Juice-jacking — Is this a real security threat?

Juice jacking is ability for cybercriminals to replace legitimate, public USB chargers with devices that have the capability to download data from your phones. Just this month, the Los Angeles District Attorney’s Office warned travelers of the potential dangers of using USB charging ports in public places.

Image by mhoppsy from Pixabay

However, when asked, the DA’s office said they have had no official reports of Juice-jacking taking place in the area. In short, many believe this cyberattack is feasible, but not widespread.

My advice is to use either power packs or plug into an electrical outlet if at all possible. Even though this isn’t widespread to date, caution should still be exercised.

For more information, see Snopes at https://www.snopes.com/fact-check/juice-jacking-real-security-issue/ or How to Geek at: https://www.howtogeek.com/166497/htg-explains-what-is-juice-jacking-and-how-worried-should-you-be/

Solving the cybersecurity skills gap

There is a global cybersecurity skills crisis. The threat continues to grow as there is a shortage of experts to reduce cyber attacks.

Computer Security

One expert believes the field is changing too fast that this issue will not be solved in the classroom. Certifications and other static methods lag behind the latest techniques used by hackers.

The most important skills for a cybersecurity to develop is creativity and curiosity, as well as thinking on one’s feet, skills that are rarely honed while in the classroom. The best learning will be by doing as real attacks are occurring.

With technology, you can commit a crime anywhere — even space

An astronaut on the International Space Station, allegedly accessed her estranged spouse’s bank account without permission. If proven, this would be identity theft.

This shows the far-reaching possibility of cybercrime.

To read more, go to: https://www.scmagazine.com/home/security-news/astronaut-accused-of-identity-theft-accessing-estranged-wifes-bank-account-from-international-space-station/

Technical Disruption – Target Corp

Imagine — the busiest shopping day of the week and all of the systems to checkout customers are shutdown. Imagine you are one of the largest retailers nationwide.

Target Corporations experience an outage on Saturday of all stores nationwide due to a software outage. It seems the software outage was caused by routine maintenance — which obviously failed.

More from the Wall Street Journal at https://www.wsj.com/articles/target-stores-suffer-nationwide-outage-11560627812

Can Encryption be broken?

RSA 2048-bit encryption is the standard. The time to break the code for encryption is currently so long, this is the standard for most systems. All banking, email systems, etc use 2048-bit as the primary encryption method.

Now comes the new computers called quantum computers. The processing times on these systems are a fraction of traditional computers. Experts predict RSA 2048-bit encryption may be broken in 8 hours or less.

Scientists have found a new encryption method which would not be able to be broken, but it is far becoming the standard.

For more on Quantum computers and encryption, see the MIT Technology Review article at: https://www.technologyreview.com/s/613596/how-a-quantum-computer-could-break-2048-bit-rsa-encryption-in-8-hours

Not your Father’s CFO

With the cost of a data breach reaching over $2 million per instance, the C-suite can no longer leave cybersecurity solely to IT. CFOs are becoming more involved with defining strategy for data security with the technology leaders.

Read Jeff Thompson’s, Institute of Management Accountants CEO, article on how financial executives are taking a more proactive role when it comes to data security.

https://www.forbes.com/sites/jeffthomson/2019/04/29/not-your-fathers-cfo-todays-cfos-incorporate-cybersecurity-in-their-risk-portfolio/#165fea3f395d

Would you sell your work password?

According to a recent survey, 20% of employees would sell their work userid and password for less than $100.

This highlights a serious issue in corporate security. How can IT protect the systems, not just from human error, but from intentional misconduct?

To read a summary of the results, go to
http://fortune.com/2016/03/30/passwords-sell-poor-sailpoint/