Dear Friends & Colleagues, October is Cybersecurity Awareness Month. Actually, cybersecurity awareness really needs to be every month! Below is some content for the quest. Also, happy to announce that my book "Inside Cyber" will be arriving at bookstores on October 15. You can also get a copy from the Amazon or Barnes & Noble websites. Thanks, and stay safe! Best, Chuck
Make a Commitment To Be More Cyber-Secure for Cybersecurity Awareness Month
by Chuck Brooks
Commit To Be More Cyber-Secure For Cybersecurity Awareness Month (forbes.com)
Cybersecurity Awareness Month is approaching. Any businesses and organizations, no matter how big or small, can be hacked in today's digital world. That is a fact of our digital lives. However, not enough companies or people prepare to avoid a breach that could significantly impact their operations, brand, reputation, and income streams.
Cyberattacks on all companies, especially small and medium-sized ones, are happening more often, more precisely, and with more complicated methods. An Accenture Cost of Cybercrime Study released not long ago found that 43% of cyberattacks target small companies, but only 14% are ready to defend themselves.
And criminal hackers are doing it more often as internet connectivity grows. They are using machine learning to find holes in the defenses of their targets and to automate their attacks. Enabled by emerging technologies, hackers now operate faster, smarter, and more deadly strikes. They also share tools that are available on the Dark Web as part of their operational strategy. Threat actors include country states, criminal groups, and hacktivists, among others.
It is not always necessary for hackers to use the newest and most advanced software to be successful. Criminal hackers can do it easily. When it comes to online frauds, they usually look for the most vulnerable target at the best time. A very tough problem is keeping up with the growing complexity of socially engineered threats, especially deep fakes, by threat actors.
Cybersecurity knowledge leads to good risk management
Even though everyone is open to cyberattacks, there are ways to help reduce the danger. Starting with a plan for managing risks and being vigilant is the first step. A comprehensive risk management strategy should also include data privacy, application security, cyber vulnerability risk assessments, network access configuration, cyber hygiene best practices, use policies and permissions, and education and training,
. That includes people, methods, and tools. Cyber-awareness in simple terms means being alert, finding gaps, evaluating weaknesses, and having plans in place to protect yourself or company.
In today's increasingly unstable digital cyber risk environment, a security plan for managing risk needs to be both all-encompassing and flexible from dangers.
For businesses and groups to be successful, they need to know how to handle risks and understand the distinct types of threats and people who pose those threats. Their information should also include the National Institute of Standards and Technology (NIST) Framework's guiding principle: identify, protect, detect, respond, and recover.
Simple steps can be taken to make cyber-defenses stronger and raise awareness. These include updating and patching vulnerable software must be done regularly. Many businesses and groups are annoyingly slow or even careless when it comes to installing patches that would stop breaches. Given the large amount of malware that is out there and the growing number of attack surfaces, fixing has become particularly important. System and app updates are unnecessary and can be avoided at all costs.
The Importance of Cyber-Hygiene
Being cyber-aware really starts with practicing good cyber-hygiene. Do not click on the Phish! Criminal hackers prefer phishing because it is easy to do and works most of the time. The best advice is to not click on files you do not know anything about. You should pay close attention to website URLs to make sure they are real and not fakes, because hackers use automated phishing tools and good graphics that can look exactly like banks and company logos. Be especially careful of junk that contains fake job offers, bills for things you did not buy, and messages from your company that do not seem to belong. Additionally, it is recommended that you always make sure that email senders are who they say they are and be careful when opening any files.
Additionally, good online hygiene includes using strong passwords and multi-factor authentication that are hard to circumvent through social engineering. In addition, using multiple forms of authentication is a smart move that can help stop attempts that are not as technically advanced.
Training workers to spot malware and phishing attacks is important in today's business world.Good cyber hygiene means string identity access management policies. An administrator should monitor access to sensitive data, and limit information to which they can be accessed only by given permissions.
Any business and individual should also be cognizant of the growing impact of emerging technologies on the digital ecosystem.Artificial intelligence (AI), machine learning, the Internet of Things (IoT), 5G, virtual and augmented reality, and quantum computing are all part of the present cyber-threat and defense scenarios.
