Cyber Connections News Roundup: May 21

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

May 21, 2019

States Make Strides In Cybersecurity But Is it Enough?

On https://www.govtech.com, blogger Dan Lohrmann offered a report from the National Governors Association Center for Best Practices’ third National Summit on State Cybersecurity (May 14-15, 2019 at the Shreveport Convention Center). The event convened state homeland security advisors, chief information officers, chief information security officers, governors’ policy advisors, National Guard leaders and others to explore cybersecurity challenges and promising practices. Overall, Lohrmann observed “a sense of how far the nation has come regarding cybersecurity, tempered by a recognition of how much more needs to be done.” He also highlighted comments from keynote speaker Chris Krebs, director, Cybersecurity & Infrastructure Security Agency, U.S. Department of Homeland Security, who discussed the actions of Russia during the 2016 election and reminded the audience that ransomware and a host of other cyber trends are also top priorities of the administration. Read more.

IoT Is Major Driver in Growth of Artificial Intelligence Market

According to a new report from B2B research provider MarketsandMarkets, the artificial intelligence in cybersecurity market is projected to reach USD 38.2 billion by 2026 from USD 8.8 billion in 2019. Major drivers for the market’s growth include the adoption of IoT. Other factors are the increasing number of connected devices, rising instances of cyber threats, and increasing vulnerability of Wi-Fi networks to security threats. According to the report, titled “The Artificial Intelligence in Cybersecurity Market,” opportunities include the growing need for cloud-based security solutions and the increased use of social media for business functions. Read more.

The Intersection of Trade Wars and Cybersecurity

A recent article on www.forbes.com highlights the potential for foreign adversaries to create and exploit vulnerabilities in information and communications technology and services. In light of the current trade war with China, the administration has banned two Chinese technology companies from entering U.S. markets. The Commerce Department added Huawei, the telecom equipment giant, to the Bureau of Industry and Security’s “Entity List,” a designation that bars firms from doing business with U.S. companies without a special license from the bureau. Prior to that move, the FCC voted unanimously to deny China Mobile’s application to provide telecommunications services in the United States. Read more.

The Evolution of the Utilities Industry Could Mean a Rise in Cyber Threats

The evolution of the utilities industry to a “smart infrastructure” that relies on digitized equipment and connectivity across devices, plants, and systems will most likely result in a growing number of cybersecurity threats, according to a recent article on www.helpnetsecurity.com. Current security policies of many utilities have not evolved in step with this evolution and could leave companies vulnerable. Of the six risks enumerated in this article, boundary protection tops the list. Read more.

Defining and Deploying a Cybersecurity Culture Is an Ever-Evolving Challenge

A recent article on https://cybersecurity.isaca.org/ by Luis Emilio Alvarez-Dionisi, Ph.D. and Nelly Urrego-Baquero offers a path forward, but the authors concede: “Having a cybersecurity culture is a dynamic process that demands continuous attention.” The main objective of cybersecurity culture is to develop and implement a cybersecurity culture ecosystem to support cybersecurity. Sharing the experience of establishing an advanced social and psychological groundwork may help support cybersecurity. Deploying a cybersecurity culture requires senior leadership buy in. The board of directors and senior management must decide to support and enable a cybersecurity shield to mitigate the risk associated with cyber attacks. Read more.

 

 

Don’t Let Romance Scams Spoil Your Valentine’s Day

By Dr. Richard White

Valentine’s Day is for romance and connection, but scammers are skilled at using emotion as a social engineering tool.

In my book “CYBERCRIME: The Madness Behind the Methods,” I explain in detail how social engineering manipulates how we see and hear what we want to believe. In turn, dopamine released in the brain reinforces our new actualized belief.

There are five areas where scammers are most successful at engineering our beliefs and driving our actions through emotional connections.

1. Email and Phishing scams are always a threat. When romance is in the air, concerns for security may take a back seat to the excitement of finding the perfect romantic gift.

