CYBERSECURITY
CHUCK BROOKS
LINDA RESTREPO
Cybersecurity, AI Emerging Technologies
Cybersecurity, AI Computer Technologies
PROFESSIONAL
GLOBAL
OUTREACH
TABLE OF CONTENTS LINDA RESTREPO Surveillance Programs Population Control
CHUCK BROOKS More Alarming Cybersecurity Stats
PROFESSIONAL
GLOBAL
OUTREACH
L I N D A
R E S T R E P O
Surveillance Programs Population Control If you’re looking for a happy ending, this story doesn’t end well for all involved. Ransomware is a growing threat to global economic development and the health and safety of Americans as well as their allies. There is no shortage of ransomeware’s destructive wide-ranging effects. Some of the most vulnerable devices include laptops, computers, smartphones and tablets.
o p e r t s e R a by Li nd
L I N D A
R E S T R E P O
Sleep peacefully knowing that someone you don’t know is collecting your personal and financial information. While you and half the world sleep, the other half is rising at sunrise on social media. Data literally never sleeps - every second of every day someone is collecting personal data on you. You will never win, the odds are INCREDIBLY against you.
L I N D A
R E S T R E P O
"Let me make it absolutely clear for the avoidance of any doubt. It does not matter if you are the Department of Transportation, IKEA, SunWater, GoDaddy, or the FBI, cybercriminals will find your suboptimal, insecure websites and servers and exploit them..." Andy Jenkinson, Group CEO CIP Member of the International Advisory Council Human Health Education and Research Foundation
L I N D A
Malicious hackers, tech giants, internet companies, and advertisers lurk around every corner, hiding on the internet, slipping through back doors in order to get information that doesn’t belong to them. Their profits have more value than your privacy. With the outbreak of COVID-19, the Delta Variant and now
R E S T R E P O
Omicron, the technology and data of the digital world we live in has been augmented exponentially Internet connectivity has increased and varied in form in recent years expanding from personal computers and mobile phones to everyday objects such as home appliances, “smart” speakers, vehicles, and other internet-connected devices.
L I N D A
R E S T R E P O
Most people in the U.S. believe someone, somewhere is collecting their data, watching them. Having our personal data collected has become a norm for us - we accept it - with little if any protest or objection. The Pew Research Center states that “6 out of ten Americans believe it is not possible to go through daily life without having data collected about them by companies or the government.
80%
Eight-in-ten of Americans say they are asked to agree to the terms and conditions of a company’s privacy policy ...
L I N D A
R E S T R E P O
62% of U.S. adults who say . . . It is not possible to go through daily life without COMPANIES collecting data about them. 63% of U.S. adults who say . . . It is not possible to go through daily life without GOVERNMENT collecting data about them.
PEW RESEARCH CENTER
62%
63%
L I N D A
A basic concept of individual privacy rights is notice and consent. You should be informed as to how your personal information will be processed and shared and organizations proceed only when an individual agrees to such use. The organization’s privacy notice or terms of service is often presented as a take it or leave it threshold requirement to access a website, web service, or application.
R E S T R E P O
The concept of notice and consent is an oxymoron when presented as a take it or leave it requirement, in legal jargon that you don't understand in order for you to gain vital access to technology and data of the digital world. In fact leaves us with no choice at all. We live in an age of readily available, easy to abuse and difficult to detect digital surveillance.
L I N D A
R E S T R E P O
The extent in which this is happening is often shrouded in secrecy. Governments, private companies and bad actors are close collaborators in the market for digital surveillance tools. Not so different from dating sites, they meet at global and regional trade shows to sell and purchase digital surveillance technology complete with “after sales support”. Recent highprofile data breaches have brought into focus the lack of
protection, privacy and due diligence many Corporations exhibit toward the privacy of their customers and individuals. Facebook had a series of disasters, including a massive data breach and multiple class action lawsuits. Intentional intrusions into both government and private computer networks has exposed information of millions of Americans to unknown and unwanted recipients.
L I N D A
They have gained surreptitious access to digital communications, work product, browsing data, research, location history and online and offline activities of individuals. Effective hacking directly into mobile devices is not a novel concept, as far back as 2015 numerous persons to include United Nations investigators, politicians, journalists reporting on corruption in
R E S T R E P O
Mexico received text messages and data from “alleged” legitimate sources with specific data on targets. The links infected their devices with Pegasus software. NSO Group Technologies is an Israeli technology firm whose spyware called Pegasus enables the remote surveillance of smartphones.
