Converge TechTalk

Today’s guest for Converge TechTalkis Kyle Metcalf, CEO of Inspired eLearning, a security awareness and HR compliance training firm. Kyle spent 12 years at Rackspace before taking the help as CEO at Inspired eLearning, and is focused on helping the company become a leader in the highly competitive and growing market of cybersecurity training.

Why cybersecurity training? Internet security is perhaps the biggest threat businesses of all sizes face today. Employees play a significant role when it comes to protecting against cyberattacks, as they are, quite literally, on the front lines of defense. Keeping them aware and knowledgeable about security risks and trained on protecting themselves and the company is business mission critical today.

Our discussion centered on the following touchpoints—

- Trends in security that make security awareness and training important.

- Why you board needs to be involved in and committed to security.

- What does a robust security awareness program look like?

- How to justify budget for security awareness.

- How to drive knowledge retention within your organization.

Mison Riggins from Inspired eLearning joins me for Converge Tech Talk today and we’re taking a look at the 2019 Cybersecurity trends and what we see as important now and in the coming months.

We start off by addressing the Collection #1 Data Breach. With some 770+ million email records and 21 million passwords reported to be shared online, there’s every reason that it’s being called “the mother of all data breaches.” If you’d like to learn more about the Collection #1 breach, I’ve covered it here—Collection #1 Data Breach, What You Need to Know.

Then we moved on to 2019 cybersecurity trends and what’s on the horizon. This includes:

AI and Machine Learning

AI and machine learning are current industry buzzwords, but Mison and I talk about how these things, or either of them, like weaponized AI, impact cybersecurity.

Ransomware

What’s happening with ransomware? Are we going to see more ransomware or less in 2019 and beyond? While we most likely expect to continue to hear about pointed attacks against big name companies and/or conglomerates, we’ll likely see a shift in cybercriminal focus to cryptocurrencies. The reason for the decline is that it is much more lucrative to mine cryptocurrencies through nefarious means than to steal protected data and hold it for a ransom payment that may or may not come.

What should companies be doing to protect against ransomware?

That said, it doesn’t mean you don’t still need to protect against ransomware. That means backing up your data and using encryption to protect your hard drives or at least your personally identifiable information (PII) as well as your intellectual property is still good security practice.

Weaponized IoT

We move on to the IoT … specifically, Weaponized IoT and the impact that has on the security space. So what is “Weaponized IoT”? Great question— and you’ve got to watch or listen to the interview for a deeper dive on this. Bottom line, more IoT connected devices means more opportunities for cybercriminals to take advantage of them for their own uses.

What risks do Weaponized IoT attacks present, and who is their most likely target audience?

The targets for weaponized IoT attacks include the relatively mundane, We expect to see escalated attacks specifically targeting critical industrial infrastructures like power plants, electricity grids, public utility services, and communication networks. Industrial IoT make a great target since their vulnerabilities lie in the underlying cloud infrastructure, increasing network connectivity to edge computing, difficulty in securing the devices themselves with Meltdown and Spectre vulnerabilities still in the mix, and the exponential number of devices that have to connect to the cloud for updates and maintenance. IIoT has become low-hanging fruit for attackers since just a compromise of back-end servers will cause widespread service outages and bring vital systems to a screeching halt, affecting other vital sectors at the same time.

What Role do Privacy Regulations Play in Trend Predictions

We expect consumer awareness of and demands for privacy protection to continue. As a result, we also expect cybersecurity trends to demonstrate increased legislative and regulatory activity continuing throughout 2019. GDPR violations will mostly likely start to receive penalties from 2019. We saw that with recent news of France levying a nearly $57m US fine against Google for GDPR violations, and that’s likely not the first such assessment. Also, state-level privacy regulations will continue to be outlined and distributed as we see happening in California already.

Authentication Methods Will Improve

There’s good news in cybersecurity trends for 2019 as it relates to authentication methods—passwords are going to get a massive makeover.

Single Factor Passwords will be a thing of the past, perhaps even regulated as Dark Age Relics. With Fido Alliance and other such cross-organizational movements, the use of crypto keys instead of a single, albeit complex, password will be the more secure option to opening applications. Multi-factor authentication is already gaining ground with requests for “something you know”—a phrase or pin, and “something you have”—biometrics, token, or an encryption key, being the new norm. NIST has already moved away from advising security professionals to demand a complex list of items to include in a password as it has resulted in End User password management fatigue.

Wrapping Up 2019 Cybersecurity Trend Overview

Perhaps most important of all in the cybersecurity trend overview is that 2019 will likely mark a strategic shift in the way people, especially the boardroom and the C-Suite executives view cybersecurity. The security industry will also see a shift from an emphasis on “cybersecurity” to “information assurance and risk management.”

If you like what you’re seeing/or listening to, be sure to hit the subscribe button here and stay in touch with all the latest business and technology news from Converge Tech Talk.

Phishing is one of the most common cybersecurity attacks and in this episode of Converge TechTalk, Mison Riggins, tech security expert from Inspired eLearning downloads everything we need to know about phishing, and how to keep your employees, and your company, safe from phishing attacks.

Phishing attacks are designed to trick people into giving up private information and/or to trick people into clicking on a malware or ransomware link that can spell big trouble for companies and their data. This kind of cyberattack is one of the most common tactics cyber criminals use and can happen in a number of different ways: Phishing, SMiShing, and Vishing.

These names relate to the different channels that cyber criminals use to reach prospective targets. Phishing relies on email as a channel, Smishing relies on SMS messaging, and Vishing relies on voice as a channel to reach victims.

Mison and I cover a myriad of details related to phishing, and how companies can help employees learn what they need to know about phishing, wise up to attackers’ ploys aimed at getting private information and/or breaching corporate security systems, and protect both themselves and their companies from this type of security breach. We also cover what to do if you suspect or discover you’re been the victim of phishing attack and the immediate steps you should take.

Mison is speaking at the Data Connectors’ Cybersecurity Strategies Conference in Dallas on Wednesday, December 5th.  As part of her presentation, Mison will demonstrate to the audience how to create a phish, which is designed as a training exercise. She’s pretty confident that once you know how to create a phish, chances are good that you’ll be able to quickly identify phishing attacks in the future, and know how to more effectively protect against them.

The transfer of information from generation to generation is vital to the success of any business. It’s never been more important than it is now, when we are seeing Baby Boomers begin to retire and Gen Xers and Millennials in key leadership roles, assuming the responsibility of continued business growth and success. Developing a ͞tribal culture͟ and devoting a concerted effort to knowledge transfer is what will allow companies to not only achieve digital transformation success, but it’s also the key to business sustainability. This episode of #DigitalTransformation Talk covers the topic of knowledge transfer and how developing a ͞tribal culture͟ will help your business in a myriad of ways.

Collaboration technology is a booming business, and with good reason—it benefits just about every part of an organization. But when it comes to human resource teams, collaboration technology and the efficiencies and productivity that can be a result of the adoption of a collaboration platform can be off the charts. Why? Collaboration is about people, connection, productivity, and culture. And HR? Well, it’s about those very same things. In this episode of #DigitalTransformation Talk, we cover the benefits of collaboration tech for HR teams and we think you’ll want to hang around for it.

Imagine working in a team setting which requires constant contact and conversation with your co-workers. Easy enough, right? Now imagine your co-workers don’t work in a cubical close to yours—in fact, they work across the country or even across the world. The latter is becoming more commonplace, and this inaugural episode of #DigitalTransformation Talk, hosted by Broadsuite Media Group’s Shelly Kramer, discusses new and existing collaboration technologies that will streamline communications across different platforms of business.