Cybercriminals know they can use social media to get sensitive corporate information!

Darkreading.com posted a story that pointed out that “Social media is a great marketing tool for businesses. However, if companies continue to ignore — or misunderstand — the threat that it poses, it will become the go-to platform for cybercriminals looking to steal sensitive information or cause huge reputational damage when silly mistakes are missed.”  The April 22, 2019 story entitled “4 Tips to Protect Your Business Against Social Media Mistakes” included these “simple steps that businesses should take to ensure everything stays safe on company social accounts” in the Tip 4 Lack of Awareness:

Employees should be trained on corporate social media policies and be given a “best use” guide, demonstrating what they can and can’t do on corporate social media accounts.

Information about cyberattacks via social platforms should be circulated so employees know what to look out for and how to prevent a potential attack from happening.

Having simple practices in place, such as internal reviewing of content, means no tweet goes live without multiple approvals, reducing mistakes that have huge reputational impacts.

Limited access to the social corporate accounts should be in place. Not all employees should be given the passwords for the accounts; instead, the individuals that require access, or have been granted access, should have the login details sent to them privately and confidentially.

Passwords should be changed regularly and most definitely changed when an employee who had access leaves the organization.

Here are all 4 Tips:

  1. Reputational Damage
  2. The Slip of a Finger
  3. Social Phishing
  4. Lack of Awareness

No rocket science in this advice!!!!

Indictment for dark web drug sales using Cryptocurrency!

The New York District Attorney issued a press release about an indictment for “operating storefronts on the dark web that sold and shipped hundreds of thousands of counterfeit Xanax tablets and other controlled substances to buyers in 43 states, and laundering $2.3 million in cryptocurrency by using preloaded debit cards and withdrawing cash at ATMs in Manhattan and New Jersey.”  The April 16, 2019 press release titled “D.A. Vance, Partners Take Down Major Dark Web Drug Seller” included these comments from the New York District Attorney Cyrus Vance Jr.:

When our office received reports of suspicious activity at ATMs in New York and New Jersey, our talented investigators followed the money, using our state-of-the-art Cyber Lab to uncover a dark web counterfeit pill seller whose $2.3 million operation spanned the U.S.,

Not only is this the first time state prosecutors in New York have taken down a dark web storefront, this takedown represents the largest pill seizure in New Jersey’s history.

If you are engaging in illicit activity on the dark web, you are on notice: we know how to find you, we know how to put you out of business, and we know how to hold you criminally accountable.

Without question cryptocurrency allowed these sales to occur!

Did you know about the use of AI to profile minorities?

The New York Times reported profiling in China based on “documents and interviews show that the authorities are also using a vast, secret system of advanced facial recognition technology to track and control the Uighurs, a largely Muslim minority. It is the first known example of a government intentionally using artificial intelligence for racial profiling, experts said.”  The April 14, 2019 article entitled “One Month, 500,000 Face Scans: How China Is Using A.I. to Profile a Minority” included these details:

The facial recognition technology, which is integrated into China’s rapidly expanding networks of surveillance cameras, looks exclusively for Uighurs based on their appearance and keeps records of their comings and goings for search and review.

The practice makes China a pioneer in applying next-generation technology to watch its people, potentially ushering in a new era of automated racism.

The technology and its use to keep tabs on China’s 11 million Uighurs were described by five people with direct knowledge of the systems, who requested anonymity because they feared retribution.

The New York Times also reviewed databases used by the police, government procurement documents and advertising materials distributed by the A.I. companies that make the systems.

The big question is…what other countries are using AI for profiling minorities?

Duh! Cybersecurity for Small Businesses Include Backup and Mobile!!

Darkreading.com reported big “cybersecurity challenges aren’t limited to large organizations. Small and medium-sized organizations are subject to the same vulnerabilities, exploits, and attacks that plague multi-national enterprises.”  The April 8, 2019 report entitled “8 Steps to More Effective Small Business Security” included these comments about #6 Don’t Take Backup/Recovery for Granted:

Ransomware is a wonderful tool for stress-testing the effectiveness of a small organization’s backup and recovery processes.

But it shouldn’t take a catastrophic attack to convince a small security team to be active in ensuring that even the smallest company has a robust backup and recovery program in place.

There are scores of packages available for backing up and recovering data from laptop and desktop computers along with the servers and cloud services that make up the modern business IT infrastructure.

The key difference in effectiveness is whether an organization has the discipline to maintain those routines, protect the backup copies, and practice restoration on a regular basis.

And these comments about #7 Mobile Matters:

No matter the size of the business, it’s a given that more work is being done on mobile devices, and therefore an effective small-team security plan must take mobile devices into account.

Mobile security has several facets.

The devices themselves must be protected from malware, the business information on them must be protected from unauthorized access, and the device’s access to business systems must be controlled.

For the small security team, these can seem daunting, but in fact there are free, low-cost, and communication-provider supplied answers to each of the challenges.

Here are all 8 Steps to More Effective Small Business Security:

#1 Cover the Basics

#2 Make Training a Priority

#3 Build a Solid Patch/Update Process

#4 Make Authentication Count

#5 Keep Track of Accounts

#6 Don’t Take Backup/Recovery for Granted

#7 Mobile Matters

#8 Get Help

What do you think?

Can Cybersecurity Pros develop more business acumen?

Darkingreading.com posted a story included a reference to an ISACA survey on the State of Cybersecurity 2019 that “49% of security leaders believe the biggest skills gap they see in today’s cybersecurity professionals is in that very arena — the ability to understand the business.”  The April 3, 2019 story entitled “6 Essential Skills Cybersecurity Pros Need to Develop in 2019” included the comments about the ISACA survey:

…the most-prized hire in a cybersecurity team is a technically proficient individual who also understands business operations and how cybersecurity fits into the greater needs of the enterprise.

This is one of the hardest skills to build.

It requires coalition building, reading up about the business and the vertical in which it operates — for example, by taking the time to pour through the company’s 10k if it is publicly traded — and actively listening to business stakeholders and C-level leaders to understand their strategies and pain points.

All of that work will result in a very good payoff for those willing to put in the time.

Here are all 6 Essential Skills from Darkreading.com:

#1 Automation and Orchestration

#2 Data Science

#3 Coding

#4 Privacy Expertise

#5 Secure Cloud Management

#6 Business Acumen

What do you think?