Millions of Americans receiving food assistance benefits just earned a new right that they can’t yet enforce: The right to be reimbursed if funds on their Electronic Benefit Transfer (EBT) cards are stolen by card skimming devices secretly installed at cash machines and grocery store checkout lanes.
On December 29, 2022, President Biden signed into law the Consolidated Appropriations Act of 2023, which — for the first time ever — includes provisions for the replacement of stolen EBT benefits. This is a big deal because in 2022, organized crime groups began massively targeting EBT accounts — often emptying affected accounts at ATMs immediately after the states disperse funds each month.
EBT cards can be used along with a personal identification number (PIN) to pay for goods at participating stores, and to withdraw cash from an ATM. However, EBT cards differ from debit cards issued to most Americans in two important ways. First, most states do not equip EBT cards with smart chip technology, which can make the cards more difficult and expensive for skimming thieves to clone.
More critically, EBT participants traditionally have had little hope of recovering food assistance funds when their cards were copied by card-skimming devices and used for fraud. That’s because while the EBT programs are operated by individually by the states, those programs are funded by the U.S. Department of Agriculture (USDA), which until late last year was barred from reimbursing states for stolen EBT funds.
The protections passed in the 2023 Appropriations Act allow states to use federal funds to replace stolen EBT benefits, and they permit states to seek reimbursement for any skimmed EBT funds they may have replaced from their own coffers (dating back to Oct. 1, 2022).
But first, all 50 states must each submit a plan for how they are going to protect and replace food benefits stolen via card skimming. Guidance for the states in drafting those plans was issued by the USDA on Jan. 31 (PDF), and states that don’t get them done before Feb. 27, 2023 risk losing the ability to be reimbursed for EBT fraud losses.
Deborah Harris is a staff attorney at The Massachusetts Law Reform Institute (MLRI), a nonprofit legal assistance organization that has closely tracked the EBT skimming epidemic. In November 2022, the MLRI filed a class-action lawsuit against Massachusetts on behalf of thousands of low-income families who were collectively robbed of more than $1 million in food assistance benefits by card skimming devices secretly installed at cash machines and grocery store checkout lanes across the state.
Harris said she’s pleased that the USDA guidelines were issued so promptly, and that the guidance for states was not overly prescriptive. For example, some security experts have suggested that adding contactless capability to EBT cards could help participants avoid skimming devices altogether. But Harris said contactless cards do not require a PIN, which is the only thing that stops EBT cards from being drained at the ATM when a participant’s card is lost or stolen.
Then again, nothing in the guidance even mentions chip-based cards, or any other advice for improving the physical security of EBT cards. Rather, it suggests states should seek to develop the capability to perform basic fraud detection and alerting on suspicious transactions, such as when an EBT card that is normally used only in one geographic area suddenly is used to withdraw cash at an ATM halfway across the country.
“Besides having the states move fast to approve their plans, we’d also like to see a focused effort to move states from magstripe-only cards to chip, and also assisting states to develop the algorithms that will enable them to identify likely incidents of stolen benefits,” Harris said.
Harris said Massachusetts has begun using algorithms to look for these suspicious transaction patterns throughout its EBT network, and now has the ability to alert households and verify transactions. But she said most states do not have this capability.
“We have heard that other states aren’t currently able to do that,” Harris said. “But encouraging states to more affirmatively identify instances of likely theft and assisting with the claims and verification process is critical. Most households can’t do that on their own, and in Massachusetts it’s very hard for a person to get a copy of their transaction history. Some states can do that through third-party apps, but something so basic should not be on the burden of EBT households.”
Some states aren’t waiting for direction from the federal government to beef up EBT card security. Like Maryland, which identified more than 1,400 households hit by EBT skimming attacks last year — a tenfold increase over 2021.
Advocates for EBT beneficiaries in Maryland are backing Senate Bill 401 (PDF), which would require the use of chip technology and ongoing monitoring for suspicious activity (a hearing on SB401 is scheduled in the Maryland Senate Finance Commission for Thursday, Feb. 23, at 1 p.m.).
Michelle Salomon Madaio is a director at the Homeless Persons Representation Project, a legal assistance organization based in Silver Spring, Md. Madaio said the bill would require the state Department of Human Services to replace skimmed benefits, not only after the bill goes into effect but also retroactively from January 2020 to the present.
Madaio said the bill also would require the state to monitor for patterns of suspicious activity on EBT cards, and to develop a mechanism to contact potentially affected households.
“For most of the skimming victims we’ve worked with, the fraudulent transactions would be pretty easy to spot because they mostly happened in the middle of the night or out of state, or both,” Madaio said. “To make matters worse, a lot of families whose benefits were scammed then incurred late fees on many other things as a result.”
It is not difficult to see why organized crime groups have pounced on EBT cards as easy money. In most traditional payment card transactions, there are usually several parties that have a financial interest in minimizing fraud and fraud losses, including the bank that issued the card, the card network (Visa, MasterCard, Discover, etc.), and the merchant.
But that infrastructure simply does not exist within state EBT programs, and it certainly isn’t a thing at the inter-state level. What that means is that the vast majority of EBT cards have zero fraud controls, which is exactly what continues to make them so appealing to thieves.
For now, the only fraud controls available to most EBT cardholders include being especially paranoid about where they use their cards, and frequently changing their PINs.
According to USDA guidance issued prior to the passage of the appropriations act, EBT cardholders should consider changing their card PIN at least once a month.
“By changing PINs frequently, at least monthly, and doing so before benefit issuance dates, households can minimize their risk of stolen benefits from a previously skimmed EBT card,” the USDA advised.
Providing secure access and a frictionless user experience are typically competing initiatives, but they don’t have to be! Read on to learn why.
In our world today, context changes quickly. We work from home, coffee shops and the office. We use multiple devices to do work. And on the flip side, attackers are becoming increasingly savvy, getting around security controls, such as multi-factor authentication (MFA), to gain unauthorized access.
To quote Wendy Nather, Cisco’s head of Advisory CISOs, “Trust is neither binary nor permanent.” Therefore, security controls must constantly evaluate for change in trust, but without adding unnecessary friction for end-users.
It’s no surprise that the recently published Cybersecurity Readiness Index, a survey of 6,700 cybersecurity leaders from across the globe, revealed that more progress is needed to protect identity, networks and applications.
To address these challenges and to make zero trust access for the workforce easy and frictionless, Cisco Duo announced the general availability of Risk-Based Authentication and enhancements to our enterprise ready Single Sign-On solution at Cisco Live EMEA 2023 earlier this week.
Risk-Based Authentication fulfills the zero trust philosophy of continuous trust verification by assessing the risk level for each access attempt in a manner that is frictionless to users. A higher level of authentication is required only when there is an increase in assessed risk. Duo dynamically detects risk and automatically steps up authentication with two key policies:
The Risk-Based Factor Selection policy detects and analyzes authentication requests and adaptively enforces the most secure factors. It highlights risk and adapts its understanding of normal user behavior. It does this by looking for known attack patterns and anomalies and then allowing only the more secure authentication methods to gain access.
For example, Duo can detect if an organization or employee is being targeted for a push bombing attack or if the authentication device and access device are in two different countries, and Duo responds by automatically elevating the authentication request to a more secure factor such as phishing resistant FIDO2 security keys or Verified Duo Push.
The Risk-Based Remembered Devices policy establishes a trusted device session (like “remember this computer” check box), automatically without asking the user the check a box, during a successful authentication. Once the session is established, Duo looks for anomalous IP addresses or changes to a device throughout the lifetime of the trusted session and requires re-authentication only if it observes a change from historical baselines.
The policy also incorporates a Wi-Fi Fingerprint provided by Duo Device Health app to ensure that IP address changes reflect actual changes in location and not normal usage scenarios such as a user establishing an organizational VPN (Virtual Private Network) session.
Duo uses anonymized Wi-Fi Fingerprint to reliably detect whether the access device is in the same location as it was for previous authentications by comparing the Wi-Fi networks that are “visible” to the access device. Further, Duo preserves user privacy and does not track user location or collect any private information. Wi-Fi Fingerprint only lets Duo know if a user has changed location.
A typical organization uses over 250 applications. Single sign-on (SSO) solutions help employees access multiple applications with a single set of credentials and allow administrators to enforce granular policies for application access from a single console. Integrated with MFA or passwordless authentication, SSO serves as a critical access management tool for organizations that want to implement zero trust access to corporate applications.
Duo SSO is already popular among Duo’s customers. Now, we are adding two new capabilities that cater to modern enterprises:
An increasing number of applications use OIDC for authentication. It is a modern authentication protocol that lets application and website developers authenticate users without storing and managing other people’s passwords, which is both difficult and risky. To date, Duo SSO has supported SAML web applications. Supporting OIDC allows us to protect more of the applications that our customers are adopting as we all move towards a mobile-first world and integrate stronger and modern authentication methods.
Password resets are expensive for organizations. It is estimated that 20-50% of IT helpdesk tickets are for password resets. And according to a report by Ponemon Institute, large enterprises experience an average loss of $5.2 million a year in user productivity due to password resets.
When logging into browser-based applications, Duo SSO already allows users to reset passwords when they have expired in the same login workflow. And we heard from our customers that users want the option to proactively reset passwords. Now, Duo SSO offers the convenience to reset their Active Directly passwords before they expire. This capability further increases user productivity and reduces IT helpdesk tickets.
Risk-Based Authentication and enhancements to Duo SSO are available now to all paying customers based on their Duo Edition. If you are not yet a Duo customer, sign up for a free 30-day trial and try out these new capabilities today!
