Welcome back to the TCE Strategy monthly technology and cybersecurity newsletter! The mission of this publication is to cut through the clutter of cybersecurity news stories and provide you with the most important, relevant and actionable cybersecurity information.
If this newsletter adds value, fantastic! That is the goal. Please forward it on to friends/colleagues. If not, no hard feelings. Please look to the bottom for an easy to click "unsubscribe" button.
|
|
|
In this issue:
Month's News in Review
Upcoming Speaking Events
TCE Strategy in the News
Must Read Articles This Month
Cybersecurity Tip of the Month
|
|
|
Enjoy this month's newsletter? You can use this link to post on social media or send to friends! Thanks for sharing!
|
|
|
|
This Month's News in Review
|
|
|
Happy New Year everyone! It has been a cybersecurity news-filled kickoff to 2023, so let’s have at it.
Twitter Data Breach
2023 started off with a very large Twitter data breach, where 200 million users had their twitter “handle” (mine is @brycea for example) leaked along with their real name and their email address. For some, this isn’t overly serious, as some people have no problem with the Internet knowing their name, a valid email address and their Twitter handle. I fall into this category, and you may as well. For others, this could be a problem because it allows cybercriminals to use that information to pretend to be you to try to break into various accounts you have. For a select few that used Twitter to disseminate information that their family, the company they work for, or the government of the country they live in wouldn’t like them to disseminate, this is potentially very damaging. Twitter passwords were not reported to be part of this breach. I’ve been told that this breach may have been deliberate from a disgruntled Twitter employee, but I have no confirmation of that. With Elon Musk firing half of Twitter’s staff, it seems like a good guess.
Growth of ChatGPT
ChatGPT is taking the Internet by storm. If you haven’t heard of it, ChatGPT is a conversational AI (Artificial Intelligence) engine that really does appear to be a “next generation” AI interface. I asked it to write a 900 word essay about the benefits of multi-factor authentication (MFA), and the results were downright decent. This, of course, leads to huge concerns about using ChatGPT to write term papers for college students, to turn in ChatGPT’s work as your own (is that plagiarism? I’m honestly not up on if using a tool to write something for you constitutes plagiarism or not), and for use by cybercriminals to write much more convincing phishing emails. Someone has already come up with an attempt to write a program to detect articles written by ChatGPT rather than by a human, called GPTZero. No matter how the laws/ethics of ChatGPT play out, this is a very significant advancement in the ability for humans and computers to communicate. There are already talks underway to sell shares in the company, and news outlets are reporting that the total company valuation is a whopping $29 billion.
Frontline’s Pegasus Spyware Story
The television show Frontline has a fascinating story on the spyware “Pegasus”, written and sold by the Israeli company NSO Group, that is being used for surveillance purposes by governments around the world. They make some very dramatic and damning claims that governments are using Pegasus to spy on those who speak out against them, and to spy on the friends and family of those people. Because this software sits on your phone, it breaks the privacy protections that applications such as Signal provide. Someone delivered a list to the media of 50,000 phone numbers that Pegasus is spying on. The Frontline story walks through the detective work to determine who the people are that are being spied on.
Meta Privacy Fine
Meta (Facebook’s parent company) was fined more than $400 million by Ireland in an EU privacy case. The issue stemmed from Facebook sending users tailored ads based on their Internet activity. Meta stated that it disagrees with the decision and intends to appeal.
IoT Device Standards
Finally, Internet of Things (IoT) devices are finally beginning to adopt a global standard on how these devices communicate with each other. In theory, this will provide more interoperability between different manufacturers’ devices, and hopefully make it easier to analyze the cybersecurity of these devices as well. The new standard is called “Matter”, and I’d recommend looking for Matter compatibility with future IoT devices that you purchase. Generally speaking, I’m not a fan of IoT devices unless there is a compelling reason for you to have them in your home or business. Think of each one as a lit candle. Candles are useful, but they can also burn your house down.
Until next month, stay safe!
|
|
Upcoming Speaking Events
Live events are back in action! Here is a list of the cities that I will be in for 2023. Please feel free to reach out if you have an event in mind.
February 8th, Mystic Lake Casino, Prior Lake, MN
February 22nd-24th, Ames, IA
March 7th-8th, San Diego, CA
March 13th-15th, Salt Lake City, UT
May 29th-June 2nd, Las Vegas, NV
June 16th-22nd, Dublin, Ireland
July 17th-18th, Orlando, FL
August 19th-20th, Honolulu, HI
|
|
|
|
I had the opportunity to speak at the FABTech (Fabricators Technology) conference a few months ago about a large ransomware attack that TCE Strategy worked for much of 2022. You can hear about the ransomware case here and the FABTech presentation here.
|
|
|
|
|
|
I need a better definition of the word "mandatory" to interpret this article. Laws do not change behavior. Laws + enforcement of those laws + sufficient penalties for breaking those laws = a change in behavior.
|
|
|
|
|
CISA is the USA government agency that acts as an interface on cybersecurity issues between the public and private sector. Ever wonder what they do? This article outlines their work in 2022
|
|
|
|
|
Cybersecurity Tip of the Month
It's the time of year where many are busy making resolutions as they look ahead to the future, so why not make a New Year's resolution to evaluate your personal cybersecurity practices and implement habits that will keep you safe and secure? All of these tips are a great place to start!
Change your passwords. Changing passwords yearly can help ensure that any accounts with usernames and passwords that may have been accessed in a data breach are not compromised. Password keepers can help make this task much simpler.
Check auto-update settings on all devices. Having auto-updates enabled on phones, tablets, and computers is a great way to stay protected and can easily be done in the settings menu.
Enable multi-factor authentication (MFA) wherever possible. I’ve mentioned MFA frequently as a helpful way to ensure you are the only one who can access your account. MFA can be enabled on personal email accounts, corporate email accounts, bank accounts, and social media.
Back up your personal data. This practice can keep you safe from unexpected losses of important data. Backing up personal data should be a monthly habit, but if it’s been a while for you, do it now.
|
|
|
|
|
|
