CSID at SXSW 2017

By | February 24th, 2017|Uncategorized|

CSIDEvery year, hundreds of thousands of people come to Austin to attend South by Southwest. This technology, film, and music conference and festival brings together some of the brightest minds in innovation from around the world. We’re looking forward to another opportunity to weigh in to the conversation and will be participating in a range of security-focused sessions at this year’s event, which kicks off March 10.

CSID will be hosting a workshop and a solo session at the conference to share our expertise on two topics that have become increasingly prevalent in today’s cybersecurity climate. CSID’s very own Joel Lang will be co-hosting a breach response workshop and giving participants the hands-on opportunity to learn best practices in risk mitigation and breach response through a live simulation. This interactive workshop will take place at 9:30am on March 11 at the Westin Austin Downtown in Continental 2. Don’t forget to RSVP to this workshop. To RSVP, you must sign into your SXSW account and have your badge linked to your account on social.

Additionally, our Chief Innovation Officer, Adam Tyler, will be speaking about the new face of cyber crime, showcasing through a live demonstration how younger individuals get involved in cyber crime, and how consumers can help defend against growing threats. You can catch Adam’s session at 3:30pm on March 15 at the JW Marriott in Salon 7.

If you’re attending SXSW, we’d love to see you at our sessions. Check out some of our other top picks below that are sure to offer unique insights into the latest threats and opportunities in the security landscape. Unable to attend this year’s conference? You can join the conversation at @csidentity where we’ll be on-site and live tweeting from our panels and other sessions throughout SXSW.

The Future of You: Identity Tomorrow
Saturday, March 11, 11:00 am, JW Marriott, Salon 8
In the future, your digital ID may replace all your current forms of identification. These ID experts discuss the current state of web identity from business to consumer, and dig into the important advancements that are being made to build your future identity. Who will own your ID in the future? Why will it become so important for your future digital existence? Is the future of ID centralized and managed by governments, or distributed and trust-less like block chain? What do you need to know to protect yourself in this new digital Domain?

A New Normal: User Security in an Insecure World
Monday, March 13, 3:30 pm, JW Marriott, Salon D
Online security is becoming a game of Whack-a-Mole, where one threat is contained while another emerges; where a credential dump of millions of users is yet another note in a chorus of breaches. Today, complete security is somewhat of a pipe dream. Given this new normal, how do we keep our information as secure as possible? This diverse panel will navigate the evolving challenges to online security and question conventional wisdom around security across industry and sector–to understand the economics of a seemingly chaotic online world and to illuminate unexpected trends.

Connected Cities, Hackable Streets
Tuesday, March 14, 12:30 pm, JW Marriott, Salon 6
In cities around the world, street lights, public transit systems, and electric meters are already connected to the Internet. Soon, smartphone controlled, self-driving cars will roam cities and every part of the urban fabric could be Wi-Fi enabled. While tomorrow’s smart cities will usher in efficiencies and convenience, they’ll also bring about security threats and vulnerabilities. Hackers have already demonstrated they can remotely take over cars and switch off traffic lights. So, how can urban planners and engineers build cities of the future that are resilient enough to guard against cunning criminal hackers who may want to bring Singapore or San Francisco to a grinding halt?

Biotechnology Needs a Security Update
Wednesday, March 15, 12:30 pm, JW Marriott, Salon 6
Great leaps forward in biotechnology have made the IT-based manipulation of life increasingly easy. To many, biotech offers unparalleled opportunities to reshape our world and ourselves. To others, it poses significant threats. As human systems are better understood and life becomes more programmable with CRISPR and other technologies, governments need to prepare for a new age of biosecurity. Join experts from industry, FBI, and academia who work with hackers, sociologists and politicians to tackle the security challenges of the emerging bioeconomy. Explore real opportunities and threat profiles of modern and future biotech, and why life on earth may soon need a security update.

SXSW 2017 is sure to be full of enlightening conversations and ideas. In our new Firewall Chats bonus episode, we take a deep dive into a handful of SXSW sessions and their application in the current cybersecurity landscape. As always, feel free to join the conversation on Facebook, Twitter, or LinkedIn.

Using Social Media in Vetting for Visa Applicants

By | December 16th, 2015|Uncategorized|

Social MonitoringNews surfaced late last week that Tashfeen Malik, the female shooter in the San Bernardino attack, pledged support to ISIS on her Facebook page the day before the attacks and had talked openly on social media about her support for violent jihad prior to passing background checks for her K-1 fiancee visa. The Department of Homeland Security (DHS) missed this because it is currently prohibited from screening applicants’ social media messages for immigration eligibility.

