The 20 | Security Archives | Page 3 of 4

Microsoft re-released its Windows 10 October 2018 Update yesterday, following the company pulling it offline due to data deletion issues over the weekend.

Partner of The 20, and CEO of Cole Informatics, LLC out of Parsons, Tennessee, Terry Cole, made note of these issues on his late last week.

The software giant says there were only a few reports of data loss, at a rate of one one-hundredth of one percent. “We have fully investigated all reports of data loss, identified and fixed all known issues in the update, and conducted internal validation,” says Microsoft’s John Cable, Director of Program Management for Windows Servicing and Delivery.

Microsoft is now re-releasing the Windows 10 October 2018 Update to Windows Insiders, before rolling it out more broadly to consumers. “We will carefully study the results, feedback, and diagnostic data from our Insiders before taking additional steps towards re-releasing more broadly,” explains Cable.

It appears the bug that caused file deletion was related to Windows 10 users who had enabled Known Folder Redirection to redirect folders like desktop, documents, pictures, and screenshots from the default location. Microsoft introduced code in its latest update to delete the empty and duplicate known folders, but it appears they weren’t always empty. Microsoft has developed fixes to address a variety of problems related to these folder moves, and these fixes are now being tested with Windows Insiders.

Speaking of Windows Insiders, Microsoft’s testing community did flag some of these issues ahead of the release. Microsoft appears to acknowledge this as the company is making some changes to the feedback tool for Windows 10 to ensure testers can flag the severity of bug reports. “We have added an ability for users to also provide an indication of impact and severity when filing User Initiated Feedback,” explains Cable. “We expect this will allow us to better monitor the most impactful issues even when feedback volume is low.”

Microsoft will now monitor feedback related to this re-released build of Windows 10 October 2018 Update and will officially launch it to consumers once the company is confident “that there is no further impact” to Windows 10 users. “We are committed to learning from this experience and improving our processes and notification systems to help ensure our customers have a positive experience with our update process,” says Cable.

While we all hope this re-release is a positive one, Microsoft has certain come under fire with its frequent update process. I made note of this in a blog last month that discussed IT admins who are campaigning hard for Microsoft to slow their roll when it comes to their Windows 10 upgrade schedule.

Approximately 78% of more than 1,100 business professionals charged with servicing Windows for their firms said that Windows 10’s feature upgrades — now released twice annually — should be issued no more than once a year.

Cybersecurity Tops ECRI’s List of Top 10 Health Technology Hazards

Earlier in the week I wrote about how the airline industry needs us. Well, it would appear the healthcare field does as well.

ECRI Institute has published its annual Top 10 Health Technology Hazards for 2019, and cybersecurity is atop the list as the biggest risk to patient safety.

Researchers at ECRI say they’re concerned about software vulnerabilities that could allow hackers or cyber criminals to gain unauthorized remote access to hospitals’ networked IT systems and devices, disrupting operations, hindering care delivery and putting safety at risk.

Why it Matters?

Cyberattacks on healthcare have been steadily increasing, even as defenses have been stalling. ECRI noted that it has published 50 alerts and problem reports related to cybersecurity in just the past 18 months.

With so many hospitals running legacy software, networked with vulnerable medical devices, security is no longer just about costly fines for HIPAA noncompliance or the embarrassment of publicized data breaches – it’s a critical patient safety issue.

ECRI’s list is meant to help health system decision-makers plan and prioritize their efforts – including technology strategies and investments – to protect patient safety.

What is the Trend?

The risks of hackers exploiting remote access to connected devices and systems “remain a significant threat to healthcare operations,” according to ECRI.

“Attacks can render devices or systems inoperative, degrade their performance, or expose or compromise the data they hold, all of which can severely hinder the delivery of patient care and put patients at risk,” researchers wrote. “Remote access systems are a common target because they are, by nature, publicly accessible.”

