Security

FeedzyRead MoreComing out of the cybersecurity, privacy, and data ethics fields, Digital Trust is becoming a requirement for doing business in the modern, hyperconnected world. There is a significant trust deficit – people are increasingly saying that they don’t trust science or technology (and especially not technology focused companies) to improve their lives. A global survey
The post Episode #20: Digital Trust – An Imperative for Business Innovation appeared first on CISO MAG | Cyber Security Magazine.

Coming out of the cybersecurity, privacy, and data ethics fields, Digital Trust is becoming a requirement for doing business in the modern, hyperconnected world.

There is a significant trust deficit – people are increasingly saying that they don’t trust science or technology (and especially not technology focused companies) to improve their lives.

A global survey by PwC in 2020 found that people have concerns about security and privacy, but often feel trapped with their service providers due to a lack of trusted alternatives. Consumers want trusted alternatives, with 83% wanting control over their data and 85% wishing for companies they can trust with their data. Given a trustworthy option, consumers would not only change providers but are also willing to pay for more enhanced security.

In order to build back trust in technology and in technology innovators and developers, we need to focus on building more trustworthy technology. That includes focusing on cybersecurity at the beginning, but also on being transparent about our uses of tech and making sure they adhere to the values of users and citizens.That’s why the World Economic Forum launched a new initiative on Digital Trust.

The World Economic Forum’s Digital Trust initiative was established to create a global consensus among stakeholders on what Digital Trust means. Digital Trust is part of the Forum’s Centre for Cybersecurity Platform.

In this episode Daniel Dobrygowski, Head of Governance & Trust, World Economic Forum explains what Digital Trust means in the context of business and why it is so important for business innovation.

Consumers are losing their faith in businesses as they sell their personal data to marketers. More consumers are mistrusting technology, for instance, connected technology in smart homes. And this is highlighted in The World Economic Forum’s State of the Connected World 2020 report. Big tech companies can track consumers closely and have a deep understanding about consumer habits, preferences and behaviors. It’s also about lapses in security that are leading to data leaks. Dobrygowski talks about the governance required to reaffirm consumer confidence in both, business and technology.

An attorney and educator with two decades of experience at the intersection of technology, civil rights, law, and policy, Dobrygowski came to the Forum as a Global Leadership Fellow and was one of the founding staff of the Forum’s Centre for Cybersecurity. Previously, he practiced law with international firms in San Francisco and Washington, DC in the areas of antitrust, consumer protection, IP, and privacy. He conducts research and publishes in the fields of cybersecurity & resilience, digital trust, election protection, internet rights, and corporate governance.

Daniel holds an MPA from Harvard University’s Kennedy School of Government, a JD from the University of California, Berkeley, School of Law, and a BA from the Johns Hopkins University. He sits on the board of the Cyber Risk Institute and has been recognized by the NACD as one of the most influential leaders in the corporate governance community.

Also see:

U.K. Govt Introduces Digital Identity Trust Framework

The post Episode #20: Digital Trust – An Imperative for Business Innovation appeared first on CISO MAG | Cyber Security Magazine.

Coming out of the cybersecurity, privacy, and data ethics fields, Digital Trust is becoming a requirement for doing business in the modern, hyperconnected world.

There is a significant trust deficit – people are increasingly saying that they don’t trust science or technology (and especially not technology focused companies) to improve their lives.

A global survey by PwC in 2020 found that people have concerns about security and privacy, but often feel trapped with their service providers due to a lack of trusted alternatives. Consumers want trusted alternatives, with 83% wanting control over their data and 85% wishing for companies they can trust with their data. Given a trustworthy option, consumers would not only change providers but are also willing to pay for more enhanced security.

In order to build back trust in technology and in technology innovators and developers, we need to focus on building more trustworthy technology. That includes focusing on cybersecurity at the beginning, but also on being transparent about our uses of tech and making sure they adhere to the values of users and citizens.That’s why the World Economic Forum launched a new initiative on Digital Trust.

