News - IT and Cybersecurity Insights

Cybersecurity

News

How IT Departments Ensure Cybersecurity

December 18, 2018

•

20 min read

We often think of our information technology (IT) departments as a team full of computer “nerds” who roam the floors to make sure your laptop isn’t on fire and the like. Believe it or not, there is far more to our IT departments than what meets the eye. Information technology and its professionals provide essential functions and services towards ensuring their business’s vitality. The IT department is not just responsible for your business’s company-wide networking, but also its’ cybersecurity.

Emergency Management
In the event of a cyberattack, all eyes and ears are likely on your company’s IT department to lead emergency management. In 2019, the international community should expect to see more frequent, and more costly attacks than ever before. Some research finds that the cost of data breaches will exceed $2 trillion, quadruple the cost estimates in 2015. With such stunning figures as these, it should come as no surprise that most (if not all) firms with robust cybersecurity infrastructure place their IT department at the center of their cyber-attack management plan.
As the “experts,” IT departments tend to take direction in how a company responds to a cyber-attack. This means that each and every IT team member should be alert and aware at all times of any possible threat to their organization. The IT team members will have to create a cybersecurity plan that includes endpoint security, employee training, penetration and vulnerability testing, and of course a recovery plan. With that said, the international community should overall expect to see cyber threats at every corner, and will continue to need leadership as they meet and defeat these attacks.

Knowledge Sharing
It is safely assumed that a vast majority of a company’s cyber-security knowledge is concentrated within their IT department. In order to maintain the company’s approach to cybersecurity, IT departments must take ownership over organization-wide cyber-education. This can protect a business from external threats by establishing a shield from within.
Successful IT professionals know that they must instruct their colleagues on their individual role in protecting the company’s systems and processes. The organization as a whole must be aware of how their every online behavior puts both themselves and their work environment at risk. Their efforts to keep each employee aware of the potential dangers (type of cyber-attacks, type of tactics that hackers use, and etcetera) helps streamline accountability, while also placing themselves as the first line of defense.
By providing the company’s employees with not just a company conference, but through actual phishing and malware attempts, and real life scenarios, a successful IT department can keep the business cyber secure.

Don’t wait for a cyber criminal to attack. Contact Gigabit Systems today.

Innovation
Your business’s IT department helps keep your organization’s cyber-security infrastructure contemporary and effective. They are some of the most equipped employees to optimize your cybersecurity approach. Some ways that IT departments can promote innovative idea-sharing and strategy evolution is through in-house seminars on how to better-perform certain job functions and data evaluation aimed at predicting future incidents. This comprehensive approach keeps IT departments proactive, as opposed to reactive.

Summary
IT departments are not just a group of your go-to technology colleagues. Rather, they are leaders in how your business has, and will continue to face cyber-security threats. Through emergency management, knowledge sharing, and innovation, organizations should continue to rely on and capacity-build their IT departments for the purpose of remaining competitive in a technology-reliant world.

Learn more about the latest in cyber security by subscribing to our blog; https://www.gigabitsys.com/news

Cybersecurity

News

Tips

Business Email Compromise (BEC): How to Prevent ‘Gifting’ In

February 5, 2019

•

20 min read

No matter the season or the occasion, consumers frequently turn to gift cards as one of the only gift giving options with versatility. In today’s digital age, you might not be surprised to hear that even gift cards pose a threat to your online safety. The Federal Bureau of Investigation (FBI) issued a warning in December of 2018 surrounding Business Email Compromise (BEC) scams that specifically involve gift card fraud. Although these tactics do not have a high success rate, hackers can still yield a handsome profit. Here’s what you should know about this up-and-coming cyber-attack method.

What is Gift Card Fraud?

Business Email Compromise scams, also referred to as “CEO Fraud” or “Whaling” pose a significant financial cyber threat to businesses across the United States. The FBI’s Internet Crime Complaint Center, IC3.gov, reported that gift card fraud led to estimated losses of over $1 million. These damages are felt on a local level as well. In Arizona, BEC gift card scams went from amounting $845 in losses during 2017, to $90,000 in 2018.

The FBI explained in their December 2018 press release that BEC gift card fraud takes advantage of employees using concise, assertive language. Prior to the attack, an assailant organization will look to gain access to the intended victim organization’s emails. This helps the hackers craft as convincing of a message as possible. Here, timing is everything - BEC is far more successful around the holidays, or among employees who work closely with clients, third-party vendors, and etcetera.

