City of Tampa Information Security Advisory Nov 7 2019

Posted
11/07/19

Information Security Office Logo

Emerging technologies pose threats to cybersecurity

Experts are highlighting new technologies that have been repeatedly exploited by hackers, calling for heightened awareness of today’s vulnerabilities. 

Chances are you’ve heard about “deepfakes” (realistic but phony video clips that could upset markets or even launch wars) and artificial intelligence (hackers are using AI to crack passwords with record speed); here are other developments to take note of:

 

 Quantum computing could easily crack encryption.  Google’s recent announcement that it had built a functioning quantum computer, was a major milestone in the field, but it raised immediate concerns for security watchdogs, who say that quantum computers (which channel aberrant phenomena from quantum physics into computing power) could easily break encryption used in products whose security is seen as airtight, like blockchain or credit card transactions.

 

 5G networks will bring faster speeds, and a host of new vulnerabilities.  5G is beginning to roll out as the next generation of wireless network, promising faster wireless internet with the bandwidth to support more devices.  But security experts say the shift to 5G could give hackers new inroads to target systems that use the network.  For example, the increased speed could make 5G devices more susceptible to denial-of-service attacks, which aim to flood victims’ servers with traffic to overwhelm and shut them down.

 

 As companies outsource high-tech functions to third parties, supply-chain hacks proliferate.  A growing number of recent data breaches came about as the result of supply chain hacks, wherein attackers break into a company’s software that is in turn distributed to clients.  This trend is the result of more organizations outsourcing services to third parties, which widens the range of potential victims for hackers to target.  According to a recent report from cybersecurity firm Aon, the number of targets that are potentially vulnerable to supply chain hacks is growing exponentially.

  

security fyi

Employees Say They Can Spot Phishing – But They’re Wrong
While an overwhelming majority (79%) of people say they can distinguish a phishing message from a genuine one, nearly half (49%) also admit to having clicked on a link from an unknown sender while at work, according to a Webroot survey.  Further, nearly half (48%) of respondents say their personal or financial data has been compromised by a phishing message. However, 35% of those who’ve been breached didn’t take the basic step of changing their password afterward.  Not only is this false confidence potentially harmful to an employee’s personal and financial data, but it also creates risks for companies and their data.

 

Attention Businesses: Consumers Will Make You Pay for Breaches
According to new research from PCI Pal, consumers know they hold the whip when a company they patronize is breached—and they’re not shy about using it.  More than 80% of consumers say they stop spending with a business for several months in the immediate aftermath of a security breach, and 21% say they will never return to a business post-breach. Moreover, 40% of consumers are now uncomfortable reading credit card information over the phone, and 58% are only comfortable sharing information over the phone to companies that have earned their explicit trust.

 

IT Pros Fear Ex-Workers Can Still Access Company Networks
What keeps security and IT professionals awake at night?  The “offboarding” of employees, according to a new study from Ivanti.  Over a quarter (26%) of respondents said it can take more than a week to fully deprovision an employee at their organization—meaning that a no-longer-employed person may enjoy full access to the corporate network. The tech workers surveyed said they fear this slow deprovisioning could lead to leakage of sensitive data (38%); a cybersecurity hack through an unmanaged account (26%); or the risk of malicious data detection/theft (24%).