High-profile breaches have sparked interest in an emerging class of security software. The technology, named cloud security posture management (CSPM), scours cloud environments and alerts staff to configuration issues and compliance risks, most of which stem from human error.

Exhibit A of this type of gaffe occurred at Capital One in 2019, when a former Amazon Web Services (AWS) employee exploited a misconfigured Web Application Firewall (WAF) the financial service provider was using as part of its operations hosted in AWS, exfiltrated data and stored it on GitHub. In 2018, both a Walmart partner and GoDaddy were exposed when they left AWS storage instances accessible via the internet.

Most CIOs will tell you that their data is more secure with cloud vendors, but human error leaves even the stoutest compute networks susceptible to attacks, thanks in part to the various permissions and access points that leave enterprises exposed, says Gartner analyst Neil MacDonald. In fact, 99 percent of cloud security failures will be the customers fault through 2025, according to Gartner.

"The issue they are most worried about is some misconfiguration or mistake they make that leaves them exposed," MacDonald says.

Read more here:
Posture management: Cloud security tools rise in wake of breaches - CIO

"There is a large effort to target county commissioners by hackers," Midwest IT Systems security specialist Ben Geddis told the Faribault County Board at their meeting on Feb. 18.

Geddis was in attendance at the board meeting to talk about Internet security matters with the board.

"The idea the hackers have is they can cash in on government officials and gain access to information," Geddis explained. "Counties are highly targeted. If they can get control of your account they can impersonate you and send out emails which appear to be from you."

Security specialist Ben Geddis of Midwest IT Systems, left, discusses a variety of Internet security matters with the Faribault County Board last week.

The problems are most commonly spread through phishing emails, according to Geddis.

"For instance, I received an email which appeared to be from Pizza Hut offering me a free pizza if I clicked on the link in the email," Geddis commented. "But when I used my mouse to hover over the hyperlink displayed in the email message, the link-to address was for a different website."

You need to be very careful what you click on, Geddis shared.

"Ransomware is on the rise," he stated. "If hackers can get into your system, they can encrypt your information and prevent you from accessing it unless you pay them a ransom to remove the encryption."

So, what can be done to lower the risks of a hacker getting hold of your data?

"Many people live by the rule, if I was not expecting it (email), I delete it," Geddis said. "Changing your passwords every year is also a good idea."

Another way your information can be safeguarded is by having multi-factor protection.

"Multi-factor protection is when you are required to enter a code you may receive through a text to be able to get into your data," Geddis explained. "For instance, if you are logging into one of your credit cards from a computer you do not normally use, the credit card company may require you to get a code, which they will send to your phone, you will then have to enter the code before you can proceed on their website."

He provided the board with a list of red flags to watch out for.

"Unknown email addresses, emails received from outside of your organization and emails with a suspicious domain name are all things to look out for," Geddis said. "Also, watch for bad grammar and spelling errors. Be aware of emails which try and scare you into clicking on a link without thinking about it."

Also at the meeting was Billeye Rabbe, the solid waste coordinator for the Prairieland Solid Waste Facility in Truman.

She brought a list of solid waste and recycling haulers who needed to have their license renewals approved by the board.

B and B Sanitation and Recycling, Hometown Sanitation, LIP Enterprises, Inc., Peterson Refuse and Demo, Thompson Sanitation and Waste Management were approved for both solid waste hauling and recycling licenses.

Minnesota Lake was approved for a solid waste hauling license and Mason City Recycling was approved for the recycling license.

Commissioner Greg Young mentioned the audit of Prairieland had gone well, morale at the plant is high and the board is very happy with the job Rabbe does.

In other business, it was also noted the Charles Carlson versus Faribault County Drainage Authority court trial will begin on March 18, at 9 a.m., in Martin County.

Originally posted here:
Beware of a cyber attack - faribaultcountyregister.com | News, Sports, Information on the Blue Earth region - Faribault County Register

Every time we switch on a computer, open an email, view a website or make an online payment, there are multiple new opportunities for crimes to occur.

