Author: rescue@crimefire.in

Third-Party Risk Contributes to Healthcare Data Breaches
Since 2009, the number of individuals affected by health data breaches in the U.S. has exceeded the country’s population of 331.9 million. As per federal statistics, this means many people have been victims of more than one incident.
Unfortunately, the situation seems to be growing worse. In just the last three years, the volume and frequency of breaches have nearly doubled, from 368 in 2018 to 715 in 2021. And during the first half of 2022, the number of data breaches impacting 500 or more records reported to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) numbered 337.
Meanwhile, IBM’s 2022 Cost of a Data Breach report showed that the average cost of a healthcare data breach reached $10.1 million per incident. This was a 9.4% increase from the prior year.
It’s clear healthcare is under attack, and an important part of the risk comes from third-party vendors.
According to an analysis by Fortified Health Security, OCR data reveals that healthcare providers accounted for 72% of healthcare data breaches in the first half of 2022. Meanwhile, business associates accounted for 16%, and health plans for 12% of breaches. Overall, over 19 million records were implicated in healthcare data breaches during the first six months of 2022.
Perhaps even more disturbing is how a handful of entities are responsible for huge swaths of lost data. According to the Fortified report, seven entities experienced breaches of more than 490,000 records each (6.2 million records total). The affected entities include:
Further incident analysis, according to Fortified, shows that:
In June 2022, a data breach was discovered involving the third-party mailing and printing vendor OneTouchPoint (OTP). A notice on OTP’s website explained that the company detected encrypted files on certain computer systems in April 2022. The subsequent OTP investigation determined that an unauthorized party accessed certain servers starting on April 27. OTP began notifying their customers of the incident on June 3.
The list of affected healthcare entities impacted by the OTP breach includes Geisinger, Kaiser Permanente and 35 other healthcare brands. Among the affected companies were major medical networks and health insurance providers. The exfiltrated files in the breach contained patient names, member IDs and information provided during a health assessment.
This incident highlights an increasingly important reality facing security teams today. That is, your security is only as good as your partner’s security.
Read the CODB Report  
Here’s another third-party incident that involved millions of individual records. Eye Care Leaders (ECL), an ophthalmology-specific electronic medical record (EMR) solution, was a victim of unauthorized system access in December 2021. ECL began notifying impacted organizations of the incident in March 2022. Since then, more than two dozen organizations have submitted individual breach reports to OCR.
No one knows the full extent of the damage from the ECL breach. But based on one report, the incident impacted at least 2 million individuals from a variety of organizations.
Texas Tech University Health Sciences Center (TTUHSC) alone accounted for nearly 1.3 million impacted individuals. TTUHSC said that ECL’s compromised databases may have contained extensive personal patient data. The stolen information included patient names, phone numbers, addresses, emails, gender, birth dates, driver’s license numbers, health insurance information, appointment information, medical record numbers, Social Security numbers and other medical information.
ECL is now facing multiple lawsuits over its handling of the breach. Plaintiffs alleged a lack of transparency, reputational harm and business disruptions.
These incidents show us how difficult it is for organizations to protect their data assets these days. Consider that the average organization uses 110 Software-as-aService apps. And each of these SaaS vendors can have hundreds, if not thousands, of clients. In a supply chain software attack, malicious code is injected into an application, and the infection spreads to all users.
Third-party cybersecurity risks are both common and highly damaging. As per a CrowdStrike report, 45% of organizations surveyed said they experienced at least one software supply chain attack in 2021. And the same report states that supply chain attacks are increasing by an eye-popping 430%.
In another recent survey of cybersecurity workers, 64% of respondents said they could not stop an attack from a compromised software supplier. At the same time, 71% of organizations were victims of software supply chain attacks, resulting in data loss or asset compromise.
What can be done to minimize third-party risk? For starters, it’s important to understand your company’s relationship with your third-party vendors. Vetting third-party security posture is imperative. Ask them what policies and security measures they deploy to protect themselves and their clients. Security agreements should also be provided in writing and included in vendor contract language. It’s also important to implement a system that continually assesses and monitors third-party risks.
From within your company, you can also improve third-party security through approaches such as zero trust. Every enterprise gives multiple users, apps and devices access to IT assets. And despite the different goals and needs of these employees, partners, clients and customers, they all require some level of access to corporate information. The number of connections and resources that need to be managed makes user verification complex.
A zero trust security strategy enables organizations to increase their cyber resiliency and manage the risks of a disconnected business environment while still allowing users access to the appropriate resources. It’s a model that uses context and machine learning to establish secure connections while also protecting an organization from cyber threats.
Cyber threats that target healthcare aren’t going away soon. But informed third-party relationships and stronger internal measures can provide healthier security for all.
Jonathan Reed is a freelance technology writer. For the last decade, he has written about a wide range of topics including cybersecurity, Industry 4.0, AI/ML…
4 min read – The art of cyber crime is in a constant state of flux and evolution. Simply staying on pace with these trends is a significant part of the CISO’s job. Today’s modern CISO must ensure they are always prepared for the…
4 min read – As the U.S. looks to bolster electric vehicle (EV) adoption, a new challenge is on the horizon: cybersecurity. Given the interconnected nature of these vehicles and their reliance on local power grids, they’re not just an alternative option for getting…
4 min read – As we move deeper into a digitally dependent future, the growing concern of data breaches and other cyber threats has led to the rise of the Chief Information Security Officer (CISO). This position is essential in almost every company that…
Having a skilled team of cybersecurity professionals is an organization’s best defense against threat actors. Not only can it decrease the risk of cybersecurity attacks, but it also reduces business disruption when attacks do occur. However, the 2022 ISC2 Cybersecurity Workforce Study found that the Asia-Pacific (APAC) region is facing a troubling gap in its cybersecurity workforce. The study surveyed 11,779 cybersecurity professionals across the world in 14 regions, including Singapore, Australia, South Korea, Japan, China, India, the US and…
Though the technology has only been widely available for a couple of months, everyone is talking about ChatGPT. If you are one of the few people unfamiliar with ChatGPT, it is an OpenAI language model with the “ability to generate human-like text responses to prompts.” It could be a game-changer wherever AI meshes with human interaction, like chatbots. Some are even using it to build editorial content. But, as with any popular technology, what makes it great can also make…
A recent White House Fact Sheet outlined the current and future U.S. cybersecurity priorities. While most of the topics covered were in line with expectations, others drew more attention. The emphasis on critical infrastructure protection is clearly a top national priority. However, the plan is to create a labeling system for IoT devices, identifying the ones with the highest cybersecurity standards. Few expected that news. The topic of quantum-resistant encryption reveals that such concerns may become a reality sooner than…
As time passes, the security landscape keeps getting stranger and scarier. How long did the “not if, but when” mentality towards cyberattacks last — a few years, maybe? Now, security pros think in terms of how often will their organization be attacked and at what cost. Or they consider how the difference between legitimate Software-as-a-Service (SaaS) brands and Malware-as-a-Service (MaaS) gangs keeps getting blurrier. MaaS operators provide web-based services, slick UX, tiered subscriptions, newsletters and Telegram channels that keep users…
Analysis and insights from hundreds of the brightest minds in the cybersecurity industry to help you prove compliance, grow business and stop threats.

