Drone technology a “next step for security research”

While recent news has highlighted the negative aspects of drone use, including potential threats to physical safety (take for example White House drone crashes and a father/son armed drone concoction), interest in the cyber impact of drones is rapidly increasing. As drone technology advances, both the “good guys” and the “bad guys” are racing to use unmanned aerial devices to gain control over data. A Christian Science Monitor article reveals that mini laptop-like drones have become a popular tool for hackers. Likewise, companies have been able to use similar technology to protect their networks from cybersecurity vulnerabilities. Drone experts are citing UAV research as an important “next step” in online security, implying that it is likely only the beginning of the impact drones may have on cybersecurity issues. 

General News, Prevention

Is the use of commercial drone technology a privacy threat?

Drones have rapidly evolved from recreational toys to powerful devices that can bolster numerous commercial activities. From the delivery of business items to the fulfillment of lunch orders, drone technology is becoming more accessible to and applicable within a multitude of business settings.

This is especially true in the construction market, for example, where drones can provide previously-inaccessible views of projects and landscapes at low costs. However, these camera-equipped devices also raise concerns as to what else is being recorded besides the target picturesque views. Any commercial business looking to involve the increasingly efficient technology of drones must be aware of legal obligations related to registration of their devices and sensitive to public views of privacy.

All commercial drone users are required to proceed through a three-step process. First, the owner must receive an N-number aircraft registration for the drone and obtain a Section 333 exemption from the airworthiness requirements necessary to operate full-size aircrafts using that same N-number registration. Lastly, the owner needs a certificate of authorization or waiver to fly in a specifically described airspace. For businesses, like construction companies, this would require inclusion of the flight path details and the intended use off the drone.

The developments in drone technology have created new issues regarding individuals’ privacy. In order to photograph new construction or capture breathtaking skyline views for artistic or marketing purposes, drones often contain continuously-recording cameras. What happens when one of these cameras catch a person on film and without their consent? Capturing this type of footage can implicate applicable “peeping tom” or un-authorized surveillance statutes and may result in unintended liability to the drone operator.

However, in reality, the commercial use of drones is unlikely to cause any real threat to security and privacy. Absent an ill intent to spy or conduct surveillance on others, incidental footage of private individuals would not rise to the level necessary to violate privacy laws.    

Moreover, the ACLU has stated that it would be better for states to create more tailored laws regulating drone use rather than overarching governance that would severely restrict the many efficient and useful applications of drone technology.

Commercial businesses should endeavor to research both federal and state regulations before adopting drone technology in their respective markets. While this area of regulation is constantly changing and it is essential to remain mindful of privacy concerns, drone technology can be a viable and valuable tool for many business practices. 

General News

Columbus, Ohio: America’s first smart city

Columbus, Ohio, was recently announced the winner of the United States Department of Transportation’s (DOT) “Smart City” Challenge. As the top city in this lucrative competition, Columbus will receive $40 million from DOT and $10 million from Vulcan, Inc., a company founded by Microsoft Corp. co-founder Paul Allen. This $50 million award will be matched with $90 million from the city’s business and community partners. The goal of the project is to specifically infuse cutting-edge technology into the city’s transportation system in an effort to improve mobility for Columbus residents.

While the city’s proposals show an impressive and holistic vision for how technology can help Columbus residents with more accessible and efficient transportation, this unique opportunity invites cybersecurity risks that cannot be ignored. As we’ve seen with other recent technological advances including drones, advanced surveillance, self-driving cars and robotics, new technology can lead to vulnerabilities in cybersecurity and increased risk of cyber-attacks.

For example, Columbus’ proposal includes the establishment of three electric self-driving shuttles, a new bus rapid transit center, street-side mobility kiosks, smart lighting and more in hopes of connecting more residents to jobs, improving access to health care in neighborhoods and increasing safety. But what happens when autotomized services are interrupted or become inaccessible? Could a smart city quickly recover from a technology glitch or cybersecurity breach? Commuting would be forced to a halt. Electricity services could be suspended. Streets may be darkened. Public services, such as garbage collection, mail delivery or public utilities, could also be affected.

Many agree that now is a good time to promote technology in cities. As more people choose urban lifestyles, a wide range of innovations are in reach to aid in the design and operation of growing cities, like Columbus. However, the more interconnected and interdependent cities become on technology, the greater the impact an attack will have the innovative systems they rely on.

As the winner of this unprecedented competition, Columbus has a great opportunity to be a leader in technological innovation, specifically in the transportation world. In order to protect the public and protect the advancements, the city must seriously consider the possibility of cyber attacks and other cybersecurity implications of becoming a smart city.  

General News, Prevention

Public and private sectors agree: Investment needed in banks’ cybersecurity

The Federal Reserve (the Fed) recently announced that it will participate in a study to determine how effective the central bank is at overseeing cybersecurity practices in the financial industry. The Fed’s Office of Inspector General (OIG) will be conducting the internal audit and plans to release the findings in the fourth quarter of this year.

