Britain may be chilly, but from Greece to India, people are dying due to record temperatures. The death toll will grow without urgent action

While Britons don jumpers and complain about the unseasonable cold, much of the world has been reeling due to excessive temperatures. India has been in the grip of its longest heatwave in recorded history, with thermometers hitting 50C in some places. Greece closed the Acropolis in the afternoon last week as temperatures hit 43C; never has it seen a heatwave so early in the year. Soaring temperatures in the Sahel and western Africa saw mortuaries in Mali reportedly running short of space this spring, while swathes of Asia suffered in May.

Mexico and the south-west of the US have also endured blistering conditions; it was particularly shocking to hear Donald Trump pledge again to “drill, baby, drill” at a rally that saw supporters taken to hospital with heat exhaustion. These bouts of extreme weather are increasing as the climate crisis worsens. Although the El Niño weather pattern contributed to heatwaves over the last 12 months, they are becoming more frequent, extreme and prolonged thanks to global heating. By 2040, almost half the world’s inhabitants are likely to experience major heatwaves, 12 times more than the historic average.

Continue reading...

💾

© Photograph: Stelios Misinas/Reuters

💾

© Photograph: Stelios Misinas/Reuters

A huge gap has opened up between pensions and working-age benefits, and millions of children are paying the price

Strict upper limits on the total amount that families can receive in state benefits continue to exacerbate a growing problem of poverty. Among children in the UK, absolute poverty has risen by its highest rate for 30 years, with new analysis from the Resolution Foundation showing that households in the bottom fifth of the income distribution have lost an average of £2,800 a year since 2010. Labour’s refusal to commit to lifting the two-child cap, which prevents parents of third or subsequent children born since 2017 from claiming child-linked benefits, means it is unclear if and how this awful situation will be remedied. While the school breakfast clubs that the party has promised are a positive measure, children should not need to go to school in order to eat.

The former prime minister Gordon Brown is campaigning for a £1bn social impact bond to promote the chances of the “children of austerity”. Charities are pushing for a statutory “essentials guarantee” – creating a floor beneath which benefits would not be allowed to sink. So far, Sir Keir Starmer’s team have refused to give ground.

Continue reading...

💾

© Photograph: Andrew Fox/The Observer

💾

© Photograph: Andrew Fox/The Observer

Imagine a team of brilliant detectives, each with their own quirks and talents. One might be a meticulous observer, another a whiz at puzzles, and the third a master of creative leaps. This diverse team is unstoppable, able to crack any case because their strengths complement each other. That's the power of neurodiversity in cybersecurity! People with autism, ADHD, dyslexia, and other conditions bring fresh and valuable perspectives to the fight against cybercrime, enhancing the ability to address complex challenges in innovative ways. They excel at spotting patterns, focusing intensely, and thinking outside the box - exactly what defenders need to outsmart hackers. Neurodiversity in cybersecurity is a concept that has gained significant traction over the past decade. The term "neurodiversity" originated in the late 1990s and has since evolved to encompass a range of conditions, not as limitations, but as strengths. Within the industry, this movement gained momentum around the mid-2010s. It stemmed from a critical need for diverse problem-solving skills and innovative thinking. Cybersecurity challenges are complex puzzles, requiring a variety of approaches to detect, analyze, and mitigate threats. By embracing neurodiversity, the industry doesn't just improve its capabilities, it sets a standard for inclusivity. It taps into a pool of untapped talent that perceives and interacts with the world in ways that benefit everyone. To celebrate this diversity, The Cyber Express hosted the "Inclusive Cyber" webinar. The event brought together experts to discuss how neurodiversity, with its wide range of cognitive styles and personalities, significantly enhances the field of cybersecurity. It's a space where innovation and diverse perspectives are not just beneficial, but essential.

Speakers' Insights on Neurodiversity in Cybersecurity

The webinar featured renowned cybersecurity champion Holly Foxcraft, recognized as one of the most influential women in the field. Alongside her was security wiz and advocate Jennifer Cox, Director for Ireland at Women in Cyber Security (WiCyS) UK & Ireland and a Security Engineering Manager at Tenable. The session was moderated by Jo Mikleus, Senior Vice President at Cyble, who skillfully facilitated the discussion, highlighting the critical role of inclusive practices in cybersecurity. Both speakers shared their personal and professional experiences with neurodiversity, providing valuable insights into the integration of neurodivergent professionals in the tech industry. Holly Foxcraft initiated the discussion by defining neurodiversity and its societal implications. She highlighted how societal norms often fail to accommodate the diverse ways individuals process information, which can lead to misunderstandings and underutilization of potential. Foxcraft explained, "Neurodiversity means that just like physical traits, our cognitive differences are natural. Society, however, has established certain expectations about how individuals should behave and process information. Deviations from these norms are termed as neurodivergence, encompassing recognized conditions such as autism and ADHD, and broader, undefined behaviors that diverge from what is considered typical." Following Holly’s introduction, Jennifer Cox discussed the common misconceptions about neurodivergent individuals, especially those with ADHD. She expressed, "There’s a prevalent myth that individuals with ADHD have boundless energy, which is far from reality. Managing everyday conversations can be as draining for us as physical exertion, leading to rapid burnout." Cox also shared her personal journey with ADHD, diagnosed in her forties, underscoring the challenges and late realizations many neurodivergent individuals face.

Challenges Faced by Neurodivergent Professionals

Jennifer Cox further addressed the managerial misconceptions surrounding the support needs of neurodivergent employees. She clarified that contrary to popular belief, neurodivergent individuals do not necessarily require extensive managerial time. Instead, they benefit significantly from targeted adjustments and understanding. "Simple changes like providing information in bullet points or understanding that lack of eye contact might indicate deeper concentration can make a substantial difference. These minor adaptations can greatly enhance workplace inclusivity and productivity," Cox explained. Both speakers emphasized the importance of tailored management strategies to effectively support neurodivergent employees. Implementing clear communication, recognizing the need for sensory accommodations, and allowing flexible work arrangements were discussed as key strategies that can enhance productivity and workplace satisfaction for all employees.

The Way Forward with Neurodiversity

The "Inclusive Cyber" webinar concluded by highlighting the indispensable link between neurodiversity and cybersecurity. By embracing neurodivergent capabilities, the cybersecurity industry not only enriches its pool of problem-solving strategies but also fosters a more inclusive and dynamic workforce capable of tackling complex security challenges. As the cybersecurity field continues to evolve, the insights shared by Jennifer Cox and Holly Foxcraft provide invaluable guidance for building diverse teams ready to face future challenges. The thoughtful integration of neurodivergent professionals into cybersecurity roles not only enhances the effectiveness of security measures but also contributes to a more inclusive and innovative workplace culture. This approach not only prepares organizations to better tackle emerging threats but also sets a precedent for the broader tech industry to follow.

The president wants to save France from itself, but he may just be handing the country over to the far right

Those complaining about the tedium and predictability of the UK’s general election must gaze with envy across the Channel to France, a country suddenly plunged into a frenzy of electoral uncertainty. And those in Britain who bemoan a lack of bold leadership cannot but note the contrast presented by its president, Emmanuel Macron, who may be arrogant and impetuous but is certainly not lacking in political courage.

Audacity was the quality most esteemed by the French revolutionary Georges Danton (although it ultimately led him to the guillotine), and this Macron possesses in abundance. It enabled his storming of the presidency in 2017 at the youngest-ever age of 39. It has sustained him through successive national upheavals and an approval rating stuck at under 35%. Now it has led him to call a snap parliamentary election at the very moment his far-right enemies enjoy record support.

Continue reading...

💾

© Photograph: Ludovic Marin/AFP/Getty Images

💾

© Photograph: Ludovic Marin/AFP/Getty Images

The Conservatives have no new vision for the next five years and the Liberal Democrats project a qualified optimism, but Labour could eventually prove transformative

The Britain that the next government will inherit on 5 July has been profoundly misgoverned for 14 years. Productivity, the heart of prosperity, has stagnated, as has business investment; the already weak trends were ruptured in 2016, the year of the Brexit referendum, and have stubbornly refused to budge since. Low growth and frozen living standards are thus guaranteed until those trends are reversed. Even though taxation has climbed, there cannot be one citizen unaware of the intolerable stress on underfunded public services set to intensify in the years ahead on current spending plans.

Meanwhile, life expectancy in disadvantaged parts of England is falling for the first time in more than a century; infant mortality is rising; poverty so blights 4.3 million children that we have among the shortest five-year-olds in Europe; one in six adults are illiterate or innumerate. People commonly live with their parents until their mid 30s because housing, whether rented or mortgaged, is prohibitively expensive. Having children is deferred; the birthrate is falling.

Continue reading...

💾

© Photograph: Stefan Rousseau/PA

💾

© Photograph: Stefan Rousseau/PA

Whenever people ask the best way to protect their accounts and devices, the answer is always to use a strong password. But how exactly does one do that? What constitutes a good password? In this article, we explain six ways to create a strong password that makes hackers give up trying to guess your details and steal your information. Keep reading to find out what your password should consist of to stay protected!

Steps to Create a Strong Password

1. Avoid Common Words

Avoid using easily guessable words or phrases. Examples include "123456," "password," or "qwerty." Instead, use phrases that may hold an unobvious personal meaning to you, such as a combination of words from a favorite book or a childhood memory. Hackers often use common password lists to guess and breach accounts, so avoid anything too predictable.

2. Avoid Personal Information

Refrain from including any personal information in your password, such as your name, birthday, or address. Hackers can easily obtain this information through social engineering or data breaches, making it relatively simple for them to guess your password. Keeping your password unrelated to your personal life adds an extra layer of security.

3. The Lengthier, the Better

The longer your password, the harder it is for hackers to crack through brute force attacks. A minimum of 12 characters is recommended, but going longer is better. For example, using a 16-character password significantly increases the number of possible combinations, making it more challenging for hackers to guess and increasing their likelihood of failing.

4. Use Complex Characters and Words

Passwords that use a variety of character types—such as uppercase letters, lowercase letters, numbers, and special characters—are better protected. For instance, a password like "P@ssw0rd123!" is much stronger than "password123." The complexity of using different forms of characters makes guessing much harder, especially if hackers use automated tools.

5. Randomize Passwords

Generating random passwords using browser-recommended ones or a password manager can be very effective in protecting your account. Password managers can store the randomized passwords after creating them. If you are worried about forgetting these randomly generated ones, you can create your own passphrase that makes sense only to you, such as "Green!Apple#Mountain*Sky." Ensure it's not easily guessable or uses common phrases.

6. Update and Change Regularly

Changing your passwords regularly is essential, especially if you have been warned of possible attempts at breaches or passwords being compromised. Regularly updating your passwords helps mitigate the risk of unauthorized access to your accounts, even if your current password is strong. It is important to create new ones instead of reusing old passwords, as hackers could use previously compromised credentials to gain access to other accounts.

Conclusion

When these six tips are combined, your password will keep your information secure. Repeating passwords or making variations of the same one fails to protect you. But with these tips, your first level of authentication is set to be almost impossible for hackers to penetrate. In a world where hacking and stealing information in cyberspace is becoming more common, it is essential for users to take the necessary steps to keep their passwords strong and their data protected. By following these guidelines, you can significantly reduce the risk of falling victim to cyberattacks and ensure your personal information remains safe.

Staying safe in the current climate of cyberattacks can be challenging and often frightening. With hacking and data theft becoming increasingly accessible and easier to execute, ensuring the safety of your personal information is essential. In this article, we will list the top ways to protect your identity on your devices and accounts from being stolen.

10 Easy Steps to Secure Your Identity

By following these 10 easy steps, you can secure your credentials, personal information, and more.

By Mohan Subrahmanya, Country Leader, Insight Enterprises In an era consistently besieged by data breaches and increased cyber threats, blockchain technology is emerging as a key tool for the enhancement of cybersecurity and the protection of data. It is a decentralized and secure way of recording critical data that brings forth innumerable benefits to many sectors through a sound framework for secure transactions and integrity of data.

Understanding Blockchain Technology

At its core, blockchain is a decentralized ledger that records transactions across a network of computers, ensuring that data remains transparent, secure, and immutable. Each block in the blockchain contains a timestamp, transaction data, and a cryptographic hash of the previous block, creating a chain of records that is nearly impossible to alter. The exponential growth of blockchain technology is fueled by the need to simplify business processes, increase transparency, improve traceability, and cut costs. According to ReportLinker, the global blockchain market is expected to increase by 80% between 2018 and 2023, from $1.2 billion to $23.3 billion.

Key Components of Blockchain That Ensure Data Security

Blockchain technology enhances data security by ensuring that data recorded once remains unalterable and undeletable without network consensus, thus maintaining integrity. One of the key features of blockchain technology is decentralization. Unlike traditional centralized databases, blockchain operates on a distributed network. This structure reduces the risk of a single point of failure and makes it much more difficult for malicious entities to compromise the entire system. By distributing data across multiple nodes, blockchain eliminates vulnerabilities associated with centralized servers, thereby enhancing overall security. Another feature is the Cryptographic hash function which plays a crucial role in blockchain security. These mathematical algorithms generate a unique identifier for each block, making it virtually impossible to alter any recorded data without detection. All the altered information on the blockchain is visible and immutable, which not only ensures data integrity but also provides a reliable mechanism to detect and prevent fraudulent activities. Blockchain also employs consensus mechanisms such as Proof of Work (PoW) and Proof of Stake (PoS) to validate transactions and ensure network consistency. By allowing only authentic transactions to be added to the blockchain, these mechanisms prevent double payments and other fraudulent practices. Digital signatures, which use a private key to sign transactions, further enhance this level of security. This ensures that only authorized individuals can initiate or modify data entries, while anyone with the public key can verify the authenticity of the transaction.

Applications Across Sectors

The use of blockchain technology could have a significant impact on cybersecurity across various sectors. Many organizations are recognizing the significant business benefits of blockchain technology and are increasingly adopting it across various sectors. Blockchain has a lot to offer, from manufacturing and healthcare to supply chains and beyond. Financial services, for instance, can benefit from blockchain's ability to secure transactions, reduce fraud, and improve transparency. The healthcare sector can utilize blockchain to secure storage and share patient information between authorized personnel, ensuring confidentiality and accuracy. In the manufacturing industry, blockchain is primarily used for the movement and management of digital assets and physical goods, enhancing transparency and traceability. In order to ensure a transparent and immutable record of the origin of products, supply chain management can use blockchain technology to prevent counterfeiting and ensure authenticity. Government services can also use blockchain to increase the security and efficiency of public records, voting systems as well as identity management.

Key Challenges and Considerations

There are certain challenges to the use of blockchain technology, despite its many benefits. Scalability is an important concern, as the number of transactions increases, the blockchain may become slow and costly to maintain. Furthermore, significant computational power is required for consensus mechanisms such as POW which could result in considerable energy consumption. Regulatory uncertainty is another issue, as the evolving legal landscape can obscure the widespread adoption of blockchain technology. Addressing these challenges is crucial for the continued growth and adoption of blockchain technology. Global efforts are being made to create scalable blockchain systems and more effective consensus methods. Additionally, regulatory frameworks are also evolving to offer more precise guidelines to implement blockchain technology.

Growth of Blockchain Technology in India

India is seeing a strong increase in the adoption of blockchain technology in many sectors. This growth is driven by government-backed projects and initiatives, such as the National Blockchain Framework, to improve transparency, security, and efficiency. The technology's potential to enhance data integrity and operational efficiency aligns well with India's digital transformation goals, making blockchain a key component in the nation's technological advancement. The use of blockchain technology has been much more of a game-changer in terms of data security and is supporting cybersecurity. It provides robust security against all cyber threats since it is decentralized, immutable, and fully transparent. Overcoming the challenges of scaling and regulatory uncertainty would enable blockchain's distributed ledger technology to emerge as the key player in secure digital infrastructures that drive innovation across all sectors. The more organizations study its potential applications, the more blockchain will change the face of data security and cybersecurity. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything. 

