What can be protected without a cybersecurity professional.

Cybersecurity choices in today's worldWhat Protection can be achieved without a Cybersecurity professional?

That is a loaded question, because most professional cybersecurity experts believe that nothing can be done to protect an organisation without said expert.

There are a number of things that can be done to make your business environment secure, but all have to be driven by management with the vision to protect their organisation.

If management, C Level execs, board members and owner beleive that business security is important, vital in fact, then it will be picked up by everyone else in the organisation.

The introduction of cloud computing and everything stored in the cloud has exposed more and more data. This data is targeted by the bad guys.

Here are 6 tactics that can be implemented by any organisation without the need for a security expert

Patch it

The constant barage of patches and updates that come from microsoft, apple and android are exceedingly annoying.

In fact they can have an impact on business.

The reason that they are produced is to protect the operating system.
Patches are developed because someone, somewhere has found a way to compromise a piece of software, the manufactrer has found out about it and the software has been rewritten or changed to stop it from happening.

These changes are called patches and are BENEFICIAL to you. Every organisation needs to have a process to implement those updates.

Complex Password

Passwords have to have 3 requirements.

They have to be complex, any character on the keyboard should be and can be in a password. Letters, numbers, symbols all mixed together to create a complex password.

But, it does not stop there – they also have to be unique, different for every digital location and that have to be longer that 10 characters.

We use to specify 8 but changes to technology and the speeding up of processing power has reduced the time needed to crack an 8 digit password.

2 factor authentication

Any additional protection to data is a good idea.

Two factor authentication relies on three things instead of two to access the information.

It is addirional to username and password and is only triggered if the combination of the first two is correct.

In todays world, we all have a mobile phone, this is used as the two factor authentication process.

User name, password and a code delivered to your phone means you are verifying who you are.

Separate and segregate data.

I can think of three areas in any organisation where information needs to be separated.

Email, financial data, trade secrets have seperate requirements within an organisation.

You do not need to have everyone access financial data.

In the old days it was called compartualisation, need to know. Today it is still very relevant.

Train and educate everyone

There are many free or inexpensive training and education programs available to suit any organisation.

Training needs to be focused on the individual.

Everyone needs to understand why the organisation is protecting the data, why certain things are done in a certain way but most improtantly why the organisaion is trying to protect their staff, clients and finances from the bad guys.

Back it up.

You never know when you are going to experiance a cyber event.

You have to know what information needs to be protected, how often it is accessed and what will happen to the organisation if that information is compromised or lost.

This should be part of your business risk management plan. (You do have one of those?)

The other part of backing it up is to test it.

All of these can be done without the aid of a professional cybersecurity expert.

There is one additional tactic.

Remain vigilant.

The bad guys are everywhere.

They target you, not because you have something worth stealing, but because you are connected to the digital world and you think that is a good idea.

The days of the gentalman cyber criminal are well and truly gone.

Everyone is out for themselves and even a basic hack, malware attack or cryptovirus can shut down your organisation.

Cybersecurity is your responsibility!

Roger Smith is funny, scary, on point and is focused on one thing – increasing everyone’s awareness and understanding of the problems and issues associated with the digital world.

He is the winner of the worldwide 2018 Cybersecurity Educator of the Year award and was Runner up in 2017 .

He is a highly respected expert in the fields of cybercrime and business security and is a Lecturer at ADFA (UNSW – Australian Centre of Cybersecurity) on Cybercime, Cybersecurity and the hacking techniques used by the digital criminal.

He is an Amazon #1 selling author on Cybercrime with his best selling book, Cybercrime a clear and present danger, going to number one on Amazon.

He is the primary presenter for the Business Security Intensive (BSI) and author of the Digital Security Toolbox which is given away for free at the BSI.   He is a speaker, author, teacher and educator on Cybercrime and an expert on how to protect yourself, your staff, your clients and your intellectual property from the digital world.

The insider threat, the hardest cybercriminal to keep out

The internal “spy” – the insider threat

The hardest attack to defend against in cybersecurity.

