Opportunities in Government for Skilled Security Personnel

As recent data breaches have shown, cyber attacks are particularly threatening to government entities handling sensitive data like Social Security numbers. Unfortunately, state agencies struggle to hire cybersecurity professionals.

The cause of this staffing shortage? There simply aren’t enough qualified people for the job[i]. Thankfully, change is in the air.

To attract skilled cybersecurity experts, some state governments are expanding IT internships for high school and college students. Many are offering more money, telecommuting jobs and flexible hours in hopes of landing the right candidates.

Some challenges states face in the hiring of skilled IT staff include:

  • Recruiting new workers to fill vacant IT slots
  • Offering competitive salaries to entice skilled professionals from the private sector
  • Filling senior-level IT positions quickly
  • Retaining skilled employees and minimizing turnover

One novel approach is “cross-training” talent: state governments have begun rotating cybersecurity employees through different positions to improve skills quickly. Like an endurance athlete cross-training with weight lifts and short sprints, exposure to different kinds of threats, networks, technologies and security strategies rapidly builds expertise among IT professionals and provides meaningful training for young hires. Cross-training can help improve retention while bolstering a state’s digital security apparatus.

Aspiring cybersecurity professionals should explore options in the public sector. Government employment offers a meaningful, multidisciplinary approach to continuing your cybersecurity journey.

I’m compensated by University of Phoenix for this blog. As always, all thoughts and opinions are my own.

[i]  http://www.bls.gov/opub/btn/volume-2/careers-in-growing-field-of-information-technology-services.htm

Back to school Tech Security Tips for College Students

Some of us remember college dorm days, when students were envied if they had their own typewriter. These days, college students must have a personal laptop computer, and a smartphone, and their lives revolve around these connected devices.  Such dependency should be proactively protected from loss or theft.  Campus security now means more than just being beware of who might be hiding in the bushes at night.

1SWhen you send your college kid off into the world, you want them to be prepared for life’s curveballs, and unfortunately, the occasional criminal too. How prepared are they? How prepared are you? Do you or they know that if they leave their GPS service on, some creep could be “following” them? Are they aware of how to lock down their devices to prevent identity theft?

For cybersecurity and personal security, college students should:

How might students get hacked and how can they prevent it?

  • They can fall for a scam via a campus job board, the institution’s e-mail system, off-campus public Wi-Fi or on social media. Be aware of what you click on.
  • It’s easy for devices to be stolen; never leave devices alone whether it’s in the library or a café.
  • Shoulder surfing: Someone peers over their shoulder in the study lounge or outside on a bench to see what’s on their computer screen. A privacy filter will make shoulder surfing difficult.
  • Be careful when buying a used device (which can be infected) and simply taking it as is. Wipe it clean and start fresh with the installation of a new operating systems.
  • If you’re not using your devices, consider keeping them in a lockbox or a hidden place instead of exposed in a shared living space like a dorm.
  • All devices should have a password protected screen lock.
  • Data should be backed up every day. Imagine how you’d feel if you lost that term paper you’ve been slaving over!
  • Get a password manager, which will create strong, complex passwords unique to every account. And you won’t have to remember them.
  • Avoid jailbreaking your smartphone, as this increases its hackability.
  • Avoid using public Wi-Fi for transactions involving money or sensitive information, since hackers could easily snoop on the data transmissions. A virtual private network (VPN) will prevent snooping by encrypting transactions.

All devices should have security software that should be updated automatically. Virus scans should be done every day, or at least no less frequently than once a week.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

Very Bad People for hire online

The Deep Web is not a nice place. Here, people can hire assassins, take ransomware payments, purchase U.S. citizenship without revealing their identity, among other things, says an article on darkreading.com.

6DThis information comes from Trend Micro, which used a tool called the “Deep Web analyzer,” something of a web crawler, that collected URLS that were linked to TOR- and I2P-hidden sites, domains with nonstandard TLDs and Freenet resource identifiers, says darkreading.com.

The Deep Web is that portion of cyberspace that’s not indexed by the search engines. The Dark Web is part of the bigger Deep Web, accessible only via special tools.

A Dark Web user could literally hire a rapist or assassin. In fact, assassins even advertise, such as the group C’thulhu. Pay them their fee and they’ll maim, cripple, bomb and kill for you.

$3,000 will get you a “simple beating” to a “low-rank” target. $300,000 pays for the killing of a high-ranking political figure, staged to look like an accident.

Users can also hire (and do so much more commonly than the above) cybercriminals and child exploitation services.

The article points to additional research of the Deep Web, that cybercrooks use anonymization tools in creative ways. In fact, they are using TOR for the hosting of their command-and-control infrastructure. TorrentLocker is a type of malware, and it uses TOR to accept Bitcoin payments and host payment sites.

