CSID at SXSW 2017

By | February 24th, 2017|Uncategorized|

CSIDEvery year, hundreds of thousands of people come to Austin to attend South by Southwest. This technology, film, and music conference and festival brings together some of the brightest minds in innovation from around the world. We’re looking forward to another opportunity to weigh in to the conversation and will be participating in a range of security-focused sessions at this year’s event, which kicks off March 10.

CSID will be hosting a workshop and a solo session at the conference to share our expertise on two topics that have become increasingly prevalent in today’s cybersecurity climate. CSID’s very own Joel Lang will be co-hosting a breach response workshop and giving participants the hands-on opportunity to learn best practices in risk mitigation and breach response through a live simulation. This interactive workshop will take place at 9:30am on March 11 at the Westin Austin Downtown in Continental 2. Don’t forget to RSVP to this workshop. To RSVP, you must sign into your SXSW account and have your badge linked to your account on social.

Additionally, our Chief Innovation Officer, Adam Tyler, will be speaking about the new face of cyber crime, showcasing through a live demonstration how younger individuals get involved in cyber crime, and how consumers can help defend against growing threats. You can catch Adam’s session at 3:30pm on March 15 at the JW Marriott in Salon 7.

If you’re attending SXSW, we’d love to see you at our sessions. Check out some of our other top picks below that are sure to offer unique insights into the latest threats and opportunities in the security landscape. Unable to attend this year’s conference? You can join the conversation at @csidentity where we’ll be on-site and live tweeting from our panels and other sessions throughout SXSW.

The Future of You: Identity Tomorrow
Saturday, March 11, 11:00 am, JW Marriott, Salon 8
In the future, your digital ID may replace all your current forms of identification. These ID experts discuss the current state of web identity from business to consumer, and dig into the important advancements that are being made to build your future identity. Who will own your ID in the future? Why will it become so important for your future digital existence? Is the future of ID centralized and managed by governments, or distributed and trust-less like block chain? What do you need to know to protect yourself in this new digital Domain?

A New Normal: User Security in an Insecure World
Monday, March 13, 3:30 pm, JW Marriott, Salon D
Online security is becoming a game of Whack-a-Mole, where one threat is contained while another emerges; where a credential dump of millions of users is yet another note in a chorus of breaches. Today, complete security is somewhat of a pipe dream. Given this new normal, how do we keep our information as secure as possible? This diverse panel will navigate the evolving challenges to online security and question conventional wisdom around security across industry and sector–to understand the economics of a seemingly chaotic online world and to illuminate unexpected trends.

Connected Cities, Hackable Streets
Tuesday, March 14, 12:30 pm, JW Marriott, Salon 6
In cities around the world, street lights, public transit systems, and electric meters are already connected to the Internet. Soon, smartphone controlled, self-driving cars will roam cities and every part of the urban fabric could be Wi-Fi enabled. While tomorrow’s smart cities will usher in efficiencies and convenience, they’ll also bring about security threats and vulnerabilities. Hackers have already demonstrated they can remotely take over cars and switch off traffic lights. So, how can urban planners and engineers build cities of the future that are resilient enough to guard against cunning criminal hackers who may want to bring Singapore or San Francisco to a grinding halt?

Biotechnology Needs a Security Update
Wednesday, March 15, 12:30 pm, JW Marriott, Salon 6
Great leaps forward in biotechnology have made the IT-based manipulation of life increasingly easy. To many, biotech offers unparalleled opportunities to reshape our world and ourselves. To others, it poses significant threats. As human systems are better understood and life becomes more programmable with CRISPR and other technologies, governments need to prepare for a new age of biosecurity. Join experts from industry, FBI, and academia who work with hackers, sociologists and politicians to tackle the security challenges of the emerging bioeconomy. Explore real opportunities and threat profiles of modern and future biotech, and why life on earth may soon need a security update.

SXSW 2017 is sure to be full of enlightening conversations and ideas. In our new Firewall Chats bonus episode, we take a deep dive into a handful of SXSW sessions and their application in the current cybersecurity landscape. As always, feel free to join the conversation on Facebook, Twitter, or LinkedIn.

