In a rare joint statement, the intelligence chiefs of the Five Eyes alliance — the United States, the United Kingdom, Canada, Australia and New Zealand — accused China on Tuesday of “unprecedented” intellectual property theft and spying using advanced technologies like artificial intelligence.

According to an Oct. 18 Reuters report, after meetings with Silicon Valley companies, FBI Director Christopher Wray said China was engaged in the “most sustained, scaled and sophisticated theft of intellectual property and expertise in human history.”

The officials warned that China is aggressively using cyber intrusions, spying, corporate investments and more to steal secrets from businesses and research institutions across multiple sectors — including quantum technology, robotics, biotechnology and artificial intelligence.

“Every strand of that web had become more brazen, and more dangerous,” Wray said. He accused China of having a bigger hacking program than all other major nations combined — which, together with traditional espionage and theft of trade secrets, gave it enormous power.

The Australian Security Intelligence Organisation’s director-general, Mike Burgess, revealed his agency had recently busted a Chinese plot that involved planting an academic at a prestigious Australian research institution to steal secrets. “This sort of thing is happening every day in Australia, as it is in the countries here,” he said.

Burgess said while China’s intention to innovate for its own interests was “fine,” its methods went far beyond traditional espionage. He warned China was stealing more corporate and personal data than any other nation “by orders of magnitude.”

The officials called out China’s use of artificial intelligence to amplify its capabilities and make its already mammoth hacking programs even more effective. “If you think about what AI can do to help leverage that data to take what’s already the largest hacking program in the world by a country mile, and make it that much more effective — that’s what we’re worried about,” Wray said.

In response, Chinese government spokesperson Liu Pengyu denied the allegations and said China was committed to intellectual property protection.

The post Five Eyes confronts China over intellectual property theft appeared first on ReadWrite.

The Israeli army is using Palestinians’ cellphone data in its military campaign to monitor the population’s movements within Gaza. Recent New York Times reporting describes this Israel Defense Forces’ initiative after being granted access to military’s surveillance system. The IDF claims the real-time monitoring of over 1 million Gazan cellphones is an attempt to reduce civilian casualties.

Responding to Hamas’s Oct. 7 terrorist attacks that targeted civilians and killed over 1,400, the IDF has conducted daily airstrikes throughout the Gaza Strip. By Oct. 11, the Israeli Air Force stated it had already dropped a staggering 6,000 bombs, and on Oct. 10, Israeli army spokesman Daniel Hagari reportedly said, “The emphasis is on damage, not on accuracy.”

The timing of the Times’ report and the journalist’s access may suggest an intentional recalibration of the IDF’s messaging and tone ahead of an anticipated ground offensive into Gaza. 3,000 Palestinians have reportedly been killed in the past 10 days, with over 500 killed today in a hospital explosion. Given the current situation in Gaza, what evidence shows the IDF’s expansive monitoring of Gazans is actually reducing civilian casualties?

Cellphone data in Israel’s military strategy

On Friday, Israel told the roughly 1.1 million residents of northern Gaza to evacuate to the south within 24 hours for their own safety. Not far away, in southern Israel, soldiers track the location data of over 1 million cellphones, displayed on a live map of the Gaza Strip. The soldiers reportedly use this data to monitor the movement of residents from northern Gaza to the south.

According to the Times, the data-tracking system showed that around 700,000 of the 1.1 million residents of northern Gaza had relocated to the south by midday on Monday. The Times journalist reported the IDF officers stationed to this control room were calling the remaining 400,000 residents individually to plead with them to evacuate.

The IDF argues this cellphone data is a pivotal tool to gauge civilian presence and adjust military actions accordingly — with neighborhoods turning green to indicate at least 75% of the population had relocated.

Besides the noble goal of reducing civilian casualties, a depopulated urban environment would likely benefit the IDF’s military operations. Conversely, Hamas is encouraging residents to remain in the north, arguing that nowhere in Gaza is safe. However, Hamas’s motivation for residents to remain is likely so their militants could more easily assimilate into civilian populations when necessary.

Implications and reactions

The landscape of warfare has undergone a significant transformation with the advent of technology. In the Israel-Hamas conflict, the IDF’s data-tracking system highlights how digital tools are becoming integral to military strategies. Similarly, the war in Ukraine saw the extensive use of drones, reshaping reconnaissance and combat tactics.

While the Israeli military presents this data usage as a measure to minimize civilian harm, critics voice concerns. The displacement, though intended to ensure safety, has led Gazans into areas still vulnerable to airstrikes. Moreover, the broader ethical implications of using personal data in military operations have raised concerns among human rights advocates. This is especially unsettling in regions like Gaza, which many residents refer to as an “open-air prison.” Such surveillance programs also raise questions about privacy rights and data security. Western democracies largely embrace these rights are fundamental. Yet, they are denied in Gaza due to military necessity.

The Israeli military’s strategy of using cellphone data underscores the evolving nature of modern warfare. As the situation in Gaza unfolds, the global community will closely watch the implications of such data-driven military strategies.

The post Israel is tracking Gaza’s cellphone data to inform military operations appeared first on ReadWrite.

On Monday, the Colorado Supreme Court made a pivotal decision about using Google search data in criminal cases. This decision, drawing significant media and legal attention, centers on the use of “reverse keyword warrants.”

Law enforcement agencies have recently adopted reverse keyword warrants. Unlike traditional warrants that target a specific individual or location, these focus on a keyword or phrase. Then, they ask companies like Google for data on all users who searched that keyword in a certain timeframe.

In this specific case, Seymour v. Colorado, Denver police investigating an arson incident, which killed five, executed a search warrant for IP addresses that had used Google over the previous 15 days to search for address of the home where the fire took place. Google, after some hesitation, handed over the IP addresses. which ultimately led investigators to arrest three teenage suspects.

According to the police investigation that used Google’s keyword data, Gavin Seymour had searched the property’s address multiple times prior to the fire. Lawyers for Seymour contended that the keyword warrant was an unconstitutional search, marking the first known challenge to the legality of such warrants.

Privacy concerns

In an amicus brief, nonprofit research center Electronic Privacy Information Center (EPIC) expressed concerns about the potential privacy implications of reverse keyword warrants. EPIC emphasized that such warrants could expose vast amounts of sensitive personal data to law enforcement without a valid basis.

Specifically, EPIC pointed out that after the U.S. Supreme Court’s Dobbs decision last year, several states moved to criminalize abortion. If reverse keyword warrants are deemed constitutional, individuals seeking information about abortions or other reproductive health issues could be at risk of investigation and prosecution.

The ruling was not unanimous, with Justice Monica Márquez expressing strong dissent and cautioning that the decision could provide law enforcement with unprecedented access to individuals’ private lives. In its split decision, however, the court stated its intention that Monday’s verdict be limited in scope to the case at hand, adding: “If dystopian problems emerge, as some fear, the courts stand ready to hear argument regarding how we should rein in law enforcement’s use of rapidly advancing technology.”

Nationwide impact of keyword search warrants

The Colorado Supreme Court’s decision is expected to have far-reaching implications. As the first court to rule on reverse keyword warrants’ constitutionality, its verdict will likely influence courts across the nation. Furthermore, the verdict will influence how tech giants like Google handle such warrants.

This decision highlights the tension between digital privacy and law needs. While the Denver District Attorney’s office welcomed yesterday’s ruling, Google emphasized the importance of recognizing the privacy implications of keyword searches.

Moreover, a recent Bloomberg Businessweek study added another dimension. It showed that police are increasingly turning to Google data, even for non-violent crimes. This highlights the growing dependence on tech companies for investigative leads.

The post Colorado Supreme Court affirms use of Google keyword search warrants appeared first on ReadWrite.

A recently discovered flaw in the HTTP/2 protocol, which underpins a significant portion of web traffic, has raised concerns among cybersecurity experts. The vulnerability, known as the “rapid reset flaw,” could potentially expose users to a range of security threats.

Recently, tech giants like Google, Amazon, Microsoft, and Cloudflare faced massive distributed denial of service attacks on their cloud platforms. These attacks in August and September broke previous records in terms of size and intensity.

Google Cloud’s Emil Kiner and Tim April highlighted the severe consequences of such attacks, stating, “DDoS attacks can have wide-ranging impacts to victim organizations, including loss of business and unavailability of mission critical applications, which often cost victims time and money. Time to recover from DDoS attacks can stretch well beyond the end of an attack.”

Understanding the rapid reset flaw

Designed to speed up website loading and enhance web performance, HTTP/2 now has a known vulnerability. Attackers can exploit this flaw to disrupt connections by resetting them quickly, leading to potential denial-of-service attacks and significant website user disruptions.

The flaw isn’t specific to any software but exists within the HTTP/2 network protocol specification. The Internet Engineering Task Force (IETF) introduced HTTP/2 as an upgrade to the traditional HTTP protocol. Its improved mobile performance and reduced bandwidth use have made it popular. Now, the IETF is developing HTTP/3.

Cloudflare’s Lucas Pardue and Julien Desgats shed light on the scope of this vulnerability, noting, “Because the attack abuses an underlying weakness in the HTTP/2 protocol, we believe any vendor that has implemented HTTP/2 will be subject to the attack.” While a few implementations might remain unaffected by rapid reset, they stress its relevance to “virtually every modern web server.”

According to Wired, the issue arises when attackers manipulate the protocol’s “reset stream” feature. By doing so, they can flood servers with reset commands, causing them to crash or become unresponsive.

Implications for web security

The discovery of this flaw underscores the importance of continuous security assessments, even for widely adopted protocols like HTTP/2. While the protocol has been in use for several years, vulnerabilities can remain hidden and only come to light after rigorous testing.

It’s worth noting that while the rapid reset flaw poses a threat, it doesn’t allow attackers to steal data or inject malicious code. However, the potential for causing service disruptions makes it a concern for website operators and businesses that rely on stable web connections.

The cybersecurity community is now working on patches and updates to address this vulnerability. In the meantime, web administrators are advised to stay vigilant and monitor their servers for any unusual activity.

A reminder of the web’s fragility

This recent discovery serves as a reminder of the inherent vulnerabilities in the digital infrastructure we often take for granted. As technology evolves, so do the challenges and threats associated with it. It underscores the need for ongoing research, vigilance, and collaboration among the tech community to ensure a safer digital landscape for all.

The post HTTP/2 rapid reset flaw exposes web traffic to potential attacks appeared first on ReadWrite.

Several high-risk security vulnerabilities have been found in ConnectedIO’s ER2000 edge routers and the cloud-based management platform, raising questions about IoT security. Malicious actors could exploit these weaknesses to execute harmful code and access sensitive information. An analysis by Claroty’s Noam Moshe revealed that an attacker might use these vulnerabilities to entirely compromise the cloud infrastructure, execute code remotely, and leak customer and device details.

As the adoption of IoT devices continues to rise, concerns about the overall security and protection of user data in these devices are becoming increasingly important. Addressing these vulnerabilities, ConnectedIO has been urged by both researchers and cybersecurity experts to implement effective security measures and provide timely updates to ensure users are protected against potential threats.

“The vulnerabilities in 3G/4G routers could expose thousands of internal networks to serious threats. IoT hazards may allow bad actors to gain control, intercept traffic, and infiltrate Extended Internet of Things (XIoT) devices.” The issues affect ConnectedIO platform versions v2.1.0 and earlier, specifically the 4G ER2000 edge router and cloud services. Attackers could chain these vulnerabilities together to execute arbitrary code on cloud-based devices without needing direct access.