It’s little surprise to see it lead ECRI’s list of Top 10 Health Technology Hazards for 2019:

Hackers Can Exploit Remote Access to Systems, Disrupting Healthcare Operations

The remainder of the list in case you’re interested:

2. “Clean” Mattresses Can Ooze Body Fluids onto Patients
3. Retained Sponges Persist as a Surgical Complication Despite Manual Counts
4. Improperly Set Ventilator Alarms Put Patients at Risk for Hypoxic Brain Injury or Death
5. Mishandling Flexible Endoscopes after Disinfection Can Lead to Patient Infections
6. Confusing Dose Rate with Flow Rate Can Lead to Infusion Pump Medication Errors
7. Improper Customization of Physiologic Monitor Alarm Settings May Result in Missed Alarms
8. Injury Risk from Overhead Patient Lift Systems
9. Cleaning Fluid Seeping into Electrical Components Can Lead to Equipment Damage and Fires
10. Flawed Battery Charging Systems and Practices Can Affect Device Operation

On the Record

“The consequences of an attack can be widespread and severe, making this a priority concern for all healthcare organizations,” says David Jamison, executive director of ECRI’s Health Devices program, speaking of the list’s top cyber risk. “In critical situations, this could cause harm or death.”

This is quite scary. Contact us today.

It would appear that the airline industry needs The 20.

If you had a ticket on Delta Air Lines a couple of weeks ago, your flight may have been delayed a few hours – and this is something we’ve had to get used to. Flight delays due to a “technology issue” are quickly becoming the new normal for air travelers.

The number of technology-related outages among domestic airlines has risen unevenly during the past decade, from 3 in 2007 to 6 in 2017, with the highest number being 11 in 2015.

IT problems seem to be growing. And while the causes are complex, the contingency plan is as simple as ever. When an airline cancels your flight and blames technology, you can’t accept it with a shrug.

Technology “issues” are getting worse

A recent study conducted by Qualtrics noted that just a single outage can drive away a significant number of customers. More than 34% said they would not book another ticket on an airline with a technology-related service disruption.

In August, Spirit Airlines experienced a system-wide service interruption, which prevented it from checking in passengers. And in June, American Airlines suffered a service outage after a “serious” computer problem. More on that in a minute.

And it’s a worldwide problem as well. Earlier last month, for example, Pakistan International Airlines reportedly delayed its flights after its entire booking system “went down.” Turns out the carrier was switching to a new Turkish web-based product appropriately named “HITIT.”

Delta’s IT problem remains something of a mystery. At 8:28 p.m., the airline announced that its IT teams were “working diligently” to address a technology issue affecting some of its systems. “We have issued a Delta ground stop as we work to bring systems back up as quickly as possible,” the airline said. “There has been no disruption or safety issue with any Delta flight currently in the air.” By 9:20 p.m., Delta announced that it had restored all IT systems, blaming the flight delays on a “technology issue” that “briefly affected some systems this evening.”

And they apologized.

What’s causing these technology glitches?

“While the root cause of each occurrence varies, IT issues among the travel industry can be attributed to several overarching factors,” says Michael Levine, a senior associate at Schellman & Company, an independent security and privacy compliance assessor.

Airlines don’t like to spend a lot of money on technology, so their systems are antiquated before they receive long-overdue upgrades, say experts.

“The complex nature between many integrated systems — reservations, flight scheduling, staff scheduling, and so forth — can lead to breaks in the chain,” says Levine. “Airlines often work with regional subsidiaries, which means that they are affected by their IT infrastructure and outages as well.”

That’s what happened with American Airlines in June. PSA Airlines, a regional subsidiary of American, had a hardware issue with one of its staff scheduling systems. “It appears there might not have been a proper backup system in place, so the outage lasted a lot longer than necessary,” says Levine.

“It’s not just technology. The major airlines have made sufficient investment in redundant systems on multiple networks,” adds Levine. They have “incredibly redundant” storage arrays where the transactional databases running all their operations reside, and that data is backed up in near real-time to multiple locations and private clouds.

“The weak point in the chain,” he explains, “is humans.”

Employees and contractors aren’t adequately trained to monitor the system or to ward off cybercrime.

“It only takes 1 human to do something incredibly ignorant or stupid,” says Levine. The mistakes range from a programmer handling data insecurely or a marketing executive uploading client data into an unsafe third-party app.

“It takes a serious commitment from the highest level of executives to spend intelligently and adequately, to deter possibilities of major outages or data breaches,” he says.

