This one’s in Schwyz, in Switzerland, which makes reading of the original story somewhat difficult. But we can safely say that “Eine unbekannte Täterschaft hat zur Täuschung künstliche Intelligenz eingesetzt und so mehrere Millionen Franken erbeutet” is NOT a good thing.
And that’s millions of Swiss francs, not millions of Al Frankens.
“Deploying audio manipulated to sound like a trusted business partner, fraudsters bamboozled an entrepreneur from the canton of Schwyz into transferring “several million Swiss francs” to a bank account in Asia.”
Cybersecurity professionals need to align their efforts with those of the U.S. National Institute of Standards and Technology’s (NIST’s) National Cybersecurity Center of Excellence (NCCoE). Download the NCCoE project portfolio, and plan to attend the February 19 webinar. Details below.
“The NIST National Cybersecurity Center of Excellence (NCCoE) is excited to announce the release of our inaugural Project Portfolio, providing an overview of the NCCoE’s research priorities and active projects.”
“The NCCoE serves as a U.S. cybersecurity innovation hub for the technologies, standards, and architectures for today’s cybersecurity landscape.
“Through our collaborative testbeds and hands-on work with industry, we build and demonstrate practical architectures to address real-world implementation challenges, strengthen emerging standards, and support more secure, interoperable commercial products.
“Our trusted, evidence-based guidelines show how organizations can reduce cybersecurity risks and confidently deploy innovative technologies aligned with secure standards.”
Formal and informal collaborations with other entities.
The NCCoE’s four pillars: Data Protection, Trusted Enterprise, Artificial Intelligence, and Resilient Embedded Systems.
The “forming,” “active,” and “concluding” projects within the pillars, with links to each project.
For example, one of the listed AI projects is the Cyber AI Profile:
“Recent advancements in Artificial Intelligence (AI) technology bring great opportunities to organizations, but also new risks and impacts that need to be managed in the domain of cybersecurity. NIST is evaluating how to use existing frameworks, such as the Cybersecurity Framework (CSF), to assist organizations as they face new or expanded risks.”
This group has published its roadmap, including workshops, working sessions, and document drafts.
And if you are a cybersecurity or identity company needing to communicate how your product protects your users, Bredemarket can help you bring your message to your prospects.
Book a free meeting with me and let’s discuss how we can work together.
Here are details on how Bredemarket works: its services, its process, and its pricing.
More and more jurisdictions are mandating age assurance (either age verification or age estimation) to access online services. Perhaps racy content, perhaps gambling content, or in some cases even plain old social media. But in a technical sense these age assurance mechanisms are a network problem…and you can just route yourself around a problem.
Your jurisdiction doesn’t allow you to visit the Sensuous Wildebeests website? Just install a virtual private network (VPN) to pretend that you’re in a different jurisdiction that allows access.
“After the Online Safety Act triggered a 6,000+% surge in VPN usage, the House of Lords tabled an amendment to ban children from using VPNs. Under the proposal, VPN providers would have to verify the age of all UK users. The government has said it will “look very closely” at VPN usage.”
For more information on this proposal, see TechRadar.
Google Gemini.
And this is just one of many examples of government examination, and perhaps regulation, of VPN use.
But as Secrets of Privacy points out, there’s one big problem. VPN users aren’t only kids trying to dodge the law, or individuals trying to protect their privacy. There’s one very big class of VPN users who would NOT appreciate government regulation.
“VPNs are fundamental to modern business IT, which makes a “ban” hard to envision. Every corporation with remote workers uses them. Diverse industries, such as banking, law, finance, and ecom giants all depend on VPN technology. You can’t ban VPNs without breaking the backbone of modern IT systems.”
“VPNs were developed when networks were different than they are now. Before the advent of cloud applications, resources were isolated within a secure corporate network perimeter. Now, modern networking infrastructures are being deployed that can quickly adapt and scale to new business requirements, which means applications and data are no longer contained within the corporate data center. Instead they reside across distributed multi-cloud and hybrid data center networks.
“This change has led to a rapid expansion of the attack surface, and in the face of this changing cybersecurity environment, Zero Trust Network Access (ZTNA) has received more attention as an alternative to VPNs for remote access.”
