noun: conundrum; plural noun: conundrums
a confusing and difficult problem or question.
“one of the most difficult conundrums for the experts”
This is the conundrum of the digital age.
One one hand executives of a company will be the first to state they think their systems are secure, and if there are any problems they are small.
Maybe they think their information, data and business relationships are not important to hackers because, “too small”, “not on radar screen”, or “we have nothing worth taking.”
But both of these are clearly conundrums:
But- and this is actually more like a because — Organizations have to think and act pro-actively when it comes to cyber security and privacy. True for people too. If you think you have no cyber weaknesses than you do. If you think you have nothing to lose, than you do. If you think no one is interested in your organization because it is too small or not on the radar screen, than you are wrong, and they are.
Now is actually the time to assess your organization’s situation, and that of your people too. Do it now before you get hacked or breached. Because you will get hacked or breached. Be prepared. Don’t be caught behind a truck that just ran over your business and people.
My company Digijaks sees a lot of these types of issues with clients. Preventive medicine works, in healthcare and cyber security. Both need daily hygiene and maintenance and both also need updates, checkins and repair work too.
Ah, the Internet of Things.
Just the sound of it sends thrills, chills and huge question marks through both technologists and regular people alike.
Just think, you can already do the following:
I could go on with this list. But why bother?
The Internet of Things, or IOT as it is called in the media, by analysts and techies alike is an amorphous concept and does not easily translate into everyday speak for the average person.
There are cybersecurity concerns with the overlapping inter-connectedness that are growing exponentially by the month; as more and more devices come on line, get connected to the Internet. Many if not most have little to zero security protocols built in.
There is no current “IOT cybersecurity standard” or anything close. As a result, the apps and tools that seemingly make your life so easy, are in most probability leaking, if not pouring personal information about you or your family onto the internet in ways you may or may not be aware of.
There are reputation control and reputation management issues arising from both the above mentioned inter-connectedness as well as from some basic common sense things that come from having devices connected to the Internet and talking to “home” or each other in ways that also reveal identity, location and other personal information. Some of these IOT apps and tools even tweet or post other social updates for you as reminders, alerts and other pushed out information into public or semi public arenas.
So ask yourself 5 Major IOT for Reputation Questions:
Many people must feel the 2015 holiday break could not have arrived soon enough what with terrorism, crazy weather and other events that get covered rightly or wrongly in social media. While these can be scary and confusing times, they can also be times to educate, learn and help one another to understand a new reality we are all living in now.
There are specific tactics and strategies for understanding how live events unfold in social media and these can be instructive to the general public about what you are seeing and when, during events like these past weeks that we have all experienced. Real life events almost always flow to the internet in a micro second. Knowing how to tell the difference between truth and fiction could be critical to saving your own life of that of your family in a real life emergency that is also happening on social media.
So below are general truths about live events that unfold in a digital realm and in real life.
I created an emergency social media list on twitter with accounts that are both trusted and real. I suggest you do the same and keep that list handy.
Make a list of your local real life emergency providers websites, twitter accounts and other social media tools. Use them to verify information and dispel rumors.
That nasty little something that someone, a bot, or a person, or maybe both left for you overnight. It is a digital take down. A bad blog post. A social media meme that is being unanswered or purposely pumped up to discredit you, your company or organization or your brand. Or maybe it is a false allegation. Or paid fake bad reviews that your competitors put up.
Face it. The Internet is a hostile place for your reputation and your brand, whether that is personal, corporate or government. The control and management of your reputation start and end with you. As we enter 2015, it is worth paying attention to, in fact it is important to take stock of your online reputation, the management of it and the control of it. It is yours. Not anyone else.
The — Internet, social media, the cloud, mobility, bring your own device, artificial intelligence, autonomous computing etc etc — all are really cool buzz words. All come with prices to pay that include the constant need for personal, corporate and government level cyber security, reputation management and reputation control.
Our top 10 List of Ways That Cyber Security, Social Media and Reputation Management and Reputation Control all mesh together.
- Social Media — is the entrance point for viruses, malware, malformed links, phishing and learning enough about someone to turn around and destroy their reputation.
- Mobility — allows for instant access to social media, email, sms, cloud and phone, and video, as ways to tear down a brand or reputation. It can happen anywhere, at any time, by anyone around you holding a smartphone or smart watch or smart glasses.
- Cloud — allows people to store information quickly and easily. This can be for phishing, for cyber crime, for reputation destroying or extortion. Images and videos, poems and documents and your complete online profile can be easily harvested by smart people and or bots and then turned around against you. What information are you allowing out or putting out to make it easier to be attacked? Or easier to have your reputation tarnished or that of your brand?
- Bring Your Own Device (BYOD) — While fun and easy for users and your employees BYOD brings a whole fruit basket worth of cyber security and reputation management and control issues along with it. BYOD allows users and employees to access the internet and social media channels without approval or notice from the employer. A reputation can be destroyed in an instant with a recorded conversation, a video, an errant email or sms, or worse corporate espionage and cyber crimes can be instituted easily with BYOD.
- Artificial Intelligence — The name alone. What does it mean? How can artificial intelligence (AI) bots or autonomous computing affect your cyber security and reputation management and control? In so many ways we are just beginning to understand.
- Lazy People — Sorry but many times the malware or the phishing or the destruction of reputation starts with someone simply being lazy, not having security and privacy settings attended to, and or worse letting someone else use their login credentials.
- Your Competition — They have access to the same tools you do. They can buy hackers, they can buy reputation destruction; they can attempt to steal your trade secrets; they will try to insert bad people into your organization at every level. (See 8 below.)
