Safety and Security by Mediaplanet_USA

A Mediaplanet Guide to Protecting Yourself at Home and Online

Safety & Security

Gary Sinise Read the exclusive interview with the actor and humanitarian about what his foundation is doing to support first responders

Learn what world-renowned former hacker Kevin Mitnick has to say about 21st century cybersecurity Discover why “Shark Tank” star Robert Herjavec says AI is the future of data protection

SEPTEMBER 2020 | FUTUREOFBUSINESSANDTECH.COM

An Independent Supplement by Mediaplanet to USA Today

Looking for Talent in the Cybersecurity Industry Cybersecurity is one of the few industries still actively hiring during the pandemic, the only problem is finding enough qualified candidates to fill these open roles. The United States is still reeling from the economic impact of the COVID-19 pandemic. Unemployment rates peaked at 20.5 million unemployed Americans in April, the highest since the Great Depression. But as most industries feel the effects of stay-at-home orders and new restrictions, many organizations are actively hiring for technology and cybersecurity roles. Just this spring, there were more than 348,000 open cybersecurity roles, which signifies great resilience within the industry. The problem is that while organizations may be ready and willing to hire cybersecurity talent at growing rates, there is still a shortage of qualified professionals in the industry. But there are solutions available. For one, organizations can hire within. Many organizations overlook the possibility of transitioning workers from other business areas, including IT, into cybersecurity. This “cross-skilling” provides an alternative to traditional hiring and recruitment and adds an opportunity for companies to create more diversity in the field. Second, organizations can look beyond candidates with undergraduate degrees in cybersecurity or computer science and pursue individuals of different backgrounds and experience levels. Respected industry certifications like CompTIA’s Security+ or the Associate of (ISC)² CISSP can and should provide an indication to employers that a candidate is worth an investment even in lieu of the degree. Lastly, being proactive in updating job descriptions, clearly defining job roles and career paths, as well as providing training opportunities to upskill and reskill employees gives organizations the greatest chance of acquiring and retaining the best talent. This has been paid for by CyberVista. Simone Petrella, CEO, CyberVista

@MEDIAPLANETUSA

A Step-By-Step Guide to Better Cybersecurity

he FBI’s Internet Crime Complaint Center 2018 Internet Crime Report includes information from nearly 352,000 complaints of suspected internet crime, with reported losses in excess of $2.7 billion. If you think your home network is too small of a target for a cyberattack, or that the many connected devices present in your home have built-in security that’s good enough, you are wrong on both counts. If it’s connected to the internet, it’s susceptible to outside threats unless precautions are taken.

@FUTUREBUSINESSTECH

Stay on top One such precaution is to stay current with software updates and patches for all devices that connect to the internet. Software updates add new features and functions, but in many instances, they also include critical fixes created to counter a real threat or vulnerability that’s been identified. Delaying software upgrades only serve to raise the odds of an attack. Smart phones, tablets, and desktop and laptop computers typically have an auto-updating feature. But many other connected devices do not. Be sure

to check regularly for software updates on routers and any other devices around your home that connect to the internet or to computers and mobile devices. Be careful with new connections When adding new devices to your home network be sure to change the factory-installed default configurations, usernames, and passwords. Leaving these unchanged creates opportunities for outsiders to gain unauthorized access to information, install malicious software (malware), and cause other problems. Always proceed with an “buyer beware” mindset before buying a new connected device. There are a variety of ways to see if a vendor or product has known privacy or security issues. You can search for vendors and specific products to see if they have known vulnerabilities and whether they’ve been patched. Another option is to visit the Better Business Bureau site to see if other customers have reported issues, or if there are government actions against the company. You can also use a search engine to look for the product or vendor name with the word “recall” in the search to see if there are any recalls under way. Back it up Finally, make it a habit to regularly back up your data and valuable information, either to an external device or to a cloud based service. These backups are crucial to minimize the impact if data is lost, corrupted, infected, or stolen. n Todd Thibodeaux, President and CEO, The Computing Technology Industry Association

INQUIRIES: US.EDITORIAL@MEDIAPLANET.COM AND US.ADVERTISE@MEDIAPLANET.COM

PLEASE RECYCLE

Publisher Christian Smith, Hillary Schier Business Developer Abraham Freedberg , Mac Harris Managing Director Luciana Olson Lead Designer Tiffany Pryor Designer Tiffany Jackson Lead Editor Mina Fanous Copy Editor Kathleen Walsh Director of Sales Stephanie King Director of Product Faye Godfrey Cover Photo Courtesy of the Gary Sinise Foundation All photos are credited to Getty Images unless otherwise specified. This section was created by Mediaplanet and did not involve USA Today.

READ MORE AT FUTUREOFBUSINESSANDTECH.COM

MEDIAPLANET

One Platform. One Agent. One View. Now bringing the unified power of the Qualys Cloud Platform to EDR Qualys Multi-Vector EDR is a new approach that provides comprehensive context and visibility into the entire attack chain – from prevention to

