2015 Data Breach Lessons Learned

2015 Data Breach Lessons Learned

If the past two years have taught us anything, it’s that the frequency and impact of data breaches will continue to grow if organizations do not do more to implement effective cybersecurity practices. The theft and sale of personal data is big business for profit-motivated hackers, while state and non-state actors clamor to get their hands on sensitive and potentially damaging information for various intents and purposes, from extortion to espionage.

Considering Cyber Insurance? What You Need to Know

Considering Cyber Insurance? What You Need to Know

Owning a business in this day and age can be a risky proposition. In addition to maintaining positive cash flow and keeping your customers and employees happy, you have to take steps to protect your company and assets from unexpected events that could drain your accounts and close your doors forever. Fortunately, there are many options when it comes to insurance coverage. General liability insurance covers the cost of accidents, injuries, and property damage that is inadvertently caused as a result of normal business operations. 

Keeping Your Children Safe Online

This weekend, if you’re a parent, you’re probably going to spend some time reminding your children to be careful when they head out the door to go trick-or-treating. You might tell them to walk in a group and not wander off, and to stay in safe, familiar, well-lit neighborhoods. You’ll remind them to look both ways before crossing the street and to not venture into strangers’ houses, no matter how friendly they seem.

The Future of Payments is Now

The United States is currently in the midst of the biggest transition of payment technology in several decades, as alternatives have emerged to provide a more secure option than the magnetic strip “swipe and sign” process used since the 1970s. Due to our longstanding use of this vulnerable payment process, the U.S. accounts for nearly half of the world’s credit card fraud, despite only 25 percent of global transactions occurring in the U.S.

Bots and Botnets: There Are Zombies Among Us

Bots and Botnets: There Are Zombies Among Us

October is one of my favorite months of the year – the air is crisp, the leaves are beginning to change, pumpkins are everywhere, and Halloween is right around the corner. It’s also National Cyber Security Awareness Month and, as a way to pay tribute to this wonderful time of year, I’m dedicating this NJCCIC CyberLog to the topic of zombies. 

Princeton Academy Hosts Cyber Event

Princeton Academy of the Sacred Heart was the first school to host the New Jersey Office of Homeland Security and Preparedness (OHSP) as they kicked off National Cyber Security Awareness month. On Thursday, October 1, Director for Cybersecurity Dave Weinstein visited with Princeton Academy Middle School students to discuss the growing and evolving cyber landscape, online safety and the responsibility of all digital citizens.

Malvertising: More than a Nuisance

Malvertising: More than a Nuisance

Malicious advertising, more commonly known as malvertising, has been around since at least 2007 but has quickly ascended on the list of everyday Internet threats due to the prevalence of online advertising in today’s digital media environment, where consumers expect free content in exchange for exposure to advertising. 

Vehicle Cybersecurity: Industry Responds to Vulnerabilities

Vehicle Cybersecurity: Industry Responds to Vulnerabilities

A series of media reports throughout the summer drew attention to various vulnerabilities in many of today’s Internet-connected vehicles. While the identified security gaps present serious risks to public safety and certainly warrant an industry-wide response, it is important to note that there have since been no reports of malicious hijacking of a vehicle’s vital functions by a cyber threat actor.

Insider Threat Demands a Proactive Approach

Insider Threat Demands a Proactive Approach

These days, so much attention is given to external cybersecurity threats that it is often easy to forget that insider threats can be just as damaging, especially when it comes to theft of intellectual property, trade secrets, personally identifiable information (PII), and other sensitive data. Insider threats can include current or departing employees, contractors, third party vendors, technicians, business partners, and anyone granted administrator privileges.

Public Wi-Fi – Sacrificing Security for Convenience

Public Wi-Fi – Sacrificing Security for Convenience

In my previous CyberLog post, I shared some of the information I learned while attending DefCon 23, an annual hacker conference held in Las Vegas. What I didn’t mention, though, were the things I had to take into consideration prior to my arrival. As this was my first time attending, I wasn’t sure what to expect so I did some research and talked to a few former DefCon attendees. 

Social Engineering Insights from DefCon

Social Engineering Insights from DefCon

Last week, I had the opportunity to attend DefCon 23, an annual conference where hackers and cybersecurity professionals from around the world descend on Las Vegas to learn and share information about hacking techniques, system and software vulnerabilities, online privacy, and data protection. Each day of the convention was jam-packed with lectures, presentations, and demonstrations by some of the best and the brightest in the field, a few of whom recently made headlines when they unveiled potentially dangerous and devastating software vulnerabilities. 

DHS Cyber is coming to town!

DHS Cyber is coming to town!

'm very pleased to announce that the New Jersey Office of Homeland Security and Preparedness (OHSP) is partnering with the U.S. Department of Homeland Security (DHS) to deliver a day and a half cybersecurity workshop for local governments and small businesses.  The event, which will take place on September 16th and 17th at OHSP's headquarters in Hamilton, will feature remarks and insights from New Jersey's Homeland Security Advisor, Chris Rodriguez, top DHS officials, and a variety of expert panelists from across industry and government.

“Stagefright” Bug Leaves Up to 950 Million Android Devices Vulnerable

“Stagefright” Bug Leaves Up to 950 Million Android Devices Vulnerable

In April of 2015, Joshua Drake, a mobile security researcher at Zimperium zLabs, discovered the largest Android vulnerability to date. The flaw, named “Stagefright” after the mobile platform’s media playback engine, critically affects 95% of all Android devices, or about 950 million mobile devices. Any mobile device running Android OS 2.2 or later is vulnerable, to include the following Android OS versions: Froyo, Gingerbread, Honeycomb, Ice Cream Sandwich, Jelly Bean, KitKat, and Lollipop.

Preserving the Benefits of NJ's Cyberspace

Last week I had the pleasure of dropping in on the Cranford Police Department Youth Academy to speak with a room full of 9 to 13 year-olds about cybersecurity.  To kick-off the conversation, I posed a simple question to the enthusiastic young “cadets”: "What does cybersecurity mean to you?"  Almost without hesitation, half of the hands in the room went up.  After everyone had weighed-in, I realized that not a single response was the same.