source

Cyber crime is an ever-evolving problem, with an estimated cost of US$10trn by 2025. In 2021, there were more than 4,100 publicly disclosed data breaches, which equates to approximately 22 billion records being exposed. The figures for 2022 are expected to at least match this, if not exceed it by as much as five percent. 
Cyber Security Hub is dedicated to delivering breaking news from the cyber security sector. With this in mind, here are the news stories detailing the threat vectors, cyber attacks and data breaches that had the biggest impact on its readers over the past 12 months.
In May, Cyber Security Hub research revealed that three out of every four cyber security professionals considered social engineering or phishing attacks to be the “most dangerous” threat to cyber security at their companies.
The research, which was conducted for the CS Hub Mid-Year Market Report 2022, also found that other top threats included supply chain/third-party risks (cited by 36 percent of respondents) and a lack of cyber security expertise (cited by 30 percent of respondents).
Discover more about the concern over social engineering attacks in our analysis from August 2022.
On November 17, 2022, the Wall Street Journal broke the news that 12 Meta employees had been either disciplined or fired for breaking Facebook’s terms of service and hijacking user accounts.
The employees, some of whom were contractors employed as security guards at the tech company’s offices, had been using a heavily regulated internal access tool referred to as ‘OOps’ to reset access to Facebook accounts. One employee was dismissed following accusations that they used OOps to allow hackers to fraudulently gain access to multiple Facebook accounts in exchange for thousands of dollars’ worth of Bitcoin.
Read about the consequences for those abusing access to the account reset tools in our recent news report.
On October 14, 2022, a malicious actor gained access to 130 of the company’s source code repositories after its employees were targeted by a phishing attack.
The attack saw a malicious actor pose as code integration and delivery platform CircleCI in order to harvest login credentials and authentication codes from employees. It also gained access to Dropbox’s account on code repository site GitHub, as CircleCI login information can be used to access Github.
Throughout the attack, the hacker gained access to some of the code Dropbox stores on the platform, including API keys used by its developers.
Discover more about how phishing attacks occur in our guide to social engineering.
Google reported that it had blocked the “largest” distributed denial of service (DDoS) attack on record, which had a peak of 46 million requests per second (rps) on June 1.
The attack targeted a Google Cloud Armor user with HTTPS for a duration of 69 minutes and had 5,256 source IPs from 132 countries contributing to it. Google reported that the attack was the biggest Layer 7 DDoS attack reported to date and was 76 percent larger than the previous record.
In a blog post about the attack, Emil Kiner, senior product manager for Cloud Armor, and Satya Konduru, technical lead, both at Google, noted that the attack was akin to “receiving all the daily requests to Wikipedia…in just 10 seconds”.
Learn more about DDoS attacks in this piece from earlier this year.
The US Federal Communications Commission (FCC) and the Department of Homeland Security (DHS) amended its list of foreign IT vendors that “pose an unacceptable risk to national security or the security and safety of United States persons” on March 25. 
The amendment added Kapersky Antivirus, a digital security company previously named by Gartner as the third-largest provider of consumer-level IT products and the fifth-largest vendor of enterprise IT products. Two Chinese-owned companies, China Mobile International and China Telecom Corp, were also added.
FCC commissioner, Brendan Carr, said the companies were added to the roster to “help secure [US] networks against threats posed by Chinese and Russian state-backed entities seeking to engage in espionage and otherwise harm America’s interests.”
Find out more about Kaspersky’s response to the amendment and the impact of the blacklisting.
On July 27, Cyber Security Hub reported that a hacker going by the alias “devil” claimed to have the details for 5.4 million Twitter accounts for sale.
The hacker said they had harvested the information using a vulnerability previously flagged to Twitter on January 1, 2022.
Twitter confirmed the breach on August 5, and suggested that in the future users should enable two-factor authentication to protect their accounts from unauthorized logins.
Read more about how the hacker was able to exploit the vulnerability and the accounts affected by the data breach.
Rockstar Games, the developer of popular Grand Theft Auto (GTA) game series, suffered a data breach on September 19, 2022, after an unauthorized party gained access to the company’s Slack channel.
From there, the hacker downloaded and leaked previously unseen assets and clips from the as-yet-unreleased GTA 6 game to a fan forum. While it was initially thought to be a hoax, swift involvement from both Rockstar Games and the authorities confirmed the clips were real.
A 17-year-old from Oxfordshire known only as AK was later arrested by the City of London police, allegedly not only in connection to the hack, but to hacks against Uber and Microsoft from earlier in 2022.
Learn more about the alleged hacker and his multiple attacks in this September news post. 
Google announced its plans to acquire cyber security firm Mandiant at a cost of more than $5bn on March 8, 2022, in a move designed to bolster its internal cyber security resources.
The $5.4bn acquisition was Google’s second-most expensive deal in its history, second only to its purchase of Motorola Mobility for $12.5bn in 2012.
The plans to merge Google and Mandiant’s cloud offerings, as well as the size of the deal, led to speculation on what its impact might be for the cyber security sector at large. Cyber security experts noted that it may signal a shift in the cloud landscape, with those offering cloud services increasing investment in security and consulting services.
Learn more about the merger and its influence on the cyber security sector in this March post.
In late July 2022, an unauthorized party gained access to the internal servers for tech giant Samsung’s US customers. Samsung warned customers of the data breach on August 4, after an internal investigation confirmed that the malicious party had gained access to personal information for customers. 
Just over a month later, a class action lawsuit was filed by a Samsung customer affected by the breach. Shelby Harmer filed the lawsuit with the US District Court for Nevada on September 6 “on behalf of Samsung’s customers whose personally identifiable information was stolen by cyber criminals”.
The lawsuit alleged that Samsung had not only failed its customers by not reporting the breach in a timely manner, but also by incorrectly safeguarding their personal information in the first place.
Find out more about the lawsuit and its charges in this September update.
Carding marketplaces are dark web sites where users trade stolen credit card details for financial fraud, usually involving large sums of money. On October 12, 2022, carding marketplace BidenCash released the details of 1,221,551 credit cards for free.
A file posted on the site contained the information for more than 1.2 million credit cards expiring between 2023 and 2026, in addition to other details needed to make online transactions.
BidenCash had previously leaked the details of thousands of credit cards in June 2022 as a way to promote the site. As the carding marketplace had been forced to launch new URLs three months later in September after suffering a series of DDoS attacks, some cyber security experts suggested this new release of details could be another attempt at advertising.  
Discover how BidenCash gained access to 1.2 million credit card details in our October coverage. 