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Cisco is honored to be this year’s winner of the Best Next Generation Firewall Award in the SE Labs 2023 Annual Report. This industry recognition validates Cisco’s continuous push towards harmonizing network, workload, and application security across hybrid and multicloud environments. I’m incredibly proud of the Cisco Secure Firewall team and am thankful for our amazing customers who continue to trust Cisco and develop their network security around our capabilities.
SE Labs, a cybersecurity testing and evaluation firm, provides impartial and independent assessments of various cybersecurity products and solutions. In their 2023 Annual Report, SE Labs states:
“Our Annual Security Awards recognizes security vendors that notonly do well in our tests, but perform well in the real world withreal customers. These awards are the only in the industry thatrecognize strong lab work combined with practical success.”
SE Labs performs tests on behalf of customers seeking independent proof-of-value assistance, as well as security vendors. At Cisco, we use third-party evaluations from multiple sources, including SE Labs, to augment our internal testing and to drive product improvement.
Winners were determined after months of in-depth testing, based on a combination of continual public testing, private assessments and feedback from corporate clients who use SE Labs to help choose security products and services. The award further validates that our customers can expect superior threat protection and performance with Cisco Secure Firewall.
SE Labs’ reports use the MITRE ATT&CK framework, employing both common “commodity” malware samples and sophisticated, targeted attacks. Their network security testing uses full attack chains to assess the detection and protection abilities of network devices and combinations of network and endpoint solutions. SE Labs publishes its testing methodologies and is BS EN ISO 9001: 2015 certified for The Provision of IT Security Product Testing.
As a worldwide leader in networking and security, Cisco is better positioned than any other security vendor to incorporate effective firewall controls into our customers’ infrastructure — anywhere data and applications reside. We offer a comprehensive threat defense with industry-leading Snort 3 IPS to protect users, applications, and data from continuously evolving threats. Our solutions also leverage machine learning and advanced threat intelligence from Cisco Talos, one of the world’s largest commercial threat intelligence teams.
In the constantly evolving world of cybersecurity, it is important to have access to the latest and most advanced technologies to stay ahead of threats. Whether you are an enterprise, government, healthcare, or a service provider organization, Cisco Secure Firewall provides top-ranked security.
When you invest in Cisco Secure Firewall, you are investing in award-winning threat defense with capabilities that are built for the real world. Learn more about SE Labs 2023 Annual Report, Cisco Secure Firewall and how you can refresh your firewall.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Congratulations to security advocate Luigi Vassallo, Chief Operating Officer and Chief Technology Officer of Sara Assicurazioni Insurance, an innovative Italian cloud-first insurance firm.
In the last two years, cybersecurity has advanced and can feel like a one-two punch to those who are not prepared. But what does that preparation look like? For Luigi Vassallo, it was more than just tackling cybersecurity defense on his own. Luigi reached out to the Cisco community, offering his knowledge and expertise to help others. This is what stood out to make him our Cybersecurity Defender of the Year in EMEA for the Cisco Global Advocate Awards 2023 EMEA event.
Cisco’s advocacy community, Cisco Insider Advocates, brings our customers together and provides a way for them to make powerful connections, expand their professional and personal networks, and learn from top experts in their field. Luigi personifies the spirit of Insider Advocates by sharing freely within the community.
One may wonder where Luigi finds the time or energy to participate in the community. Luigi finds immeasurable energy by training as a kickboxer and as an avid cyclist. This energy transforms into a philosophy of helping others. As Luigi says, it is about being “the best version of yourself.”
Luigi sums up his approach to cybersecurity this way: “Cybersecurity for me is like boxing: you never know when your opponent will attack, but you have to know in advance how to respond and what you can do.”
Luigi has been featured in a profile piece, as well as a video, where he speaks about his personal goals, as well as his goals for making Sara Assicurazioni as secure as possible with Cisco’s products. Part of his passion comes from being comfortable with the uncertainty of cybersecurity, coupled with the confidence that Cisco is there to help his organization. I’m honored that Sara Assicurazioni has joined forces with Cisco Secure to confidently define zero-trust and XDR strategies that increase security resilience and drive better customer outcomes for them.
When notified of the award, Luigi’s humility and dedication to the community was evident, as he shared, “I feel happy and surprised about this award, as I didn’t expect to win because there were so many good advocates who were nominated with me. I want to thank Cisco for awarding me the Cybersecurity Defender of the Year honor.”
Luigi also credits the Cisco Insider Advocacy program for its ability to connect and grow the cybersecurity community, adding:
“This is also what makes Cisco different from other security vendors; the capacity to recognize the innovation and resilience of its customers. I feel that we are part of the same movement, and we are together in the same fight against cybercriminals. To all other nominees, I want to say thank you for your hard work in cybersecurity and in sharing your good practices with me in the Cisco Insider Advocacy community and now at Cisco Live EMEA.”
We congratulate Luigi, not only for keeping his guard up, but for helping others to do the same by being part of the Cisco Insider Advocacy community.
The Cisco Global Advocate Awards celebrates Cisco’s passionate and innovative customer advocates who go above and beyond in demonstrating thought leadership and supporting Cisco through success stories, speaking engagements, product reviews, and so much more.
We’re planning three exclusive events that will coincide with Cisco Live conferences in Amsterdam, Las Vegas, and Melbourne in 2023. We hope you’ll join us as we recognize our customer advocates by region for actively supporting Cisco. You won’t want to miss it.
To learn more, and to become a member, please visit us here.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Cisco Live is the premier destination for Cisco customers and partners to gain knowledge and build community. Our teams work hard to deliver education and inspiration, ignite creativity, deliver practical know-how, and accelerate the connections that fuel your digital future.
The Cisco Secure team is excited to share our expertise to help power the strategies – and safety – of your organization.
In 2023, the threat landscape will evolve to one that sees attacks on every surface, from criminals who are opportunistic, yet laser-focused on their goal. The attacks themselves could be email-borne, directly targeted, socially based, or a mix of all three.
Criminals will target vulnerabilities, operational deficiencies, suppliers, and business partners, as a means of accomplishing their goals. They will use the target’s own environment and take advantage of existing people and technology problems, including alert fatigue and staffing shortages.
To face this reality and address the needs of organizations both large and small, Cisco will continue to focus on education and innovation in the areas of preventing insider threats, providing consistent and informed alerts, enabling actionable intelligence, and delivering solutions to implement a zero-trust security framework.
As the organization that pioneered networking, we are driven to secure every connection, providing end-to-end protection for users and devices across multiple clouds and networks with a seamless experience.
As our vision for the integrated Cisco Security Cloud evolves, we’re continuing to challenge existing models and unify security and networking, with foundational elements that execute on this vision. From verified push – which protects organizations from MFA-focused phishing attacks – to Wi-Fi Fingerprint, and Remembered Devices, the performance enhancements with Enterprise Single Sign-on and Cisco+ Secure Connect, we continue to meet our customers where they are, offering true zero trust, with frictionless experiences for the hybrid workforce.
We’re excited to celebrate the following innovations and updates announced at Cisco Live EMEA:
Finding the balance between usability and security is now easier than ever. With Risk-Based Authentication, users have the access they need, secured by real-time contextual signals. Organizations can increase security efficacy by dynamically adjusting authentication requirements based on risk levels and by enabling safer end-user behavior. Risk-based authentication now includes wi-fi fingerprint, remembered device, and verified push features, which work together to reduce risk while preserving user experience by only requesting additional interaction for suspicious logins or a change in risk.
Our Enterprise Ready Single Sign-on expands Duo SSO with three new capabilities to easily connect single sign-on to modern apps and empower end users. By adding major protocol support, improved admin tooling, and SSO on demand password resets, organizations enable easier and more secure access from anywhere.
Cisco SD-WAN customers can now enjoy all the benefits of a turnkey, single-vendor SASE solution that brings together industry-leading networking with security: Cisco+ Secure Connect. This new integration gives Cisco SD-WAN (powered by Viptela) customers fast, secure private application and internet access, enabling them to deliver a secure experience, anywhere work happens.
We are also announcing the introduction of industry-first Business Risk Observability, an enhancement of our Full-Stack Observability application security solution. Available through Cisco Secure Application, which is integrated into Cisco AppDynamics, it provides a business risk scoring solution which brings together Kenna Risk Meter score distribution and Business Transactions from Cisco AppDynamics and integrates with Panoptica for API security and Talos for threat intelligence.
The initial findings from our first Cybersecurity Readiness Index reveal that while technology to devices is widely adopted, more progress is needed to protect identity, networks and applications. The report assessed the preparedness of companies around the world to safeguard against cyber threats in the current environment. See our key findings and security readiness trends, with the full report launching in the coming weeks.
As we navigate 2023, we will continue to face uncertainties and challenges. We are fully committed to our customers and partners in the journey to provide security resilience, supporting a frictionless user experience, and solutions threat intelligence that work to continually minimize risk.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
“Where do we start?”
This is the question every CISO asks about every new program. In fact, I ask and answer that question many times a month. There’s a reason for this, of course. A strong start to any project builds momentum, reassures stakeholders, and sets the stage for what’s to come. Security resilience initiatives are no different. Security resilience is the ability to anticipate and respond to unpredictable threats or changes, and then emerge stronger. It’s hard to imagine a more vital undertaking for CISOs. And as with all initiatives, CISOs always want to know where to begin.
They’re likely to find some valuable starting points in the Security Outcomes Report, Volume 3: Achieving Security Resilience, the latest in a series of reports released by Cisco and reflecting the viewpoints of 4,700 IT and security professionals from 26 countries. The report identifies seven success factors CISOs can pursue to improve outcomes within their own enterprise security resilience programs, placing a high priority on security resilience. The seven success factors range in nature from the architectural—simplifying your hybrid IT environment, maximizing zero trust adoption—to more relationship-focused factors.
It’s the latter that caught my eye.