There are three types of spy

The accidental spy – the person who thinks it is OK to bypass the security systems put in place to protect the organisation. Those who think the policies do not apply to them:

  1. I am the best sales person and those policies will slow me down,
  2. I am the CEO and I need this technology to make my job easier, less complex but it has not been tested in the organisation. “Just do it”
  3. I am the CIO and all of the other CIO’s have the newest gadget, so it must be OK

The incompetent and / or silly spy – the person who has been targeted by a social engineering attack and has fallen for the bait:

  1. Opened that email attachment, clicked that link.
  2. joined that Facebook group without checking their security settings.
  3. opened the video on Messenger
  4. Tried to win that Bunnings / Home Depot voucher

Finally we have the disgruntled or disappointed employee, the most dangerous – the destructive spy:

  1. The sales person who is leaving and takes a copy of the CRM, because they think they are entitled to it.
  2. The employee who has left who still has access to the system.
  3. The outgoing / fired IT person who has full access to the system and has put in back doors so they can continue to get in and do a number of nasty things.

Protection against the internal spy, comes down to policies, procedures and processes.

Policies are applied to all people in the organisation, if not adhered to then repercussions need to be in place

Procedures need to be created so that everyone knows, not only their own jobs, but parts of other staff members jobs as well. They need to be documented, distributed and authorized by management. But, more importantly, they need to be followed.

Processes need to be put in place to ensure that things are done and done the right way every time.

Although the insider threat is one of the hardest attack to protect against, there are still ways to reduce the risk.

If you are not sure then talk to someone who can help.

What do you think?

Am I correct?

Make a comment on this article.

Roger Smith is funny, scary, on point and is focused on one thing – increasing everyone’s awareness and understanding of the problems and issues associated with the digital world.

He was Runner up in the 2017 worldwide Cybersecurity Educator of the Year award and has been nominated for the 2018 Cybersecurity Educator of the Year award. 

He is a highly respected expert in the fields of cybercrime and business security and is a Lecturer at ADFA (UNSW – Australian Centre of Cybersecurity) on Cybercime, Cybersecurity and the hacking techniques used by the digital criminal.  

He is an Amazon #1 selling author on Cybercrime with his best selling book, Cybercrime a clear and present danger, going to number one on Amazon.  

He is the primary presenter for the Business Security Intensive (BSI) and author of the Digital Security Toolbox which is given away for free at the BSI.  He is a speaker, author, teacher and educator on Cybercrime and an expert on how to protect yourself, your staff, your clients and your intellectual property from the digital world.

“She’ll be right”, is not cyber event protection!

A cyber event is not a punch line.   It is a serious effort to derail your organisation.

Cyber event protection?

If an attack is intentional then you need to manage the risk.   If the attack is accidental or random then you have to understand the implications.

Understanding what is happening in your industry, your supply chain or other areas of the digital world is important.

The implications to your organisation could be a flow on effect of a cyber event on the other side of the planet.

To us humans it is 10,000 kilometers away in the digital world it is just a click.

Our understanding of the digital world for most organisations is mainly focused on client management, communication and service delivery.

CRM, sales, marketing, email, data and information are all woven into the fabric of improving the bottom line.

What can we do with the tools available without spending too much money but with a significant return on the money invested in the organisation.

10 years ago any business who was on the cutting edge of technology had the ability to multiply their revenue by a factor of 10.

Today everyone is using the same products and services to improve the bottom line.

Technology is no longer the multiplier that it use to be.

But, security of that technology is!

The news of significant hacks like Ashley Madison, Target, Yahoo and Equifax have created startling headlines but have they changed the attitude of business organisations world wide?

No they haven’t!

The problems with raising awareness to the true cost of a cyber event is not understood by most people.

“It will not happen to me” or the colloquial response of Australians – “she’ll be right” significantly reduce your ability to handle a cyber event and to come through one with the organisation intact and still functioning.

Making the simple attitude change, “it could or may happen to me”, has a significant impact on any organisation.

The change in mindset, a couple of words in a statement, starts people down the road to better protection.

Isn’t it about time that you made that change?

Once you have made that change, questions and answers start to be heard.

  • How about we put a policy around this process.
  • How about we put processes and procedures around the database.
  • How about we put together a disaster recovery plan.
  • How do we get back to business as usual – lets put together a business continuity plan.
  • How about we educate our troops so they can recognize an attack.
  • How about we invest in new technology.

