According to the Women’s Society of Cyberjutsu (WSC), women comprise 50 percent of professional occupations in the U.S. and only 11 percent of the information security workforce. Here at the NJCCIC, women contribute to the success of all bureaus, including Partnerships, Cyber Threat Intelligence and Analysis, Security Engineering and Cyber Operations, and Governance Risk and Compliance through various roles including Cyber Threat Intelligence Analysts, Cyber Liaison Officers, and Incident Reporting and Response Specialists.
As we usher in a new year, the NJCCIC is reflecting on the incidents of the past year and providing its predictions for the year ahead. We expect this year's major themes will be ransomware, mobile malware, exploitation of known vulnerabilities, rise in targeting of IoT devices, exploitation of unsecured cloud databases, and cryptocurrency mining.
To say that 2017 has been a busy year for cybersecurity professionals would be an understatement. From devastating data breaches to crippling ransomware incidents, every week that passed revealed new threats, attack vectors, exploits, and vulnerabilities. It quickly became evident that no person, organization, or sector is immune to the impact of cyber threats. As we prepare for the challenges that 2018 will bring to network defense initiatives, it’s important to reflect on some of this year’s biggest cybersecurity incidents and highlight the lessons learned from each one.
“Our Uber driver told us to turn off the Bluetooth and WiFi on our phones while we’re out here this week. He said not to connect to anything or we’ll be hacked.” Two women shared this with me as the three of us waited to ride the SlotZilla Zipline in downtown Las Vegas late Friday night. I told them I was in town attending DEFCON and that their driver gave them good advice.
With Black Friday, Cyber Monday, and the rest of the holiday shopping season upon us, the NJCCIC compiled the following tips and best practices to help all of our members stay safe in stores and online. The holiday shopping season is one of the most attractive times of the year for money-hungry criminals and fraudsters to take advantage of eager shoppers and unsuspecting victims.
“I can’t believe this many people want to hack into computers,” the elderly woman said to her friend as they tried to navigate past the throng of DEFCON attendees at Bally’s Las Vegas Hotel and Casino, “there’s something wrong with that.” I heard this comment in passing and nodded slightly in subtle agreement.
One year ago today, Governor Christie signed Executive Order 178 establishing our State’s Information Sharing and Analysis Organization (ISAO), the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC). Our goal has always been to elevate the barriers to entry for those seeking to nefariously exploit New Jersey’s cyberspace. We do this by promoting statewide awareness of cyber threats and the adoption of best practices.
The 25th annual RSA Conference was held last week in San Francisco, California, and while many topics were carried over from last year’s conference, one topic seemed to be at the forefront – Apple v. FBI. Unsurprising, considering the event attracts mostly hackers and cybersecurity professionals, was the overall sentiment in support of Apple’s pro-encryption stance.
Princeton Academy of the Sacred Heart was the first school to host the New Jersey Office of Homeland Security and Preparedness (OHSP) as they kicked off National Cyber Security Awareness month. On Thursday, October 1, Director for Cybersecurity Dave Weinstein visited with Princeton Academy Middle School students to discuss the growing and evolving cyber landscape, online safety and the responsibility of all digital citizens.
Today marks the first day of National Cyber Security Awareness Month! Here in New Jersey, we’re committed to promoting cybersecurity awareness throughout the year, but October presents a unique opportunity to engage our citizens, governments, and businesses more directly.
The Delaware Information Sharing and Analysis Center (DE-ISAC) is taking shape!
In April of 2015, Joshua Drake, a mobile security researcher at Zimperium zLabs, discovered the largest Android vulnerability to date. The flaw, named “Stagefright” after the mobile platform’s media playback engine, critically affects 95% of all Android devices, or about 950 million mobile devices. Any mobile device running Android OS 2.2 or later is vulnerable, to include the following Android OS versions: Froyo, Gingerbread, Honeycomb, Ice Cream Sandwich, Jelly Bean, KitKat, and Lollipop.
Last week I had the pleasure of dropping in on the Cranford Police Department Youth Academy to speak with a room full of 9 to 13 year-olds about cybersecurity. To kick-off the conversation, I posed a simple question to the enthusiastic young “cadets”: "What does cybersecurity mean to you?" Almost without hesitation, half of the hands in the room went up. After everyone had weighed-in, I realized that not a single response was the same.
A recent survey of cybersecurity professionals reveals that an astounding 43% of them only share cyber threat intelligence internal to their own organization. In other words, more than half of the data on cyber threats is compartmented not only by industry, but also by institution.