When it comes to the implementation of cybersecurity, most individuals usually focus on the bigger picture, which often causes them to foresee details that prove to be crucial in exercising security. One of the most commonly overlooked aspects of cybersecurity is data privacy, along with the highly personal implications that it has.

With the much-awaited California Consumer Privacy Act (CCPA) having come into effect from 1st January 2020, this is already at the receiving end of severe scrutiny from some of the most notable members of Californias tech scene. So it is high time that we reevaluate the relationship that digital natives have with data privacy.

Furthermore, in an attempt to ensure that the cybersecurity practices hold up in the long run, it is equally essential that we also pay heed to the way that the tumultuous relationship that digital natives have had with data privacy influences the present, and consequently, the future of cybersecurity in general.

The simpler (read: oversimplified) definition of what a digital native would be a person who grew up in the era of omnipresent technology, the most notable aspect of which is single-handedly the internet and the advent of the internet of things (IoT). A far more sophisticated, and more accommodating definition of the phrase, however, takes into account the intricate nature of the differences between digital natives and the generations that came before them.

Once the variations that have entered the lives of digital natives - primarily as a direct consequence of growing up in a world riding the high wave of digitization and advancements in technology - have been fully realized, only then can cybersecurity specialists hope to steer digital natives towards a more secure future.

The Rocky Relationship that We Have Had With Data Privacy in the Past

The term digital natives' was coined in 2001 by Marc Prensky, where he argued that the younger generation spoke a digital language, and called for a fundamental change in the way that they were being taught in schools as well.

However, digital natives, along with the generations that came before them, have been making grave privacy mistakes for a long, long time. The monumentality of the mistakes made in the past is also made evident by the fact that their impact can be felt, even today.

With that being said, most of the mistakes made in the past can be pinned down to the sheer lack of knowledge that people had about the internet and emerging technology: all of which they considered to be something foreign back then.

Some of the most notable errors made in the past regarding a users data privacy, which frequently lead to sensitive credentials being stolen, started with the U.S government using identifiers in their new social security program. The trouble with these identifiers started when multiple states across the country began putting social security numbers on state-issued drivers licenses, which left identity thieves with the golden opportunity to wreak as much havoc as they wanted. Fortunately, however, the practice of was eradicated in 2005.

However, the practice of using the Social Security Number was still being used as an identifier for each recipient of the Medicare program, which started in the 1960s. Unlike the use of identifiers in driving licenses, the practice of using easily exploitable identifiers didnt end until 2017.

Moreover, another perilous error that was pretty widespread in the past, before most of the digital natives were even born, was the practice of jotting down sensitive and confidential information, such as driving license numbers, addresses, and phone numbers on checks. The reason behind this blunder was simple: in the 1990s, the use of credit cards wasnt as widespread as it is today, and no one had the patience to wait in queues.

How are Digital Natives Impacting the Future of Data Privacy?

Although the state of cybersecurity being implemented in organizations today is far from perfect, organizations and enterprises, have started to take the imminent threat posed by the different types of cybercrimes in the past, which has also significantly impacted the attitudes that individuals have had about maintaining data privacy in general.

Unlike older generations, who treated the concept of technology as something foreign and unnatural to their way of living, digital natives have chosen to embrace technology as a permanent constituent of their way of life. Moreover, digital natives are so well acquainted with the advent of technology, the acknowledgment and acceptance of cybercrimes come naturally, along with more active involvement in solving problems, so that better data privacy can be exercised.

With acute knowledge about the consequences of data sharing and the impact that a stolen credential can have, digital natives have brought forth a revolutionary change within the cybersecurity spectrum by focusing their attention on the formulation of a robust cybersecurity culture that sees an equal distribution of assets and labor to each aspect of a security infrastructure.

Amidst the backdrop of an ever-evolving and increasingly sophisticated threat landscape, it wont be the greatest stretch to say that the future stability of cybersecurity rests on the shoulders of digital natives!

