Posts tagged with "cyber security"

By Mina Tocalini for 360 MAGAZINE

Data Privacy Core Principles

No one likes being watched, offline or on. And it is especially unnerving when a brand oversteps that boundary and pops up everywhere you go online.

Invisibly is on a mission to ensure companies have your direct consent for using your data and compensate you for the use of it. Invisibly believes in Seven Core Data Privacy Principles that can change the way companies acquire and use personal data. You can control who sees your data, where and when.

But what are these principles, and why should you care about them? These principles represent the spirit of data collection, are the basis of The Data Protection Act, the California Consumer Privacy Act, and shaped the European Union’s GDPR. The foundation of data privacy in the current digital world, Invisibly believes everyone should know the principles as we move towards a people-centered data economy.

  • Lawfulness, fairness, and transparency

People should always know what data is being collected, by whom, and why. Furthermore, your data should never be used against you- as in tracking your internet browsing secretly to sell you a product later.

  • Purpose limitation

Your data should only be used in the way it was intended. Your data shouldn’t be collected for research purposes, and then turned around for marketing.

  • Data minimization

Only relevant data should be collected. A company should not collect all possible data on you- your mother’s maiden name, first pet, and favourite teacher does not apply for a survey on what type of coffee you use.

  • Accuracy (holding)

Your data should be updated on a regular basis. Outdated data does no one any good- you or the company who wants it.

  • Storage limitation

Data should not be kept forever! Your data should only be kept for as long as necessary, and not reused.

  • Integrity and confidentiality (security)

Companies should always keep your data safe. This prevents bad actors from accessing it and keeps it safe from any cybersecurity breaches. You should never have to worry if your information is at risk.

  • Accountability

Companies must show that they are taking reasonable action to meet these principles.

More information on Fox 26 and CBS.

Heather Skovlund computer illustration for use by 360 Magazine

Global Commitment to Cybersecurity

According to a recent study by the Atlas VPN team, the United States, United Kingdom, and Saudi Arabia lead in commitment to cybersecurity.

As technologies continue to evolve, governments around the world must face the reality of cyber threats and adapt their security practices. A study reports on countries’ scores on the Global Cybersecurity Index (GCI), varying cybersecurity training and practices, and additional statistics which help to create a fuller picture of the global relationship to cybersecurity.

A GCI score is given by evaluating each country’s commitment to legal, technical, organizational, capacity development, and cooperation indicators. The United States earned a perfect score of 100, getting all 20 points in each GCI indicator. However, while the US has the most cybersecurity resources, the latest cyberattacks on Americans have shown room for improvement.

The United Kingdom follows behind, scoring 99.54 points in GCI. The score indicates that the UK has to employ more computer incident response teams, enabling a country to respond to incidents at the national level using a centralized contact point and promote quick and systematic action.

Saudi Arabia shares second place, getting the same score of 99.54 as the UK. While being one of the fastest developing countries, Saudi Arabia has placed great importance on cybersecurity.

Estonia takes the fourth slot as they scored 99.48, losing just half a point in the capacity development indicator. Estonia has become one of the heavyweights in cybersecurity with a high-functioning central system for monitoring, reporting, and resolving incidents.

The Republic of Korea, Singapore, and Spain all share fifth place, scoring 98.52 points. 

Cybersecurity writer and researcher at Atlas VPN William Sword shares his thoughts on the current cybersecurity landscape, “Beyond co-operating within countries, Global Cybersecurity Index leaders could help less developed countries address cybersecurity challenges. For example, creating a strategy or sharing good cyber practices can help reach more balanced and robust security against cyber threats.”

Lack of cybersecurity training 

One of the reasons why cyber attacks continue to increase is a lack of cybersecurity education and training.

Just 46% of countries provided specific cybersecurity training for the public sector and government officials. Employees in these fields usually work with a lot of sensitive or confidential information, which is why education on cybersecurity is essential. 

Meanwhile, 41% of countries provided cybersecurity training to small and medium enterprises or private companies. Businesses often become targets for hackers as the latter can easily profit off of stolen data or ransomware attacks. While more prominent private companies can afford cybersecurity experts, smaller businesses do not have such luxury.

Law enforcement agents received educational cybersecurity programs in only 37% of countries, while only 31% of countries provide training to judicial and legal actors. This training may help officers and executors of the law understand how hackers think, identify the tools that hackers use to commit attacks, and ultimately prevent and protect from future cybercrime.