With more than 140,000 members, Cyber Security Hub is the vibrant community connecting cyber security professionals around the world.
Join Now
February 21 – 22, 2023
Free CS Hub Online Event
22 February, 2023
Online
01 March, 2023
Online
08 – 09 March 2023
Free CS Hub Online Event
08 March, 2023
Online
15 March, 2023
Online
Insights from the world’s foremost thought leaders delivered to your inbox.
2023-03-15
10:00 AM – 11:00 AM EST
2023-03-08
10:00 AM – 11:00 AM EST
2023-03-01
11:00 AM – 12:00 PM PST
Reach Cyber Security professionals through cost-effective marketing opportunities to deliver your message, position yourself as a thought leader, and introduce new products, techniques and strategies to the market.
Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.
Cyber Security Hub, a division of IQPC

Careers With IQPC| Contact Us | About Us | Cookie Policy
Become a Member today!
Already an IQPC Community Member?
Sign in Here or Forgot Password
Sign up now and get FREE access to our extensive library of reports, infographics, whitepapers, webinars and online events from the world’s foremost thought leaders.
We respect your privacy, by clicking ‘Subscribe’ you will receive our e-newsletter, including information on Podcasts, Webinars, event discounts, online learning opportunities and agree to our User Agreement. You have the right to object. For further information on how we process and monitor your personal data click here. You can unsubscribe at any time.

source

Use the CRI to assess your organization’s preparedness against attacks, and get a snapshot of cyber risk across organizations globally.
Content added to Folio
Cyber Crime
INTERPOL recently conducted operation African Surge to take down malicious infrastructure across the African continent and requested the help of private enterprises. Trend Micro is proud to have been asked to participate, and provided global threat intelligence that was utilized in this operation.
By: Jon Clay November 25, 2022 Read time:  ( words)
Save to Folio
INTERPOL recently conducted operation African Surge to take down malicious infrastructure across the African continent and requested the help of private enterprises. Trend Micro is proud to have been asked to participate and provided global threat intelligence that was utilized in this operation.
To read the official announcement, please visit: https://www.interpol.int/News-and-Events/News/2022/Operation-across-Africa-identifies-cyber-criminals-and-at-risk-online-infrastructure
Trend Micro has a long history of supporting law enforcement, including INTERPOL, with our threat intelligence. From providing information about malicious actors to the threats and infrastructure used in their many attacks, our information provides valuable intelligence for their use. In this case we observed over 2,000 malicious and active servers (IP addresses) in Africa, most of which were associated with notorious botnets like Emotet and Trickbot. We also shared information on web hosting servers with malicious domains of over 6,000 IP addresses, including one country with over 36,000 detections. Our data was from 2021 through the first half of 2022 and emphasized bulletproof hosting servers. Much of the data was related to malware, scams and phishing. We also shared information on extortion spam schemes to help identify their impact across Africa, including about 84,000 detections. Trend Micro also provided our free online scanning tool, Housecall, to support people within the country to assess their systems for malware and other threats.
The Africa Cyber Surge Operation, launched in July 2022, has brought together law enforcement officials from 27 countries, working together for almost 4 months on actionable intelligence provided by INTERPOL private partners. This intelligence focused on opportunities to prevent, detect, investigate and disrupt cybercrime through coordinated LE activities utilizing INTERPOL platforms, tools, and channels. This operation focused both on cyber criminals and compromised network infrastructure in Africa, allowing member countries to identify more than 1,000 malicious IP addresses, Dark Web Markets, and individual threat actors, enhancing cooperation between INTERPOL, AFRIPOL and the member countries, and contributing to connecting policing for a safer world,” said Craig Jones, Director Cybercrime Directorate, INTERPOL.
Africa is a region we’ve been monitoring for our customers for quite a long time. We worked with INTERPOL back in 2017 to understand the budding cybercrime industry in West Africa. Trend Micro researchers have been looking into many of the cybercriminal undergrounds over the years to help us better understand how these communities operate as well as what threats are being discussed and the goods and services being offered.
“Emerging markets provide fertile grounds to plant malicious infrastructure to launch or further global cyberattacks,” said Ed Cabrera, Chief Cybersecurity Officer and former CISO of the US Secret Service. “Exponential growth in connectivity in these markets coupled with lagging legal frameworks and perceived lack of law enforcement capacity emboldens cyber threat actors.”
We are very excited to see more public-private partnerships like this that fight cybercriminals by disrupting their infrastructure and leading to arrests. The more we and our peers in the industry can help, the better we can fulfill our mission to make the world safe for exchanging digital information.
Our global threat intelligence is highly sought after due to its unmatched breadth and depth. This intelligence comes from our solutions across 500,000 commercial customers and tens of millions of consumer customers around the world. These solutions gather threat intelligence across endpoints (including mobile, PC, Mac, Servers), email, web, network traffic, IoT/IIoT, data centers and cloud infrastructures.
“Trend Micro will continue to support law enforcement around the world,” Cabrera said. “It’s not just a good idea, it’s who we are. We’re proud to have been a part of this INTERPOL operation and look forward to finding more ways to help.”
 
