sdgs

SDG: Businesses For a Better Future

Our planet deserves a better future, and the 17 Sustainable Development Goals (SDG) or “Global Goals” are carefully designed to give all people opportunities to start building that future today.

With hundreds of indicators geared towards 2030, the international community established this new roadmap at the end of September 2015. The United Nations member countries designed these goals to cover social, environmental, and economic aspects with a business mindset.

These goals provide a path for any business to direct its efforts toward specific global objectives.

Businesses’ Role

Companies can contribute to the SDGs from three different perspectives, with different returns.

First, there is the development of philanthropic actions not related to the company’s activities. It seeks to improve the social and environmental conditions of the company’s environments, and it primarily has a reputational benefit.

On the other hand, it is possible to implement initiatives related to the organization’s operations to reduce and eliminate negative impacts and enhance positive ones for stakeholders. In this case, the returns for the company are diverse as they include operational efficiency, cost reduction, customer loyalty, among others.

The third approach is to develop innovative products and services within the company’s activity sector. This contributes to the goals established for the SDGs while generating new business opportunities.

The second and third approaches were proposed around operational impacts and are the subjects of the SDG Compass protocol. What does that mean exactly?

SDG Compass: A Guide for Businesses

To help companies contribute to the SDGs, the Global Reporting Initiative (GRI), The United Nations Global Compact (Global Compact), and the World Business Council for Sustainable Development (WBCSD)  created the SDG Compass. It is an action protocol structured in five stages that seek to facilitate companies’ understanding of how they can contribute to the SDGs, encourage their public commitments, and communicate their progress.

Source: SDG Compass (2015)

The SDG Compass starts from a first stage that suggests promoting knowledge about the SDGs and the benefits that the company gets by supporting these goals.

Once the possibility of contributing to the SDGs is on the table, the next step is to design an strategy. To this end, the second stage begins with identifying the impacts that the company could generate with these iniciatives.

The third stage focuses on the action by establishing objectives, work programs, and activities that allow the company to put the goals into practice within the established time frame.

The fourth stage is how to implement the action plan. It suggests assigning responsibilities throughout the company so that all employees participate. Likewise, it recommends associating the indicators established for the SDGs with the performance metrics of the operations. In addition, to evaluate the progress of the action plan, it proposes to create a monitoring body.

Once the action plan is already for execution, it is possible to approach the fifth stage. At this moment, the company publicly reports its performance and the progress achieved, using a language that the authorities and civil society can understand:

  1. Why SDGs are relevant and the associated impacts generated by the company.
  2. The objectives and actions designed to contribute to their achievement.
  3. The management and monitoring systems established to evaluate the progress that the company has achieved.

Advantages of contributing to the SDGs.

Making sure that our society achieves these 17 Sustainable Development Goals has many benefits, such as:

  • Identify business opportunities and attract capital.
  • Enhance the value of corporate sustainability, including attracting talent and customer preference.
  • Strengthen relationships with stakeholders, be aligned with legislative advances, and strengthen risk prevention.
  • Stabilize societies and markets by contributing to their development and access to products and services.

Ideas for businesses to support SDG

Here are 4 ways businesses can support SDG through empowering and inspiring activities. This could be a part of the businesses’ practices or projects.

1. PROVIDE AND MAINTAIN A HEALTHY WORKPLACE

It is essential to ensure that people collaborate in a secure and healthy workplace. If you think about it, most people spend about one-third of their adult lives in a workplace environment.

Consequently, businesses are key drivers for SDG 3 and SDG 8 – “Good Health and Well-being” and “Decent Work and Economic Growth.” Emphasize safe habits at work through frequent training and refreshers, and implement health and fitness programs for your team.

2. REWARD AND INCENTIVIZE RESPONSIBLE BEHAVIORS

Such as “Employee of the Month,” usually reserved for employees with the best productivity, businesses can also reward workers for incentivizing better environmental practices.

In this case, you’d be supporting SDG 12 – “Responsible Consumption and Production.” Consider offering bonuses or awards for the most environmentally conscious team members – especially those who put your business closer to those responsible practices.

3. PROMOTE DIVERSITY IN THE WORKPLACE

Diversity strengthens human relationships and encourages creativity in the workplace.

Organizations are ecosystems that thrive on variety. Diversity at work includes people from different cultures, genders, races, and opinions that add different perspectives to the work dynamics.

With these actions, businesses would support SDGs 5 and 10 – “Gender equality” and “Reduced inequalities.” In this sense, workspaces are not alien to the changes that are taking place in society. Diversity at work is a way of integrating those sectors of society that do not usually have many job opportunities.

