Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Guest Blog Post

 

GUEST ESSAY: Rising workplace surveillance is here to stay; here’s how it can be done responsibly

By Elizabeth Rogers

People often recite the cynical phrase that ‘privacy is dead.’  I enthusiastically disagree and believe, instead, that anonymity is dead.

One area where this is being increasingly demonstrated is in the workplace. Employee surveillance has been rising steadily in the digital age. And because it’s difficult, if not impossible, to keep ones digital work life separate from ones digital private life, the potential for abuse to happen while carrying out an employee surveillance program is real.

Related video: SXSW panel hashes over employee monitoring

However, I firmly believe that, together, we can preserve the employee privacy through clearly stated social ‘contracts’ and fair enforcement of same.

Let’s begin with the notion that employees, unless advised otherwise, have a right to privacy in the workplace. However, the scales also tip in favor of the employer to monitor threats to  the company’s intellectual property.

Unique ties

Employers and employees share a unique relationship built on trust.  When it comes to assets of the company, it is in the mutual interest of both that they stay protected.  Generally, employees will sign a contract, in the form of a Non-disclosure Agreement that yields to the …more

PODCAST: Why companies need a strategy to manage compliance, now more than ever

By Byron V. Acohido

Businesses are embracing the public cloud at an accelerated pace — and for good reason. By tapping hosted services,  companies of all sizes and in all verticals are finding fresh, dynamic ways to engage with employees, suppliers, partners and customers.

Related articles: 5 things to do to prep for GDPR

However, as companies race to mix and match cloud-delivered storage, processing power and business apps from the likes of Amazon Web Services, Microsoft Azure and Google Cloud, unforeseen gaps in traditional perimeter network defenses are turning up. Smitten by the benefits of cloud computing, many companies have not bothered to fully address the “shared responsibility” model for security underlying the public cloud.

By the same token, ever-opportunistic cyber criminals have already begun pouncing on these emerging exposures. Emergent cloud computing vulnerabilities have gotten a lot of attention by the cybersecurity community, as well they should.

Much less well understand, and, yet, quite possibly a much more clear and present risk for many thousands of companies is the risk of non-compliance. It turns out that in rush to move to the cloud, companies have created many more opportunities for violating the matrix of industry standards and government regulations that touch on data handling and data privacy. …more

GUEST ESSAY: How Orbitz’s poor execution of a systems upgrade left data exposed

By Natalie Williams

In case you thought it had been a suspiciously long time since a massive data breach was announced, well, here you go. Just a couple of days ago, Orbitz (part of the massive travel conglomerate Expedia) revealed that during the second part of last year, the personal data of many of their users was breached.

And by “many,” I mean somewhere in the neighborhood of 880,000. And while Orbitz promises that no Social Security Numbers were compromised, a lot of other data was: names, dates-of-birth, even email and street addresses. And, of course, credit card  information. Let’s not forget that.

Related podcast: Why 2018 will be the year of the CISO

Importantly, this was not a phishing attack. It was a system hack, and although the exact method is unknown, the hackers did target an older Orbitz platform (not Orbitz.com), as well as a partner sites (separate occasions), and were able to access records still embedded in it.

 And unlike with Equifax, this also doesn’t appear to be a situation in which administrators followed blatantly terrible password security practices. These data loss situations are always somewhat harder to assess, since they can’t be directly traced back to a clear and specific bad decision. They’re also harder to pass judgement on or attempt to provide solutions for, for the same reason. And yet, anytime this much data is exposed, there’s a serious issue. Something wasn’t adequately protected—someone wasn’t doing what they were …more

GUEST ESSAY: Surveillance cam hack shows potential for ransomware collateral damage

By David Smith

The recent charges, and subsequent arrest, of two Romanians alleged to be responsible for a widespread hack of surveillance cameras in our nation’s capitol raises a number of intriguing questions.

Why hack surveillance cameras? What nefarious activity might escape law enforcement’s notice while these particular cameras went dark?

Related articles: Surveillance cams are trivial to hack

The U.S. Secret Service had every right to be alarmed with the sudden compromise of so many cameras around Washington D.C.  According to an affidavit from the case, the hackers “participated in an intrusion into and taking control of approximately 123 internet-connected computers used by the Metropolitan Police Department of the District of Columbia (“MPDC”) to operate surveillance cameras … which computers could then be used to send the ransomware-laden spam emails.”