Jon Clay
VP, Threat Intelligence

source

The Colorado Sun
Telling stories that matter in a dynamic, evolving state.
The pressure was on. Someone, somewhere, was attacking computer systems so customers couldn’t reach certain websites. In a windowless room in Denver, Zack Privette had worked all morning with his security team to figure out what the cyber strangers were up to. 
“What’s happened is that we have an attacker who has been going through our different websites and they found a vulnerability into our active directory and …,” Privette explained to Richard Mac Namee, identified as chief operating officer of the company under attack. 
“OK, I’m not technical. What does that mean?” interrupted Mac Namee, who is really the director of the new Cybersecurity Center at Metropolitan State University of Denver. And he’s actually quite technical. 
This was a simulation.
The makeshift “Cyber Range” command center inside MSU Denver’s Cybersecurity Center had multiple TV screens showing ominous maps of  live cyber threats. It’s part of a unique training ground for students, recent grads and people who don’t even attend the college but are interested in cybersecurity careers. 
Privette, who isn’t an MSU student, got to experience the Cyber Range program because it’s open to outsiders. The industry needs more outsiders. According to one estimate, there are 66 cybersecurity professionals for every 100 job openings nationwide. It’s tighter in Colorado, where there are 59 for every 100. And demand is growing faster than training programs like MSU can graduate. 
Mac Namee is behind the school’s Cybersecurity Center and getting the school designated as a National Centers of Academic Excellence in Cyber Defense in March. A former commander in the United Kingdom’s Special Forces who’s worked as a specialist in counterterrorism, Mac Namee keeps it practical. During the simulation, he pretends to be an ordinary company executive. Students must figure out how to explain the cyber mayhem to non-techies — and fast! 
“It is a giant database that … holds their DNS server. And what a DNS server does is when you type in Google.com, it will change that to the IP address that the computer actually reads. That went down, which is why people are not able to access websites correctly,” Privette told Mac Namee. “That was down at 3:30:29. We have since brought it back up at 3:44.”   
“So, 14 minutes of outage,” Mac Namee said. “Fourteen minutes with our athletes and the way they’re trying to log on, that’s quite a big problem. How will we resolve this?”
Privette went on to explain that there was a backup so the data is safe. But he acknowledged the attackers were still inside the system and his team was now trying to figure out if data had been stolen. His team thinks credentials were taken, but he doesn’t think the theft involved customers’ personally identifiable data, he said. Mac Namee gave him an hour to figure it out.
Targeted training programs have been popping up nationwide for the past decade as nearly every business with a website, ecommerce offering or other internet-based operation must deal with data breaches, ransomware and other cyber threats. 
According to the Identity Theft Resource Center, which tracks breaches and supports victims, the number of publicly reported data breaches in the U.S. more than doubled since 2015 to 1,862 last year. Regulations in Colorado and around the globe also put the onus on companies to protect customers’ personal data. 
Back in 1999, partly to address the lack of qualified professionals, the U.S. National Security Agency launched its National Centers of Academic Excellence program. It certifies schools with a cybersecurity curriculum for cyber research, defense education and cyber operations. There are now about 380 colleges and universities in the U.S. Such designations require standardized cybersecurity curriculum, active challenges and professional development. There are 13 schools in Colorado and include state, community and private colleges. 
The partnership with industry and MSU Denver is credited to Mac Namee, said Steve Beaty, a professor in the school’s computer science department. While Beaty started teaching cybersecurity courses in 2004, a cybersecurity degree debuted just four years ago. The new center and partnerships with private cybersecurity companies such as Atos, a European information technology firm that is now taking up space in the facility, really took off after Mac Namee arrived.
“He had the bandwidth. Some of us haven’t had the bandwidth to do a lot of this stuff. Atos is due to him,” Beaty said. “Richard is the one who put the fire under what’s going on here.”
And looking at the heat map of cybersecurity job openings at CyberSeek.org, the U.S. needs it.
In the past 12 months, 714,548 cybersecurity jobs were posted in the U.S. according to EMSI Burning Glass, a firm that analyzes job openings and labor data. EMSI partnered with the Computing Technology Industry Association (CompTIA) and the National Initiative for Cybersecurity Education on the CyberSeek effort to document the need for more trained workers. Colorado, among the top 10 states with the most openings, had 25,761 as of April.
“The field is just growing so fast that even if we churn out many graduates, which we have seen a significant uptick in, it still often doesn’t keep pace with the growth in demand,” said Will Markow, an EMSI Burning Glass cybersecurity expert. “We’ve seen about a 40%-50% increase in the number of graduates from cybersecurity programs across the country. The problem is that during the same timeframe, demand for cybersecurity workers grew about twice that rate.”
The industry has a number of unique issues that compound the shortage, Markow said. New threats erupt all the time, so the industry is constantly scrambling. Workers need a mix of different IT skill sets plus credentials, some that require years of experience. That makes it difficult for those starting out who have no experience. 
“Employers are also not offering many opportunities for people who either don’t have a bachelor’s degree or who don’t have at least three to five years of prior work experience,” Markow said. “What that means is that there aren’t many entry level opportunities (and that) presents a unique challenge for building the pipeline of cybersecurity workers.” 
Cybersecurity jobs stay open 20% longer than other tech jobs, which are already notoriously hard to fill, he added. And because of the required degrees and certifications, the jobs pay about $15,000 more compared to other IT jobs.
Government agencies are more open to hiring skilled workers without college backgrounds. That’s true with the state Governor’s Office of Information Technology. A paid apprenticeship for veterans requires “some IT experience but no degree,” said Ray Yepes, Colorado’s chief information security officer. 
“It’s also worth noting that for the majority of OIT positions we will accept years of experience as a substitute for education,” Yates said in an email.
With the growth of college programs, boot camps and other training programs, Markow said that it’s up to companies to adjust hiring requirements if they really want to fill openings and feed their own talent pipeline.
“I think that really the question is whether employers are going to be receptive (and) hire those workers,” he said. “They’re learning the right skills for cybersecurity. What we need are employers to also recognize that they need to take more of a skills-based lens towards recruiting cybersecurity workers as opposed to a credential- or experience-based lens which they have done historically.”
While security simulations were happening in one part of the room at MSU Denver, in another, Nathan Shelley was at work. Literally. The recent MSU graduate with a Bachelor of Science in cybersecurity was hired by Atos as an intern just before his December graduation. He became a full-time employee May 30. Atos is a massive European IT firm based in Paris. 
“We monitor public-sector clouds,” said Shelley, who grew up in Estes Park and was drawn to MSU Denver because of its new cybersecurity degree. “We are responsible for monitoring log traffic and determining if there are false positives or true positives.” 
Shelley was monitoring computer systems of actual government agencies that hire Atos to make sure what is stored in the internet cloud isn’t being compromised. Security analysts like Shelley spend hours watching the online activity and thanks to artificial intelligence and monitoring tools, they get alerts when something is awry and must determine if the issue is real. 
That may not seem very exciting but a cheery Shelley speaks enthusiastically about his gig, which includes plugging holes discovered only after software was released. In other words, bugs born on day zero that online mischief makers are constantly hunting for. 
“Probably the most active that I’ve been this week was yesterday when we were patching for a recently discovered CVE, that is a vulnerability with Follina, it’s a proliferating, zero-day exploit,” he said. “This is very widespread for the Microsoft environment. It’s an Office 365 zero-day vulnerability so that means (the software) was released with the vulnerability. It’s now flaring up in the cybersecurity realm. It allows remote code execution and that can be done through a certain domain.”
Microsoft had not yet issued a fix for Follina, named after an Italian village with a postal code that was found in the exploit.
The MSU Cybersecurity Center is a resource for others, too. Helping potential IT workers get hired is the mission of ActivateWork, a nonprofit IT recruiting and training organization that connects employers to the overlooked talent.
“We believe the traditional hiring process leaves extremely valuable talent out. We help employers solve talent gaps by finding underrepresented candidates and preparing them to excel in new careers,” said Susan Hobson, the nonprofit’s director of apprenticeships and evaluation.
Its first-ever 15-week security fundamentals course culminated last week with MSU Denver’s Cyber Range simulation. Hobson said ActivateWork focuses on the workforce employers need.
“We know that cybersecurity has a gap, especially here in the Denver area,” she said. “If you look at local area labor data, there were 13,000 open cybersecurity jobs as of March this year. We knew the need was there and we drive our course offerings based on local employer needs.”
ActivateWork’s learners aren’t typical students. Most don’t have a college credential. Many are unemployed or are looking for a better job in IT. The recent cohort of security fundamentals graduates left with CompTIA A+ certification and over 100 hours of soft skills and life skills training including resume reviews, interview prep and financial capability training. After graduation, ActivateWork helps them find a job in the field and coaches them for 12 months as they transition into a career. 
The organization also has a registered apprenticeship program with the U.S. Department of Labor and works with area employers to hire graduates from their boot camps. Three of the 20 graduates start cybersecurity apprenticeships this month, and ActivateWork is always looking for more companies to partner with to build a talent pipeline in cybersecurity. 
“They’re struggling to hire because they’re looking for individuals with three to five years of experience,” Hobson said. “This is a way to equip talent through 12-months of on-the-job learning with the exact skills an employer needs.”
Privette, who was part of the MSU Denver cybersecurity simulation, stopped the bug from wreaking more havoc. They brought back the websites and, well, he hopes he continues to keep learning more. He is very excited to start his ActivateWork cybersecurity apprenticeship on Monday as an information security analyst.
“I’ve been wanting to get into this since high school and I feel like ActivateWork has really given me the opportunity to pursue it,” said Privette, an electrician until he fell from the ceiling at one client location. “I didn’t have the money to afford college. And then I didn’t really realize the path to get to it (cybersecurity). I didn’t want to be an electrician forever. Falling through the ceiling gave me the opportunity to pursue this.”  
Tamara writes about businesses, technology and the local economy for The Colorado Sun. She also writes the "What's Working" column, available as a free newsletter at coloradosun.com/getww. Contact her at cosun.com/heyww,… More by Tamara Chuang
Got a story tip? Drop us a note at tips@coloradosun.com
The Colorado Sun is a journalist-owned, award-winning news outlet based in Denver that strives to cover all of Colorado so that our state — our community — can better understand itself.