Seven success factors for resilience:
It shouldn’t surprise any CISO that the first two success factors are built around relationships. These factors zero in on relationships with company leadership (as measured by establishing executive support) and relationships with people across the organization (as measured by cultivating a culture of security). Experienced CISOs know that these factors can make or break security initiatives.
Given the objective of security resilience is to withstand threats and come back even stronger, it’s clear that resilience must exist before, during, and after a cybersecurity incident. This has repercussions on the executive level and throughout the business. Lack of executive support can lead to detection, response, and recovery capabilities that are chronically underfunded. This leaves CISOs at a disadvantage when security incidents do inevitably happen and panic strikes the C-suite. What’s more, CISOs who lack strong executive relationships may also find themselves struggling to oversee incident management and coordinate communications. And afterward? Remediating and improving the security posture, which often impacts multiple parts of the organization beyond IT and often requires significant investment, stalls without a necessary lift from leadership.
The security report, which scores resilience levels across a series of criteria, finds that organizations reporting a strong backing from leadership have resilience scores that are 39% higher when compared to organizations reporting weak support. “Bridges to the C-suite are built upon a solid understanding of how the business works and how security initiatives can make it work even better,” notes the report. “Support goes both ways in any relationship, after all.”
In addition to keeping the program aligned, CISOs must keep in communication with their peers and superiors. Those who share only transactional relationships within the C-Suite find their interactions limited to status updates and budget requests. Transformational relationships, however, involve more frequent and deeper communication and interactions, which cover a broader set of topics than submitting the latest budget ask. They are, in other words, more valuable.
Of course, executive support is just one crucial factor for success. Resilience programs need broad support from throughout the organization, not just at the top. Every time an employee picks up a mouse or accesses an app from their mobile phone, they make a choice to either strengthen or lessen the organization’s security posture. Every time an improvement is necessary following a security event, cultural buy-in determines whether this new request from security is implemented or circumvented.
According to the report, organizations that successfully foster a culture of security can see a 46% increase in resilience compared to those who lack such a culture. Much like aligning a program with the business direction furthers leadership buy-in, CISOs need to align security policy with the functional direction of the business—but in a way that helps employees see security measures as protecting not just corporate data and IT assets but also their own future. When employees aren’t on board or see security measures as IT concerns with no relation to them, resilience suffers. “Frequent security policy violations and workarounds,” notes the report, “are evidence of poor security culture.” By viewing policy exceptions as feedback, and investigating these from the perspective of identifying and correcting misalignment, security leaders can enroll employees as the willing participants in the solution—rather than contributors to the problem.
Security leaders know, by and large, what we need to do to secure our organizations. We have frameworks with pages of controls. We have risk registers with lists of action items. Where we often struggle is translating this knowledge into action. To do that, we must see our efforts within the strategic context of executive leaders and the tactical reality of the line managers in our organization. We must personalize and prioritize our efforts around what matters to the people we collaborate with. It is through engaging people that our security programs become human-centric and, in turn, become more resilient.
Where do we start? With relationships. Good relationships lead to good security programs, and good security programs lead to great relationships. And all of these contribute to security resilience.
Download the Security Outcomes Report, Vol. 3: Achieving Security Resilience today.
Explore more original research and blogs like this:
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
The use of unmanaged and IoT devices in enterprises is growing exponentially, and will account for 55.7 billion connected devices by the end of 2025. A critical concern is deploying IoT devices without requisite security controls.
While these numbers are numbing, their reality is undeniable. 90% of customers believe digitization has accelerated the importance placed upon security. The World Economic Forum now lists cybersecurity failure as a critical threat, and estimates a gap of more than 3 million security experts worldwide, hindering secure deployments at scale. Furthermore, 83% of IoT-based transactions happen over plaintext channels and not SSL, making them especially risky.
Securing an IoT device can be achieved either through securing the IoT device itself, or hardening the network it accesses. Securing devices can be cumbersome, requiring complex manufacturing partnerships and increasing unit prices, thereby reducing adoption. On the other hand, securing the network is always desirable as it helps secure access, encrypt traffic, and ease management.
Being a leader in both security and networking, Cisco continues to bring security closer to networking, providing the network with built-in security, and enabling the network to act both as sensor and as an enforcer. The convergence of security and networking leverages the network’s intelligence and visibility to enable more-informed decisions on policy and threats.
Cisco uniquely integrates security and networking, for instance we recently integrated Cisco Secure Firewall to operate on Cisco Catalyst 9000 Series switches. Additionally, Secure Firewall can be deployed in a containerized form, on-premises and in clouds. Cisco Secure Firewall classifies traffic and protects applications while stopping exploitation of vulnerable systems. Additionally, we offer Identity Services Engine with AI Endpoint Analytics to passively identify IoT devices and apply segmentation policies. Furthermore, Cisco offers management flexibility by integrating with Cisco Defense Orchestrator and DNA Center and with existing customer tools like SIEMs and XDRs.
Let’s look at three use cases where the addition of Secure Firewall capability on Catalyst 9000 Series switches solves real world problems:
Use case 1: Securing the Smart Building: This solution is ideal to secure smart buildings, converging various IoT systems into a single IT-managed network infrastructure. Smart buildings lower the operational and energy costs. Smarter building systems, however, pose serious security risks as these include so many unmanaged devices such as window shades, lighting, tailored HVAC, and more. One of the methods to secure smart buildings is to control access to avoid manipulation of sensors. Such control is attained with a networking switch with enhanced firewall capability. The firewall ensures granular segmentation, directing policies for traffic generated out of IoT devices, providing access to the right users. This integration also brings security closer to endpoints, making policy orchestration simpler.
Use Case 2: Centrally manage isolated IoT network clusters: IoT devices which communicate with each other in the same subnet typically cannot be routed, which is a challenge. By default, most IoT networks are configured in the same subnet, making it difficult to manage them centrally. Administrators are forced to physically connect to the IoT network to manage and collect telemetry. Furthermore, IoT vendors often charge hefty amounts to update IP addresses of devices. Cisco Secure Firewall, hosted on the Catalyst switch, solves this problem and not only inspects traffic from the IoT network but also translates duplicate IoT IP addresses to unique global IP addresses using NAT for centralized management of isolated IoT networks.
Use Case 3: Securely encrypt IoT traffic passing through a shared IT network: At airports, for example, multiple vendors manage unique systems such as baggage, air quality, biometric access control, etc, which share a common network. IoT traffic is usually in plain text, making it susceptible to packet sniffing, eavesdropping, man-in-the-middle attacks, and other such exploits. The IPSec capability on Cisco Secure Firewall encrypts IoT traffic, securing data transfer and reducing risk.
Cisco’s IoT initiatives join the once disconnected worlds of IT and IoT, unifying networking and security. For further details refer to the At-A Glance and see how and an Australian oil company, Ampol, fortified its retail IoT with Cisco Secure!
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
In today’s security climate, NetOps and SecOps teams are witnessing increased attack surface area as applications and workloads move far beyond the boundaries of their data center. These applications/workloads move to, and reside in multi-cloud architecture, adding complexity to connectivity, visibility, and control. In the multi-cloud world, the SecOps teams use a distributed security model that is expensive, difficult to deploy, and complex to manage.
Cisco has partnered with Alkira to help secure your multi-cloud environment. Combining Alkira’s simplified cloud connection through their cloud network-as-a-service platform (SaaS-like model) with Cisco’s industry-leading security controls, we can deliver a centralized security model for multi-cloud architecture that is easy to deploy, manage, and increases visibility and control.
Cisco Secure Firewall Threat Defense Virtual provides unmatched security controls such as stateful firewalling, Snort3 IPS, URL filtering, malware defense, application visibility and control, and more. Additionally, with the purchase of Secure Firewall Threat Defense Virtual, you will receive license entitlement to Cisco SecureX, our open XDR and orchestration platform, helping you accelerate threat detection, investigation, and remediation.
Cisco Secure Firewall Management Center (FMC) is required for managing Secure Firewall Threat Defense Virtual, helping administrators enforce consistent access policies, rapidly troubleshoot security events, and view summarized reports across the deployment.
Secure Firewall Threat Defense Virtual is available on Alkira’s service marketplace through Bring-Your-Own-License (BYOL) and Pay-As-You-Go licensing options. Customers can seamlessly deploy and insert Secure Firewall in their Alkira Cloud Exchange Points (CXP).
Benefits of this integrated architecture include:
The Cisco Secure Firewall Threat Defense brings the following capabilities to the environment:
Figure 1 shows a multi-cloud environment inter-connected using Alkira Cloud Exhange Platform (CXP). In the above architecture, Cisco provides seamless insertion of security controls and enables the following use cases for firewall insertion:
Using Alkira’s customer portal, Cisco Secure Firewall Threat Defense Virtual can be easily inserted in the traffic path within minutes. Figure 2 shows how automation & orchestration eliminates additional configuration required in the legacy insertion model.
Cisco Secure Firewall Threat Defense Virtual is managed using Cisco Secure Firewall Management Center (FMC). Customers can use on-premises FMC or build a virtual FMC instance in the cloud. Cisco and Alkira support both models of deployment.
Cisco Secure Firewall Threat Defense Virtual protects the following traffic flows in Alkira CXP:
Alkira and Cisco’s partnership simplifies the deployment of enterprise-grade security in the cloud while enabling multi-cloud visibility and end-to-end threat defense for customers.
Additional Resources:
Cisco Secure Firewall Threat Defense
Cisco Secure Firewall Data Sheet
Cisco Secure Firewall Management Center
Alkira blog on Cisco Secure Firewall Threat Defense
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
For Cisco engineers working on Duo, having a remote-first workplace has helped them reach life goals, connect with colleagues around the world, and be intentional communicators. We understand that working remotely can be an adjustment — that’s why we’ve compiled the 10 parts of remote work that surprised our team members most and their advice for navigating the nuances. If you’re interested in being part of a remote-first workplace, check out our open positions.
