Most cyber attacks and data breaches remain the result of weak passwords. So, why are we still using them?
Farid Mheir's insight:
WHY IT MATTERS: I've been writing about this since the beginning of this blog and 7 years later I feel the need to remind everyone to use a password generator at home and at work. This is even more important as remote work means we will connect remotely to many more systems in the future.
The cybersecurity skills gap has been plaguing enterprises for years—but despite garnering much discussion and media coverage, little progress is being made.
State of Cybersecurity 2020 looks at questions such as:
How long does it take to fill a cybersecurity role with a qualified candidate?
What percentage of cybersecurity candidates are qualified for the role?
Is retention improving or worsening?
Which cybersecurity skills are in the highest demand?
Are HR teams informed partners in the search for qualified cybersecurity candidates?
Are cybersecurity teams becoming more gender-balanced, and are diversity programs doing enough to help?
What can companies do to staff up more quickly and find better-qualified candidates?
Farid Mheir's insight:
WHY IT MATTERS: this in depth study shows that cybersecurity issues in organizations stem from lack of skilled resources. With covid and remote work on the rise, the importance of cybersecurity is higher than it has ever been.
Attackers look for the path of least resistance. Recently, that path has shifted from enterprise networks to you and your devices for two reasons. First, as we have built more secure software and systems, it has made it harder to …
Farid Mheir's insight:
WHY IT MATTERS: those 16 recommendations are straightforward (patch your shit), easy to understand (do not reuse passwords) but in some case they can have major impact on your experience (turning off javascript in browser). Nonetheless, good to know what you need to do - and maybe realize what you are not doing...
Every year, millions of fraudulent web domains are registered by threat actors looking to impersonate trusted brands. Using these domains, they launch phishing attacks or other scams.
What are the latest trends around fraudulent domains, and how can you protect your organization?
Download the report now to learn:
How threat actors create fraudulent domains
What characterizes fraudulent and legitimate domains
Which keywords and top-level domains (TLD) are trending
How fraudulent domains use email to launch attacks
Farid Mheir's insight:
WHY IT MATTERS: there are 350 million top level domain names - TLDNs - from google.com to fmcs.digital. This report provides a set of data about TLDNs and how they are used for fraud. A bit geeky but very interesting read.
In 2018 I somewhat innocently bought very expensive coffee (Nespresso capsules) online from Ebay. What followed was a series of unexpected additional packages from the manufacturer Nespresso and a lurking suspicion that something had gone terribly--if not criminally--wrong as a result of my purchase. This talk chronicles the obnoxious amounts of obsessive research and tracking that became my new hobby--stalking Nespresso fraudsters and my decidedly non-technical attempts at developing a generic search profile and reporting the fraudsters to anyone who would listen, to include : the persons whose identities had been stolen, Nespresso, Ebay, and the FBI. Ultimately I just ended up with a LOT of coffee; a lingering sense that I had committed several crimes; and no faith left in humanity.
Farid Mheir's insight:
WHY IT MATTERS: a short and entertaining video on triangulation fraud in eCommerce websites. If you buy online listen to this. If you sell online, this is the kind of crap you have to deal with.
In 2019, we saw phishing attacks reach new levels of creativity and sophistication.
Farid Mheir's insight:
WHY IT MATTERS : the chart says it all: to protect your systems you must ensure your employees are properly trained on phishing schemes. Software solutions can help but HUMANS are the weak link in cybersecurity.
Based on an analysis of more than 5 billion daily emails, 200 million social media accounts, and 250,000 daily malware samples, we found that a small subset of individuals with high levels of access or privilege continue to receive the majority of targeted attacks.
Highlights include:
Among the most targeted malware and credential phishing attacks, nearly 30% targeted generic email aliases
Individual contributors and lower level management accounted for 72% of highly targeted malware and phishing attacks
Web-based attacks that use social engineering grew 150% vs. the previous quarter
Farid Mheir's insight:
WHY IT MATTERS: Protection from email phishing often warrants solutions that are not technology based but rather focus on the weak link in the equation: humans - this report provides some data and possible actions that should be taken.
Ensuring that your website or open web application is secure is critical. Even simple bugs in your code can result in private information being leaked, and bad people are out there trying to find ways to steal data. The web security oriented articles listed here provide information that may help you secure your site and its code from attacks and data theft.
Farid Mheir's insight:
WHY IT MATTERS: every developer - web or not - should apply those principles. Otherwise how else is the web ever going to be safe?
