Amy Zegart has a new book: Spies, Lies, and Algorithms: The History and Future of American Intelligence. Wired has an excerpt:

In short, data volume and accessibility are revolutionizing sensemaking. The intelligence playing field is leveling­ — and not in a good way. Intelligence collectors are everywhere, and government spy agencies are drowning in data. This is a radical new world and intelligence agencies are struggling to adapt to it. While secrets once conferred a huge advantage, today open source information increasingly does. Intelligence used to be a race for insight where great powers were the only ones with the capabilities to access secrets. Now everyone is racing for insight and the internet gives them tools to do it. Secrets still matter, but whoever can harness all this data better and faster will win.

The third challenge posed by emerging technologies strikes at the heart of espionage: secrecy. Until now, American spy agencies didn’t have to interact much with outsiders, and they didn’t want to. The intelligence mission meant gathering secrets so we knew more about adversaries than they knew about us, and keeping how we gathered secrets a secret too.

[…]

In the digital age, however, secrecy is bringing greater risk because emerging technologies are blurring nearly all the old boundaries of geopolitics. Increasingly, national security requires intelligence agencies to engage the outside world, not stand apart from it.

I have not yet read the book.

Read More

Let’s face it – we would not be the same people we are today if it wasn’t for the internet. The internet has opened our eyes to so much information that we are privileged to have right at our fingertips. However, it’s important to remember that with so many individuals with access to the web, it can quickly become a place where rumors are spread, cyberattacks are cast, and misinformation arises. At McAfee, we are committed to protecting both you and your family.  Together, through education and online protection, we can work together to experience a better internet for everyone. On this Safer Internet Day, here are our top 5 recommendations: 

For Parents 

With a connected family, it’s important to pay attention to what your family members are connected to (IoT devices in the home, smartphones, tablets, etc.) and how they interact online. Maybe your son is an avid gamer, or your teenager is a social media mogul who enjoys tweeting and scrolling through TikTok. As a parent, you play a crucial role in setting an example for your children and loved ones. So, it’s important to teach them how to use the internet responsibly. Here are some tips for helping your family stay safe online:  

Set up parental controls, if necessary. While your child’s device plays a key role in connecting them to the outside world, that same device can also expose them to cyberbullying, predators, risky behavior, and self-image struggles. If your child has started to ignore their homework and other family responsibilities, they are oversharing online, or they won’t give you their device without a fight, it may be time to consider setting up parental controls.  
Make sure your child has a healthy relationship with social media. Any activity in excess can cause harm – social media included. If your child’s screen time is climbing due to excessive social media scrolling, help them to establish new habits like setting a device curfew and educating them on the effects of too much screen time.  
Teach your family about best practices for securing their online accounts. Using strong passwords and multi-factor authentication can make your family’s internet experience better, providing protection against common online threats.  

For College Students 

In a time when students are reliant on connectivity to be successful in their education, it’s important that they connect to the internet safely. Ensuring a safe connection can prevent any security hiccups from standing in the way of you and your degree. If you are a college student, follow these tips to help you stay safe in a hybrid or distance learning environment:  

Use a VPN when connecting to your university’s Wi-Fi network. Avoid hackers infiltrating your connection by using a VPN, which allows you to send and receive data while encrypting, or scrambling, your information so others can’t read it. VPNs also prevent hackers from gaining access to other devices connected to your Wi-Fi.   
Choose an encrypted online conferencing tool. Does the video conferencing tool you’re considering use end-to-end encryption? This ensures that only meeting participants can decrypt secure meeting content. Additionally, be sure to read the privacy policies listed by the video conferencing programs to find the one that is the most secure and fits your needs.    

