Aviation Cyber Security – A Look at Some Real Threats Facing the Industry

CybeRiskBlog, Cybersecurity

Aviation Cyber Security

Faced with the task of transporting millions of passengers between various destinations around the globe on a daily basis, the aviation industry is required to maintain one of the most complex and integrated information and communications technology (ITC) systems on the planet. And like any digital/computer system, this electronic infrastructure is vulnerable to software glitches, hardware, software, and network failures, and the attention of cyber-attackers. But unlike in many other industries, the consequences of a systems failure or a successful cyber-attack can have life-threatening and potentially catastrophic consequences. The safety of aircraft and their passengers, the operational integrity and financial health of airlines and related industries, and the reputation of the aviation sector as a whole may be threatened by … Read More

Facebook Privacy Issues – How the Recent Controversy Affects You

CybeRiskBlog, Cybersecurity

Facebook Privacy Issues

Given the amount of negative publicity and bad blood that’s been generated in the past few months surrounding Facebook privacy issues, the powers that be at Facebook must be worried about the future of the social media giant. Scandals like the Cambridge Analytica affair – where Facebook was co-opted by a data-gathering agency with a mission to misuse the information it collected to spread fake news and influence US political processes – have unmasked some of Facebook’s less than savory practices regarding data-sharing, and its standards for vetting and displaying online content. Facebook’s too cozy relationship with advertisers has also come into the negative spotlight, prompting users worldwide to seek ways around location and ad-tracking – all the while pressing … Read More

Reality vs Cinema – A Look at Cyber Security in Movies

CybeRiskBlog, Cybersecurity

Cyber Security in Movies

When actor Michael Caine’s character in the 1969 movie The Italian Job sought help from a group of Britain’s most infamous computer hackers to steal a load of gold bullion from under the noses of the Mafia and the Italian police, the age of cyber-crime in modern cinema really got underway. Since then, hacking and hi-tech have become staple subjects for television and movie entertainment, bringing the cyber world to the attention of viewers and cinema audiences worldwide. Problem is, the vast majority of these cinematic efforts meet with groans of exasperation from real hackers and cyber security experts, alike. This is largely because of a disconnect between the realities of our own world (the real) and the world of … Read More

Enterprise Cyber Resilience – Equifax and Uber Learn the Hard Way

CybeRiskBlog, Cybersecurity

Enterprise Cyber Resilience

57 million people affected worldwide, by a breach that was covered up for over a year. 143 million American consumers affected by a single database hack – again with delays in making this news public, and with as yet undetermined impact at a global level. The recent data breach incidents at the smartphone app-based ridesharing company Uber, and the massive international credit reporting agency Equifax represent the antithesis of the principles of enterprise cyber resilience – both in their scale and in the haphazard and frankly inadequate nature of the response which they met from the targeted organizations. With public and media outcry, several ongoing lawsuits, and the financial and reputational damage suffered by both Equifax and Uber, the lessons … Read More

The Red, Blue and Purple Team and What’s Between Them

CybeRiskBlog, Cybersecurity

Purple Team

With a tradition stemming from military training exercises, the idea of pitting a “Red Team” of trained attackers against a “Blue Team” defending the organization has been taken up over the years by a diverse set of institutions. These include government bodies like the U.S. National Security Agency and the Government Accountability Office and corporate enterprises in which war-gaming exercises are used to test the security infrastructure of active businesses. The concept has also been used to test the physical security measures deployed at places like nuclear facilities, or the Department of Energy’s National Laboratories and Technology Centers. It’s an adversarial technique that can too often lead to the same outcome as many a sporting event: Two opposing sides give … Read More

Evolving Enterprise Cyber Security Challenge: The Lack of Professional Resources and the Impact on the Organization

CybeRiskBlog, Cybersecurity

Enterprise Cyber Security

In what’s been described as an “existential threat” to enterprise, national, and even global security, the past few years have seen a continuous drain on the pool of enterprise cyber security talent. Figures from 2016 confirmed that 86% of companies reported a shortage of professionals available to fill the growing need for skilled information security personnel. And a study conducted by the Enterprise Strategy Group (ESG) in 2017 cited 70% of cyber security professionals as saying that the skills shortage has had an impact on their organization. More worrying than this was the claim by 45% of organizations that there was “a problematic shortage of cyber security skills.” This dearth of talent is occurring at a time when cybercriminal networks … Read More

Cryptojacking – What is it and How Can it Co-Opt Your Devices?

CybeRiskBlog, Cybersecurity

cryptojacking

The recent discovery of the Loapi mining Trojan – a multi-faceted piece of malware with potentially device-killing consequences for users of Android hardware – has thrown the spotlight onto an emerging trend in malicious software design. This involves the engineering of malware code aimed at co-opting the system resources of a victim’s hardware, for the purpose of mining cryptocurrencies. This process has been dubbed “cryptojacking”, and its methodology and implications for cyber-security will form the basis of discussion for this article. Cryptojacking – Incentives for Bad Behavior Frenetic activity continues in the cryptocurrency sector, with recent dramatic hikes and plunges in the value of Bitcoin and other denominations hitting the mainstream news. With such wild fluctuations and the relative immaturity … Read More

What is Cyber Resilience and Why Is It Important to My Company?

CybeRiskBlog, Cybersecurity

Cyber Resilience

Even with the best will in the world, the most comprehensive and stringent policies, and the latest and most powerful tools and techniques, eliminating risk in the corporate environment remains an impossibility. It’s not even necessarily a desirable state of affairs, as a certain amount of risk must be present to inspire and bolster innovation and to promote enterprise agility. So rather than adopting an all or nothing approach to the assessment and management of risks and the enforcement of threat management and cyber-security policies, a more adaptable, far-reaching, and forward-thinking mindset is required in order to maximize the benefits and minimize the negative aspects of the digital landscape. It’s in this regard that the philosophy of cyber resilience comes … Read More

Top 6 Reasons to Use a VPN

CybeRiskBlog, Cybersecurity

Top Reasons to Use a VPN

Besides the ever-present dangers of espionage, hacking, and data theft, users of the internet are now increasingly aware of the fact that their online activities and personal information are no longer necessarily their own. From the trade in purchasing habits and anonymized consumer data to the stockpiling of subscriber information by Internet Service Providers (ISPs), mobile carriers, and government agencies, online privacy faces a growing number of threats and complications. Due diligence, anti-malware applications, and the use of “incognito” browsing modes can only go so far to prevent the possibility of intrusion and surveillance. So growing numbers of internet users are adopting the Virtual Private Network or VPN as a major line of defense for their online privacy and security. … Read More

Darknet – Is it all “dark” or is there some light in there?

CybeRiskBlog, Cybersecurity

Darknet

For several years now, the internet has played host to a parallel ecosystem – an overlay network of zones accessible only by users in the know with specific hardware or software configurations, special software, authorizations, or protocols. This alternate or “dark” net (Darknet) has typically been used for the peer-to-peer file sharing of content and resources, beyond the restrictions of more formalized channels, or for the setting up of so-called “privacy networks” like Tor, which enable members to conduct their affairs without the scrutiny and governance of law enforcement or established authorities. Having gained a reputation as the online haven for drug dealers, terrorists, people traffickers, cyber-criminals, child pornographers, and miscreants of all kinds, the Darknet might be assumed to … Read More