A happier future

The international community is facing an exceptional moment, with a challenging roadmap and objectives established through the collaboration of governments, companies, and civil society. From your company, you can contribute to their achievement and develop new business opportunities that combine social and environmental impact with an economic return.

Businesses, regardless of their size, have the power to forge change and harness innovation, involving their employees, clients, partners, and communities – ensuring that no one is left behind in a safer, happier future.

sustainable-development-goals

Sustainable development goals: Creating our future today

We live in a world surrounded by technology. Just look around, how many devices do you see? Have you ever stopped to think about that?

Every year new things are invented, or those we already know are tweaked to make them more efficient and accessible to everyone. Fortunately, technology has always been in our lives, but unfortunately, we have also heard about climate change, global warming, pollution, global food and water shortages, endangered animals! AND the end of the world!

How is it possible that if we are so creative in developing technology that makes our lives easier, we have not been able to remedy these situations? Could we change and improve the world? Fortunately, there is already a plan that can only be successful if we all work together: the Sustainable Development Goals (SDG).

What are the Sustainable Development Goals?

In 2015, the UN, representing the population of 193 countries, announced the 17 global goals of sustainable development that focused on people, the planet, peace, and prosperity to eradicate extreme poverty, fight against inequality and injustice, and mitigate the effects of climate change.

The 17 SDGs are a collection of independent but interconnected goals carefully designed to give all of us a better future, with hundreds of targets and indicators geared towards 2030.

We must achieve these goals by 2030 to protect the planet and make this world a safer and more equitable place.

What can I do as an Individual?

Although it may not seem like it, reading about the SDGs, knowing their lines of action at a general level, and raising awareness among your family, friends, and colleagues is extremely important and the first step you must take.

That being said, here are 3 actions to help you contribute to the achievement of the SDGs. These activities can be part of your lifestyle or projects. Feel free to share them!

1. ENCOURAGE THE 3 R’S – ‘REDUCE, REUSE, RECYCLE.’

Recycling is more important than ever. The use of single-use containers, such as plastic bags or bottles puts tremendous pressure on our Earth. To reduce waste in our waters and landfills, people must follow the three Rs. You would be supporting SDGs 13 and 14 – “Life on Land” and “Life below Water” by doing your part to reduce the waste produced by your daily activities.

2. SUPPORT THE EDUCATION OF FUTURE GENERATIONS – WHEREVER THEY ARE.

Education is the basis of a better future and a pathway out of poverty. There is no dispute on that.

Donate to causes that supply books, build schools, and train teachers everywhere in the world – especially in remote areas. By helping to remove barriers to education, you’re enriching many people’s individual lives and adding talent to the workforce, thus creating the opportunity to have a better life.

3. CHOOSE TO GIVE OR ENGAGE IN CAUSES THAT YOU CARE ABOUT THE MOST

Expand the reach of your impact by engaging in projects that support the SDGs. You can choose multiple projects or just one – that’s up to you. Even some projects may support several SDGs at the same time.

When it comes to giving, engage with causes that are close to your heart. It could be related to education, environment, health, or human rights. In any case, start with the SDG that you feel most strongly about and donate towards causes that support it.

Commiting to Change

It is not long until 2030 comes around. We need to support each other, use our imagination and creativity, but above all, commit to change. If we make these goals known massively, other people might take an interest and cooperate. This is linked to CyberWarrior’s purpose, as it is core to our mission to help people grow personally and professionally – and make sure our planet keeps on turning.

2021 So Far: The Biggest Cyber-Attacks

2021 So Far: The Biggest Cyber-Attacks

For the past few years, we have seen an uptick in cyber-attacks around the world. The pandemic made things even worse, and now we see its consequences. Government agencies, schools, cities, gas pipelines, and major organizations have fallen victim during the first quarter of 2021. Understanding what has happened will allow us to prepare for the coming months.  

In this article, we want to guide you through the worst cyber-attacks we’ve seen this year. What happened, how did the organization reacted and responded, and how they recovered from it.  

1- Florida Water System 

The date was February 5th. A plant operator noticed how the cursor of his computer started moving across the screen and opened software functions that controlled the water treatment for the Florida west coast. The hacker was able to boost the level of sodium hydroxide in the water by 100.  

It is important to note here that poisoning from sodium hydroxide can cause burns, vomiting, severe pain, and bleeding. Fortunately, the operator quickly responded, reverted the levels to normal, and reported the situation to his superiors. Although the sheriff explained that the system has safeguards that prevented the contaminated water from being released to the public, this episode shows the lack of controls and training in the water systems around the country. Cyber-attacks could have put public health at risk. 

