should be private, like the personally identifying information of the people being vaccinated," UpGuard researchers state in their report.

"The number of accounts exposing sensitive information, however, indicates that the risk of this feature — the likelihood and impact of its misconfiguration – has not been adequately appreciated," the report continued.  

After identifying the data leaks, UpGuard notified Microsoft as well as the affected organizations. Some examples include the Indiana Department of Health and the Maryland Department of Health.

"This research presents an example of a larger theme, which is how to manage third-party risks (and exposures) posed by platforms that don't slot neatly into vulnerability disclosure programs as we know them today, but still present as security issues," the UpGuard researchers add.

For its part, the Indiana Department of Health stated that UpGuard “inappropriately accessed” the data, a claim that the cybersecurity organization dispute.

UpGuard states they did not “exceed our authorized access, and while the data should not have been public, the nature of the data could only be ascertained by downloading and analyzing it,” Healthcare IT News reports.

Tags UpGuard, Microsoft Power Apps

Retail Companies Should be on High Alert for Ransomware

August 29, 2021 Pete Cavicchia
ransom.jpg

Out of all of the sectors of our global economy that should be especially vigilant about cybersecurity threats, the retail industry ranks toward the top. A recent global survey from Sophos showed that ransomware attacks have been on the rise for retail companies. During the past year-and-a-half, the COVID-19 pandemic gave hackers the perfect environment of chaos to wreak havoc.

For the survey, Sophos reached out to 5,400 IT professionals — 435 retail IT managers among them — throughout 30 countries. The participants extended from North and South America, Asia-Pacific, Europe, Central Asia, Africa, and the Middle East, according to Cybernews.

The survey shows that 44 percent of retail and education organizations were victims of these cyberattacks.

‘An attractive target for cyberattack

“The retail sector has always been an attractive target for cyberattacks, with its complex, distributed IT environments, including a multitude of connected point-of-sale devices, a relatively transient and non-technical workforce, and access to a wide range of personal and financial customer data,” said Chester Wisniewski, a principal research scientist at Sophos, in a Sophos release cited by Cybernews. “The impact of the pandemic introduced additional security challenges that cybercriminals were quick to exploit.” 

A lot is on the line when it comes to these attacks. The average amount it costs for a retail company to respond to — and attempt to undo the damage caused by — these ransomware attacks totals a high $1.97 million. For reference, the average cost across all industries highlighted by the report was $1.85 million.

The nature of what was stolen is also significant and should give pause to any retailer who has yet to implement proper cybersecurity defenses across their systems.

About 54 percent of the retail companies said the ransomware hackers succeeded in encrypting their data. Beyond this, 32 percent who reported this data was encrypted ultimately paid the high ransom requested.

A lot at stake

An average ransom payment for these companies was $147,811. Even more crushing for retailers was that even paying these high ransom bills failed to regain all that was lost. On average, companies that paid a ransom only got back about 67 percent of the stolen data.

Only 9 percent of these businesses got all of their stolen encrypted data back.

Sophos’s Wisniewski said it wasn’t completely negative news for retailers.

“While enabling, managing, and securing IT during the pandemic increased the overall IT workload for three-quarters of retailers – the sector was also the most likely — at 77 percent — to see a positive return in terms of enhanced cybersecurity skills and knowledge,” he added.

Essentially, this current era of intense cybersecurity awareness can ultimately ensure retail companies are in a better position than they were in before. If they put the protection of their data at the forefront, they will be better equipped to handle the demands of the ever-complex demands of 21st century data protection and security.

Tags Sophos, ransomware, ransom payments

Report: U.S. Government Cybersecurity Defenses Are Too Weak

August 9, 2021 Pete Cavicchia
cyber-security-640.jpg

When it comes to a report card for how fortified its cybersecurity defenses are, the United States federal government doesn’t make the grade. That’s according to a new 47-page report issued by the Senate Homeland Security Committee. Out of eight federal agencies, four received grades of “D,” three earned “Cs,” and just one earned a “B,” according to coverage from tech news website Ars Technica.

“It is clear that the data entrusted to these eight key agencies remains at risk,” quotes Ars Technica from the report. “As hackers, both state-sponsored and otherwise, become increasingly sophisticated and persistent, Congress and the executive branch cannot continue to allow PII and national security secrets to remain vulnerable.”

This isn’t the first report of its kind. Two years ago, an earlier review of these agencies found glaring failures in protecting personal data, maintaining a list of hardware and software used on all agency networks, and installing timely security patches. That report covered information from a decade-long period — from 2008 to 2018.

Here is how the different federal agencies fared in the new report:

  • Department of State: D

  • Department of Transportation: D

  • Department of Education: D

  • Social Security Administration: D

  • Department of Agriculture: C

  • Department of Health and Human Services: C

  • Department of Housing and Urban Development: C

  • Department of Homeland Security: B

For many in the government, this kind of oversight report signifies we are in a precarious moment where our federal agencies need to better defend against sophisticated hacks that threaten some of the nation’s most sensitive data — not to mention the data of its citizens.

"From SolarWinds to recent ransomware attacks against critical infrastructure, it's clear that cyberattacks are going to keep coming and it is unacceptable that our own federal agencies are not doing everything possible to safeguard America's data," said Ohio Senator Rob Portman in a statement reported by CBS News.

“This report shows a sustained failure to address cybersecurity vulnerabilities at our federal agencies, a failure that leaves national security and sensitive personal information open to theft and damage by increasingly sophisticated hackers,” Sen. Portman added. "I am concerned that many of these vulnerabilities have been outstanding for the better part of a decade.”

