Monthly Archives: January 2018

War room to boardroom: The new era of cybersecurity

The audit is one step in the process. Once the risks have been identified have been addressed, IT Security policy written, risk management standards set and people trained, you can feel confident that probability of a breach has been significantly reduced. Read on to learn how pertinent this is even from a national security perspective.

Facebook’s hire of its first-ever head of cybersecurity policy is recognition that protecting corporations from foreign hacking is an increasingly serious matter. Sophisticated cyber threats presented by state-sponsored actors have long challenged sensitive United States government computer networks. What’s new — as Facebook’s move indicates — is that these complex state-sponsored cyber attacks are now also threatening America’s leading companies to a larger extent than ever.

The resources, skill, and complexity posed by hackers managed by Russian intelligence agencies, for instance, far surpass the motivations and abilities of typical cybercriminals. In this new era, U.S. companies must bolster their defenses and leverage advanced cyber tools designed to stop state-sponsored attacks. The mounting threat against American commerce — the bread and butter of America — must be addressed. It’s not business as usual anymore.

While Russia is not the only state engaging in these activities, its cyber operations are relatively known. Unable to dominate in conventional military terms, Russia views cyber operations as an affordable way to disrupt its adversaries. As part of this effort, Russia has increasingly targeted civil and commercial computer networks. This includes measures to cripple critical infrastructure, financial networks, and internet services and capture proprietary data or sensitive communications, such as a CEO’s emails. While working at the Pentagon, I saw firsthand how Russia tested these capabilities in Ukraine as major coordinated cyber intrusions shut down power grids, interrupted television broadcasts and generally disrupted commerce. Ukrainian President Petro Poreshenko stated that in the space of two months in 2016 alone, 6,500 cyber attacks were conducted against government, critical infrastructure and industrial targets. Read more »

Top 7 Cyber Security Threats of 2018

Clients come to us to solve real-world security problems, not to just check the boxes. At Adsero Security, our job is to make sure you are secure. This is why it is imperative for you to be aware of the threats that could make an impact on your organization. Read on to discover more.

Cyber crime is quickly becoming one of the greatest threats to businesses, government institutions and individuals. This year alone, victims of one type, ransomware, lost $5 billion dollars according to Cybersecurity Ventures research.

In the world of the dark web, 2017 is defined by devastating cyber attacks like the Equifax breach, and that type of impact is something Cyber Security expert Steve Weisman, with Bentley University,predicted both last year.

Here are his Top 7 Cyber Security Threats for 2018:

1. Health Insurance Hacks

“Medical identity theft is the most serious form of ID theft both personally and financially, it’s the only form of Identity theft that can actually kill you and it’s getting worse,” said Weisman.

He says the 145 million involved in the Equifax breach are especially at risk, since their social security numbers may have been compromised. Also, Medicare is still a year away from giving all people new cards with ID numbers not tied to their SS#.

2. Cryptocurrency Scams
This one affects investors, specifically those interested in currency.

“I think scams involving cryptocurrency such as bitcoin are going to be the biggest scams of 2018,” said Weisman.

He says many of the offerings are bogus, but scammers use social media to create hype.

3. Ransomware Spike

To prevent your computer from getting hijacked avoid clicking on unknown links, keep security software up to date, and back-up everything on an external hard drive.

4. Foreign Cyber Attacks on Banks

“A cyber war with North Korea is certainly something that’s not out of the question,” said Weisman. Read more »

Cyber security expert explains what to do if your email is hacked

Our job to make sure you are secure. Hackers do not discriminate and will hack any account. Anyone can be at risk,  Read on to discover how and why emails are hacked.

YOUNGSTOWN, Ohio (WYTV) – It’s a question many people have, “Am I at risk for hacking?” One local cyber security expert says everyone has some sort of risk because hackers do not discriminate.

Computer hackers will target big businesses, small businesses and individual people.

“It’s a game like Russian Roulette, we’re gonna keep trying every single place. They can do thousands at a time,” said Cyber Express Manager David Stanley.

You can have virus protection on your computer or take precautions with your passwords, but Stanley says emails are the easiest things to spoof.