Of course, VPNs will fade away at the same time the password dies…in other words, not any time soon. And while Secrets of Privacy speculates about a two-tier solution in which corporations can use VPNs but individuals cannot…we’ll see.
Do you have trust, or zero trust, that VPNs will be regulated in ALL jurisdictions in the future?
I previously wrote about how clean data is the new oxygen (stealing a phrase from someone else), but sometimes more data is better. Sometimes.
Let me use the fingerprint example. If you have a single fingerprint from one person, you have data that you can use to match against a person’s tenprint record.
Grok.
But if you have two fingerprints, then you have twice as much data for the match. And Mister Math tells us that ten fingerprints yields much more data.
Now there are cases where you don’t have all ten search prints. Perhaps you’re taking latent prints from a crime scene and the suspect didn’t carefully leave all ten prints. Or you’re using contactless fingerprint capture and for some reason didn’t get the full tenprint record. But if you can get all ten fingerprints for search, then your match accuracy increases.
But is an abundance of data better?
Only if it’s clean.
If finger numbers are misclassified, or if fingerprints from multiple people are mixed in the same individual record, or if the minutiae are not marked correctly, then the dirty data messes up your process.
Which is why the quality of data in a fingerprint database is important.
And if you need to talk about your fingerprint product’s quality assurance measures, Bredemarket can help. Book a free meeting with me to discuss your needs.
The third version, using Frank Zappa’s “A Little Green Rosetta,” was only created as an Instagram story and will therefore disappear from public view by Tuesday evening.
I guessed that’s supposed to encourage you to subscribe to the Bredemarket Instagram account, but I don’t think Green Rosetta is a strong selling point. Too bad “Watermelon in Easter Hay” doesn’t fit the reel subject matter.
On Monday afternoon, I was writing “draft 0.5” of a document for a Bredemarket client. Among other topics, the document noted how the quality of biometric capture affects future identification capability.
Although when I was originally conceptualizing the silhouette, I was thinking of the instrumental interlude toward the end (about 4 minutes in) of Elton John’s “I’ve Seen That Movie Too.”
Yeah, that song’s over fifty years on. Something I will address on my personal LinkedIn profile later this evening.
“A recent development is scammers using the name of legitimate companies that are hiring and approaching their victims through LinkedIn’s direct messaging feature. They then create counterfeit websites that look like the websites of the legitimate companies they are posing as and ask the job seekers for personal information…”
And you can guess what happens with that personal information. It doesn’t land you a real job, that’s for sure.
In addition to the tips that Scamicide provides, I have an additional one. BEFORE you provide your resume, before you send them a connection request, or definitely before you engage on Telegram or WhatsApp, ask this question:
“Can you provide me with your corporate email address?”
This usually shuts scammers up very quickly.
But don’t forget that while job applicants are avoiding fraudulent employers, legitimate employers are avoiding fraudulent applicants…perhaps from North Korea.
“A subject is a human user or NPE, such as a device that issues access requests to perform operations on objects. Subjects are assigned one or more attributes.”
If you have a process to authorize people, but don’t have a process to authorize bots, you have a problem. Matthew Romero, formerly of Veza, has written about the lack of authorization for non-human identities.
“Unlike human users, NHIs operate without direct oversight or interactive authentication. Some run continuously, using static credentials without safeguards like multi-factor authentication (MFA). Because most NHIs are assigned elevated permissions automatically, they’re often more vulnerable than human accounts—and more attractive targets for attackers.
“When organizations fail to monitor or decommission them, however, these identities can linger unnoticed, creating easy entry points for cyber threats.”
Veza recommends that people use a product that monitors authorizations for both human and non-human identities. And by the most amazing coincidence, Veza offers such a product.
People Require Authorization
And of course people require authorization also. They need authorization:
Oh yeah…and to access privileged resources on corporate networks.
It’s not enough to identify or authenticate a person or NPE. Once that is done, you need to confirm that this particular person has the authorization to…launch a nuclear bomb. Or whatever.
Your Customers Require Information on Your Authorization Solution
If your company offers an authorization solution, and you need Bredemarket’s content, proposal, or analysis consulting help, talk to me.
Bredemarket 