By exploiting these weaknesses, cybercriminals can easily bypass security measures and gain unauthorized access to sensitive information. Organizations and individuals must update their devices to the latest firmware version to mitigate the risks associated with these vulnerabilities.

Additional weaknesses were discovered in the communication protocol between the devices and the cloud, including using fixed authentication credentials. These can be exploited to register an unauthorized device and access MQTT messages containing device identifiers, Wi-Fi settings, SSIDs, and passwords from routers. Attackers gaining access to this information could potentially monitor or manipulate the devices, putting user privacy and security at risk.

A threat actor could impersonate any device using leaked IMEI numbers and force the execution of arbitrary commands published via specially designed MQTT messages through a bash command with the opcode “1116.” Consequently, this security vulnerability exposes a myriad of devices to potential cyberattacks, leading to unauthorized access, data breaches, and even full system control. It is essential for users and manufacturers to ensure their devices are updated with the latest software patches to mitigate such risks and enhance protection against these attacks.

Manufacturers need to address these vulnerabilities and implement robust security measures to protect both the communications between devices and the cloud and the information stored within these devices.

Featured Image Credit: Photo by Cottonbro Studio; Pexels; Thank you!

The post Vulnerabilities found in ConnectedIO’s ER2000 edge routers and cloud-based management platform appeared first on ReadWrite.

A spyware operation known as Oospy has been dismantled after its web host, Hetzner, deactivated its back-end server. Oospy was essentially a rebranded version of a phone monitoring application that enabled surveillance of tens of thousands of Android devices globally. The original app was targeted and hacked, resulting in its shutdown. Following the shutdown, Oospy’s creators continued to modify and distribute their software under different names in an effort to evade detection and maintain their nefarious activities. Despite the dismantling of Oospy, cybersecurity experts warn users to remain vigilant, as similar spyware operations continue to pose significant threats to user privacy and digital security.

The Back-End Server is Still a Lingering Threat to Privacy

Although the original app’s website was taken down, the back-end server continued to communicate with the monitored devices. This allowed administrators to launch Oospy without interrupting the ongoing surveillance. The server was hosted on a different domain and housed stolen data from numerous devices. Consequently, this enabled the unauthorized gathering of personal information and sensitive data, posing significant privacy and security risks.

It wasn’t until cybersecurity experts stepped in to counteract this threat that the troublesome server was dismantled, effectively bringing an end to this intrusive surveillance operation.

Combined, the original app and Oospy had a minimum of 60,000 global phone surveillance victims, with thousands in the United States. This extensive breach of privacy has alarmed cybersecurity experts and government officials, who are now working to assess the overall impact and potential threats posed by this surveillance campaign. Efforts are also being taken to identify the perpetrators behind it and prevent further exploitation of mobile devices.

Oospy Got a Lot

Oospy collected a wide range of data, including contacts, messages, pictures, call logs, recordings, and location details. The gathered data provided detailed insights into users’ lives, leading to concerns about privacy and the intentions of the app creators.

Terminating the spyware’s back-end server effectively ends Oospy and its predecessor’s operations, significantly crippling the cyber espionage capabilities of the threat actors behind these campaigns. This decisive action not only dismantles a major surveillance tool used by malicious actors, but also sends a strong message that such invasive tactics will not be tolerated.

The more significant issue here is privacy concerns with phones and the Internet. In addition to these disappearing phone surveillance activities, there is a growing concern regarding individual privacy and the extent to which companies and organizations collect user data. As technology continues to advance, it becomes increasingly vital for consumers to be aware of potential risks and for governments to implement necessary regulations to protect the rights of individuals.

Featured Image Credit: Photo by Antoni Shkraba; Pexels; Thank you!

The post Unmasking Oospy: dismantling global spyware menace appeared first on ReadWrite.

Data is expanding, and so are the enterprise challenges to manage this growth. Most of these challenges boil down to the inability to accommodate the dynamic influx of data. Even the good old ETL is underperforming, resulting in 70% of failed initiatives, calling for reconsidering the data integration practices.  But what went wrong?

In the traditional setup, the ETL captures data from multiple sources and schedules it into batches.

These data sets in the batches are then further extracted (E), transformed (T), and finally loaded (L) into the targeted system. Since the technique involves bulk processing and periodic updates, it causes delays in overall processing and the time to expected outcome. Ultimately, businesses are deprived of real-time insights.

Modern techniques such as ELT can capture real-time data by processing only the incremental changes from the last extraction. It enables organizations to utilize their resources optimally and focus on more resource-conscious data integration. It reduces latency and provides on-demand access to updated data, making prompt decisions.

Due to its outdated tech, ETL cannot put such vast amounts of real-time data into efficient utilization. It might have been the rockstar of the past decade, but the modern, rapid Web3 landscape asks for a lot more.

What are the different ways in which traditional ETL might be hindering your business growth?

Given the exponential increase in data volume, traditional ETL pipelines struggle to accommodate the rush, causing slower processing and uncertain increase in the cost. Not only does it suppress an organization’s ability to leverage data insights, but it almost nullifies the opportunity to innovate.

Moreover, the complex schema in traditional systems requires significant upgrading and maintenance efforts. Over a period of time, as businesses scale, the increase in sources makes it difficult for the pipeline to stay up to date.

Additionally, traditional ETL’s dependency on centralized processing invites single points of failure, compromising data integrity and system security.

What to do? Move from outdated tech and embrace modern alternatives to ETL.

To match the expectations of the impatient consumer, It is imperative for organizations, regardless of their scale, to break free and unlock optimal value from data. Using modern ETL tools, businesses can streamline the complex data landscape, something ETLs have been trying to do for a long time.

ELTs follow the Load-first approach wherein the raw data is initially loaded into the target system, and transformation occurs in-database or using distributed processing frameworks.

Change Data Capture (CDC), for example, processes high volumes of data as soon as it enters the framework, thereby actualizing real-time insights at the other end. Likewise, cloud-based solutions provide scalable and cost-effective data processing, ensuring enterprises can adapt and grow without hardware limitations. Wait for the next section, where I explain a detailed case study.

Data lakes and hubs allow enterprises to store and process vast amounts of raw data from multiple sources. This approach fosters democratization and enables cross-functional teams to analyze data.

A quick case study to understand the impact of modern ETL

A major telecom company operating amidst a high volume of real-time data struggled to manage the influx with traditional ETL systems. At one point, it almost gave up on improving its network performance largely because the data was scattered across multiple sources. Such an inefficiency hindered the timely responses to customers who had become impatient during the lockdown.

To move on to newer alternatives, the company implemented Skyvia, a cloud ETL platform that integrates data from multiple sources into a unified warehouse. Now, all data strategically stored and accessible at one point facilitated significant improvements in understanding the network’s health. Post implementation, it helped the organization achieve remarkable improvements in network performance, thereby reducing the outages by 50% and boosting the average speed of the network by 20%.

Furthermore, this led to significant cost savings and enhanced customer delight. With a reduction in data integration time from a week to a single day, the business could respond at the moment to all critical situations, escalations, and other ad-hoc events.

Ultimately, the company recorded a 10% enhancement in CX ratings, reclaiming its lost reputation.

Today, the telecom company is future-ready to thrive in the highly competitive market. Moving from outdated ETL practices to contemporary cloud-based solutions has led to significant growth and loyalty. Skyvia’s cloud-based data integration solution is a reminder for businesses that are tapping upon scalability and flexibility isn’t a tough game until they sign up for similar transformations. As we know, a SaaS landscape offers pricing models as per your consumption, drastically abbreviating upfront costs.

Make your enterprise future-ready

The traditional ETL approach stands as a barrier to innovation for modern enterprises. The inherent limitations of batch processing and complete data extraction no longer align with the demands of real-time decision-making and dynamic market landscapes.

As discussed, the inherent limitations of batch processing no longer suffice the in-the-moment decision-making expectations. Businesses must take a leap, embrace agile approaches, and extract true value from the data mountain. It’s no longer a choice but a strategic imperative.

The post Why Enterprises Must Transition Beyond Traditional ETL: A Vital Imperative appeared first on ReadWrite.

U.S. biotech firm 23andMe’s user data was leaked and is now circulating on hacker forums. 23andMe confirmed the data leak’s authenticity to BleepingComputer and says it believes a credential-stuffing attack is to blame.

23andMe user data offered for sale

A few days ago, 1 million lines of data specific to Ashkenazi individuals began circulating on hacker forums. Then, on Oct. 4, the cybercriminal who had leaked the user-data sample purportedly stolen from 23andMe began offering to sell individual profile datasets for $1-$10 each, with the price varying based on the number of datasets purchased.

23andMe has now confirmed the authenticity of the data to BleepingComputer. A spokesperson indicated that hackers likely used credentials leaked from breaches on other platforms. “We don’t see evidence of a security incident within our systems,” they added.

The information exposed in 23andMe’s user data leak allegedly includes users’ names, locations, birthdays, sex, photos, and genetic ancestry results. BleepingComputer’s own investigation found that the number of sold accounts doesn’t currently match the total number of breached 23andMe accounts.

BleepingComputer noted the breached accounts had activated 23andMe’s DNA Relatives feature, which lets users discover and connect with genetic relatives). Initially accessing only a limited number of accounts, the hacker could then scrape data from the users’ networks of DNA Relative matches.

ReadWrite has not yet independently confirmed these statements but has requested further details on the investigation from 23andMe. Nevertheless, users should always follow proper digital hygiene by never repeating account credentials across websites, using strong passwords, and enabling two-factor authentication when possible. Even though 23andMe offers and recommends using 2fa security, this recent data breach also suggests that networking features like DNA Relatives are yet another vulnerability.

The post 23andMe confirms data leak: Personal genetic information for sale on hacker forums appeared first on ReadWrite.

Hackers from India, who call themselves the Indian Cyber Force, have threatened to target Canadian websites in response to claims that the Indian government played a role in killing a Canadian citizen promoting an independent Sikh state. The group shared a message on the X messaging platform, stating that cyberattacks in Canada would start within three days. A Canadian dental clinic’s webpage has already been vandalized with the message, “Hacked by Indian Cyber Force.”

Canadian authorities and cybersecurity experts are on high alert, closely monitoring and strengthening defenses to protect other potential targets from similar attacks. Meanwhile, the Indian government has not yet issued an official statement regarding the threats or their alleged involvement in the death of the Canadian citizen.

Royal Ransomware Gang Goes Unnoticed in Dallas for a Month

In related cyber security news, the Royal ransomware gang, which attacked Dallas, Texas, earlier this year, went unnoticed in the city’s IT infrastructure for nearly a month, stealing personal information of more than 30,000 people. The city has designated US$8.5 million to recover and restore systems affected by the attack. The gang initially accessed the IT system through a service account.

This incident highlights the importance of regularly monitoring and updating security measures within an organization’s IT infrastructure to prevent significant data breaches. Additionally, city officials are urging other municipalities to invest in updating their cyber security protocols to mitigate the risks of future ransomware attacks and protect sensitive data.

Hinds County Grapples with Ongoing Ransomware Attack

Mississippi’s Hinds County is still dealing with a ransomware attack this month, preventing residents from paying property taxes, finalizing real estate transactions, or buying car tags since September 7th. The county’s officials are working diligently with cybersecurity experts to address the issue and restore normal operations as soon as possible. In the meantime, residents are urged to remain patient and vigilant as the authorities explore alternative solutions to facilitate these essential services.