In fact,almost halfof all crimes against individuals in England and Wales now involve or are enabled by the internet.

These technological changes have fuelled a substantialnew private policing sectorthat includes commercial companies but also online vigilantes.

This change is comparable to the quiet revolution seen in the 1970s when conventional private policing, particularly the use of uniformed security officers, emerged on an industrial scale.

Despite its scale, online private policing activity has been largely ignored by researchers and politicians. Yet it is already creating somesignificant issuesthat need addressing.

This new online private policing sector exists most obviously in the numerous companies providing services.

These include designing, testing and maintaining security systems, responding to cyber-attacks and moderating websites for harmful or illegal content.

But many other organisations have also developed their own cybersecurity structures to better protect themselves from online crime.

In most large organisations, these structures are led by what are generally called chief information security officers (CISO) but there are also many other new cybersecurity roles such as security architects and ethical hackers.

Globally, this new sector is estimated to support around6 million jobsand is predicted to be worth$248 billion (R3.7 trillion) by 2023.

This is much more than the traditional private security industry, which is only predicted to be worth around$167 billion (R2.5 trillion) by 2025.

One of the most interesting roles to emerge in this new sector is that of the moderators who police the content published on the internet.

They play an important role in preventing thepublication of undesirable material, from hardcore pornography and footage from war zones through to abusive and inappropriate language.

There has been virtually no academic research of these important operatives. Butmedia reportshaveraised concernsover the welfare of these staff, who often have to view large amounts of distressing content, including images.

So their conditions of employment and capabilities should be more of a priority for researchers and regulators.

The internet hasnt just stimulated new forms of commercial private policing but has also enabled a new type of vigilantism to flourish.

For example, the limited law enforcement response to the masses of scam emails and bogus websites were at risk from everyday has led to the growth of scambaitors.

These are private individuals who try to engage with scammers andwaste their timeor simplyraise awarenessof their scams. One of the problems with scambaiting is thehumiliation and racismoften involved.

For example some scammers have been encouraged to do repetitive tasks such as draw street maps and rewrite books, paint themselves or pose naked in humiliating positions, all of which have then been publicised.

Sometimes this is done with explicit or implicit racist commentaries, relating to the fact that many of the scammers areblack West Africans.

Perhaps the most controversial area of online vigilantism that has emerged ispaedophile hunting. Organised groups of internet users pose as children in online chatrooms to lure and expose paedophiles.

The actions of these groups have clearly helped the police and led to the exposure of real paedophiles who have subsequently been charged and convicted.

In 2018,at least 150 peoplein England and Wales were charged using evidence provided by paedophile hunters. But some groups have made their exposures and confrontations public, in some cases even live-streaming them online.

This has ledto innocent people being falsely and publicly condemned, while others have killed themselves after the exposure.

It has also been revealed that some of the people enacting this justice arethemselves convicted criminals whereas police forces themselves often bar people with criminal records from joining.

The rapid growth of both commercial and amateur attempts at policing the internet shows there is a demand that is not being met by the traditional provider of law enforcement, the state.

But the problems that are emerging from this private security activity demonstrate why it isnt enough to leave such significant operations to the market or volunteers.

The first quiet revolution eventually resulted in many jurisdictions introducing regulations to better control the activities of private security.

This new shift at least warrants further research and investigation to determine if the controls are adequate. The suspicion is that they are not.

Mark Button, Professor of Security and Fraud, University of Portsmouth. This article is republished from The Conversation under a Creative Commons license. Read the original article.

See more here:
Vigilantes and private security are policing the internet where governments have failed - The South African

Better Business Bureau serving Canton Region and Greater West Virginia offers tips and advice for consumers to avoid fraudulent practices.

