identity

A world surrounded by disconnected data centers

Prediction 2026: Beginning of the end of the WWW

Lou Covey

As the world stumbles head on into deglobalization we predict national sovereign clouds will replace international access to data. That is good news for in-country corporations and for security companies in specific fields. It may not be so good for large multinational tech firms and people living in authoritarian countries. It may also mean the end of the World Wide Web.

Sovereign clouds used to be referred as proprietary clouds to keep intellectual property (IP) secure. National sovereign clouds today are used to control access to citizens private data. For big tech, multiple governments require organizations to comply with data protection laws requiring specific data residency and management practices. National sovereign clouds facilitate that within the country but create significant complexity for multinational operations. Even within a specific politico-economic bloc like the EU, there are different regulations within the bloc for data security.

In a recent blog post, Cory Doctorow summed up the current business climate caused by geopolitical shifts, "There's finally political space to stop worrying about tariffs and reconsider anti-circumvention laws, to create disenshittification nations that stage raids on the most valuable lines of business of the most profitable companies in world history – Big Tech."

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here
Read more...
SE Asia casinos that shut down during pandemic were turned into social-engineering call centers to scam wealthy individuals

Pig butchering: Proving the Luddites right

Lou Covey

Pig-butchering may be proving the Luddites were right. The social-engineering scam bypassed ransomware as the most profitable cybercrime approximately two years ago. After government regulations and law enforcement took a big bite out of returns for ransomware this past year, public-private partnerships are taking aim at the new champ.

TL;DR
* Pig butchering eclipses losses from ransomware
* Top targets are tech savvy people under 50
* Human error trumps cyber awareness
* Public/private partnerships making inroads at dismantling scam operations
* Tips to avoid scams
* Podcast with Arkose CEO
Between 2020 and 20023, scammers reaped more than $75 billion from victims around the world. Approximately 90 percent of the losses came from of purchasing fraudulent cryptocurrency, according to the US Treasury Department’s, Financial Crimes Enforcement Center. In comparison, ransomware attacks in that same period harvested $20 billion worldwide in ransoms and cost approximately another $20 billion in recovery costs.

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here
Read more...
Security expert collapsed from exhastion

Breach fatigue or too big to fail?

Lou Covey

As we prepare for the annual October holiday season with Cybersecurity Awareness Month there is an important question to ask. Are we as a society at the point of fatigue over every new security breach, or are the companies getting breached just too big to fail?

Security giant Fortinet announced a data breach this week that was remarkable in two ways. One was how small the breach was (less than 500GB) Two was how calm Fortinet seemed to be about. Security gadfly Dr. Chase Cunningham posted a flippant comment about the breach on Linkedin, encouraging his followers to “buy on the breach.” He pointed out that with big public companies, in security or not, generally take a hit on their stock for a day or two after a breach, but the stock rises to new highs as the dust clears. And no one seems to care about the downstream customers whose data might have been stolen.

A 2010 study published in the Journal of Cost Management concluded that a company could be more profitable if it annoyed unhappy customers more than they already were. The success of that strategy increased with the size of the company, according to the study, and when there were fewer competitors for a customer to turn to.

The reasons for the success were simple. If a pissed off customer decided to go a smaller provider, there were always new customers who signed up, simply because they were the biggest. If there were no smaller competitors, the customer never went away. In the process, the offending company rarely has to pay out to make the customer whole. The study pointed our that companies like United Airlines have notoriously bad customer service, but they rarely lose market share because of it.

Kevin Szczepanski, co-chair of Barclay Damon's Data Security, is much more forgiving

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here
Read more...
In this screenshot, camera footage shows a group of alleged neo-Nazis outside the home of Raw Story investigative reporter Jordan Green.

Scam Bucket: Innocence is no replacement for digital vigilance

Lou Covey

On Mastodon a poster asked last week, “Looking for an article or blog or text, that succinctly describes, at grade 1 level English, why ‘if you have nothing to hide, you have nothing to fear’ is a crazy and bad argument, and perhaps also includes what some good arguments are.” We thought that is an excellent idea for a Scam Bucket post. Let’s get to the biggest argument against that philosophy.