By Siddharth Deshmukh, Chief Operating Officer, Clover Infotech With the advent of digital, large volumes of data flow into the organizations’ systems daily. However, it’s the value of the data that makes it special. This data is often used to generate insights and predictions which are important to enhance productivity and ROI. But to ensure that the desired results are achieved, the data needs to be stored and organized in databases that enable easy access, modification, and management. In such a scenario, open source database is a wise choice as they offer flexibility, cost savings, and community support. They allow users to access and modify the source code, enabling customization to meet specific needs and fostering innovation. Being free of licensing fees, they reduce financial barriers for organizations of all sizes. While community versions of open-source databases like MySQL, PostgreSQL, and MongoDB are popular for their zero-cost entry and extensive community support, enterprise editions often provide a more comprehensive and reliable solution for businesses with critical needs.

Superior Features of Enterprise Editions

Here’s why enterprise editions are generally considered superior to community versions in an enterprise setting:  Enhanced Support and Reliability - One of the most significant advantages of enterprise editions is the professional support provided by the OEM. Unlike community versions, which rely on community forums and public documentation for troubleshooting, enterprise editions offer dedicated, round-the-clock technical support. This support is crucial for enterprises that require immediate resolutions to any issues that may arise, thereby minimizing downtime, ensuring business continuity, and adherence to compliance mandates. Advanced Security Features - Security is paramount for any enterprise, and enterprise editions of open-source databases typically come with enhanced security features not available in community versions. These may include advanced authentication methods, transparent data encryption, auditing capabilities, and more granular access controls. With cyber threats constantly evolving, having these robust security measures in place helps protect sensitive data from breaches and ensures compliance with industry standards and regulations. Performance Optimization and Scalability - Enterprise editions often include performance optimization tools and features designed to handle large-scale operations efficiently. These enhancements can significantly improve database performance, supporting faster query processing and better resource management. For businesses experiencing rapid growth or those with high transaction volumes, the ability to scale seamlessly is critical. Comprehensive Management Tools - Managing a database effectively requires a suite of tools for monitoring, backup, recovery, and automation. Enterprise editions usually provide a range of advanced management tools that simplify these tasks, reducing the administrative burden on IT teams. Features like automated backups, performance monitoring dashboards, and easy-to-use management interfaces help ensure that databases run smoothly, and potential issues are promptly addressed. Long-Term Stability and Support - Community versions often follow rapid release cycles, which can lead to stability issues as new features are continuously added and older versions quickly become outdated. In contrast, enterprise editions typically offer long-term support (LTS) versions, ensuring stability and ongoing updates without the need for frequent major upgrades. This stability is vital for enterprises that require reliable, long-term operation of their database systems. Tailored Solutions and Customization - Vendors offering enterprise editions frequently provide customized solutions tailored to the specific needs of their clients. This level of customization can include optimizing the database for particular workloads, integrating with existing enterprise systems, and even developing new features upon request. Such tailored solutions ensure that the database aligns perfectly with the business’ operational requirements.

To Wrap Up

In conclusion, while community versions of open-source databases are an excellent starting point, especially for small to medium-sized businesses or for non-critical applications, enterprise editions offer a suite of enhanced features and services that address the complex needs of larger organizations. With superior support, advanced security, performance optimizations, comprehensive management tools, and tailored solutions, enterprise editions ensure businesses can rely on their database systems to support their operations effectively and securely. Enterprise editions are a prudent choice for enterprises where data integrity, performance, and security are paramount. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything. 

The inquiry’s final report is due in September, but survivors have already waited too long for justice

Seven years after the loss of 72 lives in the Grenfell Tower fire, the survivors and bereaved are disillusioned and angry. There was a sense of renewed expectation, as well as painful awareness of how much time has passed, as campaigners prepared for Friday’s memorial walk. With next month’s election, and the expected defeat of the Conservatives, they have sharpened their demands. When the public inquiry’s final report is published on 4 September, it will be a new government that responds.

The failure to implement recommendations from the inquiry’s first phase, including evacuation plans for disabled residents in high-rise flats, has caused deep dismay among disability and housing groups as well as Grenfell families. The announcement by police that prosecutions of those responsible will not take place before 2027, at the earliest, was described as “unbearable”. Inquiry participants whose lives were destroyed by the fire and its aftermath poured not only their pain into it but also their hopes for change. The findings are still eagerly awaited. Yet there is a growing sense that the length of time they are having to wait for justice and accountability is a further violation.

Continue reading...

💾

© Photograph: Vuk Valcic/ZUMA Press Wire/REX/Shutterstock

💾

© Photograph: Vuk Valcic/ZUMA Press Wire/REX/Shutterstock

The regime is allowing a reformist to run because it wants to ensure more of the same. It will take a better offer to win back the people

The death of Iran’s president, Ebrahim Raisi, in a helicopter crash last month was a shock. The 63‑year‑old hardliner was not only expected to run for a second term, but to be part of the looming transition: the supreme leader, Ayatollah Ali Khamenei, is 85 and has health problems. Some had even thought Raisi might succeed him.

Yet the repercussions have been muted. The first round of the presidential election is scheduled for 28 June, but no one expects Raisi’s replacement to bring significant political change. The regime’s priorities are continuity and stability. It knows it may soon have to reckon with the hostility of a second Trump administration and it faces widespread discontent at home, following the suppression of the massive Woman, Life, Freedom protests. The evidence of recent years suggest that it is more worried about conservative consolidation at the top than legitimacy from below.

Continue reading...

💾

© Photograph: Vahid Salemi/AP

💾

© Photograph: Vahid Salemi/AP

Voters are ready for a change of government, but lack of enthusiasm for the opposition’s programme may spell trouble ahead

At the Conservative manifesto launch on Tuesday, Rishi Sunak offered a selection of gimmicks not a strategy, and a compendium of uncosted promises instead of a plan. The result was a slapdash manifesto, with large areas of government responsibility almost wholly ignored. It offered the same old prejudices and the same old policy reflexes to the same old audience.

Sir Keir Starmer’s Labour manifesto launch in Manchester on Thursday could hardly have been more different. A party that looked into the electoral abyss in 2019 now stands on the threshold of government – and it showed. Labour has raised its game, and the manifesto rollout was optimistic and professional.

Do you have an opinion on the issues raised in this article? If you would like to submit a response of up to 300 words by email to be considered for publication in our letters section, please click here.

Continue reading...

💾

© Photograph: Stefan Rousseau/PA

💾

© Photograph: Stefan Rousseau/PA

The lack of suitable placements for at-risk young people has led to a huge rise in deprivation of liberty orders. Family judges are right to be furious

Seven years ago, Sir James Munby, then the president of the family division of the high court, issued a highly unusual public judgment. Denouncing a “disgraceful and utterly shaming lack”, he called for an overhaul of council provision for children who need intensive support in a residential setting. Since then, the children’s commissioner for England and other senior judges have made similar criticisms.

Councils in England do not have enough places in which to look after some of the most vulnerable children for whom they are responsible. The result is that rising numbers are subjected to deprivation of liberty orders, leading to forcible detention in unregulated placements including rented flats. Last weekend, Sir James spoke up again, calling the situation a “shocking moral failure” and for it to be discussed in the run-up to next month’s election.

Do you have an opinion on the issues raised in this article? If you would like to submit a response of up to 300 words by email to be considered for publication in our letters section, please click here.

Continue reading...

💾

© Photograph: Dmytro Betsenko/Alamy

💾

© Photograph: Dmytro Betsenko/Alamy

The burden of transition on economically insecure voters must be eased via a more ambitious fiscal approach by governments

Following the European parliament elections of 2019, the newly elected president of the European Commission, Ursula von der Leyen, told MEPs: “If there is one area where the world needs our leadership, it is on protecting our climate … We do not have a moment to waste. The faster Europe moves, the greater the advantage will be for our citizens, our competitiveness and our prosperity.”

Five years on, all that remains true, and the urgency of taking decisive action is even greater. Last week, the United Nations general secretary, António Guterres, warned that the world faced “climate crunch time”, referring to new data revealing that the crucial 1.5C threshold for global heating was breached over the past year. But the politics of climate action in Europe is lurching in the wrong direction at alarming speed.

Continue reading...

💾

© Photograph: Piroschka Van De Wouw/Reuters

💾

© Photograph: Piroschka Van De Wouw/Reuters

Labour should take lessons from the Netherlands, where public sector firms are funded by a state-owned bank

The private sector provision of water services in England is an oddity in the world: 90% of countries run state-owned operations. Even in Europe, it is the only country to have sold its water resources – including pipes, reservoirs, boreholes and treatment plants – to private owners, now mostly a collection of sovereign wealth, infrastructure and pension funds. The decision to put water – a natural monopoly – in private hands defied the Thatcherite logic of competition and efficiency. There was never any possibility of pitting rival companies against each other to raise standards. No other water supply is competing for a household’s business.

The result has been the creation of a series of sinecures upon which large firms and their executives stake their claims, protected from competition by legal rights over scarce liquid resources. The hundreds of thousands of pounds paid in bonuses to the bosses of Severn Trent and South West Water’s parent company, despite the companies pumping sewage into Britain’s rivers, seems a textbook example of rent-seeking by oligopolistic capital. Rather than invest in infrastructure to deal with a growing population, the country’s private water monopolies, which began life with no debt, borrowed £64bn over the past three decades and paid more than £78bn in dividends to their owners.

Continue reading...

💾

© Photograph: Leon Neal/Getty Images

💾

© Photograph: Leon Neal/Getty Images

Rishi Sunak’s insistent repetition of the word ‘plan’ doesn’t compensate for an absence of serious engagement with the challenges Britain faces

The start of the Conservatives’ election campaign was defined by spectacular errors of judgment, but even the slickest launch would have come unstuck on the question of whether the incumbent party deserves a fifth term in office. The record is too grim.

The manifesto published on Tuesday did nothing to dispel the impression of a demoralised party bereft of ideas. The ideological kernel of the document is a conviction that cutting taxes and social security boosts enterprise and prosperity. Rishi Sunak proposes a 2p reduction in national insurance and its abolition for people who are self-employed. The prime minister pledged to reverse what he called the “unsustainable rise in working-age welfare”. Hypothetical revenue is also conjured up by shrinking the civil service. Relying on a crackdown on tax avoidance raises the question of why it hasn’t been done over the last 14 years.

Do you have an opinion on the issues raised in this article? If you would like to submit a response of up to 300 words by email to be considered for publication in our letters section, please click here.

Continue reading...

💾

© Photograph: Neil Hall/EPA

💾

© Photograph: Neil Hall/EPA

The conviction of peaceful pro-democracy activists is another shameful moment in the ongoing crackdown

Seven years ago, Lord Neuberger, a judge of the Hong Kong court of final appeal – and formerly president of the UK’s supreme court – described the Chinese region’s foreign judges as “canaries in the mine”. Their willingness to serve was a sign that judicial independence remained healthy, “but if they start to leave in droves, that would represent a serious alarm call”.

That was before the extraordinary uprising in 2019 to defend Hong Kong’s autonomy, and the crackdown that followed. The draconian national security law of 2020 prompted the resignation of an Australian judge, and two British judges quit in 2022. Last week, two more birds flew: Lord Sumption and Lord Collins of Mapesbury. Lord Sumption (with other judges) had said that continued participation was in the interests of the people of Hong Kong. Now he says that those hopes of sustaining the rule of law are “no longer realistic” and that “a [once] vibrant and politically diverse community is slowly becoming a totalitarian state”. He cited illiberal legislation, Beijing’s ability to reverse decisions by Hong Kong courts and an oppressive political environment where judges are urged to demonstrate “patriotism”.

Do you have an opinion on the issues raised in this article? If you would like to submit a response of up to 300 words by email to be considered for publication in our letters section, please click here.

Continue reading...

💾

© Photograph: Chiang Ying-ying/AP

💾

© Photograph: Chiang Ying-ying/AP

The French president’s decision to call a snap parliamentary election, after Marine Le Pen’s triumph in European polls, is a fateful moment

Ahead of Sunday’s European election results, attention was understandably focused on the impact of a potential far-right surge on the balance of power in Brussels institutions. In the event, the pan-European centre held, just about, with more moderate conservative parties generally enjoying a good night. But that was not even close to being the main headline of the evening.

Emmanuel Macron’s shock decision to call snap legislative elections, after a humiliating defeat at the hands of Marine Le Pen’s National Rally party (RN), is a gamble of the highest order, taken from a position of weakness. Even by the standards of a president who created his own movement to demolish the traditional centre-left and centre-right, it is a surprisingly risky move. In a Sunday evening address, Mr Macron told the nation that it was a necessary one in order to “clarify” a result that saw the extreme right win a combined 40% of the vote. That clarification, when it comes on 7 July, may or may not be welcome.

Continue reading...

💾

© Photograph: Ludovic Marin/EPA

💾

© Photograph: Ludovic Marin/EPA

Sir Ed Davey says he is offering a programme for real change. Voters should seriously consider it when casting their ballots

The Liberal Democrat manifesto is either the last hurrah for redistributive politics in Britain – or signals its comeback. At its launch on Monday, the Lib Dems proposed taxing the super-rich, frequent flyers and banks, and using the proceeds to pay for the NHS, schools and international development. This is the right thing to do. If we want the country’s resources put to better use then part of the answer lies in reining in the wealthiest people in the country.

Some may argue that whatever the Lib Dems say is irrelevant, as the party is not going to be in power on 5 July. That misses the point. The Lib Dems can act as a driver of change in British politics, influencing the agenda of the country without necessarily being the political party that benefits most from the change. With the budget deficit at 6% and persistent post-Covid labour shortages, tax increases are needed to reduce wasteful consumption by the rich and allow room for socially useful spending. While experts can quibble about the amounts raised, Sir Ed Davey has done the public a favour by clarifying who would lose out and who would gain under his party’s proposals.

Continue reading...

💾

© Photograph: Peter Byrne/PA

💾

© Photograph: Peter Byrne/PA

The wait is finally over! The Cyber Express is thrilled to announce the much-anticipated return of World CyberCon, India Edition. The 4th Edition of this prestigious event is set to take place on September 27, 2024, in Mumbai. This gathering will be held under the compelling theme “Strengthening India’s Digital Frontier: Preparing for Future Challenges.” This is not just a conference; it is also an award ceremony and exposition, offering a comprehensive platform for recognition, networking, and showcasing the latest innovations.  World CyberCon promises to bring together cybersecurity professionals from all corners of India to confront and navigate the rapidly evolving landscape of cybersecurity threats and innovations. 

A Booming Cybersecurity Market 

India's cybersecurity market is witnessing unprecedented growth, projected to surge from USD 4,044.6 million in 2024 to USD 17,746.5 million by 2033, at a compound annual growth rate (CAGR) of 15.61%.  This rapid expansion is driven by increasing digitalization and the proliferation of internet-connected devices, which broaden the attack surface and escalate the need for robust cybersecurity solutions.  The market encompasses various services, including network and endpoint security, security analytics, threat intelligence, and cloud security. The exponential growth highlights the critical importance of fortifying India's digital infrastructure against evolving cyber threats.  

The World CyberCon Highlights 

The World CyberCon 2024 promises to deliver a comprehensive agenda, featuring key discussions and presentations on crucial topics. Attendees will delve into strategies for cyber resilience, exploring how organizations can build and maintain robust defenses against an ever-changing threat landscape. 

• Knowledge Sharing Sessions: Gain insights from industry leaders and experts through in-depth discussions and presentations. 
• Networking Sessions: Connect with peers, potential clients, and industry leaders in dynamic networking environments. 
• Keynote Sessions by Government: Hear from prominent government officials on national cybersecurity priorities and initiatives. 
• Award Presentation: Celebrate outstanding contributions to the field of cybersecurity with an exclusive award ceremony. 
• 150+ Attendees: Engage with over 150 cybersecurity professionals and decision-makers from across India. 
• Exhibition Zone: Explore the latest innovations in cybersecurity technology and solutions in our extensive exhibition area. 
• Business Prospects: Discover new opportunities for growth and collaboration within the cybersecurity industry. 
• Post Event Highlights Episode on a TV News Channel: Extend the reach and impact of the event's key messages through exclusive post-event highlights featured on a TV news channel. 
• Media Presence: Benefit from extensive media coverage, enhancing the visibility and impact of the event. 
• Stand Up Comedy: Enjoy entertainment and a light-hearted break with a stand-up comedy performance. 