For example, scammers develop ads designed to lure victims to malicious websites or steal their credit card information with promises of gift cards, great discounts or a gift you never knew existed. Be wary of unknown companies and always verify the validity of a company before clicking a link.

2. Facebook and social media are powerful marketing sights for scammers. Perpetrators use the power of search algorithms to seek out the right victims for their scam and ads you clicked in the past combined with your search patterns allow just the right ad to be placed on your screen.

Scammers’ ads may look legitimate and their products or services may be real, but their goal is to steal your information or take your payment without delivering merchandise. Remember that social media platforms are designed to get people to respond to ads. Don’t click on an ad until you research the company with a Google search or the Better Business Bureau to ensure trustworthiness.

3. Fake profiles are a common problem on dating sites. Leading up to and during Valentine’s Day, scammers up their romantic game to establish online relationships. Remember, people tend to see and hear what they want to believe.

A common scam involves a U.S. citizen or service member who is living abroad but soon to return home, conveniently right near were you live. Once the online relationship is established, the scammer comes up with an issue and needs your financial assistance to return home.

4. Variations of the Nigerian prince scam abound. This scam involves receiving something amazing in exchange for documentation, money or a credit card number.

You receive some type of communication from a person searching for someone with your name who claims to be a long-lost love, family member, or special someone who got away. But he or she is not sure you’re the right person, so asks you to provide information to prove who you are.

Remember who is at risk here, and that you are the one putting yourself out there—possibly in harm’s way. Slow down, think and verify whom you are dealing with.

5. Compromised websites are a great way to spread malware. A website may be real and belong to a legitimate business or person, but it may have been hacked.

Be careful with any type of site that is open to the public for posting comments. Anyone can post a link that will direct you to malware or a compromised website. Whether an advertisement, a product review, or a personal ad from someone searching for you, do not let your emotions get the better of you and do not rush into something out of pure excitement. Research links before clicking on them and don’t ever post personal information online.

Also, don’t forget about the things you can do to mitigate your risk. Here are five:

  1. Always be mindful of phishing emails and attachments. If a link seems to be exactly what you are looking for, beware. Scammers may have targeted you.
  2. Many websites will allow you to test a link before you click on it, such as checkshortURL.com, virusdesk.kaspersky.com/, and scanurl.net/. These sites will let you know if the link has been reported as malicious or if malware was found on the site. Always test a link before clicking on it.
  3. Be careful when sharing personal or financial information with someone you have not met personally.
  4. Protect your privacy when using an online dating site. Do not use the same username and email address used for your normal daily activity and never put your full name on your profile.
  5. Never go off-site to use personal email or instant messaging. Social media and dating sites have a communication platform designed to protect you and keep your information private.

Finally, if you do have a need to send money overseas please follow this advice: Wiring money is the same as sending cash. It is gone as soon as it is sent. The most secure way to send money to a U.S. citizen abroad is through the U.S. State Department. To find out more about this and other options for sending money abroad go to http://www.travel.state.gov and visit the international travel section or contact Western Union and ask about this program.

Remember, your best defense online is combining awareness of cyber threats and risks with recognizing your own personal bias in the moment. Ultimately, if you are not completely comfortable with an email or website, then leave it alone.

Happy Valentine’s Day!

Dr. Richard White is an adjunct professor of cybersecurity and information assurance at University of Maryland University College (UMUC) and the author of Cybercrime: The Madness Behind the Method.”

Cybersecurity Trends for 2019: Hear from University of Maryland University College Faculty Experts

As it was when 2018 began, cybersecurity remains a top global priority at year’s end and, arguably, even more so. We simply need to look back over the past year to see that data breaches have affected just about every aspect of our lives. What can we expect 2019 to bring?

Cybersecurity faculty experts at the University of Maryland University College (UMUC) offer five unique industry predictions, trends and priorities for the coming year.