In the face of these concerns, some movement has been made. In July, the Biden Administration swore in its first National Cyber Director Chris Inglis. During his public introduction, Inglis announced he will make it a point to guarantee the digital infrastructure utilized by “the 102 civilian components of the federal government” have “the right technology and the right practices” to reach “unity of effort and unity of purpose,” CBS News reports.

During a time when so much is at stake regarding how we safeguard our data, reports like this reiterate that the U.S. is at an inflection point where cybersecurity has to remain front and center.

Tags ArsTechnica, HomelandSecurity, hacks

Just How Secure are the Tokyo 2020 Olympics?

August 2, 2021 Pete Cavicchia
olympic-games-6314253_640.jpg

We’re now in the middle of the 2020 Olympics Games in Tokyo — a moment of international connection after a challenging year when the COVID-19 pandemic postponed the original date of the iconic sporting competition.

While it’s a celebratory moment, speculation has ramped up about just how secure the global sporting competition is after all.

Concerns are justified. Both the 2016 and 2018 Olympic Games were targets of Russian hackers. In fact, the attack on the winter 2018 Olympics in PyeongChang, South Korea went straight for the opening ceremonies, hitting stadium Wi-Fi and even affecting security gates, according to Wired.

Leading up to these games, cybersecurity experts and international watchdogs have been sounding the alarm that governments, Tokyo officials, sporting teams, and individual athletes alike should all be on high alert.

The Washington Post reports on some of the most common concerns surrounding this year’s Olympics. For example, the FBI was recently alerted to the potential of a major hack, aware that live broadcasts could be targeted as well as the personal data of athletes and their teams.

“In 2021, the Tokyo Summer Olympics may shape up to be what COVID-19 PPE and vaccine diplomacy was to 2020 — a clear opportunity for nation states to deploy information campaigns to denigrate their adversaries, promote their system of governance, and burnish their image on the world stage,” wrote Rachel Chernaskey, Max Glicker, and Clint Watts in a piece for the German Marshall Fund’s Alliance for Securing Democracy, as cited by the Post.

Despite these concerns, the Olympics seem to be going along smoothly so far. Earlier, reports surfaced that Olympic ticket data was leaked, with IDs and passwords from the Tokyo Olympic ticket portal was posted publicly to a leak website.

A spokesperson for the Tokyo 2020 International Communications Team told ZDNet that this was not in fact a leak from Tokyo 2020’s system and that “we have already taken measures int he form of password resets to limit any damage for the very limited number of IDs detected in this case based on the information supplied by the government.

Cybersecurity officials will be ever present as the 2020 Olympics continue. The games run through the Closing Ceremony, which will be held on Sunday, August 8.

As the world continues to reckon with the ever-present threat of hackers who are growing consistently more sophisticated, vigilance over personal and government data will vault to the forefront of everyone’s minds as the summer games roll on.

Tags Olympics, hackers, cybersecurity

How Secure Are Our Water Supplies From Cybercriminals?

July 27, 2021 Pete Cavicchia
hacking.jpg

Earlier this year, a hacker was able to infiltrate the water supply in Oldsmar, Florida. The cybercriminal was able to increase the levels of lye, or sodium hydroxide, in the city’s water treatment system. Luckily, a city worker detected the hack and reversed any potential damage done, reports the BBC.

The cyberattack touched on both cybersecurity and public health concerns, one of multiple recent examples of how vulnerable our nation’s water supplies are to ever more sophisticated hackers.

The threat to the nation’s water supplies

Another similar example came on January 15, when a hacker attempted to attack a water treatment plant that is used by portions of the San Francisco Bay Area. The cybercriminal utilized the login information for the program that employees of the plant use to operate their computers remotely. The hacker — who has yet to be identified — deleted programs used by the plant to treat the area’s drinking water. This person’s activity was detected the next day, prompting the plant to immediately reinstall programs and change login information for employee accounts, reports NBC News.

In their broad-ranging report, NBC spotlights just how vulnerable our nation’s water system is to hacks — more than other sectors of our infrastructure.

This is due to the fact that water systems nationwide are difficult to institute universal cybersecurity safeguards and, unlike other parts of the infrastructure, can have severe impacts on the population at large if tampered with.

One benefit of our nation’s water supplies is that each system differs, there is no centralization. This means it would be very difficult to carry out a nationwide hack all at once given that each water facility functions on its own. On the flip side, this means there is no standard protocol that each system can implement. This results in a somewhat chaotic situation.

"It's really difficult to apply some kind of uniform cyber hygiene assessment, given the disparate size and capacity and technical capacity of all the water utilities," Mike Keegan, an analyst at the industry trade group, the National Rural Water Association, told NBC. “You don’t really have a good assessment of what’s going on.”

The vulnerabilities of local water systems

The threat is very real. NBC reports there are more than 50,000 drinking water facilities throughout the country. Most of them are nonprofit companies. While some are for the nation’s large metropolitan and urban centers, many provide drinking water for rural areas that might not have the means, staff, or defense protocols in place to defend against a major cyberattack.

A big problem facing these rural water facilities is the fact that many rely on remote employee system logins as with the situation in Oldsmar.

For facilities located in difficult-to-reach rural areas — an employee might have to drive 50 miles to work at a water treatment plant — and in a year where the pandemic saw all industries embrace work-from-home routines, we are facing an environment where these rural facilities are especially vulnerable.

NBC reports that some light is on the horizon. Congress just gave the Cybersecurity and Infrastructure Security Agency (CISA) authority to compel Internet providers to reveal the identities of organizations and companies that are prone to hacks. The Biden administration is also aiming to begin a cybersecurity initiative, an overdue collaboration between these water plants and the U.S. government.

Hopefully, we are entering an era where we are particularly vigilant about keeping the water we drink — and our communities depend on — are safe from cyberattacks.

Tags Water Supply, Nationwide Hack, NBC
← Newer Posts Older Posts →