A hacker’s paradise? 5G and cyber security

Fiancial Times | October 14, 2019

A hacker’s paradise? 5G and cyber security
The rollout of fifth-generation mobile networks  which offer the potential for downloads speeds of up to 10 times faster than today’s  will change how we communicate, work and stream video. However, the faster speeds are also likely to present an opportunity for hackers to target more devices and launch bigger cyber attacks, experts say. The problem is unlikely to be the security of 5G technology itself. Despite researchers uncovering apparent flaws in 5G’s security  such as the ability for attackers to use fake mobile base stations to steal information  5G’s stronger encryption of data and better verification of network users are widely considered to be a significant improvement on 4G.

Spotlight

"No national security without cyber security" (没有 网络安全就没有国家安全), said President Xi Jinping to the state-run news agency Xinhua in April 2014. 1 The current leadership in Beijing clearly affords cyber security greater significance than only a few years ago. The Chinese government is increasingly resorting to protectionist measures to improve cyber security.

Spotlight

"No national security without cyber security" (没有 网络安全就没有国家安全), said President Xi Jinping to the state-run news agency Xinhua in April 2014. 1 The current leadership in Beijing clearly affords cyber security greater significance than only a few years ago. The Chinese government is increasingly resorting to protectionist measures to improve cyber security.

Related News

Hyper-aware of all the possible types of cyber attacks to network & business

Cicco | June 20, 2020

IT security professional, you must be hyper-aware of all the possible types of cyber attacks to your network and your business. Now is the time to make sure your organization is able to identify and detect the most prevalent, and potentially the most harmful types of cyber threats against your organization. There are a number of common cyber attack techniques that make up intrusions, including multi-routing, covert scripts, protocol impersonation, and traffic flooding. As an IT security professional, you must be hyper-aware of all the possible types of cyber attacks to your network and your business. This has always been one of the most difficult parts of your job, considering the ingenuity and perseverance of the criminals we must guard against, and how frequently cyber attacks can multiply as our systems (and the technology we rely on) evolve and expand. And now, your security operations processes are further challenged as your workforce shifts to 100% remote. Now is the time to make sure your organization is able to identify and detect the most prevalent, and potentially the most harmful types of cyber threats against your organization today. The following are nine types of cyber attacks every security professional needs to be aware of. Intrusion refers to any unauthorized activity on your network, stealing valuable resources that result in placing your organization’s security at risk. Read more: SMALL AND MEDIUM BUSINESSES NEED TO IMPROVE THEIR CYBERSECURITY POST COVID-19 LOCKDOWN That is essentially a brute force attack—letting the computer do the work, trying possible combinations of usernames and passwords until it finds the right one. ~ Cyber Security thought leader There are a number of common cyber attack techniques that make up intrusions, including multi-routing, covert scripts, protocol impersonation, and traffic flooding. Network intrusions often present as unusual behavior, but not necessarily abnormal, which makes them difficult to detect and thus, slip under manual supervision. Perhaps the most vicious of threats posed by cybercriminals, ransomware seeks to hold business systems hostage for the purpose of extorting money from victims. It is one of the most common cyber attack models being used today, in large part because these attacks are successful and often result in payouts in the tens of millions. Over the years we’ve seen several examples of why ransomware is one of the most effective and dangerous types of cyber attacks. What does ransomware look like? An attack often begins with an on-screen notification that data on your network has been encrypted and will remain inaccessible until the specified ransom has been paid, and a decryption key will follow. Failure to pay results in the key being destroyed, rendering the data inaccessible forever. There are a number of common cyber attack techniques that make up intrusions, including multi-routing, covert scripts, protocol impersonation, and traffic flooding. Security insider threats occur when someone close to an organization with authorized access misuses that access to compromise your company’s data or critical systems. Insiders do not have to be employees; they can also pose as partners, third-party vendors, and contractors. That’s the most difficult aspect of detecting an insider threat—it begins with humans, not systems. We’ve all seen an action movie where the criminal mastermind uses a high-powered computer to cycle through thousands of passwords in order to access a government facility. Well, this common cyber attack is not necessarily the stuff of fiction. Among the best defenses against brute force attacks are multi-factor authentication, as well as requiring frequent password changes with complex alpha-numerical character combinations, making threat detection more likely. A distributed denial of service (DDoS) attack takes place when criminals attempt to disrupt normal traffic on a network or to a server or system. Typically this is done by overwhelming the target’s infrastructure with a flood of internet traffic. Think of it like a traffic jam clogging up the highway, preventing normal traffic from arriving at its destination. Data exfiltration is the unauthorized movement of data outside of your organization. Read more: TIME IS RIGHT FOR UNIFIED SECURITY SOLUTIONS, FINDS CHECK POINT'S DIMENSIONAL RESEARCH SURVEY