source

The cybersecurity industry is ripe for an influx of new professionals entering the field. In fact, there are nearly three-quarters of a million cybersecurity positions left to be filled, according to a report by Emsi Burning Glass (now Lightcast), a market research company. 
And every year that demand continues to climb. Worldwide, the number of unfilled cybersecurity jobs jumped 350% between 2013 and 2021, from 1 million to 3.5 million, according to Cybersecurity Ventures. While there are more than enough positions to be filled, there aren’t nearly enough qualified personnel to fill them. 
Field jobs require specific training—whether it comes from certification programs, online courses, master’s degrees in cybersecurity, or other company training programs. A prime example of a company focused on growing a pipeline of cybersecurity talent is IBM, the Fortune 500 IT-management and hardware company. 
In August 2021, IBM Chairman and CEO Arvind Krishna announced a commitment to train more than 150,000 people in cybersecurity skills during the next three years as cybercrime continues to rise.
“Businesses and government share a collective responsibility to collaborate on preventing cyberattacks that could have a devastating impact or prompt national or global crises,” Krishna wrote in a statement. “We must join forces now to shore up the security of the critical infrastructure that keeps our society functioning.”
In conjunction with the White House’s National Cyber Workforce and Education Summit held in mid-July, IBM also announced the creation of more talent pipelines for cybersecurity jobs, including its new Cybersecurity Leadership Centers with historically Black colleges and universities (HBCUs) and minority serving institutions. IBM is also partnering with the American Council on Education to translate cybersecurity apprenticeships to college credits.
IBM has offered free skills training for professionals interested in a cybersecurity career for many years, along with other educational programs, says Justina Nixon-Saintil, vice president and global head of IBM corporate social responsibility. Anyone can take these courses; they’re not available only to employees.
“As part of IBM’s commitment to skill 30 million people globally by 2030, we are providing free education on key technologies like cybersecurity, with a focus on underrepresented communities,” Nixon-Saintil tells Fortune. “Whether learners are just entering the workforce or switching professions, IBM SkillsBuild equips them with the foundational skills to pursue high-demand, lucrative careers.” 
Students can visit IBM’s SkillsBuild platform to explore different course options based on jobs they’re interested in pursuing, including a cybersecurity analyst. To sign up for courses, students need to create an account with IBM, which asks for simple demographic information, skills, and interests. Then, students can search the platform for courses of interest.
IBM offers three levels of cybersecurity content. Basic training provides an overview about what cybersecurity is; the foundational level gets into key skills needed for cybersecurity jobs and understanding what jobs are out there; and the cybersecurity analyst program is “aligned to a junior cybersecurity analyst role and provides the learner with the skills and competencies to do the job,” Nixon-Saintil says. All courses are available in 12 languages, and the cybersecurity fundamentals training takes about six hours to complete.
Upon completion of the online skills training, students receive a digital badge that can be added to a resume or social media platform for potential employers to see. All of the courses were developed to align with existing cybersecurity jobs, Nixon-Saintil says. 
Through its SkillsBuild platform, IBM also offers free courses in artificial intelligence, cloud computing, blockchain, data science, quantum computing, and emerging technologies.
See how the schools you’re considering fared in Fortune’s rankings of the best computer science programs, cybersecurity programs, psychology programs, public health programs, business analytics programs, data science programs, and part-time, executive, full-time, and online MBA programs.

