Situational awareness, simply put, is to know what’s going on around you. Humans are good at filtering out noises, voices, lights, smells, and any sensory combination. However, you have to remain vigilant about your surroundings. Don’t allow your screens to distract you to the point of unawareness.
Preston and I briefly speak with Tony Ayaz, CEO of Gemini, about cybersecurity situational awareness. We discuss what situational awareness is and what it means, or should mean, to you as an individual. Preston and I will actually speak more on this in a future one-on-one podcast.
The U. S. Coast Guard definition of situational awareness:
Situational Awareness is the ability to identify, process,
and comprehend the critical elements of information about
what is happening to the team with regards to the mission.
More simply, it’s knowing what is going on around you.
Length: 12:08 minutes. Format: MP3. Rating: G for all audiences.
You can engage Preston on Twitter at: @siggrapher and myself at: @kenhess.
I think we’re all a little too confident in our level of personal security and a little too careless with our personal information. Preston and I want to emphasize the importance of keeping your personal data secure and personal. Don’t allow the bad guys to make an easy mark of you. These survey results are surprising and you should stay vigilant, especially on social networks and on sites where you submit credit card data. Never save the data for later; enter it every time.
When it comes to cybersecurity, Americans are overconfident in their knowledge and skills, a study released today by Blumberg Capital found.
A few interesting highlights from the findings:
63% of Americans rate their knowledge of cybersecurity equal to or higher than the likes of Donald Trump
Shockingly, only a mere 7% of Americans are concerned with keeping their nude or racy photos and videos secure
Those surveyed find Social Networks and Dating Sites to be the least trustworthy (at 5% each) in keeping customers’ personal information safe
While 95% of adults expressed at least some concern about their personal information being hacked on e-Commerce sites, 54% of Americans who shop online trust online marketplaces, like eBay and Amazon, with their financial information
33% of Americans believe they are more secure online if they don’t save their credit card information. Others choose to only use PayPal or other trusted payment services (30%).
February 1st is a special day for Preston and me, here at SecurityNOW. I interviewed Preston! That’s right. We returned to the very cool Rose Rock Cafe over on Mingo Road to have the famous Baconator burger and to record Preston’s first SecurityNOW interview, where he’s the interviewee. Find out about Preston’s background and what he thinks the biggest security issues are. Preston also gives you some tips on how to protect yourself in this world of growing cybersecurity threats.
The interview is short and sweet, just like Preston, but you’ll learn a lot from it. Preston discusses good passwords, bad passwords, LastPass, two-factor authentication, and some physical security tips as well. There’s a lot packed into this 15-minutes, so take good notes, there will be a test at the end.*
February is a very special month too. February is SecurityNOW’s month of best practices. We’re going to produce several podcasts that give you real-world advice on how to protect yourself from the bad guys without having to change your entire life. We try to help you make security easy yet effective.
Length: 15:22 minutes. Format: MP3. Rating: G for all audiences. Background soundtrack: Rose Rock Cafe.
As promised on our 2017 Topics List, January is for cybersecurity resolutions. This podcast features Preston and me discussing a short list of cybersecurity awareness topics for personal and for business use. Staying secure in everything you do is very important. We can’t stress too much the importance of using very strong passwords, doing some regular housekeeping, being smart about opening email attachments, and protecting yourself from cyberstalkers who want to compromise your accounts and your identities.
We decided to try something different today and record our podcast at a little cafe that’s inside our favorite bookstore; The RoseRock Cafe* on South Mingo Road. The recommended choice is the Reuben sandwich on marbled rye bread, which is excellent, by the way.
The only problem with recording in public is that you’re subjected to random sounds, like the phone in the background that seems to ring and ring and ring. I know that the bookstore is staffed well enough that someone could have picked up. But that’s why we chose the cafe setting because we wanted those ambient sounds. Plus, there’s something ironic about discussing a security topic in a public place.
Length: 10:29 minutes. Format: MP3. Rating: G for all audiences.
This short podcast has a lot of good information in it about how to protect yourself. Over the coming weeks and months, Preston and I will return to public places to discuss cybersecurity and maybe even conduct a few impromptu interviews along the way.