1) A Broader Investment in Leadership and Hiring Strategies:
Dr. Mansur Hasib, program chair, Cybersecurity Technology, The Graduate School

Organizations appear poised to realize that cybersecurity executives are needed at the highest levels in order to drive organizational digital strategy. In 2019, we will see boards and CEOs get more engaged in the governance aspects of cybersecurity. We may also see some signs of legislation to hold executives accountable for due diligence.

On the hiring end, because companies are finding it harder to poach qualified workers from other companies, they are likely to start investing more in their people. Organizations will begin to engage in more creative ways to hire, including offering internships and apprenticeships, and grooming and investing in their own workforce. Organizations will also begin to look at qualified people with less experience, especially those who can speak the language of business.

2) GDPR Non-Compliance and Renewed Focus on Election Security
Balakrishnan Dasarathy, program chair, Information Assurance

Several companies will be caught for non-compliance with General Data Protection Regulation (GDPR) and a few of them will be fined heavily. This will send shivers through various industries and businesses that steward customer data and predict their behavior. Home Internet of Things (IoTs) are going make the situation dire. On the upside, this will result in better privacy policies and protection of privacy-related data through adequate cybersecurity measures.

With Democrats controlling the U.S. House of Representatives —and with Marcia Fudge playing a key role in the new House—we will see more scrutiny of both the 2018 midterm and 2016 national election processes and controls. The cybersecurity of election systems, voter registration and disenfranchisement are among the many areas that will get their due attention.

3) Decentralization, Assured Identity & Privacy, and HCI Take Center Stage
Michelle Hansen, collegiate professor, Cybersecurity and Computer Forensics

Blockchain, a model for distributed, decentralized frameworks used for information sharing, has quickly become a popular technology based on its financial uses, such as Bitcoin cryptocurrency. Cybersecurity will focus on securing these types of frameworks so that they are impenetrable and more suitable for businesses.

Authentication schemes and access control systems need to provide assured identity and individuals’ privacy. Flexible signatures, which use a verification algorithm to validate credentials in a quantifiable and trusted manner, will play a critical role with new technologies, including IoT and real-time systems.

Finally, people have long been identified as the weakest link with any information technology, system, or device. This vulnerability will be of great focus soon, as human-computer interaction aims to persuade user activity and mitigate security incidents, such as using new machine integration technologies in identifying users’ phishing susceptibility.

4) Cloud-based Breaches Rise, Machine Learning Gains Larger Role in Carrying Out Attacks
Jimmy Robertson, program chair, Software Development, Security and Computer Science

As more agencies and companies move to the cloud, shortages in skilled personnel who fully understand the shared-responsibility security model will result in more cloud-based security breaches. Putting security first before deployment is a best practice.

The application of artificial intelligence—in particular, machine learning—to both offensive and defensive cyber operations promises to offer more efficient and more effective tools for carrying out attacks that occur at machine speeds.

Resurgence of Battle Tested Attacks
Richard White, PhD, adjunct professor and course chair, Cybersecurity Information Assurance

Ransomware will continue to plague large and small businesses alike. The ransomware paradigm has proven highly successful and extremely profitable for bad actors, so it’s a safe bet that we have not seen the last of these types of attacks.

Phishing attacks also will continue, simply because they are tried and true techniques for duping the good guys into ‘mousing over,’ clicking, or downloading packages that provide a range of services to bad actors, such as credential theft, key stroke logger, remote control, and back door.

We also will see more attacks against entire industries, including watering hole attacks or NotPetys, which are both easy to deploy, present very little risk to the bad guys, and are extremely successful regarding their evil objective. Due to the many attributes associated with these types of attacks, it is likely that we will see similar attacks across 2019. 

