CYBERSECURITY AND PRIVACY WITH FREDERIKE KALTHEUNER: WHAT IS NEEDED


What is needed

Frederike Kaltheuner, Data Exploitation programme lead at Privacy International, talks about profiling, data harvesting, prediction, automated systems, AI, informed decision and the Cambridge Analytica scandal.

Luis Souza

There is no escaping the fact that the way people work is changing and any draconian security measures that don’t enable flexible and agile working will not be effective. Leaders need to find solutions that can offer complete security, while also being easy and practical for all employees to use.

Bogdan Hudzik

In response to Jamyang Khachaturyan

As there are so many ways that attacks and breaches can occur, it is key for any comprehensive security strategy to take advantage of a solution that can cover not just email, but instant messages, SMS, voice and video calls, servers and any documents and files stored on cloud, local and removable storage, across a wide range of devices.

Not only this, organizations also need to consider whether they have the ability to take back, block access to and destroy data if necessary, for example if an employee leaves or if an employee’s phone, which they have been using to access company emails, is lost.

Jamyang Khachaturyan

As there are so many ways that attacks and breaches can occur, it is key for any comprehensive security strategy to take advantage of a solution that can cover not just email, but instant messages, SMS, voice and video calls, servers and any documents and files stored on cloud, local and removable storage, across a wide range of devices.

Jozef Kolar

In response to Zachary MacConnell

Digital security and privacy should be an automatic right for businesses, yet sadly they are not. However, there are ways for organizations to make a stand and take back control, allowing them to enjoy a private and secure digital life.

Solutions – such as Siccura– are available which enable businesses to control all data through a centralized administration system, synchronize all business email accounts, track all business communication and data and encrypt all files.

Zachary MacConnell

Digital security and privacy should be an automatic right for businesses, yet sadly they are not. However, there are ways for organizations to make a stand and take back control, allowing them to enjoy a private and secure digital life.

Simon Winkler

A strong, company-wide sense of security is a vital part of keeping organizations safe from attacks and data breaches. Each employee should be aware of relevant risks and threats and the role they can play in mitigating these.

Baldur Helgason

In response to Lovro Dzvezdan Lam

All too often, people are the weak link in the security chain. This is not always malicious, but human error is a huge cause of cyber-attacks and data breaches. IBM’s 2016 Cyber Security Intelligence Index found that more than 60 per cent of corporate breaches were caused by employees or others from inside the organization. Of these more than 30 per cent were accidental.

Huge issues can arise from something as simple as sending information to the wrong email address, losing a phone or laptop or using default passwords. Then there are also the situations where employees willfully cause security attacks or leak data.

 

 

Lovro Dzvezdan Lam

All too often, people are the weak link in the security chain. This is not always malicious, but human error is a huge cause of cyber-attacks and data breaches. IBM’s 2016 Cyber Security Intelligence Index found that more than 60 per cent of corporate breaches were caused by employees or others from inside the organization. Of these more than 30 per cent were accidental.

Kaan Buğra Kundakçı

End-user education addresses the most unpredictable cyber-security factor: people. Anyone can accidentally introduce a virus to an otherwise secure system by failing to follow good security practices. Teaching users to delete suspicious email attachments, not plug in unidentified USB drives, and various other important lessons is vital for the security of any organization.

Nikoleta Stavros

Application security focuses on keeping software and devices free of threats. A compromised application could provide access to the data its designed to protect. Successful security begins in the design stage, well before a program or device is deployed.

Svetlana Barbieri

As information has transformed into a huge business asset for modern companies, it has come at a price: Data is now a target for hackers seeking sensitive information about enterprises and their customers. This new online data security focus has forced businesses to invest in resources that protect trade secrets and other company information.

Haris Dimitra

Surely, there is data exploatation in much bigger dimention than we can imagine, but I am not sure what we can do about it. It is absolutely terrifying that some AI can make predictions on us, based on our face. Big data is not enough for this AI learning process to make accurate predictions, in my opinion.

Waclaw Piatek

In an open network such as the Internet, message privacy, particularly for e-commerce transactions, requires encryption. The most common approach on the Web is through a public key infrastructure (PKI). For e-mail, many people use Pretty Good Privacy (PGP), which lets an individual encrypt a message or simply send a digital signature that can be used to verify that the message was not tampered with en route.