In other words, cybercriminals are using the Deep Web/Dark Web more and more commonly these days. TOR is being used for cybercriminals to receive payments for their hacking services.

But that’s not the biggest problem of the deep, dark Web, is it? As mentioned, it can be used to hire someone to murder. Just what will all of this eventually evolve into in the next 10 years?

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

The Growing Demand for Cybersecurity Professionals

Cybersecurity professionals are always in demand[i]. Threats to intellectual property and sensitive data constantly evolve with technology, which means a security professional’s job is never done. There’s always another security problem to solve.

Consider the recent proliferation of cyber attacks: it’s become easier and easier for a small group of people to compromise vast networks of corporate and government information. Worse still, cyber criminals are getting better at covering their tracks.

Experts believe the global shortage of top-flight cybersecurity professionals exceeds one million–our federal government is currently seeking more than 10,000 candidates. The trend will continue in the near future as more and more features of day-to-day living are converted to digital.

As the private sector feels the crush of data breaches, the increasing sophistication of attacks fuels demand to counter or prevent them. Unfortunately, cybersecurity is rarely considered a “glamor job.” Ask a hundred eight-year-olds what they want to be when they grow up and few (if any) will answer “cybersecurity specialist.”

But that’s all the more reason to consider a career in this booming field! Governments and private organizations of all kinds are desperately seeking skilled candidates to protect their data and critical infrastructures from cyber criminals. The shortage of cybersecurity talent is not simply a lucrative opportunity for IT experts–it’s a matter of national security in defense of privacy, property and fair commerce.

Simply stated: there have never been better opportunities for advancement in the cybersecurity profession.

I’m compensated by University of Phoenix for this blog. As always, all thoughts and opinions are my own.


[i]  http://www.bls.gov/opub/btn/volume-2/careers-in-growing-field-of-information-technology-services.htm

A look into Cyber Weapons of the Future

Remember the good ‘ol days when you thought of a finger pushing a button that launched a Russian missile that then sped at seven miles per second towards the U.S. to blow it up?

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294Little did we know back then what would one day be a way for the Superpowers to war on each other: cyber technology!

A new book is out called Ghost Fleet: A Novel of the Next World War, written by Peter W. Singer and August Cole. WWIII certainly won’t be wrought with speeding missiles and hand-to-hand combat in the trenches—at least not the bulk of it.

An article on vice.com notes that the Third World War will take place in cyberspace (in addition to land, sea and air).

Vice.com contacted Singer about his novel. One of the villains is China, even though much of the attention has been on the Middle East and so-called terrorist attacks by radical Muslims.

To write the novel, the authors met with a wide assortment of people who, if WWIII were to come about, would likely be involved. This includes Chinese generals, anonymous hackers and fighter pilots. This gives the story authenticity, realism…a foreshadowing.

Singer explains that his novel is so realistic that it’s already influencing Pentagon officials in their tactics.

The Third World War will probably not require so much the ability to do pull-ups, slither under barbed wire and rappel down buildings, but the mastering of cyberspace and outer space: It’s likely that the winner of this war will be king beyond land, sea and air: lord over the digital world and the blackness beyond our planet’s atmosphere.

Projected Weapons of WWIII

  • A kite-shaped Chinese drone, massive enough to take out stealth planes and ships
  • Drones that, from high altitude, could get an instant genetic readout of an individual
  • Smart rings that replace computer mouses
  • Brain-machine interfaces. This already exists in the form of paralyzed people using their thoughts (hooked up to a computer) to move a limb (their own or robotic). This technology has applications in torturing the enemy.

That old saying, “What the mind can conceive and believe, can be achieved,” seems to be becoming more truer by the second. Imagine being able to wipe out the enemy by plugging your thoughts into a computer and imagining them having heart attacks.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Tips to destroy and shred

You can’t be too neurotic about shredding sensitive documents to smithereens. For example, some people make a career out of “dumpster diving,” digging through trash in search of bank account information, credit card preapprovals, medical bills, mortgage statements, etc., and then they commit fraud, including creating new accounts with the found information—accounts in the victim’s name.

2PAnd by the way, anything with your signature can be a gem to the dumpster diver, as your signature can be forged.

Diving for Dollars

  • Dumpster diving is legal if the trash can is in a public spot including the big trash bin at your apartment complex.
  • Dumpster divers aren’t necessarily homeless men dressed in rags looking for discarded food. They may be professional identity thieves, and if they’re extra smart, they’ll dress like a vagrant to fool people into thinking they’re looking for food scraps.
  • Your trash can is a goldmine for an identity thief; think of what’s on all the paperwork you toss out, week after week—all sorts of tidbits about your life, from your favorite stores to your kids’ names.
  • A lot of personal details about you come simply from empty envelopes with their return addresses.