Read the original:
How Are Digital Natives Shaping the Future of Data Privacy? - Infosecurity Magazine

By Ulrich Rippert 23 March 2020

The COVID-19 pandemic is highlighting the class character of politics. The health care system has been cut to pieces, hospitals privatised and trimmed for profit, laboratory capacities and nationwide treatment options massively restricted.

Despite warnings from China, no preparations have been made to protect the population. The government cares only about the interests of big business and is making unlimited financial resources available to corporations and banks. Although the danger of the virus was known, and public life has been drastically restricted, many workers are being forced to continue their work without adequate protection.

Resistance is growing against this criminal irresponsibility by the government and employers. Various opposition groups are forming on the internet to refute government propaganda and describe and fight against the dramatic conditions in hospitals, rescue stations, care facilities and factories, but also the devastating effects of government measures on workers in precarious employment.

Politicians have responded to this opposition with calls for censorship and dictatorial measures.

At the beginning of the week, Lower Saxonys state Interior Minister Boris Pistorius (Social Democratic Party, SPD) called for sanctions against the distribution of so-called fake news in connection with the Coronavirus pandemic. He demanded that the government urgently intervene, saying, It must be prohibited to publicly spread false allegations about the supply situation of the population, medical care or cause, ways of infection, diagnosis and therapy of COVID-19.

According to Pistorius, the government must examine whether bans could already be based on the infection protection law. If not, the penal code or the law on administrative offences should be amended as quickly as possible.

The greatest misinformation currently being spread comes from the government itself. It claims that the German health care system is well prepared for the spread of the pandemic, and no one need worry. For weeks, the government played down the dangers.

Now that reality has refuted its propaganda, any criticism of it is to be criminalised and suppressed. If Pistorius has his way, the government will rigorously enforce its monopoly on information and opinion. This is a call for censorship and dictatorship.

Pistorius has long been known as a right-wing social democrat in the tradition of Gustav Noske, who during the November Revolution in 1918 allied with the German army and far-right Freikorps to suppress working-class opposition to the bourgeois order.

For seven years as Lower Saxonys interior minister, he has been advocating a strict right-wing course against refugees and for stepping up the repressive powers of the state. In summer 2017, he presented an SPD position paper on domestic policy, the central point of which was strengthening the federal police force financially and with more personnel. One year later, more than 10,000 people demonstrated in Hanover against the new police law of Lower Saxony, which Pistorius had drafted, because it massively expands the powers of the security authorities while at the same time restricting elementary civil rights.

With his call for censorship and police-state measures, Pistorius speaks for a party that has always responded to crisis situations and resistance from the population by calling for the strong state and dictatorial measures. Pistorius comes from the same political stable as former German Chancellor Gerhard Schrder, who brutally smashed up the welfare systems with the Hartz laws. For the past three years he has also been living in a relationship with Schrders fourth wife, Doris Schrder-Kpf, from whom the former chancellor separated in 2015.

There is no doubt that the fight against the pandemic requires the restriction of social contacts and individual freedom of movement. However, it must not be allowed that the conditions for a dictatorship are created under the slogan necessity knows no law! The coronavirus pandemic, its ominous health, social and economic consequences and the drastic measures required to combat it raise the question of who exercises power and controls the statethe financial oligarchy or the working class?

The ruling class everywhere is trying to use measures against the Corona crisis to strengthen its power. According to information from DPA and Der Spiegel, the president of the Bundestag (federal parliament), Wolfgang Schuble (Christian Democratic Union, CDU), for example, has proposed to the leaders of the parliamentary groups that they expand the Emergency Laws by amending the constitution.