KILL PROCESS

qualys.com/Try-EDR

UNINSTALL

PATCH OR REMEDIATE

QUARANTINE

The tech industry has a responsibility to come together to protect cybersecurity for everyone. With an estimated 75 billion connected devices being deployed by 2025, the potential attack surface for cybercriminals grows. This threat is amounting to around 5,400 attacks per month on average against IoT devices, according to Symantec research. Many point to vulnerabilities in poor security on home thermostats, or even implantable medical devices. But the responsibility for preventing or minimizing cyberthreats goes beyond identifying a vulnerability and providing a patch. In 2017, Arm CEO Simon Segars called for companies to sign up to a digital social contract that obliges them to protect users. Since then, the electronics design ecosystem has joined hands to work relentlessly to ensure, through new management systems, that all devices have the most up-to-date security at any given point. One key to this is a grassroots approach that builds on universal secure design methodology that is PSA Certified. It provides a security baseline for connected devices, and provides independent assessment by leading test labs. The methodology has been embraced by global industry players who use the freely available resources to mitigate some of the overhead costs associated with implementing a security baseline in their devices. The second key to the security journey is to ensure comprehensive IoT device management to protect connected devices throughout their lifecycle. This includes securely provisioning the device once it’s turned on in the field, managing the updates over the air, and securing the communication between the device and the data store. This has been paid for by Arm. David Maidment, Director Secure Device Ecosystem, Arm (A PSA Certified Co-Founder)

READ MORE AT FUTUREOFBUSINESSANDTECH.COM

PHOTO: KNOWBE4

Internet Security Relies on Industry Teamwork

Advice About Digital Security From a Former Hacker

Infamous computer hacker-turned-security-consultant Kevin Mitnick explains the toolkit used by today’s hackers to help everyone understand how to better protect their digital information. What originally drew you into the world of hacking? Challenge — pursuit of knowledge, seduction of adventure. In high school, I met this other kid who could perform magic with the telephone. It was called “phone phreaking,” and it facilitated my other great passion: pulling pranks. As the phone company started using computers to control devices, such as phone company switches, my interest in hacking began. When I started, it was completely legal, and hacking was cool. Hackers were considered the wiz-kids. My favorite hack of all-time, still to this day, was

when I was young, hacking the McDonald’s drive-through window. Truthfully, my passion for hacking has always remained the same. Businesses hire my company to try and break into their organizations to test their security. It’s like living in a heist movie. What’s not to love about that? What are the biggest barriers a hacker faces when attempting to access private information? Not much. Private information is freely available if you subscribe to the right databases, typically used by information brokers. These databases allow you to

query a person’s social security number, birthdate, current and past addresses, current and past phone numbers. Once this information is obtained, it’s not too difficult to obtain the target’s credit report online. As far as gaining access to enterprise information, the biggest barrier is layered security controls, meaning I would have to compromise several layers of security to break in. I travel the world and demonstrate live hacking at many conferences and speak to people of all walks of life. Lately, I’ve been showing how easy it is to steal someone’s personal identity in about 60 seconds! By accessing some data-

bases I’ll know an individual’s mother’s maiden name, social security numbers — a whole bunch of stuff. What are some myths regarding what hackers can actually get access to? Hackers can get access to anything if they have enough time, money, and resources. The myths are more about how they hack anything. Despite Hollywood’s insistence, I have never needed a skateboard to hack, and my fingers don’t move at supersonic speeds. I think the most famous myth of how hacking can be done personally happened to me. The prosecutor in my case told a Federal Judge that I could dial-up a modem at NORAD and whistle into the phone and possibly launch a nuclear weapon. I almost burst out laughing in court when I heard that. But there was, and still is, so much fear built up by media and governments that the judge ignored the fact that prison officials would place me in solitary confinement so I was unable to get access to a phone in prison, just for the safety of the nation. Remember: I hadn’t stolen for profit; I just loved the thrill of hacking because of the challenge. Most importantly, I had never threatened nor had any desire to hurt anyone, yet I was made out to be the poster boy for the new evil menace: hackers. I was just a kid looking for a challenge and adventure. It wasn’t a fun year. When I started hacking, there was no legislation in place to deal with hacking. It doesn’t seem that long ago, but what seemed impossible then is a reality now. This year I showed the world the first video recording of an undetectable tap of a fiber optic cable. Concerning security, this has serious implications for individuals,

corporations, and government organizations. Try to remember: If it’s important, use encryption. Possibly “air-gap” it too, meaning make sure your data is not connected to the internet. How does security for mobile devices differ from that of corporate services and PCs? Most people don’t even use security on their mobile phones, such as adding a passcode. The majority of people blindly use public Wi-Fi in public spaces. If there is one thing anyone can take away after reading this is use a virtual private network (VPN) service. One thing people should consider is purchasing a VPN subscription so that they can securely connect when using public Wi-Fi. Basically, if you aren’t using a VPN, your internet traffic may be monitored, or worse, you may be hacked when using open wireless networks. What steps would you tell organizations to follow to improve their cybersecurity measures? There are two important and easy steps that will provide much, much better cybersecurity for any organization. Get tested regularly. Smart organizations are using the progressive strategy known as “red teaming.” This is a rewarding practice of using external, independent teams to challenge organizations to find ways to improve their effectiveness. The red teaming strategy encompasses and parallels the military use of simulations and war games, invoking references to competition between the attackers (the red team) and the defenders (the blue team). For cybersecurity this is known as security penetration testing, the use of third-party

penetration testers to simulate attacks by real intruders against systems, infrastructure, and staff. The ultimate goal is to provide organizations with a thorough analysis of their current security. Secondly, train all your staff on what social engineering is and how to detect it. People are the weakest security link. They can be manipulated or influenced into unknowingly and innocently helping hackers break into their organization’s computers and they can be manipulated into handing over the keys to the kingdom. Social engineering is a technique used by hackers and con artists that leverages your tendency to trust. Providing security awareness training for staff is absolutely crucial in light of social engineering. When our team is testing a company, we immediately target a sales individual who is willing to open any attachment or go to any website. We booby-trap these events with malware that’s undetectable to anti-virus solutions. It’s not that hard to do. Consequently, we then own the salesman’s machine and then work our way into the corporate network, and then it’s game over. Sometimes it only takes compromising one person to own an entire organization. Finally, I know that the business of cybersecurity is new and growing, and I don’t ignore the irony that I’ve been able to turn lemons into lemonade. But I do see a problem with cybersecurity business, as it’s now becoming a modern day gold rush with its own versions of fake claims. There is no silver bullet for security; there is no such thing as absolute security, nor is there any automated tool that even comes close to the skills of a motivated hacker probing for an organization’s vulnerabilities. The truth is simple. It takes one to know one. n