The New York Times wrote, “The discovery of the old social media posts has exposed a significant — and perhaps inevitable — shortcoming in how foreigners are screened when they enter the United States, particularly as people everywhere disclose more about themselves online. Tens of millions of people are cleared each year to come to this country to work, visit or live. It is impossible to conduct an exhaustive investigation and scour the social media accounts of each of them, law enforcement officials say.”

This ignited a debate that has been playing out in the media, the House floor, and on the political stage. To summarize, Democrats and Republicans alike said DHS needs to start screening social media before it approves visas. Hillary Clinton, among others, called for tech companies to work with authorities to combat terrorist messages online.

Whether or not the government should screen applicants social media accounts, it absolutely could accomplish this type of screening quite easily with social media monitoring tools that companies and individuals use all the time for marketing and business intelligence, reputation and online identity management. CSID’s Social Media Monitoring tool is designed to alert subscribers of instances where they are sharing personal information via social that may put them at risk of identity theft, as well as information found within their social networks that might damage their reputations. It is not hard to imagine how this same type of keyword monitoring and alert functionality could be used to aid in the screening of visa candidates.

As always, let us know what you think on FacebookTwitter and LinkedIn.

SYNful Knock and a New Age of Phishing

By | September 21st, 2015|Uncategorized|

PhishingEarlier this week, Reuters reported that security researchers uncovered a new malware strain called SYNful Knock, targeting Cisco routers. Once installed, SYNful Knock gives cyber criminals the ability to harvest data being shared via the router without being detected. The malware has already been found on a handful of Cisco routers in four different countries.

While reports of breaches and data theft are commonplace these days, the SYNful Knock malware stands out for one key reason – affected routers were compromised not because of a security flaw in Cisco’s software but because cyber criminals secured the login credentials of key network administrators to install the software.

We’ve long espoused on this blog that employees are always going to be the weakest link in any security system. There will always be an employee that reuses easy-to-remember passwords across multiple logins. There will always be an employee that gets tricked into downloading an infected file or tricked into clicking on a malicious link through a phishing scam. If you want better cyber security at your business, employee education is the place to start.

This is even more evident went you look at the Cisco router story. In the past, cyber criminals focused on quantity over quality – send out 100,000 phishing emails and hope that a handful of recipients fall for the scam. We are seeing a move away from this and a move towards cyber criminals focusing on specific high-value targets, targets like employees that have network administrator-level credentials. Cyber criminals are using social media sites like LinkedIn to identify key personnel that may have administrator access to a system. They are then researching these individuals, often on social sites like Facebook and Twitter, to collect personal information – information that can be used for a customized phishing email or to answer standard password reset questions. In the case of the Anthem breach, cyber criminals used this tactic to secure logins for five Anthem employees. One of these five employees had administrator-level credentials. That’s all it took for cyber criminals to access more than 80 million customer records.

Compared to Anthem, this week’s Cisco router news seems pretty unimpressive. But it is a story that serves as a cautionary tale of what’s on the horizon for business cyber security and employee vulnerability.

Have tips on how to educate employees on password best practices? Weigh in on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

Securing All the Things: IoT Myths and Realities

By | September 4th, 2015|Uncategorized|

IoTThe Internet of Things isn’t a new concept – but it’s certainly one that has gained momentum, particularly within the last year. Recently, we’ve seen more and more connected devices come to market. While connecting our world may bring added convenience to our everyday lives, it’s important to question what we may be sacrificing from a security perspective.

Back in April, news broke around a software glitch that enabled hackers to take control of a Jeep Cherokee while on the road. Cybersecurity experts Charlie Miller and Chris Valasek, working from laptop computers at home, were able to break into the Jeep’s electronics through the entertainment system. The experts were then able to change the speed of the vehicle, alter its braking capability, and manipulate both the radio and windshield wipers. The two described the hack as “fairly easy” and “a weekend project.”

It was recently discovered that not even Tesla Motors is immune to being hacked. This, again, was an attack orchestrated through the car’s entertainment system, though it took closer to a year to pull off. Researchers were able to apply the emergency hand brake, remotely lock and unlock the car, and control the touch screen displays. There is good news – Tesla has already developed a fix, which has been sent to all of the affected vehicles.

Something rarely discussed that warrants consideration from both security professionals and consumers alike is the danger brought on by seemingly innocuous connected products (think: “smart fridge” or “connected toaster”). While the thought of a hacker gaining control of a refrigerator is perhaps less daunting than the idea of them taking control of your steering wheel while on the highway, the reality that these products may serve as a gateway to more sensitive information is something that cannot be ignored.