L I N D A
R E S T R E P O
Citizen Lab has identified Pegasus software being used as a surveillance tool targeting individuals in 45 countries, including Bahrain, Saudi Arabia, Togo, Great Britain, Northern Ireland and the United States.
L I N D A
Just by virtue of being "on" a mobile device reveals its location in multiple ways on the basic signaling pathways of the global telephone network. The data can cross U.S. territory, to foreign-registered phones. Cell towers track where your phone is at any moment; so can the GPS features in some smartphones. We have to stop calling them cellphones - they are trackers - and they are tracking you!
R E S T R E P O
The surveillance and privacy implications are simple: If someone knows where you are, they probably know what you are doing. The U.S. Court of Appeals for the District of Columbia Circuit, verified that GPS data can reveal whether a person “is a weekly church goer, a heavy drinker, a regular at the gym, an unfaithful husband, an outpatient receiving medical treatment,
L I N D A
R E S T R E P O
an associate of particular individuals or political groups — and not just one such fact about a person, but all such facts.” Technology driven Social engineering lures the unsuspecting to unwittingly download malware onto their devices. This can include emails and WhatsApp messages as examples.
L I N D A
R E S T R E P O
Least you think your feelings, emotions and intentions are exempt from widespread surveillance and hackers - think again. Artificial Intelligence enters the fray. The utilization of Artificial Intelligence has grown rapidly in many countries to include global powers such as the U.S. and China. Artificial Intelligence software is designed to think like humans, act like humans, as well as to think and act rationally.
Least you think your feelings, emotions and intentions are exempt from widespread surveillance and hackers - think again. Artificial Intelligence enters the fray. The utilization of Artificial Intelligence has grown rapidly in many countries to include global powers such as the U.S. and China. Artificial Intelligence software is designed to think like humans, act like humans, as well as to think and act
L I N D A
R E S T R E P O
Cybersecurity is a daunting task in a nightmare world; as we move forward into the unknown with vulnerable systems (especially legacy)inadequate knowledge and planning.
But paying ransoms is not illegal.
We chase rabbits down the rabbit hole with traditional defenses, while threat actors and "We have lost control criminal forums continue of our lives" to take advantage of our " vulnerabilities to exploit Linda Restrepo us. Many Corporations not wanting to play Russian Roulette, are paying ransoms in secret.
C H U C K
B R O O K S
MORE Alarming Cybersecurity Stats for 2021 Earlier this year I wrote a FORBES article called “Alarming Cybersecurity Stats: What You Need To Know For 2021.” (forbes.com) It included an assortment of stats on the increase in threats to our digital wellness as companies, governments, and consumers. The article was based on the backdrop of a spate of high-profile cyberattacks such as Solar
s k o o r B k by Chuc
C H U C K
B R O O K S
Winds, and Colonial Pipeline and had painted a dire assessment of the 2021 first half status of the cyber-threat ecosystem. Now we have reached the second half of 2021. Just when we thought it could not get much worse from a cybersecurity stat perspective, it did. Let us start with a positive stat, it appears that in the U.S. most are finally waking up to the cyberthreats. Awareness is an important step! A poll by The Pearson Institute and The
C H U C K
B R O O K S
Associated Press-NORC Center for Public Affairs Research shows that “about 9 in 10 Americans are at least somewhat concerned — about hacking that involves their personal information, financial institutions, government agencies or certain utilities. About two-thirds say they are very or extremely concerned.” A significant reason while cybercrime and breaches are rising is that most people just view at as someone else’s problem. Securing our digital
identities and data is everyone’s problem and it is a global one. Cyberattacks concerning to most in US: Pearson/AP-NORC poll (techxplore.com)
The Number of Data Breaches In 2021 Have Soared Past That Of 2020 More bad news in 2021, according to the Identity Theft Resource Center (ITRC). The number of data breaches publicly reported so far this year has already exceeded the total for 2020, putting
C H U C K
2021 on track for a record year. Eva Velasquez, President and CEO of the ITRC, said 2021 is just 238 breaches away from tying the record for a single year. “It’s also interesting to note that the 1,111 data breaches that the amount and quality of data being exfiltrated by hackers from cyberattacks so far, this year exceeds the total number of data compromises from all causes in 2020.” For me, the take-away is not the number. They are becoming more systematic in their targeting.
