#TheSecretToCybersecurity Book Tour continues!📍
The past seven weeks have been so hectic with travel that it’s no surprise I was excited to be home this week in Nashville to MC for one of my favorite charities. TechBridge’s mission is to use technology for non profits to break the cycle of poverty. During my career I’ve seen so many non profits destroyed by Cybercriminals, and there was nothing I could do in many cases. Let’s break the cycle. If you are a non profit, please send me a message and I’ll send you a copy of my book. 🔐
‘Lower-level workers and contributors are the employees most at risk for cyberattacks…” Read more: http://ow.ly/Ex9m50rcrIZ Need help getting your organization secure? Head over to our website to learn how Accume can help.
“At its heart, privacy is about how data is used to take away our control. Today, our control is chipped away in ways large and small. It may be as innocuous as using your listed preferences, browsing behavior, third-party information about your annual income and a rough understanding of the hours that you’re most susceptible to make a purchase to nudge you toward buying a pair of shoes. Or it may be as potentially life-altering as the inability to get a loan or see a job listing. Fears of such things aren’t unfounded — they’re our new reality.”
The best way to handle a serious data breach is to prevent it. While no security system is 100% effective, it's been noted that a substantial number of major breaches were preventable. So partner with NOFTEK and take that simple step to close the holes that are often exploited by those who want your data.
Cyberattacks caused $450 billion of damage to the global economy in last year, and this number is predicted to keep rising as we keep adding more connected devices to the mix. The magnitude of this impact should not be understated. It’s bigger than the size of notable economies like the UAE ($371B) or Norway ($370B) – which is why it’s no surprise to see organizations putting major resources to shore up their internal defenses and to reduce the risk of threats. https://buff.ly/2EIPVBK @raconteur via @agrassoblog#Cybersecurity#Hacking#databreach#technology#CyberAttacks#Privacy
4 7389 February, 2019
Part 1. So how do we go about creating an uncrackable password? By uncrackable, i mean infeasible to crack. This goes a little more beyond the traditional advice you get.
Let’s get the obvious one out of the way. Use all 4 character sets in your password (e.g., uppercase, lowercase, numbers, and special characters).
Instead of a password, you should use a passphrase. You can use a favorite quote, lyric, poem, etc., that’s unique to you. For example, I like coffee, so I can use a passphrase like “iLuvredeyeCo4433”. It’s unique to me, so I’m more likely to remember it. It also would take centuries to crack. Phrases like “iloveyou” or “DoNotEnter” are too common/short and are likely contained in a word list
If creating your own password, aim for a password that’s between 14 and 20 characters long. Short passwords take less time to crack. A password like “W3F5ng” is certainly random, but it’s short. It might seem like a good password, but it’s going to be brute forced in just a few hours
One of the best things you can do is use a password manager. They preferably, cryptographically store your passwords using AES encryption. They also generate your passwords for you. You could generate super strong, random passwords that are over 40 characters long, making them infeasible to crack. Remembering your passwords is not required because the application will either automatically update login fields for you or you can simply copy and paste the password. The problem though is you’ll have to have a master password to decrypt the information held inside. That master password must be strong and something you remember
See other suggestions in Part 2
21 59821 hours ago
Cybersecurity has become an important issue as more and more people are sharing information online, sometimes some of which can be incredibly personal too. Comparitech’s study looked at 60 countries and ranked them on how safe they are in terms of cybersecurity. The seven criteria that were used by Comparitech were the percentage of mobiles infected with malware, percentage of computers infected with malware, number of financial malware attacks, percentage of telnet attacks, percentage of attacks by cryptominers, best-prepared countries for cyber attacks, and the countries with the most up-to-date legislation. The study was based on the Kaspersky Lab’s November 2018 study on IT Threat Evolution, the International Telecommunications Union’s report on Global Cybersecurity Index (GCI) 2017, and Center for Strategic and International Studies’ Global Cyber Strategies Index.
Buscador is a Linux Virtual Machine that is pre-configured for online investigators. It was developed by David Westcott and Michael Bazzell, and distributions are maintained on this page. The current build is 5GB and includes the following resources:
March was the month of the explosive data breach scandal. Whistleblowers Chris Wylie and Shahmir Sanni revealed how Cambridge Analytica, the data analytics firm that was behind Trump’s 2016 campaign and played a role in Brexit, had used the data harvested from 87 million Facebook users without their consent. The Observer and The Guardian investigation led to the downfall of Cambridge Analytica and a public apology from Facebook’s Mark Zuckerberg who was forced to testify before congress. “We exploited Facebook to harvest millions of people’s profiles," Wylie said. "And built models to exploit what we knew about them and target their inner demons. That was the basis the entire company was built on.” Facebook has since lost $120 billion from its share price. #ThisWas2018
Photos: Neil Hall/ EPA + Wiktor Szymanowicz/REX/Shutterstock + Al Drago + Getty Images
50 6,29627 December, 2018
The Reversing Arrow Illusion: An amazing & easy trick for all ages
DATA BREACH MITIGATION
Since data breaches vary according to severity and how the security incident occurred, these mitigation strategies cover a broad perspective.
PRIORITIZATION OF DATA
We can mitigate the impact of a data breach by prioritizing data protection, which is accomplished through physical, administrative, and technical DLP controls. Often times, this takes the form of NGFWs, NGIPS, and content security that will prevent leakage of sensitive information, like PII, PHI, financial information, and intellectual property
Humans are often described as the weakest link in security, thus an emphasis must be placed on making endusers a part of the mitigation solution. By achieving on going awareness training and requiring participation in planned IR procedures, we can mitigate the effects of a data breach
Document the IR process from start to finish and use this information in the ARR and Lessons Learned (LL). This later provides the IRT and all those involved with a retroactive analysis of how well the IR process went.
Understand the business context of the organization’s data to truly understand the value of the data. How sensitive is the data and what actions must be taken when it’s exposed? Often, we are legally required to notify affected parties, and if we do not, it leads to legal ramifications
Proactively collect and analyze data from things like SIEM systems or NetFlow records to derive valuable reports and analysis. This will be great for preventing similar future incidents
TAKE THE OFFENSIVE
Most data breaches occur right under our nose, and is only evident when it’s already too late. But, we can reduce the amount of time it takes to notice IoCs by taking the offensive. For example, we can plant honey tokens in sensitive areas, such as a sensitive folder. Anytime the folder is accessed, perhaps an unauthorized insider, the token generates an alert to administrators. Thus, we discover the attempted breach early, which mitigates its effects