THE CONCERN Everyone knows to be on the lookout for phony emails, especially at work. Scammers can easily make messages that appear to come from anywhere, from your bosss account to the office printer. But what about voicemail? New voice-mimicking software is now being used by scammers to create convincing voicemail messages.

HOW THE SCAM WORKS:

You get a voicemail from your boss. They are instructing you to wire thousands of dollars to a vendor for a rush project. The request is out of the blue. But its the bosss orders, so you make the transfer.

A few hours later, you see your boss and confirm that you sent the payment. But theres one big problem; your manager has no idea what you are talking about! It turns out that the message was a fake. Scammers used new technology to mimic your bosss voice and create the recording. This voice cloning technology has recently advanced to the place where anyone with the right software can clone a voice from a very small audio sample.

Businesses may be the first places to see this con, but it likely wont stop there. The technology could also be used for emergency scams, which prey on peoples willingness to send money to a friend or relative in need. Also, with the US now in the midst of the 2020 election season, scammers could use the technology to mimic candidates voices and drum up donations.

TIPS TO AVOID A THIS SCAM:

Secure accounts: Set up multifactor authentication for email logins and other changes in email settings. Be sure to verify changes in information about customers, employees, or vendors.

Train staff: Create a secure culture at your office by training employees on internet security. Make it a policy to confirm all change and payment requests before making a transfer. Dont rely on email or voicemail.

FOR MORE INFORMATION To learn about other kinds of scams, go to BBB.org/ScamTips. If you have been the victim of a scam, make others aware by filing a report on BBB.org/ScamTracker.

FOR BBB INFORMATION Visit bbb.org/canton or call 330-454-9401 to look up a business, file a complaint, write a customer review, read tips, follow us on social media, and more!

Read the original post:
Straight Talk: That voicemail from the boss might be fake - Canton Repository

By Alicia Wallace, CNN Business

Cannabis is an emerging industry with stratospheric growth expectations. Like the California Gold Rush, the dot-com boom and every other new market with boundless potential, the cannabis industry also has the tendency to attract some sketchy characters with dubious motives.

Security experts have long warned that the cannabis industry is susceptible to both cybercriminal and fraudulent activities. It's not exactly the Wild West anymore: Businesses and state-legal markets have matured. But risks and concerns about criminal activity and fraud haven't waned.

Just weeks into 2020, the cannabis industry has been the subject of several high-profile incidents: a reported dispensary point-of-sale system hack that potentially exposed the data of 30,000 people; the US Securities and Exchange Commission charging two men who allegedly used a fake cannabis company as a front for a Ponzi scheme; and the conviction of a former Colorado cannabis entrepreneur in one of the state's largest fraud cases.

"These industries are targets just because they're new and there is lots of controversy -- whether it's political or social -- with some of the things they're doing," Michael Bruemmer, the vice president of data breach resolution and consumer protection for consumer credit reporting company Experian, told CNN Business.

Experts are cautioning companies to shore up their security practices and for consumers to be mindful of opportunities that seem too good to be true.

Cannabis' emerging market status makes it a prime target fraud, said Jodi Avergun, a former federal prosecutor and DEA chief who now heads law firm Cadwalader, Wickersham & Taft's white-collar defense and investigations group.

"Consumer and retail investors are not taking appropriate precautions," she said.

The cannabis industry is teeming with interest and speculation, she said. Most cases brought by the US Securities and Exchange Commission involve operations that purport to be cannabis businesses but instead are schemes -- typically of the Ponzi and pump-and-dump variety, she said.

The recent cannabis cases include allegations of a Ponzi scheme tied to a fictitious cannabis company and charges of securities fraud tied to an alleged criminal ring in Colorado.

"The unscrupulous people who have always existed -- the out-and-out fraudsters -- take advantage of investors who want to make a buck quickly," Avergun said.

Although cannabis remains illegal under federal law and largely unregulated, some federal agencies continue to keep a close watch for potential nefarious activity. The US Federal Bureau of Investigation last year warned that it saw a "public corruption threat emerge in the expanding cannabis industry," and agencies such as the SEC have sought criminal charges.