Just a few weeks ago, a team of hackers uncovered a man-in-the-middle vulnerability in a Samsung smart refrigerator that showed it could be exploited to steal Gmail users’ login credentials. What’s most concerning about this is hackers were able to access a sensitive network, containing users personally identifiable information, through hacking into the refrigerator.

There has been a lot of fear around smart medical devices – but this is one area that may be considered more IoT “myth” than “reality.” Most medical devices don’t currently appear to be connected to the Internet, but rather through Bluetooth. Additionally, because most medical appliances are smaller scale, it’s virtually impossible to integrate a mobile phone connection into devices of this size. Consumer fears around having cellular waves inside the human body have also kept these devices from operating on a mobile phone connection.

Fears around connected smart watches may also be considered an IoT “myth,” at least at this stage, as most are not directly connected to the Internet. That being said, last month HP did discover some major areas for concern, finding that most smart watches did not have two-factor authentication, were vulnerable for man-in-the-middle attacks, and had poor firmware updates.

It’s an interesting debate – and one that will undoubtedly continue as more companies introduce products to compete in this space. What do you think about security risks with the Internet of Things? Weigh in with us on Twitter and Facebook. Be sure to check out our Tumblr for the latest industry news stories.

Industry News Recap: Zero-Day Exploits In The Limelight

By | August 28th, 2015|Uncategorized|

Zero-Day AttackA large amount of tech coverage has recently been devoted to zero-day vulnerabilities and attacks and the industry’s widespread attempts to stop them.

The average Internet user has never encountered the term “zero-day attack” but it’s one that we are going to hear more about in future. A zero-day attack occurs when a hacker exploits a software flaw that is unknown to the developer. Techopedia’s Cory Janssen explains that this type of flaw is dangerous because “there is no known security fix [as] developers are unaware of the vulnerability or threat.” These threats are called “zero-day” because they occur on or before the day that a vendor becomes aware of the bug.

Zero-day attacks have long been a concern for software developers, but they have only recently received widespread attention due to a string of high-profile events. In July, leaked documents revealed multiple zero-day exploits in Shockwave Flash. From The Post-Standard: “Once the details were made public, it left anyone using Flash open to cyberattacks.” According to TechRepublic, the result was an eye-opening race, that revealed hackers were able to create malware to exploit the flaws a full day before developers could patch them. Since then, zero-day attacks against a wide variety of developers have dominated the headlines.

The insidious nature of zero-day attacks is alarming, but developers have systems in place to combat them. An exciting example: bug bounty programs, which give monetary rewards to members of the general public who discover software bugs. The tech industry has long used bug bounty programs to incentivize hackers to uncover and report security flaws. Infosecurity Magazine reports that United Airlines has also adopted this strategy and has already “awarded millions of frequent flier miles to white-hats.”

For end-users, the best way to stay safe is to keep your software updated. Frequently check for updates to your browser and select “auto-update” wherever possible so that your device always has the latest security patches.

Let us know what you think on Twitter and Facebook. Be sure to check out our Tumblr for the latest industry news stories.

The Rising Cost of Data Breaches

By | August 20th, 2015|Breach, Business Security, Uncategorized|

Earlier this week, Target struck a deal with Visa to reimburse thousands of financial institutions around $67 million dollars for costs resulting from the company’s 2013 data breach. These costs included reissuing credit and debit cards and handling an increased number of customer inquiries. Target is expected to reach a similar deal with MasterCard.

Target’s Visa settlement is an interesting one. Historically, credit card companies and banks have considered reissuing cards and removing fraudulent transactions from consumer accounts a cost of doing business. This mentality is rapidly changing as high-profile, high-impact data breaches continue to occur.

Businesses are finding there is no escaping the increasing threat of data breaches and associated costs. A May 2015 Ponemon study found that the average cost of a data breach increased to $3.8 million this year, up from $3.5 million in 2014. These costs include the obvious ones – IT personnel to address the security flaw that led to the breach, hiring customer service representatives to address customer concerns, costs associated with notifying and providing identity protection to impacted individuals. There are also some not-so-obvious costs like lost revenue, class-action lawsuits and resignation of key employees.

It’s not all doom and gloom for businesses when it comes to data breaches. The same studies that look at the cost of data breaches have also found there are ways to minimize these costs:

  • The Ponemon study found a relationship between how quickly the business identifies and contains the breach and its financial consequences. The longer it takes a company to identity a breach, the more costly it will be to resolve.
  • Ponemon also found that business continuity management plays a key role in reducing the cost of a data breach. Having business continuity management involved in the remediation of the breach can reduce the cost of response by an average of $7.10 per compromised record.
  • Lost customer revenue is often the most severe financial consequence for a breached business. Businesses that plan ahead and have a clear customer response plan in place prior to being breached fare better than businesses that don’t. Identity protection should be a part of any customer response plan.