How the Election May Affect Cybersecurity for Consumers

By | November 16th, 2016|Industry News|

CSIDRegardless of where you stand politically, one thing we can all agree on is that the topic of cybersecurity took a prominent role in this year’s presidential elections – from concerns around hacks at polling sites to alleged cyber-attacks against the candidates themselves. Now that the election period has come to a close, the outcome will undoubtedly have implications for consumers, as several cybersecurity policies and practices come under discussion and key legislative decisions are made.

In 2016, we saw key moves from the White House, including the introduction of the Cybersecurity National Action Plan (CNAP), a plan seven years in the making which takes near-term actions and puts in place a long-term strategy to enhance cybersecurity awareness and protections, and empower Americans to take better control of their digital security. As cybersecurity continues to garner growing national attention, we can expect it to remain a popular topic of conversation and influence decisions being made in 2017 and beyond.

We’re still in the early stages of learning about President-elect Trump’s plans for cybersecurity beyond the vision expressed on his campaign website, which includes the establishment of a Cyber Review Team and Joint Task Forces. Trump’s 100 Day Action Plan, the roadmap of priorities for his incoming administration, also promises to work with Congress to establish a “Restoring National Security Act,” a provision of which would go towards protecting the country’s infrastructure from cyber attacks. Trump has also promised a federal hiring freeze and a new requirement that two federal regulations be eliminated for every new regulation. If enacted, both of these policies could potentially impact existing cybersecurity regulations like the CNAP.

On the financial side, consumers could also be impacted by his promised reforms to the Dodd-Frank Act. Part of that act established the Consumer Financial Protection Bureau, a government organization that educates consumers on financial risks including identity theft and fraud.

As we learn more, it’s imperative that consumers understand the role they play in staying secure, regardless of policy decisions made at the state and federal levels. It’s the responsibility of all consumers and businesses nationwide to keep cybersecurity top-of-mind and take the necessary proactive steps to help safeguard their personal information. Here are some steps you can take – in five minutes or less – to up your personal security:

  • Turn on two-factor authentication (2FA) on your online email and financial accounts: By making the login process harder and more complex through incorporating this additional step, 2FA provides an extra layer of security for you against attackers.
  • Create long, strong and unique passwords: Take a few minutes to ensure all of your passwords include a long and cryptic combination of upper and lowercase letters, numbers, and special characters. Also avoid using easy-to-guess passwords, like your name, birthday, or pet’s name, and be sure to use unique passwords across accounts.
  • Opt-in to automatic updates: Software updates almost always address security vulnerabilities. Keeping your system updated with the latest software means you have the latest patches to defend against threats.
  • Check your privacy settings on social: Social platforms are constantly updating their security and privacy policies, with new features like 2FA that can help keep your information secure. Stay up to date with these policies to make sure you’re taking advantage of all security features.

Have more tips to share? Weigh in with us on Facebook, Twitter and LinkedIn.

The Next Frontier: Cybersecurity in Space

By | October 20th, 2016|Industry News|

CSIDResearch organization Chatham House made headlines earlier this month with a new report that calls for a “radical review of cybersecurity in space” and points to the rarely discussed, but increasing threat of satellite attacks. As so much of our world’s infrastructure – including GPS navigation, financial transactions, weather and environmental monitoring – relies on satellite data, it’s important to recognize that satellites and other space assets, just as any piece of technology on Earth, are vulnerable to cyber-attack.

According to the report, such attacks might include jamming, spoofing and hacking attacks on communication networks; target control systems or mission packages; and attacks on ground infrastructure like satellite control centers. There are a few reasons why satellites and space systems may be more vulnerable to attack. Here are some of those key factors listed in the report:

  • The first GPS systems were introduced more than three decades ago and technology is evolving at a rapid pace, making it hard to execute a timely response to space cyber threats. Younger individuals are using space-based and cyber communications in ways that older generations – often times the key decision makers – may not understand the range of threats.
  • Backdoor holes in encryption and otherwise secure control systems.
  • Increasing number of individual satellites and constellations providing an ever-increasing number of entry points.
  • Speed to market compromising important security controls.

The researchers leading this project insist that it will take a concerted and collaborative international effort, made up of “able states and stakeholders within the international space supply chain and insurance industry” to combat these growing threats.

But what can we do as consumers? Just as our day-to-day actions impact our security in the Internet of Things, these actions may also impact our security in space. It’s imperative that we take action to secure our personal data (check out some tips on how to help secure your data in five minutes), business owners educate employees on cyber security best practices, and that manufacturers and developers keep security top-of-mind when bringing new products to market.

