#cyber security shares | Explore Tumblr Posts and Blogs

jcmarchi · 2 months

Text

U.S. Treasury warns financial sector, AI threats “outpacing” security - CyberTalk

New Post has been published on https://thedigitalinsider.com/u-s-treasury-warns-financial-sector-ai-threats-outpacing-security-cybertalk/

U.S. Treasury warns financial sector, AI threats “outpacing” security - CyberTalk

EXECUTIVE SUMMARY:

According to a new U.S. Treasury Department report, the financial services industry is extremely vulnerable to cyber threats that weaponize AI-based tools. The report provides warning to the industry at-large, while also sharing best practices and advocating for AI-based threat prevention.

The “…report builds on our successful public-private partnership for secure cloud adoption and lays out a clear vision for how financial institutions can safely map out their business lines and disrupt rapidly evolving, AI-driven fraud,” stated Under Secretary for Domestic Finance, Nellie Liang.

AI-powered attacks

According to high-level stakeholders who hail from financial technology companies, generative AI capabilities may give the “upper hand” to cyber criminals.

Experts anticipate that AI will supercharge malware potency, social engineering tactics, vulnerability discovery (on the part of hackers) and disinformation campaigns – including deepfake videos that show impersonation of executives.

Financial institutions have long utilized AI for cyber security, anti-fraud and other operational purposes. However, many have stated that their current risk frameworks remain inadequate when it comes to preventing novel artificial intelligence-based attack vectors.

As AI models become more resource-intensive, over-reliance on third-party cloud providers also presents new cyber security risks.

Short-term recommendations

The Treasury report details several immediate measures that financial services companies can take to mitigate risks:

Leverage existing regulations. Although AI-specific rules are still emerging, many current cyber security, privacy and risk management regulations can be applied to AI system governance.

Improve anti-fraud data sharing. At present, large banks have a major advantage in building AI fraud detection models, as they have large data reserves. More public-private data pooling is needed.

Develop AI data supply chain mapping. Like nutrition labels for food, “AI nutrition labels” should be mandated to clarify the origins and parameters of training data used to build AI models.

Cyber workforce transformation. Static training programs must be overhauled in order to develop AI-fluent cyber security professionals; talent that can effectively operationalize AI-based tools while upholding ethics, security and privacy standards.

Push for increased government coordination. An inconsistent patchwork of state/federal AI rules presents a tangle of different challenges. Aligned regulations and public-private partnerships are needed in order to effectively combat threats.

Long-term solutions

In order to address the AI-based cyber security challenges outlined by the U.S. Department of the Treasury, financial institutions are also encouraged to explore Check Point’s industry-leading AI cyber security offerings.

Check Point’s unified cloud security platform secures financial AI workloads and data across public clouds, private clouds and on-premises, using comprehensive AI-powered security services.

Given how AI-based cyber threats are intensifying, banks and fintech groups need to urgently prioritize AI risk management programs, upgrading defenses before disruptive attacks manifest.

Early mover advantage

When it comes to getting ahead of the AI security curve, there is such thing as an early-mover advantage. By partnering with Check Point, financial institutions can acquire the strategic vision and execution velocity required to outpace modern threats. To learn more about AI-powered, cloud-delivered cyber security solutions, please click here.

In addition, empower your organization through more great thought leadership. Discover new artificial intelligence focused thought leadership insights from CyberTalk.org, here. Lastly, to receive cutting-edge AI cyber insights, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.

1 note · View note

marketresearchdataigr · 5 months

Text

#Saudi Arabia Cyber Security Market #Market Size #Market Share #Market Trends #Market Analysis #Industry Survey #Market Demand #Top Major Key Player #Market Estimate #Market Segments #Industry Data

0 notes

mostlysignssomeportents · 4 months

Text

How I got scammed

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2024/02/05/cyber-dunning-kruger/#swiss-cheese-security

I wuz robbed.

More specifically, I was tricked by a phone-phisher pretending to be from my bank, and he convinced me to hand over my credit-card number, then did $8,000+ worth of fraud with it before I figured out what happened. And then he tried to do it again, a week later!

Here's what happened. Over the Christmas holiday, I traveled to New Orleans. The day we landed, I hit a Chase ATM in the French Quarter for some cash, but the machine declined the transaction. Later in the day, we passed a little credit-union's ATM and I used that one instead (I bank with a one-branch credit union and generally there's no fee to use another CU's ATM).

A couple days later, I got a call from my credit union. It was a weekend, during the holiday, and the guy who called was obviously working for my little CU's after-hours fraud contractor. I'd dealt with these folks before – they service a ton of little credit unions, and generally the call quality isn't great and the staff will often make mistakes like mispronouncing my credit union's name.

