Nowadays the cyber security is essential for individuals, companies, economies, governments and nations as a whole. The reality is that all of them are trying to stay on track against the latest cyberattacks, but there are some countries committing most to cybersecurity.
One of the best ways to determine where most of the cyber attack really come from in real time is by using the map created by Norse.
(Source:Norse.com)
Another great alternative if you want to find out which are the countries best prepared against cyberattacks is to use the Global Cybersecurity Index (GCI) created by the International Telecommunication Union (ITU). As described by them it is “…a survey that measures the commitment of Member States to cybersecurity in order to raise awareness.” The GCI covers the five pillars of the ITU Global Cybersecurity Agenda (GCA): legal, technical, organizational, capacity building and cooperation.
Continue reading
In June 2018, Vietnam’s National Assembly passed a new cyber security law that has generated much concern for its stringent restrictions on popular social media organizations. Per the law that will go into effect January 1, 2019, tech companies would be compelled to store data about Vietnamese users on servers in-country, a move designed to improve the security of Vietnamese nationals. Vietnam has been historically weak when in it comes to cyber security, and has been ranked among the bottom regionally. According to a 2017 report by the United Nations’ International Telecommunications Union Global Cyber Security Index (GCI), Vietnam ranked 101 out of 165 countries in terms of being vulnerable to cyber attacks. The GCI is a survey that measures the commitment of member states to cybersecurity to classify and project development process at the regional and global levels.
There are several critics of the new cyber security law. Such a move – as has been expressed with regards to China’s new cyber laws – can potentially impact economic development and deter foreign investment. Perhaps more alarming, dissenters and even some Vietnamese lawmakers signed petitions and conducted peaceful demonstrations to denounce the new law. At the crux of this protest is the potential for the government to use this law in order to stifle human rights and privacy concerns such as online freedoms of speech and expression. According to the law, Vietnam’s authorities will have the discretion to determine when expression might be identified as “illegal” and restricted. It bans Internet users in Vietnam from organizing to conduct activities for “anti-state purposes” or to be allowed to distort the nation’s history. Unsurprisingly, Amnesty International has underscored how the law could empower the government to monitor everything people say online.
Continue reading
A recent interview of Russian President Vladimir Putin revealed insight into his – and by extension – Russia’s views concerning cyber attacks, and really the cyber domain, as a whole. Made at a joint press briefing with France’s president, when asked about alleged interference in the 2016 U.S. presidential election, Putin remarked: “Action always causes reaction” and that “If one does not want to get a reaction he does not like, rules for actions need to be set.” Putin pointed out that in the early days of nuclear weapons, governments had found a way to negotiate guidelines on their use, an effort that should be replicated in today’s political climate. While not necessarily as catastrophic as nuclear weapons, the potential impact is similar in that the disruption and/or destruction of interconnected information technology can potentially impact millions of people. The implication is certainly clear: an international understanding needs to be done sooner rather than later.
These public pronouncements of the Russian president are noteworthy as they provide insight into not only how Russia views the activities that transpire in cyberspace but express a potential avenue of engagement for world leaders to approach Russia on these issues. Cyber norms and discussions of how states have been ongoing in international forums. The preferred U.S. approach – via the United Nations Group of Experts in the Field of Information and Telecommunications in the Context of International Security (GGE) – notably stalled in June 2017, calling into question if this Western-preferred approach to establishing norms will succeed under this umbrella.
Continue reading
Recently, the U.S. Federal Trade Commission (FTC) is investigating whether Facebook, Inc. used personal data by an analytics firm associated with the Trump campaign. Specifically, the FTC is trying to determine if the company violated terms of an earlier consent decree when 50 million users’ data was transferred to Cambridge Analytica, a data and media consultancy firm. To date, Cambridge Analytica has been accused of misrepresenting the purpose of some of its data mining, which yielded something like 30 million Facebook profiles it could comb for data. This calls into question how consumer information is shared with other entities, particularly when consent was not provided.
Social Media & GDPR
This revelation has called into question how social media sights harvest the personal information from their platforms. As one article pointed out, “Some large-scale data harvesting and social manipulation is okay until the election. Some of it becomes not okay in retrospect.” This is indeed troubling in a time when personal information is constantly used by malicious actors for monetization purposes or used in support of the conduct of other operations (e.g., social engineering, spam, phishing, credential theft, etc.). A recent report by a content marketing agency revealed that Facebook logins can be sold for USD $5.20. Such access provides a criminal to a compromised individual’s contact list to target other individuals. According to the same report, an individual’s entire online identity – to include personal identifiable information and financial accounts – could be sold for USD $1,200.00. After initially denying the claim, Facebook acknowledged the breach and promised to take action.
Continue reading
First announced in 2015, the United Kingdom (UK) finally published its Digital Strategy that went into effect on March 1, 2017. Per the government’s website, the goal of this document is to provide a blueprint how the UK will build on its success to date in developing a world-leading digital economy that works for the greater good. This is particularly important given that the UK is a global capital for financial technology, which generated £6.6bn of revenue in 2015.
Continue reading
In early February 2017, Tallinn Manual 2.0 was published by Cambridge University Press. Led by the NATO Cooperative Cyber Defence Centre of Excellence, publication of the initial Tallinn Manual occurred in 2013 and focused on the applicability of international law to conventional state-authorized and operated cyber warfare. Authored by a group of international law experts, the recent follow-up focuses on a full spectrum of international law as applicable to cyber operations conducted by and directed against nation states, ranging from peacetime legal regimes to the law of armed conflict.
Continue reading
Former New York Mayor Rudy Giuliani has been tapped to be the President’s new “cyber security czar.” The appointment has been met with trepidation among those in the information security business who point out Mr. Giuliani’s lack of expertise in anything cyber-related, despite being Chair of the Cybersecurity, Privacy and Crisis Management Practice at a Miami-based law firm and advising companies on information security since 2002. In fact, critics cite recent reporting revealing that passwords used by Giuliani and 13 other top staff members have been leaked in mass breaches of websites like LinkedIn, MySpace, and others between 2012 and 2016.
Continue reading
in December 2016, Russian President Vladimir Putin approved a new information security doctrine, which updates the older 2000 version. The doctrine, a system of official views on the insurance of the national security of the country in the information sphere, regards the main threats to Russia’s security and national interest from foreign information making its way into the country, and sets priorities for countering them.
Continue reading
The new GDPR (General Data Protection Regulation- see the full document here ) issued by the EU earlier this year raises many questions among compliance and privacy officers. Who is required to comply with the GDPR and are companies really expected to revamp the entire way they handle customer privacy?
Continue reading
Cybersecurity is no longer a question about whether an employee should have access to Facebook. Information security teams are dealing with phishing attacks, access to business cloud applications, mobility and zero-second malware on a minute-by-minute basis. We live in a cyber world where we cannot control systems nor the people accessing them, nor can we lock down the same tools that make employees more efficient.
Continue reading