For Working Professionals 

Regardless of your industry, you are likely to rely on the internet to do your job. Restaurant workers use online POS systems, bank tellers require access to their customers’ online accounts – the list goes on. With so much of your day spent online, it’s important to keep internet safety best practices top of mind so you can continue to work free from potential cyber interruptions. No matter what career path you are on, following these tips can help you stay safe online and continue to do your job with confidence:  

Be on the lookout for phishing scams targeting employees and their companies. Hackers will oftentimes target employees with phishing campaigns to access sensitive corporate data. If you receive an email, text, or phone call prompting you to take immediate action and log in to an account, make a payment, confirm personal information, or click on a suspicious link, it’s likely a phishing scam. Send a screenshot of the suspicious message (never forward!) to your company’s IT team to confirm, and then delete the message.  
Separate personal and business devices. Set boundaries between your personal and work life, including the technology you use for both. Avoid sharing your company’s devices with family members who are not aware of the best security practices, especially children. Also, keep personal accounts separate from company accounts to prevent sharing information through personal channels. 
Adhere to company policies and standards. Ensure you understand your company’s policies and confidentiality agreements when it comes to sharing files, storing documents, and other online communications. Use company-approved cloud applications that follow strict security standards to avoid inadvertently exposing sensitive company information through unsecured means. This measure can also apply when using video conferencing software. Limit the amount of sensitive information shared via video conferencing platforms and through messaging features just in case uninvited hackers are eavesdropping. 

For Entertainment Seekers  

If you can dream it, you can stream it. With so much media at your fingertips, it’s important to remember that cybercriminals tend to focus their threats on trending consumer behaviors. For example, cybercriminals will tend to focus their scams on popular TV shows or movies in the hopes that an unsuspecting user will click on their malicious download. Because streaming has become so popular in recent years, consumers should prioritize the safety of their online streaming platforms like Spotify, Netflix, Hulu, etc. Here are some ways to stay protected while streaming:  

Watch what you click. Be cautious and only access entertainment content directly from a reliable source. The safest thing to do is to subscribe to a streaming site that offers the content or download the movie from credible websites, instead of downloading a “free” version from a website that could contain malware. 
Refrain from using illegal streaming sites. Many illegal streaming sites are riddled with malware or adware disguised as pirated video files. Do your device a favor and stream the show from a reputable source. 

For Mobile Moguls  

As technology has become more advanced, we’ve become accustomed to the many benefits that come with taking our devices with us everywhere we go. For example, we can deposit checks from home with our mobile banking apps and can use vehicle location services on our phones to remind us where we parked. Here’s how you can stay protected while on-the-go:  

Use a mobile security solution. Protect your pocket-sized digital life with a reliable solution like McAfee Mobile Security. It actively shields you from malicious links or websites, unauthorized third-party activities, and even phishing scams. Additionally, it allows you to connect safely with a VPN and regularly scans your device for unwanted threats.  

“There’s no doubt the internet has brought so many benefits to our daily life,” says Alex Merton-McCann, McAfee’s Cyber Safety Ambassador. “I honestly can’t imagine life without it! But in order for us all to continue benefiting from its many pluses, we all have a responsibility to make it a safe and enjoyable place. So, let’s #playitfaironline and commit to being respectful and kind towards each other online to ensure life online is safe and enjoyable for us all!” 

Check out #SaferInternetDay and #SID2022 hashtags on social media to be a part of the conversation. 

The post How We Can All Work Together For a Better Internet appeared first on McAfee Blog.

Read More

The salary guide provided the median salaries across 10 major job roles in cybersecurity

Read More

Last month, as North Korea’s supreme leader Kim Jong-un oversaw a series of sabre-rattling hypersonic missile tests, cyber attacks disrupted the country’s internet infrastructure. But who was responsible?

Read more in my article on the Hot for Security blog.

Read More

This blog was written by an independent guest blogger.

Cybersecurity and climate change. These two issues seem, at least on the surface, like they couldn’t be farther apart. One conjures Matrix-like, futuristic visions of tech bros and shadowy figures hunched over laptops. The other, third-world dystopias, famine, and mass extinction.

However, a deeper dive into these important global concerns shows that they are more intrinsically connected than you think. In fact, some experts believe that climate change is the biggest security threat mankind has ever faced. That includes cybersecurity, and these are issues that affect everyone on the planet to varying extents.

How exactly does climate change impact cybersecurity, what are the economic impacts of these issues, and what can we do to mitigate the problem?

In the words of Zach Stein, co-founder of Carbon Collective, a first of its kind investment advisory firm that focuses on solving climate change through targeted investments and divestments: “We can’t take these all-or-nothing views. The world is nuanced. It means we need to give room for people and companies to improve.”