The Good, the Bad, and the Ugly of Cloud Computing There’s no silver bullet when it comes to cloud migration. However, the likelihood of a successful migration is boosted when organizations are aware of best practices. The cloud and the migration process open an organization to a whole new world of security risks, including application vulnerabilities and exploitation, malware and ransomware, unsecured services, and more. With that said, if you plan and take a proactive approach, you will help to limit the risks and complete your journey in a much better position. Here are four security considerations to help ensure that you are prepared and empowered to properly secure your cloud migration and future cloud projects without slowing down the process. Apply the right security at the right place Whether you’re running bare-metal workloads, virtual machines, containers, or serverless functions, each workload or application requires its own unique set of security capabilities to protect against known and unknown threats. GDPR, HIPPA, PCI, FISMA standards Understanding your organization’s compliance standards before starting on your cloud migration is essential to preventing future roadblocks. Train and equip Managing and securing a hybrid cloud is different than your data center. Equip your staff with the skillset needed to understand the cloud as well as they understand the data center today. Early implementation IT and security teams should work with developers to implement security earlier in the development pipeline, before workloads are pushed to production. This ensures vulnerabilities, malware, and configuration issues are found sooner. This has been paid for by Trend Micro. Andrew Stevens, Director, Hybrid Cloud Security, Trend Micro

MEDIAPLANET

Fighting Cyber Threats in 2020

Brendon Rod Marketing Manager, Ironscales

A panel of experts discuss the growing problem of cybersecurity threats and how the industry is responding with new technologies, new techniques, and broadening the talent pool. We don’t often think of honeypots and deception when we think of website security; how does Allure use these two tactics to protect customers? Salvatore Stolfo: Phishers seek identities and credentials, [and they] can net fake credentials that are stuffed into their websites — provided the decoy credentials are believable. We can do that easily when they are expecting names, email addresses, and passwords. Automation can deceive many phishers at scale, changing the economics of their activities. Cleverly designed, decoy credentials can also be used to monitor their behavior after they are stolen.

Salvatore Stolfo CTO, Allure Security

Mark Davis Managing Director, Fullstack Cyber Bootcamp, Fullstack Academy

What is machine learning and how does it relate to email security? Brendon Rod: In the context of email security, the biggest role that machine learning has played is in shifting the industry from a reactionary mindset to a proactive one. Phishing emails are morphing at scale, so there’s little sense in only studying malicious interactions. By crunching data from the overwhelming amount of legitimate email interactions and understanding what typically happens, machine learning empowers us to recognize and predict new deviations and attacks as quickly as they emerge. What is best practice for dealing with ransomware? Chris Gerritz: Ideally you want to respond so quickly to a breach of security that you purge the hacker before they can initiate the destructive ran-

Chris Gerritz Co-Founder & Chief Product Officer, Infocyte

som portion. Recent tactics in ransomware give you a window of a few hours to up to two weeks between initial entry and initiation of this ransom. Should an attacker successfully encrypt your files and ask for ransom, a professional incident response firm should be brought in to see if it’s possible to recover data. Even if not, it’s important they triage the network to remove the attacker’s malicious access as you start to rebuild. What are some of the biggest challenges for overcoming the skills gap in cybersecurity? Mark Davis: The biggest challenge is that cybersecurity is a broad field. It has many different specializations, and the material is complex and requires an analytical mindset to learn. That’s why people with the required skills are so sought after. Next, we need to expand the number

Dont Let Your Customers Get Scammed by Phishers

Altaz Valani Director, Insights Research, Security Compass

of training programs available and make them more affordable. That means all types of training methods, including undergraduate degrees, graduate degrees, and the emerging category of cybersecurity bootcamps. What Is Balanced Development Automation? Altaz Valani: Balanced Development Automation directly integrates with both DevOps and security workflows by integrating security policies from industry best practices and frameworks with DevOps procedures at the code level (using just-in-time contextual micro-training and code samples) which reduces the noise with downstream threat modeling activities. Because of the bi-directional mapping between security policies and DevOps procedures, a real-time security posture and risk assessment is always available. n

Read more of their insight about xxxxxxxxx at CAMPAIGNHUB.COM 6

READ MORE AT FUTUREOFBUSINESSANDTECH.COM

MEDIAPLANET

Making Cybersecurity Training Something Employees Want to Do What has become very apparent in the last few years is that all employees, from senior management to part-timers, are the largest cybersecurity vulnerability that any organization faces, but a new economic cybersecurity training program has been proven to significantly reduce the chances of a cyberattack.

new electronic revolution, that like earlier industrial revolutions, is already substantially changing and redefining our society. This change is happening far faster than previous industrial revolutions. New technologies including 3D commercial production, data driven vehicles, robotics, biotechnology, and AI are blurring boundaries between physical, digital, and biological to create a new techno-reality. This revolution is also changing criminal activity.

