Up Times
by Bryley · February 2024
There’s a psychological barrier standing in the way of us thinking about and protecting our digital assets the way we do our physical assets. For an everyday example, it’s well-established we spend more when we don’t use paper bills.
What time is it when your bank sets up a card table in the parking lot to sell duplicates of its customers’ ATM cards with the PINs for $100 each? Time to find a new bank, right?
Data breaches happen regularly, some revealing bank account access (stolen bank account records on the dark web sell for about $100 each1).
When it comes to digital assets there’s a tendency to have much looser standards than we would apply to protecting a physical asset like a bank card. This sensibility can leave an organization needlessly exposed.
In this edition of Up Times, learn the latest from the National Institute of Standards and Technology (NIST) about strengthening password practices – there may be a couple of surprises, like the advice to not periodically reset passwords. Also we present what you can expect if you decide to adopt the security of a Zero-Trust network. And see the Scam Interceptors video for a safe peek behind the scenes of a criminal operation, and for some justice besides.
We hope you, too, find the information about staying safe in the digital world useful and let us know how we can be of any further help.
1 https://www.insurancebusinessmag.com/us/news/breaking-news/revealed–how-much-is-personal-information-worth-on-the-dark-web-444453.aspx
Are we there yet?
There is no doubt that over time, people are going to rely less and less on passwords
–Bill Gates, 2004
A 2023 study found that 64% of people surveyed are not confident they are managing their passwords well. Most discouraging in the new survey was the report that of those born after 1990 only 20% use unique and strong passwords. These stats bring also a feeling of futility: ‘so many data exposures – what does it matter?’ ‘there is no privacy anymore – whatever.’
I don’t share the opinion that we should throw in the towel, though who can’t sympathize with the sentiment? But Bryley sees time and again that, in fact, compromised passwords matter to an organization’s security. As an example of the severity of the problem, Google Cloud reported in October that 54% of breaches “are resulting from common and well-known threat actor attack techniques, such as obtaining and using stolen credentials …” [4 min. read]
Question Everything
A set of policies … would have identified, I believe, a pattern of activity here …
–Navy CTO Don Yeske
The US military is in the process of moving to a Zero Trust networking framework. But before they began that process in November, a Cape Cod-stationed National Guardsman leaked 350 classified documents over the course of between six and fourteen months before his detection and arrest. And Zero Trust – that enforces stringent policies or rules over permitted network activities – might have stopped the rogue airman sooner (he was serving as an IT admin without need to access those military secrets).
This type of breach is called an insider attack. Insider breaches make up 20% of all breaches. Zero Trust is useful to handle these and many of the other attacks that begin outside an organization’s network … [5 min. read]
Business Continuity Mixtape – Bryley-curated stories from around the internet:
Half Use Insecure Passwords — Pew Research has updated its online privacy report and among the data, they show that people are split between how easy it is to remember the passwords they choose and using passwords that are more secure and random.
This is a good reason to make sure you’re teaching your employees best password practices, and for implementing multi-factor authentication that adds an additional barrier to hackers of poorly-chosen-passwords accounts … [10 min. read; the password-practices data are on page 2] pewresearch.org
Dream Police — It seems an earlier version of ChatGPT was able to give a general outline and even some exact words that study-subjects were thinking (thanks to 3 Quarks Daily for this story).
I don’t blame researchers for being excited by their breakthroughs. There are wonderful medical applications for a technology that can understand and express human thought. But the tech comes coupled with the worry if research teams and their backers are thinking through – or if they even care about – how to keep such a startling development from getting into the wrong hands.
The loss of mental privacy, this is a fight we have to fight today, said neuroscientist Rafael Yuste. That could be irreversible. If we lose our mental privacy, what else is there to lose? That’s it, we lose the essence of who we are … [15 min. read] undark.com
Apple, Apple, What Can You Be Thinking Of? — Apple made such a stink in its privacy war against Facebook on the iPhone, you might have been led to believe that they really cared. But when push came to shove, Apple is advancing the same kind of tracking to its own benefit that they rewrote iOS in order to keep Facebook from doing.
From Apple’s updated app Developer’s Agreements and Guidelines: Apple is charging a commission on digital purchases initiated within seven days from … link out (i.e., they tap “Continue” on the system disclosure sheet) …
The three small app developers that host the Accidental Tech Podcast take Apple to task for creating a policy that reluctantly grants developers the ability to link to their own websites where they can offer their apps for direct sale, but also adds trackers to the website visitors (the only way to know if the website visitor ends up buying the app in seven days) … [2 hour listen; App Store policy talk starts around 50 min.] atp.fm
Scam Interceptors — This UK TV show reveals how internet scams unfold. The scammers being thwarted in this episode prey on the elderly, but the initial approach and choice of marks is familiar to nearly every business owner, as in, ‘this is Microsoft Tech Support’ or ‘your domain name has expired.’ Scammers look for marks who aren’t fully aware of how things are legitimately done, whether that’s an older consumer or a not-as-tech-savvy businessperson.
It’s worthwhile seeing criminals’ operations, patience, obfuscation and thieving tactics … [44 min. video] bbc.co.uk/programmes/m00164s0 via youtube.com
Forty Percent Fired for Falling for Phishing — In a demonstration of how email crime costs have dramatically risen, many organizations are sacking the employees that click on the dreaded email links used in a variety of phishing attacks.
Bryley advocates training employees regularly and using a layered email defense to try and avoid the financial losses and the whole unpleasant scene … [4 min. read] itpro.com
Note: The Mixtape section is Bryley’s curated list of external stories. Bryley does not take credit for the content of these stories, nor does it endorse or imply an affiliation with the authors or publications in which they appear.
Monthly Help for Your Business’ Continuity
Up Times by Bryley arrives monthly in your email box. It’s a New England-based resource, in continuous publication since 2000.
Subscribe free, below. Unsubscribe any time via the link at the bottom of each newsletter.
And be assured: in more than twenty years, Bryley’s subscriber list has not been shared with any third-party and will not be in the future. Bryley’s Privacy Policy can be found here.
Sign up for our newsletter to have tech news and tips delivered monthly via email
