SecureTheVillage – Cybersecure SoCal 2019
Great thanks to Pepperdine Graziadio’s CyRP Program, great speakers, great sponsors, great attendees for making Cybersecure SoCal 2019 a great success!!!
Secure the Village
Kudos to #CyberGuardian #AmericanBusinessBank for their Strong Support of Cybersecurity Awareness Month 2019. Own IT. Secure IT. Protect IT. Cybersecurity is everyone’s job. … American Business Bank is a strong supporter of SecureTheVillage
Individuals at Risk
Cyber Privacy
Put a stop to robocalls for good. Carriers are starting to reduce robocalls, but there are steps you can take right now: I think it’s safe to say we’ve all received a call that starts with “Hello, can you hear me?” Or how about “Congratulations! You’ve won a free trip to the Bahamas!” the moment you say hello. It’s somewhat exciting, if not confusing the first time it happens. But when you realize it’s a robocall and, ultimately, a scam, that’s when frustration sets in. CNet, October 18, 2019
We asked a hacker to try and steal a CNN tech reporter’s data. Here’s what happened: I am the kind of person who posts Instagram photos (filtered, of course) from my vacation. I am also the kind of person who tweets about buying an overly-expensive piece of furniture because I fell for a sleek online ad about how it would change my life. CNN, October 18, 2019
Cyber Defense
Consumer Reports provides basic advice on ransomware protection: Imagine hackers holding your computer files hostage and then demanding money to get them back. It’s called ransomware, and as Consumer Reports found out, even IT experts can be victims. Consumer Reports, October 14, 2019
Secure The Human
How BlackBerry Used Improv Comedy To Make Cybersecurity A More ‘Human’ Topic: BlackBerry wants to make data breaches a laughing matter. Forbes, October 18, 2019
How to Tell Safe Advertisements From Dangerous Malvertising: Advertising is the life blood of the internet. Some of the world’s biggest and most influential tech companies earn a large chunk of their revenue through harmless and safe advertisements, but some of the most successful cybercriminals also rely on advertising. Security Intelligence, October 17, 2019
Know Your Enemy
When Card Shops Play Dirty, Consumers Win — Krebs on Security … Site selling stolen credit & debit cards been hacked. Indications are that the site sold 9.1 million stolen credit cards, earning $126 million over four years: Cybercrime forums have been abuzz this week over news that BriansClub — one of the underground’s largest shops for stolen credit and debit cards — has been hacked, and its inventory of 26 million cards shared with security contacts in the banking industry. Now it appears this brazen heist may have been the result of one of BriansClub’s longtime competitors trying to knock out a rival. KrebsOnSecurity, October 16, 2019
“BriansClub” Hack Rescues 26M Stolen Cards: “BriansClub,” one of the largest underground stores for buying stolen credit card data, has itself been hacked. The data stolen from BriansClub encompasses more than 26 million credit and debit card records taken from hacked online and brick-and-mortar retailers over the past four years, including almost eight million records uploaded to the shop in 2019 alone. KrebsOnSecurity, October 15, 2019
Cyber Humor
Information Security Management in the Organization
Cybersecurity in the C-Suite
The forgotten ones: Ransomware preys on the resource-poor: When Brookside Medical Center was hit with ransomware, it refused to pay. The practice was forced to shutter. CIO Dive, October 18, 2019 …CitadelCanHelp
In a rare move, Moody’s says it’s paying close attention to Pitney Bowes ransomware attack. Business credit ratings agencies including Moody’s are increasingly building cybersecurity risk into how they calculate outlook and credit ratings: Moody’s issued a “credit negative” event note on the Monday ransomware attack against Pitney Bowes, one of the world’s largest providers of equipment for e-commerce and logistics, which serves 90% of businesses in the Fortune 500. CNBC, October 16, 2019
Information Security Management and Governance
The Future of Cybersecurity: Do You Know What It Holds?: Cybersecurity is a topic that everybody needs to know about, yet very few tech consumers care about it. Any business entity that uses technology to run its day-to-day operations, and individuals who store their personal information in their smartphones, must understand the importance of cybersecurity. Cases of cyber-attacks are skyrocketing, criminals are continually developing more sophisticated attack methods, and innocent tech consumers are increasingly exposing their data to hawk-eyed data thieves. This is when the question arises: Do you know what the future of cybersecurity has in store? EC-Council, October 18, 2019
New survey shows MSPs and their customers are frequent cybercrime victims: Managed service providers (MSPs) and their small-and medium-sized business (SMB) customers lack the tools and resources needed to sufficiently defend against rising cyberattacks and threats, according to Continuum. HelpNetSecurity, October 17, 2019 … CitadelCanHelp
[essay] Will the Future of Authentication Run Into a Privacy Wall?: Identity authentication is absolutely necessary to conducting our affairs today. Without it, we would lose virtually all confidence to conduct business or create and foster relationships. But with ever increasing concerns related to data privacy, it is worth looking at the past to see what future challenges we may face in the digital identity space. SecurityIntelligence, October 16, 2019
[essay] What we continue to get wrong about cybersecurity: October 1 marked the start of National Cybersecurity Awareness Month. While the designation is a clever way to highlight the need for greater vigilance in how we use technology, it’s nonetheless ill-advised. Cybersecurity shouldn’t be treated as a flavor of the month. We need to focus on it every day, for a simple reason: humans pose the biggest cybersecurity threat of all. Fifth Domain, October 15, 2019
Cybersecurity Awareness Month: Increasing our self-awareness so we can improve security: With the increased prominence of cybersecurity in organizations due to many crippling cyberattacks, the emphasis is now on continual engagement, as it should be. It’s also important to address the tunnel vision that has plagued the field, and how we need to combat it before we can make it to the next level. CSO, October 15, 2019
Cyber Warning
Large-scale credit card hackers back for the holiday season, ex-FBI investigator says: Notorious cybercrime group FIN7 appears to be back at work about a year after the FBI arrested three of its members, which dealt a major blow to the group’s activities. Yahoo, October 18, 2019
Cybersecurity in Society
Cyber Privacy
US senator introduces privacy bill that would jail CEOs for user privacy violations: Sen. Ron Wyden (D-OR) announced today a new bill that introduces sweeping privacy protections for Americans’ private information. ZDNet, October 17, 2019
[essay] Americans Will Pay a Price for State Privacy Laws. The modern data economy is too big to regulate at the state level: The federal government has yet to act, and states are rushing to pass their own data privacy legislation, creating a patchwork of laws from coast to coast. Many of these laws are well-meaning, but their proliferation creates a real risk and a real cost. The New York Times, October 14, 2019
Cyber Crime
Hackers have become so sophisticated that nearly 4 billion records have been stolen from people in the last decade alone. Here are the 10 biggest data breaches of the 2010s: The past decade has seen an explosion in the number of people entrusting massive tech companies with their personal data. There has also been a rise in large-scale data breaches and hacks. Business Insider, October 18, 2019
Zappos data breach settlement: users get 10% store discount, lawyers get $1.6m: Zappos users who had their data stolen in a 2012 data breach will receive only a meager 10% discount to use on the Zappos online store, as part of a proposed class-action lawsuit settlement. ZDNet, October 18, 2019
Cyber Espionage
The Russian hackers who hit the 2016 election have been very busy since. New tools, tactics, and techniques show Russian hackers famous for targeting Americans have been active around the world: Ever since they were one of the groups involved in the infamous hack of the Democratic National Committee in 2016, the trail has largely gone cold on the Russian intelligence hackers known as Cozy Bear. MIT Technology Review, October 17, 2019
Know Your Enemy
Sodinokibi Ransomware Gang Appears to Be Making a Killing: The Sodinokibi ransomware-as-a-service operation appears to be making a killing, with proceeds flowing both to the gang behind the malware as well as dozens of affiliates. BankInfoSecurity, October 18, 2019
National Cybersecurity
