Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cybesecurity. Show all posts

Digital Guardianship: A Call to Arms for Safeguarding Our Children's Future

 


It is no longer news that children's lives are becoming increasingly impacted by the digital realm in our modern world. There are a wide array of educational resources, entertainment, and social connections available on the Internet. Despite this, it is possible to have a lot of online threats and vulnerabilities for children as a result of such a digital transformation. 

As parents, educators, policymakers, and technology companies begin to come together to create a younger generation's online ecosystem which promises to be a safer one, it is clear that the importance of protecting children online has never been more apparent. 

Campaigners have welcomed a set of new regulations regulating how online services should deal with children's data as they become effective as the regulations are set to take effect soon. It has been mandated that websites and apps take into account the “best interests” of their child users from Thursday onwards, to avoid fines of up to 4% of global revenue. 

The Age Appropriate Design Code was written into law as part of the 2018 Data Protection Act, which implemented GDPR for the UK as well. The most traumatic thing a parent can go through is receiving a communication from a hacker informing them that their child's most sensitive information is slated to be exposed on the Internet unless the school pays a ransom to get the information back. 

The information includes passports and birth certificates, profile pictures, and classroom location information.  As a result of a horrendous situation that occurred recently in Nevada, Clark County School District (CCSD) was regarded by many as being the nation's fifth-largest school system, serving nearly 300,000. 

The nightmare continues, with parents in the district losing track of what's going on at school and more informing themselves about what's happening through hackers than through school officials, who seem less transparent about what's happening since the district suffered a breach two years ago. There has been a marked change in the way children encounter information, communicate, and entertain themselves during the last few decades, largely due to the exponential growth of the digital landscape. 

Although the digital revolution has brought us a great deal of convenience, it has also introduced several dangers to children's physical, mental, and emotional health. As a result of the vast expanse of the Internet, there is a constant threat of exposure to inappropriate content, which includes violence, explicit material, and hate speech, which can be accessed by children inadvertently, leading to harmful effects on their development. 

The issue of cyberbullying is one of increasing concern as children are increasingly likely to be targeted by online harassment, cyberbullying, and social media pressures and rules. This can lead to emotional distress and other mental health problems in children. 

Identifying thefts, online tracking, and data breaches are among the serious risks that children face when sharing their personal information online, bringing their identities into danger. In addition to screen time causing addiction, it also plays a role in challenging physical activity and can have undesirable effects on children's cognition and social development when excessive screen use occurs. 

Making The Digital World a Safer Place 


Parental Involvement 


To foster responsible behaviour online and educate children about the risks and dangers associated with the internet, we need to have open and honest communication with them.

To monitor and regulate their child's online activities, parents can take advantage of parental control software, which provides them with the ability to set settings that restrict how their child may use his or her devices and how he or she may access certain websites or applications. 

Children's online safety can be enhanced by the following actions by tech companies: 


Enhancing Safety Features in their Platforms: Aside from content filtering, security reports, and privacy controls within their platforms, companies are creating features and tools at a high level to enhance online safety. 

To reduce risks for young users, age-appropriate designs were created to minimize the risks associated with those interfaces and contents. 

A new White House initiative aims to create a cyber workforce and educational framework for children to enhance the importance of cyber education in the formative years of life. As states such as New York have introduced computer science and data fluency standards in their education systems, these measures are still falling short of what state education systems need. 

It is the same idea as teaching children not to start a fire when it comes to the current goal of digital proficiency. The need to go beyond the current situation and provide children with the skills to extinguish fires goes beyond the mandate. 

To deal with this, it is necessary to provide children with comprehensive cyber-hygiene training - informing them about how to protect their data while in transfer, how to protect their online identities, and how to effectively deal with attacks. Many aspects of child online protection must be addressed for the issue to be resolved with immediate effect. 

As a result of the statistics presented in this article, it becomes evident that there is a grave problem that has to be addressed and the necessity of collaborative efforts is pressing.. Our children need to be educated, regulated, and encouraged to use technology responsibly for us to create a safer digital environment for them.