Senior Engineering Leader David Rines has worked remotely for the past seven years. He’s found that Cisco’s approach to distributed teams has “enabled us to pick up the right talent, and not necessarily local talent. We are moving towards a global, follow the sun environment,” he said.
One of the aspects Rines appreciates most of this structure is getting “a widely varied set of perspectives and experiences that help build a more reliable, more robust product, which is why we’re here.”
Another benefit to having colleagues across the globe is the sharing of recipes, a perk Senior Site Reliability Engineer Bernard Ting particularly enjoys. Proactively communicating with colleagues virtually “helps you to form bonds with people from other teams. You can always learn something new about cultures elsewhere. I talk to people about food and so I’m always gathering recipes from people from all over the world,” Ting shared.
While some may fear that working remotely could lead to feelings of isolation and loneliness, a different camaraderie can flourish in the structure of our distributed teams. With colleagues across time zones, “there’s always someone there who you can reach out to help solve your problem,” Rines said.
Collaboration hours are another way Site Reliability Engineering Manager Jaya Sistla has cultivated virtual community and problem-solving. These hours are blocked off for team members to talk about what they’re working on. “The main thing is being able to ask for help so you don’t go into the rabbit hole debugging things,” Sistla said.
Ting points out that working in a distributed model allows you to really engage in virtual events and conversations. Given that the team mainly communicates through online chat, Ting has found that “forces you to see everyone as equally approachable, which has made me more comfortable reaching out to people from anywhere in the world.”
For folks sharing an office, collaboration can happen through casual chats over coffee. When facing a challenge, you can ask your neighbor for support. While ideally virtual communication could have a similar cadence and spontaneity, the logistics of remote and distributed work require intentionality and being proactive in connecting with colleagues as people and as co-workers.
When Ting first started working remotely, he felt that every meeting needed to be formal and have a business objective. By sharing his feelings with his manager, he was reassured that “socializing is a very important part of teamwork, because if you don’t have a good relationship with your colleagues you’re not going to be able to have healthy discussions, healthy conflict or be able to critique each other when the situation arises.”
Since that conversation, Ting has been more proactive about catching up with colleagues, which can include sharing a coffee over video chat. Duo’s “coffee roulette” formalizes the process as every month, employees who opt in can be randomly paired up for a quick half-hour chat focused exclusively on socializing. Ting has found being proactive about socializing virtually helpful. “It’s made me more intentional with my time and really treasure the social experience you can get,” he said.
Some folks may be concerned that without a manager observing their efforts and work ethic day in and day out, it may be harder to recognize accomplishments and challenges. Ting found that within his team “when you work on projects and in your one-on-ones with your managers, they’re always very intentional about learning what you’ve been doing and seeing what your progress is like on certain projects. I’ve been asked, ‘How do you think you can improve? What are some of the things you’ve been doing outside of the team work?’”
To cultivate cross-team collaboration and education, there are thoughtfully planned virtual lunch and learns. “We schedule training sessions and common meetings at times that are flexible for everyone. If it has to be repeated, we do it so people can comfortably attend rather than stretching themselves and attending at odd hours,” Sistla said.
For Software Engineer Nick Aspinall, an important and fun part of working remotely is keeping in touch with virtual messaging. One unique perk has been getting to create and customize emojis with team members including a few of himself in “various ridiculous states,” he said.
Connecting with colleagues on themed channels focused on personal and professional interests from coffee to pets “makes it really cool because you can meet people across different teams and still get some of the feeling of rubbing elbows that you get when you’re in the office,” Aspinall said. Participating in these virtual conversations boosts morale while also providing an endless supply of cute animal pics.
Given the multi-faceted nature of our work and the importance of consistent information sharing, having different communication channels and formats to communicate data with varying degrees of complexity is vital. Having information readily accessible, accurate and updated is particularly necessary in a field like cybersecurity.
Senior Software Engineer Mario Lopez finds that the variety of information sources contributes to an easeful remote working experience. For instance, for complex architecture decisions or detailing, Duo’s Wiki is the best source.
Software Engineer Hanna Fernandez has benefited from chat channels dedicated to design and engineering topics to “see what everyone’s up to and what thoughts people have,” she said. Sista pointed out these are great places to ask questions and open up dialogue to solve problems.
Our culture is “video-on,” meaning that it is preferred that during video meetings, as much as possible, attendees have their cameras on. Lopez loves this because “you get a bit of that personal human element.”
“We’re all people behind these screens. You definitely get some of people’s personality through text, but you get it more when you actually see them. It’s infectious when you see someone smiling. You’ve got to smile back,” he shared (while we both smiled).
When Fernandez started at Cisco, she was advised to schedule individual meetings with everyone she would be working with on every team that she joined. That suggestion is one she’s applied even virtually.
“It’s a great strategy because I already know that my team is super talented and very smart, but this way I also get to know them as humans beyond their roles,” Fernandez said. Fernandez also finds it important to check in with co-workers and ask how they’re feeling and how their time off was. “I know a lot of people hate small talk, but it’s not just small talk. I’m genuinely interested in how my co-workers are doing.”
One of Ting’s biggest goals was buying his first house in the countryside outside of London. By working remotely, Ting has flexibility in his location which allowed him to achieve his goal of buying a house and settling down with his partner, while giving their dogs the space they need to be dogs.
When transitioning from fully remote to hybrid, it’s important to recognize that there will be some shifts to get accustomed to. As the structures of remote, distributed and hybrid work evolve, it’s important to stay flexible and notice what’s possible through multiple modalities of team building. Many teams have enjoyed in-person gatherings and connecting through virtual lunches and team games when remote.
Fernandez has had multiple roles with multiple structures at Cisco. As an intern, she was fully in person and shared desk space with other interns who collaborated on full stack engineering. While working in finance IT, Fernandez was hybrid and many of her colleagues were distributed among multiple offices. The pandemic began while she was in a DevOps role, forcing her to maintain boundaries around her work time while working fully remotely. In her current role working on Duo, Fernandez is completely remote but advocates for in-person events if possible, because “humans are social creatures who want to see each other’s faces in real life once in a while.”
For Aspinall, “when we did come back to the office, there was a bit of an adjustment period where you were overstimulated from the office.” He also wanted to ensure team members who were 100% remote were fully included. Now he sees that while half his team is fully remote and the other half is hybrid, “that doesn’t stop anyone from doing anything. All of our meetings feel the same. They’re all seamless.”
If you’re interested in joining our team from wherever you are in the world, check out our open roles.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Imagine this: Your CEO sends you an email asking for your help transferring $5,000 to a new vendor for an urgent project. You make the transfer, only to find out later that the email was actually from an imposter, and that money is now in the hands of cybercriminals. Oops, right? crickets
Business Email Compromise (BEC) is a type of cybercrime that involves compromising or imitating legitimate business email accounts to carry out fraudulent transactions or steal sensitive information. The goal of a BEC attack is typically to trick the victim into transferring money, clicking on a malicious link, or disclosing sensitive information such as login credentials. BEC attacks can have a devastating impact on organizations of all sizes and in all industries, making it essential for businesses to be aware of the threat, understand the business risk, and take the necessary steps to protect themselves.
According to the latest FBI IC3 report, BEC is “one of the most financially damaging online crimes” and in 2021 was accountable for $2.4 Billion in adjusted losses for businesses and consumers.
One of the most common types of BEC attacks is called impersonating or email spoofing. By pretending to be a trusted colleague or business partner to gain the victim’s trust, the attacker uses social engineering techniques to trick the victim into clicking on a link or attachment in an email that contains malware, takes the victim to a malicious website, and has them transfer funds or change payment information.
BEC attacks can be very sophisticated and are difficult to detect. Many times, what the end-user sees on their email client does not represent the true email address of that sender, or it shows one that has been spoofed.
Typically, the attacker tries to impersonate someone in the organization with enough authority to not be questioned about what he/she is asking to be done.
As with everything in security, to be able to succeed in stopping BEC attacks, additional security layers & techniques should be implemented. There are several options to mitigate or reduce the number of successful BEC attacks. Creating a list of the people who will be likely to be impersonated will provide the best results. Usually, with names from the CxO level, this is known as a High Impact Personnel list. It will be used along with other security analysis engines to make sure any impersonated/spoof emails, along with other threats, get stopped and will not reach the end user.
The Cisco Secure Email Threat Defense solution leverages hundreds of detection engines that utilize state-of-the-art artificial intelligence/machine learning and natural language processing to convict messages from the most creative attackers! On top of this, our customers can define their High Impact Personnel list, and together with the other detection engines, will be able to not only block malicious messages but also understand the reasons and categories of why a message is being convicted as malicious.
In summary, Business Email Compromise (BEC) is a serious threat to organizations of all sizes and in all industries. To protect against BEC attacks, businesses should implement multiple techniques including identifying their High Impact Personnel for their organization, educating employees about the threat, and relying on reporting to understand who is being targeted most frequently so their security policies can be adjusted.
See how Secure Email Threat Defense identifies specific business risk factors to protect your organization.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Cybersecurity professionals are often perceived as sole practitioners, plying their craft in dimly lit rooms. Nothing could be further from the truth, as one of the keys to being a successful cybersecurity professional is the ability to collaborate and, more importantly, to share knowledge as far and wide as possible.