AlphV Ransomware Gang Hacks Vehicle Equipment Manufacturer Clairon

The AlphV ransomware gang has taken responsibility for hacking Clairon, a producer of audio, video, and navigation equipment for vehicles from major manufacturers. It has posted screenshots of stolen documents as evidence. The cybercriminal group claims to have accessed confidential data, including financial records, employee information, and sensitive business documents. Clairon is working in collaboration with cybersecurity experts and law enforcement agencies to mitigate the breach’s impact and prevent further unauthorized data access.

Progress Software’s MOVEit Vulnerability Impacts More Organizations

The number of organizations impacted by the vulnerability in Progress Software’s MOVEit file transfer software continues to increase, now involving the U.S. National Student Clearing House and Financial Institution Service Corporation, four months after the initial exposure. These organizations are joining the growing list of affected parties, highlighting the far-reaching effects of the vulnerability on various sectors in the economy. As more companies discover the impact of this exposure on their systems and data, it emphasizes the criticality of addressing software vulnerabilities in a timely manner to prevent potential large-scale breaches.

Kannact Inc. Addresses Data Breach Impacting Thousands

Kannact Inc., a healthcare support company based in Oregon, is notifying close to 118,000 individuals about a data breach resulting from hacking its file transfer software. The company announced the breach in June but is still working to determine an accurate number of victims. In addition to potentially compromised personal information, the breach may have exposed sensitive medical data of the affected individuals. As a response, Kannact has been proactively implementing further security measures and working closely with law enforcement agencies to investigate the incident and minimize any potential damage.

Nigerian Individual Faces Sentencing for Business Email Scam

Lastly, a Nigerian individual faces sentencing by a U.S. judge in November on conspiracy charges associated with participation in a business email scam. The deceptive email messages tricked victims into transferring money. Furthermore, these fraudulent emails often impersonate high-level executives, leading unsuspecting employees to believe they are transferring funds for legitimate company purposes. To combat this growing issue, companies are implementing stricter security measures and raising awareness among staff members about the risks of business email scams.

Frequently Asked Questions

What is the Indian Cyber Force?

The Indian Cyber Force is a group of hackers from India who have recently issued threats to target Canadian websites in response to claims that the Indian government played a role in killing a Canadian citizen promoting an independent Sikh state.

What are Canadian authorities doing to prevent cyber-attacks from the Indian Cyber Force?

Canadian authorities and cybersecurity experts are on high alert, closely monitoring and strengthening defenses to protect potential targets from similar attacks.

How did the Royal Ransomware Gang infiltrate Dallas’ IT infrastructure?

The gang initially accessed the IT system through a service account and went unnoticed for nearly a month while stealing personal information of more than 30,000 people.

What are Hinds County officials doing to address the ongoing ransomware attack?

The county’s officials are working diligently with cybersecurity experts to address the issue and restore normal operations as soon as possible. They are also exploring alternative solutions to facilitate essential services for residents.

What data did the AlphV ransomware gang allegedly steal from Clairon?

The cybercriminal group claims to have accessed confidential data, including financial records, employee information, and sensitive business documents from Clairon, a producer of audio, video, and navigation equipment for vehicles.

How has Kannact Inc. responded to the data breach impacting thousands?

Kannact has been proactively implementing further security measures and working closely with law enforcement agencies to investigate the incident and minimize any potential damage caused by hacking its file transfer software.

What measures are companies taking to combat business email scams?

To combat business email scams, companies are implementing stricter security measures and raising awareness among staff members about the risks of fraudulent emails that trick victims into transferring money for illegitimate purposes.

Featured Image Credit: Photo by Sora Shimazaki; Pexels; Thank you!

The post Indian Cyber Force Targeting Canadian Sites, and Other Cybercrimes appeared first on ReadWrite.

Ransomware attacks have developed in recent years from mere data breaches to sophisticated operations. These attacks often involve targeting organizations, and these cyber criminals have gone from a minor speck on the digital security radar — to a widespread and highly advanced type of cybercrime. Nowadays, businesses of all sizes and industries find themselves trapped in a game of digital chess. Their opponents use nefarious tactics to compromise essential and sensitive data, holding said data hostage for exorbitant ransoms, with ransomware attacks increasing 105% in 2021.

The difficult choice of whether to engage with hackers holding critical information hostage has repercussions beyond the digital sphere, challenging the ethical foundations of businesses and institutions. A thorough analysis of the ethics behind choosing to negotiate or not is necessary as businesses struggle with the conflicting demands of protecting their operations and honoring their ethical obligations.

The Case for Negotiation

As organizations confront the imminent threat of data loss, operational disruption, and potential harm to stakeholders that may be caused by ransomware, a compelling argument emerges in favor of engaging in negotiations. Therefore, we must examine the most effective techniques for mitigating the effects of ransomware attacks. Although it may appear counterintuitive to some, negotiation can be a useful strategy for safeguarding the interests of victims and the larger digital ecosystem.

• • Data Protection and Business Continuity: Because a business’s capacity to operate is significantly compromised when it is the target of ransomware, negotiation may provide enterprises access to crucial data and systems again, allowing them to resume operations quickly. Negotiation offers victims the opportunity to recover encrypted data while decreasing the impact on their everyday operations; this can be particularly crucial for medical institutions, emergency services, and other essential services that directly affect the safety and well-being of the general public.
    • Reducing Economic Impact: Organizations may suffer substantial financial losses due to ransomware attacks, including those related to downtime, damage to reputation, and potential legal consequences; such financial ramifications can be limited through negotiation. While it’s crucial to stress the need for cybersecurity precautions, bargaining can act as a backup plan to lessen firms’ burdens if all else fails.
      • Strategic Resource Allocation: The decision to negotiate with cybercriminals is complex and often influenced by resource constraints and cost considerations. Bargaining may be an effective tool for allocating resources, as negotiating for releasing valuable company assets can be less expensive than completely rebuilding systems. Organizations might choose negotiations as a strategic action that balances financial caution with the necessity of resuming operations.

Negotiation May Be a Bad Idea

In the intricate world of ransomware negotiations, a parallel argument emerges that raises questions on the ethics of the decision to engage with cybercriminals. Negotiating with cyber hackers raises a fundamental concern: the potential for organizations to reward criminal behavior inadvertently. Negotiation is a potential means of limiting losses and recovering invaluable data. However, many ethical considerations lie beneath the surface of possible relief, urging both caution and contemplation.

While the need to safeguard operations and stakeholders is of the utmost importance, the underlying ethical implications compel organizations to navigate this terrain with caution and foresight. From the troubling prospect of perpetuating criminal activities to legal liabilities, the decision to negotiate with cybercriminals or not emerges as much more complex as it has repercussions far beyond the immediate crisis.

• • • • Promises Not Kept: The first challenge in ransomware negotiation lies in the illusion of control. Organizations paying ransoms to retrieve their data may believe they have a guarantee of recovery. However, there is no assurance that cybercriminals will provide or delete stolen data and information. Businesses could pay substantial sums without recourse if the attackers renege on their promises.
    • • Legitimizing Criminal Behavior and Enabling a Vicious Cycle: Engaging in ransomware negotiation has broader implications for the cybersecurity landscape. It effectively legitimizes criminal behavior by demonstrating that ransomware attacks can yield financial gain, thus sending a dangerous message that encourages cybercriminals to continue their activities, knowing that victims might give in to their demands.

The potential for negotiation to start a vicious cycle is another of the most contentious aspects of negotiation. By succumbing to the attackers’ demands, organizations unintentionally provide money to criminal enterprises, allowing them to hone their strategies and initiate new campaigns.  This perpetuates a dangerous ecosystem and cycle where cybercriminals are financially rewarded for their illicit activities.

• • • • Undermining Law Enforcement Efforts: Negotiating ransomware can make it more challenging for law enforcement to identify and apprehend online perpetrators. The encrypted payment methods and anonymous networks utilized for negotiations make it tough for authorities to trace the flow of funds and identify the criminals behind the attacks. This makes it more challenging to hold wrongdoers accountable and break up criminal networks.

Exploring Alternatives– Proactive Measures

Ransomware attacks have evolved into a significant threat, demanding careful consideration of alternative strategies and proactive measures to mitigate their impact. Organizations must adopt a multifaceted approach that includes prevention, preparedness, and recovery rather than solely relying on negotiation. A business may be able to avoid having to decide whether or not to negotiate during a ransomware attack by investing heavily in their security, implementing effective data backup and recovery strategies, maintaining strong endpoint security, and threat intelligence & monitoring to reduce the risk of security breaches, and employee training to reduce the risk of human error.

The role of collaboration between governments, law enforcement, and businesses in preventing and addressing ransomware attacks can not be overstated. Organizations can navigate the aftermath of a ransomware attack with the aid of law enforcement agencies and legal professionals. Investigations are facilitated by reporting incidents to law enforcement, and legal advice can assist organizations in choosing the best course of action while abiding by regulatory requirements.

Conclusion

Ransomware negotiations present a complex ethical landscape where organizations must weigh their responsibilities to stakeholders, societal well-being, and the potential consequences of their decisions. While the moral dilemmas surrounding negotiations persist, businesses must consider both the short-term and long-term impacts of choosing to negotiate or not. As cyberattacks evolve and increase in both magnitude and prevalence, the ethical considerations surrounding ransomware negotiations will continue to challenge organizations, making it essential for them to navigate these complexities with vigilance and integrity.

Negotiation in ransomware situations is a nuanced strategy that must be considered in conjunction with robust cybersecurity measures. Although choosing to negotiate provides a pragmatic approach to address the immediate challenges posed by ransomware attacks, safeguarding data, business continuity, and economic stability, the technological and ethical challenges it presents cannot be ignored. By refraining from negotiation and redirecting efforts toward proactive cybersecurity measures and law enforcement collaboration, organizations can contribute to a more resilient digital landscape and send a clear message that criminal behavior will not be rewarded.

Featured Image Credit: Mikhail Nilov; Pexels; Thank you!

The post Ransomware Negotiation and Ethics: Navigating the Moral Dilemma appeared first on ReadWrite.

Spotting identity fraud is a big headache for companies all around the globe. According to a survey by Regula, 69% of businesses are dealing with this issue. Here are some hot trends in identity document forgery that we, as a global developer of forensic devices and identity verification solutions, have recognized this year.

Which types of identity document forgery are in use?

Identity fraud has been around since the very first ID documents were introduced in the BC era. Fraudsters have a whole bag of tricks up their sleeves, which have become much more sophisticated over the years, but here are the basics:

• Manual alteration. Legitimate documents issued by the authorities and stolen from their rightful owners get crafted by changing or wiping out some key details, like photos or names, right on the physical document. They might even insert some fake entry/exit stamps on passports with visas. These tweaked documents are often called forgeries.
• Сounterfeiting. These are fake documents made from scratch. To create a convincing passport or ID, fraudsters can reach out to unscrupulous  individuals or companies that provide access to real stamps, holograms, ink patches, and UV-resistant paper. They might also use old, blank documents as their canvas.
• Computer simulation. In the digital age, fraudsters have multiple advantages. For instance, they are now able to create synthetic identities, which mix true data with fake – for example, a real photo with a fake name. Also, digital services let them easily create an ID card or driver’s license from scratch. The best (or worst) part is that it only takes a few minutes, and the end result can cost as little as $10 per item. Unfortunately, these DIY creations can sometimes fool specific identity verification systems.

And here’s the real kicker: sometimes, these criminals mix and match these methods to create counterfeit masterpieces. So, it’s a bit of a wild world out there regarding identity fraud!

Criminal minds

When investigating fraud, it’s essential to adopt the perspective of the fraudsters themselves. Which criteria do they use when selecting which documents to counterfeit? Let’s take a closer look.

