When you think of Cyber Security you probably think about your iphone getting hacked, or your email, or your companies servers, or your credit card, or bank card or health care, or banking, or government information plus so many others…
But did you ever stop to think about how a huge chunk of all the data populating all those things actually gets there? Not in the sense of how Google asks prospective employees to describe how the internet works. But close. Think Space.
Satellites are massive growth industry, for both government and business alike. We have scaled globally from a situation 20 years ago where only a handful of countries could afford to mount in orbit operations on even one satellite.
Now there are literally thousands of satellites in space with more and more getting launched into either permanent or semi permanent orbits — along with resulting real space junk and debris following closely along.
There is a correlation of increased launches with smaller launch packages, increasingly smaller and lighter satellite platforms and lower cost; with massive increased consumption and transport of data in both up and down link; and other bands.
All of this has led to a reset of the cyber security needs surrounding ground stations, launch facilities, terrestrial platforms, satellites, rockets, and of course the data. There are multiple types of data flowing into the typical modern communications satellite. Up-link, down-link controls and management software, then data payloads of voice, video, data, etc + then often reversed in direction again. Add to this the security levels, the control levels and maintenance levels — and there is a digital river of information coming in and out of every satellite, ground station and in between.
This is one of the major targets for global cyber war efforts by governments as well as cartel hacker groups and other groups seeking only power and information to then bring money.
One of the key weakpoints is the people on the ground and their BYOD (Bring your own device) methods + practices – whether sanctioned or not.
Along the same lines is the social engineering side of hacking and cyber war and how people’s pictures, social media posts, location tags, and other digital exhausts can be combined in a detailed matrix for an attacker to figure out organizational patterns, phrases, colloquialisms and other ways to use psychology against us.
Another key weakpoint is that many of the cyber security protocols designed for this global data transfer every milli-second is that they are simply outdated and not up to the task of modern efforts to hack and crack this technology and its safeguards and firewalls.
Follow my remarks in a few more weeks to hear more on the very real risks being posed by the explosion in satellites and data flowing between Earth and Space. Indeed, Global Cyber Security is on Earth + Space.
The Panama Papers as released this past week are a really huge data dump, in fact one much larger in scale than that of Wikileaks, and the largest to date in history.
The project that resulted in this massive public disclosure, was essentially a cyber security lapse leading to a breach. Following the breach, data exfiltration was executed through leveraging a long known critical failure in the operating system and email servers that were used by the law firm, Mossack Fonseca.
Not only are the Panama Papers a stunning example of a hack that resulted in massive data exfiltration; thus consequently leading to a global reputation breach. But they are also representative of a slow to change cyber security environment in law firms, corporations and organizations globally.
Drupal, a widely used language for databases and other programs has been constantly been providing critical updates since it’s inception. Users of Drupal have to make the choice to keep their systems up to date, or as in this case, not.
The utter lack of cyber security protocols like updating a server, or dealing with over 25 issued critical updates to the operating system/servers bring to mind other major hacks like the Target Corporation hack where 60,000 alerts were ignored by corporate IT staff. This is the opposite of what cyber security protocols would dictate.
Law firm IT staff need to be amongst the first to adopt these basics; but often times are not, and many international law firms have mediocre to poor network security. In that area, the Panama Papers could be any law firm, anywhere. The reputation loss suffered by the cyber security lapse and breach could be any law firm’s clients, anywhere.
Digijaks has been working with clients for years to address the undeniable link between cyber security and reputation control. The Panama Papers simply serve as one more reason why these issues are so connected and so important to both people and organizations.
noun: conundrum; plural noun: conundrums
a confusing and difficult problem or question.
“one of the most difficult conundrums for the experts”
This is the conundrum of the digital age.
One one hand executives of a company will be the first to state they think their systems are secure, and if there are any problems they are small.
Maybe they think their information, data and business relationships are not important to hackers because, “too small”, “not on radar screen”, or “we have nothing worth taking.”
But both of these are clearly conundrums:
But- and this is actually more like a because — Organizations have to think and act pro-actively when it comes to cyber security and privacy. True for people too. If you think you have no cyber weaknesses than you do. If you think you have nothing to lose, than you do. If you think no one is interested in your organization because it is too small or not on the radar screen, than you are wrong, and they are.
Now is actually the time to assess your organization’s situation, and that of your people too. Do it now before you get hacked or breached. Because you will get hacked or breached. Be prepared. Don’t be caught behind a truck that just ran over your business and people.