Messages looking to accomplish gift card fraud appear to come from a CEO or another powerful executive, and typically encourage their employees to buy gift cards for a holiday party, personal use, and etcetera. The email usually asks the employee to send the gift card information, i.e. the number and PIN, back to the executive who allegedly sent the email. The hacker who is behind the email will then cash out the value.

The Scarlet Widow Case Study: Why Your Business Should Take Gift Card Fraud Seriously

There have been several international examples that shed a light on the potential consequences of a successful BEC maneuver. One includes a Nigerian organization known as the Scarlet Widow, which targets thousands of nonprofits, education-related institutions, and their associated individuals using gift card fraud. They typically request Apple iTunes or Google Play gift cards using a narrative that makes the suggestion fit. For example, Scarlet Widow was able to convince an Australian university administrator into both purchasing and distributing $1,800 of iTunes gift cards. The administrator later admitted that they believed the request came from the head of the university’s financial department. Scarlet Widow completed their mission by selling the cards via bitcoin and converting that to cash, all in a little over two hours.

What this case study shows us is just how quickly this type of social engineering can flourish. A single employee’s mistake led to thousands of dollars lost in a matter of hours. Given the ability of organizations like the Scarlet Widow to identify and mask themselves within their intended victims organization, all businesses should take this incident into serious consideration when developing their cyber-security strategy.

How to Prevent Gift Card Fraud

If you suspect that an email might not have come from its alleged sender, first look at the email header of the sender. Hackers sometimes will send an email from an address that looks similar, but slightly varies, from a legitimate executive. If you are still unsure about the email’s validity, do not be intimidated to ask from help. Reaching out to your CEO or executive directly is the easiest and quickest way to conclude fraud.

Are you looking for an IT company that specializes in Cyber Security while staying within budget? Contact Gigabit Systems.

The email’s contents can, too, point you in the right direction. The FBI warns that requests to buy multiple gift cards, even if the request itself doesn’t seem too outrageous, should concern you. Employees should also watch out for overly assertive language, i.e. a tone that pressures you to purchase the cards and/or send the gift card number and PIN as quickly as possible. Lastly, any sort of odd phrasing, grammar errors, and any instinctive variation from the sender’s usual emails should warrant some hesitation. As is the case with all types of widespread social engineering attacks, business leadership and information technology experts must educate on an organizational level as a means of dwindling any possible financial or reputational damage.

Conclusion

Business Email Compromise, specifically in the context of gift card fraud, poses a severe threat to businesses of any size. Since hackers are able to identify as apart of their intended victims' organization, these assailants have a great opportunity at success. Encouraging your employees to say something when they see something, study previous examples, and carefully read through their messages must become commonplace in order for these damages to dwindle.

Learn more about the latest in cyber security by subscribing to our blog; https://www.gigabitsys.com/news

Cybersecurity

News

Tips

What are data blockers and webcam covers?

July 1, 2020

•

20 min read

The exponential advances in technology are providing us with incredible opportunities in the 21st century. But these advances don't come without risk.Most of us depend largely on devices for our professional and personal activities, such as phones and laptops, even though we don't fully understand how these devices work. This has introduced an entirely new set of risks for the 21st-century layman.While it isn't necessary for you to understand the intricacies of how your devices work, you should at the very least understand the risks you are assuming when using them, and what you can do to mitigate these.In this article, we're going to cover two fast and effective ways you secure your devices, avoiding a cyberattack or a violation of your privacy.

What is a data blocker?

USB data blockers are often also referred to as USB condoms. Yep! You heard that right.While that might be a little bit more graphic than you were expecting to find on our FAQs page, it does create a surprisingly accurate metaphor for how a USB data blocker works.USB charging cables serve 2 main purposes:To carry electrical current to charge your deviceTo allow the transportation of data to and from your deviceSo just like our condom metaphor, while you might just be looking to get a bit of energy, other unwanted things might be transferred back and forth in the process.This free movement of data while you’re innocently charging your device provides hackers with the opportunity to send malware across to your device that could corrupt or even steal your data.Data blockers take care of this problem by cutting off the data connection and only providing an AC connection to your device.

Why should I use a data blocker?

