Future of Cybersecurity - Trends and Scope

As we come to the end of writing our weekly blog, I want to focus on what would be the future of Cybersecurity. I found this article written by Nuchumbeni Yanthan that discusses what cybersecurity looks like from the time that we in and for the next generation, and how cyber high demanding career are. The cybersecurity job employment rate is estimated at 100% and the worldwide cybersecurity market will reach approx. six billion in 2023 job opportunities. The writer states that emerging technologies including Artificial Intelligence (AI), Machine Learning, Cloud computing, and the internet of Things (IoT) will strike the future of cybersecurity.

The future of the cybersecurity industry will reverse in the next upcoming years. Here is what the probable future of cyber security might look like:

·  Contribution of Machine learning and AI

·    Quantum computing raises the capacity of hackers and defenders.

·   Obsolete technologies impact cybersecurity after each upgradation

·   Nature of cybersecurity threats

·   Nature of cybersecurity practice

What is the future scope of cyber security?

There are numerous scopes of cybersecurity with the amplification of malicious actors. Cybersecurity is a technology-driven field with AI and machine learning playing a huge role. Mobile computing and wireless network infrastructure will also rely on third-party cloud platforms. 

What are the job roles in cybersecurity?

The types of job roles that will be available in the field of cybersecurity.

Chief Information Security Officer

Digital Forensic Analyst

Ethical Hacker

Information security Analyst

Incident Handler

Penetration Tester/Vulnerability Analyst

Security Software Developer

Network Engineer/Security Architect

In the future, cybersecurity will be a top priority for every company, and the cybersecurity industry is expected to grow by 44% in the next five years. As the industry grows, it will require more professionals and companies to hire cybersecurity professionals.

LinkedIn introduces AI tool to write job ads for you.

This article was written by JustinasVainilavičius about LinkedIn adding an AI tool to write job Ads for you.

LinkedIn, a Microsoft-owned social media platform for professionals and job seekers, has announced it was testing an AI-powered tool to write job ads automatically. LinkedIn states that the new tool leverages an advanced GPT model from Microsoft-backed Open AI and will help hirers to find qualified candidates more quickly.

LinkedIn has also announced an AI assistant to help users spruce up their profiles, and 100 new LinkedIn Learning courses focused on the subject, including 20 dealing specifically with generative models.

Although the company provides, and offers different features; however, it’s concerned with security level.

Cyber Women: if they got into cybersecurity, so can you.

As we celebrate Women International Day this week, I want to write about how we can represent women in the professional Cybersecurity world. This article reminds me of how hard it is for women to work in any field. There are still challenges that we face, and discrimination exists in any field. On the positive side, more jobs become possible, and more opportunities offered to us in a variety of fields including Cyber Security.

According to Cyber Women: if they got into cybersecurity, so can you article, the international cybersecurity membership organization (ISC)2 states, women make up 24% of the cybersecurity workforce, with much lower percentages in some parts of the world. Worryingly, the struggle is not over once a woman elbows her way into the field. The (ISC)2 study revealed that 30% of female employees feel discriminated against at work.

The women in Cybersecurity research showed that younger women face less severe pay discrepancies than the Baby Boomer generation, but there is room left for progress, as women’s salaries still need to catch up. 17% of women earn $50,000 to $99,999, compared to 23% of men.

According to the Empowering Women to work in Cybersecurity is a Win-Win study by the Boston Consulting Group (BCG) and Global Cybersecurity Forum, 37% of women believe that achieving a good work life balance in the field is difficult for females, who also want to raise a family.

In this field, mentors are needed.

The Cybersecurity field is 3.4 million workers short of demand. And bringing more women on board is one of the ways to address the issue.

According to the (ISC)2 cybersecurity workforce study, 57% of companies plan to invest in initiatives to attract more women and minorities to the field to address the skills shortage.

According to Phanneth Wood, global solutions director at a cybersecurity firm stated, “Don’t assume there is anything you can’t do. Do not be afraid to apply for the job you think someone else might do better than you. Get out of your own way! Go for it! Find a mentor who has overcome similar obstacles, make sure your performance and work ethic demonstrate persistence and perseverance, learn the technology, and highlight your experience and expertise.”