A video explainer on the technology that’s changing the meaning of the human face.
Farid Mheir's insight:
WHY IT MATTERS: cameras are everywhere - phones, streets, home, office - and AI enables new capabilities that can present massive surveillance possibilities as well as personal protection and real-time data. This very well done video - as is the case with most VOX videos - should give you a good rundown of the plus and minuses...
The Dark Web is real, and your information might be for sale there. Here’s what your data is worth. The simple answer is this: about $45. This is how much, on average, a full set of information for a credit card is selling for, including a name, SSN, birth date, and CVV.
Farid Mheir's insight:
WHY IIT MATTERS: a reminder that the value of data is not going down.
How to get off of people search sites like Pipl, Spokeo, and WhitePages.
Farid Mheir's insight:
WHY IT MATTERS: protecting privacy is a difficult task, sometimes an impossible one. Case in point this long list of sites you have to go through to opt-out or delete your data. We need a better solution...
How creepy is that smart speaker, that fitness tracker, those wireless headphones? We created this guide to help you shop for safe, secure connected products. Smart home gadgets, fitness trackers, toys and more, rated for their privacy & security.
Farid Mheir's insight:
WHY IT MATTERS: digital transformation affects our privacy in many ways. With xmas gifting around the corner, you may find this list useful ... or creepy! ;-)
you’ll learn about some of the expert roles that are often the hardest to find or are only required in specific situations. This paper details these roles, their responsibilities and the cross-functional processes that are required to successfully hunt for, respond to and prevent threats as part of a world-class security organization.
Farid Mheir's insight:
WHY IT MATTERS: cybersecurity is a relatively new field of expertise and requires specialists. This paper presents some of them and it is interesting to ask whether you need those skills in your organization and if you do, where you can find them...
The home surveillance company owned by Amazon bragged on Instagram about taping millions of kids going door to door.
Farid Mheir's insight:
WHY IT MATTERS: every device being connected to the internet brings with it the possibility of remote monitoring. Here, doorbells equipped with cameras can detect who's at the door and determine who is trick or tricking at Halloween. But it can also detect burglaries, car crashes and other common neighbourhood events. Should we be concerned or feel more secured?
In the context of businesses, this can be extended to employee surveillance and possibly spying. Fun times ahead as the number of connected IOT devices is set to explode x10 in coming years.
Institutions are crossing functional boundaries to enable collaborative resistance against financial cybercrime and fraud.
Farid Mheir's insight:
WHY IT MATTERS: an excellent article that explains the different cybercrime use cases and attacks that banks are faced with, along with estimates of costs. Next article I'm looking for is one on the solutions banks can put forward to handle those crimes: blockchain? biometric authentication? ...
The growing cyber skills shortage drives security organizations to look for ways to mitigate the pain and danger that short-staffed security teams can experience. In its report, Security Organization Dynamics, Gartner outlines this ongoing challenge and notes how, “Persistent security skills shortages have forced security leaders to explore new ways of obtaining and managing security capabilities.”
Gartner points out that hiring may not be the only option for filling the gap, cautioning that, “Few, if any, enterprises can afford to perform all security functions in-house. Consider selective outsourcing of functions, especially those that are operationalized or ad hoc.”
Farid Mheir's insight:
WHY IT MATTERS: security, especially digital security and privacy, have become a central theme of digital transformation plans. Here Gartner surveys 300+ organizations to show different organizational structures for large, medium and small businesses.
My conclusion: there are too many people in charge of security, the governance is too complex and it is not clear who is RESPONSIBLE when a breach occurs...
Credential abuse and botnets abusing retailer inventories is a rising problem that needs attention. On average, organizations report experiencing 12.7 credential stuffing attempts each month, with each attempt targeting 1,252 accounts. We detected nearly 28 billion credential stuffing attempts between May and December 2018. Within the retail industry, the apparel vertical, experienced 3.7 billion attempts on its own, making it the largest targeted industry during the same timeframe. So why is retail, as well as apparel, such at hot target? Short answer? Money.
Farid Mheir's insight:
WHY IT MATTERS: I find the number just huge and thus a cause for concern in the design of my systems, strategies and recommendations to my clients. I also include the definition of credential stuffing because 1) I did not know and 2) it shines a light into the power of having a global CDN network to perform those analyses...