These days, almost all phone chargers are USB cables that can be plugged into:An adapter which then goes into an AC power outletA USB power point or charging kioskDevices that have USB ports such as a laptop or desktop computerThese last two options provide a great opportunity for hackers to access your device.Power points can be easily rigged to add malware to your device and when plugging into a computer at an internet cafe or somewhere similar, there’s really no knowing what kind of malicious software they might have running on there.These kinds of attacks are often designed to corrupt or steal data from your device without you even realising until it’s too late.While the District Attorney’s Office recommends the use of portable chargers, AC power outlets, or car chargers if you want to avoid being hacked, these options might not be available to you when you’re most in need.That’s why making sure you’ve always got a USB data blocker to hand will help you stay protected when you’re getting desperate for more juice.

What is a webcam cover?

A webcam cover is a small window that you can stick over the camera on your computer. The window has a shutter that you can manually close, giving you 100% peace of mind that no one’s watching you on the other end.

Why should I use a webcam cover?

You’ve probably heard of the name, Edward Snowden by now. And even if you don’t know exactly what happened to him, it might sound familiar that in 2013 he revealed that the US National Security Agency (NSA) was and most likely still is up to some real sketchy business.He shared an estimated 1.5 million confidential documents from the NSA. Within these documents, there was information confirming that the NSA, as well as other surveillance agencies such as the British GCHQ, have been accessing and hijacking webcams and microphones of every-day citizens whether they were intelligence targets or not.It could have already happened to you and you wouldn’t even know about it.So, that raises the question: If they can do it, can’t anyone do it?That’s exactly right! Cybercriminals, sextortionists, law enforcement, and even school districts have all been doing this kind of spying for years now.We’re not accusing you of doing anything you shouldn’t be doing in front of your webcam. But we believe that what you do in privacy should be exactly that… private.

Cybersecurity

News

Tips

Social Engineering an Internet Crisis: How to Stop Internet Manipulation

January 29, 2019

•

20 min read

With the help of the Internet, anything that we could ever ask for is attainable at the touch of the button. Yet at what point should we begin to ask ourselves - is this all too good to be true? This can very well so become the case if the Internet is not mindfully navigated.

Mindfully navigating the Internet means understanding its negative externalities. Among these include social engineering, which describes the practice of manipulating others to give up confidential information and/or make a security mistake. The term is broad and encompasses a wide variety of malicious activities, but with one thing in common - the intent to use psychological manipulation to trick users. In order for businesses of all sizes to place a firm halt on social engineering, organizations must understand how these processes flourish and fail.

The Prevalence of Social Engineering

How does social engineering take off? More importantly, how are attackers given a platform to identify and manipulate? In order to design a convincing attack, social engineering requires quite a deal of research on the intended victim. The attacker will gather necessary background information to determine a point of entry, or in other ways, just how they will gain the intended victim’s trust and legitimacy. Some examples of manifesting personal data to gain trust include an attacker introducing themselves as a life insurance salesman to a parent, or as a human resources representative to a young professional.

Attackers are often looking to gain any of the following from their victims: passwords, bank information, medical records, political affiliations, and the like. As previously stated, social engineering is rooted in psychological manipulation. This reliance on human error is an entirely unique layer of danger than the conventional cyber-hack; with this breed of attack, the victim is in the driver’s seat. By concluding what your implicit biases and internet patterns are ahead of time (via social media, public documents, and etcetera) attackers can effectively exploit your natural inclinations.

The Tactics of Social Engineers

Social engineering attackers often turn to e-mail use as a way to commit their crime. In this scenario, for example, let’s say there are two friends: Jane and Stephanie. The attacker has managed to access Jane’s entire contact list, and identified Stephanie’s information. Stephanie then receives a message with a download of pictures, musics, movies, documents, etc., or a link to a website that you’re curious to visit. If Stephanie clicks on any of the attachments that she thinks Jane sent her, she is now at risk of the same computer virus that Jane has. Falling into these traps can give the attacker access to your machine, e-mail, social network accounts, and etcetera, which can ultimately expose your entire network to the virus.