B R O O K S
Breach Volumes for 2021 Already Exceed 2020 Total - Infosecurity Magazine (infosecuritymagazine.com) Ransomware, Here, There, Everywhere And More Of It! The firm Cybersecurity Ventures estimates that Ransomware Costs are Expected to Reach $265 Billion by 2031. The Cybersecurity Ventures analysis predicts that there will be a new attack every 2 seconds as ransomware perpetrators progressively refine their malware payloads and related extortion activities.
C H U C K
B R O O K S
Global Ransomware Damage amounting to $590 million. Costs Predicted To Exceed $265 Billion By The H1 2021 figure 2031 (cybersecurityexceeds the value ventures.com) reported for the entirety of 2020, A FinCEN Report: The which was $416 report’s conclusion million, showing an unequivocally points to uptick in ransomware a ramp-up in ransomwareactivity. related activities The average amount throughout 2021: of reported ransomware Financial transactions per institutions filed month in 2021 was 635 SARs in the first $102.3 million. half of 2021 related Based on SARs data, to suspected FinCEN said it ransomware activity. identified 68 The SARs referenced different ransomware 458 suspicious variants active in transactions H1 2021.
C H U C K
B R O O K S
The most commonly reported variants in H1 2021 were REvil/Sodinokibi, Conti, DarkSide, Avaddon, and Phobos. Financial Trend Analysis (fincen.gov) The financial crimes investigation unit of the U.S. Treasury Department, also known as FinCEN, said today it identified approximately $5.2 billion in outgoing Bitcoin transactions potentially tied to ransomware payments.
C H U C K
According to a report from Palo Alto Networks’ Unit 42 security consulting group, the average ransomware payment climbed 82% to a record $570,000 in the first half of 2021 from $312,000 in 2020. Ransomware criminals' demands rise as aggressive tactics pay off | Fox Business The Supply Chain, A Weak Link For Hackers To Exploit A new study by cybersecurity company BlueVoyant shows that the supply chain is a magnet for cyber beaches.
B R O O K S
“A whopping 97% of firms have been impacted by a cybersecurity breach in their supply chain, and 93% admitted that they have suffered a direct cybersecurity breach because of weaknesses in their supply chain.“ Supply chain cybersecurity breaches have hit alarming percentage of firms: survey | Fox Business Supply chain attacks rose by 42% in the first quarter of 2021 in the U.S. impacting up to seven million people, according to research.
C H U C K
Analysis of publiclyreported data breaches in quarter one by the Identity Theft Resource Center (ITRC) found 137 organizations reported being hit by supply chain cyberattacks at 27 different third-party vendors.” 'Troubling' rise in supply chain cyber-attacks Supply Management (cips.org) "Supply chain issues are being formally adapted into security strategy by
B R O O K S
the federal government. On May 15, 2019, the White House Presidential Executive order was issued to help secure the supply chain (both public and commercial) poses an undue risk of sabotage to or subversion of the design, integrity, manufacturing, production,distribution , installation,operation, or maintenance of information and communications technology or services in the United States.”
C H U C K
B R O O K S
The Supply Chain, A Weak Link For Hackers To Exploit
The remedy to fixig supply chain vulnerabilities is heightening government and industry collaboration highlighted in the policy initiatives, such as NIST, and in task forces on supply chain security established by the Executive Branch. More precisely, it requires enacting a risk management process that identifies vulnerable systems (especially legacy) and gains visibility into all the elements of the supply chain.”