Sounds like they need to be introduced to an unbeatable IT service with decades of experience and demonstrated expertise to solve their problems…

In a very short time, the internet will become a much more secure place.

That’s because the Board of Directors for the Internet Corporation of Assigned Names and Numbers (ICANN) has approved plans for the first-ever changing of the cryptographic key that helps protect the Domain Name System (DNS) – also known as the internet’s address book.

During a meeting in Belgium on September 16, the ICANN board passed a resolution, directing the organization to proceed with its plans to change — or “roll” — the key for the DNS root on October 11 of this year. It will mark the first time the key has been changed since it was first put into use in 2010.

“This is an important move and we have an obligation to ensure that it happens in furtherance of ICANN’s mission, which is to ensure a secure, stable and resilient DNS,” says ICANN Board Chair, Cherine Chalaby.

“There is no way of completely assuring that every network operator will have their ‘resolvers’ properly configured, yet if things go as anticipated, we expect the vast majority to have access to the root zone,” Chalaby went on to say.

ICANN notes that some Internet users might be affected if the network operators or Internet Service Providers (ISPs) have not prepared for the roll. Those operators who have enabled the checking of Domain Name System Security Extensions or DNSSEC information (a set of security protocols used to ensure DNS information isn’t accidentally or maliciously corrupted) are those who need to be certain they are ready for the roll.

“Research shows that there are many thousands of network operators that have enabled DNSSEC validation, and about a quarter of the internet’s users rely on those operators,” says David Conrad, ICANN’s Chief Technology Officer.

“It is almost certain there will be at least a few operators somewhere across the globe who won’t be prepared. But even in the worst case, all they have to do to fix the problem is turn off DNSSEC validation, install the new key, re-enable DNSSEC, and their users will again have full connectivity to the DNS.”

The changing of the DNS root key was originally scheduled to happen a year ago, but plans were put on hold after ICANN found and began analyzing some new, last-minute data. That data dealt with the potential readiness of network operators for the key roll.

Ultimately, an analysis led the organization to believe it could safely proceed with the changing of the key. As a result, the organization (after consultation with the community) developed a new plan that recommends putting the new key into use exactly one year after originally scheduled.

In the intervening time, the organization has continued extensive outreach and investigations on how to best mitigate risks associated with the key change.

“This is the first root key change, but it won’t be the last,” says Matt Larson, Vice President of Research at ICANN and the organization’s point person for the key roll.

“This is the first time, so naturally we are bending over backwards to make certain that everything goes as smoothly as possible. But as we do more key rollovers in the future, the network operators, ISPs, and others will become more accustomed to the practice.”

Scenario: an email appears in your inbox where a complete stranger claims to have video footage of you watching porn and asks for $1,000. Your eyes widen. There’s outrage and embarrassment. You reach for your phone — but then you wonder, “Wait. Who do I even call?”

Unfortunately, the answer to that question is a little complicated.

As it turns out, even law enforcement officials can’t agree. The FBI and your local police both suggest that you should call them. But experts warn that in many cases, neither agency will be able to help, especially if the criminal is asking for so little money.

This dynamic really highlights why these kinds of hacks — and yes, the porn scam really happened — are starting to mushroom. And there’s no clear answer on who to call. It’s no surprise that cyberattacks have run rampant across the web, as thieves online find ways to steal credit card information from millions of people without leaving their homes.

“If the people doing it keep the dollar amounts small enough that no individual police department is going to be motivated enough to prosecute, you can collect a lot of money from a lot of people all around the world,” said Adam Bookbinder, the former chief of the US Attorney’s cybercrime unit in the district of Massachusetts.

Sometimes these crimes don’t even involve a hack. An email scheme in which scammers spammed inboxes threatening to blackmail victims, without any evidence, netted $28,000 over two months, researchers from cybersecurity company Digital Shadows found.

“But unless it’s a public concern, there’s a good chance no one will handle it,” said Bookbinder, who’s now a cybersecurity and privacy team member with the Holland & Knight law firm.

Local police

In an emergency, you’re supposed to call 911. If you are a victim of a crime, you should always contact the police.