Even businesses that have invested heavily in cybersecurity base their investments on technology and don’t sufficiently attend to the human side of the problem. The reason employees are so important for commercial operations security is because cyber criminals know and learn from how employees operate. And they will perform attacks on an organization, for instance, using sophisticated phishing emails — making employees the first line of defense that needs to be strengthened. Over half of most organizations’ employees have not received effective

READ MORE AT FUTUREOFBUSINESSANDTECH.COM

cyber security training, so it’s no surprise that 96 percent of them still save passwords on their devices so they can remember them. And less than 24 percent of organizations have properly cyber-trained their employees in the last 12 months. Cyberattacks have cost U.S. businesses over $3.5 billion in 2019 due to cybersecurity attacks, hacks, and related security incidents and this figure is increasing. Insurer found that well over 50 percent of businesses had faced an attack in 2019 but that almost 75 percent of firms are ranked as early starters in

terms of cyber readiness. Training is an issue with the whole organization, despite the fact that employee education is the best way to tackle these types of threats. But a lot of current cyber training is considered boring by employees and often faked and ignored by many. But an exciting training program, like the GoCyber training program, which leverages inspiring content, social learning, gamification, and daily challenges, can drive culture and behavioral change across businesses. n Alfred Rolington, Co-founder & CEO, Cyber Security Intelligence

The Pros and Cons of Outsourcing Cybersecurity Joseph Steinberg, author of “Cybersecurity for Dummies” and thought leader in the field, answers questions about preventing cyberattacks at work and lays out the arguments for and against hiring a third-party agent.

How does a business know if it is under cyberattack? Some clues that you might be under attack include logins at unusual times (especially from privileged accounts such as those of system administrators), unusual data flows either internally or out to the internet, unusually degraded system or network performance, unusual data storage patterns on internal systems, system malfunctions and errors, unexpected

system responses, missing or corrupted data, extraneous or erroneous data, unexpected applications found to have been installed, websites rendering improperly, local network or internet connectivity problems, and, obviously, ransom demands from ransomware. How can outsourcing security management or technology help enterprises in particular? Are there any pitfalls to outsourcing security that stakeholders should be aware of?

Many smaller organizations do not internally have the manpower or expertise needed in order to adequately manage their own security. In such cases, third-party providers specializing in information-security operations or management can provide significant value. Keep in mind, however, that the primary concern of a third-party company is itself. If something does go amiss, and your data is breached at a third-party provider, the provider’s primary concern may be to protect itself, and you could suffer financial and reputational repercussions for which the provider will be unwilling or unable to reimburse you. How do you recommend companies designate, attract and retain cybersecurity personnel? How are the requirements for an SMB cybersecurity professional different than an enterprise cybersecurity professional? To attract and retain good workers, make sure that your organization is the kind of place that your “ideal employee persona” would want to work. Likewise, make sure that you recruit in places that such folks hang out, online or in person. I wrote many pages in “Cybersecurity For Dummies” on the differences in skills needed between SMB and Enterprise info-sec workers. I recommend checking this material out in the book. n

MEDIAPLANET

Can You Be Hacked With Credential Stuffing? You probably know about phishing, now learn more about the newest potential online threat — credential stuffing. With people and businesses spending even more time online, the potential for one weak link to cause a cyber headache has increased even further. In addition to phishing, there is another technique that has become one of the biggest abusers of lax security: credential stuffing. So, what is credential stuffing? Credential stuffing attacks automate large-scale attempted logins using account information that is sourced from previous breaches. The idea being that most people will reuse the same email and password combinations across multiple sites. This is backed up by research which shows 71 percent of accounts use the same passwords for multiple websites. One of the most recent high-profile credential stuffing attacks was seen when Disney+ launched, resulting in thousands of users being locked out of their accounts. Within just days, lists were available online for people to buy and gain access to cheap subscriptions. Which for Disney meant hundreds of negative headlines accompanying the launch of their new streaming service. How to not get stuffed Encouraging a higher level of digital hygiene amongst users will reduce the threat. Encourage the use of new passwords for every account, as well as the use of password managers which generate unique and complex passwords and store them for ease of the user. And then there is more that can be done on the technical side from security teams. Ensure detection tools and processes are employed to identify any possible credential stuffing attacks early in the authentication process. Ultimately, credential stuffing is only as dangerous as you let it be. Take the correct steps and you can tell the hackers to get stuffed. This has been paid for by Auth0. Joan Pepin, Chief Security Officer, Auth0

READ MORE AT FUTUREOFBUSINESSANDTECH.COM

Every Business, Big and Small, Needs to Think About Cybersecurity Small businesses may think they are not a target for cyberattacks, but this is a mistake that could cost big. Malicious actors, formerly called “hackers,” are opportunists and like to go after easy targets, much like how burglars target houses without security monitoring stickers in the windows. They realize that most of those 30.2 million businesses aren’t practicing basic security safeguards, thereby making them easy marks. Often without proper security measures in place, businesses won’t even realize they’ve been hacked. By the same rules Small businesses are also required to comply with the same laws and regulations as larger companies when it comes to personal data. This includes “consumer data,” which is all data supplied by a customer. This is the most easily understood sensitive information, such as credit card data and health information. So, what are you, as the owner of a small or midsize business, supposed to do? You may not have the resources available to invest in a large-scale security operation. The good news is you don’t have to, you just need to invest the appropriate amount into a security initiative that protects the data and environment according to the size of your

company, and amount of data you collect, process, and store. Additional resources The SBA has a wealth of resources presented in an easy-to-understand way, including explanations of common threats, how to assess your business risk, cybersecurity best practices, and even training. You may also consider engaging with a smaller-sized, local security consulting company to perform a high-level assessment of the safeguards in place, which will result in a report that details what you need to do to improve your protection. You would be surprised how reasonably priced their services are. For those whose businesses already have an IT department, be sure to ask the same questions using the knowledge gained by the SBA resources. It will impress them that you care enough to ask. One last piece of advice offered to all businesses is to stay educated on the topic of cyber and information security. With new laws, regulations, and attacks announced frequently, it is important to stay informed. n Candy Alexander, CISSP CISM, International President, Information Systems Security Association (ISSA)

Only You Can Stop Cybercriminals Additionally, we can act as human firewalls by following safe practices on the internet and on the phone. For example, notice the difference between “http://” versus “https://,” and check privacy settings on social media. Remember, nothing ever leaves the internet.