At Cisco, we have formed the Cisco Insider Advocacy program, which consists of a global community of professionals passionate about working and spreading their knowledge with others. We celebrate these individuals’ efforts with annual awards in various disciplines and locales. In 2023, Cisco will recognize top advocates by region for the Global Advocate Awards. Our first event – highlighting Cisco customers from across the EMEA region – is around the corner. It all happens at Cisco Live in Amsterdam, in a live ceremony on February 8!
I am joined on the Advocate Awards judges’ panel by my colleagues, Cindy Valladares, Director of Brand Strategy and Customer Advocacy at Cisco Secure, Caroline Surujpaul, EMEA and European Marketing Director at Cisco Secure and Sarah Stephens, Senior Security Marketing Leader for EMEA at Cisco Secure. We are pleased to introduce the nominees for the Cybersecurity Defender of the Year Award in EMEA.
We have five distinguished nominees, and while we have yet to select a winner, you will see how each of their contributions to Cisco’s cybersecurity community raised our attention.
Alessandro was featured in a recent successful case study about the Future of Work with Umbrella, as well as an earlier piece about simplified security using Cisco Meraki in Talent Garden.
Alessandro also authored a book about digital transformation long before it was a common buzzword. That is typical of Alessandro’s foresight, the ability to be proactive to changes before they are commonplace. He is indeed on the cutting edge.
Alessandro considers his involvement in the Advocacy community as “a very easy goal for me. First, because I’m very passionate about cybersecurity, and second because here I can find very valuable peers and professionals to share information with.” Alessandro’s abilities are borne from passion, drive, and adherence to a personal code of excellence; he learned security in a strictly hands-on style. He is also a member of Cisco’s “League of Cybersecurity Heroes.”
Christoffer, the newest Cisco Insider Advocacy community member, has gotten off to a brisk involvement with the group. He was recently featured in the case study “NTNU Supports a Diverse Academic and Research Community with Proactive Security,” which detailed how the Norwegian University of Science and Technology tackled the management of a dizzying 110,000 endpoints connecting to the university’s VPN.
Christoffer fully embraces the ideology of collaboration, mentioning that when he was seeking a security solution, “We didn’t want a vendor. We didn’t want a product. We wanted a partner to help us attack this large problem of cybersecurity.” He also demonstrates a fervent dedication to sharing by authoring half a dozen works in the cybersecurity realm, ranging from scientific to academic articles. His involvement in the Insider Advocacy community has earned him a spot in Cisco’s “League of Cybersecurity Heroes.”
Mark is one of the most erudite cybersecurity professionals one could meet. He has extensive educational credentials and enjoys sharing his knowledge, making him one of the Top 10 most engaged advocates of the Cybersecurity Channel within the Cisco Insider Advocates community.
Mark’s professional involvement extends beyond his local precinct, offering his knowledge of security best practices across the UK Policing community. In completing his most recent university degree, he authored a dissertation that “has led to an initiative to improve the security posture of my workplace.” Mark’s support to other Cisco customers has also led to his election as Vice-Chair of the Internet Society Cybersecurity Special Interest Group. He is also a member of Cisco’s “League of Cybersecurity Heroes.”
Luigi is a valuable member of the Insider Advocacy group and was recently featured in a video and written success story about Zero Trust and XDR.
Luigi is an agent of change who embraces the collaborative spirit of a true cybersecurity expert, as exemplified in his entire professional approach: “Since the infrastructure is now cloud-based, we had to change our mindset regarding cybersecurity as well. It was important to have the people, the process, the organisation, and the technology under the same security umbrella.”
When not working to ensure the security of the Sara Assicurazioni environment, Luigi has dedicated time to speaking at events, such as the “Experts Learning from Experts” global virtual session, a special virtual roundtable dedicated to Zero Trust and, last but not least, his presentation at Cisco Live Emea in Amsterdam about XDR and Zero Trust. His contributions to the Insider Advocacy platform reflect a tireless commitment to the cybersecurity community. Luigi is also a member of Cisco’s “League of Cybersecurity Heroes.”
Last year, Diego participated as speaker at the Tech Forum: Convergencia entre redes y seguridad. He will also be featured in a future ThreatWise TV – Cisco episode
Diego recognised early on that remote work would place his organisation outside the scope of their security and took proactive measures to meet the challenge. Part of his proactive approach is to freely communicate his ideas, leading to his involvement in the Insider Advocacy community. This has also earned him a place within Cisco’s “League of Cybersecurity Heroes.”
Diego’s view of working with Cisco’s products is summed up in a catchy phrase: “If it’s connected, it’s protected.” His involvement within the Insider Advocacy community makes us echo that sentiment by stating that he is connected, helping to keep everyone protected.
One point of note is the absence of women from the list of nominees. This was not the result of bias, as Cisco has a history of substantial diversity, equity, and inclusion. As you can see from the activities of the current nominees, the selection was based strictly on contributions to the community. We would love to see more engagement and membership in the Insider Advocacy program, not only from women but from a broader geographic area. This would increase the choices of possible nominees and add an even wider palette of inclusion to the entire nomination process.
We know that there is an entire population of cybersecurity professionals who seek more connection with like-minded individuals, and we welcome you to join this cohesive community.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years. In a filing with federal regulators, T-Mobile said an investigation determined that someone abused its systems to harvest subscriber data tied to approximately 37 million current customer accounts.
Image: customink.com
In a filing today with the U.S. Securities and Exchange Commission, T-Mobile said a “bad actor” abused an application programming interface (API) to hoover up data on roughly 37 million current postpaid and prepaid customer accounts. The data stolen included customer name, billing address, email, phone number, date of birth, T-Mobile account number, as well as information on the number of customer lines and plan features.
APIs are essentially instructions that allow applications to access data and interact with web databases. But left improperly secured, these APIs can be leveraged by malicious actors to mass-harvest information stored in those databases. In October, mobile provider Optus disclosed that hackers abused a poorly secured API to steal data on 10 million customers in Australia.
T-Mobile said it first learned of the incident on Jan. 5, 2023, and that an investigation determined the bad actor started abusing the API beginning around Nov. 25, 2022. The company says it is in the process of notifying affected customers, and that no customer payment card data, passwords, Social Security numbers, driver’s license or other government ID numbers were exposed.
In August 2021, T-Mobile acknowledged that hackers made off with the names, dates of birth, Social Security numbers and driver’s license/ID information on more than 40 million current, former or prospective customers who applied for credit with the company. That breach came to light after a hacker began selling the records on a cybercrime forum.
Last year, T-Mobile agreed to pay $500 million to settle all class action lawsuits stemming from the 2021 breach. The company pledged to spend $150 million of that money toward beefing up its own cybersecurity.
In its filing with the SEC, T-Mobile suggested it was going to take years to fully realize the benefits of those cybersecurity improvements, even as it claimed that protecting customer data remains a top priority.
“As we have previously disclosed, in 2021, we commenced a substantial multi-year investment working with leading external cybersecurity experts to enhance our cybersecurity capabilities and transform our approach to cybersecurity,” the filing reads. “We have made substantial progress to date, and protecting our customers’ data remains a top priority.”
Despite this being the second major customer data spill in as many years, T-Mobile told the SEC the company does not expect this latest breach to have a material impact on its operations.
While that may seem like a daring thing to say in a data breach disclosure affecting a significant portion of your active customer base, consider that T-Mobile reported revenues of nearly $20 billion in the third quarter of 2022 alone. In that context, a few hundred million dollars every couple of years to make the class action lawyers go away is a drop in the bucket.
The settlement related to the 2021 breach says T-Mobile will make $350 million available to customers who file a claim. But here’s the catch: If you were affected by that 2021 breach and you haven’t filed a claim yet, please know that you have only three more days to do that.
If you were a T-Mobile customer affected by the 2021 incident, it is likely that T-Mobile has already made several efforts to notify you of your eligibility to file a claim, which includes a payout of at least $25, with the possibility of more for those who can document direct costs associated with the breach. OpenClassActions.com says the filing deadline is Jan. 23, 2023.
“If you opt for a cash payment you will receive an estimated $25.00,” the site explains. “If you reside in California, you will receive an estimated $100.00. Out of pocket losses can be reimbursed for up to $25,000.00. The amount that you claim from T-Mobile will be determined by the class action administrator based on how many people file a legitimate and timely claim form.”
There are currently no signs that hackers are selling this latest data haul from T-Mobile, but if the past is any teacher much of it will wind up posted online soon. It is a safe bet that scammers will use some of this information to target T-Mobile users with phishing messages, account takeovers and harassment.
T-Mobile customers should fully expect to see phishers taking advantage of public concern over the breach to impersonate the company — and possibly even send messages that include the recipient’s compromised account details to make the communications look more legitimate.
Data stolen and exposed in this breach may also be used for identity theft. Credit monitoring and ID theft protection services can help you recover from having your identity stolen, but most will do nothing to stop the ID theft from happening. If you want the maximum control over who should be able to view your credit or grant new lines of credit in your name, then a security freeze is your best option.
Regardless of which mobile provider you patronize, please consider removing your phone number from as many online accounts as you can. Many online services require you to provide a phone number upon registering an account, but in many cases that number can be removed from your profile afterwards.
Why do I suggest this? Many online services allow users to reset their passwords just by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over your phone number thanks to an unauthorized SIM swap or mobile number port-out, divorce, job termination or financial crisis can be devastating.
It’s common practice to pull down the window shades at night. Homeowners invest in high fences. You may even cover the PIN pad when you type in your secret four-digit code at ATMs. Privacy is key to going about your daily life comfortably in your surroundings. Why shouldn’t privacy also extend to your digital surroundings?
This Data Privacy Day, round out your privacy protection toolbox with McAfee’s help so you can live your best online life safely.
