The Next Frontier: Cybersecurity in Space

By | October 20th, 2016|Industry News|

CSIDResearch organization Chatham House made headlines earlier this month with a new report that calls for a “radical review of cybersecurity in space” and points to the rarely discussed, but increasing threat of satellite attacks. As so much of our world’s infrastructure – including GPS navigation, financial transactions, weather and environmental monitoring – relies on satellite data, it’s important to recognize that satellites and other space assets, just as any piece of technology on Earth, are vulnerable to cyber-attack.

According to the report, such attacks might include jamming, spoofing and hacking attacks on communication networks; target control systems or mission packages; and attacks on ground infrastructure like satellite control centers. There are a few reasons why satellites and space systems may be more vulnerable to attack. Here are some of those key factors listed in the report:

  • The first GPS systems were introduced more than three decades ago and technology is evolving at a rapid pace, making it hard to execute a timely response to space cyber threats. Younger individuals are using space-based and cyber communications in ways that older generations – often times the key decision makers – may not understand the range of threats.
  • Backdoor holes in encryption and otherwise secure control systems.
  • Increasing number of individual satellites and constellations providing an ever-increasing number of entry points.
  • Speed to market compromising important security controls.

The researchers leading this project insist that it will take a concerted and collaborative international effort, made up of “able states and stakeholders within the international space supply chain and insurance industry” to combat these growing threats.

But what can we do as consumers? Just as our day-to-day actions impact our security in the Internet of Things, these actions may also impact our security in space. It’s imperative that we take action to secure our personal data (check out some tips on how to help secure your data in five minutes), business owners educate employees on cyber security best practices, and that manufacturers and developers keep security top-of-mind when bringing new products to market.

Where do you think the future of cyber security in space is headed? Share your thoughts with us on FacebookTwitter or LinkedIn.

News Recap: White House Breach Uncovered

By | October 30th, 2014|Breach, Uncategorized|

News RecapThe story filling headlines this week surrounds a breach of a number of White House computers.

Ellen Nakashima of The Washington Post reported, “Hackers thought to be working for the Russian government breached the unclassified White House computer networks in recent weeks, sources said, resulting in temporary disruptions to some services while cybersecurity teams worked to contain the intrusion.” Nakashima quotes White House Officials saying, “In the course of assessing recent threats, we identified activity of concern on the unclassified Executive Office of the President network… We took immediate measures to evaluate and mitigate the activity… Unfortunately, some of that resulted in the disruption of regular services to users. But people were on it and are dealing with it.” Unfortunately for the US government and other national organizations, this attack is not the first of its kind.

Adrian Diaconescu of Digital Trends commented, “Cyber security is becoming a bigger concern for government organizations around the world. Only weeks after a report surfaced that NATO’s PCs were breached by hackers… Hackers have also breached the White House computer network.” Diaconescu also shared that “White House officials are playing down the impact of security breaches. Reports suggested the latest breach was more of a nuisance than a real threat because no classified data was compromised, and the ‘intrusion’ was quickly contained. However, in the process of suppressing the threat, some network connections were briefly disturbed.”

From national organizations to ordinary citizens, what can be done to protect against threats? What do you make of this news from the White House? Let us know your thoughts on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

News Recap: Sophisticated Cyber Attack Targets Financial Infrastructure

By | August 29th, 2014|Uncategorized|

Financial BreachIn this week’s news, there has been a potential breach of multiple major financial institutions. Experts are analyzing the situation in an effort to provide consumers, businesses and other financial institutions with security solutions.

Paula Mejia of Newsweek reported “hackers have stolen gigabytes of sensitive data from JPMorgan Chase and at least four other banks in a series of complex cyber attacks.” Mejia goes on to say, “In mid-August, a group of hackers broke into the banks’ computer networks using top-shelf malware, then nabbed information such as checking and saving account numbers and deleted records, according to a select few briefed on the attacks.”

Fox Business’s, Adam Samson wrote that the cyber criminals who targeted these financial institutions “were trying to send a poignant message: Even the most secure systems can be infiltrated.” Samson explains that beyond the obvious reasons why financial institutions are such high targets, they are also frequently pinpointed for their ability to thwart a variety of attacks, “including frequent distributed denial-of-service attacks that bring their consumer-facing websites to a crawl.”