Being always connected has great advantages, but it also means we must increase our security and privacy awareness as we bring in the enterprise capabilities to our homes. Security is a process, not an end state. It is a behavioral change we must all embody. Being proactive and aware In securing your information,

passwords are a first line of defense. Do not write them, do not reuse them, do not share them. Make them strong, but not too complex for you to remember by using the password triad - SNL: symbol, number, and mixed case letters. Create a passphrase and switch characters with symbols based on a pattern you like and remember. Use a password manager to manage all your passwords and use dual authenticators where possible.

Connecting safely Keeping your connections secure is another vital element of cybersecurity. Take preventative measures such as turning off Bluetooth and Wi-Fi when not in use and keep your device in your possession all the time. Though public WiFi can seem convenient, do not connect to public networks without a VPN (Virtual Private Network) and do not download anything without proper research. Protect your devices with passwords, apply patches and updates regularly, and remember to periodically back up data. n Manisha Kanodia, Information Systems Manager, University of California, San Diego

Broader Context is Crucial for Effective Endpoint Protection Laptops, mobile devices, and cloud services have all eroded the concept of the traditional network perimeter. And the sudden shift to most or all employees working remotely from home in response to the COVID-19 pandemic has devastated what was left. When users can connect from virtually anywhere, the endpoint itself is the one thing that stands between an organization and a compromise. Endpoint detection and response (EDR) has emerged as the standard for endpoint protection. EDR recognizes that prevention measures do not work 100 percent of the time and shifts the focus from just trying to block threats to monitoring activity on the endpoint to detect suspicious or malicious activity and provide relevant information to help thwart and respond to a successful attack. It is an evolution from traditional anti-malware solutions, and it is a step in the right direction, but it can result in false positives that distract and waste limited security resources, and it is ineffective against multi-vector attacks. You must leverage security vectors beyond detecting malware to truly protect endpoints. Having an inventory of all endpoints connecting to the organization’s network, along with information on installed software such as version numbers, authorization status, and end-of-life status, as well as a view of running processes and network traffic to see any malicious activity, is vital. Organizations need EDR that sees beyond the endpoint itself to gain vital perspective. This has been paid for by Qualys. Sumedh Thakar, President and Chief Product Officer, Qualys

MEDIAPLANET

Can Artificial Intelligence Save Your Data?

Robert Herjavec of “Shark Tank” and founder and CEO of global cybersecurity firm Herjavec Group, explains what the future has in store for your data. In an era of major customer data breaches, how can artificial intelligence (AI) help to predict, protect, and prevent more effectively than past technologies? The foundation of AI is logs. You have to have an input. Being able to leverage big data analytics is great, but AI is an avenue that works hand-inhand with traditional and current technologies to drive insight and alter behavior. Many past technologies leverage signature-based detections, which are easy for adversaries to change. AI and behavioral-based technologies focus on the patterns of attack,

READ MORE AT FUTUREOFBUSINESSANDTECH.COM

which are much harder to constantly change. By focusing on behavior, AI can leverage data features to determine answers to questions such as what might happen next or what the best corrective action is for the current situation.

defenders will need tools to match that. AI is one answer to that challenge as we grow past signature-based detection.

What is the biggest myth behind AI cybersecurity you’d like to debunk?

It’s hard to say what the next generation of cyber threats will look like. The real question may be, who will be targeted? Industries that have a major influence on our economy and society, such as healthcare and manufacturing, and even government systems themselves, will be targets. But cybercriminals are evolving just as much as security professionals. They’re using tools like AI, machine learning, technologies, algorithms, you name it, and defense mechanisms are finding it difficult to keep up. n

The biggest myth is that AI can make sense of any data, because there has to be quality data in order for the algorithms to work correctly. AI won’t be able to solve our cybersecurity problems completely. All these advancements in AI and machine learning are not supposed to replace traditional security measures and cyber hygiene; they’re supposed to enhance what’s currently in place. As attacks become more automated and sophisticated,

What role will AI play in defending against the next generation of cyber threats?