AI in particular can enhance the automation tool chest via horizon scanning technologies, analytics, audits, incident alert tools, diagnostics, and even self-repairing software. Real-time analysis and threat identification have now been made possible by AI and ML algorithms. Businesses will increasingly be able to keep an eye on what is happening within their system and identify any unusual behavior. At the same time, they need to be ready to defend against criminal hacker’s adversarial use of AI to facilitate phishing, discover gaps on networks, and expand polymorphic malware attacks. (please see my new book, Inside Cyber: How AI, 5G, IoT, and Quantum Computing Will Transform Privacy and Our Security Amazon.com: Inside Cyber: How AI, 5G, IoT, and Quantum Computing Will Transform Privacy and Our Security: 9781394254941: Brooks, Chuck: Books
Being resilient requires a plan.Have an incident reaction plan ready in case you are the victim of a breach. That plan should also include the possibility of calling the police to help get the files back and find out who is stealing them.
Protect your devices with anti-malware and anti-ransomware platforms and technologies, like firewalls and email filters, for both businesses and people. Software tools that can find strange things, analyze user behavior, and help stop threats are being made possible by innovative technologies like machine learning (ML) and artificial intelligence (AI). Computers can also use machine learning and artificial intelligence to make their systems safer.
Everyone who uses the internet, including businesses and regular people, should remember to back up any important or private files. Using the right backup methods does not take much time or money, and they can protect your business in case of a breach. The files should also be encrypted in case there is a leak.
Management Security Services (MSS) and Managed Service Providers (MSP) are practical choices for small and medium-sized businesses that do not have enough resources to handle security issues on their own. Monitoring networks, providing necessary cybersecurity tools, and threat assessments are all things that many companies can do. Businesses and industries that do not have (or cannot afford) the internal subject matter knowledge or capabilities to handle increasingly complex breaches can save money by using MSS.
One last thing that needs to be done for risk management is sharing information about threats, especially through public/private cooperation. Sadly, many small and medium-sized businesses do not have the tools and knowledge to deal with the growing number of cyber-threats. In a harsher reality, many underserved communities and small companies do not even know what cyber-threats they face. This kind of sharing will help people who did not know about the latest bugs, malware, phishing attacks, and ransomware stay safe. Governments could also suggest or share cyber defense tools in addition to data to make shields stronger.
Supporting cybersecurity knowledge through Cybersecurity Awareness Month is especially important, but it cannot just happen once a year; it has to be an ongoing effort. Consistent efforts to raise knowledge about cybersecurity are important. Improving cooperation between the government and businesses is the smartest way to help reduce online threats by teaching people who do not know about them.
My New Book!
Available on Amazon at: Amazon.com: Inside Cyber: How AI, 5G, IoT, and Quantum Computing Will Transform Privacy and Our Security: 9781394254941: Brooks, Chuck: Books and at bookstores after October 15
Inside Cyber: How AI, 5G, IoT, and Quantum Computing Will Transform Privacy and Our Security 1st Edition
Discover how to navigate the intersection of tech, cybersecurity, and commerce
In an era where technological innovation evolves at an exponential rate, Inside Cyber: How AI, 5G, and Quantum Computing Will Transform Privacy and Our Security by Chuck Brooks emerges as a critical roadmap for understanding and leveraging the next wave of tech advancements. Brooks, a renowned executive and consultant, breaks down complex technological trends into digestible insights, offering a deep dive into how emerging technologies will shape the future of industry and society.
In the book, you'll:
- Gain clear, accessible explanations of cutting-edge technologies such as AI, blockchain, and quantum computing, and their impact on the business world
- Learn how to navigate the cybersecurity landscape, safeguarding your business against the vulnerabilities introduced by rapid technological progress
- Uncover the opportunities that technological advancements present for disrupting traditional industries and creating new value
Perfect for entrepreneurs, executives, technology professionals, and anyone interested in the intersection of tech and business, Inside Cyber equips you with the knowledge to lead in the digital age. Embrace the future confidently with this indispensable guide.