“We can actually use your email address and send out emails under your own name and it looks just like you,” he said.

Since many hackers are outside of the U.S., the justice system has no legal ability to arrest them once they’ve scammed.

“A lot of businesses don’t take steps in preventing it, they rely on their IT people,” Stanley said.

While there’s no foolproof way to protect your email, Stanley says there are signs to look for in other people’s emails that you receive, things like strange links or grammatical errors.

“Click on the actual email address behind it and make sure it says ‘davidstanley@gmail.com’ or whatever their email is,” Stanley said.

If you find out your email account has been hacked, Stanley says to change your password and email all of your contacts to a different provider.

Once you’ve taken those steps, you can file a complaint with the Federal Trade Commission. This keeps them in the loop of websites or hackers that are scamming people.

To read more, http://wytv.com/2018/01/26/cyber-security-expert-explains-what-to-do-if-your-email-is-hacked/

Healthcare Data Breaches: 4 Tips for Healthcare Execs

With a combined 45 years in IT security, Adsero’s principals have seen it all. There is no problem that we can’t solve. This includes maintaining a safe cyber network for hospitals. Read on to discover why this is so pertinent.

Despite the fact that healthcare hacking was rampant in 2017, only one in five healthcare professionals—registered nurses (RNs) and health administrators—say they have experienced patient data breaches.

According to the University of Phoenix College of Health Professions survey findings, 20% of RNs and 19% of health administrators said their facility has experienced a breach of patient data, and just as many responded that they didn’t know if their facility has experienced a data breach.

University of Phoenix College of Health Professions surveyed 504 U.S. adults working full time in healthcare as either registered nurses or administrative staff who have worked in their position for at least two years.

Other findings include:

·       Despite record-breaking cybersecurity issues in the healthcare industry in 2017, 48% of RNs and 57% of administrative staff said they are “very confident” in their facility’s ability to protect patient data against potential theft.

·       Additionally, when asked where they have seen the most changes occur in the industry over the last year, including quality of care, safety, digital health records, prevention, and population health, only 25% of RNs and 40% of administrative staff cite data security and privacy.

·       About eight in 10 RNs (79%) and administrative staff (77%) think big data is important to their jobs; however, about two in three RNs (65%) and over half of administrative staff (55%) have never received training on it.

·       More than three in five RNs (64%) and administrative staff (62%) say their facility has invested in electronic medical records in the past year.

   Both groups said their organizations are taking the following steps to ensure patient data is protected:

o   Updated privacy and access policies (69% of administrative staff, 67% of RNs).

o   Role-based access (60% of administrative staff, 59% of RNs).

o   Data surveillance (55% of administrative staff, 56% of RNs).

“The results show that there is a disconnect between the level of confidence that healthcare professionals have in their organization’s ability to prevent data breaches and the reality of today’s cybersecurity landscape,” says Doris Savron, executive dean for the Colleges of Health Professions at the University of Phoenix.

Read more »

Facebook to roll out global privacy settings hub — thanks to GDPR

Adsero Security is unique in the IT security industry. Integrity, honesty, and fairness are the core of who we are. We also like to highlight businesses that enforce this same model. Facebook is making some changes to its privacy setting so that its users will be safer. We applaud that action.  Read on to find out more.

Facebook COO Sheryl Sandberg has said major privacy changes are coming to the platform later this year, as it prepares to comply with the European Union’s incoming data protection regulation.

Speaking at a Facebook event in Brussels yesterday, she said the company will be “rolling out a new privacy center globally that will put the core privacy settings for Facebook in one place and make it much easier for people to manage their data” (via Reuters).

Last year the company told us it had assembled “the largest cross-functional team” in the history of its family of companies to support General Data Protection Regulation (aka GDPR) compliance.

From May 25 this year, the updated privacy framework will apply across the 28 Member State bloc — and any multinationals processing European citizens’ personal data will need to ensure they are compliant. Not least because the regulation includes beefed-up liabilities for companies that fail to meet its standards. Under GDPR, penalties can scale as large as 4% of a company’s global turnover.