The Emergency Laws, which were passed in May 1968 in the midst of the largest workers strikes and student protests of the post-World War II period, give the state quasi-dictatorial powers in crisis situations (natural disaster, uprising, war). Among other things, they allow for the Bundestag and the Bundesrat (the upper chamber of parliament) to be replaced by an emergency parliament, the Joint Committee. This committee consists of only 48 selected members but has the full powers of both chambers of parliament and would thus largely override the existing parliamentary system. Schuble has now brought up the idea of including a similar regulation in the constitution for the case of an epidemic.

The deployment of the Bundeswehr (armed forces), which Defence Minister Annegret Kramp-Karrenbauer announced at a press conference on Thursday, must also be seen in this context. For the time being, the focus is on logistical tasks. The Bundeswehr has five hospitals of its own, 3,000 doctors, mobile military hospitals as well as logistics and transport capacities that can be used in the fight against the virus.

But Kramp-Karrenbauer has more in mind. In addition to the deployment of up to 50,000 soldiers, there is also talk of mobilizing 75,000 reservists. At the press conference, the defence minister emphasized that the troops will only be properly deployed when the civilian authorities and organizations have reached the end of their capabilities. She claimed that in the area of security and order, assistance from the military would only be available under strict conditions, but in a daily order to the troops she wrote, We will help with health care and, if necessary, with ensuring infrastructure and supplies as well as maintaining security and order.

Chief of Staff Alfons Mais wrote to soldiers saying the Bundeswehr now had the task of maintaining operational readiness for any required support. We are at the beginning of a road whose direction and length we cannot yet estimated, he declared.

In Bavaria, the conservative state government declared a disaster situation last Monday. This enables them to take far-reaching measures against the spread of the coronavirus and to call on citizens to help in the form of services, material and work. However, the disaster situation also means a far-reaching encroachment on democratic rights, which can be used to suppress social and political opposition. The working class must be on its guard.

Google is blocking the World Socialist Web Site from search results.

To fight this blacklisting:

Continue reading here:
German government prepares for internet censorship and deployment of the armed forces - World Socialist Web Site

Consumers here will get some help in picking secure Internet home routers, if new rules proposed yesterday are accepted.

The Infocomm Media Development Authority (IMDA) is looking to introduce a series of requirements to "provide a safer and more secure Internet experience for users, and to strengthen the resilience of Singapore's telecommunications networks".

The surge in intelligent devices in homes, such as Web cameras and baby monitors, makes it important to secure home routers, the authority said.

Under the proposed rules, home routers that meet stringent requirements, including stronger password administration, will receive a compliance label.

"Residential gateways, commonly known as home routers, are often the first entry point as they form the key bridge between the Internet and residents' home networks," said an IMDA spokesman.

These routers are often used by hackers keen on spying or stealing information.

The proposed rules are such that new routers sold to consumers will not be allowed to have default passwords, which means no two routers will have the same access codes.

Consumers will instead have to set up their own passwords and there will be a minimum level of password strength required.

The default settings of these routers will have to be better managed and controlled as well. For instance, the firewall will have to be turned on by default.

Manufacturers will also have to make sure that their routers automatically update to the latest and most secure firmware.

The IMDA is now seeking views from the industry and the public on the requirements.

The authority said that together with the cyber security labelling scheme that will be rolled out by the Cyber Security Agency of Singapore (CSA), its effort to introduce more stringent rules for home routers will better protect Internet-of-Things devices here.

Residents will not be required to change their home routers. Instead, they can look out for the IMDA label when they get new routers.

If the proposed rules are accepted, all new routers sold here must comply with the IMDA's specifications by early next year... To give manufacturers time to adjust, the rules will kick in six months after the finalised standards come into effect.

If the proposed rules are accepted, all new routers sold here must comply with the IMDA's specifications by early next year.

The IMDA said that in order to give manufacturers time to adjust, the rules will kick in six months after the finalised standards come into effect. Previously approved home routers can continue to be sold until one year after the finalised standards come into effect.

The authority noted that some manufacturers have already incorporated the proposed requirements in newer models of their home routers. It expects that mainstream models will continue to remain affordable as new equipment complying with the IMDA's rules are launched.