My company Digijaks sees a lot of these types of issues with clients. Preventive medicine works, in healthcare and cyber security. Both need daily hygiene and maintenance and both also need updates, checkins and repair work too.
Ah, the Internet of Things.
Just the sound of it sends thrills, chills and huge question marks through both technologists and regular people alike.
Just think, you can already do the following:
I could go on with this list. But why bother?
The Internet of Things, or IOT as it is called in the media, by analysts and techies alike is an amorphous concept and does not easily translate into everyday speak for the average person.
There are cybersecurity concerns with the overlapping inter-connectedness that are growing exponentially by the month; as more and more devices come on line, get connected to the Internet. Many if not most have little to zero security protocols built in.
There is no current “IOT cybersecurity standard” or anything close. As a result, the apps and tools that seemingly make your life so easy, are in most probability leaking, if not pouring personal information about you or your family onto the internet in ways you may or may not be aware of.
There are reputation control and reputation management issues arising from both the above mentioned inter-connectedness as well as from some basic common sense things that come from having devices connected to the Internet and talking to “home” or each other in ways that also reveal identity, location and other personal information. Some of these IOT apps and tools even tweet or post other social updates for you as reminders, alerts and other pushed out information into public or semi public arenas.
So ask yourself 5 Major IOT for Reputation Questions:
We live in a hyper-connected world that brings the globe to you; and you and your family to the globe at equally fast speeds. While on one hand, any one of us can access the internet, through any number of tools, platforms, technology and software and almost any combination too. But on the other hand the internet can and does access us, and all of our information, every minute of every day. Probably more than you and your family access the internet.
One thing that is growing in need and in reality is the international and cross cultural aspects of Cybersecurity. For example, businesses and governments alike in the US and in Israel face similar challenges within similar robust telecom and economic environments. 15 years ago the idea of US and Israeli Cybersecurity companies working together seemed remote or exotic. Speak to anyone in Cybersecurity, and it won’t take long for the Israeli Cybersecurity community to come up. True for Venture Capital in Israel too.
Dr. Orit Mossinson, a Venture Capitalist + founder of Dalai VC – A VC firm that specializes in Cybersecurity – had this to say: “Bringing Israeli Cybersecurity companies through capitalization to becoming the leading edge of how to combat cyberwar efforts, is just beginning. Over the next few years there is going to be massive growth in this unique space.”
My company Digijaks is constantly working with businesses and governments on Cybersecurity. What applies to big business or governments applies to people and families mostly too. That is true in the USA, Israel, UK, Canada, Japan, Singapore, etc, or any nation considered 1st world with full internet access.
Within as long as it takes to blink an eye, you or your family can get caught up in a Cybersecurity breach leading to a Reputation and search breach. It does not take much, and is not the sole domain of big companies being targeted. Ask yourself, do you have wifi? Is it secure? Do you have devices? Run a business? Pay taxes? Do Online Banking? Any of the above could be the entry into your life by a hacker.
This might sound hard to believe in the era of downloadable feature films in a few seconds and the huge amounts of data coming “down” the “pipes” to our devices. But for every bit of data coming in; we are pouring it right back through apps, games, web browsing, file uploading, liking, tweeting, sharing, and videos and not to mention the IoT — as in your tweeting fridge and internet sharing toaster. Don’t even get started on the lack of cybersecurity for IoT globally. Because there is none. Or very little of note.
There just is not any in most of those devices or apps yet. Don’t kid yourself or mistakenly think you or your families are not being monitored and watched through the IoT. The more devices you have connected, the scale of magnitude of potential monitoring and watching is exponential.
Several years ago the digital exhaust of the average first world person with access to the internet was less than 1000 data points per person roughly. Now scale upwards and it is closer to 20,000 data points per person in their digital exhaust. How many companies are tracking these, and or reselling them to other groups? How many governments? How many hacking groups? Extortionists? Kidnappers? Digital Money Robbers?
When we get invited to address groups about Cybersecurity, they always want to know about their specific devices. Is this safe? Is that dangerous? Cybersecurity is one part hardened data, encrypted data and secure data transport. It is also one part human. Increasingly so, with socially engineered attacks such as phishing and drive by malware hosted on social media or in apps. The human element is about training employees, about families working with each other to be private and safe online and is about the fact that humans will and can get tricked by their own emotions and desires. This is what makes social engineered attacks so pernicious.