With the constant influx of new security threats and vulnerabilities, businesses need to be prepared to respond and address these threats and as data breach costs continue to rise, the stakes become even higher. Focusing on security, implementing business continuity management and having a breach response plan in place can take a bit of the edge off the financial sting of a breach.

And We’re Off! SXSW PanelPicker Voting Starts Today

By | August 10th, 2015|Uncategorized|

TSXSWTens of thousands of people descend upon Austin every March for SXSW Interactive – an annual gathering of some of the world’s most passionate techies, new-gadget enthusiasts, and creative problem-solvers. We’ve taken part in the conference for the past several years and are once again hoping to bring our cyber security insight to the stage, but we need your help! Read up on our submissions below. If you want to see the panel at SXSW next March, follow the PanelPicker link and give it the “thumbs up.” All you need is an email address to vote.

Cybersecurity Mythbusting: What’s the Real Deal?
In recent years, the general public opened their eyes to security breaches and privacy concerns as Target and Snowden made headlines for months on end. People are scared and confused and rightfully so. Much of the breach coverage fails to provide consumers with any truly useful information on what to do next to protect their digital identities, stirring panic without resolution. This session will tell you what to really worry about, debunking common cybersecurity myths, and shed light on the tangible steps you can take to keep your identity safe.

Vote here:  http://panelpicker.sxsw.com/vote/51521

Digital Identites: Modern Underground Currencies
How much is a Social Security number worth on the dark web? What about a driver’s license, a credit card number or a health record? Every day, hackers are buying and selling consumers’ stolen data and engaging in a whole world of commerce unseen by those outside of the dark web. They’re raking in hundreds, even thousands of dollars with each transaction. This session will dive into the digital currencies of this underground marketplace and provide an inside look at how transactions take place between cybercriminals through a live demonstration. Our very own Adam Tyler, CIO at CSID, will show how these cybercriminals collaborate and exchange ideas with each other to steal data, and also offer tips for consumers to keep their data safe.

Vote here: http://panelpicker.sxsw.com/vote/50621

Breach Aftermath: Cleaning Up the Mess
There’s a lot of cyber security doom-and-gloom going around these days. In the last few years major corporations and government organizations have suffered from breaches resulting in lost jobs, lost business and a frenzy of activity. For every bit of activity you see in a headline, there is an equal amount of work and response going on behind the scenes. This panel of experts will provide a behind-the-scenes look what happens when a company finds out it’s been breached, from patching up security to making sure those affected are protected. In addition to some interesting insight, attendees will come away with best practices when responding to a breach.

Vote here: http://panelpicker.sxsw.com/vote/51539

Don’t Tweet That! Managing Your Digital Footprint
With each tweet, like, and live stream, we are revealing information about our interests, location, and activities. This is how the world communicates. But are we putting ourselves at risk for identity theft (and more) with every post, share, and like? This engaging session will provide an in-depth analysis of our social media habits and what we share with an audience much larger than our “friends.” After all, 82 percent of the world’s population is online. This session will explore the data we share, security risks, and what consumers can do to help protect and control their digital identities.

Vote here: http://panelpicker.sxsw.com/vote/55907

You have until September 4 to cast your vote and leave any comments or questions for our panelists.  We appreciate your support! Keep up with our SXSW involvement and other company happenings on Facebook, LinkedIn and Twitter.

ABJ’s Profiles in Power Winner: CFO Amanda Nevins

By | August 8th, 2015|Uncategorized|

Profile in Power“Don’t be afraid to shoot for the stars. Sometimes the biggest obstacle is believing in yourself. If you can do that, you will be surprised with what you can achieve, and how others will in turn believe in you as well.”

These are words of wisdom from our CFO, Amanda Nevins. On August 7, Amanda was recognized as one of six Women of Influence in Central Texas by the Austin Business Journal during the publication’s Profiles in Power event. Amanda was selected out of numerous entries and 30 finalists.

To say we are proud of Amanda is an understatement. Amanda has been with CSID for four years and during that time she has had a huge influence on our business and employees. Her extensive professional experience and technical vision has helped CSID achieve several years of growth. She has built a finance team that is unparalleled in Central Texas. We would not be where we are today without Amanda’s expertise, professionalism, passion and guidance.