2- CNA Financial 

One of the largest insurance companies in the country fell victim to a ransomware attack earlier this year. It all happened when employees got locked out of the company’s systems due to a network disruption caused by a sophisticated cyber-attack on certain CNA systems.  

People familiar with the attack explained that CNA first attempted to resolve the matter without engaging with the hackers’ organization. One week later, they started negotiating and then agreed to pay $40 million to restore access to its systems. This amount is 10 million higher than the biggest ransom reported last year.  

According to a spokesperson, the insurance firm followed all the laws, regulations, published guidance, and worked closely with the FBI and the Office of Foreign Assets Control.  

3- Acer 

In March, the Taiwanese computer and electronics brand reported “abnormal situations” in their IT security controls. It was revealed that they were hit by a REvil ransomware attack that demanded the largest ransom to date, $50 million, and they stipulated that if they did not pay by a certain date, the price would double.  

While Acer tried to keep the situation off from the press, the threat actors revealed documents such as bank balances and spreadsheets that made clear that they had gained access to the company’s financial information, clients’ lists and that a ransom attack was going on. 

Allegedly, this all happened because of a vulnerability in a Microsoft Exchange server that was exploited, giving the hackers access to Acer’s files and sensitive information.  

4- Colonial Pipeline 

One of the cyber-attacks with the most news coverage this year, as it directly impacted the gas supply for the East Coast of the United States while causing panic and chaos.  

The DarkSide, a criminal hacker group, based in Eastern Europe, was responsible for shutting down the pipeline for several days in what appears to be the largest attack on an American energy system. Operations were restored after Colonial paid a ransom of 4,4 million dollars worth of bitcoin.  

All the chaos, gas shortages, and price spikes were a consequence of a leaked password to an old account with access to the VPN used to access the company’s server. This puts in evidence the urge to implement cybersecurity training for all employees, reviewing the organization’s identity, access management policies, and security controls.  

5- NBA 

Earlier in April, the USA National Basketball Association was hit with a cyber-attack that mainly affected the Houston Rockets. The team claims that they could quickly detect the intrusion and respond, reducing the damage to its operation. But, according to Bloomberg, the hacker group Babuk was able to get ahold of at least 500 gigabytes of information, including financial data, non-disclosure agreements, and contracts. 

The criminals posted a message on the dark web claiming for a ransom to return the stolen data, or they would post all the information online. As we write this, there is no proof that a ransom has been paid.  

6- Microsoft Exchange 

A Chinese cyberespionage group uncovered and exploited four newly discovered vulnerabilities in the email software, putting at risk over 30,000 organizations and government agencies in our country.  

Microsoft explained that the hackers were taking advantage of these flaws to conduct targeted cyber-attacks on email systems used by different industries, especially on organizations related to infectious disease researchers, law firms, and higher education institutes. And they stated that the criminals were putting at risk any unpatched Exchange server worldwide.  

Basically, in each unpatched server, the attackers left a “web shell,” a hacking tool that grants them administrative access to the computer and servers. Along with the US Cybersecurity & Infrastructure Security Agency (CISA) and security companies, Microsoft worked quickly to revert the damages caused by releasing an update to the system and providing mitigation guidance.  

7- Accellion 

Accellion, an IT security firm owner of a secure file sharing and collaboration software, was the victim of a cyber-attack related to a security flaw in their software that put at risk over 30,000 organizations, including companies, government agencies, hospitals, and universities.  

A report stated that it all happened in December when a vulnerability in the file transfer software was first exploited and then again in January. Six months have gone by since then, and the attack continues to leave a mess behind. Morgan Stanley, NSW Health, University of Colorado, Grocery Giant Kroger, and many others have released information about stolen or missing data.  

The Cost of Cybercrime Is On The Rise

The cost of cybercrime goes far beyond the actual money invested in detecting, responding, and recovering an organization from an attack. It includes the loss of data, productivity, money, and even reputation. It can even strike so hard that it forces an organization to close its doors. 

The situation has been getting worse year after year. In fact, when you go back in time, you can see that in 2015 the World Economic Forum estimated the cost of cybercrime to be $3 trillion worldwide. Today, Cybersecurity Ventures predicts that it will grow by 15 percent every year for the next five years, reaching 10.5 trillion dollars by 2025. A rise of almost 7 trillion dollars in just 10 years. 

Not only are hackers running one of the most lucrative “businesses,” but they are close to having zero chances of being discovered and prosecuted, according to the World Economic Forum. 

