Connect with us

Cyber Security

Interview With Elena Elkina – WISP

Avatar

Published

on

Elena Elkina, Co-Founder of Women in Security and Privacy, was interviewed by Aviva Zacks of Safety Detective. She asked her how WISP helps women succeed in the cybersecurity industry. 

Safety Detective: What motivated you to co-found this organization?

Elena Elkina: Seven of us were all working in the privacy and information security field. Some of us were lawyers, and some of us came from an IT background. At some point, we started talking about the intersection of privacy and security and how you cannot be a subject matter expert in one of the industries and ignore the other one. Since we’d all been doing privacy and security for a while, we thought about that how the industries had changed over the previous ten years and how, when it used to be privacy or security, now the line was getting blurry and blurrier, and we thought about how we could combine our forces and help each other to be better experts in privacy and security field. We looked at different organizations across the globe, and we couldn’t find an organization that did both.

In addition, we knew that we were women and minorities, and we thought about how hard it is for women to enter the information security field and how hard it is to find resources because the information security club is mostly made up of men.

We wanted to organize something that could help other women enter the fields and help them grow and do something they really enjoy. We also wanted to combine privacy and security into one organization because nowadays you can’t do something well by ignoring the other side.

That’s how Women in Security and Privacy or WISP was born. It was surprising to see how many women felt the same way. There were many organizations that were focused on diversity and inclusion or generally provided knowledge for information security or privacy professionals. We didn’t want to reinvent the wheel. We wanted to combine those two industries in one.

SD: How does WISP help empower women to succeed in the cybersecurity industry?

EE: We have a few main areas that we focus on. We provide practical workshops. We focus less on presentations such as panels and discussion and more on practical knowledge where people can apply what they’ve learned during the workshop or they have a chance to take something home with them. So, we focus on practical workshops as education.

We also have leadership training where we offer an opportunity for people to either practice their presentation or share their career path and inspire others to follow or join.

We also have a mentoring program. We developed a peer-to-peer mentoring program called Tandem where we connect peers who have an opportunity to serve in both roles. We don’t have a mentor and mentee, per se, because we believe that every person has something to learn and has something to share. We connect two people who are looking for skills that the other person can share and looking to learn something that the other person can provide.

We started locally. We wanted to make sure people could connect with each other in person in the Bay Area, but then we expanded globally, and now our Tandem program is a global program where we connect women around the globe.

We also have a scholarship program that started with a couple of organizations giving us scholarships to conferences such as DEFCON.

About five years ago we shared the news that we were sending ten women to DEFCON, and we received ten scholarships. We were able to send ten women, and we wanted to share the news and congratulate them. People started responding and asking if they could sponsor one more woman, help with a flight, or hotel cost, etc. In the end, we sponsored about 75 women. It all happened because individuals and companies were providing us with help, helping support women and it has a butterfly effect that more organizations stepped in. And since that day, every year we sent about 100 women to DevCon and about 20 to Black Hat.

With the amazing support of the community, our scholarship program had grown, and now we work with many organizations that provide scholarships. For example, just today we’re going to announce that we have ten scholarships from the IAPP, the International Association of Privacy Professionals. They are supporting ten women to get certification of either security, information, IT, project management, program management for privacy, European Union privacy certification—wherever they choose, the IAPP will support them. We have developed a great relationship with RSA who has been donating scholarships every year for the last 3 years.

This year and last year, because of what happened in the country and in the world, we focused on African Americans and other minorities by helping them to obtain additional knowledge and skills in both industries. In 2020, Craig Newmark Philanthropies helped WISP in our endeavor to support the #ShareTheMicInCyber community and cover training, certification, and education costs incurred by Black security and privacy practitioners with a $25,000 grant!  During the #ShareTheMicInCyber campaign, WISP initiated a fundraiser to raise funds to pay for Practitioner’s training and certifications — and the response exceeded expectations. With the funds from this effort, we hoped to support other Practitioners in the #ShareTheMicInCyber event with training and certifications, as well. We are now hoping to be able to cover each and every certification and training cost needing coverage in the #ShareTheMicInCyber group!