source

June 8, 2022
Demand for cybersecurity talent spiked more than 40% over the last year, with employers adding more than 714,000 job postings for cybersecurity roles during the 12-month period ending in April 2022, according to new data released Tuesday.
The findings come from CyberSeek, a joint initiative between the National Institute of Standards and Technology’s (NIST) National Initiative for Cybersecurity Education, job market analytics firm Emsi Burning Glass, and tech industry nonprofit CompTIA.
According to the data, nearly 40% of the new job postings came during the first four months of 2022, signaling a recent uptick in demand for cybersecurity workers. The finance and insurance industry accounted for the most postings — the first time in more than a decade that the professional, scientific and technical services industry wasn’t in the top spot for cybersecurity recruiting, according to the group. 
As the cyber threat landscape has become increasingly prevalent, industries across the board have been vulnerable to ransomware attacks and phishing campaigns, contributing to the heightened demand for cybersecurity talent. CyberSeek data shows a 43% demand increase for cyber-specific jobs as opposed to an 18% increase in demand across the broader employment market throughout the 12-month study.
National Cyber Director Chris Inglis spoke about the new data at the RSA conference on Tuesday, calling the increase in job postings “dramatic” and emphasizing the need to broaden the talent pool that the government and private sector recruits from. “We need to re-examine those jobs and understand which part of those people are attempting to substitute for technology,” he said. “It might not be that every one of those needs a computer science degree or electrical engineering degree… Let’s take a look at the other end of that and make sure that we’ve opened these possibilities to the broadest possible population.”
A number of organizations in the government and cybersecurity industry have launched initiatives in recent years to train more cybersecurity workers and expand the talent pool. Last week, for example, the Cyber Halo Innovation Research Program announced its first university partnership for a program that offers students a two-year route to a cybersecurity career at the U.S. Space Force or a partner organization.
But according to the data released Tuesday, some of the most in-demand jobs are at senior levels. Postings for IT managers and directors rose 224% year-over-year and postings for program managers rose 169%, while postings for software developers and engineers rose 92% during the same period.
Emma Vail is an editorial intern for The Record. She is currently studying anthropology and women, gender, and sexuality at Northeastern University. After creating her own blog in 2018, she decided to pursue journalism and further her experience by joining the team.

Threat Intelligence
Threat Intelligence Feeds
Threat Intelligence Platform
Payment Fraud Intelligence
© Copyright 2023 | The Record from Recorded Future News

source

Official website of the Cybersecurity and Infrastructure Security Agency
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
The NICCS Education and Training Catalog is a central location to help cybersecurity professionals of all skill levels find cybersecurity-related courses online and in person across the nation. Use the interactive map and filters to search to find courses that can increase your expertise, prepare to earn a certification, or even transition into a new career!
All of the courses are aligned to the specialty areas of The Workforce Framework for Cybersecurity (NICE Framework).
For organizations or academic institutions interested in listing courses on the NICCS Education and Training Catalog, apply to become a provider today.
Questions? Contact us at NICCS@hq.dhs.gov.
National Initiative for Cybersecurity Careers and Studies
A Cybersecurity & Infrastructure Security Agency program
©2013-2023

source

B.S.
Request Information
Purdue University Northwest’s (PNW) Bachelor of Science (B.S.) in Cybersecurity prepares you with the technical competency, knowledge and skills needed to protect networks, systems, software programs and data from criminal or unauthorized access. You will learn concepts, knowledge, skills, technologies and practices in a broad spectrum of cybersecurity areas, including the emerging fields of applied data science and artificial intelligence.
This program is hands-on and application-oriented. Upon the completion of the program, you’ll be ready to take highly sought-after industry certification exams.
Department of Computer Information Technology and Graphics
Upon completion, a student will:
You’ll take a balance of general education courses, College of Technology core courses and cybersecurity courses. This balance blends theory, applied research and experiential learning in all the vital aspects of IT, including networking, database administration, security and project management.
The cybersecurity program provides the specialized training you need for a career in this complex, in-demand field.
You can currently complete this degree at PNW’s Hammond campus.
First-year courses cover the basics of IT in areas such as organization, history, related informing disciplines, application domains, computer math and other IT-related topics.
Cybersecurity Course of Study
Sample Courses
Your second year covers in-depth discussions of networking, programming, database and fundamentals of information assurances.
Cybersecurity Course of Study
Sample Courses
Topics include administration, confidentiality, integrity, authentication, non-repudiation, intrusion detection, physical security, encryption and machine learning foundations.
Cybersecurity Course of Study
Sample Courses
In your final year, you’ll cover defensive programming techniques, bounds analysis, error handling, advanced testing techniques, detailed code auditing and software specification in a trusted assured environment.
Cybersecurity Course of Study
Sample Courses

