When it comes to cybersecurity, changing outcomes is about unity of mission, not command, and here our government is often at odds with itself. The next president, whomever he or she turns out to be, has a chance to change that. The hack of the Democratic National Committee (DNC) made juicy headlines –but it shouldn’t have surprised anyone. Because these days, there are two kinds of presidential campaigns in the United States: Those that have been hacked and those that have been hacked but don’t know it.  If our next president is serious about preventing attacks, we need to stop waiting for the inevitable. The appointment of the nation’s first chief information security officer and the new directive for cyber incidents is a start, but good cybersecurity policy should be proactive, not reactive.

Here’s how we can get ahead of the game:

1) End the government doublespeak
In February, President Obama took the first step of writing an op-ed in the Wall Street Journal to outline his strategy for strengthening the internet. He’s spending $3 billion to overhaul federal computer systems and fix government IT, which he characterized as “an Atari game in an Xbox world.”

2) Create a new cyber technology court
Many of the laws governing cybercrime are decades old and failed to anticipate today’s connected world. The Electronic Communications Privacy Act and the Computer Fraud and Abuse Act, for instance, criminalize research by ethical hackers designed to find security flaws before they can be exploited by criminals.

3) Internet security isn’t a war; the government needs help
For a global power used to flexing its muscle to solve problems, the web can be a strange place and a great equalizer. Some of the best tech talent and tools are in the private sector.

SOURCE: Federal Times, Sept. 16, 2016

NATIONAL REVIEW

Facts are in dispute, Yahoo’s explanations are conflicting, and Congress can’t agree what to do. This much we know: On September 22, Yahoo admitted that some 500 million accounts had been stolen by hackers, including encrypted passwords, names, phone numbers, e-mails, but not banking information. The breach actually occurred two years ago, but apparently Yahoo only discovered the theft some weeks before the public announcement. Beyond these bare details, not a lot more is known — a situation that has produced a cascade of questions and allegations.

For instance, Yahoo has not disclosed an exact timeline showing when it learned about the breach. The company stated, “We don’t know how the bad guys got in.” It has also asserted that the theft was perpetrated by a “state-sponsored actor,” though it provided no technical details to support this claim. There are both private and public implications stemming from Yahoo’s voluminous customer-data breach. In July, Verizon agreed to pay $4.8 billion for Yahoo’s core business. Thus, the timing of the subsequent hacking incident could have a direct impact on the proposed takeover — and has produced suspicions about when Yahoo learned of the huge theft.

Senator Richard Blumenthal (D., Conn.) has demanded that regulators “investigate whether Yahoo may have concealed its knowledge of this breach in order to artificially bolster its valuation in its pending acquisition by Verizon.” His suspicions no doubt deepened after learning that Yahoo had claimed in an SEC filing on September 9 that it had no knowledge of any incident that could adversely affect the sale to Verizon. In addition, a Yahoo customer has launched a lawsuit, accusing the company of “gross negligence” of customer data and seeking class-action status.

The brief suggested that Yahoo had neglected customer privacy and refused, despite warnings, to bulk up its security defenses.

SOURCE: NATIONAL REVIEW, Sept. 16, 2016

HARVARD BUSINESS REVIEW

When security breaches make headlines, they tend to be about nefarious actors in another country or the catastrophic failure of technology. These kinds of stories are exciting to read and easier for the hacked company to admit to. But the reality is that no matter the size or the scope of a breach, usually it’s caused by an action, or failure, of someone inside the company.

The role that insiders play in the vulnerability of all sizes of corporations is massive and growing. In the 2016 Cyber Security Intelligence Index, IBM found that 60% of all attacks were carried out by insiders. Of these attacks, three-quarters involved malicious intent, and one-quarter involved inadvertent actors. IBM Security research also found that health care, manufacturing, and financial services are the top three industries under attack, due to their personal data, intellectual property and physical inventory, and massive financial assets, respectively.  However, while industries and sectors differ substantially in the value and volume of their assets and in the technology infrastructures they have to manage and defend, what all businesses have in common is people — all of whom have the potential to be an insider threat.