We are working with the #ShareTheMicInCyber group to add up the fund size needed and currently with this $25,000 grant plus the $19,000+ donated by WISP sponsor individuals and corporate sponsors, we will be able to cover each and every education, training, and certification needed so far! We couldn’t be more excited. Thank you to Craig Newmark Philanthropies and each and every sponsor, we absolutely would never be able to make this happen without you.

SD: What do you feel are the worst cyberthreats out there today?

EE: In my professional career, I’m a partner at Aleada Consulting. We are a privacy and security consulting. We focus on our organizational piece of both privacy and security risk, and we work with technical partners to address more on the technical side. From what I’m seeing, because of the work from home situation, many companies have been challenged with building appropriate infrastructure and creating a system to monitor critical systems. Information security and IT teams have had to rethink their approach to work-from-home models, from policies and procedures and having appropriate controls such as VPN, BYOD, and everything else that aligns with it.

Social engineering remains one of the risks because this year either because people are working from home or just people are stressed, and the social engineering attacks have increased.

And another thing that is not directly related to attacks is that companies are struggling with creating processes because there is a lack of talent in the information security and privacy field. Organizations struggle to find people to help them. Just to be on top of all the possible threats and new requirements from the information security side or privacy side, it’s very hard to be on top of it. I think that continues to be a big problem for an organization—how to bring appropriate talent to their team to protect the company.

That’s why WISP is committed to finding opportunities to advance knowledge and experience and bring more people into the industry so we have no shortage of talent and provide more opportunities to others to grow and join the forces.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://www.safetydetectives.com/blog/interview-elena-elkina-wisp/

AI

Pandemic Spurred Identity Fraud; AI and Biometrics Are Responding 

Avatar

Published

on

AI and biometrics are being more widely incorporated in new cybersecurity products, as losses from cyberattacks and identity theft increased dramatically in 2020. (Credit: Getty Images) 

By AI Trends Staff 

Cyberattacks and identity fraud losses increased dramatically in 2020 as the pandemic made remote work the norm, setting the stage for AI and biometrics to combine in efforts to attain a higher level of protection. 

One study found banks worldwide saw a 238% jump in cyberattacks between February and April 2020; a study from Javelin Strategy & Research found that identity fraud losses grew to $56 billion last year as fraudsters used stolen personal information to create synthetic identities, according to a recent account from Pymnts.com. In addition, automated bot attacks shot upward by 100 million between July and December, targeting companies in a range of industries.  

Companies striving for better protection risk making life more difficult for their customers; another study found that 40% of financial institutions frequently mistake the online actions of legitimate customers to those of fraudsters. 

Caleb Callahan, Vice President of Fraud, Stash Financial

“As we look toward the post-pandemic—or, more accurately, inter-pandemic—era, we see just how good fraudsters were at using synthetic identities to defeat manual and semi-manual onboarding processes,” stated Caleb Callahan, Vice President of Fraud at Stash Financial of New York, offering a personal finance app, in an interview with Pymnts. 

SIM Sway Can Create a Synthetic Identity  

One technique for achieving a synthetic identity is a SIM swap, in which someone contacts your wireless carrier and is able to convince the call center employee that they are you, using personal data that may have been exposed in hacks, data breaches or information publicly shared on social networks, according to an account on CNET.  

Once your phone number is assigned to a new card, all of your incoming calls and text messages will be routed to whatever phone the new SIM card is in.  

Identity theft losses were $712.4 billion-plus in 2020, up 42% from 2019, Callahan stated. “To be frank, our defenses are fragmented and too dependent on technologies such as SMS [texting] that were never designed to provide secure services. Banks and all businesses should be looking at how to unify data signals and layer checkpoints in order to keep up with today’s sophisticated fraudsters,” he stated.  

Asked what tools and technologies would help differentiate between fraudsters and legitimate customers, Callahan stated, “in an ideal world, we would have a digital identity infrastructure that banks and others could depend on, but I think that we are some ways away from that right now.”  

Going forward, “The needs of the travel and hospitality, health, education and other sectors might accelerate the evolution of infrastructure for safety and security,” Callahan foresees. 