The announcement comes on the heels of congressional inquiry into the Fed’s security practices in light of the attempted theft of $951 million from a Federal Reserve Bank of New York account held by Bangladesh Bank, the South Asian country’s central bank. While the N.Y. Fed successfully blocked 30 transactions that would have totaled an $850 million withdrawal, five transactions totaling $101 million were successful.

The OIG study will be the first public report to detail how strictly the central bank holds the financial industry to the regulations that are in place to protect from hackers and other criminals. “The growing sophistication and volume of cybersecurity threats presents a serious risk to all financial institutions,” according to the OIG. Mary Jo White, Chair of the Securities and Exchange Commission, described attacks like the one against the N.Y. Fed as the biggest risk currently facing the financial industry.

This sentiment seems to be echoed by the private sector as well. An international survey conducted by Kaspersky Lab and B2B International found that among businesses around the globe, protection from cyberattacks ranked amongst their highest priorities. Of the 5,500 businesses surveyed, 41 percent have invested in an in-house solution for protecting their financial transactions and 45 percent use a bank-provided solution.

While the investment rate is prolific, firms’ confidence in their ability to thwart an attacker is not so widespread. The most confident sector — the telecommunications industry — reported confidence with their fraud security at a 70 percent rate.  Only 67 percent of financial institutions reported their confidence in the same. Forty-seven percent of the firms surveyed indicated that their protections needed improvement.

Looking at the financial industry specifically, 48 percent of the respondents “admitted what they do to address the problem can be described as ‘mitigation’ rather than ‘prevention.’”  One of the largest concerns for banks – (38 percent of the organizations surveyed agreed it’s a problem for them) is distinguishing an attack from normal customer activity.  

General News, Prevention

Unauthorized access: A growing problem with a straightforward fix

Starting this week, an undisclosed number of U.S. citizens will be receiving notice that their credit card information may have been compromised. Acer, a Taiwanese multinational hardware and electronics corporation, believes it was the target of an unauthorized access data breach that potentially spanned a period of 11 months. The company announced that users of it e-commerce website may have had their private information, including “names, addresses, payment card numbers, card expiration dates, and three-digit security codes (CVV numbers),” compromised.

Unauthorized access occurs when an individual “gains access to a website, program, server, service, or other system using someone else’s account or other methods.” According to an IBM study, in 2014, incidents of this kind accounted for 37 percent of the most frequently occurring cybersecurity incident categories. In 2015, that number rose by 8 percent. This means that unauthorized access incidents account for almost half of the most frequently occurring security incidents.

Those numbers may leave many concerned about the strength of their cybersecurity networks. Fortunately, following a few simple steps can make all the difference in avoiding a breach:

  1. Hardware disk encryption. The most commonly used method for data security, disk encryption converts data into unreadable code which unauthorized users cannot access or decipher. Disk encryption can also take place through software rather than hardware, but this poses a greater risk, because a malicious hacker can easily corrupt the data.
  2. Firewall. A strong firewall is essential to protect your network from unauthorized access. “The firewall protects your network by controlling internet traffic that comes into and goes out of your business.”
  3. Antivirus. Just like firewall, a strong antivirus program is vital. The firewall keeps your network safe, but the antivirus keeps your files safe.
  4. Back up. Though backing up your hard drives won’t stop unauthorized access, it will prove invaluable if that hacker erases any of your system’s data.
  5. Monitor. A strong firewall and antivirus program cannot protect you if you do not run regular checks and updates. Additionally, system administrators can have alerts set up to notify them when there has been an unauthorized access attempt. Alerts like these can help you stay up to date on where, if any, of your system’s weaknesses exist.
General News, Prevention

Struggling with chip technology? You’re not alone.

By now, most of us have received a new credit card from our financial institution, which is embedded with a high-tech security device. We received these cards because the industry has made an important stride in increasing credit card security for consumers and businesses alike: Chip and PIN technology.

Chip and PIN technology is the next step forward in the ever-changing world of cybersecurity.  When a consumer buys something with a Chip and PIN-enabled card, the card produces a one-time code that authorizes the transaction.  That one-time code is unique each time there is a transaction. So, stealing the card information during that transaction is not valuable to hackers—that specific card information will be useless in the next transaction.

This new technology is much safer compared to the magnetic strips of old, but implementing the technology has proved itself difficult. As anyone with a chip-enabled card is likely aware, merchants have had trouble implementing the technology in their stores, including some of the largest retailers in the country. One of the most common cited problems with implementation is the cost associated with installing the new card readers. Also, and often most noticeable to customers, the chip and PIN system is not as fast as simply swiping a magnetic strip. The card readers can be finicky, costing both customers and retailers valuable time.