Networking and Learning Opportunities 

Attendees can look forward to a variety of enriching experiences designed to foster knowledge sharing and collaboration. The event will feature exclusive networking opportunities, allowing participants to connect with industry leaders, peers, and potential clients in a dynamic and engaging environment.  Keynote speeches by prominent government officials will provide valuable insights into national cybersecurity priorities and initiatives, while award presentations will recognize outstanding contributions to the field.  The exhibition zone will showcase the latest innovations in cybersecurity technology and solutions, providing attendees with a firsthand look at cutting-edge tools and services. Business prospect discussions will explore new opportunities for growth and collaboration within the cybersecurity industry. Post-event highlights will be featured on a TV news channel, extending the reach and impact of the event's key messages. 

Who Should Attend? 

World CyberCon is designed for top-level executives and professionals who play a critical role in shaping and implementing cybersecurity strategies. This includes Chief Information Security Officers (CISOs), Chief Information Officers (CIOs), Chief Technology Officers (CTOs), and other senior leaders such as SVPs, VPs, and GMs in cybersecurity.  Data Protection Officers (DPOs), directors, and heads of cybersecurity, IT, and governance will also find the event highly relevant. Additionally, legal experts and cybercrime officers are encouraged to attend to gain insights into the latest legal and regulatory developments impacting cybersecurity. 

Partnership Opportunities 

Partnering with World CyberCon offers significant benefits, including enhanced visibility and brand exposure. Your brand will be prominently featured throughout the event, providing exposure to a targeted audience of cybersecurity professionals and decision-makers.  Exclusive networking sessions offer the chance to connect with industry leaders, potential clients, and partners, fostering valuable relationships and business opportunities.  Showcasing your thought leadership by participating in panel discussions or exclusive presentations can elevate your brand’s reputation and influence within the industry. The event also offers robust lead generation opportunities, with access to an event app for one-on-one meetings with registered attendees. Exhibiting at World CyberCon allows you to demonstrate your products and services to a captive audience, further enhancing your market presence. 

What Sets Us Apart? 

World CyberCon stands out as a premier event organized by a globally recognized cybersecurity news media company. We boast a strong global presence with over 30k registered users receiving our weekly newsletter and 100k+ monthly website visitors.   Attendees can discover Pan India opportunities and engage with leading expert speakers under one roof. Our event offers exclusive content and insights, making it an unparalleled platform for learning, networking, and growth in the cybersecurity industry. 

Join Us 

For more information and to register, please visit World CyberCon 2024 Website. Don’t miss this opportunity to be part of India’s premier cybersecurity event, where you can shape the future of cybersecurity, gain valuable insights, and connect with industry leaders.  Contact Information: 

• Priti Chaubey 

Communications Manager  priti.c@thecyberexpress.com 

• Ashish Jaiswal 

Conference Manager  ashish.j@thecyberexpress.com  +91 814 888 2990 

• Anees Shaik 

Sponsorship Sales Manager  anees.shaik@thecyberexpress.com  +91 636 127 6754  About The Cyber Express  The Cyber Express is a leading cybersecurity news media company that provides critical and timely information on cyber threats, vulnerabilities, data breaches, and cyber defense. Our seasoned journalists and researchers deliver in-depth analysis and commentary, organizing conferences, webinars, and business events to share industry best practices and insights.  The objective of The Cyber Express is to give readers a thorough understanding of the current state of cybersecurity and the challenges and opportunities that lie ahead. Whether you are a cybersecurity professional, a business leader, or simply someone interested in staying informed about the latest developments in this crucial field, our publication can provide valuable insights and information.  For more information, visit The Cyber Express. 

Emmanuel Macron’s hopes for a summer of sporting pride now look like a very long shot

Emmanuel Macron had hoped that this would be a summer of sporting celebration for France, dominated by the first Paris Olympics for a century. Instead, events on track and field are now set to be eclipsed by political turmoil, following Mr Macron’s decision to call a snap parliamentary election following his humiliating defeat at the hands of the radical right in this weekend’s European polls.

In the lead-up to the Olympics - now less than 50 days away - Mr Macron had already been desperately searching for the feelgood factor. Having previously lamented the modest size of the national medal haul at the 2020 Tokyo Olympics, he used a recent television interview to demand a top-five finish for France this summer on home soil.

Continue reading...

💾

© Photograph: Lafargue Raphael/ABACA/REX/Shutterstock

💾

© Photograph: Lafargue Raphael/ABACA/REX/Shutterstock

The Met chief says the number of abusive men is beyond the police’s capacity to cope with. Politicians need a plan for victims

Mark Rowley, head of the Metropolitan police, described the extent of violent crime committed by men against women as “eye-watering”. In a report last week for the London policing board, he said that with up to 4 million mostly male perpetrators of violence against women and children in England and Wales, the scale of the problem is “beyond policing and justice system capacity”. The Met’s figures show that 50% of violence suffered by women in London relates to domestic abuse, with 1m reports to police in England and Wales annually. New research from the National Police Chiefs’ Council will be published over the summer. The National Crime Agency estimates that 750,000 adults have a sexual interest in children.

Some in the women’s sector welcomed Mr Rowley’s bluntness. For England’s most senior police officer to outline the problem so clearly is preferable to it being ignored or shunted behind priorities such as counter‑terrorism and fraud. But for victims and those at risk, it is chilling to learn that that the police believe only a massively upscaled, multi-agency approach would enable them to do their job.

Continue reading...

💾

© Photograph: Nicholas.T Ansell/PA

💾

© Photograph: Nicholas.T Ansell/PA

Cyber threats continue to evolve this week as attackers target huge ticketing platforms, stealing hundreds of millions of people’s information. Large social media platforms like TikTok were also vulnerable to cyber issues this week. TCE Cyberwatch continues to ensure the highlights of the cybersecurity industry are conveyed to our readers. And remember, vigilance is important. Staying informed on what could affect you as well as knowing of the measures that are being taken is essential.

TCE Cyberwatch: Weekly Round-Up

Free Office Suite Turns Malicious: Pirated Downloads Spreading Malware in South Korea

South Korean researchers have found that pirated copies of productivity software like Microsoft Office and Hangul Word Processor are being used to spread malware. This malware maintains persistence by regularly updating itself, often several times a week. Distributed through file-sharing platforms, these malicious copies appear as cracked installers. Attackers use Telegram or Mastodon channels to provide encrypted instructions leading to malicious payloads hosted on Google Drive or GitHub. The malware includes strains like OrcusRAT, XMRig Cryptominer, 3Proxy, and PureCrypter, which perform various malicious activities, including keylogging, cryptomining, and disabling security products. The malware's ability to update and re-infect systems makes it difficult to remove. Researchers urge users to download software from official sources and update antivirus programs to prevent infection. Read More

Spanish Police Bust Illegal Streaming Network Serving 14,000 Subscribers

Spanish police dismantled an illegal media distribution network that had generated over 5.3 million euros since 2015. The operation began in November 2022 after a complaint from the Alliance for Creativity and Entertainment (ACE), targeting the IPTV service ‘TVMucho’ (also known as ‘Teeveeing’). TVMucho/Teeveeing, with over 4 million visits in 2023, offered over 125 channels, including BBC and ITV. Eight individuals were arrested across various cities, and authorities seized a vehicle, and computers, and froze 80,000 euros in bank accounts. Sixteen related websites were blocked. The network, led by Dutch nationals, decrypted and distributed content from over 130 channels. The crackdown disrupted a service with 14,000 subscribers, causing significant financial damage to content creators. Read More

Millions at Risk: Ticketmaster Confirms Huge Data Breach

Live Nation, Ticketmaster's parent company, confirmed a data breach after hackers claimed to have stolen personal details of 560 million customers. The breach was disclosed in a U.S. Securities and Exchange Commission (SEC) filing. Live Nation detected unauthorized activity in a third-party cloud database on May 20, 2024, and began an investigation. The company is mitigating risks, notifying affected users and regulatory authorities, and cooperating with law enforcement. The stolen data was hosted on Snowflake, a cloud storage firm. Snowflake and cybersecurity firms CrowdStrike and Mandiant are investigating, attributing the breach to identity-based attacks exploiting compromised user credentials. Recommendations include enforcing multi-factor authentication and resetting credentials. Live Nation asserts the breach has not significantly impacted its business operations. Read More

COVID Relief Fraud Busted: $5.9 Billion Botnet Scheme Unraveled

The DOJ charged Chinese national YunHe Wang with operating the "world's largest botnet," which stole $5.9 billion in Covid relief funds. Wang allegedly used the 911 S5 botnet to hack over 19 million IP addresses in nearly 200 countries from 2014 to 2022. The botnet also engaged in other crimes like fraud and harassment. Wang, who profited at least $99 million, faces up to 65 years in prison. The DOJ, FBI, and international law enforcement dismantled the network and arrested Wang. The U.S. has been increasingly concerned about sophisticated cyber threats, particularly from China. In January, the FBI dismantled another Chinese hacking group targeting U.S. infrastructure. Wang's arrest follows Treasury Department sanctions on him and his associated companies. Read More 

Poland Boosts Cybersecurity with $760 Million Investment After Suspected Russian Attack

Poland will invest over 3 billion zlotys ($760 million) to enhance cybersecurity following a likely Russian cyberattack on state news agency PAP. With European Parliament elections imminent, Poland is vigilant against Moscow's interference, especially after a false military mobilization article appeared on PAP. Poland, a key supporter of Ukraine, frequently accuses Russia of destabilization attempts, claims Russia denies. Digitalization Minister Krzysztof Gawkowski announced the "Cyber Shield" initiative and highlighted Poland's frontline position in the cyber conflict with Russia. Recent cyberattacks on critical infrastructure were blocked, reinforcing concerns about Russia's intent to destabilize and benefit anti-EU forces. Poland has linked Russia to sabotage and espionage activities, prompting the re-establishment of a commission to investigate Russian influence. Read More

Russia Accused of Spreading Misinformation Ahead of European Parliament Elections

European governments accuse Russia of spreading misinformation ahead of the European Parliament elections from June 6-9. Alleged tactics include amplifying conspiracy theories, creating deepfake videos, and cloning legitimate websites to disseminate false information. The Czech Republic identified a pro-Russian influence operation led by Viktor Medvedchuk, while Belgium accused Russian officials of bribing EU lawmakers to promote propaganda. Russia denies these accusations, claiming the West is waging an information war against it. European leaders, like Ursula von der Leyen, stress the importance of resisting authoritarian influence. The EU's Digital Services Act mandates the removal of illegal content and transparency in content aggregation. Tech giants like Meta, Google, and TikTok are implementing measures to counter election-related disinformation. Read More

Deepfakes Target Businesses: $25 Million Scam Exposes AI's Dark Side

Deepfake scams are increasingly targeting companies worldwide, exploiting generative AI for fraud. In a major case, a Hong Kong finance worker was deceived into transferring over $25 million to fraudsters using deepfake technology to pose as colleagues. UK engineering firm Arup confirmed involvement in this case, emphasizing a rise in such sophisticated attacks. OpenAI’s ChatGPT has popularized generative AI, lowering the barrier for cybercriminals. AI services can generate realistic text, images, and videos, aiding illicit activities. Deepfake incidents have targeted financial employees, leading to substantial financial losses. Companies fear deepfakes could manipulate stock prices, defame brands, and spread misinformation. Cybersecurity experts recommend enhanced staff education, testing, and multi-layered transaction approvals to mitigate risks, stressing that cybercrime will likely escalate before effective defences are developed. Read More

Up to 7 Years Jail for Deepfake Porn in Australia: New Laws Crack Down on Online Abuse

Proposed new Australian laws will impose up to six years in jail for sharing non-consensual deepfake pornographic images, and seven years for creating them. Attorney General Mark Dreyfus will introduce the legislation to make it illegal to share these images via any platform. Dreyfus condemned the harmful nature of such material, which predominantly affects women and girls. The laws aim to update legal protections in line with technological advances. Currently, creating such images isn't illegal under federal law, but the new bill expands existing laws on using technology to commit crimes. The legislation also seeks to curb technology-facilitated abuse and will include measures addressing doxing and reviewing the Online Safety Act. These changes are part of efforts to combat violence against women. Read More

Zero-Click Hack Hits TikTok: High-Profile Accounts Hijacked

Recently, hackers exploited a zero-day vulnerability in TikTok’s direct messaging feature to take over high-profile accounts without victims needing to download anything or click links. This flaw, unknown to the software makers, allowed control of accounts belonging to CNN, Sony, and Paris Hilton. TikTok's security lead, Alex Haurek, stated that they are working to prevent future attacks and restore affected accounts. Although only a few accounts were compromised, TikTok has not specified the numbers. Read More

Wrap Up

This week has shown the multiple vulnerabilities in even the biggest and assumed to be highly protected companies. Like always, there are tensions surrounding cyber issues in the world of politics as well. We over here at TCE hope that our readers know of the measures to be taken if ever affected by these breaches or hacks, as well as knowing the signs to look out for so as to not fall victim to cyberattacks. We are happy to see nations investing in the betterment of cyber security for their people.

By Sithembile (Nkosi) Songo, Chief Information Security Officer, ESKOM  According to the Ultimate List of Cybersecurity Statistics, 98% of cyber attacks rely on social engineering. Social engineering and phishing attacks tactics keep on evolving and targeting a diversified audience form executives to normal employees. Advanced phishing attacks that can be launched using GEN AI. There is also a shift in motivation behind these attacks, such as financial gain, curiosity or data theft.   Recent attacks have shown that cyber criminals continue to use various social engineering tricks, exploiting human weaknesses. Attackers are evolving from only exploiting technology vulnerabilities such as using automated exploits to initiate fraudulent transactions, steal data, install malware and engage in other malicious activities.  Furthermore, it is a well-documented fact that people are deemed to be the weakest link in the cybersecurity chain. Traditional security controls put more focus on the technical vulnerabilities as opposed to the human related vulnerabilities. Threat actors are transitioning from traditional system and or technology related cyber-attacks to human based attacks. The cyber criminals have identified and are now taking advantage of uninformed or untrained workforce by exploiting the human related vulnerabilities.  Employees often make it too easy by posting a huge amount of information about themselves, including daily status, activities, hobbies, travel schedule and their network of family and friends.   Even small snippets of information can be aggregated together. Bad guys can build an entire record on their targets.  Employees, especially those that are targeted, should limit what they post.  Bad guys leverage on other weaknesses, such as the improper destruction of information through dumpster diving and unencrypted data. The three most common delivery methods are email attachments, websites and USB removable media.  Properly implemented USB policies and trained users can identify, stop and report phishing attacks.  Well-educated workforces on all the different methods of social engineering attacks are more likely to identify and stop the delivery of these attacks.  While malicious breaches are the most common, inadvertent breaches from human error and system glitches are still the root cause for most of the data breaches studied in the report. Human error as a root cause of a breach includes “inadvertent insiders” who may be compromised by phishing attacks or have their devices infected or lost/stolen  Entrenching a security conscious culture is therefore extremely important in today’s digital age. Cyber awareness is of utmost importance in today’s digital age.  

What is "Security Culture"?  