AI and Biometrics Seen as Offering Security Advantages 

AI can be employed to protect digital identity fraud, such as by offering greater accuracy and speed when it comes to verifying a person’s identity, or by incorporating biometric data so that a cybercriminal would not be able to gain access to information by only providing credentials, according to an account in Forbes. 

Deepak Gupta, Cofounder and CTO, LoginRadius

AI has the power to save the world from digital identity fraud,” stated Deepak Gupta, author of the Forbes article and cofounder and CTO of LoginRadius, a cloud-based consumer identity platform. “In the fight against ID theft, it is already a strong weapon. AI systems are entirely likely to end the reign of the individual hacker.”  

While he sees AI authentication as being in an early phase, Gupta recommended that companies examine the following: the use of intelligent adaptive authentication, such as local and device fingerprint; biometric authentication, based on the face or fingerprints; and smart data filters. “A well-developed AI protection system will have the ability to respond in nanoseconds to close a leak,” he stated. 

Pandemic Altered Consumer Financial Behavior, Spurred Identity Fraud  

The global pandemic has had a dramatic impact on consumer financial behavior. Consumers spent more time at home in 2020, transacted less than in previous years, and relied heavily on streaming services, digital commerce, and payments. They also corresponded more via email and text, for both work and personal life.  

“The pandemic inspired a major shift in how criminals approach fraud,” stated John Buzzard, Lead Analyst, Fraud & Security, with Javelin Strategy & Research in a press release. “Identity fraud has evolved and now reflects the lengths criminals will take to directly target consumers in order to steal their personally identifiable information.” 

Companies made quick adjustments to their business models, such as by increasing remote interactions with borrowers for loan originations and closings, and criminals pounced on new vulnerabilities they discovered. Nearly one-third of identity fraud victims say their financial services providers did not satisfactorily resolve their problems, and 38% of victims closed their accounts because of lack of resolution, the Javelin researchers found.   

“It is clear that financial institutions must continue to proactively and transparently manage fraud as a means to deepen their customer relationships,” stated Eric Kraus, Vice President and General Manager of Fraud, Risk and Compliance, FIS. The company offers technology solutions for merchants, banks, and capital markets firms globally. “Through our continuing business relationships with financial institutions, we know firsthand that consumers are looking to their banks to resolve instances of fraud, regardless of how the fraud occurred,” he added.  

This push from consumers who are becoming increasingly savvy online will lay a foundation for safer digital transactions.  

“Static forms of consumer authentication must be replaced with a modern, standards-based approach that utilizes biometrics,” stated David Henstock, Vice President of Identity Products at Visa, the world’s leader in digital payments. “Businesses benefit from reduced customer friction, lower abandonment rates and fewer chargebacks, while consumers benefit from better fraud prevention and faster payment during checkout.” 

The 2021 Identity Fraud Study from Javelin is now in its 18th year. 

Read the source articles and information from Pymnts.com, from CNETin Forbes and in a press release from Javelin Strategy & Research. 

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://www.aitrends.com/security/pandemic-spurred-identity-fraud-ai-and-biometrics-are-responding/

Continue Reading

Cyber Security

Pipeline Update: Biden Executive Order, DarkSide Detailed and Gas Bags

Avatar

Published

on

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://threatpost.com/pipeline-biden-darkside-gas-bags/166112/

Continue Reading

Cyber Security

8 Cyber Security Practices Every Organization Adopt

Avatar

Published

on

Computer internet cyber security background. Cyber crime vector illustration. digital
Computer internet cyber security background. Cyber crime vector illustration. digital

Cyber security is such a pressing matter among companies, especially for large enterprises. Since there’s a lot to get from hacking large companies, they’re bound to experience cyber threats such as Trojans, malware, phishing, and ransomware regularly. But remember that there have been cases of cyberattacks on businesses with 100 or fewer employees, so small- and medium-sized companies are not exempt from this issue.

Regardless of the size of your company, consider strengthening your cyber security. There’s no better way to do that than by increasing the number of your security controls.

Security controls are countermeasures that prevent cyberattacks and minimize security risks on information, physical property, and, most importantly, your computer systems. For more information, you can read the article of Beryllium regarding security controls.