CMMC – The Cyber Compliance Standard We’ve Been Waiting For?: Is the Department of Defense’s (DoD) new Cybersecurity Maturity Model Certification (CMMC) the future, or just another compliance initiative in the long line of competing cyber standards across a fragmented landscape. Ariento, October 4, 2019 … Ariento’s Chris Rose serves on the SecureTheVillage Leadership Council
Cyber Freedom
Blockchain voting is vulnerable to hackers, software glitches and bad ID photos – among other problems: A developing technology called “blockchain” has gotten attention from election officials, startups and even Democratic presidential candidate Andrew Yang as a potential way to boost voter turnout and public trust in election results. The Conversation, October 18, 2019
The Cybersecurity 202: Cyber Command hacking contest aims to prep Election Day first responders: Hundreds of U.S. military and National Guard hackers will gather in Columbia, Md., today to test their mettle attacking and protecting voting systems that will be used across the Mid-Atlantic on Election Day 2020. The Washington Post, October 17, 2019
Report: Underground hackers and spies helped China steal jet secrets: Crowdstrike researchers reveal Beijing’s efforts to boost its own domestic aircraft industry. Roll Call, October 15, 2019
Cyber Law
California Attorney General Issues Proposed Regulations For California Consumer Privacy Act (CCPA): On October 11, 2019, the California Attorney General provided notice of proposed regulations concerning the California Consumer Privacy Act (CCPA), California Civil Code §§ 1798.100-1798.198. These regulations are not final and have already been criticized by some as having created confusion rather than clarity. However, businesses with existing privacy policies and procedures should consult with counsel knowledgeable about the regulations to determine whether they need to amend their privacy policies to comply with the CCPA before it goes into effect on January 1, 2020. Because the rights conferred by the European Union’s 2018 landmark General Data Protection Regulation (“GDPR”) differ in many ways from those of the CCPA, businesses should review their privacy policies even if they recently amended them to comply with the European law. Timothy Toohey, Greenberg Glusker, October 15, 2019 … Tim serves on the SecureTheVillage Leadership Council
Financial Cybersecurity
Financial crime and fraud in the age of cybersecurity – McKinsey & Company: In 2018, the World Economic Forum noted that fraud and financial crime was a trillion-dollar industry, reporting that private companies spent approximately $8.2 billion on anti–money laundering (AML) controls alone in 2017. The crimes themselves, detected and undetected, have become more numerous and costly than ever. In a widely cited estimate, for every dollar of fraud institutions lose nearly three dollars, once associated costs are added to the fraud loss itself.1 Risks for banks arise from diverse factors, including vulnerabilities to fraud and financial crime inherent in automation and digitization, massive growth in transaction volumes, and the greater integration of financial systems within countries and internationally. Cybercrime and malicious hacking have also intensified. In the domain of financial crime, meanwhile, regulators continually revise rules, increasingly to account for illegal trafficking and money laundering, and governments have ratcheted up the use of economic sanctions, targeting countries, public and private entities, and even individuals. Institutions are finding that their existing approaches to fighting such crimes cannot satisfactorily handle the many threats and burdens. For this reason, leaders are transforming their operating models to obtain a holistic view of the evolving landscape of financial crime. This view becomes the starting point of efficient and effective management of fraud risk. McKinsey & Company
Critical Infrastructure
Major Airport Malware Attack Shines a Light on OT Security: A cryptomining infection spread to half of the workstations at a major international airport. ThreatPost, October 18, 2019
The Cybersecurity 202: There’s a fight brewing over Homeland Security’s push for subpoena power: The U.S. government is currently seeing warning signs of cyberattacks on industrial control systems that could cause massive financial damage or loss of life — and there’s nothing it can do to alert the companies that own them. The Washington Post, October 10, 2019