From Bored Panda
by Chuck Brooks
45 Scammers Who Got ‘Destroyed’ By The People They Were Trying To Rip Off (New Pics) | Bored Panda
There are many scams, but social media and artificial intelligence has exacerbated the scourge of spoofing. Spoofing is when someone says they are you to get private data, accounts, or information. Most of the time, it's done through a phishing email or text message that looks like it came from a trusted source, like Amazon, Microsoft, your bank, or even your place of work. It's often called "spear phishing" when it's aimed at business leaders. Ominously, ransomware is often downloaded when people fall for a fake. Then the demands come to the victim for payment, often in crypto currencies or prepaid charge cards.
In the past, it was easy to spot spoofs because they often had misspelled words, bad images, and claims that didn't make sense. That's no longer the case thanks to technology and threat players who are smart enough to fool almost anyone. People can spoof emails, websites, texts, and even IP addresses by making fake ones. And worse, generative AI can create deep fakes in video and audio that seem authentic.
Always being on the lookout is the best way to stop and spot spoofs. Make sure it's really the writer before clicking on any links in emails or on websites. In addition, you should get anti-virus and spoof detection software, and you might want to use packet blocking software, which is sold by many companies. Always encrypt your most important and private data, that way if someone steals your identity, the data won't be easy to move.
The goals of spoofing is to exfiltrate data, extort ransoms, or steal Identities. Identity theft is the fraudulent acquisition and use of a person's private identifying information, usually for financial gain and it is a growing global problem..
The reason for the increased rate of identity fraud is clear. As we become more and more connected, the more visible and vulnerable we become to those who want to hack our accounts and steal our identities. The surface threat landscape has expanded exponentially with smartphones, wearables, and the Internet of Things so there are plenty of targets to phish.
Criminal hacking gangs and fraudsters often use social media to help engineer their phishing and malware attacks. They can garner a great deal of information such as birthdates and personal histories on social media posts to tailor their attacks With the development of machine learning algorithms and artificial intelligence, social engineering attacks have become much more sophisticated as they can more easily seek out vulnerabilities and automate phishing and ransomware attacks on a grand scale. And when they succeed in stealing identities, the hackers often share them or sell them on the dark web to other criminals.
Below are five suggested actions that I recommend companies and people take to hep ameliorate identity theft:
1) Use multifactor authentication. This is an integral step in preventing identity theft because raises the bar toward stealing your password by requiring two or three steps to access data. Also, you can use biometrics such as facial recognition, an eye scan, or a thumb print to add an additional level of security.
2) Hackers are quite adept at guessing passwords especially when they have insights into where you lived in the past (street names), birthdays and favorite phrases via social engineering on social media. Use strong passwords and change them regularly can also complicate hacker tasks. Also consider a password manager if you use a variety of sites.
3) Maintain a separate computer to do your financial transactions and use it for nothing else. Also, consider using encryption software for valuable data that needs to be secured.
4) It is also prudent to monitor your credit scores, your bank statements, and your social accounts on a regular basis. There are several reputable monitoring organizations that provide account alerts that are very helpful in that awareness quest. The quicker you detect fraud the easier it is to handle the issues associated with identity theft.
5) Finally, if you get breached, have a plan in place to reach out immediately to your key vendors and connections. If the breach is especially serious, do contact law enforcement authorities as it might be part of a larger criminal enterprise that they should know about.
Theft and use of someone else's private information without their permission, usually to make money, is called identity theft. Identity theft is on the rise, and it's easy to see why. Criminals who want to hack our accounts and steal our identities can see us and find us easier as we become more linked. Smartphones, wearable tech, and the Internet of Things have vastly increased the number of public threats. This means that there are many more people to phish.
Social media is often used by hacking groups and scammers to plan their phishing and malware attacks. On social media posts, they can find out a lot about people, like their birthdates and personal lives, which helps them target specific people. More advanced social engineering attacks are now possible thanks to machine learning algorithms and artificial intelligence. These technologies make it easier to find weaknesses and run large-scale phishing and ransomware attacks automatically. Once hackers get their hands on someone's identity, they often give it to other crooks or sell it on the dark web.
What I think companies and people should do to help stop identity theft are the following five things:
2) Use more than one way to prove who you are. By making it take two or three steps to get to your data, this is an important step in avoiding identity theft because it makes it harder for someone to steal your password. Besides that, you can add an extra layer of protection with biometrics like a fingerprint, an eye scan, or facial recognition. 2) Hackers can easily figure out passwords if they know things like the street names where you used to live, your birthday from social engineering on social media. Make it harder for hackers by using strong passwords and changing them often. 3) Keep a different computer that you only use for paying bills and conduction financial activities. And if you need to protect important info, you might want to use encryption software.