Where do you think the future of cyber security in space is headed? Share your thoughts with us on FacebookTwitter or LinkedIn.

All Eyes on Encryption: Facebook Steps Up Its Game

By | October 13th, 2016|Industry News|

CSIDMore than 900 million people around the world use Facebook’s Messenger app to communicate with friends and family while on the go. The mobile messenger app is a way for users to communicate privately, but until recently, there hasn’t been much public information available around how Facebook is ensuring these messages are kept private and secure.

Recently, Facebook announced that the company is offering encrypted messaging technology to mobile users worldwide in a feature it’s calling “Secret Conversations.” Facebook’s users can opt in to send messages that no one – including Facebook, the government, or intelligence agencies – will be able to read, using Signal Protocol for end-to-end encryption.

This is a big move for Facebook and for social media overall. While other apps like WhatsApp provide encrypted messages, many major social platforms do not. There is the possibility of identity theft via social media, particularly for users who aren’t selective with what they post. Having an additional layer of privacy in messaging could potentially reduce the risk of an attack.

However, in America, as more messaging services offer the ability to encrypt messages, the mindset could shift from whether encryption should be an option to whether it should be the default setting. On Facebook’s Secret Conversations, it’s currently not the default setting. Unless users opt in to the service, their messages will remain unencrypted, and each messaging chain must be selected. In other words, users must actively select which messages they wish to remain private. It’s a similar strategy to Google’s messaging app Allo, which also offers opt-in messaging encryption.

While Facebook Messenger’s new encryption feature is welcome news to privacy advocates in the United States, people in other countries may find themselves in a precarious position. Facebook is a global company, reaching nations across the world. Some of those countries have strict privacy laws, which would interfere with what Facebook is trying to do in offering encryption for all of its global users. Facebook has seen this controversy before when its WhatsApp property made international headlines.

For now, it’ll be interesting to see how many users utilize Secret Conversations. Infrequent or non-technical users may never even be aware of its existence, while others may worry that activating encryption could drive unwanted attention their way. While the messages themselves will be encrypted, the metadata won’t be, so those outside the conversation can see who is messaging each other, and how often they’re doing so.

Will you take advantage of this new encryption feature on Facebook Messenger? Do you use any other apps that offer encryption? Join the conversation and stay up to date on the latest cybersecurity news by following CSID on FacebookTwitter or LinkedIn.

Cybersecurity Tips for Working Remotely

By | September 16th, 2016|Business Security|

CSIDFor 3.7 million Americans, waking up and logging onto a computer from the comfort of their home marks the start to their workday. According to Global Workplace Analytics’ 2016 study, 50 percent of the US workforce is now permitted the luxury to partially telework during the workweek. This trend continues to edge toward the norm. In fact, the ability to work remotely, for the greater, non-self-employed population, has grown 103 percent since 2005.

While more opportunities to work remotely may reflect the emerging modern workplace, there are several factors employers and employees should weigh and discuss to ensure security is top of mind.

If your job allows employees to work remotely, consider the following:

Employees: Protect Your Home

  • Use strong, cryptic passwords on all of your work and personal accounts. Resist the urge to duplicate passwords.
  • Use two-factor authentication whenever offered for both work and personal accounts.
  • Personal and work devices should be equipped with the latest antivirus software, web filtering, firewalls, and encryption. Always make sure your devices and software have the most up-to-date versions to help safeguard information.
  • Work with your company’s IT department to set up a virtual private network, or VPN, to add another layer of security to your home’s internet.

Employees: Working Elsewhere

  • Employees should keep personal and work devices password protected in the event they are stolen or misplaced.
  • Avoid accessing sensitive company accounts on public Wi-Fi or unsecured networks. Public Wi-Fi can increase the risks of signal sniffing and compromise personal accounts, as well as professional networks. Many hackers set up accounts that mimic the names of frequented locations, hoping to steal from unknowing users. Consider using a VPN to access company data, or using your cell phone as a hotspot.
  • Be aware of your surroundings. Consider a screen protector and make sure sensitive calls are made in private.

