2015 has been quite a year for New Jersey's cybersecurity. As it comes to an end, it's worth noting a few highlights from the last year and foreshadowing what lies ahead in the new year.
If the past two years have taught us anything, it’s that the frequency and impact of data breaches will continue to grow if organizations do not do more to implement effective cybersecurity practices. The theft and sale of personal data is big business for profit-motivated hackers, while state and non-state actors clamor to get their hands on sensitive and potentially damaging information for various intents and purposes, from extortion to espionage.
When engaging with our NJCCIC members, we often find ourselves sounding like broken records with how frequently we end up on the topic of passwords. The fact is, account credentials—username & password—are the primary target of many of today’s cyber threat actors.
Owning a business in this day and age can be a risky proposition. In addition to maintaining positive cash flow and keeping your customers and employees happy, you have to take steps to protect your company and assets from unexpected events that could drain your accounts and close your doors forever. Fortunately, there are many options when it comes to insurance coverage. General liability insurance covers the cost of accidents, injuries, and property damage that is inadvertently caused as a result of normal business operations.
This weekend, if you’re a parent, you’re probably going to spend some time reminding your children to be careful when they head out the door to go trick-or-treating. You might tell them to walk in a group and not wander off, and to stay in safe, familiar, well-lit neighborhoods. You’ll remind them to look both ways before crossing the street and to not venture into strangers’ houses, no matter how friendly they seem.
The United States is currently in the midst of the biggest transition of payment technology in several decades, as alternatives have emerged to provide a more secure option than the magnetic strip “swipe and sign” process used since the 1970s. Due to our longstanding use of this vulnerable payment process, the U.S. accounts for nearly half of the world’s credit card fraud, despite only 25 percent of global transactions occurring in the U.S.
October is one of my favorite months of the year – the air is crisp, the leaves are beginning to change, pumpkins are everywhere, and Halloween is right around the corner. It’s also National Cyber Security Awareness Month and, as a way to pay tribute to this wonderful time of year, I’m dedicating this NJCCIC CyberLog to the topic of zombies.
Princeton Academy of the Sacred Heart was the first school to host the New Jersey Office of Homeland Security and Preparedness (OHSP) as they kicked off National Cyber Security Awareness month. On Thursday, October 1, Director for Cybersecurity Dave Weinstein visited with Princeton Academy Middle School students to discuss the growing and evolving cyber landscape, online safety and the responsibility of all digital citizens.
Today marks the first day of National Cyber Security Awareness Month! Here in New Jersey, we’re committed to promoting cybersecurity awareness throughout the year, but October presents a unique opportunity to engage our citizens, governments, and businesses more directly.
Malicious advertising, more commonly known as malvertising, has been around since at least 2007 but has quickly ascended on the list of everyday Internet threats due to the prevalence of online advertising in today’s digital media environment, where consumers expect free content in exchange for exposure to advertising.
A series of media reports throughout the summer drew attention to various vulnerabilities in many of today’s Internet-connected vehicles. While the identified security gaps present serious risks to public safety and certainly warrant an industry-wide response, it is important to note that there have since been no reports of malicious hijacking of a vehicle’s vital functions by a cyber threat actor.
These days, so much attention is given to external cybersecurity threats that it is often easy to forget that insider threats can be just as damaging, especially when it comes to theft of intellectual property, trade secrets, personally identifiable information (PII), and other sensitive data. Insider threats can include current or departing employees, contractors, third party vendors, technicians, business partners, and anyone granted administrator privileges.
There are several reasons why individuals may choose to become hackers. Some people might do it out of curiosity or for personal gratification. Others do it for financial gain or to steal intellectual property. Some consider themselves “hacktivists,” a relatively new term used to describe those who hack to promote a personal or ideological agenda.
In my previous CyberLog post, I shared some of the information I learned while attending DefCon 23, an annual hacker conference held in Las Vegas. What I didn’t mention, though, were the things I had to take into consideration prior to my arrival. As this was my first time attending, I wasn’t sure what to expect so I did some research and talked to a few former DefCon attendees.
Last week, I had the opportunity to attend DefCon 23, an annual conference where hackers and cybersecurity professionals from around the world descend on Las Vegas to learn and share information about hacking techniques, system and software vulnerabilities, online privacy, and data protection. Each day of the convention was jam-packed with lectures, presentations, and demonstrations by some of the best and the brightest in the field, a few of whom recently made headlines when they unveiled potentially dangerous and devastating software vulnerabilities.
The Delaware Information Sharing and Analysis Center (DE-ISAC) is taking shape!
'm very pleased to announce that the New Jersey Office of Homeland Security and Preparedness (OHSP) is partnering with the U.S. Department of Homeland Security (DHS) to deliver a day and a half cybersecurity workshop for local governments and small businesses. The event, which will take place on September 16th and 17th at OHSP's headquarters in Hamilton, will feature remarks and insights from New Jersey's Homeland Security Advisor, Chris Rodriguez, top DHS officials, and a variety of expert panelists from across industry and government.
In April of 2015, Joshua Drake, a mobile security researcher at Zimperium zLabs, discovered the largest Android vulnerability to date. The flaw, named “Stagefright” after the mobile platform’s media playback engine, critically affects 95% of all Android devices, or about 950 million mobile devices. Any mobile device running Android OS 2.2 or later is vulnerable, to include the following Android OS versions: Froyo, Gingerbread, Honeycomb, Ice Cream Sandwich, Jelly Bean, KitKat, and Lollipop.
Last week I had the pleasure of dropping in on the Cranford Police Department Youth Academy to speak with a room full of 9 to 13 year-olds about cybersecurity. To kick-off the conversation, I posed a simple question to the enthusiastic young “cadets”: "What does cybersecurity mean to you?" Almost without hesitation, half of the hands in the room went up. After everyone had weighed-in, I realized that not a single response was the same.
A recent survey of cybersecurity professionals reveals that an astounding 43% of them only share cyber threat intelligence internal to their own organization. In other words, more than half of the data on cyber threats is compartmented not only by industry, but also by institution.