Laura Lorenzetti of Fortune attributed this most recent attack, among others, to the considerable political tension around the globe. Specifically this attack by Russian hackers was an effort to “retaliate against U.S. imposed sanctions.” Lorenzetti quotes vice president of security solutions at Radware, Carl Herberger, who stated, “In the world of globalization, we will continue to see that for every real world government action, there will be a cyber reaction.”

What do these financial institutions need to do in order to protect their infrastructures and consumer data? How does a breach like this directly impact consumers and what should they do to protect themselves? Tell us what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

News Recap: Energy Industry Concerned about Cyber Security

By | August 15th, 2014|Uncategorized|

Energy post_081514Government concerns about the nation’s cyber security have been making headlines recently. The latest? It lies in the energy sector, following a number of attacks.

Alan Neuhauser of US News shared the growing concerns of the energy industry: “Cyber security leapt onto the list of the top five concerns for U.S. electric utilities this year, yet fewer than a third say they’re prepared to meet the growing threat of an attack, according to a new survey.” Despite the current lack of preparation, many in the industry are “actively moving forward with the deployment of comprehensive asset protection plans following several high-profile cyber and physical threat events.”

Neuhauser mentioned that a “federal analysis reported by The Wall Street Journal in March showed that if only nine of the country’s 55,000 electrical substations were to go down – whether from mechanical issues or malicious attack – the nation would be plunged into a coast-to-coast blackout. One month later, sniper fire knocked out a substation in San Jose, California.”

Rochelle Nadhiri of Breaking Energy reported on similar concerns impacting natural gas companies around the globe. Nadhiri quotes Senior Consultant for Black & Veatch, Cathy Ransom, saying, “The dependence on key operational and informational technology for natural gas transportation and storage is a key part of the U.S. critical infrastructure supporting both residential and commercial customers. Therefore, it is important that gas technology infrastructure be protected from cyber attacks that could disrupt or damage operations.”

What proactive security measures and practices should companies within the energy industry be taking to defend against possible cyber security threats? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

News Recap: Experts Working To Protect Cars From Cyber Attacks

By | July 25th, 2014|Uncategorized|

Car Cyber AttacksThis week, Reuters released news that security experts Chris Valasek and Charlie Miller plan on displaying an “intrusion prevention device” in a prototype vehicle during August’s Black Hat hacking 2014 conference. This prototype will demonstrate ways to keep vehicles safe from cyber attacks.

The automotive industry is finding that cyber criminals are using vehicles’ electronics to their advantage as the Internet of Things (IoT), or the idea that everyday objects have network connectivity and the ability to send and receive data, continues to evolve. Wil Rockall, director at KPMG’s cyber security practice, explains in Information Security just how cyber criminals are using cyber attacks to put drivers in danger.

“These attacks could potentially allow cyber-attackers to penetrate in-car systems, either using physical interaction or also by seizing control through attacks over the Internet; typically a connected car network has over 50 potential access points for a cyber-attacker now, and this will only increase as the level of technology integrated into the car goes up,” explained Rockall. “Three years ago, criminals sought access to vehicles by stealing the keys, but today three-quarters of cars stolen in London are done so without them, principally through electronic methods. It is important that cyber-attacks do not become physical ones because manufacturers are unable or unwilling to design in security.”

Kaspersky Labs recently analyzed potential attack vectors in vehicles and shared ways in which cyber criminals can attack connected cars. One example of an attack vector includes stolen credentials. These credentials could possibly enable a cyber criminal to “install a mobile app with the same credentials and potentially enable remote services before opening up the car and driving it away.”

The device that security experts Valasek and Miller plan to exhibit at the Black Hat conference costs $150 in electronic parts, Reuters reported, “though the real ‘secret sauce’ is a set of computer algorithms that listen to traffic in a car’s network to understand how things are supposed to work.” Valasek explained that the device has the ability to detect traffic anomalies when an attack occurs and blocks rogue activity.