The money trail

In the world today, a curious paradox emerges. Fake IDs and passports are becoming big business, especially in countries like the United States, Canada, and Germany. You might wonder how it is possible and why, considering these countries are known for their strong security. There is a reason for that. Fake IDs and passports are most common in the most “desirable” countries, those with the highest level of welfare, generous social benefits and highest financial aid to refugees and migrants. The promise of social safety nets and financial support makes individuals turn to the illicit market for forged documents, seeking to reinvent themselves and secure the spoils of a more secure existence.

Cost of replicating

Countries that don’t have strong security measures in their passports and official documents often see more identity fraud and fake IDs in circulation. You can indirectly spot this trend by looking at how much it costs to get legitimate identity documents. For instance, William Russel, an international insurance expert, points out that an Australian passport currently holds the title for the world’s priciest travel document, coming in at a hefty $230 per issuance.

The cost of producing an identity document is influenced by the level of technological sophistication, which includes the security elements used and the complexity of the design. When multiple contractors are involved in its creation, such as designers, special paper suppliers, and printing services, the overall cost tends to rise.

This, in turn, affects the preference of identity document fraudsters when selecting a “model” to replicate. Take, for instance, the official Maltese passport, which can set you back up to $80 on the black market, or the even more affordable Bulgarian passport at just $20. These lower prices can indicate a lower security level than pricier identity documents. Consequently, both the Maltese and Bulgarian passports find themselves on the list of the most forged identity documents.

Customer need

The demand for specific types of documents also plays a significant role. Take, for instance, Qatar and the UAE, where there’s a high demand for construction workers. These countries attract a large number of migrants from less affluent regions like India, Nepal, and Bangladesh. Typically, these workers can secure short-term work visas, permitting them to stay legally for just 3 to 6 months. Consequently, there has been a notable increase in counterfeit passports and visas associated with these regions.

Most faked IDs

When it comes to the documents that fraudsters fake the most, regular old paper passports are still the top choice. It’s easier to manipulate the pages in a paper passport. But that doesn’t mean other types of documents are safe from identity theft. Experts at Regula have seen cases where fraudsters tampered with photos on plastic passports from countries like Finland, Sweden, and Norway.

These fake documents are mainly used to enter another country. For that reason, instead of just one fake document, fraudsters sometimes make a whole set that includes a passport, ID card, and driver’s license from the country they want to go to.

Protecting Against Identity Document Forgery: Best Practices

In today’s digital landscape, the risk of encountering fake or counterfeit ID cards, passports, or driver’s licenses in your customer verification process is a real concern. However, you can bolster your security and keep fraud at bay by implementing these strategies:

1. Prioritize authenticity

Fraudsters often focus on mimicking the visual appearance of legitimate identity documents, but they tend to overlook crucial details invisible to the naked eye. This is where identity verification solutions shine. For instance, many forged biometric documents fail RFID chip verification. While scammers manipulate visual elements like photos and names, they frequently neglect alterations in the RFID chip. As the most challenging component to counterfeit, the RFID chip should be one of your primary checks. Reliable tools can spot inconsistencies in the visual inspection zone, tiny alterations in MRZ codes, and missing security elements such as photos or lenticular images. This is where document readers play a vital role, and numerous authenticity checks are available for digital onboarding scenarios.

2. Employ a comprehensive identity verification solution

With the increasing shift towards online identity verification, fortifying your systems is crucial against potential vulnerabilities that malicious actors might exploit.

A well-structured identity verification solution typically comprises two essential components: one that operates on the user’s smartphone, and another on the company’s server. The user-facing component gathers data such as ID scans or selfies and transmits it to the server-side component. This server-side element then conducts a comprehensive set of authentication checks. This approach ensures that you assess users’ information in real-time, reducing the risk of relying on potentially tampered third-party data.

3. Embrace liveness checks

In the ID verification process, the solution must verify the liveliness and genuineness of both the document and the person presenting it. The reason is that fortunately, many attacks involving fake printed photos, video replays, or 3D masks can be detected through liveness tests when a user needs to turn their head or a document in front of the camera. That’s because fraudsters still struggle to deliver realism in liveness “3D” video sessions.

4. Monitor fraud detection signals

Detecting fraud now also involves evaluating signals, such as location intelligence or characteristics of the device employed during the identity verification process. In remote scenarios, tracking customer IP addresses and its patterns as they transmit data to company’s systems can be valuable. It’s important to stay watchful for sessions originating from uncommon geographical locations or repeated attempts from the same IP address.

5. Maintain an extensive database

Governments consistently revise identity documents to stay ahead of fraudsters. To spot counterfeit changes, your identity verification tool needs access to up-to-date document samples. This underscores the importance of maintaining multiple versions of each ID or passport in your database. Furthermore, a comprehensive document template database serves as a safeguard, reducing the risk of false positives when verifying documents issued from foreign countries.

In conclusion

As technology continues to evolve, fraudsters have grown increasingly adept at counterfeiting identity documents. Governments and law enforcement agencies are continually enhancing the security features of these documents to raise the bar for forgers. In response, businesses must maintain vigilance and implement essential measures to thwart identity fraud and theft. This includes rigorously verifying the authenticity of identity documents before accepting them as legitimate.

Inner Image Credit: Provided by the Author; Thank you!

Featured Image Credit:

The post The Battle Against Identity Fraud: Are You Prepared? appeared first on ReadWrite.

Mozilla fixed a critical zero-day vulnerability affecting its Firefox web browser and Thunderbird email client via emergency security updates.

The security flaw in question — CVE-2023-4863 — stemmed from a heap buffer overflow in the WebP code library.

“Opening a malicious WebP image could lead to a heap buffer overflow in the content process,” Mozilla said in an advisory published on Tuesday, adding: “We are aware of this issue being exploited in other products in the wild.”

The not-for-profit software developer addressed the zero-day exploit for:

• Firefox 117.0.1
• Firefox ESR 115.2.1
• Firefox ESR 102.15.1
• Thunderbird 102.15.1
• Thunderbird 115.2.2

The details surrounding the WedP flaw being used in attacks have not been shared, but users have been strongly advised to update their versions of Firefox and Thunderbird.

Google already patched Chrome

Mozilla software was not alone in using the vulnerable WebP code library version.

Google patched its Chrome web browser on Monday while warning that “an exploit for CVE-2023-4863 exists in the wild.” Its security updates have been rolling out and are expected to cover its entire user base in the weeks ahead.

Apple and The Citizen Lab identified the flaw

Apple’s Security Engineering and Architecture team first reported the flaw on Sept. 6, alongside The Citizen Lab at the University of Toronto’s Munk School — the latter famous for identifying and disclosing zero-day vulnerabilities.

Citizen Lab recently identified two zero-day vulnerabilities used to deploy NSO Group’s infamous Pegasus mercenary spyware onto up-to-date iPhones. Apple patched the vulnerabilities last week before backporting them to older iPhone models — such as the iPhone 6s, iPhone 7 and iPhone SE.

The post Mozilla patches Firefox and Thunderbird against zero-day exploits appeared first on ReadWrite.

The global artificial intelligence market is growing by leaps and bounds. It is expected to increase twentyfold by the end of this decade, valuing it at just under two trillion U.S. dollars, up from its current valuation of almost 100 billion U.S. dollars. It is revolutionizing how businesses approach cybersecurity strategies, empowering them to identify, stop, and combat threats faster than ever. The continuous development of the technological landscape brings with it security concerns and hazards in network activity – a high cost of evolution that businesses must pay.

Organizations managing large amounts of data and those lacking a solid cybersecurity profile are most susceptible to malicious attacks and bad actors entering their gates. However, as the world takes steps towards AI cybersecurity solutions that help them manage attacks and threats in network activity, negative system participants must keep up with the rapid progress. The better-prepared businesses are to welcome AI into their everyday operations, the lower their vulnerability to the wide range of cyber threats and attacks. Data breaches, which saw a 1% decrease in number in 2022 compared to 2021, may continue following this downward trend. An IBM report reveals that companies taking advantage of AI and automation contributed to a decline in worldwide data breach costs of almost $1.8 million.

AI is no longer a buzzword or something to wrap your head around. Prevention is better than cure, and AI solutions help businesses address cybersecurity challenges by assisting them in identifying network anomalies before they escalate into full-blown security breaches. But how is this possible?

Tackling cloud misconfigurations

Misconfigurations in the cloud represent anything that counts as a failure, error, gap, or glitch during cloud-product usage. Examples include but are not limited to hacks, security breaches, insider threats, ransomware, and other entry points into a network. This is a sector where AI is massively necessitated because these types of vulnerabilities were found to take a significant chunk out of organizations’ profits, accounting for 82% of data breaches and costing businesses an average of $4.45 million yearly.

Cloud security breaches are common even among giant corporations, demonstrating that data management and security must be proactively approached. Facebook, for instance, went through a cloud security breach in 2019 that wasn’t exposed until 2021, when the company made the incident public. The details involved ranged from user names and phone numbers to email addresses, and the platform’s reputation was severely tainted.

Detecting a data breach can take a long time, and victims may not be notified right away or even never find out about the incident. In other situations, victims may be made aware their identity was stolen and potentially suffer wide-ranging repercussions. While this is by no means an easy thought to confront, victims can find comfort in claiming compensation from the party that mismanaged their data. More information about how victims can make data breach claims against a company can be learned at www.databreachclaims.org.uk.

Needless to say, AI’s capacity to continuously learn and recall can improve the cloud environment by finding patterns and conducting analysis based on collected data. Another way it can address vulnerabilities is by making corrective suggestions, exposing threats, and acting as a barrier to their intrusion. Dubious activity can be spotted and stopped in its tracks, as you’ll further discover.

Machine learning models designed to identify suspicious activity

Machine learning models are among the most effective solutions for identifying fraud in network activity through various algorithms. There are two approaches involved: the supervised and unsupervised models. The former can help spot anomalies in the network through three techniques: Random Forest, Logistic Regression, and Decision Tree.

The former algorithm from the enumeration improves scalability, robustness, and accuracy in data interpretation. Logistic Regression is another helpful tool. It has predictive capacities and examines the relationship between different variables to assess the parameters of logistic models. The latter is helpful for both regression and classification models. Plus, it is used to make projections depending on how other questions were previously answered.

On the other hand, the unsupervised model refers to trends and patterns in raw datasets. Additionally, it is used when there are vast amounts of data to process. As the name suggests, solution developers are spared from the need to monitor the model because it can function independently and track unidentified data and patterns.

AI makes use of historical data to understand patterns

The capacity of AI tools to grasp context helps pinpoint trends and patterns in previous fraudulent transactions. AI assists administrators in finding solutions by exposing how different malicious activities have emerged and solutions in the past. By assessing recorded historical data it boosts the prevention process in the future.

Here’s an example of a company that uses AI for its potential to identify patterns. The giant GPU producer NVIDIA utilizes deep learning and pattern recognition to design and create products. These can include robotics and cars with high task efficiency. Deep learning, a subsector of machine learning, is recognized as one of the groundbreaking technological discoveries of the decade. It has at its core artificial neural networks to complete extensive equations. Many sectors use this machine learning model, from agriculture to healthcare to financial services. Take the former category, for instance. Deep learning monitors satellite images and weather conditions, discovers soil diseases, enhances resource management strategies, and ultimately improves crop quality.

All in all, AI is reshaping the cybersecurity landscape with its anomaly-spotting powers.