These numbers only mean that organizations (private or public, small or large) are not taking action to prepare themselves for a cyber-attack. During the first six months of 2021, it became more evident than ever before.  We have seen how the Colonial Pipeline suffered a major attack that shut down the gas supply for the East Coast of our country, how the NBA lost over 500GB of confidential data on the Houston Rockets, and how The Steamship Authority of Massachusetts ferry fell victim of a ransomware attack that affected its logistics and services. 

How Can Organizations Mitigate the Risks

The solution here is not to fear cyber-attacks but to make your organization cyber-resilient. Anyone who works in cybersecurity must acknowledge and help their management team understand that the risk of falling victim to hackers is always there. You need to have a plan in place that will enable business continuity while responding and recovering from the attack, lowering the actual impact and cost of cybercrime in your organization.

Also, there are a few industry best practices that every organization should apply to help minimize the risks of attacks: 

The first thing you need to do is provide security training for your workforce regularly. They need to spot a suspicious website or email and even identify a device that might be compromised. They need to know what to do, who to call, and how to react to an attempt against their data security.  

You also need to encrypt as much data as possible, creating an identity and access policy that restricts users who have access to sensitive data, updating and patching software regularly. Most importantly, you have to be proactive and constantly strengthen your security measures. 

These practices can help save your organization. 

 

Top Cybersecurity Influencers You Should Start Following

Staying on top of this ever changing industry can be a daunting task. We have found that one of the best ways to do it is by gaining insight from top cybersecurity influencers, men and women who are constantly sharing information, trends, news, latest attacks, and best practices in their social networks or websites.  

1-Troy Hunt 

Renowned Australian author of different courses of web security. He runs the free service Have I Been Pwned (HIBP), that helps people figure out if their email address or passwords are compromised in a data breach. He is constantly speaking in security workshops around the world, and he has even testified in the US Congress on the impact of data breaches. Troy publishes weekly updates that cover various topics of what is happening in cybersecurity and related fields.  

Twitter: 190.4K @TroyHunt 

Website: https://www.troyhunt.com/ https://haveibeenpwned.com/ 

2- Kevin Mitnick 

Once the most elusive computer hacker in history, he joined the FBI’s most wanted list for hacking into more than 40 major corporations worldwide, not with malicious intent, rather than for the fun and challenge it represented. After running from the feds for three years, he is now a trusted security consultant to the Fortune 500 and different governments.  

Twitter: 260.4K  @kevinmitnick 

Website: https://www.mitnicksecurity.com/ 

3- Mikko Hypponen 

A Finnish security expert that has worked since 1991 in F-Secure, a global security and privacy company with offices in more than 30 countries around the world. Mikko has been published by The New York Times, Wired, and Scientific American. He is also a frequent lecturer in the Universities of Stanford, Oxford, and Cambridge. It is very interesting to read a man that has more than 20 years of experience tracking, disabling, and dissecting malware.  

Twitter: 211.9K  @mikko 

Website: https://mikko.com/ 

4- Katie Moussouris 

American computer security researcher and writer who is most known for her campaigns on responsible security research. She was part of the creators of a bug bounty program for the US Department of Defense called “Hack the Pentagon” and also for Microsoft. She is the founder of Luta Security, an organization that aims to transform the way governments and companies are using people, processes, and tools to improve vulnerability coordination and their overall security. In 2014, Katie was named by SC Magazine as one of the “10 Women in Information Security That Everyone Should Know”.  

Twitter: 105.3K  @k8em0 

Website: https://www.lutasecurity.com/blog 

5- Bruce Schneier 

Described by The Economist as a “Security Guru”, Bruce Schneier is a famous security technologist that has written numerous books in application security and cryptography. His newsletter has been running since 1998 and his blog since 2004, he now has over 250,000 readers around the globe. He has served on different government committees, testified before the Congress of the United States and he is the Chief Security Architecture at Inrupt, Inc.  

Twitter: 135.6K  @schneierblog 

Website: https://www.schneier.com/ 

6- Brian Krebs 

Before creating his own cybercrime blog, KrebsOnSecurity, he worked as a reporter for the Washington Post interviewing hackers for the computer security section. Since then, he is known  for his coverage of cybercriminals and their acts around the world. Several times he has fallen victim, yet this has only made him more interested in the field. 

Brian is the author of an award-winning book called “Spam Nation: The Inside Story of Organized Cybercrime – From Global Epidemic to Your Front Door”, he is also responsible for breaking the story of the Target Corporation breach in 2013 and figuring out who was the man behind the scam. 