But here, there’s not much your local police can do for you. For starters, you’d have to show that an actual crime happened, which is much more difficult when it’s digital.

“For example, if someone accesses your Facebook account without your permission, but only uses it to look around at your messages, it’s not enough to meet the threshold for a criminal investigation,” Bookbinder said.

“That’s a misdemeanor,” he said. “Could it be prosecuted? Yes. Is it likely that anyone is going to want to spend the resources on it? No.”

“But if someone used private photos from your Facebook account and threatened to blackmail you with it, then it would be something that police could investigate,” he said.

That’s assuming your local police have the resources to deal with investigating hacks. While more local and state police are improving their computer crime capabilities, it hasn’t happened across the board for every department.

It gets even more complicated if the hack crosses state or national lines. If your account is accessed by a Russian hacker, for example, your local police wouldn’t have the resources to investigate that.

“NYPD is probably an outlier in the resources they have available for investigation,” said Jake Williams, founder of Rendition Security. “But even then, it’s unlikely any law enforcement agency is interested in helping investigate who hacked your Facebook account.”

Homeland Security

If a threat came to your doorstep instead of your digital inbox, the answer would be much simpler: Call the police. But when it’s an online crime, some consider calling 911 a joke.

“I occasionally still hear of companies and locals that call 911 when they believe they’ve been under a cyberattack,” US Department of Homeland Security Secretary Kirstjen Nielsen said during the agency’s Cybersecurity Summit in July.

Nielsen, with a smile, let the remark hang in the air before she told the crowd who they should really call.

“The best thing to do would be to call this center,” she said, referring to the DHS’s National Risk Management Center, a dedicated hub for helping respond to cyberattacks with a focus on critical infrastructure.

But it’s not much help if you’re an average person and not a major company.

“When a person does call the DHS asking for help, the agency will refer them to the FBI,” a DHS spokesman said.

The FBI

The FBI recommends that cybercrime victims call them first — not your local police. The agency has an Internet Crime Complaint Center, where you can file details on what happened and analysts will review the case to determine what actions to take.

Often, though, nothing much is done. The FBI is the best-equipped agency to deal with cybercrime, with its vast resources and plentiful experts, Bookbinder said, but if the complaint isn’t a major case, it likely won’t be investigated.

“They won’t handle most cases of individual hacks unless they’re very high profile or a bunch of money was lost,” Williams said. “It varies from office to office, but most of them we’ve worked want to see $10K stolen before they’ll get involved.”

So is all hope lost? Not necessarily.

“The best way to get a response would be to report the incident to the FBI,” Bookbinder said. Even if your case doesn’t pop up on the agency’s radar, it’s logged into the FBI’s databases of cybercrime complaints. “If enough similar complaints come in, analysts can connect the dots and start building an investigation,” the former cybercrime unit chief said.

“They now have a good-sized crime, and all these people are victims in a case where they do prosecute someone,” he said.

Chances are, you weren’t the only one hit with an email threatening to blackmail you over porn, or whatever. The FBI — and security experts — encourage you to at least report potential cybercrimes in order to help build up a case.

But here’s the thing: The same spamming tactic that cybercriminals are using to cast a wide net may also be their downfall.

Want to learn how to protect yourself against cyberattacks? Download our Cybersecurity Guide!

I read a great article in the other day that posed that very thought, and so I felt I should share a bit of it with you. It serves as a nice follow up to the blog I wrote a couple of weeks ago, “Should I Be Concerned About Cybersecurity?”

First of all, did you know that cyberattacks jumped 32% between the first quarters of 2017 and 2018, according to a recent report? And yet many businesses assume their IT infrastructure is still secure.

Some entrepreneurs realize their security measures aren’t top-notch, but they don’t consider their companies targets because they don’t move billions of dollars each year. However, hackers aren’t just after money — 63% of those attacks specifically targeted data and credentials.

These numbers highlight why companies need up-to-date cybersecurity measures to effectively prevent, detect, respond to, and recover from cyberattacks.

Their cyberthreat report goes on to explain why you may want to think twice — even if you believe your company’s cybersecurity is taken care of.

Here are excerpts of their reasons:

Financial institutions aren’t as secure as you think.