Another type of social engineering attack includes baiting. Baiting involves a false premise to scheme the victim into pursuing something they would presumably want. Digital bait can be found in peer-to-peer websites offering to download music and/or a movie, or a link to win a free vacation. If there is a purchase involved, victims might permanently lose the cost of that “item,” or in some extreme cases, their entire bank account. Physical baiting exists, too. Aside from enticing advertisements, some scenarios involve placing malware-infected flash drives in public. Similar to digital bating, physical bait is frequently labelled as something thought-provoking, i.e. salary information.

To begin the discussion of how best to halt social engineering, let’s first examine two very public examples: one involving BlackRock, and the other involving the Associated Press. Regarding BlackRock, the unidentified attackers sent a series of fake communications to convince employees of the world’s largest asset management firm that their company was making a huge shift in investment strategy. These communications included emails, press releases, and a detailed website all designed to “announce” CEO Laurence D. Fink’s dedication to environmental causes. In 2013, hackers gained access to the Associated Press’s twitter account. Tweets of fake frightening news catalyzed a tank the markets that confused investors, government leaders, and the general public. Both examples embody how any business, whether large or small, can fall short in defending themselves against social engineering attacks.

While one hacker’s motivation may vary compared to the next, there are a series of measures every organization can adopt to ward away social engineers. One tactic involves adopting best password practices. According to Bloomberg, 6 letter passwords with only lower case letters can be obtained by hackers within 10 minutes. Optimal password security should involve a mix of uppercase letters, lowercase letters, numbers, and symbols. It is also recommended not to use the same password for each and every one of your accounts, especially if you associate many different accounts with the same username/e-mail address. You may also want to maintain a physical copy of your username and password combinations as a means of staying organized and motivated to uphold password security.

Are you looking for an IT company that specializes in Cyber Security while staying within budget? Contact Gigabit Systems.

How to Halt Social Engineering

Furthermore, living in the digital age means acknowledging just how far reaching social media has truly become. Social media gives anyone and everyone a platform (in fact, on several platforms) to broadcast everything they say, think, or do. The more information available on an individual, the more likely that an attacker can manipulate what they know about you and encourage a detrimental choice. When using social media, be careful what you share and with whom. Some measures include turning your accounts on private, limiting what you share and when you share it, and most definitely keeping your personal information to yourself.

Conclusion

Our world in 2019 is dependent on the Internet. With no sign of slowing down, consumers must be aware of how and why their data might be used against them. Social engineering, the process that an attacker uses to psychologically manipulate their identified victims, must be recognized and addressed through password security, mindful social media use, and education. By understanding the circumstances that enable social engineering attacks to thrive, coupled with the strategies used to curb similar attacks, Internet users may combat social engineering without having to sacrifice the World Wide Web.

Learn more about the latest in cyber security by subscribing to our blog; https://www.gigabitsys.com/news

Cybersecurity

News

Tips

Notable Cyber Security Certifications for 2019

January 22, 2019

•

20 min read

2018 proved that major cyber security breaches are on the rise. Complimenting this growing need to pay attention to how businesses address cyber security is its job market. According to Cyber Seek, there are approximately 302,000 cybersecurity job openings throughout the United States - 769,00 cybersecurity professionals are currently employed in the American workforce. By 2021, Cyber Seek reports that 500,000 Americans will be cybersecurity professionals, with 3 million jobs open in that same field for the rest of the year. As the cyber security job market expands, here are some top certifications to keep an eye out for.

Certified Information Security Manager (CISM)

The Certified Information Security Manager (CISM) is particularly useful for IT professionals interested in managerial-level responsibilities. Designed by the Information Systems Audit and Control Association (ISACA), those interested in applying for this program should be looking to refine their advanced skills in security risk management, program management, governance, and emergency preparedness. Those who hold this credential are usually experienced security professionals who have agreed to the ISACA Code of Professional Ethics, passed a comprehensive examination, comply with the organization’s education policy, as well as a minimum of five years security experience.

The credential is valid for three years, and holders must pay an annual fee that varies based on whether or not you are an ISACA member. The ISACA also offers several other credentials for IT managers. These include the Certified Information Systems Auditor (CISA), Certified in the Governance of Enterprise IT (CGEIT), and Certified in Risk and Information Systems Control (CRISC).

CompTIA’s Security+

Unlike the CISM certification, the Security+ certification is aimed towards entry-level professionals with at least two years of experience working in network security. Those interested in this program should be experts in areas such as threat management, cryptography, identity management, security systems, security risk identification and mitigation, network access control, and security infrastructure. This highly respected and vendor-neutral security certification is often preceded by the Network+ certification, also for entry level professionals.