PHOTO: LESLEY BRYCE

The Uncanny Similarities Between the COVID-19 Response and Cybersecurity The expert advice, and the resistance to it, about stemming the tide of COVID-19 infections bears remarkable resemblance to the expert warnings about cybersecurity.

here were plenty of data-backed warning signs that it was only a matter of time before a pandemic like COVID-19 would occur, and that it could result in catastrophic loss of life as well as sustained economic damage. Still, many outside the epidemiology field adopted a “can’t happen here” mentality. The rapid global spread within just a few months showed us the error in that type of thinking. The threat was obvious, and yet somehow overlooked to a great degree. Similarly, cybersecurity professionals across the public and private sectors consistently warn that the next mega data breach or compromise of critical infrastructure is a case of when, not if, and that the risk of financial loss or public safety at micro, macro,

and even global levels could be immense. But because security is often viewed as a deterrent to efficiency and profitability, many of those warnings go unheeded. There are numerous parallels to be drawn between the virus response and our ongoing challenges with cybersecurity vigilance. We all know what we’re supposed to do to avoid contracting the virus. Wear a mask, social distance, avoid large crowds and events, wash hands thoroughly, don’t shake hands, and report symptoms and seek medical testing if you suspect you’ve been infected. Similarly, to prevent cybersecurity breaches, we constantly advise people to employ tools like firewalls, VPNs and antivirus software, update and patch software regularly, avoid visiting unsecured websites and connecting

to public WiFi networks, be wary of clicking on links in emails from untrusted sources, and notify your organization’s security team if you suspect you’ve been infected. We do all of these things not only to protect ourselves, but to ensure the safety and security of those around us as well. And just as the cybersecurity landscape changes and new threat vectors emerge and mutate, scientists and medical professionals are still learning more about how COVID-19 behaves and how immunity is built, and the guidance they provide will evolve over time. Whether you’re dealing with a pandemic or global cybersecurity, one fundamental truth is the same. We need to listen to the experts and adapt in order to stem the tide. n

Keeping on Top of Cybersecurity from Home Working from home introduces more cybersecurity threats than normal, but there are steps employers can take to guard against hackers and online criminal attacks. Recently, cybercriminals have upped their game and are pushing hard to fool employers with new methods to divulge private information, so managing Information Security (InfoSec) programs are becoming less effective while so many of us are working remotely.  According to security watchdogs, cyberthreats like botnets and ransomware are on the rise again. New and improved variants are popping up with new approaches to spread their payloads. Some of the most aggressive cyberattacks come through employee propagating activities, such as clicking on infected links, downloading unusual attachments, and other unsecured approaches. With improper or ineffective defenses, these methods can be quietly deployed. Once a cyberattack is successful and the botnet is deployed, it can sit idle while quietly gathering information to later harm your network, company finances, or encrypting data for a ransom. Therefore, when working from home, it is critical to maintain a reasonable level of security behavior. Remote work raises additional security concerns as employees are no longer inside a secured company network. Here are Keep IT Simple’s best practices securing your remote workforce from cyber-attacks: • Reset and strengthen home WiFi passwords • Enable two-factor authentication and use a password management tool • Update devices with the latest OS and security patches • Connect to the company-provided VPN • Be cautious when clicking on links • Remind employees they are the last line of defense for security, to keep alert, and notify your company IT team of any suspicious activities Craig Miller, Director of Infrastructure & Security Practice, Keep IT Simple

David Shearer, CEO, (ISC)2 MEDIAPLANET

Preparation Is Always Key When It Comes to Flooding

The American Red Crossâ&#x20AC;&#x2122; Tips for Emergency Preparedness at Home

Flood protection pro Matthew Wennerholm, VP of AquaDam Inc, explains how to fully prepare your home in case of a flood and why you need to do it now. Why is it important to always be prepared in case of a flood? Even six inches of flood water intrusion over a 24-hour period is enough to require almost total renovation of the damaged structure. Beyond mold, the physical effects of wave action can cause splintering, cracking, and other damage to wooden components of the structure. What is one innovation that can help mitigate the effects of a flood? Instead of spending money recovering from the flood, many people are finding it to be more cost-effective to use proactive flood control measures, such as the deployment of a temporary perimeter flood barrier, like the AquaDam, to isolate the area to be protected. What advice do you have for those who live in areas prone to flooding? Determine the elevation of the ground your structure is built upon to determine your level of risk from flooding. Prepare a flood control game plan based on controlling a pre-determined depth of flood water. This has been paid for by AquaDam.

Disasters such as hurricanes, wildfires, and home fires can strike with little warning, making now the perfect time for you and your household members to prepare for emergencies.

isasters happen every day, even in this COVID-19 environment, and being prepared for a disaster or home emergency helps you recover more quickly. Being prepared may not prevent a disaster, but it will give you confidence to meet the challenge. The Red Cross recommends the following simple steps to prepare for emergencies and help protect yourself from COVID-19. Step 1: Be informed Familiarize yourself with the hazards that are likely to occur in your community. Visit the Red Cross and local emergency management websites to learn specific actions to take before, during, and after these events.

READ MORE AT FUTUREOFBUSINESSANDTECH.COM

This will help you keep you and your household safe and strengthen your ability to adapt to the situation. Learn CPR and first aid skills in case help is delayed. Share what you have learned with your family and friends and encourage them to get ready. Step 2: Make a plan Discuss with your family and household members how to prepare and respond to the types of emergencies that are most likely to happen where you live, learn, work, and play. It is helpful to identify responsibilities for each member of your household and practice working together as a team. Plan what you will do before, during, and after each type of

disaster, should authorities advise. Plan now if you will need help evacuating. Step 3: Get a kit Being prepared also means being equipped with the supplies you may need in the event of an emergency. An emergency kit is essential to have at home. You can build your kit at home by compiling items like non-perishable foods, water, important documents, and power chargers. For a stay-at-home kit, we recommend including everything you need for at least two weeks, such as food, water, personal hygiene items, and a one-month supply of prescription medication n Trevor Riggen, Senior Vice President of Disaster Services, American Red Cross