The range of cyberattacks in 2017 was more varied than ever before, but banking and financial institutions still bore the brunt of the attacks. These attacks included infecting ATMs with malware that could be easily bought on the darknet and stealing funds straight out of victims’ accounts in more than 10 international financial organizations.

When these organizations’ cybersecurity measures failed, the situation was often made worse by insurance companies refusing to reimburse the losses incurred.

Every piece of data is valuable to hackers.

Almost every attack at banking and financial institutions is aimed at financial gain, but a recent report also showed that malware attacks increased by 75% during the last year, collecting information such as account logins, answers to security questions, Social Security numbers, and more.

Companies outside the financial sector don’t usually house customer financial data in their systems, but if you utilize a web application, your customers have to build profiles with personal data.

Even smart employees get phished.

Phishing attacks have proven to be one of the most prolific ways for hackers to get malware into companies’ systems. A cybersecurity report by Barracuda noted more than 10,000 unique phishing attacks in June 2018 alone, and the most successful ones were impersonating well-known companies such as Netflix and Citibank. Even smart employees need to remain diligent for things — like minor spelling errors in unsolicited emails — that could give away the scam.

Cybersecurity is an approach, not a single solution.

In response to these threats, Gartner predicts that companies worldwide will spend up to $96 billion on cybersecurity this year. Yet much of that spending will be in reaction to specific breaches rather than focused on implementing holistic, prevention-focused cybersecurity measures. This means many of those measures will still leave entrepreneurs’ organizations vulnerable, especially ones that work with smaller, less secure companies.

It’s common for companies to believe they’re safe from cyberattacks, but it isn’t always true. In 2017, the Online Trust Alliance tracked more than 159,000 cyber incidents. Those breaches cost companies up to $608 billion total, according to McAfee and the Center for Strategic and International Studies. This year, industries have the opportunity to stem the flood of attacks — which begins with acknowledging they may not be as secure as they thought.

Want to learn more about the IT services we deliver, and how we can implement holistic, prevention-focused cybersecurity measures? Contact us today!

So, I stumbled upon an interesting article over Labor Day weekend (do I know how to party OR WHAT?) that warned businesses of the risks that come with letting domain names expire. It’s a side of buying expired domains that most domain investors will never think of: the fact that expired domains, despite not having traffic coming to them, still could have emails with incredibly sensitive information attached. The piece gives a very solid example of domains from law firms that expire after the firm takes part in a merger:

To test just how bad the problem is, [security researcher, Gabor] Szathmari re-registered old domain names for several law firms that had merged, set up an email server, and without hacking anything, he says he received a steady stream of confidential information, including bank correspondence, invoices from other law firms, sensitive legal documents from clients, and updates from LinkedIn (Szathmari is working to return the affected domain names to their original owners).

Well, not too surprisingly, it turns out that some of these expired domains are used for fraud since the new owner could essentially gain access to a large amount of sensitive data.

This got me thinking about whether or not there’s an entire market of expired domain buyers; fraudsters and scammers that aren’t looking to resell the name, but instead are looking to use the domain to gain access to email.

It certainly sounds like that might be the case.

Email holds the keys to the kingdom. All your password resets go through email and abandoning an old domain name makes it easy for attackers to re-register the old domain and get your stuff.

According to the article, it appears that the technique of re-registering old domain names could also be used for collecting money. “By reinstating an online web shop formerly running on an abandoned domain name,” Gabor Szathmari writes, “Bad actors could download the original web pages from archive.org, then take new orders and payments by posing as a fully functioning web shop.”

“If the former web shop had a CRM system or MailChimp running marketing campaigns,” he adds, “criminals could access the list of the former customers by taking over those accounts with an email-based password reset. They could offer them a special discount code to encourage them to submit orders which would never be delivered. The sky is the limit.”

Expiring domain names are published daily by domain name registries in the form of domain name drop lists. It doesn’t take a criminal mastermind to download those lists daily and cross-reference them against news of mergers and acquisitions in the relevant trade pubs, or just re-register any domain name that catches their fancy.

So how long should you hang onto those old domains for?