They are not about weak data points or lack of encryption. They are about our human frailty and how it gets exploited by digital tormenters.
Think about it. What if a Stuxnet-like custom designed cyber war tool; were to take out all the SCADA devices in a particular city? Or take out a particular industry like oil and gas or electrical generation; or at 50 hospitals at once? The problem is every unsecured SCADA device is also listed in multiple places to be publicly found on the internet, not even the dark web. 7 million + devices, terminals, industrial control centers, power plants, factories, utility grids and transportation and information networks are to be found just by searching.
Bring the best of the best together and create new environments in which they can work together to stop a global scourge of cybersecurity breaches and the resultant reputation and search breaches that follow every attack. True in the USA and true in Israel. The world is looking at the very beginnings of a 3rd World War. This one is invisible mostly, harms people in real life sometimes, yet is being conducted by numerous countries, companies, and criminals all at once against each other. Now is the time to start combining the best of the best and the brightest.
Many people must feel the 2015 holiday break could not have arrived soon enough what with terrorism, crazy weather and other events that get covered rightly or wrongly in social media. While these can be scary and confusing times, they can also be times to educate, learn and help one another to understand a new reality we are all living in now.
There are specific tactics and strategies for understanding how live events unfold in social media and these can be instructive to the general public about what you are seeing and when, during events like these past weeks that we have all experienced. Real life events almost always flow to the internet in a micro second. Knowing how to tell the difference between truth and fiction could be critical to saving your own life of that of your family in a real life emergency that is also happening on social media.
So below are general truths about live events that unfold in a digital realm and in real life.
I created an emergency social media list on twitter with accounts that are both trusted and real. I suggest you do the same and keep that list handy.
Make a list of your local real life emergency providers websites, twitter accounts and other social media tools. Use them to verify information and dispel rumors.
That nasty little something that someone, a bot, or a person, or maybe both left for you overnight. It is a digital take down. A bad blog post. A social media meme that is being unanswered or purposely pumped up to discredit you, your company or organization or your brand. Or maybe it is a false allegation. Or paid fake bad reviews that your competitors put up.
Face it. The Internet is a hostile place for your reputation and your brand, whether that is personal, corporate or government. The control and management of your reputation start and end with you. As we enter 2015, it is worth paying attention to, in fact it is important to take stock of your online reputation, the management of it and the control of it. It is yours. Not anyone else.
The — Internet, social media, the cloud, mobility, bring your own device, artificial intelligence, autonomous computing etc etc — all are really cool buzz words. All come with prices to pay that include the constant need for personal, corporate and government level cyber security, reputation management and reputation control.
Our top 10 List of Ways That Cyber Security, Social Media and Reputation Management and Reputation Control all mesh together.
- Social Media — is the entrance point for viruses, malware, malformed links, phishing and learning enough about someone to turn around and destroy their reputation.
- Mobility — allows for instant access to social media, email, sms, cloud and phone, and video, as ways to tear down a brand or reputation. It can happen anywhere, at any time, by anyone around you holding a smartphone or smart watch or smart glasses.
- Cloud — allows people to store information quickly and easily. This can be for phishing, for cyber crime, for reputation destroying or extortion. Images and videos, poems and documents and your complete online profile can be easily harvested by smart people and or bots and then turned around against you. What information are you allowing out or putting out to make it easier to be attacked? Or easier to have your reputation tarnished or that of your brand?
- Bring Your Own Device (BYOD) — While fun and easy for users and your employees BYOD brings a whole fruit basket worth of cyber security and reputation management and control issues along with it. BYOD allows users and employees to access the internet and social media channels without approval or notice from the employer. A reputation can be destroyed in an instant with a recorded conversation, a video, an errant email or sms, or worse corporate espionage and cyber crimes can be instituted easily with BYOD.
- Artificial Intelligence — The name alone. What does it mean? How can artificial intelligence (AI) bots or autonomous computing affect your cyber security and reputation management and control? In so many ways we are just beginning to understand.
- Lazy People — Sorry but many times the malware or the phishing or the destruction of reputation starts with someone simply being lazy, not having security and privacy settings attended to, and or worse letting someone else use their login credentials.
- Your Competition — They have access to the same tools you do. They can buy hackers, they can buy reputation destruction; they can attempt to steal your trade secrets; they will try to insert bad people into your organization at every level. (See 8 below.)