All good ideas that would never come about if we believe we do not have a problem.

If we persist with an attitude of “she’ll be right” I can guarantee that we will not.

Roger Smith is funny, scary, on point and is focused on one thing – increasing everyone’s awareness and understanding of the problems and issues associated with the digital world.

He was Runner up in the 2017 worldwide Cybersecurity Educator of the Year award and has been nominated for the 2018 Cybersecurity Educator of the Year award.  

He is a highly respected expert in the fields of cybercrime and business security and is a Lecturer at ADFA (UNSW – Australian Centre of Cybersecurity) on Cybercime, Cybersecurity and the hacking techniques used by the digital criminal.   

He is an Amazon #1 selling author on Cybercrime with his best selling book, Cybercrime a clear and present danger, going to number one on Amazon.   

He is the primary presenter for the Business Security Intensive (BSI) and author of the Digital Security Toolbox which is given away for free at the BSI.   He is a speaker, author, teacher and educator on Cybercrime and an expert on how to protect yourself, your staff, your clients and your intellectual property from the digital world.

What every CEO and CIO should know about cybersecurity

The problem with cybersecurity is it is not sexy.

In most cases it is down right boring.

Although not sexy and down right boring it is still something that every CEO, manager, owner and board member has to focus on.

With all of the automated attack vectors available to the cyber criminals, we can no longer say we are not a target. We cannot say we have nothing worth stealing.

The more and more reliant business has on the digital world the greater the chance that a cyber event will cripple the organisation.

What are the main things that every management type needs to focus on when it comes to prevention of a cyber event.

Here are a few!

The cost of a cyber event.

The cost of a cyber even can range from lost time and functionality within the organisation to more money than the organisation can find to pay for the breach.

Cryptovirus is an example of lost time and functionality. If you do not have a functioning and tested backup of the data, you have to rebuild the offending device but you will also have to also replicate all of the data.

A full blown breach by a dedicated black hat hacker can steal everything and then use your system as a platform to target your clients, suppliers and staff. When that happens you realize that you are NOT too small to be a target

How they get into your system

The go to weapon of most cyber attacks is social engineering. Two parts of a very effective attack strategy. The technology to effect change, follow a link to an infected website, click on an ad in social media or open an attachment in an email, combined with getting you to trust them where you let them in.

Either way they are now in.

Risk and problems just compounded.

Simple ransomware for instance, the initial encryption of data is only one of the stages of the attack. What about stage 2,3 and 4.

Wannacry showed us that a combination of 2 attack vectors allowed a single infection to traverse a whole network. One computer is a problem for any organisation. All of the computers is a nightmare.

The protection challenges

In most situations managers, owners, executive and board members do not understand the digital realm. Risk management of data (a critical component in today’s business world) is often overlooked and considered an ICT problem.

Its not! Today’s digital security challenge is everyone’s issue and the sooner it gets noticed as a business risk and treated as such the faster we will see a reduction in attacks.

From the largest organisations to smallest single entities, we all keep critical data in places that are easily accessed, relatively unprotected and mobile.

What are you doing to manage the expected cyber events that could cripple your organization?

There is no single, simple fix. If there was everyone would be safe.

It is a complex issue and one needs to dedicate some time, money and expertise to understanding the issues and risk associated with a cyber event.

Come to one of my intensive workshops it will open your eyes on your business requirement to be safe as an organistion.

Roger Smith is funny, scary, on point and is focused on one thing – increasing everyone’s awareness and understanding of the problems and issues associated with the digital world.
He was Runner up in the 2017 worldwide Cybersecurity Educator of the Year award and has been nominated for the 2018 Cybersecurity Educator of the Year award.  
He is a highly respected expert in the fields of cybercrime and business security and is a Lecturer at ADFA (UNSW – Australian Centre of Cybersecurity) on Cybercime, Cybersecurity and the hacking techniques used by the digital criminal.   
He is an Amazon #1 selling author on Cybercrime with his best selling book, Cybercrime a clear and present danger, going to number one on Amazon.   
He is the primary presenter for the Business Security Intensive (BSI) and author of the Digital Security Toolbox which is given away for free at the BSI.   He is a speaker, author, teacher and educator on Cybercrime and an expert on how to protect yourself, your staff, your clients and your intellectual property from the digital world.