Employers: Create a Cybersecurity Policy for All Employees
To help foster a conversation and environment committed to cybersecurity, organizations should create a cybersecurity policy and make staff training and security education a priority. In a recent episode of Firewall Chats, Michael Kaiser, executive director at the National Cyber Security Alliance, discussed creating a culture of cybersecurity at work.

“[Policies need] to be reinforced,” Kaiser said. “It can’t be a one and done kind of thing. It has to really be periodic. … Reminding people of the value of the information that an organization holds and the responsibility they have to protect it. When people give you their information, they expect you to protect it.”

To create a cybersecurity policy:

  • First, identify the security risks and threats that may affect your business
  • Develop clear policies and procedures for all employees, whether on-site or off-site
  • Train all employees on your new (or existing) cybersecurity policies
  • Create and maintain a process to help reward policy followers and address offenders
  • Define and address third party and vendor risks
  • Work closely with your IT department to detect and address unauthorized activity

Creating a culture of cybersecurity will help safeguard employees and company data, regardless of where they work. Employees, do you have the ability to work remotely? Are you aware of the security steps needed to help keep your company safe? Share your experiences on Facebook, Twitter and LinkedIn.

 

News Recap: Millennials and Cybersecurity

By | August 11th, 2016|Industry News|

cybersecurityThis week, we’re talking about one of the most important topics in cybersecurity: the global cybersecurity professional gap and how computer-savvy millennials can help to fill it. Here’s a quick recap of the news surrounding this important issue, including research from our friends over at the National Cyber Security Alliance (NCSA).

The Cybersecurity Professional Gap
Today’s interconnected world creates greater opportunities for cyber attacks. As a result, the demand for cybersecurity professionals has grown enormously. Unfortunately, there are not enough qualified professionals to meet that demand. A study from Raytheon found that 79% of businesses in the U.S. experienced a recent cybersecurity incident, but 82% are unable to fill their open IT jobs. The study also found that while there are only 65,362 Certified Information Security Professionals (CISSP) in the U.S., companies posted almost 50,000 job requests for CISSP holders.

The consequences of this gap are already being felt. NCSA explains that without the proper security team, organizations are exposed to a greater risk for loss in profitability, brand reputation and intellectual property. According to a report from Intel Security, 71% of those who participated say they are already seeing quantifiable damage to their organizations. Current cybersecurity professionals are more likely to experience burnout, and their limited time is often spent responding to pressing cyber incidents rather than defending against them in the first place.

Can Millennials Fill The Gap?
Organizations and governmental task forces globally are hoping millennials can start to fill the deficit. However, lack of awareness is still a huge barrier. The Raytheon study found that 52% of millennial women and 39% of millennial men say they were never made aware of computer science programs in school. Additionally, 77% of young women in the U.S. say no high school guidance or career counselor talked about cybersecurity as a career, and 67% of men said the same.

Fortunately, it’s not too late for the millennial generation to correct the problem. The same Raytheon study also found that 40% of survey respondents were interested in learning more about careers in security. While millennials already in the workforce may have a more difficult time switching career fields, helpful Quora users have shared some tips on how people can begin to educate themselves. Additionally, the current pool of late millennials and college students are great candidates to begin training in the cybersecurity market.

Join the conversation and stay up to date on cybersecurity news by following CSID on FacebookTwitter or LinkedIn.

Say “I Do” to Safe Digital Wedding Etiquette

By | July 15th, 2016|Online Safety|

CSIDThere’s no doubt about it, wedding season is fully upon us. Between brides researching vendors on their mobile phones and excited guests eager to share the official hashtag, wedding planning and participation is becoming increasingly digital.

While technology may bring more convenience to the planning process, nothing ruins a honeymoon quite like a case of identity theft or fraud. In the spirit of staying safe during wedding season, our friends at the National Cybersecurity Alliance and STOP.THINK.CONNECT recently shared some helpful tips that brides, and everyone for that matter, should vow to follow. Here’s a recap of a few we feel especially strongly about:

  • Make passwords long and strong: If you’re planning your special day, chances are you’re dealing with a number of online vendors. Remember to make passwords complex, using at least 12 characters with a combination of upper and lowercase letters and symbols. Be sure to use unique passwords for each account. If two-factor authentication is available, take advantage of this extra layer of security.
  • Resist the urge to share your honeymoon pictures on social: This is something we’ve discussed before on the blog, but sharing photos while you’re on vacation can alert criminals that you are away from home. Avoid the stress of hearing about a break-in while you’re on the beach, and wait to share pictures until you return. Also consider turning off location services on your mobile devices when not in use.
  • Avoid using public Wi-Fi hotspots: Whether you’re at the airport, hotel, or hopping around cafés, avoid connecting to public Wi-Fi, especially while making purchases or accessing sensitive websites like your bank account. Using public Wi-Fi can significantly increase the risk of signal sniffing and identity theft. The convenience is not worth the security trade-off. Consider a VPN if you’re looking to connect securely on the go.

