ARCW Cybersecurity | July 2018

Sexual Harassment Training Meets Virtual Reality
Employees – The Biggest Cybersecurity Threat
Florida Fostering Cybersecurity in State Agencies
Medical Device Cyberattacks
Biometric Authentication


sexual harassment meets virtual reality

Sexual Harassment Training Meets Virtual Reality

Sexual harassment cases have flooded the news for many months now. It’s evident that it’s a big problem that needs to be seriously addressed. Many companies have incorporated sexual harassment training into their Human Resource departments, but are finding that it’s falling far short of the desired results. Enter virtual reality (VR) training.

Chief Learning Officer published a really interesting article about how VR training may succeed where other methods have failed by visually eliciting empathy from the trainee. The beauty of VR is that it can place the trainee directly into a sexual harassment situation as if they were really there. Vantage Point VR training uses 360-wide visuals and has three core models:

  1. Identification of sexual harassment
  2. Bystander intervention
  3. Response training

Previously, sexual harassment training included videos, handouts, lectures, etc. They have all fallen short because they aren’t “real” and don’t elicit emotion. The VR method puts the trainee into the situation, making it all very real.

Read more about this interesting training method in Chief Learning Officer’s article.


employees are the cyber threat 

Employees – The Biggest Cybersecurity Threat

According to a recent report on KeeperSecurity.com, your own employees may be at the root of most of your company’s cyber security attacks. Cybersecurity incidents have a huge impact on small and medium-sized businesses and can easily cause that company to shutter within six months of the attack. In addition to employees, a big concern is a company’s password policy. In fact, an alarming amount of companies surveyed did not have a password policy in place. That’s really grim news in today’s cyber threatening world.

The 2017 report used the respondents replies to nail down the top ten trends in cybersecurity. They are:

  1. Cyberattacks increased from 55% to 61% over a 12-month period.
  2. Ransomware increased from 2% the previous year to 52% in 2017.
  3. The breaches involving personal information increased by 50% from the previous year.
  4. 54% of the respondents whose organization had a breach say it was due to a negligent employee.
  5. The Internet of Things (IoT) security vulnerability remains a high concern.
  6. Malware is evading the intrusion detection systems.
  7. Strong passwords and biometrics continue to be an essential part of the security defense.
  8. Password policies are still not being strictly enforced.
  9. Personnel, budget and technologies continue to be insufficient.
  10. Cyber attacks are much more costly.

The full report can be downloaded as a pdf at https://keepersecurity.com/2017-State-Cybersecurity-Small-Medium-Businesses-SMB.html. Also read the 2018 Security Tracker report that also attributes the biggest information security risks to negligent employees at

https://www.shredit.com/en-us/securitytrackerus.


florida fights cyber

Florida Fostering Cybersecurity in State Agencies

Cybersecurity education and hands-on training is at the core of a new Florida partnership. Agencies such as the Department of Education and the Department of Transportation are eligible to have one IT security professional attend education sessions provided through the Florida Agency for State Technology (AST) and the University of West Florida’s Center for Cybersecurity.

According to an article in Security Magazine, there are 11,000 IT and cybersecurity jobs open in the state of Florida. The University of West Florida Center for Cybersecurity and the Florida Agency for State Technology have partnered to tackle this issue with the goal being to “develop a pipeline of talented, trained cyber professionals who can support the state’s cyber resiliency and data security,”

The program’s first stage is to streamline communication and improve cybersecurity awareness across all state agencies. With state personnel in communication with each other, they will be able to react effectively and immediately should a cyberattack occur. The partnership also includes “training with the Florida Cyber Range…so state cybersecurity professionals can get hands-on training within the program instead of waiting for a real-life incident.”

Read the full article at  https://www.securitymagazine.com/articles/89082-how-florida-agencies-are-training-for-a-cyber-talent-pipeline?v=preview


iot medical hacks

Medical Device Cyberattacks

U.S. News recently published the article “Can a Hospital Room Be Hacked?” It foreshadows the myriads of problems that hospitals and health care providers could face after cyberattacks on medical devices occur. It’s a known fact that a large number of the machines in a hospital room are connected to the Internet, thus making them vulnerable.

Most cyberattacks are directed at stealing the device’s technology, but that doesn’t mean that some of the attacks won’t harm patients. The article states “In 2017, KPMG polled 200 industry execs: 53 percent named nation states as the most likely source of medical device cyberattacks, with 79 percent saying the hackers target intellectual property. The bad news is 41 percent of these respondents say cybercriminals also go after patient data.”

Read more about this at: https://www.usnews.com/news/healthcare-of-tomorrow/articles/2018-05-25/security-of-medical-devices-is-latest-health-care-concern


biometric spoofing

Biometric Authentication

Google announced plans to introduce its new anti-spoofing feature for Android operating systems that makes the biometric authentication mechanism more secure.

Not familiar with biometric authentication or spoofing? Biometric authentication is similar to the fingerprint, IRIS and face recognition technologies that speed up device and application unlocking. But, like all systems, it isn’t foolproof and can easily be fooled. Spoofing is a situation where a program or person succeeds in pretending to be someone else by supplying false data.

Google announced that it has created a better more secure biometric security, available from Android P which will allow mobile app developers to integrate enhancements within their apps, keeping user’s data secure.

In an article in The Hacker News, if while unlocking the device or app, there appears to be a weak biometric, this new feature will prompt the user to re-enter PINs or passwords. It will also keep one from making payments or other similar-type transactions.

Read more about this new feature at: https://thehackernews.com/2018/06/android-biometric-authentication.html

 


This information is not intended to be exhaustive nor should any discussion or opinions be construed as professional advice.  Should you have any questions or would like to discuss your risk exposure with your business insurance, please contact the insurance pros at ARCW Insurance.  We are here to help.