The article concludes that everyone is Welcome and people even from a different background knowledge such as psychology can be beneficial for the cyber field. 

References

Google has rolled out client-side encryption for Gmail on several of its services.

What is Client-side encryption?

Client-side encryption is the cryptographic technique of encrypting data on the sender’s side, before it is transmitted to a server such as cloud storage.

How to enable client-side encryption for Gmail

Google announced that Gmail client-side encryption (CSE) is now available for Google Workspace Enterprise Plus, Education plus, and Education standard customers. The CSE feature ensures that data sent in an email, including attachments, will be unreadable and encrypted prior to arriving at Google’s servers. Google stated that “it gives organization higher confidence that any third party, including Google and foreign governments, cannot access their confidential data.”

Here are the steps that need to be taken:

Make sure your admin enabled CSE.

Click ‘Compose’ on Gmail

Find the lock symbol on the right side

Clicking on the symbol prompts security options

Find ‘Additional Encryption’

Click ‘Turn On’

The features will be off by default; company admins must take steps to enable the new feature. To do that, admins need to access the CSE on the domain or Google Group level (Admin console>Security>Access and data control>Client-side-encryption)

While CSE adds a layer of security to email communications, it’s not the same as end to end encryption (E2EE). With E2EE, only the recipient can unscramble the message, as it is encrypted locally on the sender’s device.

 According to Google, the Gmail CSE feature is not yet available for users with personal accounts and Google Workspace essentials, business starter, business standard, business plus, enterprise essentials, education fundamentals, frontline, nonprofits, or legacy G Suite Basic and business.

References: https://cybernews.com/news/how-to-enable-client-side-encryption-gmail/

Ten Ways to Prevent Cyber Attacks.

This week, I focused on finding an article that discusses solutions for cyber-attacks.  One of the articles that I found is from a Cloud company called leaf that provides IT services including cyber security. 

This article discusses the concept of cyber-attack, gives examples of common cyber-attacks and types of data breaches in environments such as business and organization. The article also discusses prevention as essential for every business and organization.

Train your stuff

Need to:

Check links before clicking on them.

Check email addresses from the received email.

Use common sense before sending sensitive information.

2. Keep your software and systems up to date.

Invest in patch management that will manage and system updates, keeping your system resilient and up to date.

3. Ensure endpoint protection.

Endpoint protection protects networks that are remotely bridged to devices.

4. Install Firewall

Putting your network behind a firewall is one of the most effective ways to defend yourself from any cyber-attack.

5. Back your data

6. Control access to your systems

7.  Wi-Fi Security

8 .Employee personal accounts

Every employee needs their own login for every application and programs.

9. Access Management

Having managed admin rights and blocking your staff installing or even accessing certain data on your network is beneficial to your security. it’s your business, protect it.

10. Password

Having different passwords setup for every application you use is a real benefit to your security and changing them often will maintain a high level of protection against external and internal threats.

References: https://leaf-it.com/10-ways-prevent-cyber-attacks/#:~:text=Putting%20your%20network%20behind%20a,we%20can%20help%20you%20with.

Thousands stranded over Lufthansa IT fault.

This week, I want to discuss the incident that took place with thousands of passengers stranded in Frankfurt at the busiest airport, because of IT System failure.   It is an unfortunate situation for everyone, and it is inconvenient for the customer being stuck in the airport. I remember being stranded and staying overnight in Chicago International Airport four years ago, thankfully it was not an international flight. However, it was not fun.

In this article, it discusses that there were flight delays and disruption and according to Lufthansa airline, this global system outage was caused after an incident Telekom’s glass-fiber cables during construction work in Frankfurt.  

Passengers stated on social media that the failure had forced the company to organize the boarding of planes with pen and paper and that it was unable to digitally process passenger’s luggage.

In a tweet, Lufthansa said: “Currently, the airlines of the Lufthansa Group are affected by an IT outage. This caused flight delays and cancellations. We regret the inconvenience this is causing our passengers.”

The IT system failure comes two days ahead of planned strikes at seven German airports that are expected to lead to major disruptions, including potentially at the Munich Security Conference where world leaders are expected to gather.

The number of risks is growing in the airline industry. What would be the solution for the future for IT failure to improve the operational systems?