CISSP: Certified Information Systems Security Professional

The Certified Information Systems Security Professional (CISSP) has a prestigious reputation worldwide. An advanced-level certification, CISSP credential holders are considered experts in managing security standards, policies, and procedures within their organizations. As the demand for highly skilled IT professionals grows, advanced job seekers in the field should expect to see this certification as a must-have on many position vacancies.

In order to receive the CISSP certification, professionals will need a minimum of five years of experience in at least two of Common Body of Knowledge (CBK) domains. These domains include: Security and Risk Management, Asset Security, Security Architecture and Engineering, Communications and Network Security, Identity and Access Management (IAM), Security Assessment and Testing, Security Operations, and Software Development Security. There is a steep $600 fee to take the exam and an annual fee of $85 to maintain the credential. All credential holders are required to recertify every 3 years, while earning 40 continuing professional education (CPE) credits annually.

Conclusion

As issues of cyber security dominate the public’s attention, it should come as no surprise that there is an exponentially growing job market for information technology professionals. To keep up with this demand, businesses should remain well-read on the various types of cyber security certifications, and how investing in employees and their continuing education may provide a rate of return.

Learn more about the latest in cyber security by subscribing to our blog; https://www.gigabitsys.com/news

Cybersecurity

News

Tips

The Potential Risks of 2-Factor Authentication

January 9, 2019

•

20 min read

Many cybersecurity experts recommend 2-Factor Authentication (2FA) as an up-and-coming, innovative tactic to combat incoming hackers. Traditionally, a user only needs to provide both their username and a password to access data. 2FA instead requires an additional code that only the user should have access to, via another device and/or application. There are still, however, ways for hackers to bypass the barriers to entry that 2FA attempts to create. Before your business brings 2FA into their cybersecurity strategy, here are some worst-case scenarios to be on the lookout for.

The Dangerous Side of 2-Factor Authentication

As told by Kevin Mitnick, a tool that allows hackers to pull off attacks against firms that employ 2-Factor Authentication can be easily downloaded online. Kevin, who is the chief hacking officer at KnowBe4 (a cybersecurity company which trains people to spot phishing attempts), explained to CNBC that these attacks start with a fraudulent email. The email will usually ask the receiver to click on a link that directs them to log into a website with a code sent to their cell phone. While this is happening, the log in goes to the hacker’s server; the hacker is then able to get the session cookie, allowing them to take on their role without any username, password, or two-factor necessary.

This type of attack falls under the umbrella of social engineering. Social engineering entails when hackers manipulate human behavior in a manner that encourages a certain decision, such as clicking on a link or sending a message. To prevent yourself and your business from tactics such as these, it should be encouraged to pay close attention to any message you receive. IT departments should also be looped into the conversation if uncertainty looms.

How to Secure Your 2-Factor Authentication

To protect yourself from attacks such as these, consider a tool called security keys. A security key resembles a keychain, but contains a hardware chip. The key then uses Bluetooth or USB as the second factor needed to log in. Mark Risher, Google’s director of product management for security and privacy, recently spoke on behalf of his company’s own security key - the Titan Security Key. Their security key stores their own password and requires the site to prove its legitimacy before sign-in.

Yet even when all elements are in tact with two-factor authentication, your account information may still be compromised. An example of this came in 2014, when hackers broke through two-factor protection to gain access to user accounts for Google, Instagram, Amazon, Apple, and etcetera. This case study supports the idea for organizations to move towards modern authentication. Modern authentication would entail adaptive access control solutions that reposition themselves by using metadata captured via an authentication workflow that prevents hackers from carrying out successful attacks. This model improves security posture, but not as a detriment to user experience.

Nothing is Perfect

While 2-Factor Authentication does provide an extra layer of screening before a user can access their account, it is not bulletproof. Intelligence exists online for hackers to train themselves on how to carry out a malware that bypasses 2FA, raising a real cause for concern. In light of this, businesses using 2FA should consider evolving their cybersecurity strategy. While this may include security keys and/or a modern authentication technique, this case study stresses the importance of keeping a cybersecurity strategy up-to-date with modern trends and crises in the technology realm.

