For Security & Protection Specialists
Whether you’re a seasoned cybersecurity professional or are looking to transition into the industry, it’s hard to know how to grab the attention of hiring managers and ultimately improve your chances of making it to the next stage.
Here are eight top tips from Renana Friedlich-Barsky, Director and Global Head of Cybersecurity Operations at PayPal, a proven leader in this space who’s reviewed more than her fair share of applications over the years.
Especially while many people are still remote, technology has become more and more central to people’s lives, and we are talking about ways that things will or will not return to normal. As we hear about more and more cyber security incidents, each supposedly carried out by ‘sophisticated threat actors with unprecedented capabilities’, it’s time to talk about the mystique of cyber security and the problem it has with public perception.
Planning and considerations to take into account when putting together a quote for providing TSCM services. The ability to accurately quote for a TSCM inspection has many permutations, and each TSCM provider has its own formula for quoting. This article looks at the main criteria you need to take into consideration.
All the techniques of steganography share one core concept, trying to hide a message. When children draw stick figures as secret messages to each other, they are practicing steganography. Modern steganography is usually a lot more malicious. It is used in malware command and control and the exchange of illicit information and material. If you do not know where to look it is frighteningly hard to detect.
Maybe you’re a close protection officer, trying to arrange a safe route through a dangerous location, or a surveillance specialist trying to communicate with others in your team.
Perhaps you just don’t trust the local government. Whatever the situation, it’ll almost certainly be easier to focus on the task at hand if you aren’t worrying about whether your messages were possibly subject to being intercepted.
In this article, I’ll take a look at artificial intelligence, particularly the machine learning area, a basic overview of how it works, and the dangers of over-reliance on an algorithmic approach to analysis.
In the world of protective services, we are often charged with the responsibility of having to manage and reconcile between safety and access for our protectees.
As business owners, employees, independent contractors or just private citizens we too are challenged with the dichotomy of managing our personal and professional lives on social media.
The report showed a growing awareness amongst CSOs about the increasing importance of cyber security, with 54% describing it as a ‘strategic priority.’ But a lack of available talent is preventing many businesses from implementing their cyber security strategies.
It often comes as a surprise just how much is available, and the nefarious uses it can be put to. OSINT can be applied towards defensive purposes, but we will be looking only at malicious purposes. One of the biggest challenges of OSINT is not merely recognising it as a threat, but encouraging the behavioural change needed to protect against it widely enough. It is not enough simply for a principal to stop posting Instagram pictures of their travels in order to hide them – their colleagues, friends, family, and employees also need to be aware of the need to take care with information which could be misused.
Signal uses phone numbers to identify contacts, however encrypted messages and calls use a data connection with a secure tunnel between participants. Intervening servers or infrastructure do not have access to the encryption keys, and so cannot realistically eavesdrop on any communications even if compromised. On Android Signal can be set up to replace your default text message client, and will handle unencrypted SMS messages as well.
Connecting your device to the World Wide Web isn’t an issue when you’re at your place. It’s relatively safe, simple to do, and free of crowded traffic. When you leave the safety of your home to a public area, the story changes. When you connect to public Wi-Fi in different places, making certain you can still connect with people, read online news, and work remotely, are you aware of the risks?
The number of active cybersecurity firms in the UK has increased 44% – up from 846 in 2017 to over 1,200 at year-end 2019. This growth is the equivalent to a new cybersecurity business being set up in the UK every week
The hacking of Mr. Bezos is particularly sensitive because of his ownership of The Washington Post, which had published coverage critical of the kingdom and had retained Jamal Khashoggi
Welcome to a third article in the series looking at introductions to cyber security. We’ll be looking at a type of attack which most people will be familiar with in principle, if not in technical practice.
The basic idea is simple – an attacker sits between two trusting parties, intercepting their communication and impersonating each to the other. Obviously this is somewhat harder in practice where people are, for example, sitting in a room together, but even a phone call gives potential for an eavesdropper or impersonator.
We’ll be looking at a collection of tactics used by attackers to bypass security technology by targeting the weakest link – the human in the chain.
Social engineering is really just an overly technical term for knowing how to persuade people to do something against their best interests or against their better judgment.
The best protection against such SIM swapping methods is simple. Buy a dual SIM phone with a second pay-as-you-go number on a separate provider, which is used only for these authentication purposes. Since nothing is tying the number directly to you, it becomes much more challenging for an attacker to carry out a SIM swap.
When the Data Protection Act 1998 was implemented nearly two decades ago, fewer than 10% of UK households had internet access. The technological world has moved on at an exponential pace since then, and a new law was required to reflect and address the current and foreseeable trends in technology and the use and misuse of personal data by organisations. Massive data breaches seem to be in the news every day now – and it was clear that the security of personal data was not being given a high enough priority.
Although the underlying principle of understanding ‘capability and intention’ and the objective of ‘forewarned is forearmed’ have not dramatically altered overtime, the sheer scale of intelligence available in the Open Source environment means that the greatest risk today is information overload rather than information scarcity.
It is in this context that in order to acquire and analyse asymmetric and potentially outcome-defining intelligence, analysts are required to think more laterally than ever and be able to draw both strategic and tactical conclusions from intelligence which may be independent and accurate as much as it may be deliberately misleading or presented through an emotional prism. SOCial Media INTelligence (SOCMINT) is one such instance of lateral thinking. FINancial INTelligence is another.
Over the course of my career (17+ years), I have heard my fair share of complaints from potential clients indicating that their current surveillance/investigative partner was not achieving the desired results with the budgets provided. The activities and behaviors of people are constantly changing and that forces us as investigators to change our approach and evaluate our practices in order to achieve optimal results.
Cybersecurity is often seen as a niche area which requires a lot of specialist knowledge to apply. This is partly true – in order to configure a web application firewall someone needs to understand how to work with the technology at a very low level. What is often missed, as the technologists take over, is that cyber is still security and the same fundamental principles apply to designing and building effective protections.
Issue 62 – Intelligence Gathering
In the latest edition of the Circuit Magazine, we have a series of informative articles intended to contribute to the reader’s broader understanding of how we can keep our clients protected beyond physical measures. Case studies, investigations, how-to’s and informative insights.