Twitter: 314.8K @briankrebs 

Website: https://krebsonsecurity.com/

7- Eugene Kaspersky 

Russian cybersecurity expert and CEO of Kaspersky Lab, an IT company with over 4,000 employees, well known for their antivirus products. In his blog, he shares personal opinions on current cybersecurity and IT topics, news, and industry developments.  

Twitter: 183.4K 

@e_kaspersky 

Website: https://eugene.kaspersky.com/

8- Graham Cluley 

After creating the first version of Dr. Solomon’s Anti-Virus toolkit for Windows, Graham Cluley worked for Sophos and McAfee. He then decided to become an independent cybersecurity analyst. He can be frequently found as a speaker in security events around the world talking about cybercrime.  

Twitter: 103.5K  @gcluley 

Website: https://grahamcluley.com/ 

9- Shira Rubinoff 

An IT security expert, founder of two cybersecurity companies, and one of the most influential women in the field, she usually talks and writes about the connection between technology, psychology and cybersecurity.  

Twitter: 55.9K  @shirastweet 

10- Jayson Street 

Jayson Street is VP of InfoSec at SphereNY. He is best known for breaking into supposedly unbreakable sites to teach companies, governments, and end users why and how to protect their cybersecurity posture. 

Twitter: 57.6K  @jaysonstreet 

Website: http://jaysonestreet.com/ 

11- Zack Whittaker 

If you read websites such as TechCrunch and ZDNet.com, you probably have read a piece by Zack Whittaker. He is the security editor for TechCrunch covering mainly news and topics related to cybersecurity and tech.  

Twitter: 68.5K  @zackwhittaker 

Website: this.weekinsecurity.com 

12- Larry Dignan 

Larry is the Editor in Chief of ZDNet and Editorial Director of TechRepublic. He has covered the technology and financial industry since 1995, and has published articles in different news sites such as WallStreetWeek.com, [email protected] Week, The New York Times.  

Twitter: 31.4K  @ldignan 

Website: https://www.zdnet.com/meet-the-team/us/larry-dignan/

These 12 cybersecurity influencers will help you stay on top of the latest trends and news in the field. Start following them, reading their content, and of course, don’t forget to follow CyberWarrior in all of our social media channels to get familiarized with the industry and what our academy has to offer.  

 

 

4 Security Recommendations For You and Your Family

We are living in a world where technology is taking place in our everyday tasks. We have speakers, computers, TVs, printers, phones, and even vacuums interconnected to one another, always leaving a place for bad guys to grab control of our systems, and even worse, our personal information.  

If you are one of those who believe that you do not have an “interesting” life for hackers, my friend, you are wrong. They are looking to get ahold of social security numbers, credit card information, data related to your work or your child’s school, anything that can open the doors for information they can use to perpetuate a profitable action.  

It is time that we internalize that if we want to live with the technological advances of the 21st century, we need to start taking action to protect ourselves and our families from becoming another number in the hacking statistics. 

CyberWarrior’s Tips for Your Security at Home 

To make this article valuable for anyone out there, we asked our CEO, Reinier Moquete, what his top security recommendations are. Here are the four actions he suggests you start implementing at home as soon as possible: 

1- Setting Up 2 Factor Authentication 

How many passwords do you have? At least one for your Wi-Fi, your personal email, school/work email, each one of your social media accounts, banks, and others. It is pretty hard to create and remember a different password for every account. To better protect your data, it is important to add an extra layer of security.  

The best way to do so is by setting up 2-factor authentication. With it in place, instead of gaining access to your account once you add your login information, you will need to complete a second step. It can be a PIN, answers to secret questions, an OTP (one-time password sent by SMS or email), a keystroke pattern, or more sophisticated options such as your fingerprint scan or iris scan.  

The correct use of 2-factor authentication prevents anyone from accessing your accounts, even if they have one of the security parts of your login.  

There are different options out there for you. Some of them are Google Authenticator, Duo Mobile, Microsoft Authenticator, FreeOTP, LastPass Authenticator, Authy.  

2- Using a Password Manager 

We highly recommend having a unique password for every account you own. Please do not use it more than once, as it increases the chances of losing more personal information. Also, it is not smart to write down your login information, as it can get to the wrong hands. 

To ease this password handling issue, we suggest you get a password manager.  It will encrypt and store your login information for every website you use and help you log in automatically. You will only need to remember the master password.  

There are many options in the market, but at CyberWarrior, we believe that the best options are Dashlane, LastPass, and KeePass. 