Yesterday, the IMDA also announced a new IoT guide to help business users and vendors safely deploy IoT systems and devices.

The guide was developed by the IMDA and CSA after a public consultation in January last year and is available on the IMDA's website.

Read the rest here:
New rules proposed to boost security of home routers - The Straits Times

The rapid evolution of cybersecurity remained a major issue for small businesses in 2019, being named the top concern for all businesses, regardless of their size. Along with an increase in the number of cybercrimes, the cost of recovering from an attack means keeping ahead of the curve is vital for SMBs going forward.

By Amie Thurlow

This is challenging enough for businesses operating on a small budget, but fast-paced changes in technology mean that security resources are increasingly being stretched in several directions. Rather than protecting a single, traditional office, security must now cover a whole range of devices used for IoT and mobile working.

Proactivity is now essential to an effective security strategy. By looking ahead to the trends of the next 12 months, SMBs can begin to identify the new challenges around cybersecurity that they will need to prepare for.

Increased spending

A trend that is set to continue from 2019 is increased cybersecurity spending. The International Data Corporation (IDC) expects spending on security solutions was estimated to reach $103 billion in 2019, a 9.4% increase on the previous year, with that trajectory continuing into 2020 and beyond. These figures are not exclusive to small business, but it does demonstrate how seriously cybersecurity is now being taken.

It may well not be possible for SMBs to increase their budget on that scale each year. However, the trend for regularly raising spending suggests that it would be prudent to conduct an audit of existing hardware, software and services, to make sure that current solutions are providing the best protection available on your budget. Increases in spending can then be focused on minimizing risk, by improving the security awareness of your workforce with training.

The continued growth of IoT

While the Internet of Things (IoT) has rapidly become a huge consideration, the reality is that this is just the start. Currently, the pace with which these new devices are being implemented continues to surpass the rate at which security solutions are being created to manage them.

While some IoT devices have benefits for the workplace, others might be causing more issues than they are solving. Take the time to carefully consider the introduction of new devices to your network, to make sure that the benefits they offer are worth the increase in security weak points that their inclusion creates.

5G wireless Internet

Over the next few years, the rollout of 5G wireless internet will bring faster internet speeds to peoples pockets. But as this is a new technology, dont be surprised to hear of a range of attacks as security weaknesses are exposed and then patched during the early years of its rollout.

It might not be a direct issue for your network in 2020, but with the mobile workforce set to continue its rapid growth in the coming years, staff could well start using early 5G networks on their personal devices to complete their work, putting sensitive documents at risk.

Awareness is the key to minimize this threat. If regular security training sessions are held, they are the ideal platform for highlighting the dangers and reminding staff to apply security patches as soon as they become available.

Automation and AI

An area of technological innovation that is set for dramatic growth in the coming years is automation and AI. A report titled Global Artificial Intelligence in Cybersecurity Market, 2019-2026 has projected that the market for AI in cybersecurity could reach US$38.2 billion by 2026, an almost US$30 billion increase on the 8.8 billion estimated in 2019.

Alongside entirely new threats, increased implementation of automation and artificial intelligence could begin to see traditional forms of attack such as phishing take on a new guise, becoming harder to detect. But it isnt all bad news. Automation also plays an important role in protecting against attacks, by improving threat detection and identifying vulnerabilities.

Any new technologies can be expensive to set up and can require additional training, but as the implementation of AI grows, costs will continue to fall, making AI solutions viable for SMBs who are looking to implement a modern security setup.

Conclusion

There can be no doubt that cybersecurity is going to continue becoming a greater consideration for companies of all sizes in the coming years. As rapidly as technology advances, so too do the resources that hackers have at their disposal. While SMBs may not have the financial muscle to immediately invest in the latest tools, they can still take large steps towards remaining secure by being proactive.