An easy way to instantly boost the privacy of your every online move is to always connect to a virtual private network (VPN). A VPN scrambles your connected device’s internet session, meaning that it’s impossible for a cybercriminal to eavesdrop on your online comings and goings. VPNs are especially crucial for when you connect to public Wi-Fi networks or networks for which you cannot vouch for their security. Cybercriminals often lurk on public Wi-Fi networks at hotels, coffee shops, and libraries and pounce on users who connect their devices without the protection of a VPN.
Digital privacy not only implies remaining hidden from nefarious eyes, but also from the prying eyes of pesky advertisers. A VPN can assist with that too! When you have a VPN enabled, it confuses advertisers and targeted ads. The less information they have, the more privately you can surf online.
To improve your online privacy, it’s important to first know how safe you currently are. When you can identify your weakest digital privacy habits, you can make targeted improvements to them. Luckily, McAfee Protection Score can help you do just that! Protection Score is a helpful privacy tool that rates your current digital safety. Then, based on your score, the tool offers suggestions on how to boost your score.
For instance, Protection Score searches for your personally identifiable information (PII) on the dark web. If it finds a copy of your government ID or your financial records on a dubious site, your score will tank. While it may be alarming to have a low Protection Score, you can feel good that you’re making positive waves, hopefully before a cybercriminal takes advantage of your PII and uses it to steal your identity.
There are several easy ways to boost your score that require very little effort but have a huge payoff. Connecting to a VPN and running an antivirus scan on your device are just two things you can do and each only takes a few seconds. Changing your habits and turning your online safety around doesn’t have to be overwhelming! In some cases, there are services that’ll even do the work for you, like the service we’ll talk about next.
To round out your privacy protection toolbox, consider signing up for McAfee Personal Data Cleanup. This service is a great companion to Protection Score. While Protection Score identifies all the areas where you can improve your security, Personal Data Cleanup is a service that will remove your information from the web’s riskiest sites.
Did you know that, on average, a person has their PII for sale on 31 sites? Plus, 95% of people haven’t even given their permission and have their personal information for sale on data brokerage sites. Data brokerage sites are legal and anyone can buy your information. Online advertisers are the usual clients, but a cybercriminal can jump in and buy valuable PII, as well.
You should care about data privacy every day not just when the calendar reminds you on Data Privacy Day. Take the steps and invest in the right solutions to shore up your online defenses. McAfee+ Ultimate is an all-in-one service that includes unlimited VPN, Protection Score, a full-service Personal Data Cleanup, and 13 other high-quality identity, privacy, and device security tools.
Live your online life more confidently with McAfee, knowing that cybercriminals are less likely to slip by and damage your credit, identity, or online reputation.
The post 3 Tools to Round Out Your Privacy Protection Toolbox appeared first on McAfee Blog.
When the Internet Engineering Task Force (IETF) announced the TLS 1.3 standard in RFC 8446 in August 2018, plenty of tools and utilities were already supporting it (even as early as the year prior, some web browsers had implemented it as their default standard, only having to roll it back due to compatibility issues. Needless to say, the rollout was not perfect).
Toward the end of 2018, EMA conducted a survey of customers regarding their TLS 1.3 implementation and migration plans. In the January 2019 report, EMA concluded:
Some participants’ organizations may find they have to go back to the drawing board and come up with a Plan B to enable TLS 1.3 without losing visibility, introducing unacceptable performance bottlenecks and greatly increasing operational overhead. Whether they feel they have no choice but to enable TLS 1.3 because major web server and browser vendors have already pushed ahead with it or because they need to keep pace with the industry as it embraces the new standard is unclear. What is clear is that security practitioners see the new standard as offering greater privacy and end-to-end data security for their organizations, and that the long wait for its advancement is over.
When EMA asked many of the same questions in an updated survey of 204 technology and business leaders toward the end of 2022, they found that nearly all the conclusions in the 2018/2019 report still hold true today. Here are the three biggest takeaways from this most recent survey:
While regulatory frameworks and vendor controls continue to push the adoption of the TLS 1.3 standard, adoption still comes with a significant price tag – one that many organizations are just not yet ready or able to consume. Technology improvements will increase rates of adoption over time, such as Cisco Secure Firewall’s ability to decrypt and inspect encrypted traffic. More recent and unique technologies, like Cisco’s encrypted visibility engine, allow the firewall to recognize attack patterns in encrypted traffic without decryption. This latter functionality preserves performance and privacy of the encrypted flows without sacrificing the visibility and monitoring that 94% of respondents were concerned about.
Readers wishing to read the full EMA report can do so here and readers wishing to learn more about Cisco Secure Firewall’s encyrpted visibility engine can do so here.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
It’s been my pleasure to work alongside the Centre for Information Policy Leadership (CIPL) for over a decade to advocate for privacy to be respected as a fundamental human right and managed by organizations as a business imperative. CIPL works with industry leaders, regulators, and policymakers to deliver leading practices and solutions for privacy and responsible data use around the world.
Our organizations share the belief that privacy is key to trust and provides a critical competitive advantage for those who get it right. As privacy professionals, we live and breathe the importance of privacy every day and understand its value. We must help business leaders and other key stakeholders recognize and realize data privacy’s true worth and invest appropriately — beyond just meeting legal or compliance requirements.
We’re excited today to share this new, jointly-published research report Business Benefits of Investing in Data Privacy Management Programs. This report offers insights into the material business benefits that organizations are realizing from the time, monetary, and resource investments they have applied to building their Data Privacy Management Programs (DPMPs).
Here are some of the key findings:
Customers want accountability. While organizations are expected to meet their legal, compliance, and data security requirements, customers also demand organizations to be responsible stewards of their personal data. DPMPs not only enable organizations to gain a competitive edge, they empower them to earn and grow confidence and trust in the business.
Significant benefits from investing in DPMPs. Risk mitigation and compliance benefits, like avoiding regulatory scrutiny and fines, minimizing breaches, and evading damage to reputation, are among the most substantial benefits experienced by organizations that implement a DPMP. Other tangible benefits include greater agility, operational efficiency, and making the organization more attractive to investors.
Strong, attractive returns from DPMPs. More than half of organizations surveyed experienced at least $1 million in benefit from investing in privacy over the past year, with 28% realizing over $10 million in benefit.
Widespread Use of Privacy Maturity Models. Most organizations are using some form of a privacy maturity model to show accountability, including the CIPL Accountability Framework, ISO standards, Generally Accepted Privacy Principles, and the NIST Privacy Framework, among others. And CIPL members had an average score of 4.13 out of 5 with respect to implementing the seven elements of organizational accountability as described in the report.
There is considerable interest in further understanding the value DPMPs bring to their organization. Discussions about privacy and how DPMPs positively impact organizations will continue to be an increasing area of focus for corporate leadership, including the C-suite and at the Board level.
These findings offer valuable information and perspective for those building and operationalizing privacy. We’ll continue to research and share other qualitative and quantitative evidence that highlights privacy’s growing priority and value for organizations and the individuals they serve.
Check out this report Business Benefits of Investing in Data Privacy Management Programs and more related privacy research on consumer and organizational perspectives on the Cisco Trust Center.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
I am excited to announce the release of Cisco’s annual flagship cybersecurity report, the Security Outcomes Report, Volume 3: Achieving Security Resilience. It’s about preparing, adapting, and overcoming security challenges and threats, and an organisation’s ability to respond and emerge stronger.It’s the organization’s ability to respond to the inevitable attacks and unexpected events that come our way. In a recent webinar on Security Trends for 2023, the team spoke about laying a good foundation, and when you do, good outcomes will come from that. The Security Outcomes Report, Vol.3 looks at the most important factors that will help you build that foundation and give you the most successful security outcomes.
When it came to the top priority security outcome for organisations, Europe, the Middle East and Africa (EMEA) were in line with global findings. Preventing major security incidents and losses, mitigating financial losses from security incidents, and adapting to unexpected external change events or trends, were the top three. Interestingly, security leaders prioritised mitigating financial losses whereas more technical and operational security respondents placed the highest importance on preventing major incidents. It’s of course understandable to have differing focuses at different levels but this highlights the importance of agreeing and communicating shared objectives and goals.
When asked to their rate overall resilience, respondents from France had the highest score in EMEA, closely followed by Italy and the Netherlands. Germany had the lowest score (significantly lower than the rest of region and the globe). Slightly contrary to this, when asked how confident they would be to remain resilient in a ‘worst case’ cybersecurity event, France came out second to last with only 27% saying they are strongly confident. The most confident country is the Netherlands with 54%.
Globally across all sizes of business the security outcome that organizations most struggle with is recruiting and retaining talented security personnel; the UK and Germany also noted this as top, reinforcing the ongoing battle against the security skills gap.
The report analyses the seven success factors that have shown to improve overall security resilience:
I’d encourage you to read the full report, there are some great takeaways on how organizations can improve their resilience with a focus on these areas.
The report is based on an anonymous survey 4,751 active cybersecurity experts from 26 countries. Analysis was done by the Cyentia Institute on behalf of Cisco. EMEA countries represented are France, Germany, Italy, Saudi Arabia, Spain, The Netherlands and the UK.
The report is available in English, German and French.
To learn more about the findings from this report and the Duo Trusted Access Report, join our webinar: Trust No One – Secure Everyone: EMEA insights into a Zero Trust approach
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Are you an online oversharer? Do you give your full birthday to all your online shopping accounts? Have a few companies you have accounts with been breached but you didn’t take any action at the time? If you have bad digital habits, now is an excellent time to reset your digital presence.
In isolation, these small digital transgressions don’t seem like a problem; however, cybercriminals can gather the bits and pieces of information you release into the world and Frankenstein them together to create believable impersonations or entirely new identities.
To protect your identity, here are a few ways to limit the amount of personally identifiable information (PII) you share online, plus a few tools that can help you identify and close your current security holes.
