Drone technology a “next step for security research”

While recent news has highlighted the negative aspects of drone use, including potential threats to physical safety (take for example White House drone crashes and a father/son armed drone concoction), interest in the cyber impact of drones is rapidly increasing. As drone technology advances, both the “good guys” and the “bad guys” are racing to use unmanned aerial devices to gain control over data. A Christian Science Monitor article reveals that mini laptop-like drones have become a popular tool for hackers. Likewise, companies have been able to use similar technology to protect their networks from cybersecurity vulnerabilities. Drone experts are citing UAV research as an important “next step” in online security, implying that it is likely only the beginning of the impact drones may have on cybersecurity issues. 

General News, Prevention

Columbus, Ohio: America’s first smart city

Columbus, Ohio, was recently announced the winner of the United States Department of Transportation’s (DOT) “Smart City” Challenge. As the top city in this lucrative competition, Columbus will receive $40 million from DOT and $10 million from Vulcan, Inc., a company founded by Microsoft Corp. co-founder Paul Allen. This $50 million award will be matched with $90 million from the city’s business and community partners. The goal of the project is to specifically infuse cutting-edge technology into the city’s transportation system in an effort to improve mobility for Columbus residents.

While the city’s proposals show an impressive and holistic vision for how technology can help Columbus residents with more accessible and efficient transportation, this unique opportunity invites cybersecurity risks that cannot be ignored. As we’ve seen with other recent technological advances including drones, advanced surveillance, self-driving cars and robotics, new technology can lead to vulnerabilities in cybersecurity and increased risk of cyber-attacks.

For example, Columbus’ proposal includes the establishment of three electric self-driving shuttles, a new bus rapid transit center, street-side mobility kiosks, smart lighting and more in hopes of connecting more residents to jobs, improving access to health care in neighborhoods and increasing safety. But what happens when autotomized services are interrupted or become inaccessible? Could a smart city quickly recover from a technology glitch or cybersecurity breach? Commuting would be forced to a halt. Electricity services could be suspended. Streets may be darkened. Public services, such as garbage collection, mail delivery or public utilities, could also be affected.

Many agree that now is a good time to promote technology in cities. As more people choose urban lifestyles, a wide range of innovations are in reach to aid in the design and operation of growing cities, like Columbus. However, the more interconnected and interdependent cities become on technology, the greater the impact an attack will have the innovative systems they rely on.

As the winner of this unprecedented competition, Columbus has a great opportunity to be a leader in technological innovation, specifically in the transportation world. In order to protect the public and protect the advancements, the city must seriously consider the possibility of cyber attacks and other cybersecurity implications of becoming a smart city.  

General News, Prevention

Public and private sectors agree: Investment needed in banks’ cybersecurity

The Federal Reserve (the Fed) recently announced that it will participate in a study to determine how effective the central bank is at overseeing cybersecurity practices in the financial industry. The Fed’s Office of Inspector General (OIG) will be conducting the internal audit and plans to release the findings in the fourth quarter of this year.

The announcement comes on the heels of congressional inquiry into the Fed’s security practices in light of the attempted theft of $951 million from a Federal Reserve Bank of New York account held by Bangladesh Bank, the South Asian country’s central bank. While the N.Y. Fed successfully blocked 30 transactions that would have totaled an $850 million withdrawal, five transactions totaling $101 million were successful.

The OIG study will be the first public report to detail how strictly the central bank holds the financial industry to the regulations that are in place to protect from hackers and other criminals. “The growing sophistication and volume of cybersecurity threats presents a serious risk to all financial institutions,” according to the OIG. Mary Jo White, Chair of the Securities and Exchange Commission, described attacks like the one against the N.Y. Fed as the biggest risk currently facing the financial industry.

This sentiment seems to be echoed by the private sector as well. An international survey conducted by Kaspersky Lab and B2B International found that among businesses around the globe, protection from cyberattacks ranked amongst their highest priorities. Of the 5,500 businesses surveyed, 41 percent have invested in an in-house solution for protecting their financial transactions and 45 percent use a bank-provided solution.

While the investment rate is prolific, firms’ confidence in their ability to thwart an attacker is not so widespread. The most confident sector — the telecommunications industry — reported confidence with their fraud security at a 70 percent rate.  Only 67 percent of financial institutions reported their confidence in the same. Forty-seven percent of the firms surveyed indicated that their protections needed improvement.

Looking at the financial industry specifically, 48 percent of the respondents “admitted what they do to address the problem can be described as ‘mitigation’ rather than ‘prevention.’”  One of the largest concerns for banks – (38 percent of the organizations surveyed agreed it’s a problem for them) is distinguishing an attack from normal customer activity.  

General News, Prevention

Unauthorized access: A growing problem with a straightforward fix

Starting this week, an undisclosed number of U.S. citizens will be receiving notice that their credit card information may have been compromised. Acer, a Taiwanese multinational hardware and electronics corporation, believes it was the target of an unauthorized access data breach that potentially spanned a period of 11 months. The company announced that users of it e-commerce website may have had their private information, including “names, addresses, payment card numbers, card expiration dates, and three-digit security codes (CVV numbers),” compromised.

Unauthorized access occurs when an individual “gains access to a website, program, server, service, or other system using someone else’s account or other methods.” According to an IBM study, in 2014, incidents of this kind accounted for 37 percent of the most frequently occurring cybersecurity incident categories. In 2015, that number rose by 8 percent. This means that unauthorized access incidents account for almost half of the most frequently occurring security incidents.