As the technological landscape expands, more and more AI solutions are expected to emerge. We are, for instance, already living in a cloudy world driven by cloud computing, which facilitates business data storage and access. This accessibility expedites businesses’ switch to automation. And it opens the door to more malicious actors hunting companies’ and people’s data to compromise it. Therefore, this area is anticipated to be improved by AI capabilities.

With the ability to self-train, adjust, and identify risks in real-time, AI-backed tools can reduce exposure to ever-sophisticating cybersecurity threats in network activity.

The post Automated Threat Hunting: How AI Can Help Businesses Spot Shady Network Activity   appeared first on ReadWrite.

Cloud security automation is crucial for protecting your team’s cloud environment from today’s ever-changing threat landscape. Automating security protocols can be overwhelming — especially if your team is new to cybersecurity. Luckily, a straightforward six-step process can take you from default security protocols to a customized, automated cloud security framework.

1. Evaluation and Risk Assessment

The first step to automate cloud security is a thorough evaluation and risk assessment. Before automating anything, you need to understand how your cloud environment is running. This first stage will identify key automation opportunities, highlighting vulnerabilities and risk factors. That data will be the foundation of your cloud security automation strategy.

Suppose you or your organization have not run a cybersecurity risk assessment before. In that case, a basic five-step approach can prevent confusion. While the risk assessment should include all the organization’s systems, prioritize cloud-related data and infrastructure. Keep in mind an app can be highly secure and still be high risk.

A risk assessment should highlight the threats facing your organization’s most important data, apps, systems, and infrastructure. Cybersecurity risk rankings indicate what could occur in the case of compromise. Ideally, all high-risk systems and data are highly protected. Take note whenever the risk assessment reveals something is both high risk and highly vulnerable.

At this stage, it’s also important to establish your organization’s goals for cloud security. After thoroughly reviewing the risk assessment results, pinpoint a few measurable areas for improvement. For example, you may want to automate some system updates using scripting or implement an automated API security scanner.

These targets will be the foundation of your cloud security automation strategy. It may even be helpful to rank a few goals from highest to lowest priority. This will provide a starting point for your team to focus on as you begin implementing automated cloud security solutions.

2. Expand Cloud Visibility

A crucial part of effective cybersecurity is visibility, but it can be easy to miss things in a cloud environment due to its dispersed nature. Securing the cloud effectively requires expanding your visibility of your cloud resources.

During the risk assessment stage, you may have even stumbled on risks or opportunities you didn’t realize you had. Those are signs you need to improve your visibility of your cloud environment. Building out a cloud asset management platform can pool all your cloud resources into one hub where you can keep an eye on things.

A cloud asset management platform acts as a control center for your cloud environment. It includes all the devices, apps, services, servers, and systems running in your cloud environment — and any critical data, such as usage statistics.

Remember to include physical devices in your management platform. It’s easy to concentrate on software when working with the cloud, but an increasing number of cloud systems rely on input from physical technologies. Those same devices may depend on the cloud to operate correctly.

A great example of this is IoT appliances. These devices are great for automating data collection from sensors, but they are also highly vulnerable to DDoS attacks and often suffer from poor visibility. IoT devices have notoriously weak default security parameters, as well. As a result, it is crucial to have high visibility of IoT devices’ activity and connections to ensure tight security.

Many pre-built cloud asset management platforms are available today, although building your own is possible. However, check with your cloud provider before purchasing or building a management platform. Some may offer one with your subscription, or have a partnership or discount available for 3rd party management platforms.

3. Automated Cloud Security Basics

Once you have a clear understanding of the principal risks and priorities in your cloud environment and a way of monitoring all of it, you can begin implementing automation. It is often a good idea to start with basic automated cloud security measures. This includes automation that covers high-risk gaps and establishes a minimum security level for the whole cloud environment.

For example, every cloud environment should utilize encryption, which most of today’s leading cloud providers offer some level of. You should encrypt your cloud data in three stages (securityboulevard.com)/  — transit, rest, and in-use. This protects your data from unauthorized use, even if it is somehow intercepted or compromised at any stage.

The encryption does not automate any processes but ensures data is safe as it moves through your cloud environment. This allows you to implement automated strategies with less anxiety about potentially putting your data at risk.

Automated cloud data backups are another crucial security measure to implement. Data backups to the cloud are becoming more common today, but you can also back up data already in the cloud. Automating regular backups is a crucial part of any disaster recovery plan, including natural disasters and cyber-attacks.

The cloud is more resilient to natural disasters than on-prem servers, but accidents can still happen. Whether it’s the result of a cyber-attack or an unfortunate accident, losing crucial data causes about 60% of small businesses to go under within six months of the loss. So, ensure your cloud data is backed up in a different server location than the data center your cloud resources usually run from. You could even store backups in on-premises data storage. The important part is to make sure backups are happening autonomously at scheduled intervals.

Access control is the third must-have protocol to implement before automating security on a larger scale. It is all too easy for unauthorized users to move through cloud environments since they are dispersed and untethered to physical devices. Effective access control automates the process of denying access to unauthorized users and accounts.

4. Implement Case-Specific Cloud Security Automation

Now that some basic cloud security measures are in place, you can automate more complex processes. At this stage, refer to the goals you established in the first step of the cloud security automation process. Use those aims to identify what you want to automate first, and focus on one or two new integrations at a time.

In this stage, your team will automate higher-risk, more complex security protocols beyond the basics. Each organization’s cloud security automation strategy will differ significantly depending on your unique risk factors and cloud environment.

For example, your team might use a lot of APIs in your workflows. APIs are great for getting different apps and services to work well together but can also be big security risks. Luckily, you can automate API security scans to verify that the tools your team is using are trustworthy. Workload security scans can also be automated.

Similarly, you can use MFA and 2FA to automate identity verification and strengthen your access control. Scripting is another excellent cloud security automation tool to try out. Scripting can automate repetitive security processes like configuration or server updates.

Certain circumstances may also warrant unique cloud security automation tactics. For example, if some of your team members work remotely, you face unique cloud security risks. Muli-factor authentication and automated security updates using scripting will be especially helpful in this situation.

What if you want to automate specific processes on some cloud applications but not others? In this case, you can separate your cloud environment into isolated segments. You don’t need a private cloud to do this, either. You can use a hypervisor to create a remote server in any cloud environment, even shared public clouds.

A virtual private server allows you to customize the security protocols of different chunks of your cloud environment. In fact, segmenting your cloud resources can even improve cybersecurity. It prevents bad actors from gaining complete access to your cloud resources and limits the potential blast radius of a cyber attack.

5. Integrate Automated Threat Monitoring

Threat monitoring is a critical component of any cloud security automation strategy. Automating this is a high-risk process, so it is best to implement automated threat monitoring without any distractions. When trusting an AI to key an eye on your cloud environment, you must dedicate time and effort to ensuring you use a trustworthy algorithm.

Many organizations are diving into AI tools today, including cybersecurity algorithms. Running AI in the cloud allows you to use those tools without intensive on-prem computing resources. AI can be helpful for employees, customers, maintenance, security, and more, but it does come with some risks.

For example, poorly trained AI models can suffer from outdated data, compromised data, or even data bias. Researching an AI model and its developer carefully is crucial before investing in any AI security tools. Look for an algorithm trained on a large data set that gets updates regularly. Timely updates are vital for preventing zero-day attacks.

Schedule a pilot program once you identify an AI threat monitoring program that fits your cloud environment well. There are many ways to go about this. For instance, you could automate threat monitoring in one segment of your cloud environment and continue manual monitoring in others. Closely track and analyze the algorithm’s performance during this testing stage.

You can integrate AI into your cloud environment if it is more effective than manual monitoring. If the algorithm’s performance is disappointing, don’t be afraid to try out other AI threat monitoring tools. Take your time to find the model that gives your cloud resources the best protection possible.

6. Track, Evaluate, and Adjust

Each time you integrate a new automated cloud security measure, carefully track and evaluate its performance. Ideally, automated tools will save time and catch more suspicious activity. If something is hurting the network or simply not practical, take time to adjust it or replace it with a different automated security tool.

Automating security in the cloud is an ongoing process. It requires regular check-up sessions to evaluate success and identify what needs updating. Remember — the cloud threat landscape is always changing. Some automation solutions may eventually go out of date or become obsolete. Carefully monitor security news and emerging threats, and analyze your automation strategy for ways to stay ahead of hackers.

Automating Security in the Cloud

As more and more operations, businesses, tools, and computing environments move to the cloud, building resilient cloud security is increasingly important. You can use these six steps to go from zero cloud security to a robust and flexible automated cloud security system. Continuous improvement is critical to adapting to emerging threats, so repeat this process periodically and closely monitor automated security performance.

Featured Image Credit: Photo by Ola Dapo; Pexels; Thank you!

The post 6 Steps to Implementing Cloud Security Automation appeared first on ReadWrite.

Security is essential for all industries, but healthcare faces more pressure than most. Hospitals store vast amounts of highly sensitive information, making them ideal targets for cybercrime, so their defenses must be extensive. User and entity behavioral analytics (UEBA) are one of the most helpful tools in that endeavor.

The medical sector is no stranger to artificial intelligence, but most medical AI applications focus on patient care or administrative work. Applying it to cybersecurity in the form of UEBA is a crucial step forward.

What Is User and Entity Behavioral Analytics?

User and entity behavioral analytics use machine learning to detect threats like breached accounts or ransomware. While protections like multi-factor authentication try to prevent attacks, UEBA instead focuses on stopping threats that slip through the cracks before they can cause much damage.

UEBA analyzes how different users and entities — like routers or Internet of Things (IoT) devices — behave on a network. After establishing baselines for normal behavior, machine learning tools can detect suspicious activity. They may see an account trying to access a database it rarely needs or downloading something at an odd time and flag it as a potential breach.

This process is similar to how your bank may freeze your credit card if you make a few unusual purchases. However, it applies the concept to network behavior and uses AI to make it faster and more accurate.

UEBA Benefits

UEBA use cases have many benefits spanning multiple applications. Here’s a brief look at some of their most significant.

Accuracy

Behavioral analytics systems are highly accurate. Machine learning can pick up on trends and patterns in data humans may miss, so UEBA tools can outperform human analysts when determining what is and isn’t suspicious. When properly applied, UEBA can also yield false positive rates as low as 3%, ensuring security teams don’t waste their time or resources.

UEBA can achieve higher accuracies than rule-based monitoring systems because it’s adaptive. Machine learning algorithms continually gather new data and adjust their decision-making as trends shift. That way, they can account for nuances like users slowly adopting new habits or activities being normal in some situations but not others.

Efficiency

Another benefit of UEBA is it’s fast. Machine learning tools can detect and classify anomalies almost instantly when it may take a human a few minutes. Even if those time savings are just a few seconds, they can make a considerable difference when dealing with cyber threats.

UEBA tools can often detect suspicious behavior before an account or breached device causes any real damage. By identifying and isolating threats earlier, they can dramatically reduce the impact of an attack. IBM found reducing data breach response timelines saves organizations $1.12 million on average.

Versatility

UEBA is also versatile compared to similar security tools. Some organizations employ user behavior analytics (UBA), which provides similar benefits but only looks at user activity. By also including entities, UEBA expands its detection capabilities to IoT attacks and other hardware breaches, helping prevent a broader range of incidents.

Machine learning tools like UEBA are also more versatile than rule-based anomaly detection. AI models can adapt to changing situations and account for situational differences, which rule-based systems can’t. That flexibility is vital for healthcare organizations, as telehealth has grown 38 times over its pre-COVID levels, meaning more medical staff may access systems from changing locations.