References: https://cybernews.com/news/thousands-stranded-over-lufthansa-it-fault/

Why your smart TV may not be a smart choice after all.

This week, I read about smart TV choice and how it has a risk that comes with it. If you’re planning to have a smart TV in the future, here is what you must know. According to a report from the consumer group Which. Smart TVs and other smart devices could lose features and become a security risk after as little as two years.

The article discusses that “After approaching 119 brands about hundreds of smart device products, which? found that very few even came close to matching their expected lifespan with their smart update policies.”

LG smart TVs, for example, are only guaranteed support for just two years after launch — although the company did tell Which? that its TVs might get up to five years of support for critical security vulnerabilities.

Meanwhile, Sony only offers guaranteed support for its smart TVs for two years from launch, with Samsung promising just three years.

Some manufacturers are better, with Hisense promising to support its smart TVs for 10 years — more than a smart TV's expected lifespan.

"It’s unfair for manufacturers to sell expensive products that should last for many years and then abandon them," says Rocio Concha, Which? director of policy and advocacy.

How devices are vulnerable

According to research from NordVPN, more than half of households in the UK, Canada, Australia, the US, and Germany have an internet-connected TV. Many come with cameras and microphones built in, and as they generally run over Wi-Fi, could give hackers access to other devices on the same network, including the router.

In 2018, a Consumer Reports investigation found that millions of smart TVs from Samsung and TCL could potentially be taken over by hackers through easy-to-find security flaws, allowing them to change TV channels, turn up the volume, play unwanted YouTube videos, or disconnect the TV from its Wi-Fi connection.

And meanwhile, TV manufacturer Vizio was fined $2.2 million by the Federal Trade Commission (FTC) in 2017 for tracking what its customers were watching and selling the information to advertisers.

What to look for

Signs that a smart TV might have been hacked or infected with malware include unexpected pop-ups or messages, slow performance, unfamiliar applications, a change in settings, or an unresponsive remote control.

To an extent, users may be able to opt out of some data collection through the manufacturer's privacy pages. However, it's important to make sure that doing this doesn't mean opting out of updates as well — which are, of course, the best defense against security vulnerabilities and other bugs.

It's also a good idea to secure Wi-Fi routers with strong passwords, and perhaps by installing a virtual private network (VPN) if possible.

Users should be careful about content from unfamiliar sources and avoid connecting any unsecured devices. And it will also reduce the chances of malicious activity by disabling any unused features, restricting always-on access by microphones or cameras, or even covering up the webcam.

Reference: https://cybernews.com/security/smart-tv-problems/

GoodRX leaked user health data to tech giants, FTC says.

How well do we trust companies nowadays?  This week, I learned that the good company (GoodRX) App that offers a discount on Medication has shared user’s data such as health conditions and what type of medication they are on without user permission.

The article discusses that GoodRX, the popular drug discount app, secretly and without authorization, shared details on users’ illnesses and medicine with companies like Facebook and Google, the US Federal Trade Commission state in consumer alert. Furthermore, the FTC now says all this came at high cost since 2017, GoodRx has been sharing users’ sensitive health data with firms then using the information for ad-targeting.

 Now, it all makes sense why the company offers a big discount on the medication. I wonder how many people would continue using GoodRX after learning their data is out there. Would you continue using the App for a discount?

The app has been used by millions of Americans, eager to find lower prices on prescriptions like antidepressants, HIV medications, or treatments for other diseases.

The FTC now says all this came at a high cost – since at least 2017, GoodRx has been sharing users’ sensitive health data with firms that then use the information for ad-targeting.

According to the regulators, the digital health platform “broke its promises to users about how it would use and share their personal health information.” GoodRx, the FTC says, shared data about users’ health conditions and prescription drugs with tech giants without users’ permission – and contrary to what it told users in its privacy policy.

“GoodRx then used that sensitive health information to target its users with health ads on users’ social media feeds,” the FTC said.

“To generate those ads, GoodRx shared with Facebook and others information about its users’ prescription medications and sensitive health concerns — things like erectile dysfunction or treatments for sexually transmitted diseases. Worst of all, it failed to tell its users.”

GoodRX will have to pay a $1.5 million penalty and, if the judge approves the proposed settlement order, will be permanently prohibited from sharing health data with relevant third parties like Facebook that would use it for advertising.