Before addressing the threat, it’s helpful to understand the primary types of insider risks:

  • We’re only human, and at exactly the wrong time. Human error is a major factor in breaches, and trusted but unwitting insiders are to blame. From misaddressed emails to stolen devices to confidential data sent to insecure home systems, mistakes can be very costly. The riskiest of these are well-meaning IT admins, whose complete access to company infrastructure can turn a small mistake into a catastrophe.
  • A few people leak the passwords. With these trusted but witting insiders, it’s the thought that counts. Malicious employees whose intent is to steal or damage are a very real risk. Some steal competitive information, some sell data or intelligence, and some just have a vendetta against the organization.
  • A wolf in the clothing of John from accounting. Cyber criminals are experts at hijacking identities. Some accomplish this by compromising an employee system through malware or phishing attacks; some leverage stolen credentials, especially by gleaning data from social networks. In many cases attackers can increase a hacked user’s access within a system, leading them to even more sensitive information.

The most dangerous aspect of insider threats is the fact that the access and activities are coming from trusted systems, and thus will fly below the radar of many detection technologies. Particularly in the latter two categories, malicious actors can erase evidence of their activities and presence to further complicate forensic investigations.

SOURCE: HARVARD BUSINESS REVIEW, SEPT. 19, 2016

Launching tech startup? “Don’t Panic” to the rescue

Ever wonder what sorts of issues you may encounter as a creator or entrepreneur? Or when you might want to reach out to a real-life lawyer?

That’s what Don’t Panic:) A Legal Guide (in plain English) for Small Businesses and Creative Professionals is all about.

Published by New Media Rights, with offices at iHive @ NEST in San Diego, this recently-published book is designed to help new-business owners of all kinds.

Don’t Panic:) will prepare you to deal with a wide range of legal issues you’re likely to encounter as a startup creator or tech entrepreneur.

The book’s authors are Art Neill, executive director of New Media Rights; and Teri Karobonik, former staff attorney at the non-profit agency.

Click here to buy the book on Amazon

Electronic version – $9.99 | Paperback – $14.99

Founded in 2013, SD3D Printing provides a one-stop shop for innovative 3D printing, scanning and design services in San Diego. Here’s an investment update from co-founder David Feeney:

“We were recently accepted into the Tech WildCatters (TW) accelerator program in Dallas, Texas. The process includes a $30,000 staged investment to help get us through what they call ‘The Gauntlet,’ which is their version of internally guided due diligence.

“The Gauntlet has five levels through which a startup progresses — Discovery, Build, Launch, Grow and Scale.

“Once a startup reaches Level 5, TW syndicates an investor dinner with the goal of opening and closing the startup’s seed round during that dinner. They lead the round with $100,000 of their own funding. Then the startup pitches to the group to bring in additional angels to the deal.
“Previously, every company that has reached Level 5 of the TW program has successfully oversubscribed their desired seed round during the syndicated investor dinner.

“We expect to reach Level 5 by mid-December. Bennett Berger, our co-founder and president, will be relocating to Dallas to ensure the process runs smoothly and remains on schedule.

“We will also be installing our second 3D printing kiosk at the TW headquarters in downtown Dallas. Our first was installed at iHive last month.”

SOURCE: SD3D Printing

Webroot buys Cyberflow Analytics, to expand in San Diego

Webroot, the market leader in next-generation endpoint security and threat intelligence, has announced it has acquired the assets of CyberFlow Analytics, an innovator in applying data science to network anomaly detection.

This acquisition enhances Webroot’s ability to address the explosion of internet-connected devices and an increasingly complex threat landscape. The company plans to expand its operations in San Diego.

Adding the FlowScape network behavioral analytics solution extends Webroot’s leadership in machine learning-based cybersecurity to the network layer.