Security culture is the set of values shared by all the employees in an organization, which determine how people are expected to perceive and approach security. It is the ideas, customs and social behaviours of an organization that influence its security. Security culture is the most crucial element in an organization’s security strategy as it is fundamental to its ability to protect information, data and employee and customer privacy. Perception about cybersecurity has a direct impact to the security culture. It could be either positive or negative. It’s deemed to be positive if information security is seen as a business enabler and viewed as a shared responsibility instead of becoming the CISO’s sole responsibility. On other hand it’s perceived negatively if security viewed a hindrance or a showstopper to business or production. A sustainable security culture requires care and feeding. It is not something that develops naturally, it requires nurturing,  relevant investments. It is bigger than just ad-hoc events. When a security culture is sustainable, it transforms security from ad-hoc events into a lifecycle that generates security returns forever. Security culture determines what happens with security when people are on their own. Do they make the right choices when faced with whether to click on a link? Do they know the steps that must be performed to ensure that a new product or offering is secure throughout the development life cycle.  Security culture should be engaging and delivering value because people are always keen to participate in a security culture that is co-created and enjoyable.  Furthermore, for people to invest their time and effort, they need to understand what they will get in return. In other words, it should provide a return on investment, such as improving a business solution, mitigating risks associated with cyber breaches.   Culture change can either be driven from the top or be a bottom-up approach, depending on the composition and culture of the organization. A bottom-up approach rollout allows engaged parties to feel they are defining the way forward rather than participating in a large prescriptive corporate program, while support from the top helps to validate the change, regardless of how it is delivered.   In particular, a top-down mandate helps to break down barriers between various business functions, information security, information technology, development team, operations, as well as being one of the few ways to reach beyond the technical teams and extend throughout the business. Organizations that have a Strong Cybersecurity culture have the following:  

• Senior leadership support from Board and Exco that echo the importance of cybersecurity within the organization. 
• Defined a security awareness strategy and programme, including the Key Performance Indicators (KPIs). 
• Targeted awareness campaigns which segment staff based on risk. Grouping users by risk allows for messages and the frequency of messages to be tailored to the user group.  
• A cybersecurity champion programme which allows for a group of users embedded in the organization to drive the security message. 
• Usage of various of mediums to accommodate different types of people who learn differently. 
• Employees are always encouraged to report cybersecurity incidents and they know where and how and to report incidents. 
• Creating an organizational culture where people are encouraged to report mistakes could be the difference between containing a cyber incident or not. 
• Measurements to test effectiveness: This is often done with phishing simulations.  
• Employees have a clear understanding of what acceptable vs what is not acceptable.  
• Information security becomes a shared responsibility instead of  CISO’s sole responsibility. 

The below image depicts percentage of adopted awareness capabilities 

Security architecture principles such as Defence in Depth, the failure of a single component of the security architecture should not compromise the security of the entire system. A defense-in-depth mechanism should be applied to mitigate phishing related risks. This approach applies security in different layers of protection, which implies that if one control fails the next layers of controls will be able to block or stop the phishing attack. The controls involve a combination of people, processes and technologies.  User behavior analytics (UBA) should be used to augment the awareness programme by detecting insider threats, targeted attacks, and financial fraud and track users’ activities. Advanced our phishing attack simulations by using GEN AI based simulations should also be conducted to combat advanced phishing attacks. 

Possible Measurements 

There are several measures that can be applied to measure the level of a  security conscious culture: 

• Employees attitudes towards security protocols and issues. 
• Behaviour and actions of employees that have direct and indirect  security implications. 
• Employees understanding, knowledge and awareness of security issues and activities. 
• How communication channels promote a sense of belonging and offer support related to security issues and incident reporting. 
• Employee knowledge, support and compliance to security policies, standards and procedures. 
• Knowledge and adherence to unwritten rules of conduct related to security. 
• How employees perceive their responsibilities as a critical success factor in mitigating cyber risks. 

Conclusion 

According to Gartner, by 2025, 40% of cybersecurity programs will deploy socio-behavioural principles (such as nudge techniques ) to influence security culture across the organization.   Recent human based cyber-attacks, together AI enabled phishing attacks, make it imperative to tighten human based controls. Promoting a security conscious culture will play a fundamental role in transforming people from being the weakest into the strongest link in the cybersecurity chain.  Building a cybersecurity culture is crucial because it ensures that everyone understands the importance of cybersecurity, adherence to the relevant information security policies and procedures, increase the level of vigilance and mitigate risks associated with data breaches. Furthermore a strong cybersecurity culture fosters better collaboration, accountability and improved security maturity. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything.

By Dina Alsalamen, VP, Head of Cyber and Information Security Department at Bank ABC  In today's interconnected digital landscape, cyber threats pose significant risks to organizations of all sizes and industries. From data breaches to ransomware attacks, the consequences of cyber incidents can be severe, including financial losses, reputational damage, and regulatory penalties. To effectively mitigate these risks and safeguard their operations, organizations must prioritize building cyber resilience. In this article, we'll explore strategies and best practices for building a cyber-resilient organization. 

Understand Your Risks 

The first step in building cyber resilience is understanding the unique risks facing your organization. Conduct a comprehensive risk assessment to identify potential threats, vulnerabilities, and their potential impact on your business operations. This assessment should encompass all aspects of your organization's IT infrastructure, including networks, systems, applications, and data assets. 

Develop a Cybersecurity Strategy 

Based on your risk assessment, develop a robust cybersecurity strategy that aligns with your organization's goals and priorities. This strategy should outline clear objectives, policies, and procedures for protecting against cyber threats. Key components of your cybersecurity strategy may include: 

• Risk Management Framework: Establish a risk management framework to systematically identify, assess, and mitigate cyber risks across your organization. 
• Security Controls: Implement a layered approach to cybersecurity by deploying a combination of preventive, detective, and responsive security controls. 
• Incident Response Plan: Develop a detailed incident response plan outlining procedures for detecting, responding to, and recovering from cyber incidents. 
• Employee Training and Awareness: Educate employees about cybersecurity best practices and raise awareness about the importance of security hygiene in everyday operations. 

Implement Security Controls 

Deploy a range of security controls to protect your organization's digital assets from cyber threats. These controls may include: 

• Firewalls and Intrusion Detection Systems: Implement firewalls and intrusion detection systems to monitor and control network traffic, identifying and blocking malicious activities. 
• Endpoint Protection: Install endpoint protection solutions, such as antivirus software and endpoint detection and response (EDR) tools, to defend against malware and other malicious threats targeting end-user devices. 
• Data Encryption: Encrypt sensitive data both at rest and in transit to prevent unauthorized access and protect confidentiality. 

• Multi-Factor Authentication (MFA): Enable MFA for accessing critical systems and applications, adding an extra layer of security beyond passwords. 

Continuously Monitor and Assess 

Cyber threats are constantly evolving, so it's essential to continuously monitor your organization's security posture and assess for vulnerabilities. Implement threat detection tools and security monitoring systems to detect and respond to suspicious activities in real-time.  Conduct regular security assessments, including penetration testing and vulnerability scanning, to identify weaknesses and address them proactively. 

Foster a Culture of Cyber Resilience 

Building a cyber-resilient organization requires a collective effort from all stakeholders, from top management to frontline employees. Foster a culture of cyber resilience by promoting collaboration, accountability, and a shared responsibility for cybersecurity across the organization. Encourage open communication channels for reporting security incidents and provide support and resources for ongoing training and skill development. 

Conclusion 

Building a cyber-resilient organization is an ongoing process that requires proactive planning, investment, and commitment from leadership and employees alike. By understanding your risks, developing a comprehensive cybersecurity strategy, implementing robust security controls, continuously monitoring and assessing your security posture, and fostering a culture of cyber resilience, you can strengthen your organization's ability to withstand and recover from cyber threats, ensuring the continuity of your business operations in an increasingly digital world. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything.

By Abdulla Bader Al Seiari, Chief Executive Officer (CEO) at Cyber 50 Defense – L.L.C. – O.P.C.  In an era marked by rapid technological advancement and escalating cyber threats, the strategic integration of Artificial Intelligence (AI) into cybersecurity operations emerges as a pivotal industry trend. This evolution promises not only to transform traditional defense paradigms but also to redefine the roles and responsibilities of Level 1 (L1) cybersecurity analysts. 

Strategic Imperatives for AI Adoption in Cybersecurity 

The digital threat landscape is characterized by its complexity and dynamism, challenging the traditional cybersecurity frameworks and necessitating a more agile and intelligent response mechanism. AI’s role in this context is twofold: augmenting human capabilities and enabling more sophisticated, real-time threat detection and mitigation strategies. 

The Transformative Impact of AI on L1 Analysts 

• Operational Efficiency: Leveraging AI for routine and volumetric threat detection tasks enhances operational efficiency, allowing analysts to concentrate on higher-order problem-solving and strategic decision-making. 

• Continuous Monitoring: AI’s capability for 24/7 surveillance addresses the limitations of human-centric monitoring, ensuring a proactive stance against potential security breaches. 

• Accuracy and Reliability: By minimizing human error, AI contributes to a more reliable threat detection process, underpinning a robust cybersecurity defense mechanism. 

A Collaborative Future

The narrative surrounding AI in cybersecurity transcends the simplistic notion of technology replacing human roles. Instead, it emphasizes a symbiotic relationship where AI enhances the analytical and operational capacities of L1 analysts. This collaborative approach envisions: 

• Elevated Analytical Roles: Analysts are liberated from the constraints of monitoring and preliminary analysis, enabling a focus on complex, strategic issues that demand expert judgment and creative problem-solving. 

• Continued Professional Development: The shift in responsibilities encourages L1 analysts to pursue advanced training and skill acquisition in areas such as threat intelligence, incident response, and cybersecurity policy, ensuring career growth and adaptation in a changing technological landscape. 

• Strengthened Cyber Defenses: The integration of AI into cybersecurity operations fosters a more agile and resilient defense ecosystem, capable of responding to sophisticated threats with unprecedented speed and accuracy. 

Conclusion 

The strategic integration of AI into cybersecurity heralds a new era for L1 analysts and the broader industry. This evolution is not a displacement but an enhancement of human capabilities, ensuring that cybersecurity professionals remain at the forefront of technological innovation and defense strategies. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything.

By Maryam Eissa Alhammadi, Head of Cyber Security Operation Center, Ministry of Interior "Cyberattacks are not new in Geo- Politics, but their frequency is rising.” Critical infrastructure has become a weapon of war and the consequences are fundamental and extreme.

Understanding the Landscape of Geopolitical Cybersecurity

In today's interconnected world, nations are facing increasing challenges in the realm of cybersecurity. The digitization of critical infrastructure and government operations has made countries more vulnerable to cyberattacks. As a result, geopolitical cybersecurity tensions between nations have been on the rise. In the ever-evolving arena of international relations, the role of cyberspace has become increasingly prominent. Geopolitical cybersecurity tension refers to the ongoing struggle between nations to secure their digital assets and infrastructure while simultaneously leveraging these assets for strategic advantage.

The Rise of Cyber Warfare

As countries become more interconnected through the internet, the potential for cyberattacks has grown significantly. From disrupting critical infrastructure to stealing sensitive information, cyber warfare has the power to inflict serious harm on a nation's security and stability.

The Stakes at Play

In today's world, the lines between physical and digital warfare are becoming blurred. As countries invest in building strong cyber capabilities, the potential for conflict in cyberspace continues to rise. The consequences of a successful cyberattack can be catastrophic, with the potential to disrupt entire economies and societies. Geopolitical factors play a crucial role in shaping cybersecurity tensions between nations. Issues such as territorial disputes, ideological differences, and economic competition can all fuel cyber conflicts. Understanding the geopolitical dynamics at play is essential for navigating the complex world of cybersecurity.

The Impact of Geopolitical Cybersecurity Tensions

Geopolitical cybersecurity tensions have far-reaching consequences, affecting not only government agencies but also businesses and individuals. Cyber attacks have the potential to disrupt essential services, compromise sensitive data, and even destabilize entire economies. As nations engage in cyber warfare, the stakes are higher than ever before.

Strategies for Mitigating Geopolitical Cybersecurity Tensions

To navigate the complex landscape of geopolitical cybersecurity tensions, nations must prioritize collaboration and information sharing. By working together to address common threats and vulnerabilities, countries can strengthen their defenses against cyber attacks. Additionally, investing in robust cybersecurity measures and staying vigilant against emerging threats are critical steps in safeguarding national interests.

The Role of International Cooperation in Cybersecurity

International cooperation plays a crucial role in mitigating geopolitical cybersecurity tensions. Through partnerships and agreements, countries can enhance their cyber capabilities and respond more effectively to cyber threats. By fostering a culture of transparency and trust, nations can lay the groundwork for a more secure and stable digital environment.

Economic Impact of Cyberattacks

In the face of escalating cyber threats, nations must adopt a proactive approach to cybersecurity. Investing in robust defense mechanisms, promoting international cooperation, and fostering a culture of cyber resilience are key steps towards addressing geopolitical cybersecurity tension.

• Rising cybersecurity geopolitical tensions between countries is a major issue in today’s world. As countries become more connected and more reliant on digital infrastructure, the likelihood of cyberattacks and cyberespionage between countries increases.
• These tensions can arise from a variety of factors, such as political disputes, economic competition, military conflicts and intelligence operations. Nations are increasingly leveraging cyber capabilities to gain competitive advantage, disrupt or destabilize adversaries, and gather intelligence.
• Over time, state-sponsored cyberattacks have become increasingly sophisticated and effective. Examples include the Stuxnet attack on Iran's nuclear program, the NotPetya attack attributed to Russia, and the SolarWinds supply chain attack believed to have been orchestrated by Russian state actors. These incidents highlight the potential for cyber operations to have profound impacts on national security and the global economy.

• Rising tensions between nations could lead to an escalation in cyber activity, including attacks on critical infrastructure, government networks, military systems, and private sector organizations. Such activity may result in data breaches, service disruptions, intellectual property theft, and threats to national security.
•  Efforts continue to reduce these tensions and establish norms of behavior in cyberspace. Various international organizations such as the United Nations are working to develop frameworks and protocols to govern the behavior of states in cyberspace. However, progress has been slow and confidence-building measures remain a challenge.
•  To address these tensions, organizations and governments must prioritize cyber defense and resilience. This includes robust cybersecurity measures, threat intelligence sharing, incident response capabilities and international cooperation. Public-private partnerships are also critical to address the evolving cyber threat landscape and build resilience against nation-state cyber threats

In conclusion, navigating the increasing geopolitical cyber security tensions between nations requires a proactive and collaborative approach. By understanding the impact of cyber attacks, implementing effective strategies for cyber defense, and fostering international cooperation, countries can strengthen their resilience in the face of evolving threats. In the digital battlefield of the 21st century, vigilance and cooperation are key to safeguarding national security and stability. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything. 

By Anoop Kumar, Head of Information Security Governance Risk & Compliance at Gulf News We are becoming ever more dependent on technology and digitization. As data increases in importance and volume, data protection and privacy are essential to safeguard the integrity of the systems we all use and depend on. Hence, our Resilience in terms of People, Process, and Technology is very vital. Actors with ill intent never rest and are constantly evolving, so consumers, firms, and governments will need to keep investing time, energy, and money to stay ahead of the game. Cybersecurity goals represent a powerful megatrend over the coming decades in both relevance and growth.

The Problem

Most of the organizations are firefighting with:

• Too many incidents and faults
• Uncontrolled budget
• Uncontrolled projects
• Operational surprises and unexpected downtime
• Lack of compliance
• Uncontrolled removable media use
• Abused identity privileges
• Too long, too expensive Audits and unacceptable audit results
• Lot of rework
• Lack of ownership and accountabilities
• Poor customer service, both internal and external
• Expensive incident response activities
• Firefighting IT
• No transparency and visibility

 We must consider a program to reduce operational complexities and surprises to concrete business sustainability and cyber resilience.

The Program

Cybersecurity GRC by design: Educate boardroom, a top-down approach and enable from the bottom up. The frequency and negative impact of cybersecurity incidents on organizations continue to rise, undermining the confidence of the board and executives in their cybersecurity strategies. Security GRC by design is increasingly being adopted to enable stakeholders to draw a straight line between cybersecurity investment and the delivered Protection and improved Compliance levels it generates. We must consider Cybersecurity GRC by design to create a defensible cybersecurity investment strategy, reflecting agreed protection levels with powerful properties, and in simple language that is explainable to non-IT executives. This provides a credible and defensible expression of risk appetite that supports direct investment to change protection levels. Also results in Reduced operation Costs, Risk, and improved Performance. Here the relationship among CXOs is key to converting the challenges to opportunities. Example: CIO-CFO always has communication gaps and disagreements in terms of ROI.