Most digital bad habits seem insignificant; however, the more bad habits you have that pile-up, the more at risk your PII and your identity can be. Check out this list of three common habits that you should consider breaking today and why.
When you sign up for new online shopping accounts, some companies ask for your birthday, your age, your middle name, and primary and secondary phone numbers and email addresses. While it might be nice to receive a special coupon on your birthday, you may want to reconsider volunteering unnecessary private details. To compromise you can sign up with a nickname and leave your birth year blank. That way, if a cybergang ever breaches the company, the criminals won’t get far with your personal details. To steal an identity and ruin someone’s credit, sometimes all it takes it a full name, birthday, and phone number.
Do you post your every thought and movement on social media? While curating the perfect online profile can be fun, it can also be dangerous to your online safety. For instance, posting “get to know you” quizzes are a gold mine for social engineers and cyber criminals, as the results often reveal potential password inspiration, security question answers, and your likes and dislikes. From here, criminals can take educated guesses at your passwords or tailor a social engineering scheme that’s most likely to fool you. Consider setting your social media profiles to private and blocking followers you don’t know personally. Or, just keep parts of your life a mystery to the wider world.
We can all agree that increasingly strict password requirements are leading to longer and more complex passwords that are confusing to cyber criminals and to the rightful account holders, too! It’s tempting to reuse passwords to reduce the burden on your memory, but this puts your valuable PII in danger. Password and username combinations are often information that’s leaked in company breaches. In what’s called a brute force attack, a cybercriminal can plug that same pairing into hundreds of websites and wait for a hit. Since unique passwords for all your dozens of accounts is imperative, entrust their safekeeping to a password manager.
If you’re feeling uneasy about your online habits and the effect they may have had on your online safety, McAfee Protection Score gives you the information you need to take charge and make changes. Protection Score not only tells you how safe (or unsafe) you are, but the tool also offers suggestions on how you can raise your score, and thus be safer online. The service monitors data breaches and indicates when your email was part of a leak. Protection Score also dives into the dark web so you don’t have to. If your government ID or financial information appears, your score will take a large hit.
Protection Score not only tells you how safe (or unsafe) you are, but the tool also offers suggestions on how you can raise your score, and thus be safer online. The sooner you know your weak points, the quicker and more completely you can fortify your defenses and clean up after months (or years) of bad habits. Knowledge is power in the right against cyber criminals, so Protection Score is an excellent partner to help adopt smarter habits on the path to better online security.
With McAfee+ Ultimate, you not only get a Protection Score but a host of other top-rate tools to protect your identity, retain your online privacy, and help you recover from an identity theft. Running an antivirus, connecting to a VPN and installing web protection on your browser are all ways to increase your Protection Score, and these features are available with McAfee’s most thorough privacy, identity, and device protection service.
Make 2023 the year of living online confidently and safely!
The post New Year, New You: Start Fresh With McAfee Protection Score appeared first on McAfee Blog.
Identity thieves have been exploiting a glaring security weakness in the website of Experian, one of the big three consumer credit reporting bureaus. Normally, Experian requires that those seeking a copy of their credit report successfully answer several multiple choice questions about their financial history. But until the end of 2022, Experian’s website allowed anyone to bypass these questions and go straight to the consumer’s report. All that was needed was the person’s name, address, birthday and Social Security number.
The vulnerability in Experian’s website was exploitable after one applied to see their credit file via annualcreditreport.com.
In December, KrebsOnSecurity heard from Jenya Kushnir, a security researcher living in Ukraine who said he discovered the method being used by identity thieves after spending time on Telegram chat channels dedicated to the cashing out of compromised identities.
“I want to try and help to put a stop to it and make it more difficult for [ID thieves] to access, since [Experian is] not doing shit and regular people struggle,” Kushnir wrote in an email to KrebsOnSecurity explaining his motivations for reaching out. “If somehow I can make small change and help to improve this, inside myself I can feel that I did something that actually matters and helped others.”
Kushnir said the crooks learned they could trick Experian into giving them access to anyone’s credit report, just by editing the address displayed in the browser URL bar at a specific point in Experian’s identity verification process.
Following Kushnir’s instructions, I sought a copy of my credit report from Experian via annualcreditreport.com — a website that is required to provide all Americans with a free copy of their credit report from each of the three major reporting bureaus, once per year.
Annualcreditreport.com begins by asking for your name, address, SSN and birthday. After I supplied that and told Annualcreditreport.com I wanted my report from Experian, I was taken to Experian.com to complete the identity verification process.
Normally at this point, Experian’s website would present four or five multiple-guess questions, such as “Which of the following addresses have you lived at?”
Kushnir told me that when the questions page loads, you simply change the last part of the URL from “/acr/oow/” to “/acr/report,” and the site would display the consumer’s full credit report.
But when I tried to get my report from Experian via annualcreditreport.com, Experian’s website said it didn’t have enough information to validate my identity. It wouldn’t even show me the four multiple-guess questions. Experian said I had three options for a free credit report at this point: Mail a request along with identity documents, call a phone number for Experian, or upload proof of identity via the website.
But that didn’t stop Experian from showing me my full credit report after I changed the Experian URL as Kushnir had instructed — modifying the error page’s trailing URL from “/acr/OcwError” to simply “/acr/report”.
Experian’s website then immediately displayed my entire credit file.
Even though Experian said it couldn’t tell that I was actually me, it still coughed up my report. And thank goodness it did. The report contains so many errors that it’s probably going to take a good deal of effort on my part to straighten out.
Now I know why Experian has NEVER let me view my own file via their website. For example, there were four phone numbers on my Experian credit file: Only one of them was mine, and that one hasn’t been mine for ages.
I was so dumbfounded by Experian’s incompetence that I asked a close friend and trusted security source to try the method on her identity file at Experian. Sure enough, when she got to the part where Experian asked questions, changing the last part of the URL in her address bar to “/report” bypassed the questions and immediately displayed her full credit report. Her report also was replete with errors.
KrebsOnSecurity shared Kushnir’s findings with Experian on Dec. 23, 2022. On Dec. 27, 2022, Experian’s PR team acknowledged receipt of my Dec. 23 notification, but the company has so far ignored multiple requests for comment or clarification.
By the time Experian confirmed receipt of my report, the “exploit” Kushnir said he learned from the identity thieves on Telegram had been patched and no longer worked. But it remains unclear how long Experian’s website was making it so easy to access anyone’s credit report.
In response to information shared by KrebsOnSecurity, Senator Ron Wyden (D-Ore.) said he was disappointed — but not at all surprised — to hear about yet another cybersecurity lapse at Experian.
“The credit bureaus are poorly regulated, act as if they are above the law and have thumbed their noses at Congressional oversight,” Wyden said in a written statement. “Just last year, Experian ignored repeated briefing requests from my office after you revealed another cybersecurity lapse the company.”
Sen. Wyden’s quote above references a story published here in July 2022, which broke the news that identity thieves were hijacking consumer accounts at Experian.com just by signing up as them at Experian once more, supplying the target’s static, personal information (name, DoB/SSN, address) but a different email address.
From interviews with multiple victims who contacted KrebsOnSecurity after that story, it emerged that Experian’s own customer support representatives were actually telling consumers who got locked out of their Experian accounts to recreate their accounts using their personal information and a new email address. This was Experian’s advice even for people who’d just explained that this method was what identity thieves had used to lock them in out in the first place.
Clearly, Experian found it simpler to respond this way, rather than acknowledging the problem and addressing the root causes (lazy authentication and abhorrent account recovery practices). It’s also worth mentioning that reports of hijacked Experian.com accounts persisted into late 2022. That screw-up has since prompted a class action lawsuit against Experian.
Sen. Wyden said the Federal Trade Commission (FTC) and Consumer Financial Protection Bureau (CFPB) need to do much more to protect Americans from screw-ups by the credit bureaus.
“If they don’t believe they have the authority to do so, they should endorse legislation like my Mind Your Own Business Act, which gives the FTC power to set tough mandatory cybersecurity standards for companies like Experian,” Wyden said.
Sadly, none of this is terribly shocking behavior for Experian, which has shown itself a completely negligent custodian of obscene amounts of highly sensitive consumer information.
In April 2021, KrebsOnSecurity revealed how identity thieves were exploiting lax authentication on Experian’s PIN retrieval page to unfreeze consumer credit files. In those cases, Experian failed to send any notice via email when a freeze PIN was retrieved, nor did it require the PIN to be sent to an email address already associated with the consumer’s account.
A few days after that April 2021 story, KrebsOnSecurity broke the news that an Experian API was exposing the credit scores of most Americans.
It’s bad enough that we can’t really opt out of companies like Experian making $2.6 billion each quarter collecting and selling gobs of our personal and financial information. But there has to be some meaningful accountability when these monopolistic companies engage in negligent and reckless behavior with the very same consumer data that feeds their quarterly profits. Or when security and privacy shortcuts are found to be intentional, like for cost-saving reasons.
And as we saw with Equifax’s consolidated class-action settlement in response to letting state-sponsored hackers from China steal data on nearly 150 million Americans back in 2017, class-actions and more laughable “free credit monitoring” services from the very same companies that created the problem aren’t going to cut it.
It is easy to adopt a defeatist attitude with the credit bureaus, who often foul things up royally even for consumers who are quite diligent about watching their consumer credit files and disputing any inaccuracies.
But there are some concrete steps that everyone can take which will dramatically lower the risk that identity thieves will ruin your financial future. And happily, most of these steps have the side benefit of costing the credit bureaus money, or at least causing the data they collect about you to become less valuable over time.
The first step is awareness. Find out what these companies are saying about you behind your back. Keep in mind that — fair or not — your credit score as collectively determined by these bureaus can affect whether you get that loan, apartment, or job. In that context, even small, unintentional errors that are unrelated to identity theft can have outsized consequences for consumers down the road.