Shredding

  • Buy a shredder. There are different kinds that shred at differing dimensions as well as various strengths (some shredders will slice and dice CDs).
  • Don’t buy a “strip-cut” type, as the shreds could be reconstructed. The “micro-cut” shreds at the smallest dimensions.
  • Believe it or not, there are crooks who will take the time to put back together a shredded document, including with the help of Unshredder, a computer program.

Burning

  • Keep a cardboard box handy that you continually fill up with shreddables.
  • Just toss documents that are on deck for burning into this box as you go throughout the day. Then incinerate the box.
  • A large stack of documents will not completely burn, so don’t place these in a motley arrangement so they aren’t “thick”.

Miscellaneous

  • Don’t leave boxes that contained expensive merchandise in plain view at your curb; this is almost the equivalent of sticking a sign there with bright red letters stating: “I just purchased a giant flat screen TV; come on in and steal it.” Destroy/shred

Ask yourself this question: If someone “stole” your trash, would that be a problem? If you say yes, then you toss too much data. For me, I don’t care, nothing I toss is of any value to anyone.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Smartphones for Kids aren’t such a good Idea

Maybe you believe that kids should not have smartphones because the devices can tell a pedophile where a child is located. But there’s other reasons that perhaps you haven’t thought of: cyberbullying, violent porn, online drug purchases, you name it.

5WSmartphones give kids ongoing Internet access; they can’t live without this constant connection because it’s the normality that they’ve grown up with. Children and teens are a product of their technological times and can’t imagine getting through the day without constant connection to the cyber universe.

An article in The Telegraph features a perspective from child psychotherapist Julie Lynn Evans. She points out that the striking increase in youth suicides and youth emotional issues (e.g., anorexia nervosa, cutting) is the result of constant Internet access.

Evans has personally seen the correlation; the driving force of the mental problems gets traced back to cyberspace and the smartphone. Remember the good ‘ol days when the only access that kids had was at the family room’s computer or even the one in their bedroom? You can’t carry that thing around.

Evans’ voice is supported by the big rise in admissions to child psychiatric units, having doubled in the past four years. Self-harm is way up too.

Though many people assert that the smartphone is only a tool and should not be blamed for suicide attempts or self-harming behavior, and that family dynamics are the fuel behind it all, Evans makes clear that smartphones are a big part of the multifactorial process of depression and turmoil.

Smartphones have changed the world; is it such a leap that they can cause the rise in youth psychological problems? Especially when the bullies can follow their targets anywhere? And it’s not just bullying; there are websites that, for instance, give tips on being anorexic.

Kids under 16 can’t legally drive, but they’ll always have legal access to smartphones. It’s up to parents to set rules and have conversations. At the same time, parents must take some credit for bad outcomes: A 14-year-old girl from a stable homelife isn’t going to take advice on how to drop from 110 pounds to 70 pounds just because her smartphone can connect her to a “pro-ana” website.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Cyberbullying: Its Uniqueness & Prevention

Unfortunately, cyberbullying is prevalent, and a growing threat in today’s always-connected world. Cyberbullying refers to bullying done via computers, or similar technologies, such as cell phones. This kind of bullying usually includes mean or threatening comments, or public posts through texts, emails, voice mails, social media posts, all intended to embarrass the victim.

11DCyberbullying can happen to both adults and kids, but since it’s so common among youths, it’s good to know how to help your children deal with the problem.

One important idea to keep in mind is that unlike the kind of face-to-face bullying that many of us witnessed in school years ago, cyberbullying doesn’t end when the bully is out of sight.

These days, a bully can virtually follow his or her victim everywhere using technology. The bullying can take place without the victim’s immediate awareness, and because of the broad reach of social media, the audience is often much larger than at the school yard.

Since it can be difficult to get a cyberbully to stop their harassment, your best bet is to teach your kids safe online habits to try to prevent a bullying situation in the first place.

Cyberbullying Prevention Tips:

  • Let your kids know that you will be monitoring their online activities using parental control software. Explain how it works and how it can benefit everyone. This policy should be well-established long before your kids get their own cell phone and computer.
  • Make a point of discussing cyberbullying with your kids, and help them understand exactly what it is and how it happens. These discussions should take place before kids get their devices.
  • Set a condition before a child gets his or her very own smartphone and computer they must give their passwords to you. You can, of course, reassure them that you won’t use the passwords unless there’s a crisis.
  • Another condition for device ownership is that your kids will sit through instruction on smart online habits, and most importantly, they should understand that once you post something in cyberspace, it’s there forever.
  • Once your kids get their devices, role-play with them. This gives you a chance to play the part of a bully, and teach your kids appropriate responses.
  • Warn your kids not to freely give out their cell phone number and email address, and tell them that they should never reveal their passwords, even to close friends.
  • Stay aware of your children’s online activities and reassure them that they will never get in trouble if they report cyberbullying to you.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

How Employers or Parents Spy

Disgruntled employees act out in lots of ways. A guy I knew who hated his boss “played” on his work computer all day. The computer was strictly for constructing company graphics. But he installed all kinds of games and wasted lots of time. His boss never knew he blew off half the day.