The Process to be Agreed Up On

A well-defined process with adequate guidelines can create wonders in operations. Hence, draft a step-by-step process of activities with defined roles and responsibilities. Slowly define and agree on KPIs, but let all stakeholders embrace the process first. A collectively agreed process execution results in improved confidence among all signing authorities. How can we define this from the concept stage to the delivery stage with successful operational handover with desired compliance to both internal and external standards expectations? Let us define them: Define and Agree a Pipeline With Required Controls

People's Area of Concern

In order to define and agree a collective Cybersecurity GRC by design model, we must identify stakeholders from different organizational units to work together for a common goal (a cross-functional team of HR, Finance, Legal, IT, GRC, etc…). Educate them with a collectively agreed process with defined KPIs. This is achieved through a business process walkthrough to identify which people are involved and what data is being operated (input and output).

Technology

Consider a social-technical environment: Where everyone’s culture and practices are embraced and aligned for better outcomes. Agree on a paced layered technical architecture for agility.

Key Considerations While Selecting Technology Solutions

Generative AI: a double-sided sword we need to operate by adequate Governance Cybersecurity leaders need to prepare for the swift evolution of GenAI, as large language model (LLM) applications like ChatGPT and Gemini are only the start of its disruption. Simultaneously, those are overwhelming with promises of productivity increases, skills gap reductions, and other new benefits for cybersecurity. Is that wise to use GenAI through proactive collaboration with business stakeholders to support the foundations for the ethical, safe, and secure use of this disruptive technology? There’s solid long-term hope for the technology, but right now we’re more likely to experience prompt fatigue than two-digit productivity growth. Things will improve, so encourage experiments and manage expectations, especially outside of the security team by providing a non-production environment like technical labs. Embrace innovations. Manage Third-Party Cybersecurity Risk: The inevitability of third parties experiencing cybersecurity incidents is pressuring security leaders to focus more on resilience-oriented investments and move away from front loaded due diligence activities. We must consider enhancing the risk management (continuous) of third-party services and establish mutually beneficial relationships with important external partners, to ensure their most valuable assets are continuously safeguarded and start by strengthening contingency plans for third-party engagements that pose the highest cybersecurity risk by creating third- party-specific incident playbooks, conduct tabletop exercises and define a clear off-boarding strategy involving timely revocation of access and destruction of data. Continuously assess both internal and external attack surfaces: Continuous threat exposure management (CTEM) is a pragmatic and systemic approach we must practice to continually evaluate the accessibility, exposure and exploitability of digital and physical assets. Aligning assessment and remediation scopes with threat vectors or business projects rather than an infrastructure component, highlights vulnerabilities and unpatchable threats to reduce breaches. Security leaders must continuously monitor hybrid digital environments to enable early identification and optimal prioritization of vulnerabilities to help maintain a hardened organizational attack surface. Manage and Govern Identities: We are forced to move to an identity-first approach to security, the focus shifts from network security and other traditional controls to IAM, making it critical to cybersecurity and business outcomes. Hence, the increased role of IAM in security programs, and practices must evolve to focus more on fundamental hygiene and hardening of systems to improve resilience. We must focus on strengthening and leveraging our identity fabric and leverage identity threat detection and response to ensure IAM capabilities are best positioned to support the breadth of the overall security program

Conclusion

This program intends to create a social-technical collectively accepted approach to reduce operational cost, complexities, and risk and improve operational performance and compliance. Here every stakeholder has a role to play with adequate responsibility. A well-understood process with a cross-functional team equipped with the right technology can make wonders. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything. 

By Srinivas Shekar, CEO and Co-Founder, Pantherun Technologies In the first quarter of 2024, the global threat landscape continued to present significant challenges across various sectors. According to an insight report by Accenture & World Economic Forum, professional services remained the primary target for cyberattacks, accounting for 24% of cases; the manufacturing sector followed, with 13% of incidents, while financial services and healthcare sectors also faced substantial threats, with 9% and 8% of cases respectively. These statistics underscore the escalating complexity and frequency of cyberattacks, highlighting the urgent need for advanced cybersecurity measures. Traditional threat detection methods are increasingly inadequate, prompting a shift towards innovative solutions such as artificial intelligence (AI) to enhance threat detection, response, and data protection in real time.

Understanding AI and Cybersecurity Anomalies

Artificial intelligence has emerged as a powerful tool in cybersecurity, primarily due to its ability to identify and respond to anomalies. Research by Capgemini reveals that 69% of organizations believe AI is essential for detecting and responding to cybersecurity threats. AI-driven systems analyze data in real time, flagging unusual activities that might go unnoticed by conventional methods. This capability is vital as the volume of cyber threats continues to grow, with an estimated 15.4 million data records being compromised worldwide in the third quarter of 2022 alone. At its core, AI involves the use of algorithms and machine learning to analyze vast amounts of data and identify patterns. In the context of cybersecurity, AI can distinguish between normal and abnormal behavior within a network. These abnormalities, often referred to as anomalies, are critical in identifying potential security risks. For instance, AI can detect unusual login attempts, unexpected data transfers, or irregular user behaviors that might indicate a breach. The ability to spot these anomalies is crucial because many cyberattacks involve subtle and sophisticated methods that traditional security systems might miss. By continuously monitoring network activity and learning from each interaction, AI can provide a dynamic and proactive defense against threats, safeguarding both encrypted and unencrypted data.

Using AI to Enhance Threat Detection

Traditional threat detection methods rely heavily on predefined rules and signatures of known threats. While effective to some extent, these methods are often reactive, meaning they can only identify threats that have been previously encountered and documented. AI, on the other hand, enhances threat detection by leveraging its pattern recognition capabilities to identify anomalies more quickly and accurately. For example, AI can analyze network traffic in real time, learning what constitutes normal behavior and flagging anything that deviates from this baseline. This allows for the detection of zero-day attacks much faster than conventional methods. By doing so, AI reduces the time it takes to identify and respond to potential threats, significantly enhancing the overall security posture of an organization.

AI-Powered Response Mechanisms

 Once a threat is detected, the speed and efficiency of the response are critical in minimizing damage. AI plays a pivotal role in automating response mechanisms, ensuring quicker and more effective actions are taken when a threat is recognized. Automated responses can include isolating affected systems, alerting security teams, and initiating countermeasures to neutralize the threat. Moreover, AI can assist in managing encryption keys and applying real-time data protection strategies. By incorporating AI and machine learning, encryption techniques become more adaptive and resilient, making it harder for attackers to decrypt sensitive information. These automated, AI-driven responses help contain threats swiftly, reducing the impact of security breaches.

AI in Encryption and Data Protection

The role of AI in encryption and data protection is particularly significant. AI can enhance encryption techniques by optimizing key generation and management processes. Traditional encryption methods often rely on static keys, which can be vulnerable to attacks if not managed properly. AI introduces dynamic key generation, creating unique and complex keys for each session, making it exponentially harder for attackers to crack. Additionally, AI can continuously monitor encrypted data for signs of tampering or unauthorized access. This proactive approach ensures data integrity and confidentiality, providing an extra layer of security that evolves alongside emerging threats. By leveraging AI in encryption, organizations can better protect their sensitive information and maintain trust with their customers and stakeholders.

Understanding Challenges and Opportunities for the Future

Despite its potential, integrating AI with cybersecurity is not without challenges. Privacy concerns, false positives, and ethical dilemmas are significant hurdles that need to be addressed. For instance, the vast amount of data required for AI to function effectively raises questions about user privacy and data protection. Additionally, AI systems can sometimes generate false positives, leading to unnecessary alerts and potentially desensitizing security teams to real threats. However, the opportunities for AI in cybersecurity are vast. As AI technology continues to evolve and the ability to reduce Its need to have large volumes of data for decision-making Improves, it will become even more adept at identifying and mitigating threats. Future advancements may include more sophisticated AI models capable of predicting attacks before they occur, and enhanced collaboration between AI systems and human security experts, while also accelerating it in silicon for faster response. The integration of AI into cybersecurity represents a monumental shift in how we approach threat detection and response. By leveraging AI's capabilities, organizations can enhance their defenses against increasingly sophisticated cyber threats, ensuring the safety and integrity of their data in the digital age. As we continue to navigate the complexities of cybersecurity, the role of AI will undoubtedly become even more crucial, paving the way for a more secure and resilient digital future. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything.

By Neelesh Kripalani, Chief Technology Officer, Clover Infotech Generative AI, which includes technologies such as deep learning, natural language processing, and speech recognition for generating text, images, and audio, is transforming various sectors from entertainment to healthcare. However, its rapid advancement has raised significant concerns about data privacy. To navigate this intricate landscape, it is crucial to understand the intersection of AI capabilities, ethical considerations, legal frameworks, and technological safeguards.

Data Privacy Challenges Raised by Generative AI

Not securing data while collection or processing- Generative AI raises significant data privacy concerns due to its need for vast amounts of diverse data, often including sensitive personal information, collected without explicit consent and difficult to anonymize effectively. Model inversion attacks and data leakage risks can expose private information, while biases in training data can lead to unfair or discriminatory outputs. The risk of generated content - The ability of generative AI to produce highly realistic fake content raises serious concerns about its potential for misuse. Whether creating convincing deepfake videos or generating fabricated text and images, there is a significant risk of this content being used for impersonation, spreading disinformation, or damaging individuals' reputations. Lack of Accountability and transparency - Since GenAI models operate through complex layers of computation, it is difficult to get visibility and clarity into how these systems arrive at their outputs. This complexity makes it difficult to track the specific steps and factors that lead to a particular decision or output. This not only hinders trust and accountability but also complicates the tracing of data usage and makes it tedious to ensure compliance with data privacy regulations. Additionally, unidentified biases in the training data can lead to unfair outputs, and the creation of highly realistic but fake content, like deepfakes, poses risks to content authenticity and verification. Addressing these issues requires improved explainability, traceability, and adherence to regulatory frameworks and ethical guidelines. Lack of fairness and ethical considerations - Generative AI models can perpetuate or even exacerbate existing biases present in their training data. This can lead to unfair treatment or misrepresentation of certain groups, raising ethical issues.

Here’s How Enterprises Can Navigate These Challenges

Understand and map the data flow - Enterprises must maintain a comprehensive inventory of the data that their GenAI systems process, including data sources, types, and destinations. Also, they should create a detailed data flow map to understand how data moves through their systems. Implement strong data governance - As per the data minimization regulation, enterprises must collect, process, and retain only the minimum amount of personal data necessary to fulfill a specific purpose. In addition to this, they should develop and enforce robust data privacy policies and procedures that comply with relevant regulations. Ensure data anonymization and pseudonymization – Techniques such as anonymization and pseudonymization can be implemented to reduce the chances of data reidentification. Strengthen security measures – Implement other security measures such as encryption for data at rest and in transit, access controls for protecting against unauthorized access, and regular monitoring and auditing to detect and respond to potential privacy breaches. To summarize, organizations must begin by complying with the latest data protection laws and practices, and strive to use data responsibly and ethically. Further, they should regularly train employees on data privacy best practices to effectively manage the challenges posed by Generative AI while leveraging its benefits responsibly and ethically. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything. 

By Jeremy Fuchs, Cybersecurity Researcher/Analyst Check Point Software LTD Shein is one of the most popular shopping apps in the world. In fact, it’s the second most downloaded shopping app globally, with over 251 million downloads. The e-commerce platform is Googled more frequently than major brands like Nike and Adidas. Shein gained popularity for its inexpensive clothing and low prices. However, the company has faced significant criticism for its poor human rights record. Additionally, according to a TIME report, Shein has been exploited by scammers in various ways, including the use of fake gift cards on Instagram and counterfeit websites. That brings us to the focus of today’s report. Researchers from Harmony Email will discuss how hackers are impersonating Shein in an effort to steal user credentials. Over the last month, they have identified more than 1,000 of these fraudulent emails.

Email Example of Shein

The email arrives with a tempting subject line: "Order Verification SHEIN" – claiming to be from Shein customer service. But a closer look reveals a red flag – the sender's email address doesn't match Shein's official one. The email excitedly announces you've received a mystery box from Shein. However, the included link won't bring you a surprise gift; it leads to a fake website designed to steal your personal information (a credential harvesting site). This phishing attempt is quite transparent. It preys on your excitement by claiming you've won a prize and uses the trusted brand name "Shein" to gain your trust. However, a vigilant user can easily spot the scam: check the sender's email address (it shouldn't be random letters) and verify that any links lead to legitimate Shein web pages.

Techniques

Just like other phishing attempts, scammers are trying to capitalize on popular brands and current trends to trick you. This time, they're using Shein. There are several red flags that this email isn't legitimate. First, there's a strong sense of urgency surrounding the "mystery box" offer, which is designed to create excitement and pressure you into clicking. Another clue? The email address itself is a jumble of random letters, not a recognizable Shein address. You won't find any Shein branding or logos in the email either. Finally, the link in the email won't take you to an official Shein webpage, but to a fraudulent website designed to steal your information. Over the last month, we’ve seen over 1,000 of these attacks.

• Make sure you don't click on links from websites whose address isn't the official one and check the email's source.
• Check the address of the website and the sender's name for spelling and punctuation errors on websites that look real.
• Ensure the email is free of spelling errors. Pay attention to the language in the email: are you expecting to be addressed in this language by your shipping company?

Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything. 

By Siddharth Deshmukh, Chief Operating Officer, Clover Infotech In today’s competitive business landscape, making informed decisions and managing resources efficiently is more critical than ever. However, many businesses face challenges with data silos and the complex integration of diverse technologies for data management and analytics. This is where next-gen data intelligence platforms come into play. They enable businesses to transcend traditional data and analytics applications, providing insights tailored to users' roles and workflows.