Are you taking the plunge and committing to safe digital practices? We’d love to hear from you. Join the conversation on FacebookTwitter and LinkedIn and be sure to check out the full list of tips for digital bliss from our friends at the National Cybersecurity Alliance and STOP.THINK.CONNECT.

Cybersecurity in 2016: Reflections on the First Half of 2016

By | June 30th, 2016|Data Breaches, Industry News|

CSIDWith July just around the corner, it’s hard to believe we’re already halfway through 2016. Throughout the last six months we’ve seen some major cyber security incidents make headlines. According to the Identity Theft Resource Center, since January 1, 2016, there have been a staggering 500 breaches, with over 12.8 million records exposed. The breaches span the verticals of financial services, business, education, government/military, and government/healthcare. If things continue tracking this way, we may very well surpass last year’s total of 780 breaches.

The heaviest hit sector this year was the business sector, coming in at 46.5% of all breaches. Some of the bigger breaches in this category were caused by phishing attacks. In one case, a scammer impersonated the company’s chief executive officer and asked for employee payroll information. The email was not recognized as a scam and as a result, personal information about some current and former employees was disclosed.

This underscores something we have stressed time and time again on this blog: the importance of education at the business and consumer levels. While cyber criminals continue to develop new skills, we’re seeing the same techniques being used in attacks. According to Gartner’s recently-released security predictions, “through 2020, 99% of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year.”

The good news about this is that protecting our identities is largely in our hands. By creating long, strong and unique passwords across accounts, being careful about what and where we click, keeping an eye on any suspicious activity, and enlisting the help of a third-party monitoring service, we can stay one step ahead of cyber criminals.

When it comes to reversing the trend of growing breaches, we all play a role. How are you committing to safe cyber practices for the rest of 2016? Share with us on FacebookTwitter and LinkedIn.

Firewall Chats, S. 2, Ep. 5: Creating a Culture of Cybersecurity at Work

By | April 12th, 2016|Firewall Chats|

CSIDThis April, the National Cyber Security Alliance is encouraging consumers and business owners to make time for digital spring cleaning. Each week is dedicated to highlighting tips to help secure our most sensitive data.

It’s important to make cybersecurity a priority in your personal life, as well as work. Small businesses are frequently targeted by cyber criminals, as many do not have policies and procedures in place to guard them from such an attack.

In a recent survey, eight out of 10 small business owners said they do not have a cyber attack response plan in place, even though the majority (63 percent) of these businesses have been a victim of at least one type of cyber attack.

For insights into the “dos and don’ts” of creating open cybersecurity, we sat down with Michael Kaiser, executive director at the National Cyber Security Alliance. The first thing small business owners need to do is understand the risk is serious.

“Don’t think it won’t happen to you,” Kaiser said. “Don’t think that what you have is not valuable to a cybercriminal.”

Companies need to be very aware of the safety and security necessary to keep information and work devices safe from malicious threats and human error.

“It has to be a commitment from the top of an organization for people to take cyber security seriously,” Kaiser said. “Everyone plays a role in that. … Leadership sets the tone about the importance of protecting the company’s assets, and also the personal information of their customers, clients, [and employees].”

For businesses just adopting cybersecurity best practices, Kaiser mentions starting with password reminders, policies that fit the size of your organization, and creating a conversation.

“[You can start with] getting people together in a conference room and talking about cybersecurity and what they need to do, and what your policies are,” he said.

If you are part of a large organization, invest time into policies and employee trainings around phishing emails and “Bring Your Own Device” best practices. Revisit the conversation often.