IOT as a Prime Target For Breaches Cyber-physical systems (OT/IT) and the integrations of millions of devices in our lives has created a IoT cybersecurity challenge for people, business, and governments. As IoT devices store, transmit and process so much essential data every day, they serve as the perfect target for cyber criminals. According to an article published by Cyber Magazine, IoT devices suffer an average of 5,200 cyber-attacks every month." Cyber Threats Haunting IoT
Devices in 2021 Kratikal Blogs Each IoT device represents an attack surface that can be an avenue into your data for hackers. A Comcast report found that the average households is hit with 104 threats every month.The most vulnerable devices include laptops, computers, smartphones and tablets, networked cameras and storage devices, and streaming video devices, a new report found. Cybersecurity report: Average household hit with 104 threats each month - TechRepublic
“Using a comprehensive risk management approach to understand and mitigate the threats of the Internet of Things can be of major help to that regard in helping mitigating security gaps. Being more cybersecurity ready should be a priority pursuit for everyone connected.” Cybersecurity Threats: The Daunting Challenge Of Securing The Internet Of Things (forbes.com)
Cyber Risks & Risk Management Cybersecurity is all about risk management. The Cyber Risk list below compiled by Fortinet speaks volumes: Cyber RisksIDC predicts there will be 55.7 billion connected devices by 2025, of which 75% will be connected to the IoT. IDC also estimates that IoT devices will generate 73.1 zettabytes of data by 2025, up from just 18.3 zettabytes in 2019.
Cisco data estimates that distributed denialof-service (DDoS) attacks will grow to 15.4 million by 2023, more than double the 7.9 million in 2018. DDoS attacks became more prevalent in 2020, with the NETSCOUT Threat Intelligence report seeing 4.83 million attacks in the first half of the year. That equates to 26,000 attacks per day and 18 per minute.
C H U C K
More than fourfifths of data breaches in 2020 (86%) were financially motivated, according to Verizon’s 2020 Data Breach Investigations Report (DBIR). Security threats against industrial control systems (ICS) and operational technology (OT) more than tripled in 2020, according to Dragos Inc.’s Year in Review report.
B R O O K S
McKinsey insight finds 70% of security executives believe their budget will decrease in 2021, which will limit and reduce their spending on compliance, governance, and risk tools. Organizations must defend their networks, systems, and users against several major cybersecurity threats. For example, Verizon’s 2020 DBIR found that
C H U C K
B R O O K S
70% of breaches were caused by outsiders, 45% involved hacking, 86% were financially motivated, 17% involved some form of malware, and 22% featured phishing or social engineering. Top Cybersecurity Statistics, Facts, and Figures for 2021 (fortinet.com) My infographic below can be used as a guiding tool to help plan strategies to help manage cyber-risk. A successful cyber risk strategy requires stepping up assessing situational awareness, information sharing, and especially resilience.
C H U C K
B R O O K S
In 2021, the connectivity of cyber devices grew exponentially and so have the cyber intrusions and threats from malware and hackers. The year is not over and already more data has been breached that ever before. Let us hope that that cyber-attack stats for 2022 may less prolific and costly.
#
A B O U T
T H E
A U T H O R S
Chuck Brooks
Chuck Brooks, President of Brooks Consulting International, is a globally recognized thought leader and evangelist for Cybersecurity and Emerging Technologies. LinkedIn named Chuck as one of “The Top 5 Tech Experts to Follow on LinkedIn.” Chuck was named as a 2020 top leader and influencer in “Who’s Who in Cybersecurity” by Onalytica.
He was named by Thompson Reuters as a “Top 50 Global Influencer in Risk, Compliance,” and by IFSEC as the “#2 Global Cybersecurity Influencer.” He was named by The Potomac Officers Club and Executive Mosaic and GovCon as at “One of The Top Five Executives to Watch in GovCon Cybersecurity. Chuck is a two-time Presidential appointee who was an original member of the Department of Homeland Security.
A B O U T
T H E
A U T H O R S
LINDA RESTREPO
Director of Education and Innovation Human Health Education and Research Foundation President of a global government and military defense multidisciplinary research and strategic development firm. Corporate Technology Commercialization through the U.S. National Laboratories. Recognized Women in Technology Leader, Cybersecurity and Artificial Intelligence.
Emerging Infectious Diseases, Emergent Technologies Management, Computer Technologies and Operational Planning. Restrepo is also the Chief Executive Officer of Professional Global Outreach.
DISCLAIMER This Presentation is designed to provide information, entertainment and motivation to our readers. It does not render any type of political, cybersecurity, computer programming, defense strategy, legal or any other type of professional advice. The content of this Presentation is the sole expression and opinion of the authors. No warranties or guarantees are expressed or implied by the authors. The authors are not liable for any physical, psychological, emotional, financial, or commercial damages, including, but not limited to, special, incidental, consequential or other damages. You are responsible for your own choices, actions, and results.