It may not be scandalous, like a drug addiction, pornography or drug dealing, but there is personal information that everyone wants to keep from someone like passwords, account number and routing number to your bank account, and social security numbers

People who ascribe to the philosophy will readily agree to those limitations of what should be available to public knowledge. What they may not be willing to admit that they have done something in their life that they are ashamed. As Jesus Christ once proclaimed, “No one is without sin. No, not one.”

Sometimes, the error is made in ignorance. Clicking on a link in an email that connects to a porn site. Being rude to a waiter or failing to give a tip. Road rage someone recorded without knowledge or consent. Sometimes it was a mistake they made when they were younger and didn’t know any better… or knew better and did it anyway.

Then there are things that people are totally innocent of but were accused of it anyway. An average of 200–300 people are arrested every year for felonies but are exonerated, according to the National Registry of Exonerations. If the arrest was reported in the news, it is likely the exoneration was not. So the news of the arrest still exists even though they did not commit the crime.

John Gilmore, director of research at the data-scrubbing service DeleteMe, related a story of Jordan Greene, a journalist who covered neo-Nazi rally in North Carolina. Members of the group picked out his face in a photo of the rally, ran it through facial recognition, found where he lived and showed up at his house holding burning flares.

A recent scam has arisen ...

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here
Read more...
Cyberint midyear report shows declinen in ransomware attacks per victim

Have we reached peak ransomware?

Lou Covey

Cybercrime reports flowing out of marketing departments still highlight the danger of ransomware. However, a closer look at the numbers reveals a much different story and poses the question: Have we reached peak ransomware?

Last year, ransomware attacks hit all-time highs with paid ransoms exceeding $1.1 billion and attacks exceeding 5000, according to FBI and Interpol reports. However, looking at midyear reports from Cyberint, SonicWall and Check Point and a dozen others, attacks and ransoms paid have crashed. Still, the crime is not to be discounted, and industry recommendations are to double down on efforts to combat the “scourge”.

There are three reasons why the ransomware industry is hitting a wall.

Law enforcement agencies, working In cooperation, have found the means to identify and shutdown ransomware gang operations around the world.
Potential victims have learned hard lessons regarding the gangs’ willingness and ability to decrypt data, and becoming repeat targets. They are deciding in greater numbers to ignore ransom demands, cutting into revenue streams.

The “honor among thieves” philosophy does not relate to these criminals. Ransomware service providers are stiffing their affiliates, causing a fracturing of the criminal industry into multiple, independent gangs.

Premium Membership Required

You must be a Premium member to access this content.

Join Now

Already a member? Log in here
Read more...
Data thefts keep rising in spite of investment in security tools and services

Do corporations really care about your security?

Lou Covey

“Your security is important to us,” is a common phrase on corporate websites and emails, usually after some data breach that affects customers. To prove that statement, corporations invest billions of dollars in the cybersecurity industry. Most market projections say the industry is worth about $180 billion. About 15 percent of that market goes to data security. But all the indications are that we are losing the war in personal identity security That leaves is with the question: Do corporations really care about customer security?

Probably not

US Department of Health and Human Services reported recently that. in the US, there have been 2,213 breaches since 2020, with 152.1M affected individuals. That is almost half of the American population. But that is just breaches involving medical data.

The FBI reports, in the same period, more than 350 million stolen personal information records, exceeding the known population of the country. Worldwide, the number of personal identity information (PII) records exceeds one billion people.

So how bad is it? “I always tell people assume your social security number has been breached. Just assume that,” said John Meyer, senior director for Cornerstone Advisors, an organization providing security consultation to financial organizations.

So we are spending tens of billions of dollars to protect data from exfiltratation on almost a weekly basis from attacks bypassing current defenses. Is it worth the investment? Does protecting that data even matter?

Well, yes… sort of

Data security professionals say it is and it does. Communications, industry intellectual property, state secrets, and control of crucial systems must still be protected. Most professionals we talked to cite ransomware attacks as the primary reason for investing in security precuts and services.

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here
Read more...
black Android smartphone

The future of online document signing

Szilveszter Szebeni

In an increasingly tech-savvy world, businesses are redefining the very core of transactions – the signature. With the rise of remote work and global digital transactions, the need for secure and efficient document processing has elevated electronic signatures into a near business-critical fundamental.

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here
Read more...