Read More

Leveraging Greater Social Engagement for Improved Cyber Hygiene

Cisco | May 19, 2020

Social Cybersecurity is a new and emerging concept and paradigm that basically involves how better cybersecurity behaviors can be inclined positively using social influence. Practicing proper cyber hygiene in order to protect themselves and others, from the ill effects of cybercrime or cybersecurity issues. There exist any number of tasks and approaches that can be undertaken to protect our computer systems from cybersecurity risks. You don’t have to look too far around to find someone who may not be practicing proper cyber hygiene in order to protect themselves and others, from the ill effects of cybercrime or cybersecurity issues. For example, despite the fact that we may be aware that using the same user ID or email account and password, for different cloud services, is considered risky behavior, and could result in a potential account hack or data breach, yet we do not change this behavior. How often do you share your best practices for securing your devices, cloud service applications, mobile applications and home networking equipment for connecting to the Internet with those around you in a social situation or manner? Do you recommend the use of available security settings to those around you in your social circles? Do you show them how to quickly implement the security settings? In this article we discuss some ways for improving cyber hygiene. Social Cybersecurity is a new and emerging concept and paradigm that basically involves how better cybersecurity behaviors can be inclined positively using social influence. It’s worth to keep an eye out for the research going on regarding social cybersecurity, because it may have some answers to getting people and companies to better protect themselves. Learn more: CORONAVIRUS-THEMED CYBERATTACKS ON BUSINESSES RISE, EXPERTS RECOMMEND BEEFING UP NETWORK SECURITY “Even if this approach has a small positive effect on improving cyber hygiene, it is worth it, because something must change if we are going to help individuals better protects themselves.” ~ Stan Mierzwa, Director Even if this approach has a small positive effect on improving cyber hygiene, it is worth it, because something must change if we are going to help individuals better protects themselves. There exist any number of tasks and approaches that can be undertaken to protect our computer systems from cybersecurity risks. This ranges from ensuring you install and keep your anti-virus or endpoint protection system up to date, apply software security updates, encrypt sensitive data, backup our important data, and this list can continue to grow. “Social Cybersecurity brings a dimension with consideration for the individual, not the computer, and how with social psychology, usable and powerful social forces, such as social norms, can have outsized influences on people’s behaviors and perceptions of risk.” Social Cybersecurity brings a dimension with consideration for the individual, not the computer, and how with social psychology, usable and powerful social forces, such as social norms, can have outsized influences on people’s behaviors and perceptions of risk. The Human-Computer Interaction Institute at Carnegie Mellon University and other researchers are bringing focus to this new scientific area of cybersecurity. As their website (www.socialcybersecurity.org) mentions, this group is leveraging insights from social psychology and other fields to develop novel interventions and strategies for nudging adoption of expert-recommended tools and practices. Can we leverage social interactions or the influence of social situations to enhance our cyber hygiene or help thwart cyber threats? The research results from interviews done provided a theme that the observability of security feature usage was a key enabler of socially triggered behavior change and conversation – in encouraging the spread of positive behaviors, discouraging negative behaviors, and getting participants in the study to talk about security. The work presented is innovative and brings encouragement and opportunities in how systems can be designed to encourage better cybersecurity behaviors. One can also think of Social Cybersecurity in contrast and comparison to the criminological theory called “Social Learning Theory”. In Social Learning theory, delinquents are likely to engage in deviant or criminal behavior when those actions have been positively reinforced. Learn more: PHISHING ATTACKS DISGUISED AS FAKE CERT ERRORS ON CISCO WEBEX USED TO STEAL USER CREDENTIALS

Read More

Companies migrate to the cloud and MSSPs helping to secure these multi-cloud environments

prnewswire | September 04, 2020

The "Japanese Managed Security Services Market, Forecast to 2023" report has been added to ResearchAndMarkets.com's offering.The Japanese managed security services (MSS) market, recording a year-on-year (YoY) growth rate of 14% in 2018, is the largest in the Asia-Pacific (APAC) region. There were several key market drivers in 2018: increased general information technology (IT) investment in Japanese enterprises for the 2020 Tokyo Olympic Games; Japanese enterprise spending shifting to an as a service' instead of on-premise' model (despite on-premise being the major revenue contributor); lack of security expertise among the internal IT teams.

Read More