Better to be safe than sorry in this case. Domain names aren’t expensive, and keeping old domains in your possession is the cheapest cybersecurity insurance policy you’ll ever purchase. I mean, is it really worth it to sell at the expense of fraud? I wouldn’t take that chance.

Szathmari recommends setting up a catch-all email service that redirects all incoming email to a trusted administrator, someone who can review correspondence addressed former and current staff, and password reset emails for online services.

Probably not. At least, if you’re anything like me — and I really hope you’re not – then your passwords are probably not up to snuff. But hopefully this will at least get you to reconsider your current situation.

We all love to have easily-remembered passwords, because, well, they’re easy to remember. But you aren’t doing yourself any favors by opening yourself up to get hacked.

The National Institute of Standards and Technology (NIST) has recently issued new guidelines regarding secure passwords, and I think it’s incredibly important to read their suggestions.

Ok, but wait — who is NIST?

NIST is a non-regulatory federal agency whose purpose is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology, in ways that enhance economic security and improve our quality of life.

And by the way, these guidelines are generally considered a reasonable standard not only in the U.S., but also around the globe, but you don’t have to follow them to a T. Following these standards, however, are likely to give you solid protection, should you ever be accused of not following good security practices.

So, what is so remarkable about these new password guidelines and how will they impact you and other users? The new framework is certainly controversial among many security professionals. Almost all security practitioners are going to find stuff they agree and disagree with in the guidelines. But here we go…

Remove periodic password change requirements

This is one that legions of corporate employees, forced to create a new password every month, will surely be happy about. There have been multiple studies that have shown the requirement of frequent password changes to be counterproductive to good password security; but the industry has doggedly held on to the practice. This will remain controversial for some time, I am sure.

Drop the algorithmic complexity song and dance

No more arbitrary password complexity requirements, needing mixtures of upper case letters, symbols and numbers. Like frequent password changes, some claim these password policies can result in worse passwords.

Here is a completely new one… require screening of new passwords against lists of commonly used or compromised passwords

One of the best ways to ratchet up the strength of your users’ passwords is to screen them against lists of dictionary passwords and known compromised passwords.

Please contact us for any questions you may have on password screening! We’re happy to help and point you toward software that can make this process simpler.

We hope this all helps! I know at the very least it should get you thinking about doing more to protect yourself in the password arena. I know it helped me, and got me thinking smarter.

The past 100 years or so have seen an incredible advancement in technology, and the new found age of Artificial Intelligence is certainly no small part of it. Everything and everyone uses Machine Learning concepts to make life easier, like Siri or Alexa, but the dark side of the same can definitely be used to make life a living hell.

At the Black Hat USA 2018 conference a couple of weeks ago, security researchers at IBM considered a very likely scenario in the near future and created DeepLocker – a new generation malware which can fly under the radar and go undetected by way of carrier applications (like video conferencing software) until its target is reached. It uses an A.I. model to identify its target using indicators like facial recognition, geolocation and voice recognition — all of which are easily available on the web. Weaponized A.I. appears to be here for the long haul and could target anyone.

Scary.

DeepLocker is just an experiment by IBM to show how open-source A.I. tools can be combined with straightforward evasion techniques to build a targeted and highly effective malware. As the world of cybersecurity is constantly evolving, security professionals will now have to up their game to combat hybrid malware attacks. Experiments like this allow researchers to stay one step ahead of hackers.

According to Marc Ph. Stoecklin, principal research scientist at IBM Research, “The security community needs to prepare to face a new level of A.I.-powered attacks. We can’t, as an industry, simply wait until the attacks are found in the wild to start preparing our defenses. To borrow an analogy from the medical field, we need to examine the virus to create the ‘vaccine.’”

But back to DeepLocker…

DeepLocker’s Deep Neural Network model provides “trigger conditions” that need to be met for malware to be executed. In case the target is not found, the virus stays blurred inside the app, which makes reverse-engineering for experts an almost impossible task.

To prove the efficiency and precision of A.I.-based malware, security engineers demonstrated the attack using the notorious WannaCry virus. They created a proof-of-concept situation where the payload was hidden inside a video conferencing program. None of the anti-virus engines or sandboxes managed to detect the malware, which resulted in this conclusion by researchers:

Imagine that this video conferencing application is distributed and downloaded by millions of people, which is a plausible scenario nowadays on many public platforms. When launched, the app would surreptitiously feed camera snapshots into the embedded A.I. model, but otherwise behave normally for all users except the intended target.