As malware is now overwhelmingly polymorphic and advanced persistent threats (APTs) mask their activities within everyday network noise, SaaS-based FlowScape adversarial analytics and unsupervised machine learning enables Webroot to further reduce time to classify and address threats.

“Today, one of the only things attackers can’t find out about your network is what’s normal,” said Dick Williams, Webroot CEO. “This solution can identify and alert on potentially malicious activity that deviates from normal traffic in milliseconds.”

SOURCE: PRNEWSWIRE,
Sept. 21, 2016

MEMBER PROFILE: Tom Kereszti

Company: The John Maxwell Group

Founded: 2005

Leadership coach: Tom Kereszti

Product/Service: Leadership development, workshops, mentoring, coaching, public speaking

Website: www.JohnMaxwellGroup.com/tomkereszti

Location: 1185 First Avenue, Suite 201, San Diego, CA 92101

Contact info:

Tom Kereszti
415-793-4509
tom@kereszti.com
tomkereszti@johnmaxwellgroup.com

Upcoming special event: LIVE2LEAD, leadership development seminar

  • National simulcast hosted by John C. Maxwell, Leadership expert, best-selling author, life coach; and Dan Cathy, President/CEO, Chick-fil-A
  • Friday, Oct. 7, 2016, 8 am to 2:30 pm
  • General admission: $35; VIP admission: $65 (includes afternoon workshop co-hosted by Tom Kereszti and Dr. Stephen Kalauhi, transformation coach)
  • Rock East County Campus, 808 Jackman Street, El Cajon, CA 92020
  • Ticket info: contact Tom Kereszti, tom@kereszti.com

Quotable: “What is leadership? Leadership begins with leadership of yourself, then leadership of others and ultimately leadership of leaders. Tom is an industry influencer who adds value to individuals and companies reach their highest potential through life changing leadership principles.” – Tom Kereszti

Notable: Based on John Maxwell’s Biblically-based leadership principles, Tom will fine-tune his workshops, mentoring and coaching materials for your specific personal and business challenges. He will help transform your company and help your team realize its true leadership potential. Everything rises and falls on leadership. Look for an upcoming mastermind seminar hosted by Tom at CyberTECH.

Company Video: The John Maxwell Team

TOM KERESZTI is located within NEST at X-Hive, the newly-opened CoWork space at 1855 First Avenue, Suite 201, San Diego, CA 92103.

To inquire about available space, contact Darin Andersen:

  • darin@cyberhivesandiego.org
  • 619-341-4036

CyberTECH member QuiO (kwee-oh), a San Diego-based digital healthcare company developing smart injection devices and connected cloud-based software for the clinical trial and chronic disease market, announced the closing of a $1.05 million seed round.

The round was led by undisclosed investors with expertise in the health insurance, pharmaceutical and clinical research industries.

Medication non-adherence poses significant clinical and economic problems to healthcare systems globally, especially involving chronic disease patients who must self-inject at home.

The internet of medical things (IoMT) has shown success in addressing the issue, including inhaler sensors, connected pill bottles, and other adherence monitoring devices.

However, patients taking injectable therapies do not have access to such tools today, and average adherence rates can be as low as 50%.  Poor adherence to injectable therapies results in over $14 billion in avoidable medical costs and $22 billion in lost pharmaceutical revenue each year in the United States alone.

“With over 15 million Americans prescribed an injectable therapy today, we see a large and growing need for a comprehensive drug delivery and adherence monitoring solution,” said Alex Dahmani, co-founder and CEO of QuiO.

“Injectable therapies, including biologics and biosimilars, represent the future of medicine, making up nearly half of the pharmaceutical pipeline,” said Dahmani. “These are amazing therapies, and our technology is designed to help them reach their full potential.  We may even help move cancer therapies out of the clinic, enabling patients to safely treat themselves at home.”

QuiO is developing the first real-time adherence monitoring solution for injectable therapies.  The solution is powered by a fully connected drug delivery device platform.

SOURCE: www.quio.com