- Bad People — No good, no ethos or morals. These people do not care if they harm you. They seek to. These come in the form of social media contacts or email phishing all the way through HR, interviewing, shadowy financiers and content theft propagators from online goods. They will use any and every tool out there to disrupt your business, to destroy your reputation.
- Posting stupid pictures of yourself — on to any website regardless of how safe you *THINK* it is.
- Not checking the health and welfare of your own digital reputation and brand.
Copyright © 2010-2015 Digijaks, LLC
Cybersecurity used to be be the geek’s eagle’s nest. it was hard to understand, hard to get to, hard to see the impact and need often times. If there was a CIO or CISO, he/she would not be in the board room too often, and usually the budgets were the first to go in any budget change environment. But the cycle switched. Now we are in the opposite cycle. The CIO and CISO are ruling the roost and commanding serious budgets and attention. But being missed in all the excitement is this:
The Crossover from pure cyber crime to real world crime from the same instance.
It is safe to say, times have changed. Now – Cybersecurity has become a word known in almost any home where there is digital connectivity. Time and time again, we are offered proof that cybersecurity now encompasses reputation management; active control of search and social media as well as the traditional hardening of data access points, transport points, and login authorities. Cybersecurity itself has become such a buzzword that it threatens to create a numbness for people hearing it and responding to it.
Recently Digijaks has worked with multiple clients who have faced the crossover from Cyber Security to Real Life Security. It is our recent experience that shows us that law enforcement is *mostly* unprepared for cyber crossover attacks and does not yet have the substantial depth of understanding of the relationship between social media, cyber security and real life people.
The connections are impossible to overlook. What starts as a cyber threat, like impersonation of another; brand or trademark attacks, social media memes and fake social media sock puppet accounts — can now easily and does easily cross over into real world crimes.
The real world crimes escalate too, often in parallel with online escalation. In our recent experience in dealing with the crossover, most law enforcement agencies of *all levels* are simply not prepared to cope with this reality, and have few to zero people in place who are trained investigators and can assist the public, or corporations or utilities or governments with cyber cross overs.
Digijaks CEO Alan W. Silberberg is advising both the company’s clients and law enforcement agencies to take these “cyber cross over” events seriously. There is growing evidence amounting that shows that real world crimes are becoming easier in some ways and can be facilitated through initial cyber intrusions, whether phishing, trolling or direct digital attacks.
This is leading people who were previously *only* cyber criminals or terrorists to become real world ones too, often at little to no monetary cost. We see this a true emerging threat, as yet mostly being unaddressed either at the Federal or State levels, and a threat that is most acutely faced in local communities who very definitely are not prepared.
Reputation. Is hard to get, hard to maintain, hard to control; especially in an era of hacking by governments and criminals alke.
Cybersecurity is something many people long put off as a back burner decision, or lower funded priority, but in actuality is a critical need, now at the forefront of many leaders’ thinking due to the sheer number and audacity of the hacks from 2013 forward. There is a distinct triangulation between reputation control and cyber security and search results. The more things get hacked, the more information flows onto websites, both for sale, and for free, and the more the search engines index these results. Digijaks’ CEO Alan W Silberberg has written about this triangulation before as it relates to cyber security and how we all need to look at the this inter-relationship, and it’s effects on all of us.
The recent OPM hacks were so huge, the numbers are simply staggering that it is hard to process for most people, especially “regular people” who feel this does not affect them or their friends or family.
But in addition to the 21+ million social security numbers that were stolen in the OPM hack, so were over 1.1 million sets of people’s fingerprints. People who serve the US Government in all sorts of capacities, some secret, some not. So in addition to the notion of identity theft through the means we have become unfortunately accustomed to, like credit, social security and personally identifiable information (PII) — we now have to contend with the theft of biometrics.
It means every citizen, whether they believe the OPM hacks relate to them or not, have to start taking on steps to protect themselves. When a nation state can combine vast databases of personal information with biometrics for some of those same people; it means that nation state, or proxies or vendors it sells to could become one of us through surreptitious methods. It means identity theft is potential on a massive scale, as is exploiting people through their information in security clearance documents or medical records.
It means the push to make encryption weaker or illegal should actually be reversed to become a push to make encryption a standard for citizens; and one that is supported by our Government ln light of attacks and theft of information from tens of millions of US Citizens. The US Government through the Congress should adopt stringent laws making it hard not to encrypt personal information.
It means, think about what information you put in the cloud. Think about what information you put in social media. What information you never put into digital form. It means think about carrying a second and or even third form of identity in case you are ever challenged with not being you.