Tatum Okorie

Like it or not, strong security has become a required utility — the cost of doing business. If you must do something (such as cybersecurity) to achieve business success, you may as well do it well.

Elsa Hollis Bianco

The employment outlook for cyber security jobs is very good with cybersecurity rapidly becoming one of the most lucrative careers in Information Technology (IT). What makes these jobs such good options? It could be the fact that there are more cybersecurity job openings than there are people to fill them or the fact that they these jobs pay wages about three times the national average. It’s most likely a combination of both as well as the fact that these jobs can be challenging and extremely rewarding.

Alonso Barela

Many organizations still do not (or cannot) spend the resources needed to understand or fix their vulnerabilities. When they see software as safety-critical, other concerns (e.g., costs, schedules) may limit their efforts to improve systems security. Moreover, fallible humans design, maintain, use, and repair systems in ways that may unintentionally expose and facilitate ease of break-in.

Jamison Shields

Despite considerable investments of resources and intellect, cybersecurity continues to pose serious challenges to national security, business performance, and public well-being. Modern developments in computation, storage, and connectivity to the Internet have brought into even sharper focus the need for a better understanding of the overall security of the systems we depend on.

Christin Bustamante

In response to Mellisa Mckennon

I have a couple: 

  • chief information security officer: this individual implements the security program across the organization and oversees the IT security department's operations.
  • security engineer: this individual protects company assets from threats with a focus on quality control within the IT infrastructure.

Hi Mellisa,

I can suggest two more: security architect: this individual is responsible for planning, analyzing, designing, testing, maintaining and supporting an enterprise's critical infrastructure, and security analyst: this individual has several responsibilities that include planning security measures and controls, protecting digital files, and conducting both internal and external security audits.

Mellisa Mckennon

In response to future hacker

As the cyberthreat landscape continues to grow and emerging threats, such as the internet of things, require hardware and software skills, it is estimated that there are 1 million unfilled cybersecurity jobs worldwide. IT professionals and other computer specialists are needed in security jobs.  Can you list some of those jobs?

I have a couple: 

  • chief information security officer: this individual implements the security program across the organization and oversees the IT security department's operations.
  • security engineer: this individual protects company assets from threats with a focus on quality control within the IT infrastructure.
future hacker

As the cyberthreat landscape continues to grow and emerging threats, such as the internet of things, require hardware and software skills, it is estimated that there are 1 million unfilled cybersecurity jobs worldwide. IT professionals and other computer specialists are needed in security jobs.  Can you list some of those jobs?

Aisha Kamila Kuhn

When an organization has a strong sense of network security and an effective incident response plan, it is better able to prevent and mitigate these attacks. For example, end user protection defends information and guards against loss or theft while also scanning computers for malicious code.

Valerija Vroomen

One of the most problematic elements of cybersecurity is the constantly evolving nature of security risks. The traditional approach has been to focus resources on crucial system components and protect against the biggest known threats, which meant leaving components undefended and not protecting systems against less dangerous risks.

Kai Kaipo

These are some really terrifying news, actually. This surveillance that has been exposed to us is really harming our personal rights. I am wondering if I still have some personal privacy ..

Borislav Bossakov

We’re all going to witness this Personal Identifiable Information (PII) revolution and we should embrace it with both hands to give us the protection that is so badly needed in the decades to come, where the digital form will dominate even more than it already does and those 1’s and 0’s become more valuable than anything on paper by 100 fold or more.

Baldur Helgason

In response to Sung-soo Han

Cyber-attacks or incidents that threaten the command and control structure of the national government or its assets including national defense, emergency response, and economic systems are of growing concern. The digital infrastructure of the nation must be treated as a strategic national asset. The new mission is to deter, detect, and defend against disruptions and attacks of all descriptions.

Have you heard of WikiLeaks?  WikiLeaks was founded in 2006 by Julian Assange as a "multi-national media organization and associated library." WikiLeaks operated under the principle of "principled leaking," in order to fight societal corruption. The not-for-profit functions as a whistleblowing organization that serves as an archive of classified documents. Originally, WikiLeaks was operated with the principles of a wiki site, meaning that users could post documents, edit others' documents, and help decide which materials were posted. 