3- Connecting Through a VPN 

Have you ever thought about what happens with your personal information online? Have you ever connected using public Wi-Fi? Or have you thought of who knows what your online activity is? If any of these questions made you nod, it is probably time for you to get a Virtual Private Network or VPN.  

This is an encrypted connection between the device you are using (phone, tablet, computer, others) and the internet. Meaning that no one can see what you are up to.  

There are a lot of good, free VPNs out there, but they have a limited selection of servers and only allow you to use small data to navigate the internet. That is why we suggest you invest in a trusty service such as ExpressVPN, NordVPN, Hotspot Shield, PureVPN, or IPVanish.    

4- Turning On HD Encryption 

One of the most powerful tools to protect the data in your computer is full disk encryption. It basically transforms the information stored there into an unreadable format that can only be decrypted by those allowed to access it with a secret key or password.  

To do this on your computer, you will need to get an encryption tool and a storage backup drive. Among the best tools in the market are: BitLocker, Guardium, Boxcryptor, DiskCryptor, and VeraCrypt. 

There is no 100% guarantee when it comes to security, but having in place all these four actions will help scare the hackers away from your home and family. And also, keep in mind that you should all read the basics of online security so you can prevent clicking on a phishing email, on social media cyber-crimes, or any other hacking technique.  

 

 

A Look Back at Alan Turing’s Life

As cybersecurity experts, we owe a lot of what we know today to the great mind and life of Alan Turing. This blog is a way to remember his work, innovations, and contribution to modern computing.  

Early Years 

He was an English mathematician,  logician, and the pioneer of theoretical computer science and artificial intelligence. He was born in London on the 23rd of June of 1912. Since he was a little kid at school, his intelligence was more than clear. It is reported that he did not pay much attention to classes but still could get the highest grades in tests. As a result, he had different teachers call him a “genius.” 

His experience studying mathematics at the University of Cambridge gave him a few years filled with work, social life, and sports. He even joined the peace movement against the rise of Hitler. He graduated with a first-class honor’s degree. And then headed to Princeton University to earn his Ph.D. in the same field. During this time, he made the “Turing Machine,” the first notion of a universal computing machine that could solve complex calculations.  

Once he went back to England, he was invited to join the Government Code and Cypher School (now known as the GCHQ), a top-secret British code-breaking organization. Once World War II started in 1939, Alan decided to move the organization’s wartime headquarters to Bletchley Park, where he completed one of his most notable achievements: cracking the “Enigma Code.”  

Alan Turing & The Enigma Code 

The Enigma was an enciphering machine used by the German armed forces to send secure messages during wartime. At the time, a team of Polish codebreakers cracked these codes, but once the Germans noticed this had happened, they improved their controls by changing the cipher system daily. Then Turing came along.

Alan Turing took some of the systems the Polish had developed and, with the help of the fellow code-breaker Gordon Welchman, he developed the “Bombe,” a machine that decoded messages sent from the Enigma, not only helping ease the work for code-breakers at that time but helping gain intelligence for war efforts.

His efforts also helped decrypt more complex information during the war. With the “Hut 8” team at Bletchley Park, they read German naval signs from submarines prowling in the Atlantic to hunt Allied ships that carried equipment and other vital things for the war efforts. In addition, the Hut 8 team was in charge of charting the movements of the German submarines, so the Allied forces could avoid them and successfully deliver their cargo.

His breakthroughs during World War II helped ease the path to more pacific times, and at the end of the war, his government recognized him as an Officer of the Most Excellent Order of the British Empire (OBE).

Life After World War II 

Once the war finished, Turing went back to study and work in computer science and designed the Automatic Computer Engine, which he believed would offer “unlimited scope for practical progress towards embodying intelligence in an artificial form.” He was then made Deputy Director of the Computing Laboratory at the University of Manchester and was the first to address Artificial Intelligence.

In 1952, the police investigated a burglary in his house when he admitted he had a sexual relationship with Arnold Murray. He was arrested for homosexuality, which was illegal in Britain at that time. He was later found guilty of “gross indecency” and decided to avoid prison by accepting chemical castration by taking high doses of estrogen to reduce sex drive. Two years later, he was found dead, in an apparent suicide from cyanide poisoning. His death was never examined, but something that remained true is that homosexuals could not complete security clearances, which meant that Alan Turing could not be involved in secret work during the Cold War. His conviction was overturned in 2013.  

 

 

Important Considerations from the 2021 Verizon Data Breach Report

Are you familiar with the Verizon Data Breach Investigations Report (DBIR)? If not, this is an annual analysis of the security incidents that occurred over the course of a year. It centers most of the work on data breaches. It was first published in 2008. Since then, they have increased the number of organizations’ data (public and private) they collect to provide a more robust report on breaches, threat actors, types of organizations targeted, and more.  