That's what happened here – the guy was on a terrible VOIP line and I had to ask him to readjust his mic before I could even understand him. He mispronounced my bank's name and then asked if I'd attempted to spend $1,000 at an Apple Store in NYC that day. No, I said, and groaned inwardly. What a pain in the ass. Obviously, I'd had my ATM card skimmed – either at the Chase ATM (maybe that was why the transaction failed), or at the other credit union's ATM (it had been a very cheap looking system).

I told the guy to block my card and we started going through the tedious business of running through recent transactions, verifying my identity, and so on. It dragged on and on. These were my last hours in New Orleans, and I'd left my family at home and gone out to see some of the pre-Mardi Gras krewe celebrations and get a muffalata, and I could tell that I was going to run out of time before I finished talking to this guy.

"Look," I said, "you've got all my details, you've frozen the card. I gotta go home and meet my family and head to the airport. I'll call you back on the after-hours number once I'm through security, all right?"

He was frustrated, but that was his problem. I hung up, got my sandwich, went to the airport, and we checked in. It was total chaos: an Alaska Air 737 Max had just lost its door-plug in mid-air and every Max in every airline's fleet had been grounded, so the check in was crammed with people trying to rebook. We got through to the gate and I sat down to call the CU's after-hours line. The person on the other end told me that she could only handle lost and stolen cards, not fraud, and given that I'd already frozen the card, I should just drop by the branch on Monday to get a new card.

We flew home, and later the next day, I logged into my account and made a list of all the fraudulent transactions and printed them out, and on Monday morning, I drove to the bank to deal with all the paperwork. The folks at the CU were even more pissed than I was. The fraud that run up to more than $8,000, and if Visa refused to take it out of the merchants where the card had been used, my little credit union would have to eat the loss.

I agreed and commiserated. I also pointed out that their outsource, after-hours fraud center bore some blame here: I'd canceled the card on Saturday but most of the fraud had taken place on Sunday. Something had gone wrong.

One cool thing about banking at a tiny credit-union is that you end up talking to people who have actual authority, responsibility and agency. It turned out the the woman who was processing my fraud paperwork was a VP, and she decided to look into it. A few minutes later she came back and told me that the fraud center had no record of having called me on Saturday.

"That was the fraudster," she said.

Oh, shit. I frantically rewound my conversation, trying to figure out if this could possibly be true. I hadn't given him anything apart from some very anodyne info, like what city I live in (which is in my Wikipedia entry), my date of birth (ditto), and the last four digits of my card.

Wait a sec.

He hadn't asked for the last four digits. He'd asked for the last seven digits. At the time, I'd found that very frustrating, but now – "The first nine digits are the same for every card you issue, right?" I asked the VP.

I'd given him my entire card number.

Goddammit.

The thing is, I know a lot about fraud. I'm writing an entire series of novels about this kind of scam:

https://us.macmillan.com/books/9781250865878/thebezzle

And most summers, I go to Defcon, and I always go to the "social engineering" competitions where an audience listens as a hacker in a soundproof booth cold-calls merchants (with the owner's permission) and tries to con whoever answers the phone into giving up important information.

But I'd been conned.

Now look, I knew I could be conned. I'd been conned before, 13 years ago, by a Twitter worm that successfully phished out of my password via DM:

https://locusmag.com/2010/05/cory-doctorow-persistence-pays-parasites/

That scam had required a miracle of timing. It started the day before, when I'd reset my phone to factory defaults and reinstalled all my apps. That same day, I'd published two big online features that a lot of people were talking about. The next morning, we were late getting out of the house, so by the time my wife and I dropped the kid at daycare and went to the coffee shop, it had a long line. Rather than wait in line with me, my wife sat down to read a newspaper, and so I pulled out my phone and found a Twitter DM from a friend asking "is this you?" with a URL.

Assuming this was something to do with those articles I'd published the day before, I clicked the link and got prompted for my Twitter login again. This had been happening all day because I'd done that mobile reinstall the day before and all my stored passwords had been wiped. I entered it but the page timed out. By that time, the coffees were ready. We sat and chatted for a bit, then went our own ways.

I was on my way to the office when I checked my phone again. I had a whole string of DMs from other friends. Each one read "is this you?" and had a URL.

Oh, shit, I'd been phished.

If I hadn't reinstalled my mobile OS the day before. If I hadn't published a pair of big articles the day before. If we hadn't been late getting out the door. If we had been a little more late getting out the door (so that I'd have seen the multiple DMs, which would have tipped me off).