“It has to be reinforced,” Kaiser said. “It can’t be a one and done kind of thing. It has to really be periodic. … Reminding people of the value of the information that an organization holds and the responsibility they have to protect it. When people give you their information, they expect you to protect it.”

It’s important to empower coworkers to protect data. Set rules and responsibilities, and let employees know they are being entrusted with the data of consumers and other employees.

Leadership should also have cybersecurity procedures in place, should a breach occur.

“At the end of the day, cybersecurity is about resistance but it’s also about resilience,” Kaiser said. “It’s about how fast you can come back if you are attacked.”

Listen to the entire episode here: www.CSID.com/FirewallChats. And let us know your feedback on our Firewall Chats Twitter and Facebook.

Save the Date: Our next episode will air on Tuesday, April 26, and will explore medical identity theft.

Cybersecurity Took Center Stage at SXSW 2016

By | March 24th, 2016|Industry News|

SXSWWe’re just about a quarter of the way through 2016, and we’ve already seen some cybersecurity trends taking shape. We presented at South by Southwest Interactive earlier this month, participating in and engaging with some of the biggest technology conversations from around the world. If you missed any of our panels, be sure to check out our recent recap.

While we were excited to present, we were just as excited to attend some of the other sessions diving into the latest in this space at SXSW. The conference further stressed what we already know: There are plenty of things to keep an eye out for as we continue into 2016 and beyond.

The Balance of National Security and Consumer Privacy
Apple made headlines earlier this year in the wake of the San Bernardino tragedy, declining to build a new, custom version of its iOS to help unlock one of the shooters’ phones. This triggered a debate on consumer privacy in the name of national security, and during his SXSW Interactive keynote speech, President Barack Obama addressed the fine line between the two.

He wasn’t the only one. Passcode participated in a number of panels on the subject. In fact, cryptologist Matt Blaze suggested it’s a lot more complex than just security versus privacy. Encryption simply isn’t widespread enough – and isn’t 100 percent foolproof – to ensure complete consumer privacy. “We are in what can only be described charitably as a cybersecurity crisis,” Blaze said, stating that his field still has a long way to go.

Defining a Company’s Role in Society
While most tech enthusiasts applauded Apple for their steadfast stance, not everyone felt they were completely innocent. Stewart Baker, former general counsel for the National Security Agency, believes Apple “isn’t being socially responsible” on the subject of encryption. He went so far as to suggest that if a company is profiting from the privacy benefits it offers, then it should have to take on a portion of the costs in fighting crimes.

“How about letting victims of crimes that have not been solved because of encryption sue Apple for damages?” Baker said.

Blaze added that weakening encryption systems will actually hurt the government’s ability to pursue criminals. “It’s a fundamental problem of computing,” he said. “If those systems aren’t as strong, they’re easier to infiltrate.”

Companies nowhere near the size of Apple can still create a better security culture. “You can’t iterate the trust your users have in you,” said Heather West, senior policy manager at Mozilla during a SXSW talk. In essence, consumers are happy to give up more data if they feel secure in your presence, but if that trust ever disappears, it’s nearly impossible to get it back.

Staying Secure Among Robots and the Internet of Things
Writer Kevin Kelly spoke at a panel about the trends in software, robotics and data. While there’s certainly some concern in the general public about robots taking over, Kelly urged us to focus on using robotics for good, as in the case of self-driving cars whose only knowledge is how to get passengers to their destinations safe and sound.

With wearables and the IoT continuing to expand, we’re seeing progress in a number of fields that can enhance our quality of life: IEEE Spectrum has done research into brain prosthetics to help restore memory, and graphene wristbands that not only monitor blood sugar levels, but also correct them.

At one panel, Intel’s vice president of law and policy Ruby Zefo said she recently was notified that her home’s temperature could be adjusted based on who was currently inside of it. The technology would determine the home’s occupants via location services in their mobile devices. Sure, it’s convenient, and could even save money by turning off the heat and air conditioning when no one was home. But Zefo opted not to give up that personal data, and suggested everyone at least consider what information they provide. “You’ve got to be a wise consumer,” she said. “If you have zero privacy, you should get over it, because you did it to yourself.”

SXSW was full of great conversations, and it’s interesting to see where things are headed in the coming months and years. We’ll be weighing in on these trends and more this year, be sure to follow us on Facebook, Twitter and LinkedIn.

Load More Posts