Welcome back to the TCE Strategy monthly technology and cybersecurity newsletter! The mission of this publication is to cut through the clutter of cybersecurity news stories and provide you with the most important, relevant and actionable cybersecurity information.
If this newsletter adds value, fantastic! That is the goal. Please forward it on to friends/colleagues. If not, no hard feelings. Please look to the bottom for an easy to click "unsubscribe" button.
|
|
|
In this issue:
Month's News in Review
Upcoming Speaking Events
TCE Strategy in the News
Must Read Articles This Month
Cybersecurity Tip of the Month
|
|
Enjoy this month's newsletter? You can use this link to post on social media or send to friends! Thanks for sharing!
https://bryceaustin.com/newsletter/july-2022-news-tips-cyberseurity-news-review/
|
|
|
|
This Month's News in Review
|
|
|
It has been a BUSY month in the world of cyber security, so strap in and let’s get moving.
Honda has some egg on their face, or more specifically, on their keyfobs. A researcher has found a way to simulate wireless openers and can unlock Honda cars at will. Thankfully, this hack doesn’t let the criminal drive off with the car, but it does let them open the doors and trunk. The best remediation is to not leave valuables in your vehicle, which is good advice for any make/model of car.
The meltdown of the crypto currency market has investors fuming, but it is also allowing a number of really smart people that have been calling out some of the fundamental technology behind cryptocurrency to be heard. We need more regulation in this space, or scammers are going to keep scamming. I’d recommend that anyone who is invested in crypto or is considering doing so take some time and give this a read.
On the ransomware front, a group that TCE Strategy has had to tangle with is called “BlackCat”. I came across this article about them, but the most interesting part isn’t the BlackCat info – it’s that the researchers claim that by 2031, ransomware is going to become the world’s largest “shadow economy, causing more total damage than natural disasters,” which is saying a lot given the increase in natural disasters as the world continues to warm up.
As cyber war and kinetic war continue their merge until one becomes indistinguishable from the other, we have a rare example of CCTV footage that caught a cyberattack taking out a steel plant. If you work in the manufacturing space, your network needs a “SCADA” environment. “SCADA” environments harden the controls around the equipment in the plant that can cause plant disruption or life safety incidents. The same thing goes for many of the heating/cooling systems that I come across when doing network scans. Many of the “HVAC” panels in buildings are horribly insecure. If they are left on your internal network, they can be a launching point for cybercriminals to make attacks on other systems.
Finally, if you have cybersecurity liability insurance, it is imperative that you understand the security controls that the insurer requires you to have in place. If you don’t have those controls, you don’t have insurance. Travelers Insurance and an Illinois-based company called ICS are in court regarding this.
Until next month, stay safe!
|
|
Upcoming Speaking Events
Live events are back in action! Here is a list of the cities that I will be in for 2022. Please feel free to reach out if you have an event in mind.
August 4th-10th, Kauai and Honolulu, HI
September 14th-16th, San Diego, CA
September 19th-21st, Chicago, IL
October 19th-21st, Durham, NC
November 7th-9th, Tulsa, OK
|
|
|
|
Thank you to Mary K. Pratt for the opportunity to contribute to her article on how to negotiate vendor contracts.
|
|
|
|
|
|
Does your contract with your vendors include cybersecurity requirements? "A ransomware attack on an accounts receivables management firm affects more than 650 covered entity clients - including dental practices, physician groups and hospitals".
|
|
|
|
IoT security at its finest: "The research also found that the GPS tracker comes with a default password of “123456,” allowing anyone access to GPS trackers that have not changed their device’s password. BitSight found 95% of a sample of 1,000 devices it tested were accessible with an unchanged default password, likely because device owners aren’t prompted to change the device’s password on setup."
|
|
|
|
|
Why did he choose to represent himself in this trial? Why? I have mixed feelings on his actions. Does the government have the right to surveil whomever they choose with electronic backdoors? I thought the USA was founded on the exact opposite.
|
|
|
|
|
Cybersecurity Tip of the Month
Using a VPN to Protect Your Public Wi-Fi Use
Why Use a VPN?
Public Wi-Fi is convenient for many reasons: you can work away from home, it is often free, and you can use apps on your phone or tablet without using cellular data. However, public Wi-Fi is often unsecured and can provide an opportunity for cybercriminals to access personal information like login details, credit card information, and email communications. Hackers can also potentially inject malware into devices connected to unsecured networks.
One way to protect yourself from these threats is through the use of a Virtual Private Network (VPN) whenever you are connected to public Wi-Fi. VPNs protect your privacy by encrypting your Internet connection so that no one else is able to access the information you send over the network and are one of the best ways to protect yourself and ensure your public Wi-Fi use is secured.
How to Choose a VPN
There are many free and paid VPN services available, but not all of them are trustworthy. Be sure to choose a VPN that is highly rated for security and privacy. This article shares other aspects to consider as well as VPN recommendations: https://www.comparitech.com/blog/vpn-privacy/vpn-public-wifi/
Other Ways to Increase Privacy
While a VPN is one of the best ways to secure your public browsing, there are other steps you can take to ensure your online security:
- Enable multi-factor authentication for all accounts
- Only transmit personal information over websites with an HTTPS designation
- Turn off Wi-Fi when you aren’t using it to prevent automatically connecting to public Wi-Fi networks
- Update phone settings to forget networks so they are not saved
- Turn off sharing settings
|
|
|
|
|
|