How can the automotive industry better protect against cyber criminals’ attacks? What other everyday objects or devices are at the risk of being hacked? Tell us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

Keylogging malware on public computers is a growing concern

By | July 23rd, 2014|Uncategorized|

keylogger malwareThis month, the U.S. Secret Service issued a warning about the increasing practice of hackers installing keylogger malware on computers in hotel business centers. The malware captures keys struck by hotel guests that use the computers and then sends that information via email to the malicious hacker. The result – any sensitive information the traveler types in to the computer is compromised.

Hotel systems hold a treasure trove of data, including email addresses and email account logins, card details, even logins to travel and rewards accounts. More importantly, they are more likely to host information related to a government issued ID like a driver’s license or passport, common documents that are referenced when traveling.

While keylogger malware is nothing new, we have seen a huge increase in hotels being targeted by this remote malware. We have seen more than 50 different hotel chains compromised in the past few weeks via our CyberAgent software including a handful of large US-based hotel chains. We’ve also seen the same type of installations at libraries and museums – virtually any environment that offers public access to a computer. Keylogger malware is an opportunistic, low risk and high reward attack method, and anyone using a public computer should be aware the risks.

To avoid being the victim of keylogger software, consider the following:

  • Keyloggers can’t record what isn’t typed. When using a public computer be aware of the accounts you log in to and the information you share. Avoid logging in to high value accounts like your bank account or Amazon account. In instances where logging in to a high value account is unavoidable, change your password when you get home.
  • Speaking of changing your password, it is generally a good practice to update your passwords frequently. This practice alone will hamper most keylogging attacks.
  • Assume that anything you do on a public computer will be recorded and used by others. Follow this advice and you should be okay.

Facebook’s Acquisition of Oculus VR: Next Evolution of Social and Security

By | May 20th, 2014|Uncategorized|

Oculus VRFacebook’s bold buy of Oculus VR in late March made a statement that virtual realities have a future in the social space, and companies like Sony, Microsoft, Google and others are taking note. Virtual realities have been around for decades, but have yet to materialize beyond the world of gamers. The big question rests with Facebook: how will they use Oculus VR to bring life to the 1s and 0s that make up our digital profiles?

This next evolution in technology has the potential to make virtual realities accessible to consumers through Facebook, fostering stronger online interactions in a new online world. In past, gamers used nicknames and virtual aliases to connect with others. For social experiences, users do not rely on anonymity, but rather tie their social profiles to their identity. As a result, consumers need to be more aware than ever before with the risks associated with this new technology.

The expansion of virtual realities brings new evolutions to the methods of cyber attacks. Identity thieves are constantly adapting to the changing technological infrastructure, and social networks have made it easier for cyber criminals to collect your personal information. In addition, children have been found to be more easily attacked online, and this new online world will only increase their chances of becoming victims of cybercrimes as it becomes more adopted. Now, the need for identity management resources is more important than ever—and at CSID, it is our job to stay on top of cyber crimes. For advice on how consumers, parents and even companies, can protect their sensitive information online and off, check out our white papers, Managing Online Reputation in a Digital World and Child Identity Theft: A Parenting Blind Spot.

As always, tell us what you think about Oculus VR and the future of virtual realities on Facebook and Twitter, and stay up-to-date on the latest security news on our Tumblr feed.

News Recap: Interactive Cyberthreat Map by the Kaspersky Lab

By | April 11th, 2014|Uncategorized|

MapWhile many dedicate their careers to spreading the word about cyber security, this week’s news about the Heartbleed vulnerability has put cyber security in the spotlight, giving the world a new found perspective on just how susceptible the Internet can be.

Farhad Manjoo of The New York Times said “the bug known as Heartbleed… is a stark reminder that the Internet is still in its youth, and vulnerable to all sorts of unseen dangers, including simple human error.” He compares the technology industry with other industries that saw rapid growth, but remarks that the tech industry is ultimately unique and will require additional efforts beyond regulation and industry-wide cooperation. Computer security expert at Princeton University Edward Felten believes that “Heartbleed is further evidence that we don’t have our house in order when it comes to Internet security.”