Cyber event – Why does it take so long for answers?

Have you ever thought to yourself – that hack – Cyber Event –  happened 6 weeks ago why do we not yet know what happened?

The problem with today’s cyber events is actually how complicated and complex that hack or breach was to achieve.

Like every criminal they like to cover their tracks and there are a huge variety of ways to do that in the digital world.

How many out there have fudged on our profiles – old photos (missing the gray hair), wrong birthdays, wrong year of birth.

So the first problem – who just hacked my system?

Everything can be fake.

If you, an honest law abiding citizen, can lie on your profile why then can’t the bad guys.

We only lie about our profile out of vanity, they do it because they are legitimately trying to hide.

This is the first hurdle when it comes to identification.

Little or no information.

In addition they use what we call handles – think old radio speak “over and out rubber ducky”.

Today’s handles are a little more complex, or they convey some level of anonymity.

The calling card of a cyber event

The calling card of a cyber event

The second problem – what system did they use to hack my system?

The internet is full of systems, information and attack weapons that are easy to use, have large quantities of how to’s, help and videos.

That is just the internet.

If you want to know more get onto a chat room on the dark web and see what happens.

In addition to this there are also a vast range of ‘Proxies’.

These are devices and systems that have either been hacked and the owner has not discovered it or have been put together in other countries and locations specifically used as a way to hide the next attack.

The third problem – what has actually been stolen?

Everything today is data.

If I steal money from your credit card or bank account it is noticeable in the real world. I can see that someone has removed money from my possession, in some way. Stealing money from you then comes down to making you trust the transaction.

If I can steal $20 from you with an illegal pay wave transaction will you notice it?

But data is different. When i steal data from you, the information stays in the same place.

I am stealing a COPY of that information.

What I now do with that information will not have an impact on the original copy of the information.

If I have removed that data, how do you know that I have done that?

Each one of these steps can take hours, weeks, months or years to unravel. In that time the general public, industry, regulators, government and press are screaming and carrying on. To find out what happened.

Roger Smith is funny, scary, on point and is focused on one thing – increasing everyone’s awareness and understanding of the problems and issues associated with the digital world.
He was Runner up in the 2017 worldwide Cybersecurity Educator of the Year award and has been nominated for the 2018 Cybersecurity Educator of the Year award.  
He is a highly respected expert in the fields of cybercrime and business security and is a Lecturer at ADFA (UNSW – Australian Centre of Cybersecurity) on Cybercime, Cybersecurity and the hacking techniques used by the digital criminal.   
He is an Amazon #1 selling author on Cybercrime with his best selling book, Cybercrime a clear and present danger, going to number one on Amazon.   
He is the primary presenter for the Business Security Intensive (BSI) and author of the Digital Security Toolbox which is given away for free at the BSI.   He is a speaker, author, teacher and educator on Cybercrime and an expert on how to protect yourself, your staff, your clients and your intellectual property from the digital world.

 

Why Securing your data is so important!

Like all organisation in today’s business world, we all collect information!

That information is used in your core business.

Your core business requires you to collect information.

This information is used in your client relationship management system for sales and marketing, your messaging system including email, your R & D, your accounting and financial system and your HR and pay systems.

Today, all this information is digital.

If you do not keep your information safe and secure it can have an impact on everything you do.

You can lose your clients!

You can lose your money!

You can lose your edge in your industry or

You can even lose your ability to function as a business entity.

No business entity!

No pay packet!

So it is in everyone’s best interest to keep that information or data safe.

As an organisation you may have put in second generation firewalls, intrusion detection systems, anti-virus, SPAM detection and management systems to protect your information from outside the organisation.

Technology is important but there is something that is more important.

That critically important part is to educate your most valuable asset, your staff and users, and give them the knowledge to help themselves.

We want to help you understand why it is so important to protect yourself in the digital world.

Roger Smith is a highly respected expert in the fields of cybercrime and business security and is a Lecturer at ADFA (UNSW – Australian Centre of Cybersecurity) on Cybercime, Cybersecurity and the hacking techniques used by the digital criminal.   
He is an Amazon #1 selling author on Cybercrime with his best selling book, Cybercrime a clear and present danger.   
He is the primary presenter for the Business Security Intensive (BSI) and author of the Digital Security Toolbox which is given away for free at the BSI.   He is a speaker, author, teacher and educator on Cybercrime and an expert on how to protect yourself, your staff, your clients and your intellectual property from the digital world.