What is more, applications like Social Mapper can be implemented inside the malware which would make the detection of a potential target an even more manageable task.

Indeed, the power of Artificial Intelligence is probably limitless, but the experiment proves that security researchers still have a lot of work to do when it comes to cybersecurity. The examination of various apps should be taken into consideration, and any unexpected actions should be flagged immediately.

Deep Instinct’s Solution

To combat these cyber threats we suggest deep learning from Deep Instinct as an incredibly effective solution. The 20 has chosen Deep Instinct, the first company to apply deep learning to cybersecurity, for our MSP members to provide superior deep learning cybersecurity capabilities across service offerings and safeguard customers against current and future cyber threats.

Their solution provides full protection that is based on a prediction and prevention first approach, followed by detection and response, with unmatched efficacy against any cyber threat.

Want to learn more about the IT services we deliver? Contact us today!

Yes.

Of course you should be.

Experts predict that by 2020 there will be 200 billion connected things. We’re talking cars, planes, homes, cities, and yes, even animals. Software is being placed everywhere, and it’s changing the way we live, and how we behave and interact with the world around us. As technology becomes more and more integrated into our day-to-day lives, we become more and more dependent on it. But this dependence makes us vulnerable if technology fails.

I mean, I know for me, when I’m on the road and my iPhone runs out of battery, it pretty much feels like the end of the world. Am I directionally challenged? Yes. But even more than my GPS being gone, I’m not able to access my contacts; my messages are disabled. In such moments, you realize how dependent you are on technology. It’s ridiculous, but it’s 100% true.

In today’s world, it’s important that technology is available, protected and secure. If not, we will all suffer consequences in our daily lives.

Cybersecurity Problems Are Everywhere

While I have a generally positive view of technology, I am worried about our future. I believe it’s important to be aware of the serious cybersecurity problems currently affecting technology.

And it seems that the same problems keep happening over and over again. We are not getting any better as far as what’s vulnerable and what’s secure. Technology appears to be becoming more and more insecure as we get more and more dependent on it.

From what I can see, most technology is vulnerable and can be hacked. We see examples of this every day: alarm systems, power grids, automobiles, traffic systems, the list goes on. Every year, thousands of cybersecurity problems are identified in technologies from well-known vendors. Some of those vendors are among the best at cybersecurity, yet they still have hundreds of security problems each year.

Cybersecurity Threats Are Increasing

A recent report on IoT cybersecurity found that 70% of devices did not encrypt communications, while this survey found that IoT cybersecurity and privacy are a top concern for people and companies.

Another report found that cyberattacks have been growing quickly over the last couple of years, and there’s nothing to indicate they won’t just keep increasing.

All of these cybersecurity problems make cyberattacks easier and more dangerous. So why are there so many cybersecurity problems in today’s technology? My research has shown that the main problems are threefold.

First, a lack of knowledge and awareness about the importance of cybersecurity. Some companies don’t care about cybersecurity, while others care but don’t know what to do or how to do it. Second, complex scenarios where old, new and different technologies are used together. This happens frequently as businesses update, and just one insecure component could make a whole system insecure. Finally, a lack of time and money for security. Products need to be built and released quickly. There is a “fail fast, fail often” mantra, which is only fine as long as you “fail safe.”

The Economic Impact of Cybersecurity Attacks is Significant

Cybersecurity problems and attacks cause billions of dollars in losses every year. For example, the smart alarm SimpliSafe hack that affected 300,000 devices, and the only possible fix was to replace all of them. The UK company TalkTalk was hacked and lost about £50 million. They also lost more than 100,000 customers, and their stock value declined by 20%. A car hack in 2015 resulted in 1.4 million cars being recalled by Chrysler. And we can’t forget the Sony hacking scandal that resulted in millions of dollars in losses.

It’s clear that there are growing cybersecurity problems. And beyond having an economic impact, they also have an impact in our daily lives as our technology dependence continues to grow. In 2018, we must work together to change this situation before it gets even worse.