I know Amanda is also a community leader. She gives her time to professional organizations like SKU, a local accelerator created to help support the success of entrepreneurs and their companies, and non-profit organizations such as LifeWorks.

We are very glad to have Amanda on our team. Her achievements inspire everyone at CSID to continue to strive for greater success.

You can read more about Amanda and the other Profiles in Power winners and finalists in the Austin Business Journal.

Five More Tips To Keep You Secure While Traveling

By | July 23rd, 2015|Uncategorized|

TravelSummer vacation is a time to unwind. But remember, just because you’re taking a break from work, it doesn’t mean identity thieves are. In fact, cyber criminals and identity thieves are always looking for opportunities to strike while the iron is hot. These five rules will help you stay safe this summer (or whatever time of year you are traveling)!

Avoid using public computers.
Using a public computer may seem convenient, but it creates unnecessary risk. You never know what types of malicious software might be installed on a device. A report in the Chicago Tribune says risks include “key-logging software that saves your login details, security updates that are not installed, and no or out-of-date antivirus software.” Just like when using an unsecured Wi-Fi hotspot, never access sensitive websites (like your bank account) while using a public computer.

Alert your card issuer about your travel plans.
This is a proactive step to safeguard your identity. Most card services have great systems in place to alert you to fraudulent purchases. Letting your provider know about your travel plans makes it easier to stop fraud if your wallet is lost or stolen.

Stay on top of your travel budget.
Typically, your spending increases during vacation. And, many find it harder to keep track of spending while they are traveling, where it can be easy to miss suspicious charges. Watch what you spend. Consumer Reports advises, “Check your statements frequently when you return from your trip and report any suspicious charges quickly.”

Be smart about ATM use.
Skimmers, or malicious card reader devices, are becoming more and more advanced. Whenever possible, skip ATMs in tourist zones and visit a bank branch to make cash withdrawals. For more about what skimmers look like, check out the series on Krebs on Security.

Password protect your phone.
When your phone is lost or stolen, it’s more than just a huge inconvenience. Smartphones provide access to sensitive PII and account information. A strong password will protect your data until it can be remotely wiped.

For more tips, check out our blog from last summer on this topic. Have any questions, or want to add to the discussion? Let us know on FacebookTwitter or LinkedIn!

Global News Recap: Cybercrime Education Takes Off in the UK

By | July 2nd, 2015|Uncategorized|

Cyber SecurityWe’ve seen some exciting initiatives underway internationally that encourage important cyber security education.

Just this past month a Scottish secondary school implemented a groundbreaking new course on cybercrime that gives students insight into real-world cybercrime cases. The program is the first of its kind and The Daily Record reports that it has attracted widespread attention from police forces and schools around the UK.

Kyle Academy in Ayr offers this ten-week program to first year students that want to learn about cybercrime. “We worked with police to create a Police Scotland Cyber Security Open Badge – much like you would get in the Scouts,” described Scott Hunter, principal computer science teacher at Kyle Academy. “The police supplied us with real case studies – like extortion on the web – so pupils could relate to what goes on rather than me just saying, ‘This is dangerous’. This had a great impact.”

Continuing Scotland’s focus on cybercrime education, Andrew Denholm of The Herald Scotland reports that Police Scotland has recently increased its collaboration with educators to boost young people’s interest in cyber security. These efforts are to combat a decline in student participation in computer science programs.

Martin Beaton, from Edinburgh University’s School of Informatics said, “The subject is withering and we need to establish why the number of pupils taking it and the number of teachers teaching it are in decline when it is such an important growth area.”

Detective Superintendent Stephen Wilson, from Police Scotland, added, “Crime is going down, but cyber crime is on the increase and it is something of which we all need to be aware. We are now seeing businesses of all different sizes being hit by various forms of cyber crime and there is a desperate need for experts in this field in the future.”

Cybercrime educational initiatives aren’t limited to Scotland. Cyber Security Challenge UK, a series of national competitions and learning programs, has also made headlines over the past few months. In a recent competition finale, amateur cyber security enthusiasts raced to stop a simulated cyber-terrorist attack against London City Hall.

“Both government and business need skilled and talented people to feed the demand for better cyber security in the UK,” said Francis Maude, Minister for the Cabinet Office with responsibility for the Cyber Security Strategy and National Cyber Security Programme, whose department was one of the original founders of the Challenge.

“This competition is the biggest and best yet and events like this play an important role in helping provide the next generation of cyber professionals.”

Should other countries create similar programs for students? Will programs like these help foster the next generation of InfoSec professionals? Let us know what you think on Twitter and Facebook. Be sure to check out our Tumblr for the latest industry news stories.

Load More Posts