There's a name for this in security circles: "Swiss-cheese security." Imagine multiple slices of Swiss cheese all stacked up, the holes in one slice blocked by the slice below it. All the slices move around and every now and again, a hole opens up that goes all the way through the stack. Zap!

The fraudster who tricked me out of my credit card number had Swiss cheese security on his side. Yes, he spoofed my bank's caller ID, but that wouldn't have been enough to fool me if I hadn't been on vacation, having just used a pair of dodgy ATMs, in a hurry and distracted. If the 737 Max disaster hadn't happened that day and I'd had more time at the gate, I'd have called my bank back. If my bank didn't use a slightly crappy outsource/out-of-hours fraud center that I'd already had sub-par experiences with. If, if, if.

The next Friday night, at 5:30PM, the fraudster called me back, pretending to be the bank's after-hours center. He told me my card had been compromised again. But: I hadn't removed my card from my wallet since I'd had it replaced. Also, it was half an hour after the bank closed for the long weekend, a very fraud-friendly time. And when I told him I'd call him back and asked for the after-hours fraud number, he got very threatening and warned me that because I'd now been notified about the fraud that any losses the bank suffered after I hung up the phone without completing the fraud protocol would be billed to me. I hung up on him. He called me back immediately. I hung up on him again and put my phone into do-not-disturb.

The following Tuesday, I called my bank and spoke to their head of risk-management. I went through everything I'd figured out about the fraudsters, and she told me that credit unions across America were being hit by this scam, by fraudsters who somehow knew CU customers' phone numbers and names, and which CU they banked at. This was key: my phone number is a reasonably well-kept secret. You can get it by spending money with Equifax or another nonconsensual doxing giant, but you can't just google it or get it at any of the free services. The fact that the fraudsters knew where I banked, knew my name, and had my phone number had really caused me to let down my guard.

The risk management person and I talked about how the credit union could mitigate this attack: for example, by better-training the after-hours card-loss staff to be on the alert for calls from people who had been contacted about supposed card fraud. We also went through the confusing phone-menu that had funneled me to the wrong department when I called in, and worked through alternate wording for the menu system that would be clearer (this is the best part about banking with a small CU – you can talk directly to the responsible person and have a productive discussion!). I even convinced her to buy a ticket to next summer's Defcon to attend the social engineering competitions.

There's a leak somewhere in the CU systems' supply chain. Maybe it's Zelle, or the small number of corresponding banks that CUs rely on for SWIFT transaction forwarding. Maybe it's even those after-hours fraud/card-loss centers. But all across the USA, CU customers are getting calls with spoofed caller IDs from fraudsters who know their registered phone numbers and where they bank.

I've been mulling this over for most of a month now, and one thing has really been eating at me: the way that AI is going to make this kind of problem much worse.

Not because AI is going to commit fraud, though.

One of the truest things I know about AI is: "we're nowhere near a place where bots can steal your job, we're certainly at the point where your boss can be suckered into firing you and replacing you with a bot that fails at doing your job":

https://pluralistic.net/2024/01/15/passive-income-brainworms/#four-hour-work-week

I trusted this fraudster specifically because I knew that the outsource, out-of-hours contractors my bank uses have crummy headsets, don't know how to pronounce my bank's name, and have long-ass, tedious, and pointless standardized questionnaires they run through when taking fraud reports. All of this created cover for the fraudster, whose plausibility was enhanced by the rough edges in his pitch - they didn't raise red flags.

As this kind of fraud reporting and fraud contacting is increasingly outsourced to AI, bank customers will be conditioned to dealing with semi-automated systems that make stupid mistakes, force you to repeat yourself, ask you questions they should already know the answers to, and so on. In other words, AI will groom bank customers to be phishing victims.

This is a mistake the finance sector keeps making. 15 years ago, Ben Laurie excoriated the UK banks for their "Verified By Visa" system, which validated credit card transactions by taking users to a third party site and requiring them to re-enter parts of their password there:

https://web.archive.org/web/20090331094020/http://www.links.org/?p=591

This is exactly how a phishing attack works. As Laurie pointed out, this was the banks training their customers to be phished.

I came close to getting phished again today, as it happens. I got back from Berlin on Friday and my suitcase was damaged in transit. I've been dealing with the airline, which means I've really been dealing with their third-party, outsource luggage-damage service. They have a terrible website, their emails are incoherent, and they officiously demand the same information over and over again.

This morning, I got a scam email asking me for more information to complete my damaged luggage claim. It was a terrible email, from a noreply@ email address, and it was vague, officious, and dishearteningly bureaucratic. For just a moment, my finger hovered over the phishing link, and then I looked a little closer.

