For three years running the Cyber Security Hub has put out the results of our year-end survey. The results have become a dependable way to understand how viewpoints within the cyber security community are changing regarding function, methodologies, technologies, leadership, adversaries and allies.
But the only way to truly know how you and your organization stack up in mindset against your peers is by taking the survey.
The good news is that it takes under 10 minutes to complete. Take the survey now.
We look forward to providing the results in November.
Deepfake Detection Poses Problematic Technology Race
Experts hold out little hope for a robust technical solution in the long term.
With disinformation concerns increasing as the US presidential election approaches, industry and academic researchers continue to investigate ways of detecting misleading or fake content generated using deep neural networks, so-called “deepfakes.”
While there have been successes — for example, focusing on artifacts such as the unnatural blinking of eyes has resulted in high accuracy rates — a key problem in the arms race between attackers and defenders remains: The neural networks used to create deepfake videos are automatically tested against a variety of techniques intended to detect manipulated media, and the latest defensive detection technologies can easily be included. The feedback loop used to create deepfakes is similar in approach — if not in technology — to the fully undetectable (FUD) services that allow malware to be automatically scrambled in a way to dodge signature-based detection technology.
Detecting artifacts is ultimately a losing proposition, says Yisroel Mirsky, a post-doctoral fellow in cybersecurity at the Georgia Institute of Technology and co-author of a paper that surveyed the current state of deepfake creation and detection technologies.
“The defensive side is all doing the same thing,” he says. “They are either looking for some sort of artifact that is specific to the deepfake generator or applying some generic classifier for some architecture or another. We need to look at solutions that are out of band.”
The problem is well known among researchers. Take Microsoft’s Sept. 1 announcement of a tool designed to help detect deepfake videos. The Microsoft Video Authenticator detects possible deepfakes by finding the boundary between inserted images and the original video, providing a score for the video as it plays.
While the technology is being released as a way to detect issues during the election cycle, Microsoft warned that disinformation groups will quickly adapt.
“The fact that [the images are] generated by AI that can continue to learn makes it inevitable that they will beat conventional detection technology,” said Tom Burt, corporate vice president of customer security and trust, and Eric Horvitz, chief scientific officer, in a blog post describing the technology. “However, in the short run, such as the upcoming US election, advanced detection technologies can be a useful tool to help discerning users identify deepfakes.”
Microsoft is not alone in considering current deepfake detection technology as a temporary fix. In its Deep Fake Detection Challenge (DFC) in early summer, Facebook found the winning algorithm only accurately detected fake videos about two-thirds of the time.
“[T]he DFDC results also show that this is still very much an unsolved problem,” the company said in its announcement. “None of the 2,114 participants, which included leading experts from around the globe, achieved 70 percent accuracy on unseen deepfakes in the black box data set.”
In fact, calling the competition between attackers and defenders an “arms race” is a bit of a misnomer because the advances in technology will likely mean that realistic fake videos that cannot be detected by technology will become a reality not too far in the future, says Alex Engler, the Rubenstein Fellow in governance studies at the Brookings Institute, a policy think tank.
“We have not see a dramatic improvement in deepfakes, and we haven’t really a super-convincing deepfake video, but am I optimistic about the long-term view? Not really,” he says. “They are going to get better. Eventually there will not be an empirical way to tell the difference between a deepfake and a legitimate video.”
In a policy paper, Engler argued that policy-makers will need to plan for the future when deepfake technology is widespread and sophisticated.
On the technical side, like the anti-malware industry, there are two likely routes that deepfake detection will take. Some companies are creating ways of signing video as proof that it has not been modified. Microsoft, for example, unveiled a signing technology with a browser plug-in that the company said can be used to verify the legitimacy of videos.
“In the longer term, we must seek stronger methods for maintaining and certifying the authenticity of news articles and other media,” Burt and Hovitz wrote. “There are few tools today to help assure readers that the media they’re seeing online came from a trusted source and that it wasn’t altered.”
Another avenue of research is to look for other signs that a video has been modified. With machine-learning algorithms capable of turning videos into a series of content and metadata — from a transcription of any speech in the video to the location of where the video was taken — creating content-based detection algorithms could be a possibility, Georgia Tech’s Mirsky says.
“Just like malware, if you have a technique that can look at the actual content, that is helpful,” he says. “It is very important because it raises the bar for the attacker. They can mitigate 90% of attacks, but the issue is that an adversary like a nation-state actor who has plenty of time and effort to refine the deepfake, it becomes very, very challenging to detect these attacks.”
Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT’s Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline … View Full Bio
Mitigating Cyber-Risk While We’re (Still) Working from Home
One click is all it takes for confidential information to land in the wrong hands. The good news is that there are plenty of ways to teach preventative cybersecurity to remote workers.
Over the past few months, we’ve become very familiar with the many cybersecurity perils posed by a largely (or fully) remote workforce. It’s clear that work-from-home (WFH) isn’t going away anytime soon — and neither are bad actors.
But as the fine line between working and living from home becomes increasingly blurred, it’s important to step back and recognize that with everything interconnected, one click is all it takes for confidential information to land in the wrong hands.
The good news is there are plenty of ways to teach preventative cybersecurity — in your own home, at the dinner table — and a myriad of zero-trust tools you can leverage to keep yourself and your family cyber smart and secure while we WFH and go to school from home. Like anything else, practice makes perfect — and the same is true for cybersecurity. The better you can understand and practice the cybersecurity fundamentals within your own home, the safer off you and your loved ones will be.
Why Incidental Security Matters
Let’s start with the basics. Every network, at home or work, sits behind network address translation (NAT) boxes that allow us to reuse RFC1918 private address spaces all over the world due to the scarcity of IPv4 addresses. NAT, often configured on enterprise firewalls or routers, provides some incidental security. For connections that need to originate from inside the corporate enterprise, it “accidentally” shields organizations from malicious Internet traffic coming in.
At home, most folks use a router provided by their Internet service provider. The home router has a firewall and NAT functionality so your family can safely connect out to your favorite websites, and those websites can send the data you asked for back to you.
However, with most employees now working at home, enterprise-grade firewalls at the edge of corporate networks are no longer protecting them or providing the needed visibility for IT to help keep the corporate users safe. That’s where having an endpoint security solution that can provide visibility, segment and limit access between different internal networks and laptop devices can come in handy.
With CISOs, government employees, and business executives sharing home networks with their 15-year-old gamers and TikTok addicts, it’s imperative to extend the principles of least privilege to the systems with important data inside the home network. Meaning that even if a bad actor gains access to your kid’s network, your laptop and organization’s internal assets stay in the clear. When it comes to proactively protecting against cyber threats, segmentation is one of the best ways to ensure that bad actors stay contained when they breach the perimeter. Because, let’s be honest, it’s bound to happen. And even if you don’t click on something, your child might.
Understanding Your Zero-Trust Toolbox
We already touched on segmentation as a zero-trust tool, but there are many other tools you can use at home and at work (when we get back there) to ensure that your devices, networks, and crown jewels stay safe and secure.
According to our new report, 70% of organizations use multifactor authentication (MFA), topping the list of most popular zero-trust tools. It’s a straightforward deployment (one you can use on your home devices via apps like Authy or Google Authenticator) and provides a valuable additional layer of security beyond just usernames and passwords. Similarly, 69% of security professionals use single sign-on (SSO) to sign in to their devices, enabling users to sign in once with strong credentials backed by MFA.
Other tools like segmentation can help extend the principles of “least privilege” to the end of your networks and assets, making it harder for bad actors (or well-intentioned kids) to break into and compromise your corporate devices.
Another way to keep cybersecurity top of mind in your home is to hold a “Security 101” lesson over your next family dinner to teach your family how to avoid malicious sites when downloading games, music, popular apps, or the personal information that can be unwittingly shared through social networks if you’re not careful about what you share and with whom you connect. Hypervigilance, communication, and effective cybersecurity tools are key when it comes to keeping your family and your crown jewels safe and secure.
All in all, it’s important to remember that you don’t have to boil the ocean to mitigate cyber-risk in your home — especially with the challenges and tight budgets we face in COVID-19. It’s important to be focused on actionable points and specific controls you can use to keep your families and data secure, whenever and wherever possible.
As chief technology officer and founder, PJ is responsible for Illumio’s technology vision and platform architecture. PJ has 20 years of experience in engineering, with a focus on addressing the complexities of data centers. Prior to Illumio, PJ was CTO at Cymtec. He also … View Full Bio
Ransomware attack on hospital results in patient death
For the first time in the history of ransomware, a patient death has been directly linked to a file encrypting malware attack. According to sources, a woman suffering with a life threatening condition was diverted to a remote hospital because of a ransomware attack caused by a Citrix add-on software vulnerability, eventually causing death of the patient because of delay in treatment.
The hospital in discussion is the Düsseldorf University Hospital, Germany and the law enforcement is investigating the incident as a certain section of the media is linking the incident to the suspected manslaughter that was reported by Associated Press related news source NTV on Wednesday.