Beyond co-operating within countries, Global Cybersecurity Index leaders could help less developed countries address cybersecurity challenges. Creating a strategy or sharing good cyber practices can help reach more balanced and robust security against cyber threats.

Tech Illustration by Rita Azar for use by 360 Magazine

Most Cybercrime by State

According to Atlas VPN analysis, the top 10 US states by losses to cybercrime are California, New York, Texas, Florida, Ohio, Illinois, Missouri, Pennsylvania, Virginia, and Colorado.

Last year, citizens in these states lost $2.39 billion to various types of internet crime. In the earliest reporting period – 2013, losses reached $327.89 million. Meaning, accumulated monetary damages in these states jumped by 629% over an eight-year period.

The data is compiled from the last eight annual Internet Crime Reports published by the Federal Bureau of Investigation (FBI). The FBI shares data provided by victims from all over the country to alert US citizens to the ever-increasing rates of internet crime.

To no surprise, California experienced the largest damages in 2020. Californians lost over $621 million in 2020 and a staggering $2.55 billion since 2013.  

The average annual loss growth (AAGR) of cybercrime damages reaches 33% in sunny California. On a similar note, financial losses jumped by 491% when comparing 2013 to 2020.

The second place goes to the largest city in the US – New York. Here, people lost nearly $416 million in 2020. The total losses from cybercrime amount to $1.15 billion, counting from 2013.

The average annual growth rate of losses to cybercrime exceeds that of California and stands at 50%. In 2013, New Yorkers lost $38 million to internet crime, which means that in the eight-year span, damages grew by 993%.

Texas takes third place, with close to $314 million in capital loss last year. Through the last eight years, fraudsters swindled over $1.01 billion from unsuspecting citizens.

Texans lost $56 million in 2013. Meaning, cybercrime damages in Texas jumped by 455% from 2013 to 2020. Here, AAGR stands at 30%, which is the lowest of the top 10 states.

Fourth is Florida, with $295 million in losses to various types of internet crime. From 2013 until 2020, citizens in Florida lost a whopping $1.16 billion of their hard-earned money.

To read the full article, head over to: https://atlasvpn.com/blog/an-analysis-of-the-top-10-most-cybercrime-ridden-states

Hackers Covet Your Identity; 5 Ways To Thwart Their Efforts

Each day people take a virtual trip through the internet to do their banking, make hotel reservations, shop for a new car, or engage in a myriad of other activities important to them.

It’s so routine that it’s easy to forget that you need to be just as careful about protecting yourself on those virtual journeys as you would on an actual one. “Hackers are creative about dreaming up new ideas for stealing your identity, so it’s important that you stay vigilant even if you already have taken action to guard yourself and your data,” says Chris Hoose, an IT consultant who works with small businesses.

Hoose says a few steps you can take to protect your identity include:

Use a password manager. One problem with passwords is that people often use simple ones that are easy to remember, but also easy to hack. A password manager  provides an encrypted database where you can store unique, long, complex passwords for each of your online accounts, and access them when you need them. “With a password manager, you can have better passwords that are harder to hack, and you don’t have to memorize them,” Hoose says.

Do your online activities with a VPN. Worried that your online browsing will lead identity thieves right back to you? One solution, Hoose says, is a virtual private network (VPN), which lends you a temporary IP address and hides your true IP address from every website or email you connect with. “It also prevents the sites you visit from learning your physical location,” he says. “You just need to remember to connect to it when you want to use it.” A VPN usually costs about $40 to $50 a year, he says.

Be wary on social media. Most people check in on social media routinely to catch up on family news, connect with college buddies, or perhaps to share photos of a new puppy. Unfortunately, cyber thieves lurk in the background. “They know that social media platforms are an excellent source for personal information and information about your contacts, which makes identity theft that much easier for them,” Hoose says. To stay safe on social media, he suggests you check to see if you have already been compromised; avoid password reuse; update your security settings regularly; and limit your connections because the more you have, the more potential for a fraudulent or compromised account to send you a malicious link.

Keep tabs on your credit report. One way to make sure no one has taken on debt in your name, and damaged your credit in the process, is to request a full credit report from any of the three major agencies: Equifax, TransUnion and Experian. You can get a free copy from any of them through the site. Also, it might be time to get off the mailing list for all those credit offers you receive that say you are pre-approved. “Those offers are a gold mine for identity thieves,” Hoose says. You can opt out of pre-approved credit offers by visiting.