Learn more about the latest in cyber security by subscribing to our blog; https://www.gigabitsys.com/news

Cybersecurity

News

Tips

Is There Such a Thing as "Ethical Hacking?"

January 15, 2019

•

20 min read

How can someone put the words “ethical” and “hacking” in the same term without creating an oxymoron? Believe it or not, ethical hacking exists. Often referred to as Penetration Testing, ethical hacking or “white hat hacking” describes the act of intruding/penetrating into system or networks to discover threats that a hacker could potentially find and use to steal data, cause financial loss, or other major damages. Some attribute ethical hacking with improving network security, and allowing businesses to detect vulnerabilities that a hacker might have taken advantage of.

The Growing Popularity of Ethical Hacking

With 71% of cyber criminals able to breach a perimeter within 10 hours, the need for people who can spot gaps in a business’s cyber security strategy grows. As the need grows, so does the salary. One “bug bounty” company Bugcrowd found that some ethical hackers ask for up to $500,00 per year to test security flaws for companies and/or organizations such as Tesla and the Department of Defense. When contracted, white hat hackers operate under a clearly defined contract. Under these rules, the hacker’s salary depends on if they were able to find a flaw in the cyber security infrastructure, and how serious that flaw actually was.

It should come as no surprise that even while this line of work used to be freelance, many ethical hackers are now looking to turn this function into a full-time career. According to a study by Bugcrowd, half of ethical hackers reported having-full time jobs. On the other hand, 80% reported that an ethical hacking task helped them land a job in cybersecurity. Of this sample, the top 50 hackers had an average yearly payout around $145,000.

In-House Ethical Hacking

Are you interested in bringing ethical hacking to your business? Ethical hacking can be outsourced to consulting firms at “bug bounty” companies such as Bugcrowd, HackerOne, Synack, and Cobalt. Alternatively, some companies also allow their own employees with hacking skills to carry out parallel missions. This is done through in-house penetration testers, where employees are asked to play the role of a malicious hacker looking to shut down servers and/or steal information. Since IJet and Tesla pay hackers up to $1,000 to $15,000 per issue discovered, in-sourcing these assignments may lead to a raise in pay grade for those willing and able to take on the task.

Don’t wait for a cyber criminal to attack. Contact Gigabit Systems today.

Conclusion

For information technology professionals looking into continuing education in ethical hacking, several courses and certifications exist. These certifications include, but are not limited to, EC-Council’s Certificate Ethical HAcker (CEH), SysAdmin, Networking, and Security (SANS) Institute, and McAfee’s Foundstone Ultimate hacking courses. Businesses that are looking to grow their ethical hacking capabilities may look to consider tuition reimbursement programs as a means of encouraging IT professionals to continue their education in this discipline.

The answer is yes - there IS in fact such a thing as ethical hacking. Having a third party take on the role of a white hat hacker, or otherwise hack into a system or network to identify a threat before someone malicious does, is a deeply proactive cyber-security tactic. For those looking into ethical hacking in order to steer clear against the projected number of attacks in 2019, businesses should consider “bug bounty” companies as consultants or investing in-house in ethical training certifications.

Learn more about the latest in cyber security by subscribing to our blog; https://www.gigabitsys.com/news

Cybersecurity

News

The Relationship Between Privacy and Security in the Cyber-World

January 2, 2019

•

20 min read

Privacy: when information is available for a select number of eyes and hears only

Security: the true test of whether or not you are free from danger or threat

Issues surrounding data privacy on the World Wide Web dominated headlines in 2018. These headlines, such as news of the Facebook data breach in March and the European Union’s General Data Protection Regulation in May, signal changes to how the world values data privacy and security in the digital age. Harvard Business Review recently shared that privacy and security are converging due to the rise of big data and machine learning. Keeping this in mind, it is now more critical than ever to treat privacy and security as one of the same.

Defining Privacy versus Security

While the two appear as two different sides of the same coin, privacy and security each describe two different concepts. Privacy ensures that your personal information, often including corporate confidential information, is to be collected, used, protected, and destroyed in a manner that is both legal and fair. On the other hand, security limits the access to personal information while also protecting against unauthorized use and acquisition.

One example of how privacy functions versus how security functions is within a virtual private network. A VPN is a security product that encrypts any and all data that you send or receive on your device. Regarding privacy, a VPN helps block websites, internet browsers, cable companies, and internet service providers from tracking your information, browser history, and etcetera. Security, however, protects you from unauthorized intelligence accessing your personal information and other data for their own use.

