Home Black Hat Deep Tech Essays Fireside Chat My Take News Alerts Q&A RSAC Videocasts About Contact
 

Essays

 

GUEST ESSAY: Here’s why securing smart cities’ critical infrastructure has become a top priority

By Zac Amos

Critical infrastructure like electrical, emergency, water, transportation and security systems are vital for public safety but can be taken out with a single cyberattack. How can cybersecurity professionals protect their cities?

In 2021, a lone hacker infiltrated a water treatment plant in Oldsmar, Florida. One of the plant operators noticed abnormal activity but assumed it was one of the technicians remotely troubleshooting an issue.

Only a few hours later, the employee watched as the hacker remotely accessed the supervisory control and data acquisition (SCADA) system to raise the amount of sodium hydroxide to 11,100 parts per million, up from 100 parts per million. Such an increase would make the drinking water caustic.

The plant operator hurriedly took control of the SCADA system and reversed the change. In a later statement, the company revealed redundancies and alarms would have alerted it, regardless. Still, the fact that it was able to happen in the first place highlights a severe issue with smart cities.

GUEST ESSAY: NIST’s Cybersecurity Framework update extends best practices to supply chain, AI

By Jeremy Swenson

The National Institute of Standards and Technology (NIST) has updated their widely used Cybersecurity Framework (CSF) — a free respected landmark guidance document for reducing cybersecurity risk.

Related: More background on CSF

However, it’s important to note that most of the framework core has remained the same. Here are the core components the security community knows:

Govern (GV): Sets forth the strategic path and guidelines for managing cybersecurity risks, ensuring harmony with business goals and adherence to legal requirements and standards. This is the newest addition which was inferred before but is specifically illustrated to touch every aspect of the framework. It seeks to establish and monitor your company’s cybersecurity risk management strategy, expectations, and policy.

•Identify (ID): Entails cultivating a comprehensive organizational comprehension of managing cybersecurity risks to systems, assets, data, and capabilities.

GUEST ESSAY: A DIY guide to recognizing – and derailing – Generative AI voice scams

By Alexander Konovalov

Americans lost a record $10 billion to scams last year — and scams are getting more sophisticated.

Related: Google battles AI fakers

Recently used to impersonate Joe Biden and Taylor Swift, AI voice cloning scams are gaining momentum — and one in three adults confess they aren’t confident they’d identify the cloned voice from the real thing.

Google searches for ‘AI voice scams’ soared by more than 200 percent in the course of a few months. Here are a few tips  how to not fall prey to voice cloning scams.

•Laugh. AI has a hard time recognizing laughter, so crack a joke and gauge the person’s reaction. If their laugh sounds authentic, chances are there’s a human on the other end of the line, at least.

GUEST ESSAY: Essential cyber hygiene practices all charities must embrace to protect their donors

By Zac Amos

Charities and nonprofits are particularly vulnerable to cybersecurity threats, primarily because they maintain personal and financial data, which are highly valuable to criminals.

Related: Hackers target UK charities

Here are six tips for establishing robust nonprofit cybersecurity measures to protect sensitive donor information and build a resilient organization.

•Assess risks. Creating a solid cybersecurity foundation begins with understanding the organization’s risks. Many nonprofits are exposed to potential daily threats and don’t even know it. A recent study found only 27% of charities undertook risk assessments in 2023 and only 11% said they reviewed risks posed by suppliers. These worrying statistics underscore the need to be more proactive in preventing security breaches.

•Keep software updated. Outdated software and operating systems are known risk factors in cybersecurity. Keeping these systems up to date and installing the latest security patches can help minimize the frequency and severity of data breaches among organizations. Investing in top-notch firewalls is also essential, as they serve as the first line of defense against external threats.

GUEST ESSAY: Everything you should know about the cybersecurity vulnerabilities of AI chatbots

By Zac Amos

AI chatbots are computer programs that talk like humans, gaining popularity for quick responses. They boost customer service, efficiency and user experience by offering constant help, handling routine tasks, and providing prompt and personalized interactions.

Related: The security case for AR, VR

AI chatbots use natural language processing, which enables them to understand and respond to human language and machine learning algorithms. This helps them improve their performance over time by gaining data from interactions.

In 2022, 88% of users relied on chatbots when interacting with businesses. These tools saved 2.5 billion work hours in 2023 and helped raise customer satisfaction to 69% for $0.50 to $0.70 per interaction. Forty-eight percent of consumers favor their efficiency prioritization.

GUEST ESSAY: Why internal IT teams are ill-equipped to adequately address cyber risks

By Michael Cocanower

Every industry is dealing with a myriad of cyber threats in 2024. It seems every day we hear of another breach, another scam, another attack on anything from a small business to a critical aspect of our nation’s infrastructure.

Related: The case for augmented reality training

Because of this, cybersecurity investments and regulatory oversight are increasing at an astounding rate, especially for those in the financial services industry, bringing an overwhelming feeling to chief compliance officers without dedicated security teams.

And the solution they are turning to is not one that will solve their problems in the long run: handing cybersecurity responsibilities to internal IT teams.

It’s a tale as old as the first computer. When a technical issue arises, hand it over to IT. However, from the sheer amount of regulations coming down the pipeline to the tools necessary to counter threat actors, internal IT is not the right resource for this monumental task.

Regulatory overload

Firms in the financial services industry are staring down the bottom of the regulatory barrel coming into 2024. From identity theft to greater oversight on risk management, internal IT teams

GUEST ESSAY: Best practices to shrink the ever-present risk of Exchange Server getting corrupted

By Bharat Bhushan

Even in the cloud era, Microsoft Exchange Server remains a staple business communications tool across the globe.

Related: The need for robust data recovery policies.

One critical issue faced by organizations that rely on Exchange Server is the risk of a corrupt Exchange Server database cropping up.

Fortunately, effective tools and wise best practices can help mitigate this this exposure enabling companies to indefinitely leverage Exchange Server as a productive, resilient and secure communications tool.

Navigating new risks

Today, heavy reliance on cloud-centric IT infrastructure and cloud-hosted applications has become the norm. Yet a significant number of enterprises and small and mid-sized businesses (SMBs) continue to rely on Exchange Server.

Microsoft introduced this e-mail and calendaring server in 1996 and over time it has over time become ubiquitous in enterprises and small and mid-sized businesses (SMBs) alike.