Each bureau is required to provide a free copy of your credit report every year. The easiest way to get yours is through annualcreditreport.com.
Some consumers report that this site never works for them, and that each bureau will insist they don’t have enough information to provide a report. I am definitely in this camp. Thankfully, a financial institution that I already have a relationship with offers the ability to view your credit file through them. Your mileage on this front may vary, and you may end up having to send copies of your identity documents through the mail or website.
When you get your report, look for anything that isn’t yours, and then document and file a dispute with the corresponding credit bureau. And after you’ve reviewed your report, set a calendar reminder to recur every four months, reminding you it’s time to get another free copy of your credit file.
If you haven’t already done so, consider making 2023 the year that you freeze your credit files at the three major reporting bureaus, including Experian, Equifax and TransUnion. It is now free to people in all 50 U.S. states to place a security freeze on their credit files. It is also free to do this for your partner and/or your dependents.
Freezing your credit means no one who doesn’t already have a financial relationship with you can view your credit file, making it unlikely that potential creditors will grant new lines of credit in your name to identity thieves. Freezing your credit file also means Experian and its brethren can no longer sell peeks at your credit history to others.
Anytime you wish to apply for new credit or a new job, or open an account at a utility or communications provider, you can quickly thaw a freeze on your credit file, and set it to freeze automatically again after a specified length of time.
Please don’t confuse a credit freeze (a.k.a. “security freeze”) with the alternative that the bureaus will likely steer you towards when you ask for a freeze: “Credit lock” services.
The bureaus pitch these credit lock services as a way for consumers to easily toggle their credit file availability with push of a button on a mobile app, but they do little to prevent the bureaus from continuing to sell your information to others.
My advice: Ignore the lock services, and just freeze your credit files already.
One final note. Frequent readers here will have noticed that I’ve criticized these so-called “knowledge-based authentication” or KBA questions that Experian’s website failed to ask as part of its consumer verification process.
KrebsOnSecurity has long assailed KBA as weak authentication because the questions and answers are drawn largely from consumer records that are public and easily accessible to organized identity theft groups.
That said, given that these KBA questions appear to be the ONLY thing standing between me and my Experian credit report, it seems like maybe they should at least take care to ensure that those questions actually get asked.
Learning meets fun at the 2022 SANS Holiday Hack Challenge – strap yourself in for a crackerjack ride at the North Pole as I foil Grinchum's foul plan and recover the five golden rings
The post Cracked it! Highlights from KringleCon 5: Golden Rings appeared first on WeLiveSecurity
Hybrid work and hybrid play now merge into hybrid living, but where is the line between the two? Is there one?
The post Hybrid work: Turning business platforms into preferred social spaces appeared first on WeLiveSecurity
Speaking to many CISOs, it’s clear that many security executives view zero trust as a journey that can be difficult to start, and one that even makes identifying successful outcomes a challenge. Simultaneously, the topic of security resilience has risen up the C-level agenda and is now another focus for security teams. So, are these complementary? Or will they present conflicting demands that will disrupt rather than assist the CISO in their role?
One of the most striking results coming from Cisco’s latest Security Outcomes Report is that organizations with a mature zero trust implementation – those with basic controls, constant validation and automated workflows – experience a 30% improvement in security resilience compared to those who have not started their zero trust journey. So, these two initiatives – implementing zero trust and working to achieve security resilience – appear to complement each other while supporting the CISO when a cyber black swan swims in.
Security resilience is the ability to withstand an incident and recover more strongly. In other words, ride out the storm and come back better. Meanwhile, zero trust is best known as a “never trust, always verify” principle. The idea is to check before you provide access, and authenticate identity based on a risk profile of assets and users. This starts to explain why the two are complementary.
The Security Outcomes Report summarizes the results of a survey of more than 4,700 security professionals. Among the insights that emerge are nine security resilience outcomes they consider most important. The top three outcomes for resilience are prevention, mitigation and adaptation. In other words, they prioritize first the ability to avoid an incident by having the right controls in place, then the ability to reduce and reverse the overall impact when an incident occurs, and then the ability to pivot rapidly without being bound by too rigid a set of systems. Zero trust will support these outcomes.
Preventing, or reducing the likelihood of a cybersecurity incident, is an obvious first step and no surprise as the most important outcome. Pursuing programs that identify users and monitor the health of devices is a crucial a preventative step. In fact, simply ensuring that multifactor authentication (MFA) is ubiquitous across the organization can bring an 11% improvement in security resilience.
When incidents occur, security teams will need a clear picture of the incident they are having to manage. This will help in them respond quickly, with a proactive determination of recovery requirements. Previous studies show that once a team achieves 80% coverage of critical systems, the ability to maintain continuity increases measurably. This knowledge will also help teams develop more focused incident response processes. A mature zero trust environment has also been found to almost double a team’s ability to streamline these processes when compared to a limited zero trust implementation.
When talking to CISOs about successful implementation programs, communication within the business emerges as a recurring theme. Security teams must inform and guide users through the phases of zero trust implementation, while emphasizing the benefits to them. When users are aware of their responsibility to keep the organization secure, they take a participatory role in an important aspect of the business. So, when an incident occurs, they can support the company’s response. This increases resilience. Research has shown that a mature program will more than double the effect of efforts to improve the security culture. Additionally, the same communication channels established to spread the word of zero trust now can be called upon when an incident requires immediate action.
Mature implementations have also been seen to help increase cost effectiveness and reduce unplanned work. This releases more resource to cope with the unexpected – another important driver of resilience surfaced in Volume 3 of the Security Outcomes Report. Having more efficient resources enables the security function to reallocate teams when needed. Reviewing and updating resource processes and procedures, along with all other important processes, is a vital part of any of any change initiative. Mature zero trust environments reflect this commitment continuous assessment and improvement.
Inherent in organizational resilience is the ability to adapt and innovate. The corporate landscape is littered with examples of those who failed to do those two things. A zero trust environment enables organizations to lower their risk of incidents while adapting their security posture to fit the ongoing changes of the business. Think of developing new partners, supporting new products remotely, securing a changing supply chain. The basic tenets of MFA – including continuous validation, segmentation and automation – sets a foundation that accommodates those changes without compromising security. The view that security makes change difficult is becoming obsolete. With zero trust and other keys to achieving security resilience, security now is a partner in business change. And for those CISOs who fear even starting this journey, understanding the benefits should help them take that first step.
Download the Security Outcomes Report, Vol. 3: Achieving Security Resilience today.
Learn more about cybersecurity research and security resilience:
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
It’s been a particularly busy and colourful week, scam-wise in our household. Between 4 family members, we’ve received almost 20 texts or emails that we’ve identified as scams. And the range was vast: from poorly written emails offering ‘must have’ shopping deals to terse text messages reprimanding us for overdue tolls plus the classic ‘Dear mum, I’ve smashed my phone’ and everything in between.
There’s no doubt that scammers are dedicated opportunists who can pivot fast. They can pose as health authorities during a pandemic, charities after a flood or even your next big love on an online dating platform. And it’s this chameleon ability that means we need to always be on red alert!
According to the Australian Competition and Consumer Commission (ACCC), Aussies lost a record amount of more than $2 billion in scams in 2021. And that was with record levels of intervention from the government, law enforcement agencies and the private sector. The most lucrative scams were investment scams ($701 million) followed by payment redirection scams ($227 million) and then romance scams which netted a whopping $142 million.
But the psychological trauma that is often experienced by victims can be equally as devastating. Many individuals will require extensive counselling and support in order to move on from the emotional scarring from being a victim of hacking.
So, with scammers putting so much energy into trying to lure us into their web, how can we stay one step ahead of these online schemers and ensure we don’t become a victim?
While there are no guarantees in life, there are a few steps you can take so that you can quickly recognise an online scam.
If you’ve received a text message, email or call that you think is a scam, don’t respond. Take your time. Slow down and pause. If it’s a call, and you’re not sure – hang up! Or if it’s a text or email – delete it! But if you are concerned that it might be legitimate, call the company directly using the contact information from their official website or through their secure apps.
If you are being asked to share your personal information or pay money either via a text or phone call, take some time to think. Does it feel legitimate? Do you have a relationship with this organisation? Remember, scammers are very talented at pretending they are from organisations you know and trust. If in doubt, contact the company directly via their official communication channels. Or ask a trusted friend or family member for their input. But remember, NEVER click on any links in messages from people or organisations you don’t know – no exceptions!!
Do not hesitate to take action if something feels wrong. If there are any transactions on your credit card or bank statements that don’t look right, call your bank immediately. If you think you may have given personal information to scammers, then act fast. I recommend calling ID Care – Australia and New Zealand’s national identity and cyber support service. They are a not-for-profit charity that provides support to individuals affected by identity and cyber security issues.
ReportCyber is another way of notifying authorities of a scam. An initiative of the Australian Government and the Australian Cyber Security Centre, it helps authorities investigate and shut down scams. It’s also a good idea to report the scam to Scamwatch – the dedicated scam arm of the Australian Competition and Consumer Commission (ACCC).
We’ve all heard that ‘prevention is better than a cure’ so taking some time to protect yourself before a scammer comes your way is a no-brainer. Here are my top 5 things to do:
Please don’t think smart people don’t get caught up in scams because they do!! Scammers are very adept at looking legitimate and creating a sense of urgency. With many of us living busy lives and not taking the time to think critically, it’s inevitable that some of us will become victims. And remember if you’re offered a deal that just seems too good to be true, then it’s likely a scam! Hang up or press delete!!
The post How To Recognize An Online Scam appeared first on McAfee Blog.
sc-daa-1200