The World Economic Forum’s Digital Trust initiative was established to create a global consensus among stakeholders on what Digital Trust means. Digital Trust is part of the Forum’s Centre for Cybersecurity Platform.

In this episode Daniel Dobrygowski, Head of Governance & Trust, World Economic Forum explains what Digital Trust means in the context of business and why it is so important for business innovation.

Consumers are losing their faith in businesses as they sell their personal data to marketers. More consumers are mistrusting technology, for instance, connected technology in smart homes. And this is highlighted in The World Economic Forum’s State of the Connected World 2020 report. Big tech companies can track consumers closely and have a deep understanding about consumer habits, preferences and behaviors. It’s also about lapses in security that are leading to data leaks. Dobrygowski talks about the governance required to reaffirm consumer confidence in both, business and technology.

CISO MAG · Episode #20: Digital Trust – An Imperative for Business Innovation

An attorney and educator with two decades of experience at the intersection of technology, civil rights, law, and policy, Dobrygowski came to the Forum as a Global Leadership Fellow and was one of the founding staff of the Forum’s Centre for Cybersecurity. Previously, he practiced law with international firms in San Francisco and Washington, DC in the areas of antitrust, consumer protection, IP, and privacy. He conducts research and publishes in the fields of cybersecurity & resilience, digital trust, election protection, internet rights, and corporate governance.

Daniel holds an MPA from Harvard University’s Kennedy School of Government, a JD from the University of California, Berkeley, School of Law, and a BA from the Johns Hopkins University. He sits on the board of the Cyber Risk Institute and has been recognized by the NACD as one of the most influential leaders in the corporate governance community.

Also see:

U.K. Govt Introduces Digital Identity Trust Framework

FeedzyRead MoreCryptocurrency exchange platform Crypto.com announced that unknown threat actors compromised its user accounts. In an official release, the company stated that a small number of users encountered unauthorized crypto withdrawals on their accounts. The intrusion reportedly affected 483 Crypto.com user accounts. The unauthorized withdrawals totaled 4,836.26 Ethereum coins worth $15,132,516, 443.93 in Bitcoin worth $18,613,630,
The post Crypto.com Suffers Unauthorized Activity Affecting 483 Users appeared first on CISO MAG | Cyber Security Magazine.

Cryptocurrency exchange platform Crypto.com announced that unknown threat actors compromised its user accounts. In an official release, the company stated that a small number of users encountered unauthorized crypto withdrawals on their accounts. The intrusion reportedly affected 483 Crypto.com user accounts. The unauthorized withdrawals totaled 4,836.26 Ethereum coins worth $15,132,516, 443.93 in Bitcoin worth $18,613,630, and over $66,200 in other cryptocurrencies.

How Did the Intrusion Happen?

Crypto.com stated that it identified an unauthorized activity on its user accounts on January 17, 2022, where transactions were being approved without the 2FA authentication from the user side. The crypto platform suspended all withdrawals as a precautionary measure and launched an investigation to find additional details.

Mitigation

As a security measure, Crypto.com invalidated all customer 2FA tokens and asked its customers to re-login and set up their 2FA token to ensure only authorized users can log in. While the threat actors behind the intrusion are unknown, Crypto.com stated it will notify and compensate the affected customers.

Also Read: Lazarus Group Stole $400 M Worth of Cryptocurrencies in 2021

“Full audit of the entire infrastructure has been conducted internally, with a number of improvements being implemented to further harden the security posture. While Crypto.com already performs internal and external penetration tests, Crypto.com has immediately engaged with third-party security firms to perform additional security checks on our platform, as well as initiating additional threat intelligence services,” the release said.

What Crypto.com is Doing to Prevent Intrusions

Crypto.com has introduced the Worldwide Account Protection Program (WAPP) to provide additional protection and security for its users’ funds. It is said that WAPP is designed to protect user funds in cases where a third party gains unauthorized access to their account and withdraws funds without the user’s permission.