According to the sources reporting to Cybersecurity Insiders, the incident was unexpected as the hospital had no other choice rather than to send the patient some 20 miles away from where she was supposed to seek the treatment-due to the fact that the digital services were all compromised with malware.
Some unconfirmed reports say that the file encrypting malware struck the database in the early hours of Thursday and around 30 servers pertaining to Heinrich Heine University, to which Düsseldorf Hospital was connected, were severely impacted.
As soon as the law enforcement learned about the incident, they immediately contacted the hackers spreading the ransomware and informed them that their malware was impacting emergency services of a hospital and not the data related to the university.
Surprisingly, the hackers withdrew the ransom demand and reportedly provided the decryption key to unlock the servers, said a spokesperson from the office of Justice Minister for North Rhine- Westphalia State. But all this activity consumed time, resulting in the death of an innocent women patient.
More details are awaited!
TikTok filed a complaint against Trump administration to block U.S. ban: Bloomberg News
Seoul Police Summons Bithumb Chairman For Interrogation
Pinned below $11K, Bitcoin price plays second fiddle to Uniswap (UNI)
U.S. Senator Blumenthal demands AT&T drop push for ad-subsidized cellphone plans
‘Bored by all this drama’: TikTok users play it cool over latest U.S. ban threat
Deezer’s country selector lets you listen to music and podcasts like a local
Unity Software has strong opening, gaining 31% after pricing above its raised range
More pump than dump: 22% UniSwap (UNI) price drop doesn’t faze traders
Conan O’Brien on how to embrace an ever-changing media landscape
Chamath launches SPAC, SPAC and SPAC as he SPACs the world with SPACs
NBCU’s new deal with Roku will bring Peacock to the streaming platform
Daily Crunch: Partial US TikTok ban is imminent
French Committee Pushes for Cannabis Legalization
Cannabis During Breast Cancer Treatment: What Are The Benefits?
OKEx CEO slams Binance’s Changpeng Zhao for promoting questionable DeFi projects
What we know about Trump’s ‘ban’ on TikTok and WeChat
SaaS Ventures takes the investment road less traveled
The Wayback Machine and Cloudflare team up to keep websites online
Congress Postpones MORE Act Vote That Would Decriminalize Cannabis
EU to see comprehensive crypto regulation by 2024
Congress Delays Vote On MORE Act
Abkhazia to lift ban on crypto mining
Canadian police charged a Tesla owner for sleeping while driving
Basic Income Experiments Around the World
Top 5 Fresh Toast Stories Of The Week: Sept. 18, 2020
These Full-stack Projects Are a Must for Your 2020 Portfolio 🤯
How To Use Prometheus Adapter to Autoscale Custom Metrics Deployments
EU looks to fast 5G, supercomputers to boost virus-hit economy
The best deals we found this week: $50 off AirPods Pro and more
EU to introduce crypto-assets regime by 2024, EU documents say
New Nissan Z Not Using Adaptive Steering, Goal Is A ‘Connected’ Feel
Where Are They Now? A Lesson in Business Successes and Failures
‘Cyberpunk 2077’ won’t require a high-end gaming rig
ALYI EV Battery And Charging Station New Details Out Next Tuesday
The 6 Best Digital Strategy Companies of 2020
The latest Chromecast leak shows remote in full detail
The 8th-generation iPad is already $30 off at Walmart
How Augmented Reality is changing Retail
Benefits & Use Cases of Augmented and Virtual Reality in Education
Facebook Lowers Price of Enterprise-focused Quest to $800
Gaming1 week ago
Forest Warden Omu tips & strategies – Hearthstone Battlegrounds
Gaming1 week ago
Out Now: ‘Hyena Squad’, ‘PAKO Caravan’, ‘Dungeoning’, ‘Neuroshima Convoy’, ‘Conjurer Andy’s Repeatable Dungeon’, ‘Crux: A Climbing Game’, ‘LegendArya’, ‘OLO Loco’ and More
AI1 week ago
What is a Sign Up Bonus and How Does it Work?
Esports5 days ago
Valorant Ego Skins Teased
Gaming1 week ago
Tony Hawk’s Pro Skater 1+2 review: Welcome back to The 9 Club, bro
Gaming1 week ago
‘Company of Heroes’ for iPhone and Android Is Out Now Worldwide with iCloud Save Backup on iOS
SaaS1 week ago
SaaS Growth: Top Strategies and Trends for SaaS Growth
Cyber Security1 week ago
Meet the Middlemen Who Connect Cybercriminals With Victims