Keeping antivirus, VPNs, firewalls and endpoint security software up to date will protect against the latest vulnerabilities. But no matter which new threats emerge, the best way to reduce the risk of an attack remains looking after the simple things.

Research conducted by Apricorn in 2019 discovered that 63 percent of UK organizations considered human error the main cause of data breaches within their organization. This means that providing regular training, BYOD policies for mobile workers, and a holistic attitude to security best practices, remains one of the best ways to stay protected in the new year.

Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.

See the article here:
Cybersecurity 2020: The Trends SMBs will Need to Prepare For - CISO MAG

This past week I had two items pop up on my alerts. The first was about Facebook suing domain registrar Namecheap for allowing domains that impersonate the social media company and can be used for scams. The second was a plea by the Electronic Frontier Foundation to join in its crusade to stop the sale of the .ORG domain. It took me a moment to realize these are linked.

Namecheap is known for its refusal, short of a court order, to crack down on bad actors who register domains used to spread malware, steal personal information, send spam and conduct cyberattacks. According to cyber monitoring firm SpamHaus, 25 percent of so-called botnet domain names were registered through Namecheap making it the third straight year it held the title as the company with the most abused domains.

The Facebook lawsuit shows why. In its lawsuit, Facebook cited 45 Namecheap domains, such as 'instagrambusinesshelp.com', that appear to be associated with the social media company but, Facebook says, can be used by bad actors to "trick people into believing they are legitimate and are often used for phishing, fraud and scams."

It's not the first time Namecheap has been called out for not making Internet safety a priority. Online pet adoption scams are on the rise. Criminals create websites that offer to ship dogs after a would-be owner pays fees, but it's a scam and the dog never is delivered. In an article entitled, "Namecheap, you are hurting the Internet!," the group Petscams.com, which manages a database of fraudulent websites that pose as pet adoption centers, points out that Namecheap has nearly four times as many scam websites as any other registrar.

This track record is why I would never use Namecheap for domains. After all, life is about the company you keep. Which gets us to EFF and .ORG. The group wants to stop the sale of .ORG to a private company. But like Namecheap, EFF's track record on Internet safety is dubious. This is the organization that is trying to overturn a federal law aimed to stop sex traffickers from using websites such as Backpage to advertise and conduct business.

But EFF and Namecheap have a lot more in common than I realized. In the last decade, Namecheap has contributed $390,000 to EFF to fight against restrictions that could prevent bad actors from using the Internet to engage in sex trafficking, conduct scams, and spread malware that can lead to identity theft, financial loss and ransomware. It's hard not to connect the dots. Namecheap pays EFF to work to block Internet safety legislation and initiatives; Namecheap makes money by being the go-to domain company for bad actors who create domain names that can be used for scams and malware and other potential illicit activity.

As someone who owned and operated domain names, I'm stunned that this business model is acceptable in 2020. This is the Internet equivalent of a medical testing lab building a business model around the spread of the coronavirus. Namecheap stands out as a domain company that refuses to cooperate when companies such as Facebook come to them with evidence that its domain customers are engaging in shady behavior.

And EFF has 390,000 reasons to help them.

But at what cost? According to Internet security company Emsisoft, the 2019 impact of ransomware went way beyond the estimated $7.5 billion price tag. Because of ransomware, emergency patients had to be redirected to other hospitals; medical records were inaccessible or permanently lost; surgical procedures were canceled; tests were postponed; and, 911 services were interrupted. This is the real impact of not stopping online criminals and other bad actors.

Keeping the Internet free and safe are not mutually exclusive. Just as shouting "fire" in a crowded theater isn't protected speech, criminals who use the Internet to scam people, coerce them into ransomware payments, engage in sex trafficking, and spread malware shouldn't be protected. You would think that Namecheap and EFF would understand the difference. And if they do understand the difference and still fight efforts to keep the Internet safe, that's disturbing.

See the rest here:
Namecheap, EFF and the Dangerous Internet Wild West - CircleID