To qualify for the WAPP program, users must:

Enable Multi-Factor Authentication (MFA) on all transaction types where MFA is currently available
Set up an anti-phishing code at least 21 days before the reported unauthorized transaction
Not be using jailbroken devices
File a police report and provide a copy of it to Crypto.com
Complete a questionnaire to support a forensic investigation

“The safety of our customers’ funds is our highest priority, and we are continually enhancing our Defense-in-Depth security and protection measures. While we are reminded of the existence of bad actors intent on committing fraud, this new Worldwide Account Protection Program, along with our new MFA infrastructure, gives our users unprecedented protection of their funds, and hopefully, peace of mind,” said Kris Marszalek, co-founder, and CEO of Crypto.com.

The post Crypto.com Suffers Unauthorized Activity Affecting 483 Users appeared first on CISO MAG | Cyber Security Magazine.

Cryptocurrency exchange platform Crypto.com announced that unknown threat actors compromised its user accounts. In an official release, the company stated that a small number of users encountered unauthorized crypto withdrawals on their accounts. The intrusion reportedly affected 483 Crypto.com user accounts. The unauthorized withdrawals totaled 4,836.26 Ethereum coins worth $15,132,516, 443.93 in Bitcoin worth $18,613,630, and over $66,200 in other cryptocurrencies.

How Did the Intrusion Happen?

Crypto.com stated that it identified an unauthorized activity on its user accounts on January 17, 2022, where transactions were being approved without the 2FA authentication from the user side. The crypto platform suspended all withdrawals as a precautionary measure and launched an investigation to find additional details.

Mitigation

As a security measure, Crypto.com invalidated all customer 2FA tokens and asked its customers to re-login and set up their 2FA token to ensure only authorized users can log in. While the threat actors behind the intrusion are unknown, Crypto.com stated it will notify and compensate the affected customers.

Also Read: Lazarus Group Stole $400 M Worth of Cryptocurrencies in 2021

“Full audit of the entire infrastructure has been conducted internally, with a number of improvements being implemented to further harden the security posture. While Crypto.com already performs internal and external penetration tests, Crypto.com has immediately engaged with third-party security firms to perform additional security checks on our platform, as well as initiating additional threat intelligence services,” the release said.

What Crypto.com is Doing to Prevent Intrusions

Crypto.com has introduced the Worldwide Account Protection Program (WAPP) to provide additional protection and security for its users’ funds. It is said that WAPP is designed to protect user funds in cases where a third party gains unauthorized access to their account and withdraws funds without the user’s permission.

To qualify for the WAPP program, users must:

Enable Multi-Factor Authentication (MFA) on all transaction types where MFA is currently available
Set up an anti-phishing code at least 21 days before the reported unauthorized transaction
Not be using jailbroken devices
File a police report and provide a copy of it to Crypto.com
Complete a questionnaire to support a forensic investigation

“The safety of our customers’ funds is our highest priority, and we are continually enhancing our Defense-in-Depth security and protection measures. While we are reminded of the existence of bad actors intent on committing fraud, this new Worldwide Account Protection Program, along with our new MFA infrastructure, gives our users unprecedented protection of their funds, and hopefully, peace of mind,” said Kris Marszalek, co-founder, and CEO of Crypto.com.

FeedzyRead MoreThe North Atlantic Treaty Organization (NATO) recently entered into a deal with Ukraine to boost cybersecurity capabilities in the country. The NATO Communications and Information (NCI) Agency and Ukraine signed a renewed Memorandum of Agreement to continue working on cybersecurity and other technology-related projects. The agreement comes after a series of cyberattack incidents in Ukraine
The post NATO and Ukraine Sign Deal to Boost Cybersecurity appeared first on CISO MAG | Cyber Security Magazine.

The North Atlantic Treaty Organization (NATO) recently entered into a deal with Ukraine to boost cybersecurity capabilities in the country. The NATO Communications and Information (NCI) Agency and Ukraine signed a renewed Memorandum of Agreement to continue working on cybersecurity and other technology-related projects.