On any other day, it wouldn't have had a chance. Today – right after I had my luggage wrecked, while I'm still jetlagged, and after days of dealing with my airline's terrible outsource partner – it almost worked.

So much fraud is a Swiss-cheese attack, and while companies can't close all the holes, they can stop creating new ones.

Meanwhile, I'll continue to post about it whenever I get scammed. I find the inner workings of scams to be fascinating, and it's also important to remind people that everyone is vulnerable sometimes, and scammers are willing to try endless variations until an attack lands at just the right place, at just the right time, in just the right way. If you think you can't get scammed, that makes you especially vulnerable:

https://pluralistic.net/2023/02/24/passive-income/#swiss-cheese-security

Image: Cryteria (modified) https://commons.wikimedia.org/wiki/File:HAL9000.svg

CC BY 3.0 https://creativecommons.org/licenses/by/3.0/deed.en

#pluralistic #social engineering #phishing #ai #swiss cheese security #infosec #finance #fraud #carding

10K notes · View notes

neha24blog · 6 months

Text

Healthcare Cyber Security Market Focusing On The Basis Of Type Of Solutions, Type Of Threats, End Use, Type Of Security, Deployment, Region And Forecast 2028: Grand View Research Inc.

San Francisco, 6 Dec 2023: The Report Healthcare Cyber Security Market Size, Share & Trends Analysis Report By Type Of Solution, By Type Of Threat, By End Use, By Type of Security, By Deployment, By Region, And Segment Forecasts, 2023 – 2030 The global healthcare cyber security market size is expected to reach USD 56.3 billion by 2030, according to a new report by Grand View Research, Inc. The…

View On WordPress

#Healthcare Cyber Security Industry #Healthcare Cyber Security Market #Healthcare Cyber Security Market 2023 #Healthcare Cyber Security Market 2030 #Healthcare Cyber Security Market Revenue #Healthcare Cyber Security Market Share #Healthcare Cyber Security Market Size

0 notes

valiantzombieballoon · 7 months

Text

#education #computer course #cyber security #share market #ecommerce #web design #online shpping site #graphic design #celebrities #politics

1 note · View note

marketwire · 7 months

Text

The automotive cyber security market is a rapidly growing market that is expected to reach a value of USD 14.22 billion by 2030, growing at a CAGR of 20.93% from 2023 to 2030. This growth is being driven by a number of factors, including the increasing complexity of automotive systems, the growing adoption of connected cars, and the rising number of cyber threats targeting vehicles.

#automotive cyber security market #automotive cyber security market share #automotive cyber security market size

0 notes

aishavass · 9 months

Link

#adroit market research #cyber security market #cyber security market share #cyber security market size #cyber security market growth

0 notes

futuretonext · 10 months

Text

The Global Automotive Cyber Security Market is projected to grow at a CAGR of around 14.8% during the forecast period, i.e., 2022-27. The new cybersecurity compliance, including UNECE WEP.29, Auto Data (China), ISO/SAE 21434, etc., issued by various countries like the US, Europe, & China, has surged the demand for automotive cybersecurity solutions from various OEMs, such as BMW, GM, Ford, Kia, Mahindra, among others.

#Global Automotive Cyber Security Market #Global Automotive Cyber Security Market size #Global Automotive Cyber Security Market share #Global Automotive Cyber Security Market Indfustry #Global Automotive Cyber Security Market growth

0 notes

market-insider · 11 months

Text

Cyber Security Evolving Landscape: Market Insights and Outlook

The global cyber security market size is projected to reach USD 500.70 billion by 2030. The rise in the number of cyber-attacks during the pandemic kept the cyber security solutions’ demand upbeat in 2020. The trend is expected to continue post-pandemic and over the forecast period owing to several firms adopting hybrid working and BYOD trends resulting in an increase in the number of endpoint devices and anonymous network access, putting the organization's IT systems at risk.

Gain deeper insights on the market and receive your free copy with TOC now @: Cyber Security Market Report

Cybersecurity is a critical and ever-evolving field that safeguards our digital world from an array of threats. With the rapid expansion of technology and interconnectedness, protecting sensitive information, infrastructure, and individuals from cyberattacks has become a paramount concern. Cybersecurity experts employ a combination of proactive measures and responsive strategies to detect, prevent, and mitigate potential risks. These measures include robust firewalls, encryption protocols, multi-factor authentication, and continuous monitoring systems. Additionally, staying vigilant against emerging threats, such as malware, phishing, and ransomware, is essential in maintaining a secure online environment. As technology advances, the importance of cybersecurity continues to grow, emphasizing the need for collaborative efforts among governments, businesses, and individuals to safeguard our digital ecosystem.