 

Cyber Connections News Roundup: December 4

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

December 4, 2018

Global Cybersecurity in Healthcare to Reach 10.7 Billion By 2024

According to a report by Zion Market Research, the global cybersecurity in healthcare market was valued at approximately USD 6.6 billion in 2017 and is expected to reach USD 10.7 billion by the end of 2024. Major factors driving the growth of cybersecurity in healthcare include: an increase in cyber attacks; increased use of laptops, mobile devices, and smartphones with healthcare applications; and the introduction of advanced technology solutions. North America and Europe are projected to lead the way in cybersecurity in healthcare globally. Read more.

Will the Marriott Breach Lead to New Cybersecurity Laws?

News of the recent Marriott hotel hack that affected approximately 500 million guests may result in renewed calls for new federal legislation, according to a recent www.mediapost.com report. Senator Ed Markey (D-Mass), for one, is pushing for Congress to pass comprehensive consumer privacy and data security legislation that would require companies to follow strong data security standards, direct them to only collect the data they actually need to service their customer, and create penalties for companies that fail to meet them. Read more.

Dell Computer Breach Most Likely Avoided Data Extraction

US-based computer hardware manufacturer Dell announced on Nov. 9 that an unauthorized intruder (or intruders) attempted to extract Dell.com customer information from its systems, such as customer names, email addresses, and hashed passwords. The company stated in a press release that its internal investigations found no conclusive evidence that any data was extracted. According to a www.zdnet.com report, Dell is still investigating the incident, but said the breach wasn’t extensive, with the company’s engineers detecting the intrusion on the same day it happened. Read more.

Russian Hackers Back in Action After Midterms

According to a recent article on www.thehill.com, Russian hackers carried out a widespread campaign that targeted the federal government, media outlets and think tanks after the Nov. 6 midterm elections. American officials detected activity by a Kremlin-linked hacking group that took place days after the polls closed. The article suggested that the post-midterm attacks are a sign that hackers are exploring the new political landscape now that Democrats will be in control of the House starting in January. Read more.

What Is the Role of the SEC in Cybersecurity Regulation?

A recent article posted on www.lawfareblog.com examines the relationship of the Securities and Exchange Commission (SEC) and cybersecurity regulation. According to a White House Council of Economic Advisers report released earlier this year, malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016. Yet, despite major breaches like the Equifax hack, Congress has not passed new legislation, even though SEC leadership has acknowledged that the greatest threat to our markets right now is the cyber threat. What should the role of the SEC be in regulating cybersecurity? Read more.

Securing the Cloud Is a Shared Responsibility

Cloud computing—using a network of remote servers hosted on the Internet to store, manage, and process data—is an attractive solution for business owners and government agencies from a security standpoint. If used properly, cloud computing can result in fewer security concerns and greater cost savings. But what about security?

Last month at CyberMaryland 2018, Jimmy Robertson, program chair, Computer Science and Software Development and Security at University of Maryland University College, sat down with us to explain how cloud security is a shared responsibility among all stakeholders and to offer his  insights into the security implications of moving into the cloud. Watch the video below:

Cyber Connections News Roundup: Sept. 25

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

New Document Lays Out Trump Administration Cyber Strategy

The new White House cybersecurity strategy, announced on Sept. 21, according to national security adviser John Bolton, suggests a more aggressive posture, including authorizing offensive cyber operations against foreign adversaries. The directive — called National Security Presidential Memorandum 13, or NSPM 13 – aims to deter malicious actors from launching digital attacks against the United States. However some argue that the 40-page document lacks new proposals, according to a recent Washington Post report. Read more.

Three “Out of the Box” Solutions for Closing the Cyber Skills Gap

Recently on http://www.wsj.com, Janaki Chadha reported on three proposals for closing the cybersecurity skills gap – a “Cybersecurity Peace Corps” (proposed by Scott Shackelford, chair of the cybersecurity program at Indiana University, Bloomington); a Cyber ROTC (proposed by Michèle Flournoy, a former senior official in the Defense Department); and financial incentives in the form of tax breaks for employers that develop training programs for cybersecurity jobs. Read more.