Why Next-Gen Data Intelligence Platforms Are Game Changers

They enhance data integration and management Next-gen data intelligence platforms integrate data from a variety of sources, both structured and unstructured, including IoT devices, social media, and external databases, offering a comprehensive view of business operations. By helping businesses understand how their data relates to different processes and goals, these platforms provide a holistic perspective on various aspects such as customers, products, accounts, suppliers, and employees. This enables businesses to make quick, informed decisions. They leverage predictive and prescriptive AI/ML models Through predictive and prescriptive AI models, these platforms can predict trends, customer behavior, and potential disruptions, allowing businesses to proactively address issues. Further to prediction, these platforms can suggest actions to optimize performance, enabling enterprises to improve efficiency and reduce costs. They facilitate improved decision-making With advanced analytics and real-time data, decision-makers have access to accurate and up-to-date information. Further, virtualization tools help in interpreting complex data sets, making it easier for stakeholders to understand insights and take suitable actions. They automate processes and boost efficiency These platforms can automate routine tasks and processes, reducing manual effort and minimizing human errors. By streamlining processes and providing actionable insights, these platforms help optimize resources and improve operational efficiency. They offer scalability and flexibility Next-gen data intelligence platforms are built to scale with the business, accommodating growth and changing business needs. They also offer flexibility in deployment options (cloud, on-premise, hybrid), and can adapt to various business models and processes They augment user experience Since such platforms offer customized experiences to users based on their roles and preferences, they improve usability and satisfaction. With cloud-based solutions, users can access data and receive actionable insights from anywhere. This facilitates seamless cohesion and collaboration. Many technology leaders such as Microsoft, Oracle, and Google have their data intelligence platforms combining data integration, analytics, AI models, and intelligent applications to enable customers to achieve better outcomes. Oracle’s Fusion Data Intelligence Platform delivers businesses data-as-a-service with automated data pipelines, 360-degree data models, rich interactive analytics, AI/ML models, and intelligent applications. In conclusion, next-gen data intelligence platforms empower existing systems and processes with advanced capabilities that drive smarter, faster, and more strategic business operations. By leveraging real-time data, advanced analytics, and automation, businesses can enhance their decision-making processes, optimize operations, and maintain a competitive edge in an increasingly data-driven world. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

This week on TCE Cyberwatch, we are looking at legal controversies that are now on the rise due to the introduction of new features in AI. Famous actors like Scarlett Johansson face the burnt of it, along with Governments who are getting together to discuss the impact of AI on important world events. Staying informed to know what is going on behind the scenes of things you may be using, watching, or partaking in is important. Vulnerabilities and breaches are constantly being found and occurring. In very common and large companies like Medisecure, it is important to ensure you know if something like that can be on its way to affect you. So, to stay updated, The Cyber Express has compiled the weekly happening in the cybersecurity world in the form of TCE Cyberwatch. Read on to find out what are they:

TCE Cyberwatch: A Weekly Round-Up

AI's Dark Side: Experts Warn of Cybercrime, Election Attacks at Congressional Hearing

At a U.S. congressional hearing on AI misuse, data security and privacy experts discussed AI’s diverse threats, including cybercrime, election interference, and nation-state attacks. The House Committee on Homeland Security announced their aim of incorporating AI into upcoming legislation, and panelists emphasized that AI has empowered cybercriminals, making it crucial to integrate AI into cybersecurity measures. The spokesperson from Palo Alto Networks stressed the need for secure AI development and oversight. Concerns about election security were raised, and the Centre for Democracy and Technology proposed guidelines for responsible AI use, emphasizing proper training data, independent testing, and human rights safeguards. They warned against the hasty deployment of AI, advocating for a careful approach to ensure long-term benefits. Read More

Courtroom Recording Software Hit by Supply Chain Attack, Thousands Potentially Affected

Hackers compromised Justice AV Solutions (JAVS), a widely-used courtroom recording platform, by inserting a backdoor in a software update. JAVS software, installed in over 10,000 locations globally, was affected when hackers replaced the Viewer 8.3.7 software with a compromised file. JAVS responded by removing the affected version from its website, resetting passwords, and auditing its systems. The company assured that current files are malware-free and urged users to verify their software is digitally signed. Cybersecurity firm Rapid7 identified the backdoor as linked to the GateDoor and Rustdoor malware families, often used by the ShadowSyndicate cybercrime group. They advised users to reimage affected systems and reset credentials, as merely uninstalling the software is insufficient. Read More

Australian Regulator Sues Optus Over Massive Data Breach of 10 Million Customers

Australia's media regulator is suing telecom carrier Optus, owned by Singapore Telecommunications, over a massive data breach in September 2022. The breach exposed the personal information of 10 million Australians, including addresses, passports, and phone numbers. Following the breach, Prime Minister Anthony Albanese advocated for stricter privacy laws to ensure companies notify banks quickly in such incidents. The Australian Communications and Media Authority claims Optus failed to protect customer data from unauthorized access. Optus, which has been cooperating with authorities, stated it cannot yet determine potential penalties and plans to defend itself in court. The company has been under scrutiny recently due to a separate 12-hour network blackout affecting over 10 million customers. Read More

Critical WordPress Vulnerabilities: Update Plugins Immediately!

The Cyber Security Agency of Singapore has issued an urgent alert regarding critical vulnerabilities in several WordPress plugins. These vulnerabilities pose significant security risks, potentially allowing unauthorized access and exploitation. To address these issues, security updates have been released. SingCERT has identified nine critical vulnerabilities, including those allowing arbitrary file uploads and SQL injection, and has provided mitigation strategies. Users are strongly advised to update to the latest plugin versions immediately. Additional measures, such as virtual patching, can offer temporary protection. Regular updates and monitoring are essential for safeguarding WordPress websites against potential threats. For more details, users should consult the respective plugin documentation and developer updates. Read More

Ransomware Attack on Spanish Bioenergy Plant Highlights ICS Vulnerabilities

A ransomware attack by the Ransomhub group on the Industrial Control Systems (ICS) of a Spanish bioenergy plant underscores the risks of cyberattacks on critical infrastructure. The attack targeted the SCADA system, crucial for managing the plant's operations, encrypting over 400 GB of data and disrupting essential functions. Organizations must fortify defenses by implementing robust network segmentation, regular software updates, secure remote access, and diligent monitoring. Developing and testing incident response plans are essential to minimize the impact of such attacks. This incident highlights the need for heightened vigilance and proactive measures to protect critical infrastructure from cyber threats. Read More 

Islamabad's Safe City Project Exposed: Hack Highlights Security Failures

Islamabad’s Safe City Authority faced a severe disruption after hackers breached its online system, forcing an immediate shutdown. The project, launched with Chinese financial support, aimed to enhance security with advanced technology, including CCTV cameras and facial recognition. The hack exposed vulnerabilities, as hackers accessed sensitive databases and compromised crucial systems like criminal records and human resources. Despite a firewall alert, the lack of backup servers necessitated a complete shutdown. The breach affected key services, revealing weak security practices, such as simple login credentials and outdated software. The isolated camera management system remained secure. Police confirmed the breach and have taken steps to improve security. The project, controversial due to transparency issues and cost overruns, has faced criticism for not achieving its security goals. Financial difficulties and operational setbacks further marred its effectiveness, and the recent hack has intensified scrutiny of the initiative. Read More 

Massive Data Breach at Pharma Giant Cencora Exposes Millions

The Cencora data breach has impacted more than a dozen pharmaceutical companies, including Novartis and GlaxoSmithKline, leaking personal and health data of hundreds of thousands. Cencora, formerly AmerisourceBergen, and its Lash Group affiliate revealed the breach to the SEC, indicating data exfiltration from its systems. With operations in 50 countries and significant revenue, Cencora did not initially detail the breach's scope but later notifications identified 15 affected companies. At least 542,000 individuals' data, including names, addresses, birthdates, health diagnoses, and prescriptions, were compromised. Despite the breach, no misuse or public disclosure of the data has been reported. The company has offered affected individuals credit monitoring and identity theft protection services and is enhancing its security measures. This incident highlights ongoing vulnerabilities in the healthcare sector, which has seen several recent cyberattacks. Read More

MediSecure Ransomware Breach: 6.5 TB of Patient Data Listed for Sale on Dark Web

MediSecure, an Australian digital prescription service provider, confirmed that data stolen in a recent ransomware attack is for sale on the dark web. The breach, originating from a third-party provider, exposed personal and health information of patients and healthcare providers up to November 2023. The hacker, Ansgar, began selling the data for $50,000 on May 23, claiming to possess 6.5 terabytes of sensitive information. MediSecure alerted the public, urging them not to seek out the stolen data, which includes names, addresses, emails, phone numbers, insurance numbers, prescriptions, and login details. Australia's National Cyber Security Coordinator and police are investigating. MediSecure emphasized that the breach does not affect the Australian healthcare system's ongoing operations or access to medication. They are working to notify affected individuals and assure them of measures to protect against further risks. Read More

OpenAI Backtracks on Voice Assistant After Scarlett Johansson Raises Concerns

OpenAI's new voice assistant debuts with a voice similar to actress Scarlett Johansson's, who expresses shock and anger, as she had previously declined an offer to voice ChatGPT, especially given her role in the 2013 film *Her*. OpenAI's CEO, Sam Altman, seemingly acknowledged this connection in a social media post. Despite OpenAI's claim that the voice belonged to another actress, Johansson's concerns highlight broader tensions between AI and the creative industries. OpenAI has since dropped the controversial voice and is working on tools for content creators to manage their work's use in AI training. The incident underscores the need for stronger legal protections, like the No Fakes Act, to safeguard personal likenesses. Legal experts believe Johansson might have grounds for a lawsuit, referencing similar past cases like Bette Midler's against Ford. As AI technology advances, such legal disputes are expected to increase. Read More

To Wrap Up

Here at TCE, we hope these weekly roundups continue to keep you informed about the latest in the cybersecurity industry. Our coverage not only includes cyberattacks but also developments in the legal aspects of AI, which are becoming increasingly important as technology evolves. We aim to keep you updated on new developments in the industry, including impacts on companies and the general public, such as recent events involving Medicare. Our goal is to ensure everyone stays safe and knows the appropriate responses if affected by these situations.

The grandeur of Al Habtoor Palace in Dubai set the stage for one of the most significant cybersecurity events in the Middle East: the World CyberCon 3.0 META Cybersecurity conference. This prestigious event brought together leading cybersecurity professionals and industry experts from around the world to discuss pressing issues and emerging trends in the field. Among the various World CyberCon META Edtion sessions, a panel discussion on cyber risk scoring drew substantial attention, underling its critical importance in today's digital landscape. During the session, Waqas Haider, the CISO of HBL Microfinance Bank, served as the moderator and steered the conversation among the panelists that featured Beenu Arora, Co-founder and CEO of Cyble; Azhar Zahiruddin, Director of Data Protection and Group DPO at Chalhoub Group; Ankit Satsangi, Director at Beeah Group; and Suhaila Hareb, ISR Auditor at Dubai Electronic Security Center.

Understanding Cyber Risk Scoring at World CyberCon META Cybersecurity Conference

Beenu Arora, the CEO of Cyble, delivered a global perspective that resonated profoundly with the audience. He highlighted the staggering statistics regarding data breaches over the past few years. According to statistics, over the past thousand days, more than 50,000 companies worldwide have fallen victim to data breaches. “In the last two and a half years, let’s say, the last thousand days. Can anybody guess how many companies have reportedly been breached? The number we have exactly at the moment is 50 thousand! So 50 thousand companies, globally, have been breached, in the last thousand days”, said Beenu Arora at The Cyber Express META Cybersecurity Conference in Dubai. Azhar Zahiruddin emphasized the importance of understanding the evolving nature of cyber threats and the necessity of robust data protection frameworks. He stressed that organizations must stay ahead of threat actors by continuously updating their security measures and protocols. Suhaila Hareb provided insights into the regulatory landscape and the role of compliance in enhancing cybersecurity defenses. She highlighted the significance of adhering to international standards and the need for regular audits to ensure that security measures are effective and up-to-date. Ankit Satsangi discussed practical strategies for improving cyber risk scoring mechanisms. He recommended a multi-layered approach to cybersecurity that integrates advanced technologies, employee training, and proactive threat intelligence. The panelists collectively underline the importance of cyber risk scoring as a tool for organizations to assess and manage their cybersecurity risks. Effective risk scoring enables companies to identify vulnerabilities, prioritize their security investments, and respond more swiftly to potential threats. Moreover, throughout the discussion, a common theme emerged: the need for better defense mechanisms to fight against online threats. The experts agreed that while technological advancements are crucial, human factors such as employee awareness and training play an equally vital role in maintaining enhanced cybersecurity. [caption id="attachment_71349" align="aligncenter" width="2800"] (L-R: Suhaila Hareb - ISR Auditor, Dubai Electronic Security Center; Ankit Satsangi - Director, Beeah Group; Waqas Haider - CISO, HBL Microfinance Bank (Moderator), Azhar Zahiruddin - Director of Data Protection - Group DPO, Chalhoub Group and Beenu Arora - Co-founder and CEO, Cyble)[/caption]

A Call for Enhanced Defense Mechanisms

The World CyberCon 3.0 META Cybersecurity conference showcased the latest advancements and strategic insights in the field of cybersecurity. The panel on cyber risk scoring highlighted the critical role of this practice in helping organizations navigate the complex threat landscape. As cyber threats continue to evolve, the insights shared by these industry leaders provide valuable guidance for organizations seeking to bolster their cybersecurity defenses. By adopting comprehensive risk scoring mechanisms and staying informed about emerging threats, businesses can better protect their digital assets and maintain resilience in an increasingly interconnected world. Apart from this, the META edition of World CyberCon holded several interesting sessions on cybersecurity in the Middle East. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

The 2024 World CyberCon META Edition, a resounding success held at Al Habtoor Palace in Dubai, featured a prominent all-women panel discussion titled "Strategic Investments in Cybersecurity: Leveraging AI and ML for Enhanced Threat Detection." The panel, moderated by Jo Mikleus, Senior Vice President of Cyble Inc., featured contributions from an array of distinguished experts including Sithembile (Nkosi) Songo, Chief Information Security Officer at ESKOM; Dina Alsalamen, VP and Head of Cyber and Information Security at Bank ABC; Afra Mohammed Almansoori, Business Analyst at Digital Dubai; and Irene Corpuz, Co-Founder of Women in Cyber Security Middle East. The session commenced with exploring how AI and machine learning (ML) are revolutionizing threat detection and response in cybersecurity. Afra Mohammed Almansoori highlighted the transformative impact of these technologies: "AI isn't just a substitute; it's a game-changer for cybersecurity. By harnessing AI and machine learning, we enhance threat detection capabilities, allowing us to focus on strategic security initiatives.

World CyberCon META Edition: Transforming Threat Detection and Response

AI and ML are redefining the landscape of cybersecurity through various applications. Behavioral analytics, anomaly detection, and automated incident response are now integral to modern cybersecurity strategies. AI's ability to analyze vast datasets and identify patterns that elude traditional methods enables organizations to preemptively address potential threats. Irene Corpuz reinforced this notion, stating, "AI isn't a replacement, it's a force multiplier for cybersecurity. Leveraging AI and machine learning strengthens our defenses by automating threat detection, freeing us to focus on strategic security initiatives." [caption id="attachment_71219" align="aligncenter" width="1024"] (L-R: Sithembile (Nkosi) Songo – Chief Information Security Officer, ESKOM; Afra Mohammed Almansoori – Business Analyst, Digital Dubai; Dina Alsalamen, VP, Head of Cyber and Information Security Department, Bank ABC; Irene Corpuz – Co-Founder, Women in Cyber Security Middle East and Jo Mikleus – Senior Vice President, Cyble Inc.)[/caption]

Enhanced Accuracy and Speed

The panel discussed notable use cases where AI and ML have significantly enhanced the accuracy and speed of threat detection. In one instance, Bank ABC utilized AI-driven analytics to thwart a sophisticated phishing attack that traditional security measures failed to detect. By rapidly identifying and responding to anomalies, AI systems have proven to be a vital asset in the fight against cybercrime. However, the integration of AI and ML into cybersecurity is not without challenges. The panel emphasized the importance of adopting applicable policies and standards to mitigate risks associated with these technologies. Regulatory frameworks must evolve to address issues such as data privacy, ethical use of AI, and the potential for AI-generated threats.

Integration with Existing Infrastructure

Integrating AI and ML capabilities with existing security infrastructure is another critical consideration. Organizations must ensure seamless integration to maximize the benefits of AI without disrupting their current operations. This involves upgrading legacy systems, training staff on new technologies, and continually assessing the performance of AI tools. Best practices in reorienting strategic investments were also discussed. Companies are increasingly allocating resources towards AI capabilities to stay ahead of emerging threats. By investing in AI and ML, businesses can enhance their threat detection and response mechanisms, thereby safeguarding their digital assets more effectively.

Overcoming Implementation Challenges

The panel acknowledged the challenges and limitations of implementing AI and ML in cybersecurity, especially for small and medium-sized enterprises (SMEs). Resource constraints, lack of expertise, and integration issues are common hurdles. To overcome these challenges, organizations should consider collaborative approaches, such as partnering with cybersecurity firms and leveraging cloud-based AI solutions. A key theme was the envisioned collaboration between humans and machines in cybersecurity operations. AI and ML technologies can augment the capabilities of human analysts by handling routine activities, thus allowing experts to focus on more strategic tasks. This symbiotic relationship enhances overall security posture and operational efficiency. The reception from key stakeholders, including Boards, CEOs, and CFOs, was noted as increasingly positive. As cyber threats become more sophisticated, there is growing recognition of the need for enhanced cybersecurity measures. Business leaders are supporting CISOs in making the necessary investments to protect their organizations.

Delivering ROI

Finally, the panel discussed how to position business cases for AI in cybersecurity to deliver ROI. Demonstrating the tangible benefits of AI investments, such as reduced incident response times and minimized breach impact, is crucial for securing buy-in from stakeholders. [caption id="attachment_71215" align="aligncenter" width="1024"] Jo Mikleus, Senior Vice President at Cyble Inc.[/caption] Jo Mikleus summed up the session by stating, "It was a privilege to moderate the World CyberCon panel, discussing AI as a critical strategic investment for cybersecurity and managing threat intelligence."