In order to reap the benefits of this new cybersecurity tactic, retailers and the credit card companies alike need to work towards fully executing the implementation of this new technology.  Not only will consumers benefit from added security, but businesses will save time and money and avoid legal liability in their attempt to combat fraud.

If your business is struggling with chip and PIN transaction challenges, hang in there. Despite the hiccups of this new technology, protecting consumers’ information to the fullest extent will be worth it in the long run.

General News, Prevention

Self-driving cars: Safe but not secure

Self-driving cars used to be artificial intelligence of the imagination, represented only in the sci-fi tropes of media. But as automotive and technology industries are rapidly producing more autonomous vehicles, self-driving cars will likely become a fixture in modern life.          

The benefits of self-driving vehicles are vast, with safety being the most prevalent. The technology has already been promoted to eliminate categories of common accidents, increasing the welfare of other drivers and pedestrians. Accidents due to drunk or distracted driving may be a thing of the past. In these cases, the car would safely drive itself, while the “driver” is free to pay attention to other matters.

However, there are cyber risks in creating and using this technology. Researchers found ways to hack in to the wireless connection in a Jeep Cherokee. This hacked wireless connection provided control over audio, air conditioning and the transmission — causing the vehicle to halt in the middle of a highway. Though the technology system may provide an overall safer driving experience, a hacked connection can lead to catastrophic incidents. This potential for hacking leads to other issues: who will bear the burden of liability, and how will insurance companies handle these conflicts?

While self-driving cars are quickly becoming more common, cybersecurity must be researched and increased before usage of this type of technology becomes prolific. 

General News

Simple steps: updating passwords

Last week, many LinkedIn users received an alarming email from the social media company informing them of a LinkedIn security issue. In 2012, LinkedIn was the victim of a cyber-attack that resulted in the disclosure of member account information, including email addresses, passwords and LinkedIn member IDs (an internal identifier that LinkedIn assigns to each member profile). 

When the company first reported the breach in 2012, it stated 6.5 million accounts were affected and required those members to reset their passwords. Now, LinkedIn reports that the breach affected over 100 million users whose information is currently being released online. In response, the company invalidated the passwords of any users that had not reset their password since the 2012 breach.

While some are left wondering what took LinkedIn so long to force members to change their passwords after a known breach, the revelation underscores a simple step online users can take to protect their information: password maintenance. Regularly changing passwords, using strong passwords and varying them across platforms can help prevent hackers from accessing personal information online. Many online service providers, including LinkedIn, are now also implementing two-step verification, which requires a person to use more than one form of verification to access an account. These small steps can make a big difference in protecting you –or your company’s – information online.

Data Breach, General News

FDIC under fire following recent string of data breaches

A recent data breach at the Federal Deposit Insurance Corporation (FDIC) is just one of many that have occurred in the past several months. The banking regulator is now under fire for its responses following a slew of breaches involving more than 10,000 sensitive and private data records. The FDIC was questioned about the breaches on May 12, 2016, during a hearing held by the House of Representatives Subcommittee on Oversight. Representatives criticized the FDIC, suggesting that it handled the incidents too slowly, did not notify Congress in a timely manner and failed to provide requested documents.

The FDIC was also criticized for failing to notify its employees who were affected by the breaches. It is estimated that the personal data of approximately 160,000 people have been impacted by these breaches, which occurred between October 30, 2015, and the present. The information includes names, bank account numbers and, possibly, social security numbers. According to Republican Representative Barry Loudermilk, chair of the subcommittee, the FDIC has still not notified any of these employees that their private information may have been compromised.

Evidence shows that at least seven recent breaches were caused by former employees as they were leaving the FDIC. The FDIC maintains that these breaches occurred inadvertently, but Congress is skeptical that the breaches were not intentional. One case is allegedly the subject of a criminal investigation. While the FDIC has indicated that it is completing a “top to bottom review” of its technology information policies, it appears that Congress will continue to apply pressure to the FDIC related to its response and handling of these breaches. According to Rep. Loudermilk in the subcommittee’s press release, the American people “have good reason to question whether their private banking information is properly secured by the FDIC.” 

Data Breach, General News

Krabacher quoted in Crain’s Cleveland Business regarding manufacturers and cybersecurity

Litigation and intellectual property attorney Greg Krabacher was quoted in a recent Crain’s Cleveland Business article titled, “Manufacturers beef up cybersecurity" (subscription required). The article highlights that sensitive customer information isn’t the only data cybercriminals are after; manufacturers must similarly protect their trade secrets, which have become a popular and lucrative target for online theft. According to Krabacher, manufacturers of all sizes face this threat. “[w]hile larger manufacturers have more intellectual property for hackers to steal, small companies can also be indirect targets, which means it’s important for companies to check for security when doing business with others.”

Data Breach, General News
  • 1
  • 2
  • 3