If you plan to establish newer security controls for your computer systems, you might want to consider looking into the following cyber security practices:

Table of Contents

Invest In Antivirus Software

A long time ago, you only had to worry about viruses, but that’s no longer the case. Today, there are all kinds of cyberthreats such as Trojan horses, worms, spyware, ransomware, and malware. If you want to be protected against these kinds of threats, you should consider investing in antivirus software. Antivirus software refers to any program designed to detect and eliminate various threats to a system, including those mentioned earlier.

Establish A Firewall

Antivirus software focuses on threats that may corrupt the programs inside a computer system. However, it doesn’t cover external threats; for those, you need a firewall. A firewall is a form of security control that helps keep external threats from breaching a computer system in the first place. You can think of it as the first line of defense against cyber threats. A firewall partnered with antivirus software can provide extremely powerful protection for any organization.

Utilize Multifactor Authentication

Usually, when logging into a computer system, you need to input your username and an authentication code, which is the password. But as previously said, cyberthreats have already evolved. It’s no longer enough to use a single authentication code, and that’s what multifactor authentication (MFA) is all about.

Basically, multifactor authentication is the process of requiring more than two codes from the user. So instead of a password alone, the system may also ask for a fingerprint, one-time passwords (OTPs), and more. This reduces the chances of hackers getting into the system.

Encourage Safe And Secure Passwords

Although you can use MFA, passwords are still the hardest authentication codes to crack. Hackers can steal OTPs with special software or even fake fingerprints. However, passwords are difficult to predict, perhaps due to their randomness.

If you’re going to implement MFA, you might as well make sure your employees have safe and secure passwords. You can start by giving them a few pointers, such as the following:

    • Use a password generator for the sake of randomness.
    • Avoid common characters.
    • Use a mix of characters.
    • Lengthen your password.

Monitor Third Parties’ Access To Data

Certain companies outsource some of their operations to third-party agencies. In doing so, they’re giving those firms access to confidential information.

If you’re currently in partnership with an outsourcing agency, you might want to consider monitoring them and limiting their access to data as well. After all, you can’t strengthen their cyber security even if you want to. If you do suffer from security breaches due to their negligence, your company would be on the losing side, so it’s better to be safe than sorry.

Check For Security Patches And Updates

Operating systems roll out security patches and updates every now and then. Your job is to apply those patches as soon as possible. Even if you leave your computer system outdated only for a few hours, there can be severe consequences.

Back Up All Data

Regardless of how secure your system is, there’s no guarantee that a hacker won’t get past your security controls. To minimize the damage from security breaches, companies must have a backup of all their data on a device not connected to the computer system. That way, if ever the computer system’s corrupted, you don’t have to worry about your data getting lost.

Educate Your Employees

Making mistakes is what makes one human. Some errors have minor consequences, but some can lead to huge problems. If your employees have access to the company’s system, the only thing hackers need to do is to take advantage of inexperienced employees. They can do this through phishing and other social engineering techniques.

If you don’t want your employees to bear all the blame for a security breach, try raising their awareness through training that teaches them about cyber security threats. Granted, it won’t guarantee 100% security, but it will reduce the chances for a cyberattack nonetheless.

Wrapping Up

Take note that every security control has a weakness. Your job is to ensure that those weaknesses are taken care of by other security controls. Take antivirus software and firewall, for example. Antivirus software deals with internal threats, while a firewall deals with external threats. If you want to strengthen your cyber security, you need to know how cyber security practices interact with each other, and this guide should have everything you need in that regard.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://cybersguards.com/8-cyber-security-practices-every-organization-adopt/

Continue Reading

Cyber Security

How to Become a Cybersecurity Specialist

Avatar

Published

on

cyber-security

In the modern age, a cybersecurity expert acts as a watchdog. Cybersecurity experts work with businesses and organisations to keep networks and data safe.

One of a cybersecurity specialist’s main duties is to keep track of their company’s systems and report any problems to management. They are also in charge of foreseeing potential threats and providing advice about how to deal with them.

Table of Contents

What is a cybersecurity specialist?

Depending on the size and shape of his or her company or organisation, a cybersecurity specialist can wear a variety of hats.

Cybersecurity experts, as the job description suggests, are supposed to provide a certain degree of experience and knowledge that enables them to provide guidance and training on the most up-to-date digital best practises.

