Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Guest Blog Post

 

GUEST ESSAY: U.S. ‘chip’ adoption reduces card scams — but drives up new account fraud

By Robert Capps

Identity theft and fraud hit an all-time high in 2017, according to the 2018 Identity Fraud Study released last week by Javelin Strategy & Research.

Among Javelin’s key findings fraudsters claimed 1.3 million more victims in 2017, with $16.8 billion stolen. That’s a record high since 2003 when the firm first began tracking identity theft and fraud.

Related article: How a 19-year-old ran a bogus credit card empire

The retail and the financial services industry have put great effort and resources into stopping identity theft crimes. However, the complexity of fraud continues to rise, and there has been a shift towards other prevalent types of identity fraud taking place online, such as identity theft and new account fraud.

Javelin’s findings tell us that with the adoption of embedded chip cards now widespread in the U.S., criminals have begun to shift their fraud operations away from physical stores, favoring online transactions, new account fraud, and identity theft. While credit card information remained the most targeted for new account fraud, there has been significant growth in the opening of new intermediary accounts. Payment services are increasingly being targeted by fraudsters.

Capps

For the first time ever, Social Security numbers (35%) were compromised more often in breaches than credit card numbers (30%). These trends demonstrate that personal information is under siege, and protecting sensitive data with legacy methods is futile in the age of mega breaches. …more

GUEST ESSAY: How children using illegal streaming devices get targeted by malicious actors

By Tom Galvin

It is good to see pressure from advertisers  prompting a tech titan to clean up its digital neighborhood.

I refer to steps being taken recently by Alphabet,  the parent conglomerate of Google and YouTube. Alphabet announced a new plan to keep ads from premium brands off YouTube pages with videos pushing dangerous, illegal, and/or illicit behavior.

Related article: Lawsuits allege ‘kid spying’

It remains to be seen how effective these measures will prove to be.  Threat actors are not easily discouraged. In fact, they will certainly look for other money-making ventures in the digital space. These criminals will likely target poorly policed, yet highly popular, devices offering content that is easy to compromise.

Entertainment bait

There is no bait quite like content – movies, music, and games – to lure consumers into digital traps. Increasingly, people are buying devices just for the purpose of getting programming they need to watch and play what they want.

At the Digital Citizens Alliance, our research team has worked with top researchers at cybersecurity companies and advertising watchdogs to find how cybercriminals make millions by pushing both advertising and malware through illegal and illicit movie sites.

Make no mistake, pirated movies are big business – an attractive opportunity for criminals looking for easy money, vulnerable targets (often teens and children), and little threat of police action. …more

GUEST ESSAY: Why cyber attacks represent a clear and present danger — and what you can do about it

By John Mason

As we begin a new year, cyber attacks may actually pose a more profound threat to mankind than the specter of nuclear warfare.

So says billionaire investor Warrant Buffet, and I tend to agree with him. Cyber attacks are growing in prominence every day – from influencing major elections to crippling businesses overnight, the role cyber warfare plays in our daily lives should not be underestimated.

Related article: Digital vulnerabilities on the rise in 2017

I’ve reviewed dozens of reports and surveys that support Mr. Buffet’s observation. Here is an assemblage of these stark proof point, along with my assessment of how they tie together:

Malware storm

Research from Panda Security informs us that some 230,000 new malware samples are produced every day — and this growth is predicted to only keep growing. Encryption services vendor Venafi estimates that 90 percent of hackers cover their tracks by using encryption, including VPN services. Keep in mind encryption is only one of many stealth techniques hackers use. …more

GUEST ESSAY: Google study details how 9 million account logons get stolen every 24 hours

By Lisa Baergen

Google should be applauded for spending a year studying how cybercriminals highjack account login credentials and expose them in the cyberspace.

The search giant’s findings are astounding and instructive. Stolen passwords get channeled into the dark web in two main ways: one at a time, via phishing campaigns, or en masse, via data breaches, such as the Yahoo and Uber ones.

From March 2016 to February 2017, Google found that 12 million username and passwords were successfully phished, and some 3.3 billion records were stolen as the result of data breaches. This means that every 24 hours an average of nine million logins are stolen.

Gmail and the Google Cloud Platform are deeply interwoven with corporations and consumers’ lives – even people with personal Gmail accounts use their work email as a recovery account.

Now think about the online retail implications: how many times have you been shopping online and getting confirmations via Gmail? What data does that expose?

The Javelin Strategy and Research Identity Proofing Platform Scorecard, issued in October, showed that everyone – from major merchants to industrial boardrooms and consumers – has room for improvement. …more

GUEST ESSAY: What ‘Fight Club’ taught me about protecting my online personas

By Thomas Yohannan

Dissociative identity disorder, AKA multiple personality disorder, is a human condition by which the victim’s personality becomes fragmented into two or more distinctive states.

DID has long been a rich topic for Hollywood screen writers. The movie Fight Club, in which Edward Norton and Brad Pitt portray polar opposite personalities of the main protagonist, is a classic example.

Related podcast: Phil Lieberman calls for resetting the C-suite mindset

DID sufferers subvert themselves in self-contained sets of memories, behaviors, attitudes, even perceived age. This is done so that the victim can insulate certain fragile areas of his or her psyche, and thus is able to function with a sense of security in otherwise threatening environments, psychologically speaking.

It may not be a bad idea …more

GUEST ESSAY: The top 4 cybersecurity certificates every IT staffer should have

By Victoria Zambito

Assuredly, it is a very positive development that more companies are looking to boost the security expertise of their in-house IT teams. This is being manifested by flow of IT professionals seeking out and participating in security-related certificate programs.

Numerous third-party organizations offer these educational tracks; a select few garner great respect within the field. Here’s the cream of the crop:

CompTIA A+ Certification

The CompTIA A+ Certification provides essential foundational knowledge for IT professionals. It covers basic enterprise hardware and software deployment, management techniques and cloud computing. Approximately 1 million IT professionals hold the highly coveted IT CompTIA A+ certification.

Certified Ethical Hacker (CEH v9) – EC-Council
The Certified Ethical Hacker Certification demonstrates an IT professional has an understanding of how to …more

GUEST ESSAY: A call for rethinking incidence response playbooks

By Liz Maida

We see it week after week. Insidious cyber threats that spread throughout enterprises like wildfire and proliferate around the globe, interfering with crucial work and holding data hostage. These attacks make the news cycle for a few days, security teams wring their hands over it, and then forget all about it – until the next attack. Lather, rinse, repeat.

When will the security community get smarter about our approach to identifying and thwarting cyber threats, instead of just responding to the one at hand?

Related video: Tempered Networks introduces identity-based networks

The known threat of today — whether it’s malware, social engineering or phishing — inevitably morphs into the zero-day threat of tomorrow. Which means that all the tactical work security teams …more