In 2014, when Colorado and Washington State started selling recreational cannabis, the SEC suspended several cannabis stocks and issued an investor alert to warn of questionable practices, alleged illegal stock sales and market manipulation. The agency issued yet another investor alert in 2018 highlighting past enforcement actions and continued warnings.

The SEC Office of Investor Education and Advocacy "regularly receives complaints about marijuana-related investments, and the SEC continues to bring enforcement actions in this area," the SEC warned then. "If you are thinking about investing in a marijuana-related company, you should beware of the risks of investment fraud and market manipulation."

The hype -- and potential for fraudulent investing schemes -- may have abated in recent months as valuations have sunk and companies have restructured to ensure near- and long-term stability.

"But as soon as demand returns, so will the opportunistic fraudsters who seek to take advantage of those who see dollar signs in the cannabis industry," Avergun said.

Experian's "Data Breach Industry Forecast" for 2020 predicted that emerging industries such as cannabis, green energy and cryptocurrency would be increasingly become targets for cyberattacks. In 2019, these industries accounted for fewer than 10% of the breaches tracked by Experian, but they remain vulnerable because they're emerging industries, Experian's Bruemmer said.

"These controversial industries make great targets because they're more focused on growing their business and starting up than they are necessarily putting the appropriate focus on cybersecurity," he said.

Three years ago, a leading seed-to-sale tracking software provider was hit with two cyberhacks in a six-month period. The incidents consisted of a "sophisticated sequence of malicious attacks directed against the company," an attorney for the targeted company MJ Freeway, now named Akerna, said at the time.

The company spent at least $200,000 to upgrade its cybersecurity and enterprise software capabilities following the 2017 breaches, according to financial filings made with the SEC.

Jessica Billingsley, chief executive officer of Akerna, told CNN Business in December that the company no longer uses the software targeted in the attack and the next generation program is far more robust.

In January, internet security researchers for vpnMentor reported a breach at THSuite, a cannabis point-of-sale provider. The vpnMentor researchers said that more than 30,000 individuals had their information exposed, including photo IDs, addresses and protected health information.

Officials for THSuite did not return multiple calls and emails for comment. Some of the dispensary clients identified in the vpnMentor report told CNN Business that they were quickly taking action to determine how much of their customers' information might have been affected.

RJ Starr, compliance director for Bloom Medicinals, said he was aware that his company's technology vendor experienced a data breach and was conducting a thorough investigation.

"Once we've identified any affected patients, we will notify each individual patient and follow HIPAA breach notification protocols," Starr said. "Bloom Medicinals serves tens of thousands of patients in multiple states, and we take patient privacy very seriously. Rest assured, we will implement any corrective action necessary to both remedy and ensure that this doesn't happen again."

Consumers and companies can be proactive in protecting themselves from fraud and cybercriminal activity, Avergun and Bruemmer said.

Avergun said that consumers should check the price history of companies' stocks and research the background of the advisers and executives who are selling shares and running the company.

"If it sounds too good to be true, it probably is -- as with any investment," she said.

As for business investors, it comes down to due diligence.

"There is nothing to substitute for adequate research into company financials, its state compliance policies and processes, and its management before investing in an emerging cannabis company," she said, noting to be aware of special state-specific risks. "If a manager or owner of a cannabis company was previously operating before cannabis was state legal, that causes problems with licensing in state and may raise the risk of federal prosecutions."

Bruemmer highlighted three key tips for companies to button-up their security: Ensure that everyone -- not just the information technology experts -- keeps data security in mind and not make simple mistakes such as clicking on a nefarious link; research and employ credible security technology but don't be reliant on solely the software; have a proactive plan in place if a security breach occurs.

"A lot of businesses think about it as an after-thought," he said. But they should pre-plan."

Go here to read the rest:
The cannabis industry's next big threat: Hacks and fraud - WICZ