Cybersecurity experts may have in-depth knowledge of a specific vendor’s product (such as CISCO Systems, which manufactures networking and IT products), or they may have experience with other domains such as computer operating systems or mobile applications.

A cybersecurity specialist can be thought of as someone who monitors a company’s or organization’s security while also assisting other employees and teammates in staying current on best practises.

This position is crucial because data breaches are often caused by employees, either deliberately or unintentionally.

Four key steps to becoming a cybersecurity specialist

1. Education: Most cybersecurity specialist positions, like the majority of other cybersecurity jobs, require some sort of formal education. However, since cybersecurity specialist positions cover such a broad range of job descriptions and duties, a specialist job can be obtained after completing many levels of cybersecurity education.

In other words, people with a cybersecurity associate’s degree, bachelor’s degree, or master’s degree will work as cybersecurity specialists. Furthermore, several cybersecurity specialists found jobs after completing a similar degree (such as computer science, engineering, or mathematics) and/or gaining relevant work experience.

2. Industry certifications and clearances: Obtaining the required industry certifications and/or clearances is a vital phase in job planning, as it is in many other cybersecurity career paths.

It’s a good idea to start thinking about what certifications an employer may need, or what certifications make job applicants more competitive in their profession.

Here are a few examples of the different types of cybersecurity certifications available:

Security+ is a CompTIA qualification that is widely recognised by cybersecurity practitioners as a foundational credential. The topics of risk management and threat evaluation are included.

CompTIA offers Network + as well. This credential focuses on networking technology and operations, as the name suggests. It is regarded as a basic qualification.

A more specialised qualification, the Certified Information Systems Security Professional (CISSP), is reserved for cybersecurity practitioners with at least five years of experience. Architecture, engineering, and management are among the subjects covered by the credential.

Since it normally allows candidates to have several years of work experience, the Certified Ethical Hacker (CEH) credential is often considered a more advanced cert. The aim of an ethical hacker credential is to develop threat assessment and mitigation skills by understanding how cyber attacks unfold.

These are just a few of the many cybersecurity certifications that are accessible. When looking for cybersecurity work openings, it’s a good idea to keep track of the certifications that employers are looking for.

When applying for cybersecurity specialist jobs, it’s also a good idea to inquire about professional development programmes, such as certifications that an employer will pay for.

3. Experience: Another important aspect of obtaining a job as a cybersecurity specialist is demonstrating relevant experience.

This can be in the form of a structured internship or other formal hands-on learning, or it can be in the form of other similar work experience.

4. Network: Looking for opportunities to grow a professional network is always a good idea.

There are a variety of specialist cybersecurity associations and groups with a network-oriented approach that are explicitly structured to notify members about job openings and professional development opportunities.

A good place to start is Digital Guardian’s list of the top 50 cybersecurity networking groups and professional organisations.

What do cybersecurity specialists do?

Security evaluations of computer hardware and software systems are created and implemented by cybersecurity experts. They ensure that the systems work as they should and are secure from attack.

A cybersecurity specialist’s work can be very routine at times. They are in charge of ensuring that networks and operating systems are up to date and free of software bugs.

Furthermore, security specialists are responsible for ensuring that other coworkers are kept up to date on security best practises, which could require them to serve as a trainer or counsellor.

Designing firewalls and other protection mechanisms to ensure that information and proprietary networks are compatible with the most current security requirements is another part of a cybersecurity specialist’s task.

Cybersecurity experts are also in charge of continuously monitoring security systems and networks for irregularities and documenting and reporting on their findings.

Skills for specialists

Cybersecurity professionals play an interesting role in the businesses and institutions where they work. People in this role are often hired for their social skills as well as their technical abilities.

Cybersecurity experts must be able to interact effectively and work well in groups. Coaching and advising coworkers on security best practises is a common part of the job.

In addition, cybersecurity experts are often called upon in times of crisis or disaster, as well as when networks or data structures are malfunctioning. As a result, the ability to survive in “emergency” situations is critical.

Finally, becoming a security specialist can entail assisting coworkers in adopting new technologies and security software as it evolves. However, most people are averse to change, especially if it necessitates learning a new operating procedure or work-flow. As a result, the ability to express the rationale for the transition, as well as the ability to appeal to the desires and objections of coworkers, is crucial.