Can you be a great CEO by ignoring Cyber?

The digital world, the cyber world, is creating huge problems for business.

People like me and the security community have been screaming for the last 10 or so years about the problems, issues and dangers that the digital world delivers to business.

We have shown numerous times that the digital realm is a huge problem for anyone who thinks that:

  • they are not a target,
  • have nothing worth stealing or
  • cyber security is too expensive.

Time and time we have seen data breaches and ransomware attacks that have crippled organisations, both large and small.

We have seen the most secure people in the world get breached time and time again.

Still no one is listening!

We are told we are being scare mongers, unrealistic, even calling our reputations into question. BUT, we still see the problems and although we are screaming we cannot convince people to do something about it.

Like me there are a number of people or organisations who are more interested in education and the process of education and training than selling tin (unnecessary technology) to a business.

We are more interested in raising awareness, and raising awareness is where we need to start.

As a CEO, manager, owner or board member you already have a handle on risk management. You live and breath cashflow, revenue streams, management teams and HR, it is all part of the process of being in charge. All this is taught in managers school or more importantly the school of hard knocks.

If you don’t learn these basics then you are going out of business. Slow or fast you will eventually go out of business.

There is a saying that “you don’t know what you don’t know”, in todays business world that is a specific reference to the digital realm.

We are all focussed on new and shiny, even I get caught up in the hype of new “whatever”. Most of them have a digital component incorporated into that new shiny thing.

We seldon look at the complex systems that make that part of the digital world work for you. It is complex!

As a CEO you need to understand the risks that cyber delivers to your organisation. Where do you get that understanding?

In most organisations business security lands smack bang on the desk of the IT section, the person who knows computers or the risk compliance officer.

They do not know what to do, they need guidance, direction and most importantly they need the AUTHORITY to enact change.

Business security is a very specialised area of expertise. You need to enact a framework.

You need to spend money wisely.

You need to continiously work on making the organisation more secure. Today we are more secure than yesterday!

Without understanding the risks, implementing change and giving a responsible person the authority to make change you are ignoring the Cyber Realm.

Without enacting a framework, you are at the mercy of the next cyber event.

Without a framework for business security you are not a very good CEO. That would really hurt.

Roger Smith is a highly respected expert in the fields of cyber crime and business security and is a Lecturer at ADFA (UNSW – Australian Centre of Cyber security) on Cyber crime, Cyber security and the hacking techniques used by the digital criminal.   

He is an Amazon #1 selling author on Cyber crime with his best selling book, Cyber crime a clear and present danger, going to number one in 3 sections of Amazon.   

He is the primary presenter for the Business Security Intensive (BSI) and author of the Digital Security Toolbox which is given away for free at the BSI.   He is a speaker, author, teacher and educator on Cyber crime and an expert on how to protect yourself, your staff, your clients and your intellectual property from the digital world.

The importance of a NIST rating

10 very good reasons you should know your NIST score!

NIST is not new.
In fact it has been around since its first iteration in 2014.
The National Institute for Science and Technology (NIST) developed a cybersecurity rating system to make it easy for any organisation to show where they are in protecting their digital information, systems and organisation.
Like other frameworks, and there are a few, it has its good points and bad.  One of its better points is that it is easy to implement although it can be a little labour intensive to start off.
The most important part is that it is a standard.  A standard figure that any business can compare with any other business, no matter the size, who they are or where they are located.
NIST is not a competition.   It is just a rating system, but it does become competative, both internally and external.
It is a way for any organisation to compare its cybersecurity capability internally as well as a standard for anyone else who may ask for it in the process of doing business.
It allows management to make decisions on who and how they want to do business with other organisations.
This framework is based on 5 areas of expertice: identify, detect, protect, respond and recover.
Each area of expertice has a number of questions and each question has a range of predetermined responses.   The answers are scored ranging from 0 (nothing is in place) to 4 (a process is inplace, used at all times and supported and signed off by management).   Once all the questions have been answered the score is talied up and devided by the number of questions (98).
This gives everyone a score beteen 0 and 4.
Most organisations when first questioned come in under 1.   Still it is not a competition, so this is your start point.