In Facebook’s case, based on its 2016 full-year revenue, the new rules mean it could be facing fines that exceed a billion dollars — giving the company a rather more sizable incentive to ensure it meets the EU’s privacy standards and isn’t found to be playing fast and loose with users’ data.

Sandberg said the incoming changes will give the company “a very good foundation to meet all the requirements of the GDPR and to spur us on to continue investing in products and in educational tools to protect privacy”.

“Our apps have long been focused on giving people transparency and control,” she also remarked — a claim that any long-time Facebook user might laugh at rather long and hard. Read more »

The New Rules Of Cybersecurity

We are solutions, builders who provide comprehensive, complete IT security management programs. In an IT security solutions initiative involving many vendors, we are the project managers who pull it all together and make sure it works as planned- for the long term. This is a needed service in today’s times where threats lurk around every corner.

Read on to discover why these threats are so imminent,

The man who built the U.S. Army’s cyber command says online threats are going get worse before they get better. But that doesn’t mean leaders are powerless. To win, focus on your culture and your people to create a sense of urgency to protect what you value and ensure you’re ready for the threats focused on you. Some hard-learned lessons from the war for cyberspace.

My 37-year career in the U.S. Army spanned the digital revolution we continue to experience today. From being assigned to the Army’s first digitized division to leading the army’s human resources command during a time of war, to creating, in 2010, a global command with 17,000 cyber professionals charged to not only conduct defensive operations, but when directed, to be able to do offensive operations, I witnessed and helped lead the transformation of our military into a new age.

Over that time, the ability of cyber threats to try to take advantage or limit America’s ability to conduct uninterrupted operations—both militarily, and commercially—increased dramatically. Yet, until recently, many leaders assumed that, despite the occasional interruption, these adversaries would not have the ability to seriously interrupt operations. We took our freedom to operate in cyberspace for granted. That assumption is no longer true. There is a growing threat from sophisticated cybercriminal networks and individual actors that might have a political cause or something that they want to try to impact through cyberspace. Most significant are the growing cyber threats from nation-state actors—especially Russia, China, Iran and North Korea—that have the potential to commit not only cybercrime or espionage but launch disruptive and potentially destructive attacks. Read more »

Adsero supports cyber security schools; Urges others to help develop IT talent

With the incidence of data breaches increasing daily in the U.S., and all over the world, it’s obvious that we will need to develop creative, smart and savvy, high-tech defenses against these threats for decades to come. Since the cyber hackers and their methods are getting smarter and more conniving every day, we must take decisive actions now to fight back proactively.

One way we can build our defenses against these cyber-attacks is to develop the talent needed to literally man the front lines in this war. That talent – students choosing IT as a career – is now hard at work in universities and colleges across the nation that offer future-focused cybersecurity majors or curriculums.

Among the institutions of higher learning in Florida that are leading the nation in the study of cyber-security offense and defense are Florida State University and the University of Tampa. To help these two top institutions achieve their missions of preparing students for current and future cyber warfare, Adsero Security has made cash donations to both universities’ cybersecurity programs.

We are going on record today as urging other businesses and individuals reading this to provide financial or in-kind support to cybersecurity departments, study initiatives and individual students of the discipline. These gifts and other support will help our nation to build an intellectual bulwark that will protect the consumer, corporate, healthcare, academic, and business data from cyber hackers in the future. We hope you’ll join us in giving to this worthwhile cause that will make a difference in all our lives for decades to come.

4 lessons for businesses on South Africa’s biggest data breach

“Some of our business is reactive, which is unfortunate. Smart clients come to us before their exposure evolves into trouble. We urge you to be proactive.”- Cody Wray, Co-Managing Partner, Adsero Security. Cyber Security is a global issue. Read on discover what could have prevented this massive data breach.

While massive data breaches are associated with international companies such as Ashley Madisonor LinkedIn, South Africa is no stranger to customer data being released into the public domain by cybercriminals.

In fact, it was in October 2017 when security expert Troy Hunt stumbled across the largest data breach in South African history.

The personal data of millions of South Africans was compromised when a database backup file titled “masterdeeds.sql” was leaked publicly online. The data contained millions upon millions of ID numbers, as well as contact details, addresses and income of certain individuals. It’s rumoured that even President Jacob Zuma’s cellphone number was available in the data.