Cloud Data Theft is Booming According to CrowdStrike

 

An industry-leading cybersecurity company known as CrowdStrike reported that it had seen the largest increase in adversaries in one year. This was in comparison with what it had observed in the past. There was an increase in cloud attacks by 95% according to the study, which identified 33 re-new threat actors, approximately three times as many cases from 2021 involving cloud-conscious actors as they did in 2022. 

As a result of these trends, CrowdStrike believes that it will become more common for e-currency and nation-state actors to use their tradecraft and knowledge to greatly exploit cloud environments in the future, it stated in its global threat report for 2023. 

There has been a shift among bad actors away from deactivating antivirus and firewall technologies, and away from efforts to tamper with logs. Instead, they have turned toward modifications to authentication processes and attacks on identities, according to the report. 

There has been a dramatic rise in identity theft as a result of a wide range of threats. Identifying and privileged access credentials are among the most common targets targeted by hackers. Why? On the dark web, attackers want to sell compromised information to third parties for high prices to become access brokers and make money off the stolen information. 

As attackers reinvent themselves as access brokers, CrowdStrike's report provides a sobering look at their emergence. There is a 20% increase in adversaries engaging in extortion campaigns and theft of data related to the cloud as per the report. 

A broader analysis revealed an increase of 33 new adversaries in just one year. This was the biggest increase in the number of adversaries ever! Recent telecommunications, BPO, tech, and BPO companies have been the victims of sophisticated attacks carried out by both Scattered Spider and Slippery Spider malware. 

Cloud Security is Hampered by Overcast Skies

In addition to the multitude of new and unknown threat actors that CrowdStrike's report uncovered, CrowdStrike's report also noted a surge in identity-based threats, cloud exploits, national intelligence services, and attacks that re-pointed to previously patched vulnerabilities as weapons of mass destruction.

CrowdStrikeFalcon OverWatch measures the break-through time of adversaries according to the report by determining how far a compromised host is from a second host within the victim environment or how long the adversaries have to move laterally within the victim environment to gain access to the compromised host. This report from the National Institute on Crime and Law Enforcement suggests that for interactive eCrime intrusions, the average breakthrough time has decreased from 98 minutes in 2021 to 84 minutes in 2022. 

To minimize costs and ancillary damages caused by attackers, CISOs and their teams must respond more quickly as the breach window shrinks, and as attack windows become shorter. The 1-10-60 rule is one that CrowdStrikes recommends security teams follow: detect threats within the first minute, understand them within the first 10 minutes, and respond within the first 60 minutes.

It is well known that hackers, nation-states, and cybercriminals are growing at an exponential rate around the world. 

In an announcement made by Meyers, CrowdStrike has added Syria, Turkey, and Columbia to its list of malicious host countries it has already identified. As a result of interactive intrusions, Meyers reported there was a 50% increase compared to last year. Human adversaries try to bypass the computer's and antivirus defenses, contributing to the rise in human-computer crime. 

The Microsoft company published 28 zero days and 1,200 patches; however, only two out of 28 of those patches and zero days were exploited by nation-nexus and cybercriminal adversaries, who circumvented patches and bypassed mitigations, exploiting legacy vulnerabilities such as Log4Shell and keeping up with ProxyNotShell and Follina vulnerabilities. 

Engineers and Cloud Defenders Must be Versatile 

A variety of techniques are used by attackers to inject themselves into cloud environments and move laterally once they have entered them. There’s no doubt that CrowdStrike’s data shows an increase in both the number of valid cloud accounts used for initial cloud access and the number of public-facing applications being deployed. Also, according to the company, there has been an increase in the number of actors who are attempting to discover cloud accounts as opposed to cloud infrastructures and using legitimate higher-privileged accounts when looking for cloud accounts. 

To be successful in the cloud computing field, engineers need to be more versatile than ever before. For a business or enterprise to succeed, they need to be able to manage, plan, architect, monitor, and anticipate issues regarding cloud security and manage them as part of a continuous process.