Wildfires Near & Far Can Affect the Air You Breathe

Even far away wildfires can create unsafe air quality, but there are resources available to mitigate risk and harm to you and your family. Distance from a wildfire does not always guarantee safety. Depending on weather patterns, those small, potentially hazardous contaminants from burned homes, buildings, vehicles, and plant life can travel long distances and find their way into your home or business — even when windows and doors remain shut. During the COVID-19 pandemic, many of us are spending

an increasing amount of time in our homes. We want the air in our homes to be healthy, but if you live within several hundred miles of a wildfire burn zone, there still can be a degree of uncertainty, particularly when smoke or fire odor is present. Don’t let that uncertainty impact the health of you and your family. AIHA, the association for professionals committed to ensuring occupational and environmental health and safety (OEHS) in the workplace and community, has developed resources and guidance to protect yourself and your loved

ones before, during, and after a fire has occurred. You can find these resources at www. ThinkActFireSmart.org. You will also find tips, videos, and additional vital resources for staying healthy and safe during and after a wildfire event. After the fire, remediation and restoration needs can be complex, and must be addressed under difficult and trying circumstances. OEHS professionals are experts not only at addressing indoor air quality, but also are available to assist in assessing hazards and determining the steps necessary to re-occupy both homes and businesses after a wildfire. The website also contains the latest technical information and resources for first responders and remediators involved in wildfire restoration. Don’t go it alone. If you have questions or concerns about the impact of wildfires on indoor air quality, or how to begin restoration for your home or business, you can locate and speak with an OEHS professional in your area. n Lindsay Cook CIH, CSP, FAIHA, President, AIHA Board of Directors

If You’re Not Worried About Burst Pipes, You Should Be Though water damage is the second leading homeowner’s insurance claim, many forget to protect their homes against leaks. Larry Waxman of LeakSmart explains why automatic leak protection can help. What is the benefit of automating leak detection? In the event of a water leak at any major appliance in the home or even within the wall, a leak can be detected and trigger the water main to automatically shut-off the water to stop the water flow. Whether the leak is a pipe burst, open faucet, or faulty appliance, automatic leak detection will prevent this from flooding the home, without the need for the homeowner to be home or manually locate and shut-off the water. How does early leak detection prevent damage to the home? One burst pipe can unleash as much as 15 to 20 gallons of water per minute into the home. The amount of water and damage in the home is unbearable. With automatic early leak detection, this can be avoided, and the damage mitigated. What is one piece of advice you would give a new homeowner concerned about leakage and water damage? Homeowners today protect their home from fire and theft, but often water protection is forgotten about. When really water damage is more likely to occur than theft and is the second leading homeowner insurance claim. This has been paid for by LeakSmart.

MEDIAPLANET

Looking Out for First Responders

PHOTO: COURTESY OF THE GARY SINISE FOUNDATION

Actor and humanitarian Gary Sinise talks about how his foundation is helping first responders and frontline healthcare workers through its First Responders Outreach initiative.

What was your motivation behind starting the Gary Sinise Foundation? It was a series of things, starting with the veterans in my own family. I’ve been involved with supporting our military veterans going back almost 40 years starting in the early ‘80s when we began hosting a free Vets Night at the Steppenwolf Theatre in Chicago. In the ‘90s after playing Lt. Dan in Forrest Gump I began supporting our wounded and disabled veterans. But it was after September 11th that I became much more active for our defenders and the families who sacrifice alongside them. That call to service, which I talk about in my book “Grateful American: A Journey From Self To Service,” has remained a priority for me. My personal mission 16

is what led to the founding of the Gary Sinise Foundation in 2011, and through the generous support of the American people we continue to expand our outreach to help our nation’s defenders, veterans, first responders, their loved ones, and those in need — most recently expanding our efforts to our healthcare workers in the fight against COVID-19. The Gary Sinise Foundation is a well-established nonprofit organization that has just entered its tenth year. What are some ways in which disaster preparedness has shaped your organization? Through our First Responders Outreach program we’re addressing the needs of Fire Departments, Police, and EMTs nationwide. We want them

READ MORE AT FUTUREOFBUSINESSANDTECH.COM

to be well equipped to handle any crisis, so whether it’s through relief grants, providing essential lifesaving equipment, or training grants, we want to ensure our defenders can always perform to the best of their abilities before, during, and in the aftermath of a disaster. From the beginning, I wanted to be flexible as a foundation, able to adapt and shift to support the critical needs of those we serve. What was the biggest challenge that your organization faced in the wake of the COVID-19 pandemic? Once the pandemic hit, the Gary Sinise Foundation launched the Emergency COVID-19 Combat Service initiative to identify and address the

immediate needs of those fighting on the front lines against this terrible virus. We quickly set out to make sure our first responders were equipped with personal protective equipment (PPE) and large-scale decontamination gear in order to protect them from the spread of COVID-19. Additionally, we added frontline healthcare workers to our mission and delivered meals, masks, and face shields to hospitals across the country. How has your organization had an impact regarding disaster recovery? The needs following any disaster are ever-changing. Whether it’s the needs of an individual soldier who has been blown up in combat, the aftermath of a brush fire, or the arrival of a pandemic, our job as a foundation is to adapt and meet those needs. For example, Hurricane Harvey devastated the Houston area and many firefighters and police officers lost their homes while out trying to save the homes of their fellow citizens. We provided much needed support to many first responders in the aftermath. What message do you have for first responders and essential workers who are bravely risking their lives for the safety of others? Having spent many years supporting our first responders and visiting military hospitals where nurses and doctors selflessly serve, I have great respect for you and I’m so grateful for everything you do. All of us at the Gary Sinise Foundation, and the many grateful Americans who support our programs, will never forget the sacrifices you and your families have made and continue to make. I salute you! n