US House Introduces Cyber Workforce Bill

In other cybersecurity workforce news, http://www.zdnet.com reported that US lawmakers have introduced a bipartisan bill meant to address the current shortage of cybersecurity professionals. The bill, called the Cyber Ready Workforce Act (H.R.6791), would establish a grant program within the Department of Labor to support the creation, implementation, and expansion of apprenticeship programs in cybersecurity. Read more.

Many US Adults Lack Awareness of Cyber Careers According to New Survey

Meanwhile, a recent report on http://www.securityboulevard.com suggests that closing the cybersecurity skills gap may be difficult because many adults lack awareness of the opportunities in the field. A new national University of Phoenix survey found that 80 percent of U.S. adults have never considered a career in cybersecurity. These findings owe a lot to a greater lack of awareness and familiarity with cyber jobs and job titles, according to the report. Read more.

Healthcare Industry Must Keep Pace With Growing Number of Cyber Threats to Mobile Devices

A recent article on http://www.healthtechmagazine.net outlines what healthcare organizations must to do to keep pace with the inherent cybersecurity threats to the growing number of health mobility programs available to patients and medical staff. The article cited 2017 HIMSS Cybersecurity Survey data, which indicate that health industry users are generally aware of phishing or typical threats that affect a desktop computer, but less aware of threats that impact mobile devices such as smartphones or tablets. Read more.

Cyber Connections News Roundup: August 28

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

August 28, 2018

Are Supercomputers Ready to Combat Cyber Threats

Supercomputers may be evolving, but many believe they remain impractical for solving security challenges. In June 2018, a new winner was crowned as the world’s fastest supercomputer, with the US taking the honors back from China. Oak Ridge National Lab’s Summit supercomputer can process more than 122 petaflops –122 thousand trillion floating-point operations per second. Supercomputers can have application in cybersecurity as well, but, according to experts, the days when that’s a reality are far ahead. Read more.

12 TED Talks That Will Change the Way You Look at Business Cybersecurity

From http://www.varonis.com comes a list of its top 12 TED Talks on cybersecurity. These discussions touch on everything from how to create a strong password to the impact hackers have on world peace. Find out if your business is ready to face its next cyber threat. Read more.

Is New NIST Law Aimed at Helping Small Businesses with Cybersecurity Effective?

The president recently signed into law the NIST Small Business Cybersecurity Act, S.770, originally introduced as the Main Street Cybersecurity Act. This law mandates that NIST (National Institute of Standards and Technology) produce and disseminate educational materials to help small businesses improve their cybersecurity posture. The website http://www.seacoastonline.com offers a succinct overview of the measure plus some invaluable commentary on its effectiveness. Read more.

Google Parent Company Alphabet Closer to Going Public With New Cybersecurity Platform

According to a recent report on http://www.cnbc.com, Google’s parent company, Alphabet, has revealed additional details on its new cybersecurity company, called Chronicle. Last year, Alphabet announced the company, but held back on much of the details. Recently, though, Chronicle CEO Stephen Gillett sat down with CNBC to offer some new details about the company’s direction, including plans to deliver “planet-scale” security services to large corporations. Read more.

Steps Healthcare Organizations Must Take to Combat Growing Cyber Threats

A recent article in HealthTech Magazine offers an overview of the cyber threats faced by healthcare organizations, the latest breach trends and security best practices for providers. To help meet today’s cyber challenges, healthcare organizations should first and foremost view cybersecurity as a business risk rather than just a technical challenge. Read more.

7 Cybersecurity Predictions for 2018 – UMUC Experts Weigh in on the Future of Workforce, Skills, Disruptive Technologies and More

Cybersecurity remains a top global priority and affects just about every aspect of our lives, including politics and voting systems, national defense, artificial intelligence, social media, mobile devices, the Internet of Things (IoT), financial systems and more. As 2017 comes to a close, Cybersecurity faculty experts at the University of Maryland University College offer their industry predictions—and calls to action—for 2018 and beyond.