4) It's also a good idea to keep an eye on your credit reports, bank statements, and social media accounts on a daily basis. You can get account alerts from a number of trustworthy tracking services, which can help you raise awareness. An easier way to deal with identity theft problems is to catch scams as soon as possible. If your security is broken, you should have a plan for how to contact your important suppliers and contacts right away.
Chuck serves as President and Consultant of Brooks Consulting International with over 25 years of experience in cybersecurity, emerging technologies, marketing, business development, and government relations. He helps Fortune 1000 clients, organizations, small businesses, and start-ups achieve their strategic goals and grow their market share.
Chuck also serves as an Adjunct Professor at Georgetown University in the Cyber Risk Management Program, where he teaches graduate courses on risk management, homeland security, and cybersecurity. He designed the course that he teaches called “Disruptive Technology and Organizational Management” which is a course quite popular with students.
Chuck Brooks has received numerous global accolades for his work and promotion of cybersecurity. Recently, he was named the top cybersecurity expert to follow on social media, and also as one top cybersecurity leaders for 2024 along with a very select group of industry and government colleagues. He has also been named "Cybersecurity Person of the Year" by Cyber Express, Cybersecurity Marketer of the Year, and a "Top 5 Tech Person to Follow" by LinkedIn” where he has 116,000 followers on his profile. He has 57,000 subscribers to his newsletter "Security and Tech Insights."
As a thought leader, blogger, and event speaker, he has briefed the G20 on energy cybersecurity, The US Embassy to the Holy See and the Vatican on global cybersecurity cooperation. He has served on two National Academy of Science Advisory groups, including one on digitalizing the USAF, and another on securing BioTech. He has also addressed USTRANSCOM on cybersecurity and serves on an industry/government Working group for DHS CISA focused on security space systems.
Chuck is also a contributor to Forbes, The Washington Post, Dark Reading, Homeland Security Today, Skytop Media, GovCon, Barrons, The Hill, and Federal Times on cybersecurity and emerging technology topics. He has been a leading voice in risk management keynoting dozens of conferences and writing over 350 articles relating to technologies and cybersecurity.
In his career, Chuck has received presidential appointments for executive service by two U.S. presidents and served as the first Director of Legislative Affairs at the DHS Science & Technology Directorate. He has also served in executive roles for companies such as General Dynamics, Rapiscan, and Xerox.
Chuck has an MA from the University of Chicago, a BA from DePauw University, and a certificate in International Law from The Hague Academy of International Law.
GovCon Expert Chuck Brooks Praises DHS Tribal Cybersecurity Grant Program - GovCon Wire
Earlier this Summer, the Department of Homeland Security (DHS), through the Federal Emergency Management Agency (FEMA) and the Cybersecurity and Infrastructure Security Agency (CISA), announced more than $18.2 million in Tribal Cybersecurity Grant Program (TCGP) awards to assist Tribal Nations with managing and reducing systemic cyber risk and threats.
This action was long overdue as Native Americans have been at the forefront in contributions to US national security. Native Americans have served in the U.S. military in every major conflict for 200 years, and at times at a higher rate than any other demographic. This is proportionally more than any other ethnic group and is the highest number of soldiers per person defending the homeland.
“Native Americans have not received enough public recognition for their support of national and homeland security .They have served in every major military conflict since the Revolutionary War. “ In the 20th century, more than 12,000 Native Americans served in World War I, and 10,000 Native women joined the Red Cross. During World War II, over 44,000 Native Americans – American Indians served, including 800 women.”Understanding America: The Legacy of Native American Military Service - United States Department of State
Today, there are more than 24,000 American Indian and Alaskan Native men and women on active duty, and more than 183,000 veterans identify as American Indian or Alaska Native. Twenty-nine service members of Native American heritage have been awarded the Medal of Honor for valor.
In 2016, I authored an article of Indian Country News, and Homeland Security Today in it I stated that “the majority of people who live on tribal land are not getting the education and training they need to take advantage of chances in the new digital economy. Numerous factors have led to a lot of young Native Americans living in poverty and with little chance of improving their financial situation. The situation could be improved by investing in and training staff that could provide jobs in cybersecurity and data analytics.