Based on this assertion, it appears the computers controlling the cameras were the hackers’ target objective — not the cameras themselves. This is an important distinction.  It would seem that the Romanian hackers were not ideologues seeking to make a political point. In fact, it appears they had no interest, at all, in the basic functions served by the hacked cams.

It is likely that they simply found vulnerable systems, which happened to be cameras, and then swiftly infected them with ransomware. In that scenario, they hoped for a quick ransom payment by the owners of the underlying computers. And while the attackers controlled these computers, the systems could also be redirected to help spread ransomware to other systems and devices.

Material harm

Sen. Mark Warner, D-Virg., hit the nail on the head when he observed: “These reports highlight just how vulnerable our systems are to fast-proliferating ransomware threats.” In this situation, the affected devices just happened to be surveillance cameras. Aside from the time and effort necessary to remove the ransomware and bring the systems back online, no other reported harm came from the cameras going dark for a period of time. …more

GUEST ESSAY: U.S. ‘chip’ adoption reduces card scams — but drives up new account fraud

By Robert Capps

Identity theft and fraud hit an all-time high in 2017, according to the 2018 Identity Fraud Study released last week by Javelin Strategy & Research.

Among Javelin’s key findings fraudsters claimed 1.3 million more victims in 2017, with $16.8 billion stolen. That’s a record high since 2003 when the firm first began tracking identity theft and fraud.

Related article: How a 19-year-old ran a bogus credit card empire

The retail and the financial services industry have put great effort and resources into stopping identity theft crimes. However, the complexity of fraud continues to rise, and there has been a shift towards other prevalent types of identity fraud taking place online, such as identity theft and new account fraud.

Javelin’s findings tell us that with the adoption of embedded chip cards now widespread in the U.S., criminals have begun to shift their fraud operations away from physical stores, favoring online transactions, new account fraud, and identity theft. While credit card information remained the most targeted for new account fraud, there has been significant growth in the opening of new intermediary accounts. Payment services are increasingly being targeted by fraudsters.

Capps

For the first time ever, Social Security numbers (35%) were compromised more often in breaches than credit card numbers (30%). These trends demonstrate that personal information is under siege, and protecting sensitive data with legacy methods is futile in the age of mega breaches. …more

GUEST ESSAY: How children using illegal streaming devices get targeted by malicious actors

By Tom Galvin

It is good to see pressure from advertisers  prompting a tech titan to clean up its digital neighborhood.

I refer to steps being taken recently by Alphabet,  the parent conglomerate of Google and YouTube. Alphabet announced a new plan to keep ads from premium brands off YouTube pages with videos pushing dangerous, illegal, and/or illicit behavior.

Related article: Lawsuits allege ‘kid spying’

It remains to be seen how effective these measures will prove to be.  Threat actors are not easily discouraged. In fact, they will certainly look for other money-making ventures in the digital space. These criminals will likely target poorly policed, yet highly popular, devices offering content that is easy to compromise.

Entertainment bait

There is no bait quite like content – movies, music, and games – to lure consumers into digital traps. Increasingly, people are buying devices just for the purpose of getting programming they need to watch and play what they want.

At the Digital Citizens Alliance, our research team has worked with top researchers at cybersecurity companies and advertising watchdogs to find how cybercriminals make millions by pushing both advertising and malware through illegal and illicit movie sites.

Make no mistake, pirated movies are big business – an attractive opportunity for criminals looking for easy money, vulnerable targets (often teens and children), and little threat of police action. …more

GUEST ESSAY: Why cyber attacks represent a clear and present danger — and what you can do about it

By John Mason

As we begin a new year, cyber attacks may actually pose a more profound threat to mankind than the specter of nuclear warfare.

So says billionaire investor Warrant Buffet, and I tend to agree with him. Cyber attacks are growing in prominence every day – from influencing major elections to crippling businesses overnight, the role cyber warfare plays in our daily lives should not be underestimated.

Related article: Digital vulnerabilities on the rise in 2017

I’ve reviewed dozens of reports and surveys that support Mr. Buffet’s observation. Here is an assemblage of these stark proof point, along with my assessment of how they tie together:

Malware storm

Research from Panda Security informs us that some 230,000 new malware samples are produced every day — and this growth is predicted to only keep growing. Encryption services vendor Venafi estimates that 90 percent of hackers cover their tracks by using encryption, including VPN services. Keep in mind encryption is only one of many stealth techniques hackers use. …more