2WCompany computers are obviously company owned, making it legally possible for your boss to spy on you. Employers can also figure out whom you’re speaking to on your company owned or sanctioned phone and for how long—with phone monitoring software—They can also see contacts, emails, texts, media and more. All legally.

An article on forbes.com notes that some companies sell and advertise such software in a sensational way (“Find Out WHO Is Making Up Normal Personal Calls”)—software that can automatically send e-mail alerts about phone calls made by employees. These include details such as frequency and with whom.

The forbes.com article then mentions another such company, that sells spyware for cell phones and tablets that’s “100% invisible and undetectable.” They usually call it monitoring, not spying, and point out that businesses have a right to monitor to “control their business.” And, frankly, they do.

However, most of these programs are geared towards and used by parents and spouses (spouses concerned with cheating) and parents, what with kids developing all kinds of psychological disorders with the help of cyberbullying.

And again, company monitoring is legal if this activity is in the employer’s contract. The monitoring must have a business-related reason. There’s a difference between “spying” or tracking an employee’s use of the company phone during times that employee is supposed to be working, and spying on his conversations with his ex-wife over the custody fight of their kids while he’s on lunch break.

Businesses need to strike the right balance so that employees don’t feel that their trust has been violated.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

3 Ways We are Tricked into Cyber Attacks

So just how are hackers able to penetrate all these huge businesses? Look no further than employee behavior—not an inside job, but innocent employees being tricked by the hacker.

9Drecent survey commissioned by Intel Security reveals that five of the top seven reasons that a company gets hacked are due to employee actions.

One of the things that make it easy to trick employees into giving up critical information is the information employees share on social media about their company.

People just freely post things and tweet all day long about company matters or other details that can be used by a hacker to compromise the company. What seems like innocuous information, such as referring to a company big wig by their nickname, could lead to social engineering (tricking users into believing the request is legitimate so the user gives up sensitive information).

Between social media and the golden nuggets of information on Facebook, Twitter, LinkedIn and other platforms, hackers have a goldmine right under their nose—and they know it.

3 Key Pathways to Getting Hacked

  1. Ignorance. This word has negative connotations, but the truth is, most employees are just plain ignorant of cybersecurity 101. The survey mentioned above revealed that 38% of IT professionals name this as a big problem.
    1. Do not click on links inside emails, regardless of the sender.
    2. Never open an attachment or download files from senders you don’t know or only know a little.
    3. Never visit a website on the job that you’d never visit in public. These sites are often riddled with malware.
  2. Gullibility. This is an extension of the first pathway. The more gullible, naive person is more apt to click on a link inside an email or do other risky tings that compromise their company’s security.
    1. It’s called phishing(sending a trick email, designed to lure the unsuspecting recipient into visiting a malicious website or opening a malicious attachment. Even executives in high places could be fooled as phishing masters are truly masters at their craft.
    2. Phishing is one of the hacker’s preferred tools, since the trick is directed towards humans, not computers.
    3. To  check if a link is going to a phishing site, hover your cursor over the link to see its actual destination. Keep in mind that hackers can still make a link look like a legitimate destination, so watch our for misspellings and bad grammar.
  3. Oversharing. Malicious links are like pollen—they get transported all over the place by the winds of social media. Not only can a malicious link be shared without the sharer knowing it’s a bad seed, but hackers themselves have a blast spreading their nasty goods—and one way of doing this is to pose as someone else.
    1. Be leery of social media posts from your “friends” that don’t seem like things they would normally post about. It could be a hacker who is using your friend’s profile to spread malware. Really think…is it like your prude sister-in-law to send you a link to the latest gossip on a sex scandal?
    2. Don’t friend people online that you don’t know in real life. Hackers often create fake profiles to friend you and then use their network of “friends” to spread their dirty wares.
    3. Take care about what you post online. Even if your privacy settings are set to high, you should think that when you post on the Internet, it’s like writing in permanent ink—it’s forever. Because did we all really need to know that time you saw Kanye from afar?

All of us must be coached and trained to keep ourselves and our workplaces safe, and that starts with practicing good cyber hygiene both at home and at work.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.