UEBA Use Cases in Healthcare

These benefits are impressive, but how much medical companies experience them depends on how they apply this technology. In that spirit, here are the five best user and entity behavior analytics use cases in healthcare.

1. Automating Risk Management

Risk management automation is one of healthcare organizations’ most beneficial UEBA use cases. IT monitoring is crucial in this industry, but many businesses need more time or staff to manage it manually. Cybersecurity talent faces a skills gap across all sectors, and over 70% of medical workers say they already work more hours because of electronic health records (EHRs).

UEBA reduces that burden by handling network threat detection without manual input. Hospitals don’t need large security teams to monitor their systems 24/7 because AI will do it for them.

Because UEBA is so accurate and efficient, medical staff can use electronic systems more efficiently. There will be fewer verification stops or run-ins because of false positives, helping reduce the burden of EHRs. Those time savings improve both cybersecurity and patient care.

2. Detecting EHR Breaches

UEBA has many advantageous specific use cases under the automation umbrella, too. One of the most relevant for healthcare organizations is detecting and responding to breaches in EHR systems.

Electronic records make it far easier to manage patient data, but they also introduce significant security risks. There were over 700 health record breaches of 500 records or more in 2022 alone, with an average of almost two breaches daily. Given this issue’s common and severe, UEBA is an indispensable tool.

UEBA can recognize when an app or account is accessing an unusual amount of records or interacting with them atypically. It can then lock the user or entity in question before it can delete, download, or share these files, preventing a breach.

3. Stopping Ransomware Attacks

Ransomware prevention is another leading UEBA use case in healthcare. The rise of ransomware-as-a-service has made these attacks increasingly common, and the medical industry is a prime target.

Ransomware attacks against healthcare organizations have more than doubled between 2016 and 2021. Stopping these incidents early is critical to minimizing damage and protecting patients’ privacy. UEBA provides that speed.

Before ransomware can steal or lock any files, it must access them all. However, UEBA will notice an unknown program suddenly trying to access a large amount of data. It can then restrict access and isolate the file, account or device from which the ransomware spreads before it can encrypt anything. That way, hospitals can prevent ransomware before losing any sensitive information.

4. Preventing Insider Threats

UEBA is also a valuable tool for addressing insider threats, which are particularly prevalent in healthcare. In fact, insider error accounts for more than twice as many breached medical records as malicious activity. Because UEBA detects all anomalies — not just those from outsiders — it can help find and prevent these mistakes.

If a doctor, nurse or other staff member tried to access something they don’t usually need, UEBA would flag it as suspicious. If it were just an accident, this stoppage would bring the issue to the employee’s attention, letting them see and correct their mistake; if it were a malicious insider, UEBA would stop them from abusing their privileges.

UEBA can detect more than just unusual access activity too. It can also identify and stop actions like sharing credentials or attempts to send files to unauthorized users. That way, it can prevent employees from falling for phishing attempts, which account for most insider threats.

5. Securing IoT Endpoints

As IoT adoption in healthcare grows, IoT security becomes an increasingly advantageous UEBA use case. The IoT falls out of the scope of traditional user behavior analytics use cases because UBA systems don’t account for devices, only people. By contrast, UEBA includes endpoints, so it can address IoT concerns.

Just as UEBA spots irregular behavior in user accounts, it can detect unusual connections or access attempts from IoT devices. Consequently, it can stop hackers from using a smart device with low built-in security as a gateway to more sensitive systems and data.

Stopping this lateral movement is crucial, as IoT devices typically have weak security, and hospitals use a lot of them. More than half of all medical IoT devices also feature critical known vulnerabilities, so improving IoT security is essential for the industry.

Behavioral Analytics Are a Must for Healthcare

These UEBA use cases scratch the surface of what this technology can do for medical organizations. As EHR adoption and cybercrime both rise, capitalizing on these applications will become all the more important.

The healthcare industry must take cybercrime seriously. User and entity behavioral analytics systems are some of the most effective tools for that goal.

Featured Image Credit: Provided by the Author; Pexels; Thank you!

The post Best UEBA Use Cases to Implement in Healthcare appeared first on ReadWrite.

Data Governance is an essential part of any organization’s success. Crafting a successful data governance strategy is key to staying ahead of the curve and ensuring that data is managed, used, and protected effectively. With a strategy in place, organizations can ensure that their data is secure, up-to-date, and compliant with industry regulations. Get ahead of the curve and create a roadmap to success with a solid data governance strategy.

What is Data Governance, and Why is it Important?

Data governance is a critical aspect of any organization’s data management strategy. It refers to the overall management of the availability, usability, integrity, and security of the data used in an organization.

Effective data governance ensures that data is properly managed, protected, and utilized to drive business value.

It involves defining policies, procedures, and standards for data usage and establishing roles and responsibilities for data management. Data governance is important because it helps organizations achieve their goals by providing a framework for managing data effectively.

It also helps organizations comply with regulatory requirements and avoid legal and financial risks associated with data breaches or misuse. A well-crafted data governance strategy can help organizations gain a competitive advantage by leveraging their data assets to drive innovation, improve customer experience, and optimize operations. By prioritizing data governance, organizations can ensure that their data is accurate, accessible, and secure, enabling them to make informed decisions and achieve their business objectives.

The Benefits of Data Governance

Data governance is essential for any organization that wants to succeed in today’s data-driven world. A well-crafted data governance plan can help organizations achieve many benefits, including increased data quality, improved decision-making, and reduced risk. With data governance, organizations can ensure that their data is accurate, complete, and consistent across all systems and applications.

This not only improves the quality of the data but also ensures that the right people have access to the right data at the right time. By implementing data governance, organizations can also improve their decision-making processes by providing decision-makers with the data they need to make informed decisions.

Additionally, data governance can help organizations reduce risk by ensuring that data is properly secured and protected from unauthorized access or misuse. In short, data governance is a critical component of any organization’s data strategy, and those investing in it will reap the benefits.

Crafting a Seamless Data Governance Plan

Crafting a seamless data governance plan is crucial for any organization that wants to move from data anarchy to order. A well-designed data governance plan can help ensure data is accurate, consistent, and secure. It can also help organizations comply with regulatory requirements and avoid costly data breaches.

To create a seamless data governance plan, it is essential to identify the key stakeholders and their roles in the data governance process. This includes identifying who will be responsible for data management, who will be responsible for data quality, and who will be responsible for data security.

Once the key stakeholders have been identified, it is vital to establish clear policies and procedures for data governance. This includes defining data standards, establishing data quality metrics, and creating data security protocols. It is also important to establish a system for monitoring and enforcing these policies and procedures. By following these steps, organizations can create a seamless data governance plan that will help them move from data anarchy to order.

Challenges of Implementing a Data Governance Plan

Implementing a data governance plan can be daunting, fraught with challenges that can derail even the most well-intentioned efforts. One of the biggest challenges is getting buy-in from stakeholders across the organization. Without a shared understanding of the importance of data governance, getting everyone on board with the necessary changes can be difficult. Another challenge is ensuring that the plan is tailored to the unique needs of the organization.

A one-size-fits-all approach is unlikely to be effective, and it’s essential to consider each department or business unit’s specific data needs and challenges. Additionally, implementing a data governance plan requires significant time, resources, and expertise. Organizations may need to hire additional staff or consultants or enroll in data analytics consulting services to help with the implementation, and it can take months or even years to implement the plan thoroughly.

Despite these challenges, the benefits of a well-crafted and implemented data governance plan are clear. Improved data quality, increased efficiency, and better decision-making are just a few benefits that can be achieved. With careful planning and a commitment to success, organizations can successfully navigate the challenges of implementing a data governance plan and reap the rewards of a more streamlined and effective data management process.

How to Overcome These Challenges

Crafting a seamless data governance plan is not an easy feat. It requires a lot of effort, time, and resources. However, the biggest challenge is not creating the plan but implementing it. Many organizations struggle to overcome the difficulties of implementing a data governance plan.

These challenges include employee resistance, lack of resources, and inadequate technology. To overcome these challenges, it is essential to clearly understand the benefits of a data governance plan and communicate them effectively to employees. It is also crucial to allocate the necessary resources and invest in the right technology to support the plan’s implementation. Additionally, involving employees in the process and providing adequate training can help overcome resistance and ensure successful implementation.

Finally, it is crucial to continuously monitor and evaluate the plan’s effectiveness and make necessary adjustments to ensure it remains relevant and effective. By overcoming these challenges, organizations can reap the benefits of a seamless data governance plan, including improved data quality, better decision-making, and reduced risk.

Best Practices for Ensuring the Success of Your Data Governance Plan

To ensure the success of your data governance plan, there are several best practices that you should follow. First and foremost, it is essential to have a clear understanding of your organization’s data landscape. This includes identifying all data sources, understanding data flows, and defining data ownership.

Once you clearly understand your data, you can start establishing policies and procedures for managing it effectively. These policies should cover everything from data quality and security to data privacy and compliance. Establishing a governance structure that includes clear roles and responsibilities for data management is also crucial.

This includes defining data stewards, data custodians, and data owners. Finally, it is essential to establish a culture of data governance within your organization. This means promoting the importance of data management and ensuring that everyone understands their role in maintaining the integrity of the data. By following these best practices, you can ensure the success of your data governance plan and move from data anarchy to order.

Establishing the Key Players: Who Should be Involved in Your Data Governance Strategy?

When crafting a roadmap to a successful data governance strategy, it is essential to establish the key players who should be involved in the process. These individuals will implement and maintain the strategy, ensuring that it aligns with the organization’s goals and objectives.

The first key player is the executive sponsor, who will provide the necessary resources and support to ensure the strategy’s success. The second key player is the data steward, who will manage the data and ensure its accuracy, completeness, and consistency. The third key player is the IT team, who will be responsible for implementing the technical aspects of the strategy, such as data security and privacy.

Finally, the business users should also be involved in the process, as they will be the primary consumers of the data and will provide valuable insights into how it should be managed. By involving these key players in your data governance strategy, you can ensure that it is comprehensive, effective, and aligned with your organization’s goals and objectives. Don’t leave anyone out of the process, as each player has a critical role to play in the success of your data governance strategy.

• Defining Roles, Responsibilities, and Accountabilities for Data Governance

Defining roles, responsibilities, and accountabilities for data governance is crucial to the success of any data governance strategy. Data governance can quickly become a confusing and disorganized mess without clear definitions of who is responsible for what. It is essential to identify key stakeholders, such as data owners, stewards, and custodians, and clearly define their roles and responsibilities. This will ensure that everyone understands their role in the data governance process and can work together effectively to achieve the organization’s goals.

Additionally, it is important to establish clear accountabilities for data governance. This means identifying who is responsible for ensuring that data is accurate, complete, and up-to-date, and who is accountable for any breaches or violations of data governance policies.

Organizations can create a strong foundation for a successful data governance strategy by defining roles, responsibilities, and accountabilities for data governance. This will help them stay ahead of the curve and ensure their data is managed effectively, efficiently, and securely.

• Getting Started with a Practical Roadmap for Implementing a Successful Data Governance Strategy

If you’re looking to get ahead of the curve and establish a successful data governance strategy, then it’s crucial to have a practical roadmap in place. The first step is to identify the key stakeholders within your organization and get their buy-in. This will ensure that everyone is on the same page and committed to the strategy’s success.

Next, it’s important to define the scope of the data governance strategy and establish clear goals and objectives. This will help you to stay focused and measure your progress along the way. Once you fully understand your goal, it’s time to start implementing the strategy. This involves establishing policies and procedures, assigning roles and responsibilities, and implementing tools and technologies to support your efforts.