The agreement comes after a series of cyberattack incidents in Ukraine and heightened tensions over Russia’s invasion. According to a statement from NATO’s Secretary-General Jens Stoltenberg, cybersecurity experts from NATO will be working together with Ukraine to confront the rising cyberthreats in the region. The new cybersecurity collaboration allows Ukrainian access to NATO’s malware information sharing platform along with enhanced cyber cooperation.

NATO is an intergovernmental military alliance between 27 European countries, two North American countries, and one Eurasian country. It constitutes a collective security system and mutual defense against any attacks from external parties.

“We have successfully worked with Ukraine for several years, delivering key capabilities and exchanging knowledge. Under this renewed agreement, we will deepen our collaboration with Ukraine to support them in modernizing their information technology and communications services while identifying areas where training may be required for their personnel. Our experts stand ready to continue this critical partnership,” said NCI Agency General Manager Ludwig Decamps.

Also Read: Russian Networks Accused of Carrying Out Massive Cyberattack on Ukraine

“The Memorandum signed today continues our cooperation established in 2015. With NATO’s support, we plan to further introduce modern information technologies and services into the command and control system of the Armed Forces of Ukraine,” said Ambassador Nataliia Galibarenko, Head of Mission of Ukraine to NATO.

Ukraine Russia and Cyberattacks

This is not the first instance to raise cyberattack tensions between Ukraine and Russia. There were multiple cybersecurity incidents in Ukraine, allegedly by Russian hackers. Ukraine claimed that Russia specifically targeted its security services, governmental offices, the Defence Council, and other enterprises. However, Moscow has always denied Ukraine’s previous claims of targeted cyberattacks, but Ukraine persists that the former is using “hybrid war” tactics against their country. Read More Here…

The post NATO and Ukraine Sign Deal to Boost Cybersecurity appeared first on CISO MAG | Cyber Security Magazine.

The North Atlantic Treaty Organization (NATO) recently entered into a deal with Ukraine to boost cybersecurity capabilities in the country. The NATO Communications and Information (NCI) Agency and Ukraine signed a renewed Memorandum of Agreement to continue working on cybersecurity and other technology-related projects.

The agreement comes after a series of cyberattack incidents in Ukraine and heightened tensions over Russia’s invasion. According to a statement from NATO’s Secretary-General Jens Stoltenberg, cybersecurity experts from NATO will be working together with Ukraine to confront the rising cyberthreats in the region. The new cybersecurity collaboration allows Ukrainian access to NATO’s malware information sharing platform along with enhanced cyber cooperation.

NATO is an intergovernmental military alliance between 27 European countries, two North American countries, and one Eurasian country. It constitutes a collective security system and mutual defense against any attacks from external parties.

“We have successfully worked with Ukraine for several years, delivering key capabilities and exchanging knowledge. Under this renewed agreement, we will deepen our collaboration with Ukraine to support them in modernizing their information technology and communications services while identifying areas where training may be required for their personnel. Our experts stand ready to continue this critical partnership,” said NCI Agency General Manager Ludwig Decamps.

Also Read: Russian Networks Accused of Carrying Out Massive Cyberattack on Ukraine

“The Memorandum signed today continues our cooperation established in 2015. With NATO’s support, we plan to further introduce modern information technologies and services into the command and control system of the Armed Forces of Ukraine,” said Ambassador Nataliia Galibarenko, Head of Mission of Ukraine to NATO.

This is not the first instance to raise cyberattack tensions between Ukraine and Russia. There were multiple cybersecurity incidents in Ukraine, allegedly by Russian hackers. Ukraine claimed that Russia specifically targeted its security services, governmental offices, the Defence Council, and other enterprises. However, Moscow has always denied Ukraine’s previous claims of targeted cyberattacks, but Ukraine persists that the former is using “hybrid war” tactics against their country. Read More Here…