1. It’s the Status Quo for 2018 and a Call to Action for the Future.

Ajay Gupta, program chair of Computer Networks and Cybersecurity and faculty sponsor of the UMUC Cyber Padawans Hacking Competition team said he sees no change in the current state of the cybersecurity industry.

We’ve known for a while that we are not graduating or training enough professionals; that has not changed. We’ve also known for a while that systems in every industry are at risk, and that has not changed. Moreover, organizations across industries have not made significant improvements to their security posture even after a digital “Pearl Harbor” with the Equifax breach.

I predict that until we make measurable advances in training professionals who are equipped to mitigate risk across the digital enterprise, we will see no change.

2. There Will Be a Refocus on Developing the Cyber Workforce of the Future.

Loyce Pailen, director of UMUC’s Center for Security Studies, said that during 2018 and over the next few years, cybersecurity and cyber terrorism will continue to impact the organizational, personal, U.S. governmental and political landscapes—and that will force larger segments of society to refocus on developing the cyber workforce of the future.

I predict that the dearth of cyber-trained professionals evident in the early 2010s will reach a critical point by 2020, which will force higher education and secondary-school educators to create cybersecurity programs. Parents, community leaders and others will also begin to include—and require—cybersecurity literacy in pre-schools and primary schools.

My long-term prediction and wish is that media socialization through ad campaigns, films, books, music, gaming and other sources will make “cyber speak” so common that students will grow up to be more readily capable of appreciating and seeking cybersecurity careers.

3. The Cycle Time to Credential Qualified Cybersecurity Professionals Will Be Compressed.

Valorie King, program chair of Cybersecurity Management and Policy at UMUC predicts that workforce demands will dictate a further compression of the cycle times for educating, training, and credentialing cybersecurity professionals. Employers will seek out qualified individuals regardless of bachelor’s- or master’s-degree status and will rely on learning experiences from outside of academia. Badging and alternative forms of credentialing also will gain traction as ways of “qualifying” for entry into the career field or for advancement on a career ladder, King said.

4. Expect a Rise in Skills-Based Hacking Competitions.

Jesse Varsalone, collegiate associate professor of Computer Networks and Cybersecurity as well as head instructor for the UMUC Cyber Padawans Hacking Competition team, piggy-backs on King’s projection with his prediction that, an increasing number of businesses will come to value and support skills-based hacking competitions as a way to provide students and professionals with the critical-thinking and decision-making abilities they need to succeed in a cybersecurity career.

More organizations will come to realize that students who are actively engaged in competitions have a better opportunity to learn and demonstrate their skills. On the flip side, Varsalone said, employers will come to see that watching a student perform technical tasks in a high-pressure team environment provides a great deal more confidence for hiring.

5. The Adoption of Blockchain Technology Will Impact Cybersecurity.

Balakrishnan Dasarathy, collegiate professor and program chair for Information Assurance in UMUC’s Graduate School predicts that one area in the application space—blockchain—is going to explode in 2018 and beyond. Blockchain is the technology that supports the use of vast distributed ledgers to record any transaction and track the movement of any asset, whether tangible, intangible, or digital and open to anyone.

Blockchain technology’s disruptive aspect is its potential to eliminate intermediaries, such as government agencies, banks, clearing houses and companies like Uber, Airbnb and eBay. Blockchain provides these and other companies a measure of speed and cost savings when executing transactions. The blockchain shared, distributed and replicated ledger allows transacting parties to directly update the shared ledger for every transaction. Since parties interact directly through the shared ledger, they have to trust each other, and the transaction records in the shared ledgers should be visible only to the right parties. As such, cybersecurity technologies, specifically cryptography and access control, are critical enabling technologies for blockchain.

6. A Proliferation of Internet of Things (IoT) Will Drive Focus on Security.

Bruce deGrazia, program chair and collegiate professor of Cybersecurity said more and more devices will be connected in 2018, but security will be overlooked. We all know about IoT appliances such as refrigerators and washing machines, but unsecured children’s toys and other smaller devices will be the next frontier, deGrazia said.