1 – NIST is easy to understand

Every organisation can have a NIST score, it takes a couple of hours to sit down and honestly answer the 98 questions.   This gives everyone the ability to have a starting point in protecting their organisation from a cyber event.

2 – NIST can be used to compare with others in your industry and across all industries

When it comes to camparing one NIST rating to another it is easy.   If your score is 2.8 and you want to do business or a joint venture with another organisation who has a NIST score of under 1 then you need to be able to manage the risk associated with that score.

3 – You can use your score to track your progress

If your original NIST score is 1.2 and you have upgraded your technology, implemented policies and added proceedures then your NIST score will start to increase.   For every change for the better that you put in place it increases your score.   Small infremental changes that have a big impact on your protection in the digital world.

4 – NIST is Objective

We all have an opinion and we all look at life differently.   NIST takes this into account and delivers an objective view of your business.   The 98 questions are designed to apply objectivity to a sometimes subjective decision.

5 – A NIST Score is credible

Giving every organisation the ability to compare their cyber event capability on a level playing field means that you are comparing apples with other apples.   You get a true rating of your cyber risk visibility.   It also weeds out the unscruptious who think that can bluff their way through the world.

6 – NIST shows your cyber event risk

The difference between a rating of 1 and a rating of 3 is very different.   A rating of 3 means that the risk of a cyber event is greatly reduced.   Greatly reduced, faster recovered from and easier managed.

7 – Your NIST score is easy to understand

If the policy within your organisation is to only do business with organisations that have a NiST rating above 2 you have an understanding that the information that is going to go between the organisations is correctly managed.

8 – NIST is community based

There is a huge community that is starting to use the NIST rating as a measure for their cyber event resilience.   They are there to help and best of all they have been there and done that.

9 – NIST adapts to the future

One of the best things about NIST is that in will handle the changes that are on the horizon.   they will handle those changes not because the changes are known, no one knows them, but because it is a framework designed to protect your organisation.   That framework allows an organisation to adapt its protection no matter what the changes are.
Not many people predicted the impact of social, mobile and IOT but it didn’t matter with a NIST environment because all you had to do was ADAPT to the changes.

10 – NIST gives your business a competitive advantage.

Any advantage in business is better than no advantage but the advantage that NIST gives to an organisation can be significant.   NIST allows an organisation to develop policies and procedure that can be deployed within the organisation that predicts how other organisations will interact with it.   In addition it allows an organisation to make management decisions based on fact.   Nist can also be used in the marketing of the security around your organisation.
Management has now got a scientific way of managing the internal and external risk to the organisation in the digital and cyber arenas.  This allows them to make objective based decisions, create systematic policies and invest in the right technologies to protect the organisation.
NIST is also great at weeding out those people that you are going to do business and organisation that are looking to do business with you.   A NIST rating allows you to manage who you are going to do business with.
If management has a policy of only doing business with organisations that have a NIST rating above 2.5 it means that information passed to that organisation is going to be secured in the same way and with similar protective practices that you have in place.
So what is your NIST rating?
Contact me: to discuss your cyber risk and business security
If you want to know more then come to one of the Business Security Intensive Workshops in a city near you.   https://www.business-security.com.au/intensive
Roger Smith is a highly respected expert in the fields of cybercrime and business security and is a Lecturer at ADFA (UNSW – Australian Centre of Cybersecurity) on Cybercime, Cybersecurity and the hacking techniques used by the digital criminal.   
He is an Amazon #1 selling author on Cybercrime with his best selling book, Cybercrime a clear and present danger, going to number one in 3 sections of Amazon.   
He is the primary presenter for the Business Security Intensive (BSI) and author of the Digital Security Toolbox which is given away for free at the BSI.   He is a speaker, author, teacher and educator on Cybercrime and an expert on how to protect yourself, your staff, your clients and your intelectual propert from the digital world.

Cybersecurity is all about Infosec!

“Using smart technology is not smart unless infosec procedures are set in place.” Laith Alkhouri

We are inundated with shiny and new.