Disaster First Responders Are the Same People Lending You That Cup of Sugar In the event of a disaster, the most important element of your emergency kit is really your relationship with your community. Most Americans think disaster preparedness means disaster kits, insurance, or reinforcing homes. These all provide value for navigating a disaster, but I’d argue the most important thing to do before a disaster is to get to know your neighbors. It’s the neighbors who will save you. Identifying risks Knowing what hazards exist in your community sets the stage to being prepared. In New York City, hazards are likely to be hurricanes or Noreasters; in Houston, hurricanes and flooding are wellknown hazards; and in California, it’s wildfires

and earthquakes. Knowing this will help you prepare, whether that’s having supplies to secure your dwelling or investing in insurance. Planning is also essential. A disaster kit is incredibly helpful, but stocking up on essentials isn’t always feasible. So at the very least, you must make a plan for how you’ll navigate during a disaster by asking what you and the people you care about need to survive. Invest in your neighbors In actuality, the best means of preparing for a future disaster lies in social capital. Social capital is about building wealth in relationships. It means getting to know your neighbors and community — perhaps through an app, a community group, or by going door-to-door while prac-

ticing physical distancing. You can engage with your community by doing something as simple as offering to pick up extra bottled water for a neighbor before a storm or doing a check-in after it is over. Meet your first responders In the event of a disaster, the first responders aren’t typically Urban Search and Rescue, but the neighbors. It’s the neighbors we saw rescuing people from roofs in Houston during flooding — the Cajun Navy was first on the scene after Katrina. Knowing who those neighbors are, and having access to them, is the greatest indicator that you could make it through a disaster. n This has been paid for by Team Rubicon. Corey Eide, Senior Director of Capabilities Development, Team Rubicon

DONATE TODAY TeamRubiconUSA.org/USAToday #BuiltToServe

MEDIAPLANET

The School Safety Efforts That Are Critical to Prevent School Shootings While school shootings in the United States have been steadily increasing over the decades, schools are responding with more widespread and comprehensive safety and preventative efforts.

rom 1970 to the present day, there have been over 1,360 K-12 school shootings in the United States. School shootings incidences have been rising steadily. There were 19 school shootings in 1970; 25 in 1983; 42 in 1993; 59 in 2006 and 97 in 2018. Some of the most high-profile cases include the 1999 shooting at Columbine High School in Littleton, Colorado where two students killed 13 people and injured 20 others; the 2012 shooting at Sandy Hook Elementary School in Newtown, Connecticut where a shooter killed 20 first graders and six school employees; and the February 2018 shooting at Marjory Stoneman Douglas High School in Parkland, Florida where a student shot and killed 17 students and faculty. Now is the time to take preventive action to stop further damage. Tracking incidents According to the National Safety Council, the leading U.S. nonprofit safety advocate, which focuses on eliminating the leading causes of preventable injuries and deaths, the odds of being killed by a gun assault is 1 in 298. The Center for Homeland Defense and Security has a K-12 School Shooting Database where they track 18

all instances where a gun is brandished or fired, or where a bullet hits school property for any reason. The database shows school shooting incidents have happened in every state and region in the United States.

drilled on evacuation procedures; and 76 percent had drilled on shelter-in-place procedures. These days, many schools have full or part time school resource officers, in addition to school counselors and staff that are trained Having a plan in safety and violence It’s critical for eduprevention. cators to prepare and Schools are also In 2015-2016, have a plan in the using technology to 95 percent event a school shootprepare for the worst. of schools ing occurs. A U.S. Those safety measures reported drilling Department of Eduinclude installing students on cation report shows security cameras and lockdown more schools are using facial recogprocedures. prepared now than nition, adding high a decade ago. While security classroom 79 percent of schools doors, installing shot had a plan in place in detection systems, 2003-2004, 92 percent panic buttons, and in 2015-2016 reported having a plan. more. The school security market In 2015-2016, 95 percent of schools is poised to be a $2.8 billion a year reported drilling students on lockindustry by 2021. down procedures; 92 percent had

READ MORE AT FUTUREOFBUSINESSANDTECH.COM

Actionable steps In a 2018 report, “Protecting America’s Schools: A U.S. Secret Service Analysis of Targeted School Violence,” the Secret Service National Threat Assessment Center outlined eight actionable steps for preventing violence in school. Those actions include: establishing a multidisciplinary threat assessment team of school personnel to manage threat assessments; defining concerning behaviors, such as threats and violent acts, as well as moods and depression; establishing and proving training for a central reporting system; determining a law enforcement intervention threshold; establishing threat assessment procedures such as maintaining documentation and conducting interviews; developing risk management options after a complete assessment; creating and promoting a safe school climate that’s built on respect, trust, and safety; and providing training for all stakeholders, such as school personnel, students, parents, and law enforcement. This multidisciplinary approach, combined with safety tools and technology, may help students and staff have more secure experiences in the classroom and on campus. n Kristen Castillo MEDIAPLANET

Enhanced visibility. Enhanced student safety. On and Off Campus Monitoring for Schools and Districts Gain full online visibility, no matter where learning happens. Monitor and track all devices and gain full transparency on student online activity.

Student Mental Health Safety Checks Identify thoughts of self harm or violence towards others and keep students safe. Monitor all activity including search, email, text, and google docs and receive real-time alerts when a student is at risk.

Parent Access to Online Activity Empower parents and guardians to montior and control student online activity. Parents can log in anytime to view and control student online activity and ensure students stay focused on learning. Automated weekly reports help parents stay informed.

Learn more 877-447-6244 sales@lightspeedsystems.com www.lightspeedsystems.com