7. Machine Learning Will Give Rise to Cybersecurity Challenges and Solutions.

Tamie Santiago, collegiate associate professor of Cybersecurity Policy predicts we’ll see the continued explosion of products in virtual reality, robotics, and the machine-learning space, in which artificial intelligence (AI) is a major component. Just this past year, Saudi Arabia welcomed Sophia, developed by Hanson Robotics, as the world’s first robot citizen, and UK-based AiX introduced a new AI platform for crypto trading that acts as your personal broker.

As AI spreads into every industry, new exploits and vulnerabilities will most likely arise. But, also, cybersecurity may benefit by relying on AI technology to identify attack vectors with more speed and precision.

Combating Ransomware Attacks: The Reasons for Their Rise and the Ways We Can Prevent Them

As has been widely reported, a new wave of cyberattacks has hit Europe, possibly a reprise of the widespread ransomware assault in May that affected 150 countries.

Ransomware, typically delivered via malicious email or infected third-party websites, is a family of malware that either blocks access to a PC, server, or mobile device or encrypts all the data stored on that machine. Similar to a kidnapping or hijacking with a ransom demanded in return for release, the perpetrator of a ransomware attack takes possession of valuable data or files belonging to individuals or businesses and then demands payment in the form of electronic currency called “Bitcoin” for their return.

According to a report earlier this year by NBC News writer Herb Weisbaum, citing the FBI, ransomware payments for 2016 are expected to hit a billion dollars compared to the $24 million paid in 2015. And that figure is expected to rise, with more victims and more money lost. Why the dramatic rise?

  1. Easier access to technology. Criminals have increased access to sophisticated technology to conduct these attacks. Even highly sophisticated tools developed by NSA and other similar advanced tools are now in the hands of criminals. Also, criminals are making continuous improvements to such technology, and have banded together to turn this type of crime into an organized business.
  2. Increased profitability. The business of ransomware has become highly profitable. Therefore, highly talented programmers are choosing to make this their profession— and they are making a lot of money in this way.
  3. Organizations are lagging in innovation. Arguably, the most important reason is that individuals and organizations are not paying attention to continuous improvement or innovation in the technology they use or the protection systems they have in place. Without innovation, such individuals become sitting ducks. Without innovation, regardless of how good your technology is, hackers will eventually get in. Because the probability of a higher payout with organizations is greater, criminals are targeting organizations at a higher rate. However, everyday computer users are also being targeted.

Shegoftah Nasreen Queen (SNQ), Bangla Service, Voice of America, recently interviewed Dr. Mansur Hasib, program chair, Cybersecurity Technology, The Graduate School at the University of Maryland University College, to learn more about the reasons for the rise and solutions for combating this pervasive cyber threat. Read the full interview.

The Internet of Things Is Changing the Way We Live—Should We Be Worried?

The Internet of Things (IoT) is on the rise, and so are the threats associated with the interconnectedness of our devices. Eighty four percent of organizations that have adopted IoT report experiencing at least one IoT-related security breach—and 93 percent of executives expect IoT security breaches to occur in the future—according to a February 2017 Aruba Networks study. Malware, spyware, and human error are the most common problems the study also reported.

It’s widely accepted that the number of IoT security breaches will only grow in the near future. To quote a 2016 Forrester Research report: “When smart thermostats alone exceed one million devices, it’s not hard to imagine a vulnerability that can easily exceed the scale of other common web vulnerabilities, especially if multiple IoT solutions include the same open source component.”

IoT affects everyone, not just large corporations with industrial equipment. From smart thermostats to smart refrigerators, dishwashers, and washers and dryers, we’re all part of the landscape and vulnerable to threats.

What are we to make of the proliferation of the IoT and how concerned should we be?

For answers, read the white paper by Balakrishnan Dasarathy, UMUC collegiate professor and program chair for information assurance, The Graduate School.