Help Net Security further discussed the global threat by sharing an interactive map released by the Kaspersky Lab. The interactive cyberthreat map visualizes cyber security incidents occurring worldwide in real time. Help Net Security showed how the map detects and monitors a variety of malicious objects across the web, and comments, “In today’s world of cyberthreats, it only takes a few minutes to spread new malicious applications or spam.”

CNET’s Leslie Katz explained how the interactive map works:

“You spin the 3D globe using a mouse and zoom in or out with a scroll wheel. Click on a country, and you’ll see the number and type of threats detected there since 12 a.m. GMT and the position that nation holds on the world’s “most-infected” list… Different types of threats tracked by the Kaspersky Antivirus and Internet Security Multi Device software shoot around the map like colored lasers. Viruses found in email appear as orange, for example, and yellow represents malicious executable files.”

Does this interactive map help consumers visualize how fast threats move across the globe? How can businesses use this interactive map for security purposes? Tell us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

Combating Cyberterrorism with Cyber Security

By | March 5th, 2014|Uncategorized|

Ginger Guest PostThis guest blog post comes from Ginger Hill, associate content editor at and Security Products magazine.

As I sat in the classroom at GovSec West 2013 listening to Jeff Snyder, VP of cyber programs at Raytheon, talk about cyber threats and remediation, I quickly learned that we have no global laws to fight cyberterrorism. With the eroding economic viability of America, cyber threats are increasingly targeting critical infrastructures and major systems. The cyber criminal’s mentality is: why invent when you can simply steal?

According to Snyder, China is the number one threat when it comes to cyberterrorism as they have 1-2 million making up their human capital. With such a large number of people, China can carry out their cyber threats, making them into a “cyber reality.”

During his presentation, Snyder frequently brought up the term “cyber resiliency” as an essential part of any security strategy – on a personal, business or national level – to thwart cyberterrorism. Being able to take the hit from cyber terrorists without destroying your entire system and quickly recovering is the key strategy to fighting back. But how do we accomplish such a feat?

I’m going to take the viewpoint of a business and work in suggestions to develop your own personal cyber security plan.

The 3-Pronged Approach to Cyber Security

Dealing with cyber terrorists and cyberterrorism takes a thoroughly thought-out and developed plan, and the willingness to take immediate action, preferably before a terrorist event takes place. The following is a simplistic approach to cyber security:

  1. Do whatever it takes to protect the infrastructure.
  2. Invest to protect your products.
  3. Protect your clients, including their personal data.

Be sure that your infrastructure, whether that is your personal computer, social media and online accounts or the multibillion-dollar waterworks station is protected. Start small. Make sure that all passwords are strong by incorporating capital and lower case letters, numbers and symbols in unlikely combinations. Invest in products that increase system security, like malware protection and virus detection, and use encryption to help protect your client’s personal information.

Taking security to a higher level, consider hiring an ethical hacker to attempt to gain access to your system, and patch any vulnerability immediately. Also consider insider threat monitoring to identify behaviors and anomalies with your system and to help meet human capital demands. It takes a lot of people to adequately protect an organization, just as it takes a large number of people to complete a cyber attack. Therefore, think like a cyber terrorist to beat them at their own game. They use technologies to achieve their terrorist goals, so follow suit and use ethical technologies to battle against their unethical acts and spread security as far as possible within your organization.

Surviving Cyberterrorism

Fighting back against highly sophisticated, intelligent cyber terrorists seems to be a no-win situation, but with the proper technologies, experts and the willingness to respond, exploitation can be minimized.

The following steps teach you exactly what to do before, during and after a cyberterrorism attack.

  1. Anticipate cyber attacks: The question is not if cyber terrorists are going to attack, it’s when. Think about prevention strategies and what you can do now. Do not wait until you are attacked to do something about it because it will be too late.
  2. Respond immediately to enhance business continuity: When attacked, the goal is to keep the business functioning as a cohesive unit at all times. This is possible if you have established your security plan and have practiced what to do before an attack rears its ugly head.
  3. Monitor all systems in real time: Invest in technologies and experts to monitor your systems 24 hours a day, 7 days a week, 365 days a year.
  4. Evolve: Never stop learning ways to survive cyber attacks, and always use each cyber attack as an educational tool to enhance your overall security plan.