This year, the Data Breach Report was built out of 5,258 breaches from 88 countries around the world. The largest number they have ever reported, and it turned into a 119-page publication. Going through its pages, we found many interesting and important pieces of information that we think will help you, our readers, better understand what happened during the first year of the pandemic in the cybersecurity industry. 

We don’t expect you to read through all the pages. But, if you want to do it, please take your time so you can fully digest their findings. You can access the report using this link. In this blog post, we share a summary of what we consider major trends that can impact your actions and plans to prevent cybersecurity incidents in your organizations.  

Key Findings From the Verizon Data Breach Report 2021 

Just as the DBIR states, this “publication is not in the business of prediction… you don’t need a crystal ball, a neural network, or next-gen AI to tell you what the norm is,” but it can be beneficial when creating or updating your response strategy. For example, by understanding how a normal data breach happens, you can improve against it and the exceptions.  

1- Organized crime continues to dominate, year after year, the number one position when it comes to attackers. In fact, 80% of data breaches are attributed to them. However, we find it important to say that the study did find a decrease in internal actors being the cause of data breaches.  

2- The vast majority of data breach attacks are due to financial reasons. Espionage and other motivations are only responsible for less than 10% of the attacks. 

3- Even with the pandemic going on, the top action varieties in breaches remained the same from the past report. Phishing is still number one, but with the pandemic, we saw an increase from 25% to 36% of breaches attributed to it.  

4- Ransomware attacks are on the rise. The report concludes that it is the third cause of data breaches, and it doubled its frequency from last year. 

5- Human factor continues to be one of the biggest cybersecurity threats. 85% of data breaches involve a human element, and to make things even scarier for organizations, the report claims that employees are still making mistakes that cause security incidents and breaches.  

6- External cloud assets are more likely to be compromised by an attack than on-premises assets. 

7- Attackers are using older vulnerabilities to exploit and gain access to systems and networks. Making it clear that organizations need to improve their patching performance.  “To patch smarter, not harder, by using vulnerability prioritization not necessarily to improve security, but to improve organization’s productivity.” To put it in other words, you are taking steps further from downtime for every patch you apply.   

8- Hackers are looking to steal credentials, in fact, it is the most sought-after data type, and it is the fastest to get compromised.  

9- Privilege misuse and system intrusion are the types of breaches that take longer to be discovered by an organization.  

10- The average cost of a business email compromise attack is $19,296. At the same time, the median loss in a ransomware attack was $11,150. 

Industry-Specific Data 

This year the Data Breach Report included the analysis of 12 industries, demonstrating that each one of them suffered attacks and threats in different ways. This will vary according to their infrastructure, the data they collect, and their interactions with groups of interest (customers, employees, vendors, and others). Some of them are:

1- Financial and insurance organizations frequently face credential and ransomware attacks from external actors. 

2- Healthcare is still vulnerable to human factors as misdelivery is the most common error causing security problems. On a more positive note, since 2019, the industry has seen a shift from branches caused by internal actors to external actors that are looking to compromise both personal (66%) and medical (55%) data. 

3- Public administration has been the perfect target for social engineering attacks, as hackers have managed to craft credible phishing emails to gain access to credentials (80%) and personal information (18%). 

4- The retail industry faces financially motivated attacks of criminals trying to get credit cards and personal information. The most common social tactics in this sector are pretexting and phishing.

As we said before, these numbers give us a better understanding of what has been the most common behavior for cybercriminals and data breaches over the last year. It can help us prepare and plan our security measures, but we cannot consider them to predict the future of our organization. A word of advice would be to put in place security training for everyone in your staff, patch and solve past vulnerabilities, and establish an identity and access management to better control who has access to technology.  

 

women in cybersecurity

We Need More Women in Cybersecurity

The cybersecurity talent gap is no longer just a staffing problem. It has gotten so bad that it is now a matter of national security. To this day, there are over 520,000 unfilled cybersecurity jobs just in the US. No wonder why every day we read in the news about numerous attacks towards government offices, large corporations, small companies, town supplies, schools, and more recently, to COVID vaccine developers.

In the past, we wrote about several ways we, as cybersecurity consulting firmand academies, can help ease this situation. This time, we want to analyze women working in cybersecurity and how they can be part of the solution to the talent gap.