Where climate change-related security threats originate

Climate change poses a national security threat that extends far beyond our borders. We now experience 100-year weather events annually, Diminished biodiversity adversely affects the food chain and resource availability, as do droughts and extreme flooding. These problems lead to social anxiety and unrest, contribute to mass migration and displacement, and make us all more vulnerable.

Between pandemics and work/school closings due to inclement weather, more people are working and learning from home. However, many business owners and school administrators don’t prioritize even the most basic cyber security best practices for home-bound students and workers. This increases the attack surface and puts more business owners, government agencies, and individuals at risk for cybercrime.

Crime is also increased by economic stress.

Desperation leads to desperate acts. During such times, you’ll see an increase in scams, identity theft, and hacking exploits. You also have politically or socially motivated hacks by persons on both sides of the climate change argument, either in an effort to make a statement, prove a point, or benefit financially from instability.

The environmental and financial impact of cyber crime

The increased use of computing resources due to a surge in remote work, blockchain mining, and supercomputing also contributes to climate change. People who no longer trust financial institutions due to prominent hacks and leaks are shopping and trading online or putting their money in cryptocurrencies.

This poses its own set of climate-related and cybersecurity threats.

In 2019 alone, Bitcoin mining consumed more energy than the entire country of Switzerland. Data centers accounted for two percent of the world’s total power consumption that same year, and that was before the use of such centers really exploded. Internet usage accounts for another 10 percent of global energy consumption.

Infrastructure investment, resource mining, and fossil fuel production contribute to negative economic, supply chain, and environmental impacts. These and related industries have long been favorite targets of cyber criminals. The 2021 ransomware attack on the Colonial Pipeline cost the company $4.4 billion to end, and resulted in untold damage to the company’s finances and reputation, This was merely one out of hundreds of such attacks on energy producers and related organizations,

The economic impact of energy sector security hits companies, workers and their families, and consumers who have to pay in loss of service or income and increased prices.

Veering away from dependence on fossil fuels toward more sustainable energy sources is a start.

Here are a few more solutions.

Combating the twin threats of climate change and cybercrime

At their annual meeting in Davos, a consortium of world business and economic leaders compiled the 2022 Global Threat Report. Among their findings was the fact that it will take a unified, global effort to head off long-term climate catastrophe. This includes a more aggressive approach toward mitigation and greater investment in sustainable energy.

However, it will take more than energy conservation or performing the occasional risk assessment to combat these issues. Some concrete measures that can reduce vulnerabilities toward cybercrime and climate change include:

• Exploring new technologies. Crypto-mining platforms have committed to exploring methods that use fewer resources during the cryptomining and NFT minting process. This includes use of Hyperledger Fabric to centralize block creation, initiating blockchain smart contracts for easier validation, and developing more efficient cooling methods for data centers and supercomputers.

• Educating stakeholders. This includes not only teaching users basic security practices but also educating them on how to spot and avoid scams, such as identifying misinformation about climate-related emergencies. From the design and security side, baking cyber security into app and platform design, reducing the risk matrix, and proactive cyber security practices are methods to reduce the cost and risk.

Business leaders and IT professionals should include climate change in their risk assessment protocols and procedures. For example, having a backup plan in the case of a weather or cybercrime event that limits business disruption and prevents accidents like spills or leaks. Incentivizing companies to invest in smarter, sustainable technologies and reducing environmental risk will also make a huge impact.

• Increasing cybersecurity investment. Businesses in the tech, financial, and energy sectors should prioritize cybersecurity spending, invest in more efficient production technologies, and upgrade or replace vital infrastructure. It’s also incumbent upon government intelligence agencies and policy makers to set up dedicated departments, platforms, and unified protocols to assess, prevent, and combat climate change and cyber security threats.

• Deploying technologies to prevent climate-related disasters. This is in addition to hardening critical infrastructure and prioritizing proactive cyber security and risk identification. For a start, asset management, resource allocation, and equipment maintenance can be automated using AI-based technologies.

Final thoughts

Instability, food insecurity, and widespread environmental damage contribute to the kind of despair and hopelessness that leads to mass unrest and criminal behavior. Desperate conditions lead to desperate acts. They also increase the number, methods, opportunities of people willing to take advantage of social disruption and decline.

Proactive cybersecurity won’t reverse the effects of climate change. However, it will help reduce the financial and economic impact of global warming on businesses, individuals, and society at large.

Read More