Those numbers may leave many concerned about the strength of their cybersecurity networks. Fortunately, following a few simple steps can make all the difference in avoiding a breach:

  1. Hardware disk encryption. The most commonly used method for data security, disk encryption converts data into unreadable code which unauthorized users cannot access or decipher. Disk encryption can also take place through software rather than hardware, but this poses a greater risk, because a malicious hacker can easily corrupt the data.
  2. Firewall. A strong firewall is essential to protect your network from unauthorized access. “The firewall protects your network by controlling internet traffic that comes into and goes out of your business.”
  3. Antivirus. Just like firewall, a strong antivirus program is vital. The firewall keeps your network safe, but the antivirus keeps your files safe.
  4. Back up. Though backing up your hard drives won’t stop unauthorized access, it will prove invaluable if that hacker erases any of your system’s data.
  5. Monitor. A strong firewall and antivirus program cannot protect you if you do not run regular checks and updates. Additionally, system administrators can have alerts set up to notify them when there has been an unauthorized access attempt. Alerts like these can help you stay up to date on where, if any, of your system’s weaknesses exist.
General News, Prevention

Struggling with chip technology? You’re not alone.

By now, most of us have received a new credit card from our financial institution, which is embedded with a high-tech security device. We received these cards because the industry has made an important stride in increasing credit card security for consumers and businesses alike: Chip and PIN technology.

Chip and PIN technology is the next step forward in the ever-changing world of cybersecurity.  When a consumer buys something with a Chip and PIN-enabled card, the card produces a one-time code that authorizes the transaction.  That one-time code is unique each time there is a transaction. So, stealing the card information during that transaction is not valuable to hackers—that specific card information will be useless in the next transaction.

This new technology is much safer compared to the magnetic strips of old, but implementing the technology has proved itself difficult. As anyone with a chip-enabled card is likely aware, merchants have had trouble implementing the technology in their stores, including some of the largest retailers in the country. One of the most common cited problems with implementation is the cost associated with installing the new card readers. Also, and often most noticeable to customers, the chip and PIN system is not as fast as simply swiping a magnetic strip. The card readers can be finicky, costing both customers and retailers valuable time.

In order to reap the benefits of this new cybersecurity tactic, retailers and the credit card companies alike need to work towards fully executing the implementation of this new technology.  Not only will consumers benefit from added security, but businesses will save time and money and avoid legal liability in their attempt to combat fraud.

If your business is struggling with chip and PIN transaction challenges, hang in there. Despite the hiccups of this new technology, protecting consumers’ information to the fullest extent will be worth it in the long run.

General News, Prevention

What you need to be doing NOW about cybersecurity

Spotlighting the importance of cybersecurity risk management, Bricker & Eckler attorney Greg Krabacher will be presenting “What you need to know NOW about cybersecurity” at the 2016 Ohio Mortgage Bankers Association Annual Convention. The event takes place on Tuesday, May 3 in Columbus, Ohio.

With recent threats on personal information, financial services providers, especially, are vulnerable to cyber-attacks. While the sensitivity of the information they hold puts lenders at immense risk, those that establish a comprehensive plan and make use of industry tools and resources may avoid a catastrophic outcome should a data breach occur. Krabacher offers the following first steps:

  1. Establish a plan and incident response team
  2. Assess data breach risk and inventory personally identifiable information or confidential client information
  3. Become familiar with applicable laws and regulations
  4. Educate and train employees

For more information regarding the OMBA Annual Convention, click here

General News, Prevention

U.S Department of Homeland Security issues alert on hospital ransomware attacks

In the wake of recent ransomware attacks on hospitals, the Department of Homeland Security’s Computer Emergency Readiness Team (US-CERT) issued an alert regarding ransomware and recent variants. The alert notes that already this year, destructive ransomware variants, such as Locky and Samas, have infected computers belonging to health care facilities and hospitals. US-CERT states that the alert is “to provide further information on ransomware, specifically its main characteristics, its prevalence, variants that may be proliferating, and how users can prevent and mitigate against ransomware.”

For more, read the latest health care analysis.

Data Breach, General News, Prevention

Insuring cyber risk

Cyber risk insurance is currently one of the fastest growing segments in property/casualty insurance. With the growing demand for protection against data breaches, online hacks and cybersecurity disasters, insurance providers must determine whether expansion into stand-alone cyber insurance is worth the potential risk. 

Unlike traditional areas of insurance, where risks and loss expectations are well-modeled and understood, there is far less data available to predict cyber-attacks. The scope of a cyber-attack may spread beyond that of a natural disaster, for example, and certain losses may be covered by existing insurance products. 

Read more in the latest Cybersecurity Insight. 

General News, Prevention

Data security and the myth of ostriches

There is a common saying that those who refuse to confront or acknowledge a problem are simply burying their head in the sand, like an ostrich. Apparently, a myth exists that ostriches stick their head in the sand when facing attacks from predators. Origins of this myth date back as far back as the Bible. For the record, ostriches do not really do this — they just hide.

What does this have to do with data security, you ask? Plenty.

Read more in the latest Cybersecurity Insight

Prevention

Colleges and universities are prime cyber attack targets

A recent cyber attack at the University of California, Berkeley is just one of many recent security threats on higher education institutions. The attack on the university’s computer system, which occurred in late December, jeopardized the financial data of more than 80,000 people, including students, faculty, alumni and vendors. Similar hacking attempts at colleges and universities are becoming increasingly frequent, often occurring on a daily basis and unbeknownst to the institution. Universities are increasingly vulnerable to cyber attacks, which can be costly. However, there are a few tips in dealing with cyber events that every higher education administrator should know.

Data Breach, Prevention
  • 1
  • 2