The newest mobile device, the newest computer, the newest operating system, the newest application or apps, all that newness.

All of that smart technology!

Individuals and organisations often forget, in the rush to get things to market, the first reiteration of shiny and new can have some serious flaws and issues.

We forget it too!

Going back a couple of years when everyone was jumping on the band wagon of “you need an app for that“, some of the NFL teams released apps for you to track you favorite team, keep up with the stats and buy their merchandise.

They forgot that a financial transaction needed access to either credit card information or bank account details.   These transactions were in plain text in transmission as well as when stored on the device.

No encryption.

If you purchased that jumper then you had a really good chance of having your financial details stolen.

To stop themselves from being sued they put all of the onus on everyone using the system through a comprehensive waiver.   You agreed to the terms and conditions probably without realising it, you agreed when you installed the app.

The way all of the software companies manage their apps are the same.   You want to use the app then it is your problem because you agreed to the terms and conditions.

The legal beagles have not caught up with this yet.   As a user, are we not entitled to have some semblance of security and safety when using a product.

Are we not entitled to sue someone when using their product and something happens?

When did that change?

I suggest that when you install your next app that you have a look at the terms and conditions before you say yes.   In most cases you have no rights what so ever if something is stolen, according to them.

Oh look something shiny and new, I just have to have it!

 

Roger Smith is a highly respected expert in the fields of cybercrime and business security and is a Lecturer at ADFA (UNSW – Australian Centre of Cybersecurity) on Cybercime, Cybersecurity and the hacking techniques used by the digital criminal.   He is an Amazon #1 selling author on Cybercrime with his best selling book, Cybercrime a clear and present danger, going to number one in 3 sections of Amazon.   He is the primary presenter for the Business Security Intensive (BSI) and author of the Digital Security Toolbox which is given away for free at the BSI.   He is a speaker, author, teacher and educator on Cybercrime and an expert on how to protect yourself, your staff, your clients and your intellectual property from the digital world.

What is the difference between a Penetration Test and a vulnerability scan?

Ransomware for Medical devices – what happens then?

One of the biggest problems with our bright new shiny digital world is everything we do or use today has some level of digital components.
We know that everyday computers, smart devices, mobile devices and gaming platforms, are digital in nature.
We forget that Fitbits, Internet of Things devices and medical devices also have some level of digital incorporated into them.
So what happens to these devices if they become infected with malware, even worse if that malware is a ransomware.
If I had a pacemaker installed in my body and the medical staff lost control of it (that is what malware and Ransomware does, removes their control and gives it to someone else) I think that I would get a little panicky.

Definitely a WTF moment.

Most medical devices are either WiFi or blue tooth enabled.   That makes them relatively easy to break into.
Researchers have been looking at compromising medical devices and in 2015 there were 25 known vulnerabilities in some of the most popular devices.   What about the unknown ones, how many of them were there?
We all saw what happened with IOT devices when Mirai was released on the internet late 2016.   It compromised a certain level of device that had a hard coded username and password in the system.
We also saw what happens when the wannacry ransomware hit and the fall out from that in May 2017.

Now imagine a wannacry variant that targets your pacemaker.   “Give us $1000 or we stuff around with your heart!”  That would certainly make your life pretty interesting.
What’s to stop it happening?   Whats to stop it happening right now?
I keep coming back to people taking responsibility for the code they write.   I think we need to have a serious look at our new and shiny world and do something about it.  Before it is too late and people start dying!

We need to think things through.

Think like the bad guys.
Oh, and before you say “why would they target my pacemaker?” In most cases it is because they can.
Roger Smith is a highly respected expert in the fields of cybercrime and business security and is a Lecturer at ADFA (UNSW – Australian Centre of Cybersecurity) on Cybercime, Cybersecurity and the hacking techniques used by the digital criminal.
He is an Amazon #1 selling author on Cybercrime with his best selling book, Cybercrime a clear and present danger, going to number one in 3 sections of Amazon.   
He is the primary presenter for the Business Security Intensive (BSI) and author of the Digital Security Toolbox which is given away for free at the BSI
He is a speaker, author, teacher and educator on Cybercrime and an expert on how to protect yourself, your staff, your clients and your intellectual property from the digital world.