Reference: https://cybernews.com/news/goodrx-leaked-user-health-data-ftc/

Bitdefender Antivirus review: is this the ultimate antivirus?

There are a lot of antiviruses offers out there, but how can we choose which one is better. For this week, I found this article that drew my attention. This article discusses Bitdefender is one of the most popular and top-rated antivirus providers in 2023. It offers great performance results, has a reliable malware scanner, includes a built-in VPN, a password manager, and many other useful features.

Additionally, Bitdefender has several plans for very attractive prices and different OS coverage. The most popular plans are Bitdefender Internet Security and Total Security. With those plans, you get a well-rounded security package that protects you from all possible threats.

In the review of Bitdefender there are different features that is included and discussed between the Pro and Con. Here are a few examples on Pro and Con.

Pro:

Free version

Best-in-class malware detection

All editions have built-in VPN

Flexibly adapts to your hardware specifications

Relies on Global Protection Network

Automatically installs required system updates

Multi-layered ransomware protection

30-day trials for all paid plans

Customer support available on all editions

Con:

Restrictive VPN capabilities

macOS support only with paid plans

The iOS app is a bit lackluster

Paid options are kind of expensive

Other than the comparison between Pro and Con, the article discusses that the Bitdefender the antivirus software is safe and secure for the users. The company claims that according to AV-Test, Bitdefender blocked 100% of threats during the testing period of April 2022. This included both 0-day and 4-week-old malware and viruses. It also scored the highest rating of 6 points in performance and usability. Furthermore, the company states that they provide a VPN included in the package.

References: https://cybernews.com/best-antivirus-software/bitdefender-antivirus-review/

Fake Telegram app used to spy on Android devices, says analyst.

The use of Mobile Apps on smartphones has been increasing for over a decade and most of us download a different App on our own phone for many reasons. However, we must do research and read about it before downloading the App. In recent months cybersecurity analyst discovered that a fake Telegram App was invented to spy on the user of Android device. 

What is Telegram?  Telegram is messenger a globally accessible, encrypted, cloud-based and centralized instant messaging service. It is an alternative way to communicate outside of WhatsApp.

In this article, it’s discussing how spyware program that mimics a web-based video-chat service and the popular social media messaging app Telegram to target Android users. Attributed to the threat group known as StrongPity, the fake Telegram app is offered free of charge to the unwary on a dummy version of Shagle – a video-chat service that only offers web-based resources.

Described by ESET as a “trojanized version” of Telegram, the bogus app is believed to have been used by the threat group to spy on targets since November.

“The campaign has distributed a malicious app through a website impersonating Shagle – a random-video-chat service that provides encrypted communications between strangers,” said ESET on its dedicated blog WeLiveSecurity.

“Unlike the entirely web-based, genuine Shagle site that doesn’t offer an official mobile app to access its services, the copycat site only provides an Android app to download, and no web-based streaming is possible.”

Worse, if the victim grants access to the StrongPity impostor app, this will enable the threat actors to exfiltrate or steal similar data from 17 other apps, including Viber, Skype, Gmail, Messenger, and Tinder.

The question that I have is: how do we know whether the App is fake or real? Here is the solution that I found to investigate more before downloading apps on our phone.

Check the Name

Check the Developer's Name

Check the Reviews

Check on the Dates.

Beware of Discount

Look at the screen shots.

Read the descriptions.

The number of downloads

Permission

I found the tips from the article. please see the link if you would like to read about it. 

References: https://cybernews.com/news/fake-telegram-app-android/

Six ways to defend against a Ransomware Attack

About Twenty-seven percent of malware incidents reported in 2020 can be attributed ransomware. Ransomware cyber extortion that occurs when malicious software infiltrates computer systems and encrypts data, holding it hostage until the victim pays a ransom-can have a bigger impact on an organization than a data breach.

In the short term, ransomware can cost companies millions of dollars, and a potentially even greater loss over the long term, impacting reputation and reliability. However, there are actions that can be taken to reduce of the risk of ransomware attacks.

Conduct initial ransomware assessments

Enforce ransomware governance

Maintain consistent operational readiness

Back up, test, repeat ransomware response

Implement the principle of least privilege

Educate and train users on ransomware response actions

Source: