You are reading the article 13 Pc Security Threats For 2010 updated in December 2023 on the website Tai-facebook.edu.vn. We hope that the information we have shared is helpful to you. If you find the content interesting and meaningful, please share it with your friends and continue to follow and support us for the latest updates. Suggested January 2024 13 Pc Security Threats For 2010
After a year of unprecedented proliferation of spyware, malware and cyber attacks of all types, security software vendor Symantec warns there’s plenty more where that came from in its just-released 2010 Security Trends to Watch report.
“I expect it to show in a revision of Maslow’s Hierarchy of Human Needs any day now — behind love, but certainly ahead of safety,” he added.
Whether it’s a come-on for what appears to be a friendly game of online Monopoly or the incessant and sinister pleadings of a bogus antivirus application, malware scams have become more sophisticated and damaging with each passing day.
A report released earlier this year by the Anti-Phishing Working Group (APWG) found that fake anti-malware and security software programs soared up more than 585 percent in the first half of 2009 alone. In 2007, Gartner said that more than 3.6 million people lost more than $3.2 billion to malicious phishing scams.
“Yes, it’s a cheap trick and not even close to original,” Haley wrote of his creative blog title. “[But] since social engineering plays such a prominent role in future trends, it seemed appropriate.”
Whether you’re using your mobile phone to check e-mail and surf the Web or an enterprise IT administrator charged with safeguarding your company’s data, Symantec says the following 13 security issues will be most relevant in 2010:
With the rise of polymorphic threats and the explosion of unique malware variants in 2009, the industry is quickly realizing that traditional approaches to antivirus (including both file signatures and heuristic/behavioral capabilities) are not enough to protect against today’s threats. We have reached an inflection point, where new malicious programs are actually being created at a higher rate than good programs.
Approaches to security that looks for ways to include all software files, such as reputation-based security, will become key in 2010.
More and more, attackers are going directly after the end user and attempting to trick them into downloading malware or divulging sensitive information under the auspice that they are doing something perfectly innocent. Social engineering’s popularity is at least in part spurred on by the fact that what operating system and Web browser rests on a user’s computer is largely irrelevant, as it is the actual user being targeted, not necessarily vulnerabilities on the machine.
In 2010, expect to see the propagators of rogue security software scams take their efforts to the next level, even by hijacking users’ computers, rendering them useless and holding them for ransom. A less drastic next step, however, would be software that is not explicitly malicious, but dubious at best.
For example, Symantec has already observed some rogue antivirus vendors selling rebranded copies of free third-party antivirus software as their own offerings. In these cases, users are technically getting the antivirus software that they pay for, but the reality is that this same software can actually be downloaded for free elsewhere.
With the popularity of social networking sites poised for another year of unprecedented growth, expect to see fraud being targeted toward social site users to grow.
Next page: Windows 7 will come in the crosshairs of attackers
You're reading 13 Pc Security Threats For 2010
Datacenter Expansion Is On For 2010
Datacenter builds and expansion will grow at a respectable rate in 2010 and into 2011, with around one-third of large firms surveyed planning to make expansions this year and 83 percent planning to expand their datacenter facilities in the next 12 to 24 months.
Digital Reality Trust, which builds and leases datacenters, conducted the survey in partnership with Campos Research & Analysis, surveying 300 IT decision makers at large corporations in North America with annual revenues of at least $1 billion and/or at least 5,000 employees.
In the survey, they found 83 percent of respondents are planning datacenter expansions in the next 12 to 24 months, 36 percent have definite plans to make those expansions this year, and 73 percent of respondents plan to add two or more facilities as part of their data center expansions.
IT managers may have big plans but don’t all have the budgets to match, according to the survey. Datacenter and IT budgets are both projected to increase by 8 percent in 2010, a modest amount, considering what they said their expansion plans are. Seventy percent of those surveyed are planning projects of at least 15,000 square feet in size or 2 megawatts or greater of power, which would mean a very large and very expensive datacenter.
However, the expansion isn’t just for computing power, they also need to get more power into these centers. The electric bill has been a rising concernfor some time, and it showed up in this survey, the second done by Digital Reality, in a big way. In last year’s survey, power came in fifth in the order of management priorities. This year, it was tops.
The survey found 76 percent of respondents now meter their power use and the number of companies that monitor power down to the PDU level increased by 29 percent over last year. Three-quarter of companies surveyed are confident they can comply with future carbon emissions-related and energy-related regulations and one in six respondents report PUE ratings of less than 2.0 for their facilities, well below the national average of 3.0.
“There has been significant progress over the past two to three years in the area of datacenter energy efficiency. Over that period, the industry has gone from power metering being the exception to power metering being utilized by more than three quarters of respondents. Awareness of PUE is also nearly universal now, with 96 percent of companies familiar with the emerging standard for measuring energy efficiency,” Chris Crosby, senior vice president of corporate development for Digital Realty Trust, said in a statement.
The findings are the results of a survey conducted by Digital Realty Trust, a company that builds and leases datacenters. While a convenient finding for the firm, others are backing it up.
Michelle Bailey, research vice president for IDC said in a statement, “Last year, many enterprise customers put their plans for new datacenter construction on hold as the capital markets dried up. As a result, we have seen IT organizations increasingly look to third party suppliers with flexible financing strategies as a means to supplement their own aging datacenters.”
A similar sentiment was expressed at the Datacenter Dynamics conference in New York earlier this week. Data Center Knowledge, a blog focused on datacenter issues, quoted Jim Kerrigan, director of the datacenter practiceat the real estate firm Grubb & Ellis as stating “All those deals that got shelved in 2009 because the CFO said no .. they’re going to happen.”
Dave Cappuccio, vice president and chief of research for infrastructures at Gartner, wasn’t too surprised at the DRT findings either. “I’d be shocked if their research showed a decrease in demand,” he said in an e-mail response.
New datacenters versus retrofits“That said, I would say that we are seeing an increase in demand, but not necessarily for new space as much as retrofits — the down economy has curtailed a lot of capital budgets and the retrofit market is benefiting. If you’ll notice in the survey the respondents said that they were planning ‘expansions’ in the coming year — which may not necessarily mean new builds,” he added.
The one area he disagreed with DRT’s findings was the size of the datacenters, 15,000 feet or larger.
Andy Patrizio is a senior editor at chúng tôi the news service of chúng tôi the network for technology professionals.
Protect Your Business From Rising Cyber Threats
As a result of increasing attacks on cybersecurity, 16.2 million are predicted to have occurred by 2023. Organizations may now easily enhance their safety procedures thanks to technology developments, but sophisticated technologies are already being used by bad hackers. This implies that in order to lower your online security dangers you must adopt both stringent laws on cybersecurity and preventative procedures.
One can not afford as a business to rely on coincidence when it comes to safeguarding your data. The effects on the company might be enormous and include lost income, disturbance of operations, as well as data theft from customers. Additionally, hacking may harm your credibility, which might ultimately lead to your company’s demise.
How to protect your business from rising cyber threats? Data encryption and backup creationAdditionally, you need to periodically back up your vital data. The loss of information can occur on occasion as an outcome of hacking cybersecurity systems. If this occurs and you do not have a dependable and safe backup, it might lead to operating interruptions and significant financial loss for your company.
Organize frequent training for staffThe fact that scam emails appear real makes them difficult to spot. As an example, a malicious individual could compose an email posing as an organization head and requesting personal information. The worker can wind up disclosing such data if they weren’t given adequate instruction. You must do instruction on cybersecurity awareness because of this. Remind your staff of the main types of cybersecurity assaults and the effective defenses against them.
Upgrade your hardware and softwareCyber security and internet privacy are significantly impacted by product and system upgrades. This is significant because they don’t only bring novel characteristics; they also correct issues and aid in patching exploitable security holes and hazards.
Set up secure passwordsSimple passwords are no longer sufficient since cracked password equipment has significantly improved. However, you should implement authentication using multiple factors techniques and employ intricate passwords to deter hacking in your organization. In order to ensure that all desktops stay safe regardless of how one is compromised, you need to forbid employees from exchanging passwords.
Examine and Keep an Eye on Your SourcesWe are not able to overlook vendor management of risks since it’s likely that your digital safety depends heavily on outside providers. By doing this, you may reduce threats from third parties rather than depending entirely on the reaction to an incident.
We should pay special attention to −
Risks associated with cybersecurity − recruit contractors using the proper methods and keep an eye on them during your partnership.
Legal, contractual, and adherence risk − make sure the vendor won’t affect your adherence to compromises, rules, and local law.
Operational threat − Make sure that your supplier won’t interfere with your business procedures if they are a key component of your organization.
Risk management strategy − assure that the vendor won’t interfere with your capacity to achieve organizational goals.
Diminish the Area of AttackThe targets are the openings or flaws that a shady hacker might utilize to acquire confidential information. They might be something from IoT to software to web-based application systems to personnel who are frequently the target of attempts at social engineering like extortion and bullying.
Attack surfaces can be divided into three categories −
Digital attack surface − Digital possessions that may be accessed by means of the world wide web and exist above a firewall are known as the “assault surface.” Digital assets that are known to be vulnerable comprise the business’s computer systems and business servers, as well as obscure assets like a lost webpage and illegal properties like fake company-identity applications.
Social engineering attack surface − Some of the greatest important yet frequently ignored attack methods are the technique of social engineering. Because of this, the attackers have been able to trick your staff into disclosing personal data.
Set up firewallsCybercriminals constantly develop new techniques for gaining access to data, and electronic safety dangers are evolving. Installing firewalls will protect networks from online threats. A trustworthy solution will successfully defend you from physical assaults or stop security mishaps from inflicting irreparable harm.
Additionally, firewalls keep an eye on internet traffic to spot any unusual behavior that can jeopardize the security of your information. They also support the confidentiality of data and stop sophisticated Trojan horses from accessing your computers.
While selecting the ideal firewall for your business, exercise extreme caution. Choose a solution that enables complete surveillance of security and the internet as well as app transparency. In addition, it should be capable of avoidance and safety.
ConclusionIn the linked world of today, safeguarding your company from evolving cyber dangers is crucial. Organizations are susceptible to a variety of cyber dangers, such as phishing, spyware, ransomware, in and others due to the expanding dependency on digital. It is important to take proactive steps to protect the important information and infrastructure of your business.
One should install secure multi-factor authentication and use strong credentials, keep the operating systems and software you use up to date, back up all of your information, train your staff on cybersecurity best practices, and acquire reliable safety measures in order to safeguard your company. Keeping up with the most recent cyber threats and creating a plan to react to security breaches are also essential.
The Daily Slash: November 19 2010
The Daily Slash: November 19 2010
It’s a [FEATURED] fantasy today! We’ve got columns and special posts by the barrel-full, and you’re gonna love em! First thing in the morning we got a pre-noon delivery from the FedEx truck – what did the FedEx man bring for us to unbox and get our hands on? A NOOKcolor, fresh off the factory line! Then we write a couple of columns: one on the raging state of the Tablets market, and one on the current quick-paced state of political news. Then Josh Marinacci says webOS will be available soon for ALL Palm devices, there’s a White iPhone 4 sale in China, and the feature stream begins. Last night our man Vince was at PEPCOM and brought back video demos of Gorilla Glass, a three screen monitor from Samsung, and a NOOKcolor. Finally (there’s more?!) the last installment of Evan’s Week with the HTC HD7 is up – Xbox LIVE! All this and even MORE on The Daily Slash!SlashQUOTE
Today’s item of interest in The Daily Slash is a quote from the Professor / Writer / Inventer of the Internet Tim Berners-Lee as he writes an article called “Long Live the Web” about defending the Internet against those who would limit it in a variety of ways. I suggest you read the entire thing because it’s a masterfully written statement and it concerns us all, all of us internetlings.
Why should you care? Because the Web is yours. It is a public resource on which you, your business, your community and your government depend. The Web is also vital to democracy, a communications channel that makes possible a continuous worldwide conversation. The Web is now more critical to free speech than any other medium. It brings principles established in the U.S. Constitution, the British Magna Carta and other important documents into the network age: freedom from being snooped on, filtered, censored and disconnected.
[Via Scientific American]
R3 Media NetworkAndroid CommunityMotorola Droid X, 2, & Pro with HTC Droid Incredible on Sale for 1 Penny at AmazonPOV Mobii TEGRA tablet offers more budget Tegra 2 AndroidPocket Legends MMO lands for Android devices [WHOOOA]Schlage LiNK system gets Android app supportDroid and EVO Dominate Android TrafficDroid Pro $99 At BestBuy [CHEEP]Terrifying People-Face Fingers Play with Samsung Galaxy Tab in New Ad [Video] [SCARY]Free NFL Streaming from Verizon this weekend onlyQualcomm Snapdragon Processor V3 comingHTC Hero Maintenance Release rolling out nowSlashGeariPhone business alone worth more than all but 10 firms tip number-crunchersNook Color Unboxing and Hands-on [FEATURED]Cox “Unbelievably Fair” wireless launches: pays cash for unused minutesGoogle to wipe accidental UK Street View data to escape further inquiryUrban Ears TANTO Multicolor headphones are thankfully limited edition [BLECH]Amazon launches Kindle ebook giftingSony Ericsson dismisses Windows Phone 7 and tablet rumorsWorld iPad with multi-mode GSM/CDMA modem tipped for 2011Geeks get Ubuntu working on Samsung Galaxy TabSamsung Orion tablet gets previewed ahead of presumed 2011 debutAstronomers discover planet originating outside our galaxy circling a dying star [FIRST]Advent Vega “unprecedented demand” sees slate sell out in hours [Updated]NewerTech USB 3.0 Universal Drive Adapter makes any drive an external storage solutionARM in Google TV talks over cheaper, energy-frugal STBsAngry Birds devs admit lightweight version in works for underpowered Android phonesAdvent Vega tablet now shipping: Tegra 2 slate for £249 [Update: Sold out!]Myspace “mashup” opens door to Facebook invasion [THE APOCALYPSE COMETH]Verizon HTC Merge gets premature previewiPad 2 Up, Samsung Galaxy Tab Down & Tablets Out for the Count [COLUMN]Cut, Copy and Hate [COLUMN]id Software Co-Founder Says iPad is More Powerful Than WiiPalm Mansion to Feature 5-Inch Display, webOS 2.0 Coming to All Devices Soon [UPDATE: Palm’s Josh Marinacci Video Speech Added] [ALL PALM DEVICES, ALL OF THEM]White iPhone 4 on Sale in China [I SMELL TROUBLE]Rod Whitby of webOS Internals Details Roadmap for Preware 2.0Bungie is Looking for Beta Testers, You Could be OneNOOKcolor Demo [FEATURED]Gorilla Glass Demo [PLUS: How Gorilla Glass Works – Chemically!] [FEATURED]Checking Out the Samsung MD23 Three Screen LCD Monitor [FEATURED]A Week with the HTC HD7: Xbox LIVE & Final Thoughts [FEATURED]A Week with the HTC HD7A Week with the HTC HD7: HardwareA Week with the HTC HD7: SoftwareA Week with the HTC HD7: the Apps [Updated]A Week with the HTC HD7: Xbox LIVE & Final Thoughts
The 5 Best Security Plugins For WordPress
Picture this: you’ve spent countless hours crafting your website, pouring your passion and hard work into every page. Your blog posts are engaging, your products are selling, and traffic is on the rise. But one day, you wake up to find your site down. A hacker has found a loophole in your security, and your digital sanctuary is now in chaos.
This nightmare scenario is not as uncommon as you might think. WordPress, the world’s most popular website building platform, is often targeted by cybercriminals. Roughly 90,000 attacks occur every minute on WordPress sites across the globe. Despite this, many site owners overlook the importance of website security, thinking it’s too complicated or time-consuming.
But what if we told you that fortifying your WordPress site could be as simple as installing a plugin? Yes, you heard it right. With the right security plugins, even the most non-tech-savvy among us can turn their website into a digital fortress. In this guide, we’ll explore some of the top-rated WordPress security plugins available today, assessing their features, ease-of-use, and effectiveness. So, whether you’re a professional webmaster or someone who’s just started dipping their toes into the online world, this article will help you navigate the cybersecurity landscape and select the security plugin that fits your needs best.
Wordfence Security – Firewall & Malware ScanAs a WordPress website owner, you need to ensure your site is well-protected against various threats. One of the best security plugins available is Wordfence Security. This powerful plugin offers a robust firewall and malware scanning features to keep your site secure.
Firewall ProtectionThe firewall feature in Wordfence Security is designed to block malicious traffic before it even reaches your website. It does this by analyzing incoming requests and comparing them against known attack patterns. If a request matches one of these patterns, the firewall will block it, preventing potential harm to your site.
Additionally, Wordfence’s firewall is constantly updated with the latest threat intelligence from their team of security experts. This means that as new threats emerge, your site will be protected against them in real-time.
Malware ScanningThe scanner checks for various types of malware, including backdoors, trojans, and suspicious code patterns. If any issues are detected during the scan, you’ll be notified immediately so you can take action to resolve them.
Furthermore, Wordfence’s malware scanner can also check for known vulnerabilities in your installed plugins and themes. This helps you stay informed about potential security risks associated with outdated or poorly maintained software on your site.
Additional FeaturesApart from its powerful firewall and malware scanning capabilities, Wordfence Security offers several other features aimed at enhancing the overall security of your WordPress website:
Two-factor authentication (2FA) for added login security
Real-time IP address blocking to prevent brute force attacks
Live traffic monitoring to keep an eye on suspicious activity
Country blocking options to limit access from specific locations
Sucuri Security – Auditing, Malware Scanner, and Security HardeningAs a website owner, you need to ensure that your WordPress site is secure from various threats. One of the top security plugins to consider is Sucuri Security. This comprehensive plugin offers a range of features designed to protect your site from potential attacks and vulnerabilities.
AuditingSucuri Security provides an extensive auditing feature that helps you monitor all activities on your website. This includes tracking user actions, file changes, and any suspicious activities that could compromise your site’s security. By having a clear understanding of what’s happening on your website, you can easily identify potential issues and address them before they escalate.
Malware ScannerAnother crucial aspect of Sucuri Security is its malware scanner. This feature scans your website for any signs of malware or malicious code that could harm your site or its visitors. The scanner checks for known malware patterns and alerts you if it detects any threats. Additionally, the plugin offers automatic scanning schedules, ensuring that your site remains protected at all times.
Security HardeningLastly, Sucuri Security offers security hardening measures to strengthen your WordPress installation further. These measures include blocking suspicious IP addresses, disabling directory browsing, protecting sensitive files from unauthorized access, and more. By implementing these security hardening techniques, you can significantly reduce the likelihood of hackers exploiting vulnerabilities in your site.
iThemes Security – Brute Force Protection, File Change Detection, and Database BackupsiThemes Security is an excellent plugin to consider for safeguarding your site from potential threats. Let’s dive into its key features: brute force protection, file change detection, and database backups.
Brute Force Protection
Brute force attacks are common in the digital world, where hackers attempt to gain unauthorized access by trying various username and password combinations. iThemes Security offers robust brute force protection to keep these intruders at bay. By limiting login attempts, this feature effectively blocks attackers who use automated tools to crack your login credentials.
Additionally, the plugin allows you to create strong passwords for new users and enforce password expiration policies. This ensures that even if a hacker manages to bypass the brute force protection, they’ll still have a difficult time cracking your users’ passwords.
File Change Detection
Another crucial aspect of website security is monitoring file changes. With iThemes Security’s file change detection feature, you can easily track any unauthorized modifications made to your WordPress files. This helps you identify potential security breaches before they cause significant damage to your site.
Once the plugin detects any changes in your files, it will send you an email notification with details about the affected files. This allows you to take immediate action and restore the original files if necessary.
Database Backups
Last but not least, iThemes Security provides an efficient way to create database backups for your WordPress site. Regular backups are essential as they allow you to restore your website in case of data loss or corruption due to hacking attempts or other unforeseen circumstances.
The plugin enables you to schedule automatic backups at specific intervals (daily, weekly or monthly) and store them on a remote location like Google Drive or Dropbox for added security. Moreover, it also gives you the option to customize which database tables should be included or excluded from the backup.
All In One WP Security & Firewall – User Account Security, Login Security, and Database SecurityAll In One WP Security & Firewall is a comprehensive security plugin for your WordPress website. It offers a wide range of features that help protect your site from various threats, making it one of the top choices for securing your online presence. Let’s dive into some of its key features: User Account Security, Login Security, and Database Security.
User Account Security
This feature aims to strengthen the security of user accounts on your website. It does so by identifying and alerting you about weak usernames and passwords, which can be easily targeted by hackers. Additionally, it allows you to enforce strong password policies and monitor user account activity, ensuring that only authorized users have access to your site.
Login Security
Securing the login process is crucial in preventing unauthorized access to your website. All In One WP Security & Firewall provides various tools to enhance login security, such as:
Brute Force Login Attack Prevention: This feature limits the number of failed login attempts from a single IP address, effectively blocking automated brute force attacks.
Login Captcha: Adding a captcha to the login form helps prevent bots from attempting to gain access.
Two-Factor Authentication (2FA): Enable 2FA for an additional layer of security during the login process.
Login Lockdown: Automatically lock out users after a specified number of failed login attempts.
Database Security
Your website’s database stores valuable information that needs protection from potential threats. All In One WP Security & Firewall offers several features to safeguard your database:
Database Prefix Change: By default, WordPress uses a predictable table prefix in its database structure. This feature allows you to change the prefix, making it harder for hackers to target specific tables.
Database Backups: Schedule regular backups of your database to ensure you always have a copy in case anything goes wrong.
Secure Database Permissions: The plugin checks and corrects any insecure file permissions within your database.
Jetpack by chúng tôi – Brute Force Attack Protection, Downtime Monitoring, and Secure AuthenticationJetpack is a versatile WordPress plugin developed by the team behind chúng tôi It offers a suite of features designed to enhance your website’s security, performance, and appearance. In this section, we’ll focus on three key security features: Brute Force Attack Protection, Downtime Monitoring, and Secure Authentication.
Brute Force Attack Protection
One common threat to websites is brute force attacks, where hackers attempt to gain access by trying various username and password combinations repeatedly. Jetpack’s Brute Force Attack Protection feature helps defend against these attacks by limiting login attempts and blocking suspicious IP addresses. This reduces the chances of unauthorized access and keeps your website secure.
Downtime Monitoring
Downtime can have a negative impact on your website’s reputation and traffic. With Jetpack’s Downtime Monitoring feature, you’ll receive instant notifications if your site goes offline. This allows you to quickly address any issues that may be causing downtime, such as server problems or misconfigurations. By staying informed about your site’s uptime status, you can minimize disruptions and keep your visitors happy.
Secure Authentication
Strong authentication methods are essential for protecting sensitive information on your website. Jetpack offers Secure Authentication through its integration with chúng tôi accounts. This feature allows users to log in using their chúng tôi credentials instead of a traditional username/password combination.
Additionally, Jetpack supports Two-Factor Authentication (2FA), adding an extra layer of security to the login process. With 2FA enabled, users must provide a verification code from their mobile device in addition to their password when logging in. This makes it much more difficult for hackers to gain unauthorized access even if they manage to obtain a user’s password.
FAQs1. What makes a security plugin necessary for WordPress websites?
Security plugins play a critical role in protecting WordPress websites from various threats, such as malware, hacking attempts, brute force attacks, and SQL injections. These plugins can offer features like firewall protection, security scanning, IP blocking, login security, and regular security reports, thus reducing the risk of your site being compromised and providing you with peace of mind.
2. How to choose the best security plugin for a WordPress website?
The best security plugin for your WordPress site largely depends on your specific needs and the kind of website you’re running. However, there are some common factors you should consider. These include the features offered (such as firewalls, malware scans, and login security), user reviews and ratings, the level of customer support provided, whether the plugin is regularly updated to cope with the latest threats, and whether it’s compatible with your version of WordPress.
3. Are free WordPress security plugins reliable?
4. Can using multiple security plugins improve WordPress security?
Although it might seem logical that using multiple security plugins would increase your site’s security, this is not always the case. Running multiple security plugins simultaneously can lead to conflicts, resulting in decreased website performance and even security loopholes. Instead, it’s generally better to choose one comprehensive, high-quality security plugin that meets all your security needs.
5. What is the impact of a security plugin on website performance?
A well-coded security plugin should not have a significant negative impact on your website performance. However, some security plugins, especially those offering a wide range of features, might slightly slow down your site due to the additional server resources they require. It’s essential to balance the security needs with the performance of your website. Always test the impact of a security plugin on your site’s loading speed and overall performance.
These Are The Top Cybersecurity Threats To Watch
These Are the Top Cybersecurity Threats to Watch BU cybersecurity expert talks about what the US should do to protect our data privacy
Photo courtesy of iStock/LuckyStep48
Last year kicked off with Cambridge Analytica being exposed for acquiring access to private data on at least 87 million Facebook users and wrapped up with Marriott announcing that 500 million of its accounts had been hacked. Quora, MyFitnessPal, Google+, MyHeritage, and Lord & Taylor also recently experienced cybersecurity breaches—each exposing the sensitive data of millions of users. As 2023 gets underway, cybersecurity threats continue to loom. So how can we protect our data? BU Research asked Ari Trachtenberg, Boston University professor of electrical and computer engineering, cybersecurity expert, and member of the Boston University Cyber Alliance, for his take on the most widespread cybersecurity threats to anticipate in coming months—and the policies, regulations, and business practices that can help mitigate cyber risk and increase privacy protection.
