source: wired.com

OVER THE LAST year, Eva Galperin says she's learned the signs: the survivors of domestic abuse who come to her describing how their tormentors seem to know everyone they've called, texted, and even what they discussed in their most private conversations. How their abusers seem to know where they've been and sometimes even turn up at those locations to menace them. How they flaunt photos mysteriously obtained from the victim's phone, sometimes using them for harassment or blackmail. And how none of the usual remedies to suspected hacking—changing passwords, setting up two-factor authentication—seem to help.

The reason those fixes don't work, in these cases, is because the abuser has deeply compromised the victim's phone itself. The stalker doesn't have to be a skilled hacker; they just need easily accessible consumer spyware and an opportunity to install it on their target's device. An entire industry of that so-called spouseware, or stalkerware, has grown in recent years, one that Galperin argues represents a deeply underestimated scourge of digital privacy.

"Full access to someone’s phone is essentially full access to someone’s mind," says Galperin, a security researcher who leads the Threat Lab of the digital civil liberties group the Electronic Frontier Foundation. "The people who end up with this software on their phones can become victims of physical abuse, of physical stalking. They get beaten. They can be killed. Their children can be kidnapped. It’s the small end of a very large, terrifying wedge."

 source: federaltimes.com

The federal government spends approximately 80 percent of its $90 billion information technology funding maintaining legacy IT systems, which have contributed to “security risks, unmet mission needs, staffing issues and increased costs,” according to a June 11 Government Accountability Office report.

Of those systems, GAO identified 10 across an equal number of agencies that are in critical need of modernization, due to the age of the system, its criticality to the agency and the security risk it poses.

The systems themselves were not named, due to the potential security risks such a disclosure would pose, but were given generic descriptions and locations in the report:

  1. Department of Defense — a maintenance system supporting wartime readiness
  2. Department of Education — a system housing student information
  3. Department of Health and Human Services — an information system supporting clinical and administrative activities
  4. Department of Homeland Security — a network of routers, systems and appliances
  5. Department of Interior — a system supporting the operation of dams and powerplants
  6. Department of Treasury — a system containing taxpayer information
  7. Department of Transportation — an aircraft information system
  8. Office of Personnel Management — hardware, software and service components supporting IT applications and services
  9. Small Business Administration — a system controlling access to applications
  10. Social Security Administration — a group of systems housing information on Social Security beneficiaries

Those 10 systems cost approximately $337 million for their agencies to maintain, and can be expected to increase expenses and exposure while decreasing mission efficiency.

 source: cyberdefensemagazine.com

Intellectual Property & Trade Secrets – Gone In 60 Seconds

What your company spent years to develop can be lost in an instant at the hands of “Just 1 Malicious Employee“, with the click of a mouse. The continued incidents of employee theft, intellectual property and other malicious actions, paint a dark picture of what employees do when they are disgruntled, moving on to a new job, are under financial pressure, or trying to live a life style beyond their means, and may find a strong incentives to steal from their employers.

Detecting and mitigating against Insider Threats is one of the most difficult challenges for companies, organizations, and governments. In fact, behind phishing, it is most often ranked as one of the top cyber security challenges by CISO’s and CIO’s.

External Hackers are not the only threat your business or organization may be facing. One of your biggest risks comes from your own employees. A recently published Harvey Nash / KPMG survey of nearly 4,500 CIOs and tech leaders globally, finds that the Insider Threat problem is the fastest-growing one of all.

Every year, the comprehensive Verizon Data Breach Investigations Report (DBIR) provides the industry with a deep dive into the latest trends in cyber security incidents. The 2019 report found that Insider Threat incidents have been on the rise for the last four years. This year’s report also shows that 34% of all breaches happened as a result of Insider Threat actors.

More than any other industry, healthcare’s breaches are overwhelmingly caused by insiders, with nearly 60% tied to Inside actors. Healthcare is the only industry where insider-caused breaches outnumber external attack vectors

 source: securitymagazine.com

Global security concern remains at the highest level in 13 years, according to the 2019 Unisys Security Index report. 

For the third consecutive year, Identity Theft and Bankcard Fraud continue to be the two most pressing concerns worldwide. Identity Theft continues to rank at the top out of the eight security threats measured by the index, with more than two-thirds of those surveyed (69 percent) seriously concerned – exceeding reported concern related to threats like war, terrorism and natural disasters.

Significant findings include:

  • Bankcard Fraud also remains one of the top two security concerns globally, with two-thirds (66 percent) of consumers seriously concerned about it.
  • Increasing internet security concerns are largely behind the rise. Nearly two-thirds (63 percent) of consumers report they are seriously concerned about the threat of Viruses/Hacking with more than half (57 percent) seriously concerned about Online Shopping and Banking. In general, consumers in developing countries registered higher levels of concern.

Consumers reported they are as fearful of having data stolen at large events as they are of being physically harmed:

  • While 57 percent of respondents in the 13 countries surveyed registered serious concern (extremely/very concerned) about falling victim to a physical attack at a large event, the same percentage registered serious concern about having their personal data stolen when using public Wi-Fi at thesevents, and 59 percent were seriously concerned about someone stealing their credit card data.
  • 28 percent of respondents have changed their plans to attend certain large-scale events and nearly four in 10 (39 percent) said they would “think twice” about attending. A quarter of those who are not changing their plans reported they will take extra precautions about securing mobile devices and wallets. 

Concerns around Internet Security saw the biggest increase compared to 2018, rising three points. Concerns about Identity Theft and Bankcard Fraud continue to eclipse worries about threats from War or Terrorism or Natural Disasters and Epidemics. However, National Security concerns, on the whole, rose by two points.