- Bad People — No good, no ethos or morals. These people do not care if they harm you. They seek to. These come in the form of social media contacts or email phishing all the way through HR, interviewing, shadowy financiers and content theft propagators from online goods. They will use any and every tool out there to disrupt your business, to destroy your reputation.
- Posting stupid pictures of yourself — on to any website regardless of how safe you *THINK* it is.
- Not checking the health and welfare of your own digital reputation and brand.
Copyright © 2010-2015 Digijaks, LLC
It is, as is so commonly mentioned in the media: “That Time of Year Again.” Yup. Packages. Shiny New Things. Cool Toys for the Kids and kid-adults alike.
It is also the time of year of increased cyber crime attempts aimed at retailers.
Add also the time of year when more families and organizations introduce new varieties of malware, ad-malware, viruses, worms, bad bots and devices that phone “home” into our homes, workplaces and civic spaces.
Malicious Adware Uses Certificates to Disable Security Products https://t.co/ijllAbzIXr
— Alan W. Silberberg (@IdeaGov) November 23, 2015
How? Because many devices are coming pre-loaded with malware. How many parents look into the workings of a cheap tablet before handing it off to the kids? How many people are checking new apps to see the permissions being requested on those new devices and old ones too?
Do you know what your connected devices are doing this holiday season? Perhaps it is not just calling the North Pole, but indeed calling “home” with your life information. This applies to talking teddy bears, connected fridges, Iot devices of every stripe, but not to mention your phone, tablet, smartwatch, car.
Skype, WhatsApp, and Yelp access your data hundreds of times, but nobody knows why https://t.co/xMvvlCrafF
— Digijaks (@Digijaks) November 24, 2015
A few weeks ago I wrote this piece about #IOT Cybersecurity and how it affects personal and brand reputations. I got a lot of criticism for basically speaking the truth. I appreciate all the tweets, emails and Linkedin posts engaging on this piece, including all the people who attempted to say I was wrong.
But the points raised in that piece are simply the opening salvo in a multi front disruption. The disruption is NOT IoT. The disruption is to switch from product leading first with security as an afterthought in the rush to go to market. What needs to change is the mindset to build in design security from the beginning,
Last week I sat on a panel at the California Cyber Security Task Force meeting. The panelists were all cybersecurity experts, from across the field, including homeland security, penetration testers, strategy and policy. When it came time to talk about #IOT Internet of Things, we were all asked what people thought about the current state of cybersecurity in IoT.
The answer from the entire panel was: THERE IS NO SUCH THING AS CYBERSECURITY AS OF YET IN THE INTERNET OF THINGS.
Think about that for a second. Or maybe longer. Sure there are a few Iot devices that do offer some level of security. But often, as was raised by one of the other panelists, that is simply writing a marketing statement to the effect of “We take your security very seriously.”
But most IoT devices do not provide any real security, and many are simply copies off other IoT devices that also have no security. Then you have to add in the problem of the unsecured devices talking and sending your data to other non secure devices and or third party companies.
The disruption has to be the switch from rush to market with little to no thought about security — to one where security is built in from the design level up and where devices are not put on the market without first being hack tested every which way to be able to prove their security credentials. Otherwise, we are all simply at very real risk. In part because of the inattention or even stupidity of others who do not think this is important; or in the rush to market skip cybersecurity completely — or just write a lame #fail marketing statement about how they value your security.
Alan W. Silberberg, CEO of DIGIJAKS
Cybersecurity used to be be the geek’s eagle’s nest. it was hard to understand, hard to get to, hard to see the impact and need often times. If there was a CIO or CISO, he/she would not be in the board room too often, and usually the budgets were the first to go in any budget change environment. But the cycle switched. Now we are in the opposite cycle. The CIO and CISO are ruling the roost and commanding serious budgets and attention. But being missed in all the excitement is this:
The Crossover from pure cyber crime to real world crime from the same instance.
It is safe to say, times have changed. Now – Cybersecurity has become a word known in almost any home where there is digital connectivity. Time and time again, we are offered proof that cybersecurity now encompasses reputation management; active control of search and social media as well as the traditional hardening of data access points, transport points, and login authorities. Cybersecurity itself has become such a buzzword that it threatens to create a numbness for people hearing it and responding to it.
Recently Digijaks has worked with multiple clients who have faced the crossover from Cyber Security to Real Life Security. It is our recent experience that shows us that law enforcement is *mostly* unprepared for cyber crossover attacks and does not yet have the substantial depth of understanding of the relationship between social media, cyber security and real life people.
The connections are impossible to overlook. What starts as a cyber threat, like impersonation of another; brand or trademark attacks, social media memes and fake social media sock puppet accounts — can now easily and does easily cross over into real world crimes.
The real world crimes escalate too, often in parallel with online escalation. In our recent experience in dealing with the crossover, most law enforcement agencies of *all levels* are simply not prepared to cope with this reality, and have few to zero people in place who are trained investigators and can assist the public, or corporations or utilities or governments with cyber cross overs.
Digijaks CEO Alan W. Silberberg is advising both the company’s clients and law enforcement agencies to take these “cyber cross over” events seriously. There is growing evidence amounting that shows that real world crimes are becoming easier in some ways and can be facilitated through initial cyber intrusions, whether phishing, trolling or direct digital attacks.
This is leading people who were previously *only* cyber criminals or terrorists to become real world ones too, often at little to no monetary cost. We see this a true emerging threat, as yet mostly being unaddressed either at the Federal or State levels, and a threat that is most acutely faced in local communities who very definitely are not prepared.