Cyber Weekly Digest
Each week I will highlight some of the most interesting developments in the cybersecurity space to both enlighten and encourage each of us to maintain our personal cyber hygiene.
Please upvote and follow if you find this information useful. As always, please feel free to share.
(1) Cyberinsurance Tackles the Wildly Unpredictable World of Hacks
The cyberinsurance industry has experienced 30% YOY growth for the past 5 years. This industry is just beginning its parabolic move towards becoming competitive with the likes of motor vehicle insurance, which pays out more than $200 billion annually in premiums just in the U.S.
That is a lot of moolah, and as we’ve covered in these very digests the trend is clearly heading in one direction, for better or worse. However, the companies looking to provide these insurance policies are having a difficulty in assessing pricing and risk; you know, two of the most important variables for an insurance company to understand.
Insurance companies typically rely on historical data sets to define their pricing. They use the recent past to determine what their risk exposure is in the near future; an especially poor business prospect in a market as dynamic as cyber and technology (aka linear thinking in a non-linear world).
As I’ve explained previously, everything is vulnerable in the world of cyber, so is it possible to create an insurance policy that covers virtually everything? Time will tell, but this is an industry I expect to increase in size and assimilate amongst other major insurers.
“If you’re writing policies for personal automobile or personal homeowners insurance you definitely have a lot of really good data. The worst data is probably in cyberinsurance.”
(2) Security Against Adversaries (Big Brother) That Decrypt Our Encryption Services
Encryption is generally assumed to be the solution to everything. No matter the issue, encryption can solve it. Facebook creating personal profiles, Apple reading your texts, Google recording your every move, the IRS tracking your crypto trading activity, or the CIA having unfettered access to all of these weapons – after all, information is weaponized when attached to a political agenda.
In response, "No matter, encryption and blockchain will solve all of that," appears to be the consensus.
What happens when the encryption techniques the likes to Telegram, WhatsApp, ProtonMail, or even Bitcoin are all developed from military (government) mandated encryption schemes?
In other words, just as the narrative towards data collection appears to have reached a tipping point as people lose trust in Facebook and migrate towards platforms that offer “encryption”, when will the narrative towards encryption itself become more critical?
This is quite the lengthy research report, but I highly recommend you peruse! Encryption is a fantastic solution to many of our contemporary issues, but I am afraid that many are mistakenly assuming all encryption techniques are the same, and that they are a one-size-fits-all solution. This could not be further from the truth, and in fact, depending on what encryption scheme is used you may be turning over more of your information to state-actors.
(3) Russia v Telegram Encryption
To reinforce how pivotal the value of secure encryption is, look no further than recent headlines in Russia and China.
As the article below describes, Russia has publicly attacked Telegram because it allows its users access to encrypted messaging services that undoubtedly interfere with the government surveillance efforts.
In response, Telegram founder had this to say: “Privacy is not for sale, and human rights should not be compromised out of fear or greed.”
Why would Russia want to secure a messaging service that allows users to encrypt messages (read: have private communications)? Well, seeing how their comrade Communist/Socialist/Egalitarian Chinese are using their surveillancecapabilities, it should be clear what the intent is.
Something that Western Democratic citizens need to be paying very close attention to, seeing that this issue began percolating in the U.S. via the FBI-Apple Encryption case. Of course, many of these encryption services are tied into sovereign intelligence surveillance programs anyways, but at least you are making yourself all that much more difficult to hack by using more secure services.
(4) Don’t Give Away Historic Details About Yourself
I find the following article a very timely one in light of Zuckerburg’s “testimony” before Congress. The name of the game is data-harvesting, and the data being harvested is yours.
Although this has become common sense, it is worth reiterating because these types of polls, surveys, etc. are specifically designed to entice and addict.
It’s also worth mentioning that you ought to re-consider the security questions that you use on potentially insecure services and accounts.
(5) Imagine You're Having a CT Scan and Malware Alters the Radiation Levels
This article is hypothetical, but researchers have shown it is possible for bad actors to turn up the power on medical scanning devices once they've infiltrated the hospital's network.
Healthcare is an industry ripe for cybersecurity improvement simply because they use so many different devices, many of which are connected to the provider's network. It is not too far fetched to imagine where healthcare specific cyber attacks are headed in the near future.
"Medical devices are extremely valuable. You can ransom a person's files and it is inconvenient. If you ransom a person's life you will probably get as much money as you want."
Extra Credit: Free Ethical Hacking Course - Module 6 - Hacking Webservers
"A good plan executed today is better than a perfect plan executed at some indefinite point in the future." – George Patton Jr.
Much to investigate and learn in this new and complex world. Thank you
It is a never ending process @marynet! Just trying to encourage others to pay more attention to the cyber world.