Right now, both the private and public sectors are seriously lacking skilled cybersecurity workers. Industries, universities, Congress, and the federal and state governments should all work hard to train the next generation of cybersecurity experts and data analysts from many of India's impoverished areas. Creating a new sense of economic destiny is possible when you teach useful work skills and match them with chances. Many benefits would come from the government, businesses, and universities investing in a fast-tracked cybersecurity program for Native Americans that includes internships and fellowships to give them real-world experience. Moreover, it would improve the country's ability to find skilled digital workers.
Native Americans have a long history of commitment and service to the United States. Department of Homeland Security (DHS) cooperation with Native Americans has already made a significant difference in keeping our borders safe, especially in remote places where drug smugglers and legal immigrants try to get in. Primarily, DHS's FEMA is working with Native Americans to get ready for situations. According to FEMA's Center for Domestic Preparedness, Native Americans from 23 tribes and 10 states are being trained to help with large-scale disasters caused by nature or human causes.
Government departments like the Department of Homeland Security and others, like the Department of Defense, are looking to hire qualified cybersecurity professionals and analysts. Bringing these Native Americans into the digital economy will only take a coordinated effort and investments in people. This will also improve the safety readiness of both the government and businesses.
A model for this kind of funding already exists in the government. The Cybersecurity Veterans Hiring Pilot program was started by the Department of Homeland Security. The Pilot was meant to support the Department's efforts to hire more cyber professionals and give soldiers more chances to keep working in cybersecurity for the country. Along with the addition of a new trial program, DHS hopes to copy the success of the Native American veteran cybersecurity program. Creating a Native American cybersecurity and digital analytic pipeline would not require a large infrastructure investment, but there are no set program guidelines because this is just an idea.
The parts are already there, and a program could grow out of a clearly defined public-private partnership goal. As the lead for tribal affairs and consultation at the Department of Homeland Security, the Tribal Desk in the Office of Intergovernmental Affairs (IGA) might be a good place to start talking about a possible Native American cybersecurity pilot project.
As an example, caring businesses like Google, Microsoft, Samsung, Apple, and many more could give computers to Indian schools and job training centers. Many groups, including universities, colleges, associations, foundations, and companies, could also help by using the right technology. Individualized classes, run in person or online, could make this possible. Additionally, separate groups could help make the courses needed to get certificates and even degrees in both cybersecurity and data analytics. Additionally, the government could support this work by giving money, internships, fellowships, and security training. By working together and sharing ideas and resources, making a digital job path for Native Americans will be a project that benefits many. As Native Americans have always been patriotic and committed to public service, it is now time to help them learn how to use technology in the modern world.”
Less than a decade later I am excited to see that some of my proposals have come to fruition in rewarding Native Americans for their service and helping prepare and train them to work in digital security as part of the cyber work force. The Tribal Cybersecurity Grant Program hopefully will make a difference.
The DHS Tribal Grant Program, “in addition to helping Tribal governments address cybersecurity risks and threats to their information systems, TCGP is enabling DHS to provide targeted cybersecurity resources that will improve the security of critical infrastructure and resilience of the services that Tribal governments provide to their members. The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Emergency Management Agency (FEMA) jointly manage the TCGP. CISA provides cybersecurity programmatic subject-matter expertise by defining goals and objectives, reviewing and approving cybersecurity plans establishing measures of effectiveness, and organizing Objective Review Panels to review and score applications.
Digital threats impacting American Indian and Alaska Native tribes are increasing and becoming more complex, and tribal sovereignty creates unique cybersecurity challenges for these communities who for far too long have been underfunded and under-resourced.
DHS respects the sovereignty and self-determination of Tribal governments and recognizes the intent of Congress to provide flexibility to Tribal governments to meet cybersecurity needs across Indian Country through the TCGP. The framework of the program was made as a result of nation-to-nation consultations with tribal representatives across the country and is intended to support tribal cybersecurity resiliency.” Tribal Cybersecurity Grant Program | CISA
- By Chuck Brooks (President, Brooks Consulting International)
Original link of post is here
Comments