Cybersecurity Degree Program Highlights
Cybersecurity workforce development is the key to assuring that the nation has adequate capacity to protect information and information systems.
This quickly growing field is both challenging and competitive. At PNW, we provide the tools you need to stand out, including US government-recognized curriculum and individualized attention from instructors.
Cybersecurity Degree Program Outcomes
Through classroom and lab interaction with experienced faculty, applied research and experiential learning, you’ll begin your professional work with the confidence and knowledge to be successful in a dynamic, competitive field.
Cybersecurity Degree Program Career Paths
This degree prepares you for a number of careers in the cybersecurity field, including:
Cybersecurity Degree Program Employers
Our alumni work with some of the most innovative organizations across the region and around the world, including:
Beyond the Cybersecurity Classroom
We encourage you to get involved in activities like:
Cybersecurity Degree Program Scholarships
In addition to the scholarships available to all PNW applicants, students seeking a bachelor’s degree in cybersecurity may also be considered for program-specific scholarship awards, such as:
See All Technology Scholarships
It was a class in Linux system administration that helped me the most…I was assigned a real-world problem and I applied my education and experience to solve it.
Lucas D’Antonio, ’23, Computer Information Technology—Concentration: Cybersecurity
All of the hands-on training I’m receiving at PNW is helping me narrow down exactly what I want to do once I graduate.
Joshua Phillips, ’22
Computer Information Technology: Cybersecurity
I was able to learn a little bit about everything – networking, programming, databases, security. It provided me a better understanding of how everything works together. It also gave me a wide variety of skills, not just for cybersecurity, that I can take with me into my career.
Travis McKinney, ’22, Computer Information Technology
Michael Tu, Ph.D.
Professor, Computer Information Technology

Michael Tu is a professor of computer information technology and director of the Center for Cybersecurity.
Ricardo A. Calix, Ph.D.
Associate Professor, Computer Information Technology and Graphics

Ricardo A. Calix, Ph.D. is an Associate Professor of Computer Information Technology at Purdue University Northwest.
Tae-Hoon Kim, Ph.D.
Associate Professor, Computer Information Technology and Graphics

Tae-Hoon Kim is associate professor of computer information technology in the department of Computer Information Technology and Graphics. His expertise includes computer network, security and data science.
Ying Luo, Ph.D.
Assistant Professor, Computer Information Technology and Graphics

Ying Luo is an assistant professor in the department of computer information technology and graphics. Her research and teaching focus on algorithm design, database management and cybersecurity.
Chuck DeCastro, M.S.
Lecturer, Computer Information Technology

Current responsibilities include teaching Networking, Operating System, Cyber Security and Computer Forensic Courses. I’m also the Advisor for the Gamers’ and Cyber ROAR Clubs.
Earn a Bachelor’s Degree in Cybersecurity at PNW
Purdue University Northwest’s Cybersecurity degree enables you to reach a genuine understanding of all aspects of the industry while building a solid foundation in technology through hands-on experiences.
To see how a Bachelor’s Degree in cybersecurity from PNW opens doors, from corporate boardrooms to non-profit leadership, take the next step today!
Request Info
Computer Information Technology
BS
Computer Graphics Technology
BS
Computer Engineering
BSCmpE
Hammond Campus
2200 169th Street
Hammond, IN 46323
(219) 989-2400
(855) 608-4600
Westville Campus
1401 S. U.S. 421
Westville, IN 46391
(219) 785-5200
(855) 608-4600
For assistance with accessibility issues while using this page, please contact Marketing and Communications at marketing@pnw.edu.

source

Advertisement
Supported by
Guest Essay
Send any friend a story
As a subscriber, you have 10 gift articles to give each month. Anyone can read what you share.
By Renee Dudley and Dan Golden
Ms. Dudley and Mr. Golden are reporters at ProPublica.
There are many factors behind the stunning rise of ransomware. Our reporting found that one of the most important is the Federal Bureau of Investigation’s outmoded approach to computer crime targeting people and institutions in the United States.
State and local police generally can’t handle a sophisticated international crime that locks victims’ data remotely — from patients’ medical histories and corporate trade secrets to police evidence and students’ performance records — and demands payment for a key. Many police departments have themselves been hamstrung by ransomware attacks. Federal investigators, especially the F.B.I., are responsible for containing the threat. They need to do better.
When ransomware gained traction a decade ago, individual attackers were hitting up home users for a few hundred dollars. In 2015, as the crime was evolving into something more, the bureau still dismissed ransomware as an “ankle biter.” That year, about a dozen frustrated Cyber Division agents warned James Comey, who was then the director of the F.B.I., that institutional lack of respect for their skills was spurring their departures. Now well-organized gangs, with hierarchies mirroring those of traditional businesses, are paralyzing the computer networks of high-profile targets and demanding millions of dollars in ransom.
The F.B.I. didn’t prioritize ransomware until May 2021, when an attack on the Colonial Pipeline halted the flow of nearly half of the fuel consumed on the East Coast. The F.B.I. director, Christopher Wray, compared ransomware to the Sept. 11 terrorist attacks, but by then the bureau was far behind the curve. Earlier this fall, when the Los Angeles Unified School District, the second largest in the nation, spurned a ransom demand, a hacker group leaked hundreds of thousands of stolen files. Last month’s attack on CommonSpirit Health, one of the country’s largest hospital operators, disrupted care and knocked patients’ health records offline.
The situation could turn even more dire. Evidence is mounting that some ransomware gangs are linked to and protected by enemy governments, such as those of Russia or Iran. Hackers who steal data before locking it could turn over the digital spoils to their patrons — giving foreign powers access to records that could compromise everything from intellectual property to national security.
One reason the F.B.I. can’t keep pace is that it lacks enough agents with advanced computer skills. It has not recruited as many of these people as it needs, and those it has hired often don’t stay long. Its deeply ingrained cultural standards, some dating to the bureau’s first director, J. Edgar Hoover, have prevented it from getting the right talent.
Emblematic of an organization stuck in the past is the F.B.I.’s longstanding expectation that agents should be able to do “any job, anywhere.” While other global law enforcement agencies have snatched up computer scientists, the F.B.I. tried to turn existing agents with no computer backgrounds into digital specialists, clinging to the “any job” mantra. It may be possible to turn an agent whose background is in accounting into a first-rate gang investigator, but it’s a lot harder to turn that same agent into a top-flight computer scientist.
The “any job” mantra also hinders recruitment. People who have spent years becoming computer experts may have little interest in pivoting to another assignment. Many may lack the aptitude for — or feel uneasy with — traditional law enforcement expectations, such as being in top physical fitness, handling a deadly force scenario or even interacting with the public.
The minority of agents with deep technical skills described the frustration of having to dumb down reports to superiors and needing to train colleagues who are not technically savvy, we found in our reporting. Plus, the F.B.I.’s macho culture has scorned digital skills. Cyber Division agents are nerds in a sea of jocks. The bureau has hired civilian computer scientists separately, but they are viewed as helpers, who typically command even less respect than Cyber Division agents.
The “anywhere” expectation is also misguided. Unlike agents on crimes such as bank robberies, cyberinvestigators usually don’t need to be near a crime scene to collect evidence. Still, F.B.I. agents typically span the country, changing posts every few years, for career advancement.
The F.B.I.’s emphasis on arrests, which are especially hard to come by in ransomware cases, similarly reflects its outdated approach to cybercrime. In the bureau, prestige often springs from being a successful trial agent, working on cases that result in indictments and convictions that make the news. But ransomware cases, by their nature, are long and complex, with a low likelihood of arrest. Even when suspects are identified, arresting them is nearly impossible if they’re located in countries that don’t have extradition agreements with the United States.
All of these aggravations cause computer experts to leave the F.B.I. It’s an easy transition because their skills are both immediately transferable to the private sector and in high demand.
The F.B.I. should study the success of the Dutch National Police’s High Tech Crime Unit. Because of its fast internet and favorable legal conditions, the Netherlands has long been a popular spot for hackers to set up the servers they use to commit crimes. The Dutch responded by launching the H.T.C.U. 15 years ago. Since then, it has become one of the world’s leading law enforcement forces in fighting cybercrime. Beyond arrests, it has prioritized anything that reduces hackers’ return on investment, seizing criminals’ servers, disrupting ransomware-spreading botnets and notifying victims of impending attacks.
From its early days, the H.T.C.U. hired tech experts with no background, or even interest, in traditional policing. When some talented digital recruits couldn’t pass the physical fitness tests or didn’t want to use weapons, H.T.C.U. leadership changed the requirements, allowing computer experts to join without passing the usual exams. But they left the job titles unchanged: Digital staff remained eligible for promotion to nearly any job in the H.T.C.U. 
The H.T.C.U. also specified that half its staff must be cyberexperts. Each one is paired with a traditional law enforcement officer, and they work cases as a team. As John Fokker, who once served as digital coordinator of the H.T.C.U.’s ransomware team, told us, “the old school with the new school made it work.”
That approach works for the Dutch. If it is willing to let go of the “any job, anywhere” mantra, it could work for the F.B.I., too.
Renee Dudley, a technology reporter at ProPublica, and Daniel Golden, a senior editor and reporter at ProPublica, are the authors of “The Ransomware Hunting Team: A Band of Misfits’ Improbable Crusade to Save the World From Cybercrime.”
The Times is committed to publishing a diversity of letters to the editor. We’d like to hear what you think about this or any of our articles. Here are some tips. And here’s our email: letters@nytimes.com.
Follow The New York Times Opinion section on Facebook, Twitter (@NYTopinion) and Instagram.
Advertisement