Sung-soo Han

Cyber-attacks or incidents that threaten the command and control structure of the national government or its assets including national defense, emergency response, and economic systems are of growing concern. The digital infrastructure of the nation must be treated as a strategic national asset. The new mission is to deter, detect, and defend against disruptions and attacks of all descriptions.

Magdalena Novak

Cybersecurity encompasses an array of challenges to protect digital information and the systems they depend upon to affect communication. The interconnected world of computers forms the Internet, which offers new challenges for nations because regional or national borders do not control the flow of information as it is currently managed.

Dorothea Petrescu

In response to George Waters

Two-factor authentication (2FA), sometimes referred to as two-step verification or dual factor authentication, is a security process in which the user provides two different authentication factors to verify themselves to better protect both the user's credentials and the resources the user can access. Two-factor authentication methods rely on users providing a password as well as a second factor, usually either a security token or a biometric factor like a fingerprint or facial scan.

George,

Are there any alternatives to two-factor identification?  I have been researching the 2FA apps available on the web but could not find any that are free, easy to use, and reliable all at the same time.

George Waters

In response to future hacker

One tool that can help you protect your privacy and you online identity is two-factor authentication.  It is fast becoming a must in today’s world, where passwords are stolen by the hundreds of millions annually. Whenever possible, use and require 2FA for websites storing your personal information or email. If your computing device supports 2FA, turn it on there. When 2FA is required, it ensures an attacker can’t simply guess or steal your password.

Two-factor authentication (2FA), sometimes referred to as two-step verification or dual factor authentication, is a security process in which the user provides two different authentication factors to verify themselves to better protect both the user's credentials and the resources the user can access. Two-factor authentication methods rely on users providing a password as well as a second factor, usually either a security token or a biometric factor like a fingerprint or facial scan.

future hacker

How can a financial institution determine if a transaction is fraudulent? In most cases, the daily transaction volume is far too high for humans to manually review each transaction. Instead, AI is used to create systems that learn what types of transactions are fraudulent. FICO, the company that creates the well-known credit ratings used to determine creditworthiness, uses neural networks to predict fraudulent transactions. Factors that may affect the neural network’s final output include recent frequency of transactions, transaction size, and the kind of retailer involved.

future hacker

One tool that can help you protect your privacy and you online identity is two-factor authentication.  It is fast becoming a must in today’s world, where passwords are stolen by the hundreds of millions annually. Whenever possible, use and require 2FA for websites storing your personal information or email. If your computing device supports 2FA, turn it on there. When 2FA is required, it ensures an attacker can’t simply guess or steal your password.

Prof. Dr.-Ing. Helga Breitner

In response to Doris Donald

Judging by the look of your face can be something really misleading. There is a pattern, but that can not define anyone. The question is what should be done with this data collected, can it be a proof of something ?

Doris,

Civil rights right organizations and privacy campaigners express concern that privacy is being compromised by the use of surveillance technologies. Some fear that it could lead to a “total surveillance society,” with the government and other authorities having the ability to know the whereabouts and activities of all citizens around the clock. This knowledge has been, is being, and could continue to be deployed to prevent the lawful exercise of rights of citizens to criticize those in office, specific government policies or corporate practices. Many centralized power structures with such surveillance capabilities have abused their privileged access to maintain control of the political and economic apparatus, and to curtail populist reforms.

Doris Donald

Judging by the look of your face can be something really misleading. There is a pattern, but that can not define anyone. The question is what should be done with this data collected, can it be a proof of something ?

Professor Dodds

Excellent video. I agree with the author’s attitude about certification. I’ve taught courses (cryptography, Internet security, defensive coding practices, etc.) that have enabled my students to get certified in Cybersecurity.

Claudia Andre Langlois

@Sebastian,


Think about this: whatever data Cambridge Analytica has on us, it has been handed over voluntarily to one of the world's biggest corporations – by no one else but us!  Here is some more information on the scandal.

Sebastian Evander

Cambridge Analytica is a good sample of people that were only interested in making money. I am not surprised of what they did, I think we will have many other like them in the future, 

Roberto Berti

The tech trends you discuss are quite worrying for me too.  The fact that I am constantly being profiled by automated systems which then make judgments about me is terrifying.

Please login or register to leave a response.