Cyberterrorism is a 24/7, 365 days-a-year giant that never sleeps; it doesn’t need to eat and it never stops preying. Developing a multifaceted, layered approach to fight against this giant will minimize exploitation of vulnerabilities, allowing people, organizations and the nation to sleep a little easier at night.

Security Insights: 93% of large organizations had a security breach last year

By | January 13th, 2014|Uncategorized|

Security-BreachIn an article from Naked Security by Lee Munson: A new survey commissioned by the UK Government’s Department for Business Innovation and Skills (BIS) has revealed the scare of cyber attacks on UK companies. The 2013 Information Security Breaches Survey, which collected data from 1,402 respondents, presented results for large organizations (in excess of 250 employees) and small firms (less than 50 members of staff).

One of the key findings of the report was the level of attacks sustained by businesses – with breaches reaching record levels. The survey discovered that 93% of large organizations experienced a security breach last year, a figure that is broadly in line with 2012 reports. Smaller businesses, however, saw a marked increase in the number of attacks levied against them. Some 87% of smaller firms reported experiencing a data breach last year, which is up significantly from 76% the previous year.

Average of 113 security breaches:

The number of security breaches within each of the affected companies also showed a sharp increase too. Larger companies experienced an average of 113 breaches and smaller firms reported 17 such incidents, an increase across the board of almost 50% in one year.

The survey determined that the attacks faced by businesses over the last year came from both outside and inside the organization.

A whopping 78% of large organizations reported attacks from outsiders over the last year with 39% of those incidents being denial of service attacks. Smaller companies fared slightly better in both regards with 63% reporting outside attacks. The number of smaller firms that experienced a DoS attack was 23%.

The survey respondents did not just experience random attacks though – 14% of larger businesses reported the theft of confidential data or intellectual property by external attackers, while 9% of smaller firms experienced such losses too.

36% of the worst breaches down to human error:

Insider threats also pose a risk to organizations through. The survey found that technology, people and processes were to blame in several cases. Of the worst security breaches during the year, 36% were attributed to human error. Alarmingly, an additional 10% of the reported security breaches were pinned on staff and their misuse of systems.

On a more positive note the survey discovered that attitudes towards information security are generally good and continually improving too.

The survey found that 76% of larger organizations believe that senior management places a high level of priority on information security. Interestingly, smaller firms were better, with 83% placing a strong emphasis on security.

Another contributory factor with regards to internal breaches could be a lack of staff training. Survey respondents indicated that many large organizations only prioritized training after a breach. At the time of the induction 10% of new staff were given no security training whatsoever and 42% of large firms failed to employ any kind of ongoing training in terms of security awareness.

Larger organizations expect to spend more next year in customer data protection and compliance, but just how much a business spends on security seems highly depended on the outlook of senior members of the management team.

The survey ends by saying that the majority of firms believe that the number of security breaches newt year is likely to be higher. As per this year, attacks are expected in every industry though the public sector and financial services showed more concern than other sectors.

Source: Naked Security

How to protect yourself from a breach:

As an employee, you have a crucial role in the security of your company whether you realize it or not. A company cannot be secure without the help of every single employee. Below are some tips that you can follow in order to help your company avoid a security breach:

  • Stay informed
  • If you do not understand or are not sure, ask
  • Follow your companies password policies
    • Do not reuse passwords
    • Do not write down passwords
    • Do not share passwords under any circumstance
    • Create strong passwords consisting of the following:
    • NEVER use passwords less than 8 characters
    • Reset your password as prompted every 90 days
  • Ensure proper validation of one’s identity is obtained before releasing ANY data
  • Follow your companies Clean Desk Policy
  • Only browse websites to fulfill your job duties
  • If something seems “shady” it probably is
  • Do not submit confidential data on insecure HTTP websites
  • NEVER enter confidential data on a pop-up screen
  • Pay attention to your web browser warnings
  • Report suspicious activity to the Information Security Officer

– Kristin Badgett, CSID Information Security Officer

What steps are you taking to help your company avoid a data breach? Let us know on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

Load More Posts