Be sure to install anti-virus/malware software. Your first and best line of defense against identity theft on your computer remains anti-virus software and anti-malware software, Hoose says. When choosing one, he suggests making use of the trial period most companies offer. “That way you can try them out and decide which one works best for you,” he says.

“The more people try to foil identity thieves, the more sophisticated those thieves seem to get in their methods,” Hoose says. “But by being watchful and attentive, you can stay safe and enjoy your time online.”

About Chris Hoose

Chris Hoose  s the president of Choose Networks, an IT consulting firm for small businesses. Hoose started the company in 2001 to give large-scale solutions and support to businesses that can’t afford their own in-house IT department. He earned a Master of Information Systems Management from Friends University.

Preventing Public Data Leaks

Protecting an individual’s identity from cyber thieves can be a monumental task, especially when thieves can gather information about someone by just using public data sources.

That’s why Rohit Chadha, associate professor of electrical engineering and computer science in the College of Engineering at the University of Missouri, is working with researchers at the University of Illinois-Chicago and the University of Illinois Urbana-Champaign on a $1.2 million grant over 4 years from the National Science Foundation to study how to help prevent privacy leaks when there is a large amount of data that can be gathered publicly.

“Differential privacy is a technique invented about fifteen years ago that ensures when someone asks questions of online databases — census data, consumer trends or aggregated information such as salary range or average number of children of people living in a certain area — the privacy of a person’s digital records remains intact,” Chadha said. “You still want to be able to grant access to these inquires because the data is important for businesses, researchers and governments. On the other hand, you also want to be able to protect an individual’s privacy.”

By asking enough valid questions of different databases, cyber thieves can build enough of a person’s profile that they can use that information in nefarious ways. Chadha said researchers have already begun testing different methods to thwart cyber thieves trying to attempt this.

“The research community has been aware of the possibility of these attacks for some time,” Chadha said.

Chadha, along with Aravinda Sistla of University of Illinois-Chicago and Mahesh Viswanathan of University of Illinois Urbana-Champaign, and their teams will use the grant to verify the quality of the current methods being used and work to improve those methods as needed.

Expert comment on Telegram cyber attack

Expert comment on Telegram cyber attack from Mark Skilton, Professor of Practice at Warwick Business School, who researches and consults on cyber security.

He said: “This type of attack is government censorship using cyber tools to block internet traffic. In this case it was massive overwhelming traffic noise targeting Telegram servers and networks to slow down the service in what is called ‘denial of service’.

“This was not a specific technology, but a distributed network attack on the internet ISP and NSP network providers. The strong encryption inside the Telegram app had no defence against the traffic level protocols and volume of traffic.

“To stop this type of attack would need new technology to block adversaries’ traffic before the network, something that is not possible if the Chinese government control and have access to that network currently. What typically happens is alternative telecoms networks might be used. But I suspect those too would be targeted for a full scale attack.

“However, we don’t know if it was a full wide scale internet attack or if it was a complete network wide attack. It seems some sophistication was used to target the Telegram app and user service. This may be a symptom of a more advanced distributed ‘denial of service’ acting as a swarm of attacks against specific targets.”

Roderick Jones

After Equifax’s large-scale cyber attack was revealed, Deloitte is the latest company to have been breached in a similar attack.

Available to discuss the implications of the Deloitte cyber attack, and what this could mean for companies and consumers, is cyber security expert Roderick Jones.

The Founder & CEO of cyber security firm Rubica, Roderick previously worked in the Special Branch of Scotland Yard, focusing on international terrorism. Below, Roderick explains the main takeaways from the latest attack:

  • The information illegally accessed by attackers will, where possible, be meshed with other known data to create further exploits against companies and individuals
  • Executives and their networks are increasingly at risk from cyber-breach due to the amount of personal data being lost

While six of Deloitte’s clients have been told that their information was compromised in the hack, the latest cyber attack is yet another example of the growing threat to companies’ and individuals’ online information.

About Roderick Jones // San Francisco
Roderick Jones is a global security leader with over 15 years of experience operating at the highest levels of the international security environment. During his time as a member of Scotland Yard’s Special Branch, Roderick focused on international terrorism and the protection of a prominent British cabinet member. He is the founder of cyber security firm Rubica, the global authority on cyber security and privacy for the world’s elite. Originally a service of Concentric Advisors, a physical security firm, Rubica provides those concerned with online crime the most effective digital security available. Jones received his master’s degree from the University of Cambridge.
Roderick on Ora TV: http://goo.gl/YHLGZ4