Finally, it’s important to continually monitor and evaluate your data governance strategy to ensure that it remains effective and relevant. By following these steps, you can create a practical roadmap for implementing a successful data governance strategy that will help you to stay ahead of the curve and achieve your goals.

• Monetizing Your Results: How to Measure the Impact of Effective Data Governance Strategies on Business Outcomes

As businesses continue to amass large amounts of data, effective data governance strategies become increasingly important. However, implementing a data governance strategy is not enough. Measuring these strategies’ impact on business outcomes is equally important. By monetizing your results, you can demonstrate the value of your data governance efforts to stakeholders and secure buy-in for future initiatives. But how can you measure the impact of your data governance strategy?

Start by identifying key performance indicators (KPIs) that align with your business objectives. These could include metrics such as improved data quality, increased productivity, or reduced risk. Once you have identified your KPIs, establish a baseline and track progress.

Regularly reporting on your progress and the impact of your data governance strategy will help you build a strong business case for continued investment in this area. Remember, effective data governance is not just a compliance exercise – it can have a real impact on your bottom line.

Conclusion

Crafting a successful data governance strategy is crucial for any organization that wants to stay ahead of the curve in today’s data-driven world. A well-designed roadmap can help you identify and address potential roadblocks, ensure compliance with regulations, and maximize the value of your data assets.

To create a successful data governance strategy, you must start by defining your business objectives and identifying your data stakeholders. Then, you need to establish clear policies and procedures for data management, including data quality, security, and privacy.

Finally, you need to implement a robust data governance framework that includes regular monitoring and reporting to ensure that your strategy is effective and sustainable. By following these steps, you can create a data governance strategy that meets your business needs and helps you leverage your data assets’ full potential.

Featured Image Credit: Provided by the Author; Thank you!

The post Get Ahead of the Curve: Crafting a Roadmap to a Successful Data Governance Strategy appeared first on ReadWrite.

As technology has evolved, so has the amount of data businesses collect about their customers and competitors. While this can be beneficial to both companies and customers, it also raises concerns about privacy, copyright violations, and responsible data collection.

Responsible data collection is the practice of gathering and using data in an ethical and transparent way that respects data owners’ rights. It is becoming increasingly crucial for businesses to prioritize responsible data collection to avoid legal issues and reputation damage and build trust with their customers.

Let’s look closely at the factors that make responsible data collection essential for a business.

Legal Aspects of Responsible Data Collection

Data collection regulations are still evolving in this relatively new field. Each country has its own approach. Copyright protects all internet content, including blog posts and website code. Data owners and collectors often clash.

To avoid any legal issues with data scraping, you must be aware of the regulations in your operating countries. For example, in the European Union, it’s legal to scrape publicly available content under copyright to generate intelligence, — based on Directive 2019/790 of the European Parliament and of the Council on copyright and related rights in the Digital Single Market (DSM Directive).

This means you can collect your competitors’ data, but you cannot use it beyond analytical purposes.

Additionally, a company can prohibit data scraping of its public web platforms by providing machine-readable information about the ban on those platforms.

In the US, norms are being shaped by legislators and court rulings. Data collectors believe that Fair Use Index allows them to scrape publicly available information and transform it into new products, for instance, into price aggregating platforms. However, as the Craigslist vs. 3Taps case showed, publicly available data may be protected from web scraping by user agreement.

At the same time, very recently, the court battle between LinkedIn and hiQ Labs has proved that publicly available data is a legal target for web scraping despite the hopes of data owners that all information on their platforms, including texts, media, and databases, should be protected by Computer Fraud and Abuse Act (CFAA).

Ethical scraping implies obeying laws and may require legal counseling. Regulations may be complex and ever-changing but your business reputation and your company’s financial sustainability depends on them a lot.

Data Owner Trust and Loyalty

A responsible data collection pipeline takes time to set up properly but offers benefits, including building trust with data owners. Adhering to web scraping best practices shows respect for data owners, such as reviewing the robots.txt file, limiting scraping frequency, and avoiding personal or copyrighted data.

It creates a win-win situation. By scraping data for research, analysis, or innovation, you provide valuable insights benefiting both you and the data owner. For instance, web scraping helps compare prices, monitor trends, and improve the customer experience.

One approach to responsible data collection is to follow these two tips:

1. Give credit. If you use the scraped data for public purposes, such as publishing a report or an article, you should always give credit to the original data source and link back to their website. This can help you avoid plagiarism and acknowledge the data owner’s contribution;
2. Share feedback. If you find errors or inconsistencies in the scraped data, share your feedback with the data owner and help them improve their data quality. You can also share your insights or findings from the scraped data and show them how they can use it for their own benefit.

Purely Business Benefits

In addition to legal and ethical considerations, responsible data collection can also lead to better business outcomes. When companies responsibly collect data, they can better understand their customers’ needs and preferences. This can lead to more targeted marketing campaigns, personalized customer experiences, and higher profits.

For instance, a company that collects data about its customers’ purchasing habits can use that information to create targeted marketing campaigns that are more likely to resonate with those customers. This can lead to higher conversion rates, increased sales, and a better return on investment.

However, it is essential to note that responsible data collection is not just about collecting more data. In fact, collecting too much data can actually be counterproductive. When companies collect too much data, it can become overwhelming and difficult to manage, which may lead to financial losses. It can also be more challenging to ensure the data is used responsibly and ethically.

Instead, focus on collecting the correct data in the right way. Be transparent with data owners, collect only necessary data, and operate effectively. Prioritizing responsible data collection helps businesses stay competitive and maintain customer trust as technology advances and data becomes central to decision-making processes.

Featured Image Credit:

The post Responsible Data Collection: Why It Matters for Businesses Today appeared first on ReadWrite.

Last year, a court determined Richard Dabate — who police had found with one arm and one leg zip-tied to a folding chair in his home — was guilty of his wife’s murder. His elaborate story of a home invasion might have held water had it not been for Connie Dabate’s Fitbit, which showed her moving around for an hour after the alleged intruder took her life.

Few would argue this was a case of unethical data collection, but ethics and privacy have a complicated, at times sordid history. Rising from the ashes of such experiments as Henrietta Lacks’ cancer cell line, in which a biologist cultured a patient’s cells without her knowledge or consent, a new era of privacy ethics is taking shape — and it has people questioning right from wrong.

What Is IoT?

The Internet of Things (IoT) is shorthand for the vast, interconnected network of smart devices that collect and store information online. Projected to be worth over $1 trillion by 2030, it includes appliances people use at home — like TVs, voice assistants, and security cameras — as well as infrastructure like smart streetlights and electric meters. Many businesses use IoT to analyze customer data and improve their operations.

Unethical Data Collection and Use

There’s no question that IoT data is helpful. People use it for everything from remotely turning off the AC to drafting blueprints for city streets, and it has enabled significant improvements in many industries. However, it can also lead to unethical data collection and applications.

For example, using a person’s demographic information without their consent or for purposes beyond marketing and product development can feel like a breach of trust. Data misuse includes the following violations.

1. Mishandling Data

Collecting and storing vast amounts of data brings ethics and privacy into question. Some 28% of companies have experienced a cyberattack due to their use of IoT infrastructure, and these breaches often expose people’s sensitive or confidential information.

The average data breach cost in 2022 was $4.35 million — and a loss of consumer trust. For example, hospital network hacks can reveal patients’ medical history, credit card numbers, and home addresses, leaving already-struggling people even more vulnerable to financial woes. The loss of privacy can make people wary about using a service again.

Mishandling data isn’t unique to IoT devices, of course — 40% of salespeople still use informal methods like email and spreadsheets to store customer info, and these areas are also targets for hackers. But IoT devices often collect data beyond what you’d find on a spreadsheet.

2. Collecting Highly Personal Info

Home IoT devices are privy to uniquely private data. Although 55% of consumers feel unseen by the brands they interact with, many people would be shocked at how much businesses actually know about them.

Some smartwatches use body temperature sensors to determine when a user is ovulating, guessing their fertility levels, or predicting their next period. Smart toothbrushes reduce dental insurance rates for people who brush regularly and for the recommended two-minute interval.

In many cases, smart devices collect as much information as a doctor would, but without being bound by pesky HIPAA privacy laws. As long as users consent, companies are free to use the data for research and marketing purposes.

It’s an easy way to find out what customers really want. Like hidden trail cameras capturing snapshots of elusive animals, smart devices let businesses into the heart of the home without resorting to customer surveys or guesswork.

3. Not Following Consent and Privacy Ethics

It’s one thing to allow your Alexa speaker to record you when you say its name; most users know this feature. However, few realize Amazon itself holds onto the recordings and uses them to train the algorithm. There have also been cases where an Amazon Echo secretly recorded a conversation and sent it to random people on the users’ contact list, provoking questions about unethical data collection and privacy ethics.

Getting explicit consent is crucial when collecting, analyzing, and profiting off of user data. Many companies bury their data use policies deep in a terms-and-conditions list they know users won’t read. Some use fine print many people struggle to make out.

Then, there’s the question of willing consent. If users have to sign up for a specific email service or social media account for work, do they really have a choice of whether to participate in data collection? Some of the most infamous cases of violating privacy ethics dealt with forced participation.

For example, U.S. prisoners volunteered to participate in studies that would help the war effort during World War II. Still, they could not fully consent because they were physically trapped in jail. They tested everything from malaria drugs to topical skin treatments. Some volunteered in exchange for cigarette money or to potentially shorten their sentences.

Even if users give explicit consent, most people now consider collecting data — medical or otherwise — unethical by coercing people into doing so. Collecting data from people unaware they’re giving away sensitive information is also an ethics and privacy violation.

Characteristics of Ethical Data Use

How can data scientists, marketers, and IoT manufacturers keep users’ best interests in mind when collecting their data?

1. Ask for Permission

It’s crucial to always ask before using someone’s data — and ensure they heard you. IoT devices should come with detailed information about how the device will collect data, how often it will do so, how it will use the information, and why it needs it in the first place. These details should be printed in a clear, legible, large font and not be buried deep in a manual heavy enough to use as a paperweight.

2. Gather Just Enough

Before collecting information, decide if you really need it. How will it help advance your company’s objectives? What will you and your customers gain from it? Only gather data relevant to the problem at hand, and avoid collecting potentially sensitive information unless absolutely necessary.

For example, smart beds can track users’ heart rates, snoring, and movement patterns, but they can also collect data about a person’s race or gender. How many of these metrics are necessary for marketing and product development purposes?

3. Protect Privacy

After gathering data, keep it hidden. Strong cybersecurity measures like encryption and multi-factor authentication can hide sensitive data from prying eyes.

Another way to protect consumer privacy is to de-identify a data set. Removing all personally identifiable information from a data set and leaving just the numbers behind ensures that even if someone leaks the data, no one can connect it to real people.

4. Examine Outcomes

How might your data be used — intentionally or not — for other purposes? It’s important to consider who your data could benefit or harm if it leaves the confines of your business.

For example, if the data becomes part of an AI training set, what overall messages does it send? Does it contain any inherent biases against certain groups of people or reinforce negative stereotypes? Long after you gather data, you must continually track where it goes and its effects on the world at large.

Prioritizing Ethics and Privacy

Unethical data collection has a long history, and IoT plays a huge role in the continued debate about privacy ethics. IoT devices that occupy the most intimate of spaces — the smart coffee maker that knows you’re not a morning person, the quietly humming, ever-vigilant baby monitor — give the most pause when it comes to data collection, making people wonder if it’s all worth it.