The introduction of advanced cyber security solutions, increasing cost of data breaches, emerging enterprise mobility trends, and stringent government regulations are some of the factors expected to drive the market growth. The evolving cyber threat landscape requires sophisticated cyber security solutions that facilitate real-time threat detection and response while also helping in cutting down data breach costs. Further, several governments worldwide have introduced data protection laws, compelling end-user organizations to deploy cybersecurity solutions to safeguard consumer data.

#Cyber Security Market Size & Share #Global Cyber Security Market #Cyber Security Market Latest Trends #Cyber Security Market Growth Forecast #COVID-19 Impacts On Cyber Security Market #Cyber Security Market Revenue Value

0 notes

marciodpaulla-blog · 1 year

Text

Shared Responsibility in Cybersecurity: The Triad of Software Developers, Regulatory Bodies, and End-Users in the Digital Age

As we continue to delve deeper into the digital age, the significance of cybersecurity grows exponentially, becoming a pivotal cornerstone in safeguarding our interconnected realm. This essential mechanism acts as a robust shield, defending our digital assets – be they personal, corporate, or governmental – from an array of threats, ranging from data breaches to complex…

View On WordPress

#Access Control #Cyber Threats #Cybersecurity #Cybersecurity Awareness #Cybersecurity Regulation #Cybersecurity Training #Data Privacy #Data Protection #Digital Age #End-Users #Future Trends #Incident Response #Innovation #Real-World Examples #Regulatory Bodies #Security by Design #Shared Responsibility #Software Developers #technology

0 notes

arientocinc · 1 year

Text

Know About The Cyber DFARS Clause And System Security Plans

Hey there, fellow cyber enthusiasts! Are you aware of the latest update in the Cybersecurity world? The Cyber DFARS Clause and System Security Plans have been brought into the limelight, and it's high time you got up to speed. In a world where cyber threats are rampantly increasing, it's essential to ensure that organizations' systems and information are secure. The Cyber DFARS Clause is a mandatory requirement for Department of Defense (DOD) contractors, while the System Security Plan is an essential component of an organization's security framework. So, if you're interested in knowing more about these topics, this blog post is for you! Join me as we delve deeper into the world of the Cyber DFARS Clause and System Security Plans.

Cyber DFARS Clause implementation is a critical aspect for businesses handling government contracts. DFARS stands for Defense Federal Acquisition Regulation Supplement, which is the set of rules placed by the Department of Defense (DoD) for safeguarding its sensitive information from any cyber threats. The DFARS clause mandates all DoD contractors to protect controlled unclassified information (CUI) while it is being processed or stored within their internal IT systems. The key requirement of the Cyber DFARS Clause is the implementation of a System Security Plan or SSP, which outlines the detailed security measures and protocols necessary to safeguard CUI. Any breach may result in heavy penalties imposed by the government, which is why companies must have a proper security plan in place.

ITAR File Share is a platform used by many organizations to securely share files containing sensitive information. With the Cyber DFARS Clause in effect, it is important for organizations to have a System Security Plan in place to protect their data from cyber threats. The DFARS Clause mandates that contractors and subcontractors implement specific Cybersecurity measures to safeguard information within their information systems. These protections are necessary to ensure that sensitive information, like that which may be stored on an ITAR File Share platform, remains secure and out of the hands of cybercriminals. By implementing a comprehensive System Security Plan, companies can rest assured that they are meeting the requirements of the Cyber DFARS Clause and protecting their valuable data.

System Security Plans are a vital requirement for any organization that deals with Controlled Unclassified Information (CUI). It enables organizations to ensure the confidentiality, integrity, and availability of information and information systems. The Cyber DFARS Clause mandates that any organization that deals with CUI must have a System Security Plan (SSP) in place. The SSP outlines the organization’s information security policies, procedures, and controls to protect CUI. The SSP also identifies the system and network boundaries, system configurations, and mechanisms for protecting the confidentiality, integrity, and availability of CUI. Therefore, every organization must develop a robust SSP to comply with the Cyber DFARS Clause and boost their Cybersecurity stance.

In conclusion, we can't emphasize enough the importance of having a solid System Security Plan (SSP) in place. With the Cyber DFARS Clause in effect, it's crucial for any organization dealing with CUI to have information security policies and procedures to keep their data safe. By identifying system boundaries, configurations, and mechanisms for protecting CUI confidentiality, integrity, and availability, you'll be one step closer to boosting your Cybersecurity stance. So let's take proactive steps towards securing our data and systems, and protect ourselves from cyber threats!

#cyber dfars clause #ITAR File Share #system security plan #CUI DFARS

0 notes