Cybersecurity experts must be at ease in a continuously changing and shifting environment. New digital attack vectors and mechanisms emerge on a regular basis, and a cybersecurity expert is charged with determining what skills and expertise are needed to defend against these new threats.

This frequently necessitates continued education, both in the form of formal, industry-recognized certifications and informal learning and monitoring of industry developments.

A cybersecurity expert should be like a Swiss Army knife of the digital world in terms of expertise, experience, and general attitude. This role requires multi-disciplinary skills and the ability to adapt to a wide range of circumstances.

Outlook for cybersecurity specialists

According to a new PayScale survey, the majority of workers with the job title cybersecurity specialists are satisfied with their employment.

According to Payscale, cybersecurity professionals are paid differently based on their expertise, roles, and place. A specialist’s salary varies from $45,644 to $115,841. The average salary is $74,140 a year.

Employment prospects for cybersecurity specialists are expected to rise 36 percent by 2024, far faster than other careers, indicating an increasing demand for cybersecurity expertise in all fields and career levels.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://cybersguards.com/how-to-become-a-cybersecurity-specialist/

Continue Reading
Cleantech45 mins ago

Congress’s Chance to Protect Our Coasts

Esports46 mins ago

CS:GO Update 1.37.9.1 adds several updates to new map Ancient

Aviation59 mins ago

Qantas Future Small Plane: The Embraer E2 Family Vs Airbus A220

Cleantech1 hour ago

Line 5 Pipeline Continues Operation, Violating Michigan Order

Energy1 hour ago

How Young Entrepreneur Jeff Clayton Is Innovating the Dropshipping Logistics Industry

Aviation1 hour ago

COVID-19: Air Canada extends flight ban from India to June 22

Aviation1 hour ago

Edmonton Airport, JOIN & IAC sign MoU

Aerospace1 hour ago

Axelspace raises $24 million in Series C round

Aviation1 hour ago

Exchange Income Corporation Maintains Record of Consistently Solid Performance One Year into Pandemic

Energy2 hours ago

Pan American Silver Announces Results of Annual General and Special Meeting

Energy2 hours ago

Laser Marking Equipment Market to grow by USD 535.39 Million during 2021-2025 | Amonics Ltd. and Coherent Inc. emerge as Key Contributors to growth | Technavio

Cleantech2 hours ago

Autonomous Electric Tractors From ZTractor Launching In 2021

Aerospace2 hours ago

Japanese billionaire, Russian actress to fly to ISS

Esports2 hours ago

Video: HEAP vs. ENCE

AI2 hours ago

Listen: OakNorth CIO shares automation trends in commercial lending

Aviation2 hours ago

Volaris vs Copa Airlines: Their Two Business Models Compared

Esports3 hours ago

How to get Renown fast in Rainbow Six Siege

Esports3 hours ago

How to complete Prime Icon Moments Raúl SBC in FIFA 21 Ultimate Team

Esports3 hours ago

Sega Announces Ambitious ‘Super Game’

Esports3 hours ago

Nintendo Says Suez Slowdown, COVID-19 Causing Switch Shortages

Esports3 hours ago

Rambo and Die Hard Skins Leaked for Warzone

Esports3 hours ago

How to fix the “No server found” error in Apex Legends

Esports3 hours ago

Pentanet.GG jungler Pabu has played 8 champions in 9 games at MSI 2021

Aviation3 hours ago

The World’s Most Interesting Boeing 747 Uses

Esports4 hours ago

Playbase offers an instant solution to organizing simple and cost-effective competitive gaming platforms

Esports4 hours ago

Team Heretics signs Johnta as head coach of VALORANT team

Nano Technology4 hours ago

With a zap of light, system switches objects’ colors and patterns: “Programmable matter” technique could enable product designers to churn out prototypes with ease

Nano Technology4 hours ago

Polarization-sensitive photodetection using 2D/3D perovskite heterostructure crystal

Nano Technology4 hours ago

Graphene key for novel hardware security

Energy4 hours ago

IEEE-USA Commends 2021 Endless Frontier Act

Trending