The Convergence of Privacy and Cybersecurity

Harvard Business Review recently discussed how the threat of unauthorized access to data used to exist as the biggest scare to digital users. With the rise of big data and machine learning, privacy and security are no longer separate functions. We instead should pivot our attention towards the fear of unintended inferences. These inferences threaten anonymity and allow individuals to learn more about us than we intended to share. Examples include when machine learning techniques identity authorship based on language patterns, or when our information is used to assume our political leanings.

When privacy and security converge to prevent these harms, we will begin to see privacy as measurable. While this might not be through a specific, definitive figure, there will be identifiable impacts on businesses’ bottom lines should privacy be at risk. For example, Facebook lost $119 billion in market capitalization following the Cambridge Analytica scandal due to privacy concerns.

To ultimately measure privacy and keep businesses accountable, privacy and security will essentially begin to become on of the same. Organizational leadership should anticipate that legal and privacy personnel will become more technical, and technical personnel will be well acquainted with legal and compliance mandates. As privacy and security converge, these two teams will no longer be able to operate as separate entities - businesses will now be held more accountable for upholding privacy than ever before.

Conclusion

Privacy and security used to exist as two separate entities: Privacy ensured that your personal information is legally used, and security limits access to personal information. With widespread machine learning techniques on the rise, it is now more possible than ever for hackers to absorb and assume certain outcomes from our data. In 2019, businesses should therefore expect privacy and security to converge as the most powerful means of addressing these growing threats.

Cybersecurity

News

What Germany's Hacks Mean for Cybersecurity

December 26, 2018

•

20 min read

Last month, hackers leaked sensitive data from hundreds of German politicians. The hackers distributed the information via the Twitter platform, and did not discriminate what they leaked based off of rank; the data pertained to members of the European parliament, German parliament, and regional state parliaments. Not only does this hack reflect just how global of an issue cybersecurity now is, but also points to some potential new patterns for governments to look out for in 2019.

The Revelation of Deeply Personal Information

The criminals and hackers involved in these cyber-attacks not only exposed and endangered their opponents, but borderline slandered them. This overexposure included deeply personal details about high profile figures and their families, including Chancellor Angela Merkel. The information release took place over several days, but were not formally removed until the following Friday.

Overall, it is fair to assume that the intent was not aimed at exposing state secrets, but more on exposing deeply personal information about particular Germans in the spotlight. This data includes internal political communications, credit card information, home addresses, phone numbers, personal identification card details, private chat logs, and voicemails from relatives and children. To make matters more difficult in finding a motive, the leaks contained information from almost all political parties across Germany, except from the far-right group Alternative for Germany.

Don’t wait for a cyber criminal to attack. Contact Gigabit Systems today.

What Could Have Prevented the Attack?

Warning signs indicating that a cyber attack loomed over Germany existed long before last December. In 2015, Germany security services uncovered a breach in their parliaments servers. While the parties represented did share a commitment to stop outside interference in German politics, no concrete action was taken to ensure that a similar attack would not be as successful. This example should serve as a reminder for governments across the world to invest in robust cyber-security infrastructure, especially if there have been signs of trouble in the recent future.

As previously mentioned, these attacks took place throughout the month of December. However, the public did not become fully aware of just how much damage had been done until several weeks later. To make matters worse, Germany’s Federal Office for Information Security (BSI) did not inform the Federal Crime Office until the rest of the general public received word of the attacks. The BSI then backtracked, and said that they only knew about five isolated cases - only when they were able to connect the dots did they decide to share with the public and the Federal Crime Office. This lack of communication exemplifies how all bodies and entities related to cybersecurity need to work closely with one another in order to prove their effectiveness.

The Future of Cyber Attacks

By failing to share the cyber attacks with the Federal Crime Office until the public was fully aware, Germany implies that they were not fully equipped to recognize matters of cybersecurity as a serious criminal concern. In sum, the Germany’s hacks not only demonstrate that cyber criminals will continue to play a role in international politics during 2019, but also the imperativeness of reacting to a threat as soon as it is realized.

Learn more about the latest in cyber security by subscribing to our blog; https://www.gigabitsys.com/news