BU Research: What is the most widespread cybersecurity threat we should be aware of?Businesses can get ahead of this by suggesting transparent and independently verifiable protections for consumers. However, it is also becoming increasingly clear that there is very little that consumers can do to mitigate their loss of privacy from third parties (with whom, very often, they do not even have a relationship). Perhaps the most effective recourse (in democracies) is political.
What are the biggest policy gaps from a privacy perspective that need to be addressed?With respect to data privacy, I think that the most important task that can be accomplished by government (not just the White House, but also Congress and the judiciary) is to define a clear liability for loss of privacy. Today, companies can lose personal and sensitive information on millions of customers with little more than a social stigma (which companies have lots of experience battling through their public relations departments). Our courts do not know how to put a dollar amount on a person’s loss of privacy. As a result, there is no clear and strong financial incentive for companies to tighten their privacy protections. It feels like we live in a privacy Wild West, where each week an even bigger privacy breach is reported—and that’s only among those that are actually publicly reported.
Liability has proven an excellent way of addressing such issues in the product landscape, where, for example, manufacturers now carefully test their electrical equipment and get Underwriter Laboratories (UL) certification or risk significant lawsuits if people get injured. To see similar success in the cyber world, we need a well-defined and enforceable definition of privacy liability.
Do you think there will be a push for more regulations on how big technology companies, such as Facebook and Google, use and monetize consumer data?I think that there will be a push for either breaking up big technology companies or regulating them much more heavily. The big tech companies each maintain control over historically unprecedented amounts of data that, with the help of modern computing, are highly individualized. On the one hand, they appear to have the power to swing elections and social policies, steer financial and stock markets, and read trends at a scale never before possible. On the other hand, their newfound wealth allows them to propel grand challenges and technical vision that cannot be enacted on a smaller scale (i.e., autonomous vehicles, searchable global encyclopedias, worldwide buying markets, etc.).
My preference would be for breaking up the larger companies rather than regulating them, as loophole-free regulations are notoriously hard to write properly without stifling innovation and transparency.
Data privacy and data security have long been considered two separate missions with two separate objectives. Do you think this is changing?With respect to data privacy versus security, I would say that the two are technically (but not socially) inextricable. Security breaches are responsible for huge losses of privacy, and privacy breaches can often be leveraged for security vulnerabilities. However, as I mentioned earlier, unlike the broad cybersecurity area, there is very little financial interest in protecting privacy in today’s industrial (or, frankly, governmental) landscape.
Consumers are paying more attention to maintaining and controlling their personal privacy and data from corporations. Aside from potential policy regulations, do you think new technology solutions will emerge to help consumers maintain better control of their data?The technological threat landscape is huge, and we really do not have a handle on how to technically protect it. My personal thought is that the task is impossible—much like making a pick-proof lock or an unsinkable ship. Instead, we need to focus our attention on joint technical and legal solutions.
What should modern-day cybersecurity officers be doing to mitigate the growing data privacy risk?There is always more to be done in the cybersecurity domain, but there are some basic “best practices” that every chief information security officer (CISO) should know and train employees to maintain.
One way to mitigate privacy risk is, quite simply, not to store or process private or sensitive information. Companies should think very carefully about every bit of information that they get from customers, weighing the benefit of having this information against the risk of losing it. The problem is that very often, companies do not realize just how damaging the information loss can be. For example, the LinkedIn 2012 breach of (poorly) hashed passwords would later be used in extortion emails, which used the cracked passwords to convince unfortunate recipients that the extortionists had compromising information.
Where do you think the most funding is needed in cybersecurity research? Are there areas that you feel should be prioritized?I think that the US needs, quite desperately, more funding for basic research of all types, not just cybersecurity research. True innovation does not often come from administrative guidance, but rather through inspiration and chasing down unforeseen ideas.
What impact would you specifically like to achieve in the cybersecurity/privacy space?I have been analyzing the emerging field of side channels, where information is leaked (typically unintentionally) from the regular use of technical devices and software. My goal would be to develop some broad, overarching properties of these channels, where they form, and how we can mitigate them. The impact of such work would be a safer, more open technical world—but very few people would actually realize it.
Explore Related Topics:
Update the detailed information about 13 Pc Security Threats For 2010 on the Tai-facebook.edu.vn website. We hope the article's content will meet your needs, and we will regularly update the information to provide you with the fastest and most accurate information. Have a great day!