source

Law firms launch data breach legal case against Medibank. How will it work and who will benefit?
There is an emergency bushfire warning in place for Montrose, near Tara, in Queensland. For the latest information, search ABC Emergency
Three law firms have joined forces to launch a data breach legal case against health insurance company Medibank.
This comes after the personal data of about 9.7 million customers was leaked by hackers last year.  
Maurice Blackburn Lawyers, Bannister Law Class Actions and Centennial Lawyers have united for the case.  
Let's take a look at what the law firms are seeking and who will benefit. 
About 9.7 million current and former customers had their data accessed by criminals.
The law firms are seeking compensation for Medibank and ahm health insurance customers who had their names, emails, mental health information and other data leaked. 
A complaint was lodged with the Office of the Australian Information Commissioner by Maurice Blackburn in November.
The law firms say they will now pursue the complaint seeking compensation for those affected by the data breach.
Bannister Law Class Actions principal Charles Bannister says they believe the breach was a "betrayal" and a breach of the Privacy Act.
He says it exposed a "lack of safeguards" and Medibank had "failed policyholders". 
The firms say they have "tens of thousands of Medibank customers" registered for the class action.
Maurice Blackburn has also launched an investigation into a class action against Optus following its data breach first reported in September. 
It is expected this case will be quicker than a traditional adversarial class action.
University of New South Wales law professor Michael Legg says this is because it will not be going through the federal court. 
Instead, the breach will be pursued under the Privacy Act with the Office of the Australian Information Commissioner. 
Cyber security experts warn the latest data breach of a major company should have all companies and consumers worried about the seemingly innocuous collection of data.
This means it will not go through the federal court like a typical class action.
He says the commissioner needs to determine not just that Medibank is liable, but also the manner in which a customer is liable to establish how much compensation they are entitled to. 
The commissioner may require a standard amount be paid for each person who had particular types of data compromised and additional amounts depending on proof of particular losses, Professor Legg says. 
He says it will not be necessary for the law firms to name or say how many people are involved in the action.
But they will likely need to create a process where people can come forward and give information to establish their loss or damage.
Customers do not have to register with the law firms to benefit from the complaint, a Maurice Blackburn spokesperson says. 
However, they encourage people to register to help them understand the size of the complaint. 
Professor Legg says if a customer comes forward and provides the information necessary for compensation to be calculated, then they should be entitled to it.
However, he says the law firms will look specifically at the claims of those who have registered with them.
Therefore, if you did not register and had a case that was vastly different from anyone else, it may be difficult for that to be taken into account.
A Medibank spokesperson says the company will continue to cooperate with the OAIC and its going investigation.
Medibank says it will continue to support its customers from "the impact of this crime" through its cyber response support program.
The program includes mental health and wellbeing support, identity protection and financial hardship measures.
Professor Legg says this case has the ability to set a precedent for data breach cases in Australia, which is becoming an increasingly larger area of law.
He says the law firms will be interested in establishing a track record in this space.
It will also be noteworthy if the case fails or only a small compensation is granted.
Professor Legg says this may provide ammunition to call for a more effective course of action to pursue data breach complaints.
We acknowledge Aboriginal and Torres Strait Islander peoples as the First Australians and Traditional Custodians of the lands where we live, learn, and work.
This service may include material from Agence France-Presse (AFP), APTN, Reuters, AAP, CNN and the BBC World Service which is copyright and cannot be reproduced.
AEST = Australian Eastern Standard Time which is 10 hours ahead of GMT (Greenwich Mean Time)

source