Credential abuse attempts were identified as unsuccessful login attempts for accounts using an email address as a username. In order to identify abuse attempts, as opposed to real users who can’t type, two different algorithms are used. The first is a simple volumetric rule that counts the number of login errors to a specific address. This differs from what a single organization might be able to detect because Akamai is correlating data across hundreds of organizations. The second algorithm uses data from our bot detection services to identify credential abuse from known botnets and tools. A well-configured botnet can avoid volumetric detection by spreading its traffic amongst many targets, by using a large number of systems in its scan, or spreading the traffic out over time, just to mention a few countermeasures.
Google is working on a new app for its Pixel smartphones that will use hardware sensors to detect an auto accident and automatically call emergency services if a person fails to respond.
Farid Mheir's insight:
WHY IT MATTERS: mobile phones are very personal devices that you carry with you all the time. I expect that solutions like this one, always listening in the background and reacting when a specific event occurs, will become the norm in the future. Already Alexa-siri-google are listening constantly, now solutions that merge the other sensors of the device - accelerometer, etc. - are natural extensions. They can be used for good as here - or for bad as with eavesdropping solutions that Edward Snowden made popular. I am surprised that few business applications have leveraged this already, for worker security in dangerous environment (fall detection, broken glass detection, earthquake detection, etc.) can all be included into business apps where the issues of privacy can be weighed against worker security and safety, especially for workers on the road or working in areas where they are alone (woods, etc.)
Driving safety is the focus of my personal research stemming from my job with the Postal Service. While I research accident theory and causation and ways to prevent, we do explore the possibilities of technology in case of a vehicle accident. We have technology in place in the scanners that mail carriers take with them to detect emergency situations. I personally worked with a supervisor that saved an employee's life due to his skilled use of that technology. This article provides information on another tool that can be beneficial to the safety of drivers in any company.
We teamed up with researchers from New York University and the University of California, San Diego to find out just how effective basic account hygiene is at preventing hijacking. The year-long study, on wide-scale attacks and targeted attacks, was presented on Wednesday at a gathering of experts, policy makers, and users called The Web Conference. Our research shows that simply adding a recovery phone number to your Google Account can block up to 100% of automated bots, 99% of bulk phishing attacks, and 66% of targeted attacks that occurred during our investigation.
Farid Mheir's insight:
WHY IT MATTERS: an article full of eye opening data on hacking and security (like only 750$ to hack someone's password) and links to protect your Google accounts (like adding recovery phone number).
IoT has been and will be the talk of the town for many years to come. Learn the latest internet of things statistics, forecasts and facts for 2019.
The IoT is defined by everyday objects, interconnected via the internet in order to send and receive data. The reason why we connect these objects is simple: for convenience. To help you understand this technology better in 2019, we’ve created the following list of Internet of Things statistics.
Being able to arm your security system remotely, or start your washer, turn your lights on or off, or adjust the thermostat while being nowhere near them is a convenience our grandparents fantasized about. Looks like we will probably never have to worry about leaving the stove on again.
Farid Mheir's insight:
WHY IT MATTERS: with everything connected to the Internet, possibilities are endless, for good and bad...
On average, in the US, using those three records, you could be correctly located in an “anonymized” database 81% of the time. Given 15 demographic attributes of someone living in Massachusetts, there’s a 99.98% chance you could find that person in any anonymized database.
Farid Mheir's insight:
WHY IT MATTERS: most of the population of Quebec is freaking out about the breach of 3M personal records recently. It is bad and should not go unnoticed but this study by MIT should put the breach in perspective: basically you cannot expect anonymity in this digital world. C'est la vie...
Want to beef up your security online? Use these five cybersecurity practices to keep your data, banking, and personal information safe. Take control today!
Farid Mheir's insight:
WHY IT MATTERS: recent security breaches highlight the importance of good passwords. This checklist can help you stay up to date and simply the task...
US corporates are currently using facial recognition for everything from fast food orders to trying on makeup to issuing life insurance policies, and more.
Farid Mheir's insight:
WHY IT MATTER: facial recognition used to be a very difficult thing to do but AI and machine learning specifically has blown this out the water opening the way for a slew of real world useful applications.
To get content containing either thought or leadership enter:
To get content containing both thought and leadership enter:
To get content containing the expression thought leadership enter:
You can enter several keywords and you can refine them whenever you want. Our suggestion engine uses more signals but entering a few keywords here will rapidly give you great content to curate.
WHY IT MATTERS: I've been writing about this since the beginning of this blog and 7 years later I feel the need to remind everyone to use a password generator at home and at work. This is even more important as remote work means we will connect remotely to many more systems in the future.