source: us.norton.com

Facial recognition is a way of recognizing a human face through technology. A facial recognition system uses biometrics to map facial features from a photograph or video. It compares the information with a database of known faces to find a match. Facial recognition can help verify personal identity, but it also raises privacy issues.

The facial recognition market is expected to grow to $7.7 billion in 2022 from $4 billion in 2017. That’s because facial recognition has all kinds of commercial applications. It can be used for everything from surveillance to marketing.

Biometrics and biometric data: What is it and is it secure?

Biometrics can add safety and convenience, but what about the question of data security?

But that’s where it gets complicated. If privacy is important to you, you probably want some control over how your personal information — your data — is used. And here’s the thing: your “faceprint” is data.

How facial recognition works

You might be good at recognizing faces. You probably find it a cinch to identify the face of a family member, friend, or acquaintance. You’re familiar with their facial features — their eyes, nose, mouth — and how they come together.

That’s how a facial recognition system works, but on a grand, algorithmic scale. Where you see a face, recognition technology sees data. That data can be stored and accessed. For instance, half of all American adults have their images stored in one or more facial-recognition databases that law enforcement agencies can search, according to a Georgetown University study.

So how does facial recognition work? Technologies vary, but here are the basic steps:

Step 1. A picture of your face is captured from a photo or video. Your face might appear alone or in a crowd. Your image may show you looking straight ahead or nearly in profile.

Step 2. Facial recognition software reads the geometry of your face. Key factors include the distance between your eyes and the distance from forehead to chin. The software identifies facial landmarks — one system identifies 68 of them — that are key to distinguishing your face. The result: your facial signature.

 

 source: cyberdefensemagazine.com

Where the onset of the internet has been a blessing for almost everyone, it has also proved to be a curse for many of us. Hackers are improvising new ways to burst the privacy bubble of people. Security experts warn us that most cyber-attacks initiate from our smartphones. And despite the alarming number of hacking incidents in the last decade, an average person doesn’t know how to protect his smartphones from these attacks.

In addition to getting personal information of people, these hackers target company employees to hack into a business smartphone to obtain vital information. Therefore, taking appropriate precautions to protect your phone is more important than it has ever been.

Here are 5 simple ways to keep your smartphone’s data secured.

Use Trusted Wi-Fi and Bluetooth

Most people connect to public Wi-Fi without giving it a second thought. What they don’t know is that these public Wi-Fi can be used to obtain sensitive information from the connected devices. Most hotels and event venues have their security protocols in place, but free public Wi-Fis in areas like shopping centers, cafes, airports and parks and far less secure and should be used wisely.

Whenever you are in a public place, it is best to keep your Wi-Fi turned off or use it through a VPN which re-routes your network traffic through an encrypted connection.

Use Two-Factor Authentication

You should take benefit of every possible security procedure available to make your device as secure as it can be. A two-factor authentication (2FA) is a solid barrier that prevents unwarranted access to your personal data and information.

Most people don’t use this feature because it requires an extra step for verification but imagine all your information that is put on stake if you skip 2FA. Nowadays, due to fingerprint technology and save-password options, this feature is much easier to use.

 source: cnet.com

Online gift exchanges, digital card skimmers and other traps are set and waiting for you when you shop this Thanksgiving weekend.

Today, Thanksgiving, is abut enjoying family, friends and food (or at least managing them -- here's our survival guide to everything under the Thanksgiving sun. Tomorrow, Black Friday, is about shopping. But while you're looking at the best Black Friday deals you can score, scammers are looking at ways to steal your money, or worse, your identity.

Consumer are estimated to spend $29 billion online over Thanksgiving weekend. All that money means cybercriminals will be busier than ever deploying malware to target both you and the online retailers you trust. Some hackers, like the ones who struck Macy's last month, attack merchants' websites directly. Many more scams, however, are designed to lure you away from legitimate sellers and steer you toward malicious sites or apps that often spoof familiar retailers like AmazonBest Buy or Walmart.

For example, research from RiskIQ, a security company, said it identified almost 1,000 malicious apps using holiday-related terms, and over 6,000 apps using names and slogans from popular retailers to reel in unsuspecting victims. RiskIQ also said it found 65 malicious websites posing as popular retailers in an attempt to fool you into giving up your personal information.

As always, your best armor against these schemes, scams, frauds and cons is the knowledge you need to sniff them out. Here's everything you need to know about (not) getting duped this holiday season.Fake websites and fraudulent apps go 'phishing'

In a phishing scheme, the victim receives an email or text message directing them to enter payment information or other personal details on a fraudulent website, which is often designed to look just like a legitimate site. 

A recent survey by cybersecurity company McAfee reports that 41% of Americans fell victim to email phishing schemes in 2019. Unsurprisingly, a similar number -- 39% -- reported that they don't check email senders or retailer websites for authenticity. 

To top it all off, 30% of respondents reporting losses of $500 or more just in the last year alone.

 source: thehackernews.com

Assessing the performance of your security team is critical to both knowing your current posture, as well as planning ahead.

'The Ultimate 2019 Security Team Assessment Template' is the first attempt to capture all the main KPIs of the security team main pillars, saving CIOs and CISOs the time and effort of creating such an assessment from scratch and providing them with a simple and easy-to-use tool to measure how their teams are operated in 2019, while setting up performance targets for 2020.

Building such a template is challenging because security teams vary greatly in size and internal responsibility distribution.

Additionally, there is little consistency in the terms used to designate the various positions across the industry – security analyst, for example, could have one meaning in a certain company and different one in another. The same goes for architects, managers, and directors.

The Security Team Assessment Template (download here) addresses this challenge by focusing on functionality. The two main pillars of the security team are A) ensuring that sufficient security products are deployed and B) making the best out of these products to maximize prevention, detection, and response capability.

The template covers the following security roles and responsibilities:

1) Security Architect ⁠— responsible for designing, building, testing, and implementing security systems within an organization's IT network for the protection of both business and customer data.

A Security Architect is expected to have a thorough understanding of complex IT systems and stay up-to-date on the latest security standards, systems, and authentication protocols, as well as best practice security products.

2) Security Analyst Tier 1 ⁠— The Tier 1 Security Analyst is tasked with the initial triage and classification of security events at the ground level, supporting a 24x7x365 Security Operations Center.
The role follows standard operating procedures for detecting, classifying, and reporting incidents under the supervision of the SOC Manager and in partnership with Tier 2 SOC Analysts.

3) Security Analyst Tier 2 ⁠— tasked with conducting the technical aspects of response operation for critical events, escalated by the tier 1 analyst.

This includes immediate containment, investigation, management of remediation actions, as well and enhancing defenses, with the new knowledge acquired throughout the response process.

4) Security Analyst Tier 3 ⁠— tasked with the proactive discovery of undetected threats through ongoing monitoring of the environment for vulnerabilities and searching for the threats that can abuse it.

Additionally, the tier 3 analyst conducts Threat Hunting based on IOCs from threat intelligence feeds and delivers real-time visibility into the environment's actual security posture with proactive penetration tests.

5) SOC Manager ⁠— responsible for establishing and overseeing the workflows of security event monitoring, management, and response.

Additionally, they are also responsible for ensuring compliance with SLA, process adherence, and process improvisation to achieve operational objectives.

6) Director of Security ⁠— oversees all the security-related functionalities within the organization, covering compliance with relevant frameworks, purchase, deployment, and maintenance of security products, and breach protection workflows.

The Director of Security reports to the CIO and acts as the source of information for all cybersecurity-related aspects of the organization.