The Lack of Women in Cybersecurity 

Over the past few years, we’ve seen how women are gaining territory in cybersecurity. When we look at recent workforce studies, we can see that in 2013 women represented 11% of the worldwide cybersecurity workforce; by 2019, that number grew to 20%. A 9% increase in 6 years is not negligible, but it is not enough; we need to achieve gender equality, especially when you are talking about a field going through an enormous talent gap for several years and a zero unemployment rate since 2011. 

So, why is this happening? Why hasn’t cybersecurity been able to achieve some level of gender equality 

There are different reasons. One of them is that there is still a preconception that technical professions are the best options for boys, not girls, among young girls and even their families. This can be either due to the lack of knowledge of what it really means to work in cybersecurity or because of what movies have “taught” us about it: usually, it’s a man hiding behind a hoodie trying to hack large corporations, while the IT guy is alone in a computer room fighting the battle.  

Whatever the reason behind this belief is, we need to do something about it. Women and men who work in cybersecurity perform basically the same tasks. They handle security threat detection/remediation, data security, network security architecture, security consulting, and others. 

At the same time, we can see how women in cybersecurity face big compensation differences from men. According to ISC2, the salary difference can be from 16% to 20% for the same role, and to make things worse, women tend to emphasize their education and certifications. They work harder in their career advancement. Over the past few years, we have seen that all this effort is starting to pay off: women are now filling more leadership roles than men. 

How to Boost Women Involvement in Cybersecurity 

This is a job that cannot be made by just one organization, and it requires the joint work of the government, nonprofit organizations, cybersecurity professionals, and even schools. But, don’t let this discourage you from doing your part: 

  1. Help young women develop their desire and aptitude to learn IT: we need programs that help identify girls with a natural interest in IT and develop the necessary skills and knowledge to be successful professionals.
  2. Encourage girls to participate in hackathons, capture the flag competitions, and others: when participating in different contests, they will realize they have the same opportunities as boys in technology,  learning hacking skills, programming languages, and more.
  3. Women in cybersecurity should serve as mentors to future generations: talking from their experience will encourage other women to pursue a career in the field. Make it a relatable story, cover the challenges you have faced, overcome them, talk about salary differences, and become part of the leadership team. Be a source of inspiration.
  4. Create mentoring programs: not only do school girls need help developing their cybersecurity skills, but anyone who wants to get started in this field needs guidance, support, and relevant knowledge.
  5. Fight for gender equality in the field: as we mentioned before, there is still a lot of work to close the gender bias in cybersecurity. Women deserve equal salaries and the same benefits as men, as well as the same growth opportunities.

Attracting more women to cybersecurity is not an easy job. There is a lot that needs to be done, from creating educational programs to encouraging women to get started in the field to write job posting offers to make women feel welcomed to apply. The result of this effort will be beneficial for women and the world of cybersecurity, for large corporations small companies, and for every citizen of the world. 

Cybersecurity: A Career Choice for Veterans

Veterans, The Key to Closing The Cybersecurity Talent Gap

Before COVID-19 hit the world in an unprecedented crisis, cybersecurity was facing one major problem: a widening talent gap that only became worse with remote working being the new normal. To give you a better idea, the latest report published by ISC(2) says that the world currently needs an additional 4.07 million professionals, the US needs to increase the cybersecurity workforce by 62%, and to make things worse, companies, desperate to have cybersecurity staff, are hiring people who don’t have the right training for the positions they are filling.  

 As you can tell by the numbers: the problem is real, it has been going on for several years now, and it does not seem as if this trend is going to change soon. So to address an old problem, we need new ways of thinking and acting. But what can be done?  

As we mentioned in a previous post, we need first to understand our cybersecurity needs, how we can take care of them, and the real hard and soft-skills associated with them. We also need to promote apprenticeship programs that offer on-the-job experience and cybersecurity certifications.  

But our efforts don’t stop there. We should start offering training for people with different backgrounds and help them transition to cybersecurity. Why not consider veterans?  

Every year, about 200,000 service members leave the military and look for different ways to transition to civilian life. These are men and women who have had a different experience than the rest of us, who have been trained to think like an adversary, to work under pressure and high-stress environments, that understand work ethics, that have a sense of belonging and responsibility, that have decision-making abilities, discipline, and know how to work as part of a grouphave all the great qualities necessary for someone who will be defending your network and system from online adversaries. 

Organizations can look over to our veterans and help them reincorporate into civilian life by offering them training (with a foundational understanding of the threat landscape, cybersecurity fundamentals, and skills needed to implement the strategies and concepts), mentoring, and the chance to get a job in their cybersecurity department. It is a win/win situation.