The Middle East's Cybersecurity Imperative

As digitalization surges across the Middle East, the importance of strong cybersecurity measures cannot be overstated. The region's rapid technological advancement necessitates a proactive approach to combat the escalating cyber threat landscape. Leveraging AI and ML to complement traditional cybersecurity defenses is advantageous, but proactive measures are essential to mitigate AI-related risks. Shadow AI in the workplace is growing, with an alarming 156% increase in employees inputting sensitive corporate data into chatbots like ChatGPT and Gemini. The World CyberCon Meta Edition 2024 underlines the critical role of AI and ML in modern cybersecurity strategies. As cyber threats continue to evolve, strategic investments in these technologies will be pivotal in safeguarding the digital future.

The Cyber Express World CyberCon 3.0 META cybersecurity conference in Dubai was a standout event, showcasing significant achievements in cybersecurity with its prestigious META Awards. Hosted at Al Habtoor Palace, the awards ceremony gathered top talent from the cybersecurity sector, honoring individuals and organizations that have significantly enhanced cyber defenses across the META region. Among the esteemed awardees, Thomas Heuckeroth from Emirates Group and Dr. Hoda A. Alkhzaimi from EMaratsec were recognized as The Cyber Express Cybersecurity Persons of 2024 for their exceptional contributions. Here is the complete list of all other winners:

The Cyber Express Cybersecurity Person of 2024 (META): Man

• Thomas Heuckeroth, SVP IT Infrastructure & Digital Platforms, Emirates Group

[caption id="attachment_70293" align="aligncenter" width="2800"] (L-R: Beenu Arora, Co-Founder and CEO, Cyble Inc., Thomas Heuckeroth, SVP IT Infrastructure & Digital Platforms, Emirates Group and Jo Mikleus, Senior Vice President, Cyble Inc.)[/caption]

The Cyber Express Cybersecurity Person of 2024 (META): Woman

• Dr. Hoda A Alkhzaimi, EMaratsec

The Cyber Express Cybersecurity Diversity and Inclusion Advocates of 2024

• Yana Li, WebBeds

• Dina AlSalamen, Bank ABC (Jordan)

• Rudy Shoushany, DxTalks

• Aus Alzubaidi, MBC Group
• Saltanat Mashirova, Honeywell

The Cyber Express Infosec Guardians of 2024 (BFSI)

• Anthony Sweeney, Deribit

• Bipin Mehta, HSBC Bank
• Syed Muhammad Ali Naqvi, HBL Bank
• Kiran Kumar PG, Alpheya
• Ahmed Nabil Mahmoud, Abu Dhabi Islamic Bank

The Cyber Express Infosec Guardians of 2024 (Government & Critical Entities)

• Talal AlBalas from Abu Dhabi Quality and Conformity Council (ADQCC)

• Abdulwahab Abdullah Algamhi, UAE ICP 
• Vinoth Inbasekaran, Dubai Government Entity - Alpha Data 
• Dr Hamad Khalifa Alnuaimi, Abu Dhabi Police 
• Dr Saeed Almarri, Dubai Police 

The Cyber Express Top Cybersecurity Influencers of 2024

• Dr. Mohammad Al Hassan, Abu Dhabi University
• Maryam Eissa Alhammadi, Ministry of Interior
• Hadi Anwar, CPX
• Waqas Haider, HBL Microfinance Bank
• Chenthil Kumar, Red Sea International
• Nishu Mittal, Emirates NBD
• Nisha Rani, Emirates Leisure Retail

The Cyber Express Top InfoSec Leaders 2024

• Mohamad Mahjoub, Veolia Near and Middle East
• Ankit Satsangi, Beeah Group
• Gokul Vasudev, Dubai Health Authority
• Ashish Khanna, SHARAF GROUP
• Abhilash Radhadevi, Oq Trading
• Prashant Nair, Airtel Africa PLC

The Cyber Express Top Infosec Entrepreneurs 2024

• May Brooks Kempler, Helena
• Illyas Kooliyankal, CyberShelter
• Kazi Monirul, Spider Digital
• Muneeb Anjum, AHAD
• Craig Bird, CloudTech24
• Zaqiuddin Khan, Tech Experts LLC
• Alireza Shaban ghahrod, Diyako Secure Bow

Insightful Discussions and Networking

The awards set a celebratory tone that carried through the rest of the conference. The day commenced with a vibrant atmosphere as attendees gathered for registration and explored the exhibition area, setting the stage for a day of insightful discussions and networking opportunities. Augustin Kurian, Editor-in-Chief of The Cyber Express, extended a warm welcome, emphasizing the importance of collaborative efforts in cultivating a secure cyber environment.

Keynote and Panel Sessions

Irene Corpuz, Co-Founder of Women in Cybersecurity Middle East, delivered the opening keynote, shedding light on the imperative of incubating security and nurturing a cyber-aware culture, particularly within startup ecosystems. Corpuz's address highlighted the significance of proactive measures in addressing cybersecurity challenges from the outset. Panel discussions served as focal points for in-depth exploration of key cybersecurity issues. From navigating cyber threats to leveraging innovative approaches for threat detection, industry experts provided valuable insights into emerging trends and strategic investments in cybersecurity. Notable panelists included Waqas Haider of HBL Microfinance Bank, Beenu Arora of Cyble, and Azhar Zahiruddin of Chalhoub Group, among others.

Diversity and Inclusion

The Cyber Express's World CyberCon Meta Edition event also celebrated diversity and inclusion in cybersecurity, honoring advocates who have championed these principles within their respective domains. Yana Li of WebBeds and Dina AlSalamen of Bank ABC were among the esteemed recipients of The Cyber Express Cybersecurity Diversity and Inclusion Advocates of 2024 award, acknowledging their efforts in fostering an inclusive cyber community. Strategic insights were further highlighted during panel discussions focusing on fortifying against ransomware and the role of AI and ML in enhancing threat detection. Expert moderators facilitated engaging conversations, addressing critical challenges and sharing best practices for prevention, mitigation, and swift recovery.

Conclusion

The Cyber Express World Cybercon 3.0 META Cybersecurity Conference successfully raised the bar for the collective dedication of cybersecurity professionals in the META region. By fostering dialogue, sharing insights, and recognizing excellence, the event played an important role in advancing cybersecurity resilience and shaping the future of cybersecurity across industries. The Cyber Express awards recognized the hard work and innovative solutions of the finest brains in cybersecurity, emphasizing the message that collaborative and proactive actions are critical to protecting our digital future. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

By Reuben Koh, Director, Security Strategy - Asia Pacific & Japan, Akamai Technologies  The cybersecurity landscape is rife with evolving threats, as highlighted by recent reports and surveys. External actors remain a predominant force, accounting for 83% of breaches, with stolen credentials being their weapon of choice in nearly half of these incidents. DNS attacks continue to plague organizations, causing app downtime of targeted entities, and web application attacks follow closely behind. Ransomware emerges as a formidable threat, dominating cybercrime with over 72% of attacks motivated by extortion. As cyber threats continue to escalate in sophistication and frequency, organizations must prioritize proactive security measures to safeguard their data, systems, and financial stability. Data breaches are a prevalent theme in today's headlines — posing significant risks to businesses, their customers, and partners. One of the first steps to safeguarding your organization’s sensitive data is understanding the primary causes of data breaches. Despite these risks, the adoption of robust security measures lags, with less than 1% of businesses currently employing a mature zero-trust model.

Critical weaknesses behind Data Breaches

Weak and stolen credentials

Although hacking attacks are frequently cited as the leading cause of data breaches, it's often the vulnerability of compromised or weak passwords or personal data that opportunistic hackers exploit. Statistics show that four out of five breaches are partially attributed to the use of weak or stolen passwords. To mitigate the risk of hackers executing an account takeover on sensitive accounts, businesses should consider deploying fraud protection tools. These act as proactive defenses, significantly reducing the likelihood of unauthorized access and enhancing the overall security of your accounts. Bot Managers also address challenges associated with bot traffic on websites and applications. It’s designed to identify, manage, and mitigate both malicious and non-malicious bot traffic, ensuring a more secure and efficient online experience. To further protect your organization, it’s also advisable to implement enterprise single sign-on (SSO), establish strong password hygiene, and set up phishing-resistant multi-factor authentication (MFA) across computer systems — this way, you can prevent personally identifiable information from getting into the wrong person’s hands.

Backdoor and application vulnerabilities

Exploiting backdoor and application vulnerabilities is a favored strategy among cybercriminals. When software applications are poorly written or network systems are inadequately designed, hackers will continuously probe for weaknesses to find open doors that grant them direct access to valuable data and confidential information. Ensuring your web application firewall (WAF) is regularly updated and well-managed helps mitigate these vulnerabilities. Due to constantly shifting attack techniques, organizations should also use advanced artificial intelligence (AI) powered security solutions to identify vulnerabilities and protect against unauthorized access. The WAF should be a robust security solution designed to protect web applications from a variety of cyber threats, including data breaches. It can serve as a barrier between web applications and the internet, scrutinizing and filtering HTTP traffic to identify and mitigate potential vulnerabilities and attacks.

Malware

The prevalence of both direct and indirect malware is increasing. Malware (inherently malicious software) is loaded onto a system by unsuspecting victims, providing hackers with opportunities to not only exploit the affected system but also potentially spread to other connected systems. This type of malware poses a significant security threat as it allows malicious insiders access to confidential information and provides the ability to steal data for financial gain. Implementing an advanced malware protection solution at multiple ingress points in the network can significantly enhance your security posture, reducing the risk that employees will fall victim to malicious software. By leveraging cutting-edge data security in malware detection and prevention, organizations can fortify their data protection defenses against evolving cyber threats and security breaches.

Social Engineering

Cybercriminals and hackers can shorten the effort of establishing unauthorized access by persuading individuals with legitimate data access to do it for them.  Phone calls, phishing scams, malicious links (often sent via email, text, or social media), and other forms of social engineering such as deep fakes are now commonly used to manipulate individuals into unwittingly granting access or divulging sensitive information like login credentials to cybercriminals. Such information can result in a data leak, in which hackers recycle, reuse, and trade-sensitive data like Social Security numbers or personal data for the purpose of identity theft and other illicit activities. Exercising vigilance in sharing sensitive information with external parties is quintessential. Awareness of the information being shared, and verification of legitimacy can serve as a simple yet effective defense against social engineering tactics.

Ransomware

Ransomware is a type of malicious software designed to restrict access to a computer system or files until a sum of money, or ransom, is paid. It typically encrypts the victim's files or locks their system, rendering it inaccessible, and then demands payment (often in cryptocurrency) in exchange for restoring access. Ensuring the safety and protection of your infrastructure against external threats is paramount. Organizations must be confident that attackers haven’t gained access to their systems and aren’t using them for malicious activities. Implementing a robust visibility and protection solution, such as microsegmentation will be helpful in this scenario. Microsegmentation offers a straightforward, fast, and intuitive approach to enforce Zero Trust principles within your network. This solution is designed to prevent lateral movement by visualizing activity in your IT environments, implementing precise microsegmentation policies, and swiftly detecting potential breaches.

Improper configuration and exposure via APIs

Misconfigured settings or parameters encompass various issues such as default passwords, open ports, or weak encryption. Such inadequacies can create vulnerabilities that hackers may exploit to gain unauthorized access to systems or data, leading to security breaches and other malicious activities. Inadequate configuration settings and vulnerabilities in APIs can expose them to a large number of security risks. Addressing and rectifying these issues is crucial to prevent unauthorized access and potential data breaches. Consider implementing proper API security and governance from code time to runtime, including regularly auditing API security measures, which are critical steps to enhance overall protection. To address misconfiguration and exposure via APIs, businesses must rely not just on their WAF but also on deploying an advanced API security solution to protect against evasive API abuses. This solution can offer comprehensive visibility, identifying vulnerabilities and detecting potential threats and abuses related to APIs. Moreover, it assists in helping organizations establish a more proactive approach to security by lowering the overall attack surface of critical APIs from secure development to runtime protection, effectively reinforcing their overall API security posture.

DNS attacks

Domain Name System (DNS) attacks are malicious activities that target the DNS infrastructure to disrupt or manipulate the resolution of domain names into IP addresses. These attacks can have various objectives, including causing service disruptions using distributed denial of service (DDoS), redirecting users to malicious websites, or gaining unauthorized access to sensitive information. Organisations must deploy a strong cloud-based authoritative DNS Service ensuring 100% availability and protection against multi-vector DNS attacks like flooding and water torture attacks. Implementing best practices and deploying security countermeasures that are able to withstand the attack volume, are crucial steps to take when mitigating these attacks.

Conclusion

Data breaches continue to pose a pervasive risk across various sectors, affecting organizations of all sizes and types — from healthcare and finance to e-commerce and retail. By proactively identifying potential vulnerabilities, organizations can reduce the likelihood of successful cyberattacks. Investing in robust security measures that enforce a Zero Trust Security model and ensuring their applications, APIs, and DNS services are continuously protected against cyber threats, helps mitigate financial risks associated with breaches, such as regulatory fines, legal fees, and revenue loss. By minimizing the impact of breaches, organizations can also maintain business continuity — and avoid disruptions to normal operations or damaged reputations. Overall, a comprehensive understanding of breach causes, and the implementation of appropriate security measures are vital for protecting data, minimizing risk, and ensuring the long-term success of all organizations. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything.

This week on TCE Cyberwatch, we bring you news of new vulnerabilities that have cropped up, along with threats of cyberattacks and new cybercrime forums that have opened up.  With the U.S. elections around the corner, worries about cyberattacks have become more prevalent. There are also developments in the world of tech this week from other countries like Australia.  TCE Cyberwatch hopes all readers feel informed reading this article and realize the impact of cybercrimes. This recap aims to educate readers on the importance of staying vigilant in the current climate. We will also cover critical vulnerabilities, data breaches, and the evolving tactics of cybercriminals.

TCE Cyberwatch Weekly Update

Explore the newest updates and empower yourself with the information needed with TCE Cyberwatch. 