Manufacturers of smart devices are responsible for protecting their customers’ privacy, but they also have strong incentives to collect as much useful data as possible, so IoT users should proceed with caution. It’s still a wild west for digital ethics and privacy laws. At the end of the day, only you can decide whether to unwind with a smart TV that might be watching you back — after all, to marketing companies, you are the most interesting content.

Featured Image Credit:

The post Ethical Considerations in IoT Data Collection appeared first on ReadWrite.

Generative AI has a transformative impact across nearly all industries and applications. Large Language Models (LLMs) have revolutionized natural language processing, enabled conversational agents, and automated content generation. In healthcare, LLMs promise to aid in drug discovery, as well as personalized physical and mental treatment recommendations. In the creative realm, generative AI can generate art, music, and design, pushing the boundaries of human creativity. In finance, it assists in risk assessment, fraud detection, and algorithmic trading. With versatility and innovation, generative AI will continue to redefine industries and drive new possibilities for the future.

First brought to market at the end of November 2022, ChatGPT had about 266 million visits by December and 1 million active users in the first 5 days — a record adoption rate for any application at that time. In April 2023, the site received about 1.76 billion visits, according to analytics company Similarweb. At no point in history had any software been so rapidly and enthusiastically embraced by individuals across all industries, departments, and professions.

Related: Is AI Going to Benefit HR in the Future?

However, enterprises across the globe find themselves unable to empower large-scale, safe, and controlled use of generative AI because they are unprepared to address the challenges it brings. The consequences of data leakage are tremendous, and heroic innovation for data protection to accelerate, foster, and ensure safe usage is now imperative.

Fortunately, technical solutions are the best path forward. Generative AI’s utility overrides employees’ security concerns, even when enterprises have clear policies guiding or preventing the use of the technology. Thus questions such as “How to prevent data leakage” are useless as employees continue to use Generative AI tools regardless of privacy concerns. For example, tech giant Samsung recently reported that personnel used ChatGPT to optimize operations and create presentations, resulting in Samsung’s trade secrets being stored on ChatGPT servers.

While these sorts of incidents are alarming to an enterprise, they have not stopped their employees from wanting to leverage the efficiencies offered by Generative AI. According to Fishbowl, 70% of employees leveraging ChatGPT for work haven’t disclosed their usage to management. A similar report by Cyberhaven shows that 11% of workers have put confidential company information into LLMs. Employees use alternate devices, VPNs, and alternate generative AI tools to circumvent corporate network bans blocking access to these productivity-enhancing tools. As such, privacy preservation in big data has become one big game of whack-a-mole.

Many generative AI and LLM providers have been relying solely on contractual legal guarantees (such as Terms of Service) to promise no misuse of the Generative AI data that gets exposed to the providers and their platforms. Litigation against these providers is proving expensive, uncertain, and slow. Many causes of action will likely go undiscovered, as the use of leaked information can be difficult to detect.

Related: Deepfakes, Blackmail, and the Dangers of Generative AI

How to Leverage Generative AI Data Safely and Successfully

Safeguarding your data in the generative AI era will require ongoing vigilance, adaptation, and active solutions. By taking the steps outlined below today, you can prepare your organization for whatever this new era brings, seizing the opportunities while navigating the challenges with confidence and foresight.

1. Understand your AI landscape inventory.

Conduct a comprehensive assessment of current and potential generative AI usage for your organization. Include departments such as IT, HR, Legal, Operations, any other departments that may be utilizing AI, as well as your AI teams, privacy, and security experts.

Document all the ways AI is being (and could be) used, such as search, summarization, chatbots, internal data analysis, and any AI tools that are currently implemented — both approved and unapproved. Be sure to include any third party AI systems (or systems that are using embedded AI functionality) your company relies on.

For each application, identify the potential data risks. These include exposure of confidential information and trade secrets, security vulnerabilities, data privacy issues, potential for bias, possibilities of misinformation, or negative impacts on employees or customers. Evaluate and prioritize the risks, identify and prioritize mitigation strategies, and continually monitor their effectiveness.

2. Design solutions with a clear focus on data protection.

As a16z’s Marc Andreesen recently wrote: “AI is quite possibly the most important — and best — thing our civilization has ever created, certainly on par with electricity and microchips.” It’s now clear that the future of business will be undeniably intertwined with generative AI.

You have the power to leverage the advantages offered by generative AI while proactively securing the future of your organization. By adopting forward-looking solutions, you can ensure data protection as you forge the path to this revolutionary future.

The post Leverage Generative AI Advantages While Safeguarding Your Future appeared first on ReadWrite.

Artificial intelligence is transforming many industries but few as dramatically as cybersecurity. It’s becoming increasingly clear that AI is the future of security as cybercrime has skyrocketed and skills gaps widen, but some challenges remain. One that’s seen increasing attention lately is the demand for explainability in AI.

Concerns around AI explainability have grown as AI tools, and their shortcomings have experienced more time in the spotlight. Does it matter as much in cybersecurity as other applications? Here’s a closer look.

What Is Explainability in AI?

To know how explainability impacts cybersecurity, you must first understand why it matters in any context. Explainability is the biggest barrier to AI adoption in many industries for mainly one reason — trust.

Many AI models today are black boxes, meaning you can’t see how they arrive at their decisions. BY CONTRAST, explainable AI (XAI) provides complete transparency into how the model processes and interprets data. When you use an XAI model, you can see its output and the string of reasoning that led it to those conclusions, establishing more trust in this decision-making.

To put it in a cybersecurity context, think of an automated network monitoring system. Imagine this model flags a login attempt as a potential breach. A conventional black box model would state that it believes the activity is suspicious but may not say why. XAI allows you to investigate further to see what specific actions made the AI categorize the incident as a breach, speeding up response time and potentially reducing costs.

Why Is Explainability Important for Cybersecurity?

The appeal of XAI is obvious in some use cases. Human resources departments must be able to explain AI decisions to ensure they’re free of bias, for example. However, some may argue that how a model arrives at security decisions doesn’t matter as long as it’s accurate. Here are a few reasons why that’s not necessarily the case.

1. Improving AI Accuracy

The most important reason for explainability in cybersecurity AI is that it boosts model accuracy. AI offers fast responses to potential threats, but security professionals must be able to trust it for these responses to be helpful. Not seeing why a model classifies incidents a certain way hinders that trust.

XAI improves security AI’s accuracy by reducing the risk of false positives. Security teams could see precisely why a model flagged something as a threat. If it was wrong, they can see why and adjust it as necessary to prevent similar errors.

Studies have shown that security XAI can achieve more than 95% accuracy while making the reasons behind misclassification more apparent. This lets you create a more reliable classification system, ensuring your security alerts are as accurate as possible.

2. More Informed Decision-Making

Explainability offers more insight, which is crucial in determining the next steps in cybersecurity. The best way to address a threat varies widely depending on myriad case-specific factors. You can learn more about why an AI model classified a threat a certain way, getting crucial context.

A black box AI may not offer much more than classification. XAI, by contrast, enables root cause analysis by letting you look into its decision-making process, revealing the ins and outs of the threat and how it manifested. You can then address it more effectively.

Just 6% of incident responses in the U.S. take less than two weeks. Considering how long these timelines can be, it’s best to learn as much as possible as soon as you can to minimize the damage. Context from XAI’s root cause analysis enables that.

3. Ongoing Improvements

Explainable AI is also important in cybersecurity because it enables ongoing improvements. Cybersecurity is dynamic. Criminals are always seeking new ways to get around defenses, so security trends must adapt in response. That can be difficult if you are unsure how your security AI detects threats.

Simply adapting to known threats isn’t enough, either. Roughly 40% of all zero-day exploits in the past decade happened in 2021. Attacks targeting unknown vulnerabilities are becoming increasingly common, so you must be able to find and address weaknesses in your system before cybercriminals do.

Explainability lets you do precisely that. Because you can see how XAI arrives at its decisions, you can find gaps or issues that may cause mistakes and address them to bolster your security. Similarly, you can look at trends in what led to various actions to identify new threats you should account for.

4. Regulatory Compliance

As cybersecurity regulations grow, the importance of explainability in security AI will grow alongside them. Privacy laws like the GDPR or HIPAA have extensive transparency requirements. Black box AI quickly becomes a legal liability if your organization falls under this jurisdiction.

Security AI likely has access to user data to identify suspicious activity. That means you must be able to prove how the model uses that information to stay compliant with privacy regulations. XAI offers that transparency, but black box AI doesn’t.

Currently, regulations like these only apply to some industries and locations, but that will likely change soon. The U.S. may lack federal data laws, but at least nine states have enacted their own comprehensive privacy legislation. Several more have at least introduced data protection bills. XAI is invaluable in light of these growing regulations.

5. Building Trust

If nothing else, cybersecurity AI should be explainable to build trust. Many companies struggle to gain consumer trust, and many people doubt AI’s trustworthiness. XAI helps assure your clients that your security AI is safe and ethical because you can pinpoint exactly how it arrives at its decisions.

The need for trust goes beyond consumers. Security teams must get buy-in from management and company stakeholders to deploy AI. Explainability lets them demonstrate how and why their AI solutions are effective, ethical, and safe, boosting their chances of approval.

Gaining approval helps deploy AI projects faster and increase their budgets. As a result, security professionals can capitalize on this technology to a greater extent than they could without explainability.

Challenges With XAI in Cybersecurity

Explainability is crucial for cybersecurity AI and will only become more so over time. However, building and deploying XAI carries some unique challenges. Organizations must recognize these to enable effective XAI rollouts.

Costs are one of explainable AI’s most significant obstacles. Supervised learning can be expensive in some situations because of its labeled data requirements. These expenses can limit some companies’ ability to justify security AI projects.

Similarly, some machine learning (ML) methods simply do not translate well to explanations that make sense to humans. Reinforcement learning is a rising ML method, with over 22% of enterprises adopting AI beginning to use it. Because reinforcement learning typically takes place over a long stretch of time, with the model free to make many interrelated decisions, it can be hard to gather every decision the model has made and translate it into an output humans can understand.

Finally, XAI models can be computationally intense. Not every business has the hardware necessary to support these more complex solutions, and scaling up may carry additional cost concerns. This complexity also makes building and training these models harder.

Steps to Use XAI in Security Effectively

Security teams should approach XAI carefully, considering these challenges and the importance of explainability in cybersecurity AI. One solution is to use a second AI model to explain the first. Tools like ChatGPT can explain code in human language, offering a way to tell users why a model is making certain choices.

This approach is helpful if security teams use AI tools that are slower than a transparent model from the beginning. These alternatives require more resources and development time but will produce better results. Many companies now offer off-the-shelf XAI tools to streamline development. Using adversarial networks to understand AI’s training process can also help.

In either case, security teams must work closely with AI experts to ensure they understand their models. Development should be a cross-department, more collaborative process to ensure everyone who needs to can understand AI decisions. Businesses must make AI literacy training a priority for this shift to happen.

Cybersecurity AI Must Be Explainable

Explainable AI offers transparency, improved accuracy, and the potential for ongoing improvements, all crucial for cybersecurity. Explainability will become more critical as regulatory pressure and trust in AI become more significant issues.

XAI may heighten development challenges, but the benefits are worth it. Security teams that start working with AI experts to build explainable models from the ground up can unlock AI’s full potential.

Featured Image Credit: Photo by Ivan Samkov; Pexels; Thank you!

The post How Important Is Explainability in Cybersecurity AI? appeared first on ReadWrite.