This data had been publicly available for over seven months — an alarming amount of time for the leak to go undetected.

With over 60-million unique ID numbers (more than the country’s population) available in the file, it’s likely that the majority of South Africans were affected. Even certain deceased citizens had their information exposed.

Dracore Data Sciences was identified as the possible source the information, which was collected and then made available to clients. However, while they may have collected the information, it was not through their servers that the data was leaked. Rather, the data was leaked from the servers of property company Jigsaw Holdings.

The seriousness of the situation is evident from the launch of Home Affairs and Hawks investigations into the breach.

So what can other companies learn from this breach to ensure they don’t find themselves in a similar situation? Read more »

The 5 Laws of Cyber Security

Adsero’s ideal clients are medium to large businesses whose executive teams are serious about developing relationships with IT security experts who can identify, build and manage long-term solutions supported by written policies. Clients of Adsero are given the information needed to keep their systems safe. This article describes why cybersecurity protection is needed.

“How we face death is at least as important as how we face life.”

As we enter the new year, I can’t help but recall these words from Star Trek II: The Wrath of Khan — one of my favorite movies. 2017, by all accounts, ended up being the year of the hacker in many ways. From Equifax to Uber, the SEC to the NSA, it seems like every aspect of the human experience has been affected by cybersecurity and privacy concerns.

It’s inescapable in this day and age, and with the death of a year comes the new life of the next. While we can all hope that certain older relatives, friends, celebrities and musicians all survive the year, we can also hope that, despite all evidence to the contrary, we will have a year free from data breaches, vulnerabilities and malware. With 2018 shaping up to be the most prolific year hacking has ever seen given 2017, it’s time to establish a universal language and understanding of those foundational facts that govern our data-security lives.

So without further ado, here are my five laws of cybersecurity, and while there could easily be more, these five will forever be the immutable universal constants that govern this topic and our existence in relation to it.

 Law No. 1: If There Is A Vulnerability, It Will Be ExploitedAs I mentioned in my first article for Forbes: “Consider for a moment that when the first bank was conceived and built, there was at least one person out there who wanted to rob it.” In the more modern era, since the first “bug” was found in a computer, we’ve been looking for ways to bypass the framework or laws that govern a computer program, a device or even our society. Consider that there are those in our society who will try and hack everything within their capability. This could be obvious with more basic exploits, like the person who figured out how to obstruct their car’s license plate to go through a tollbooth for free, or the more obscure, such as infecting a complex computer system to derail an illegal nuclear weapons program. Finding ways around everything for both good and bad purposes is so ubiquitous today that we even have a term for it: “Life Hacking.”

 

Read more »

Youth Compete in Cyber Security Competition

The youth is our future. These high school students learned valuable information. Read on to discover what challenges they faced and how they rose to the challenge.

Folsom High School’s computer science academic team recently competed for the second year in the CyberPatriot National Youth Cyber Defense Competition and placed platinum and gold.

Coach and advisor Jean Cavanaugh said the competition consists of schools all over the country. Each school is allowed up to five teams with a total of five members each. Cavanaugh said it’s impressive to have five teams because some schools only have one.

Of Folsom’s five teams, two were all female, one was all male and two were co-ed. The competition the teams recently competed in was rounds one and two, which lasted not a minute more than six hours.

“CyberPatriots send us a link to two operating system images – a Windows image and a Linux image,” she said. “They have certain ‘bugs’ in them. Then they send a document that introduced the students to their ‘company.’ It explains a little about the company, who should have administrative rights and who the employees are. The students’ task for the competition is to figure out where all the bugs are, fix them, change passwords when necessary, and secure the image from any ‘open doors.’”

In the second round, the students are given a written test of Cisco Networking questions and challenges, Cavanaugh said.

Based off of a percentage of total points for each team, Cavanaugh’s group placed with three platinum level and two gold level scores.

“We don’t ‘get anything.’ It just allows us to move onto the next level,” she said. “We will compete on Jan. 20. If they don’t make a certain point percentage, we are finished for the year.” Read more »