USDoD announces plans to resurrect BreachForum’s community 

The FBI's takedown of BreachForums, a key cybercrime marketplace, marked a significant victory against cybercrime. However, less than 24 hours later, the cybercriminal known as USDoD announced plans to resurrect the forum’s community.  BreachForums had been central for trading stolen data and hacking tools, and its removal was a major achievement, but USDoD and another administrator, ShinyHunters, claimed that they would revive the site. USDoD vowed to launch a new forum, Breach Nation, with domains breachnation.io and databreached.io, which is set to go live on July 4, 2024. Robust infrastructure, enhanced security, and upgraded memberships to the first 200,000 users were some of the things that were offered. Read More

Generative AI and its impact on the insurance industry 

Generative AI has become a major topic in AI discussions, especially with advanced models like OpenAI’s GPT-4 and Google’s Gemini 1.5 Pro. Bloomberg predicts that the Generative AI market will reach USD 1.3 trillion by 2032, holding potential across industries, but specifically insurance.   In insurance, Generative AI is expected to revolutionize operations, streamline claims by analyzing images and documents, speed up settlements and enhance customer satisfaction, improve decision-making, and reduce errors and cases of fraud through its data analysis capabilities.  Generative AI can also provide tailored recommendations and engage with customers in conversations. While Generative AI offers significant advantages, its adoption must address concerns about data privacy and ethical AI usage. Read More

Kyrgyzstan faces cyberattacks on government entities as mob violence occurs against foreign students 

Bishkek, the capital of Kyrgyzstan, is currently experiencing severe mob violence and cyberattacks. The turmoil began with a viral video showing a fight between Kyrgyz and Egyptian medical students, which led to widespread violence against foreign students. Simultaneously though, Kyrgyzstan is facing severe cyberattacks from various hacktivist groups.   The attackers, calling themselves Team Insane PK, have allegedly attacked multiple governmental platforms, including the Ministry of Agriculture and the Education Portal of the Ministry of Emergency Situations, as well as private entities like Saima Telecom and several universities. Additionally, Silent Cyber Force, another Pakistan-based group, has allegedly targeted Kyrgyzstan’s Ministry of Defence and Ministry of Agriculture. Read More

U.S. election causes worry surrounding several cyberattacks, specifically those of foreign interference 

With the 2024 U.S. elections approaching, foreign interference, particularly through cyberattacks, has intensified. Democratic Senator Mark Warner noted the involvement of both state and non-state actors, including hacktivists and cybercriminals, who find it increasingly easy to disrupt U.S. politics.  The Cybersecurity and Infrastructure Security Agency (CISA) is at the forefront of defending against these threats. CISA Director Jen Easterly emphasized that while election infrastructure is more secure than ever, the threat environment has become more complex, with foreign adversaries and generative AI capabilities posing significant risks. In response, CISA has ramped up its efforts, offering cybersecurity assessments, physical security evaluations, and training sessions to election stakeholders. Read More 

New Vulnerability Llama Drama spotted in Python package widely used by AI application developers 

A critical vulnerability, CVE-2024-34359, dubbed Llama Drama, was recently discovered in a Python package widely used by AI application developers. Discovered by researcher Patrick Peng, the vulnerability affects the llama_cpp_python package, which integrates AI models with Python and is related to the Jinja2 template rendering tool used for generating HTML.  Checkmarx, a cybersecurity firm, explained that the issue arises from llama_cpp_python using Jinja2 for processing model metadata without implementing proper security measures like sandboxing. This oversight enables template injection attacks, allowing for arbitrary code execution on systems using the affected package. More than 6,000 AI models that use llama_cpp_python and Jinja2 are impacted by this.  Read More

Europol investigating a black hat hacker who claims to have stolen classified data from their systems 

Europol is investigating a black hat hacker, IntelBroker, who claims to have stolen classified data from their system. The hacker allegedly accessed classified information, like employee data and source codes, from various branches of Europol, like the Europol Platform for Experts (EPE). IntelBroker posted screenshots as proof and later claimed to have sold the data.  Europol confirmed the incident and assured that no operational data was compromised. The agency has taken initial actions, and the EPE website is temporarily down for maintenance. Additionally, IntelBroker claimed to have hacked Zscaler, a cybersecurity firm, offering to sell access to their systems. Zscaler is investigating but has not found evidence of impact, other than a test environment exposed to the internet, though it's unclear if it was involved in the breach. Read More

Palo Alto Networks' forecast falls short of investor expectations  

Palo Alto Networks' fourth-quarter billings forecast fell short of investor expectations, signaling restrained corporate spending on cybersecurity amid economic uncertainty and persistent inflation. This caution has driven companies to diversify their cybersecurity investments to avoid reliance on a single vendor, leading to a reduced growth outlook for firms like Palo Alto Networks.   The company projected fourth-quarter billings between $3.43 billion and $3.48 billion, aligning closely with analysts' estimates but reflecting broader concerns about slowed growth in the sector. Analysts highlighted the lack of significant positive momentum in the revised forecasts put out by Palo Alto following this. However, the forecasts follow similar cautionary predictions from rivals like Fortinet, which hint at a broader trend of cautious spending in the cybersecurity industry. Read More

Australia passes its first legislation for a national digital ID 

Australia has passed its first legislation for a national digital ID, called myGovID, set to come into effect in November. This eliminates the need for multiple forms of physical ID. Lauren Perry from the UTS Human Technology Institute explains that the digital ID will streamline the cumbersome process of collecting and verifying multiple ID documents. The system acts as an intermediary between the user and organizations requiring identity verification.  Users will interact with organizations through an app, inputting a government-registered number to confirm their identity. Currently, the myGovID app serves this purpose, but private providers like MasterCard or Visa could join the system, enhancing security and reducing fraud risks. Read More

Western Sydney University faces a cybersecurity breach affecting 7,500 individuals. 

Western Sydney University faced a cybersecurity breach that affected around 7,500 individuals. The breach, first identified in January 2024, was traced back to May 2023 and involved unauthorized access to the university’s Microsoft Office 365 platform, including SharePoint files and email accounts., and their Solar Car Laboratory infrastructure.  WSU swiftly shut down its IT network and implemented security measures upon discovering the breach. The university has assured that no ransom demands have been made for the compromised information. The NSW Police and Information and Privacy Commission are helping to investigate the incident. The NSW Supreme Court has issued an injunction to prevent the unauthorized use of the compromised data, highlighting the legal implications of such breaches. Read More

ICO releases warning about data protection risks associated with generative AI for Snapchat 

The UK's Information Commissioner’s Office (ICO) has warned about the data protection risks associated with generative AI. The ICO found that the company that owned Snapchat, Snap, had not adequately assessed the data protection risks for its chatbot, which interacts with Snapchat’s 414 million daily users. The ICO issued a Preliminary Enforcement Notice to Snap-on October 6, highlighting a failure to properly evaluate privacy risks, especially for users aged 13 to 17.   This led to Snap undertaking a comprehensive risk assessment and implementing the necessary steps, which the ICO then deemed to fit data protection laws. Snapchat has integrated prevention of harmful responses from the chatbot and is working on additional tools to give parents more control over their children’s use of 'My AI'. The ICO will continue to monitor Snapchats generative AI developments and enforce compliance to protect public privacy rights. Read More

New malware named GhostEngine to exploit vulnerable drivers and install crypto mining software 

A novel malware campaign dubbed "REF4578" uses a malware called GhostEngine to disable endpoint detection and response (EDR) solutions and install crypto mining software. The malware exploits vulnerable drivers to terminate EDR agents, ensuring the persistence of the XMRig miner, which is used to mine Monero cryptocurrency without detection. The malware also installs a backdoor and includes an EDR agent controller and miner module to tamper with security tools and enable remote command execution via a PowerShell script.  Researchers at Antiy Labs, despite extensive analysis, were unable to identify specific targets or the threat actor behind the campaign. To detect GhostEngine, organizations should monitor for initial suspicious activities such as unusual PowerShell execution, execution from uncommon directories, privilege elevation, and vulnerable driver deployment. Key indicators include abnormal network traffic, DNS lookups pointing to mining pool domains, and specific behavior prevention events like unusual process execution and tampering with Windows Defender. Read More

Wrap Up

The ever-evolving landscape of cybersecurity requires constant vigilance. By staying informed about the latest threats and taking proactive measures, we can minimize the impact of cyberattacks and protect ourselves online.  As always, we can see that there is unrest present everywhere and cybercrimes play a huge role in that. TCE Cyberwatch is committed to keeping you informed about the latest developments in cybersecurity. Stay tuned for more in-depth analysis and actionable advice. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

By Shrikant Navelkar, Director, Clover Infotech  In today’s digital era, data holds immense significance. Database management traditionally was considered the domain of IT department alone, now it is emerging as a crucial element for business strategies. As we stand on the precipice of a new era defined by exponential data growth, let’s look at how new-age technologies such as cloud, blockchain, and AI are fundamentally reshaping the future of database management.   Here’s how these technologies are transforming database management and making them more beneficial to meet the ever-growing demands of a competitive business landscape.   Making database management more scalable and flexible – Cloud computing platforms provide unprecedented scalability and flexibility for database management. Enterprises can easily ramp up and scale down resources based on demand, avoiding the limitations of traditional on-premises infrastructure. This scalability enables businesses to cost-effectively manage growing volumes of data. Enhancing security and reliability of databases – Blockchain technology introduces decentralized and immutable ledgers, enhancing data security and integrity. By distributing data across a network of nodes, blockchain reduces the risk of single points of failure and unauthorized tampering. This decentralized approach ensures data transparency and trust, making it ideal for applications requiring secure and auditable transactions. Streamlining database for effective decision-making – Through advanced algorithms, AI revolutionizes database management by optimizing data storage, retrieval and analysis. AI-powered predictive analytics and anomaly detection algorithms can identify patterns and trends in large datasets, enabling businesses to anticipate future outcomes and make informed decisions swiftly. Further, it automates routine tasks such as data cleansing and indexing, reducing manual effort and allowing database administrators to focus on higher-value activities. Hence, AI-driven database management empowers organizations to leverage their data assets more effectively, facilitating quicker decision-making processes that drive competitive advantage. Enhancing the experience of database users – Technologies such as Natural language processing (NLP) enable users to interact with databases using conversational commands, thereby simplifying complex queries and speeding up data retrieval. Such intuitive interfaces and personalized interactions enhance the user experience. Additionally, cloud-based solutions provide seamless access to databases from any device or location, enhancing collaboration and productivity.

The Future Ahead: Challenges and Opportunities

Despite the transformative potential of these emerging trends, the future of database management is not without challenges. Concerns around data privacy, security, and regulatory compliance continue to loom large, necessitating robust governance frameworks and encryption standards. However, amidst these challenges lie immense opportunities for innovation and growth. The convergence of diverse technologies, from blockchain and AI to quantum computing, promises to usher in a new era of data management, characterized by agility, intelligence, and security. Organizations that embrace these advancements stand to gain a competitive edge in an increasingly data-driven world, unlocking new possibilities for innovation and value creation.  Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything. 

Online shopping has become a go-to method of purchasing for many people now, especially after lockdowns and easy accessibility to global stores. However, all the fun benefits of deals, discount codes, and door-step deliveries, mean a plethora of cybersecurity issues for safe online shopping.  Here is a list of ways that you can ensure you stay protected and secure when participating in safe online shopping. Some may be obvious, but are incredibly effective, nonetheless. Keep reading to find out how you can keep having fun shopping online while also reducing your vulnerability to attacks and hacks.  

10 Tips for Safe Online Shopping

1. Safe passwords 

Ensuring that your password is unique and strong is essential. Refraining from using obvious words in relation to you like your name or personal information isn’t the way to go! Ensuring the use of multiple different types of characters such as (@#_$%!&), along with not using the same passwords regularly on different sites is recommended. Changing passwords on individual sites also helps as it allows for less easily guessed instances.  

2. Debit cards over credit cards 

It’s recommended that when it comes to safe online shopping, using payment gateways like PayPal, Venmo, or Stripe is better. Other than those, credit cards should be preferred over debit as debit cards are linked to your bank account whilst credit cards can be protected better. Debit cards create higher risk events of personal and sensitive data being obtained.  

3. Enable multi-factor authentication 

Multi-factor authentication is an added utility which means that there is another safety layer added before anyone can access your account after knowing your username or password.  Multi-factor authentication protects in 3 layers: first your passwords, or then something personal to only you like your fingerprint, or facial recognition. The 3rd way is through MFA apps, or getting a code sent through your messages or your email, to make sure you can do safe online shopping and the purchase you’re making is actually coming from you.

4. Check bank statements 

  This one is much simpler. Turning on automatic payment notifications to track every payment made will help you track when your money was spent and if it has gone somewhere genuine. If the charge seems fraudulent, you can then take the necessary steps to contact your bank and have them pause or shut your card so that further fraudulent purchases can be stopped.  

5. Wi-Fi: Make sure it’s at home or secure instead of publicly available 

When not using your own Wi-Fi, ensure you’re using secure, private networks for safe online shopping. Public Wi-Fi networks are much easier to access for scammers as poorly protected connections allow any information you find, very easily retrievable for them. This is especially dangerous if the public Wi-Fi network you’re using is at a mall while you try to access banking or payment sites for any purchases you will be making. 

6. Use secure websites 

The key to safe online shopping is to use a secure website.  The padlock icon near the URL and the URL itself starting with HTTPS means you’re on the right track- The S in the end stands for secure. If that final S isn’t visible, it means that you’re dealing with a site that isn’t encrypted. Search engines like Google tend to flag sites that don’t have a valid Secure Sockets Layer (SSL) certificate as unsecure. It’s better to not input your payment details into sites like these. 

7. Be wary of emails 

Email scams known as phishing have become the most common forms of scamming nowadays. Your inbox may contain an email that may present you with deals, discounts, and sales through names and links which are close misspellings of popular websites. They are easy to fall for and may be hard to detect if the email somehow automatically fails to end up in your spam folder.  

8. Don’t buy from links that seem malicious/ don’t come from a trusted source 

Other than e-mails, social media is also a place where links that can’t be trusted would be presented to you. Be wary of TikTok advertisements or ads shown between your Instagram stories which present you with deals and offers that seem too good to be true. Now, it becomes harder to tell with the use of deepfakes and AI to show the promotion of these scam products by influential people.  

9. Data backup 

Ensuring that personal information and data are regularly backed up on your device or saved on the external hard disk is essential now due to ransomware attackers that can access your device and close off your access to important files or delete them entirely. Ensuring you have completed software updates is essential too as they help in ensuring fewer ransomware attacks and vulnerabilities on your devices to invasions.  

10. Protect your device/connect securely 

Some other ways to protect your device through your connection is: One, with a VPN, or two, by ensuring no details are saved on your browsers. VPN or Virtual Private Network encrypts your data and masks your IP addresses. This makes your identity, location, and browser activity hidden from potential attackers. Secondly, make sure that your device forgets your credit card details or password details. If these are remembered by your browsers, it makes these pieces of information immensely easy for attackers to obtain as they are all stored in one place when accessed by them.  While some of these may seem more easily achievable and accessible than others, they’re all a step in making sure your information is protected. We recommend regularly practicing all the above tips. These steps work even better together. So make sure to update your passwords and data backups, apply VPNs, stay wary of phishing emails, and practice safe online shopping. 

FAQs on Safe Online Shopping 

What is the most trusted safe online shopping site? 

Determining the most trusted online shopping site involves considering several key factors. Reputation is crucial, with established brands like Amazon and Flipkart often ranking high due to their track record of customer satisfaction.  Security is paramount, with HTTPS encryption and clear data privacy policies being essential indicators. Customer reviews on platforms like Trustpilot offer valuable insights into user experiences. Additionally, convenient payment options and positive personal experiences play a significant role in establishing trust.

Which online shopping practice is safest? 

For a safe online shopping experience, it's crucial to implement multiple security measures and exercise caution throughout the process. Begin by verifying the authenticity of the website and remain wary of deals that appear too good to be true. Stay vigilant against phishing scams and opt for credit cards over debit cards, as they typically offer better fraud protection. Ensure your passwords are strong and unique, and consider enabling multi-factor authentication for added security. Avoid using public Wi-Fi networks for shopping, and for an extra layer of protection, consider using a VPN. By following these steps, you can enhance your online safety and protect yourself against potential threats while shopping online.

What is a safe online shopping site?  

A safe online site uses HTTPS encryption, signified by a padlock symbol and "HTTPS" in the URL bar. It should also have a clear and concise privacy policy. 

What are fake shopping websites?  

Fake shopping websites are designed to look legitimate but steal your personal information or payment details. They often offer deals that seem too good to be true. 

Which websites can I trust?  

Amazon offers an extensive range of products with fast shipping. eBay, the largest online auction site, offers both new and used items, but it's essential to check seller reviews. AliExpress provides diverse products at budget-friendly prices, backed by seller ratings. Dealextreme offers competitive pricing, urging buyers to check reviews for confidence. In Fashion, Asos offers a wide range of clothing, footwear, and accessories for diverse preferences. Farfetch specializes in luxury fashion, featuring exclusive brands for discerning shoppers. Notino, a European-based online store, offers fragrances and cosmetics from popular brands at attractive prices. For Discounts, Cashback World provides benefits and discounts on purchases from partnered companies, online and offline, enabling savings across various products and services.

How to check a fake website?  

To discern the authenticity of a website, several key indicators can be examined. Firstly, verify the presence of HTTPS encryption and a valid SSL certificate. Next, scrutinize the website's content for any typos or grammatical errors, which can often signal a lack of professionalism.  Conduct thorough research into the company behind the website, looking for a physical address and phone number to ensure legitimacy. Additionally, reading online reviews caliasdasdn provide valuable insights into the experiences of previous customers. Finally, consider utilizing website safety checkers like F-Secure Online Shopping Checker for an extra layer of security and assurance. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.