*RoseRock Cafe & Bakery is not a SecurityNOW show sponsor, but they were kind enough to allow us to record our show there.
It’s not often you get to talk to a real cybersecurity expert. Simon is an expert programmer, cyberforensics expert, and a security maven. Recently he exposed a criminal who used a VPN (Secure, private connection to the Internet) who thought he’d gotten away. Simon’s investigative abilities proved otherwise. Simon owns eVestigator, a company that specializes in helping victims of hacks, breaches, and other cybercrimes. He’s the real deal and has the track record to prove it. Just look at the list of his certifications and diplomas. He also has solved more than 350 cybersecurity and cybercrime cases.
During this podcast, we discussed the role of artificial intelligence in cybersecurity and the human element, its removal, and its requirement.
Preston and I were glad to speak to Simon and hope to have him back on the show to discuss other hot security topics.
Length: 23:31 minutes. Format: MP3. Rating: G for all audiences.
Preston and I had the pleasure of speaking with Infocyte founder Chris Gerritz about how companies can actually be hacked and not know it. It’s shocking to think that a company and its resources can be exposed for three, six, or more months and never have a clue. In fact, new reports tell us that your company probably has been hacked already, whether or not you have safeguards in place. Infocyte’s HUNT product searches for and finds malware infections.
Companies need to take the threat of compromise seriously. Anti-virus and anti-malware software isn’t enough nor is it always effective.
It’s clear that current real-time security processes are simply ineffective at detecting post-compromise activity, especially as time passes after the initial breach.
Infocyte HUNT approaches threat detection from a completely new perspective – by presuming endpoints are already compromised. It provides an easy-to-use, yet powerful solution to limit risk and manage the breach detection gap by enabling an organization’s own IT and security professionals to proactively discover malware and persistent threats, active or dormant, that have successfully evaded existing defenses and established a beachhead within the network.
Advanced persistent threats (APTs), hackers, malware, viruses, phishing schemes, and over-the-network hacks are a constant and a continuous threat. The only way to know if you’ve been hacked is with a thorough search for rootkits, Trojan horses, viruses, and other malware infections and signs of hacking.
In this 19 minute podcast, Chris Gerritz gives you an overview of the problem and his Infocyte HUNT product as a solution to finding threats on your network.
Length: 19:10 minutes. Format: MP3. Rating: G for all audiences.
Remember to stay secure.
Please retweet us and tell everyone you know about the SecurityNOW show. #SecurityNOW
On January 6, I received a notice that over 10,000 MongoDB databases have been deleted by various groups of hackers over the last few days, confirming today’s security models are broken. I was shocked and wanted to investigate further, so I connected with Cryptzone for comment and scheduled a podcast interview with Jason Garbis, CISSP and VP of Products at Cryptzone.
By the time we connected for the podcast, more than 30,000 NoSQL databases had been compromised, had their data deleted or stolen, and in many cases, ransoms demanded.
To combat this, Cryptzone has rolled out the latest version of its Software Defined Perimeter offering, AppGate. AppGate transforms network security, employing an “authenticate first, connect second” approach.
Jason’s notes about the MongoDB and other NoSQL database attacks:
“Attacks – such as those against NoSQL databases, are exceptionally damaging but frustratingly they’re also preventable.”
“Exposing any system to the ‘Internet Cesspit’ is fundamentally a bad idea. All systems have weaknesses – whether it’s a vulnerability, poor configuration or inadequate controls. It’s far too easy for an attacker to use Shodan (a powerful search engine) to discover and then violate them.”
“Rather than putting all of their systems in the shop window, particularly one that doesn’t even have any glass to protect it, companies must wake up to the realization that a new approach to network security is required. Taking an identity-centric approach, so one that only permits authorized users to access resources, would effectively brick up the window to anyone that doesn’t know its there, locking the attackers out and rendering their malware impotent.”
Preston and I interviewed Jason about these recent exploits and found that the solution to the problem is very simple, but obviously overlooked.
Podcast details: Length: 17:59 minutes. Format: MP3. Rating: G for all audiences.
Think about the security of any data that’s exposed directly to the Internet or that’s exposed via web application. Setup two-factor authentication as an added measure against data exploitation.