Ever since government operations and services went online, cybercrimes soared upwards. Now just the central, but also state governments in India are taking initiatives to deploy forces against it. One such initiative is Tamil Nadu’s deployment of cybercrime police stations.

Cybercrime Police Stations in Tamil Nadu

The state police force has identified around 185 engineers employed with the police department itself under various grades – from sub-inspectors to inspectors – to help them crackdown on the rising cybercrimes. This group of individuals come mainly from an engineering background in Electronics and Telecommunication and have undergone a rigorous training program of advanced investigation skills in cyber offenses. This additional training was carried out as a part of a joint initiative with the Indian Institute of Technology – Madras (IIT-M) and SSN College. The officers who have voluntarily agreed to join the core team will be deployed in 46 cybercrime police stations across all major cities including all Commissionerate and district police offices in the state.

The Commissioners or Superintendents of Police can always refer cybercrime complaints to these police stations. However, plans to soon have a State-level CyberCrime Wing are underway. This Wing would be headed by an officer equivalent to the rank of Additional Director-General of Police (ADGP), who would facilitate policy decisions and coordination with other agencies.

Security Tools and Training

Keeping an eye on the latest threat vectors, the state police force is also in talks with the Centre for Development of Advanced Computing (C-DAC) to procure the latest cyber forensic tools. Apart from this, the state police force plans to implement training programs at regular intervals “since capacity-building is a continuous process,” as quoted by a senior police official.

Related News:

Need for Cyber Training! Survey Finds Security Awareness Gaps in Indian Organizations

To know more about certified courses for becoming a cyber forensic investigator, click here.

Indian Government’s Botnet Cleaning and Malware Analysis Centre

We already spoke about the state-level initiative against cybercrimes. But apart from these macro-level initiatives, the Government of India, in association with CERT-In, is also trying to clean-up the cyberspace in the country. And to support this vision, it has launched the “Cyber Swachhta Kendra” (also known as the Botnet Cleaning and Malware Analysis Centre). The operations in this center are carried out by CERT-In under the provisions of Section 70B of the Information Technology Act, 2000. However, it is closely monitored by the Ministry of Electronics and Information Technology (MeitY).

Cyber Swachhta Kendra provides useful information, alerts, and tools that help them secure their devices against botnet and malware infections. It also has several free security tools from popular cybersecurity companies like eScan and Quick Heal, which can be downloaded from here.

Related News:

MicroWorld and CERT-In Collaborate to Enhance Overall Cybersecurity in India

The post Uniformed Engineers Gearing Up to Confront Hooded Cybercriminals in India appeared first on CISO MAG | Cyber Security Magazine.

Related News:

FDA Reveals Potential Vulnerabilities in Certain Medical Devices

More About the First Director

Kevin Fu has been an associate professor of electrical engineering and computer science at the University of Michigan since 2013. He also wears a badge of honor for being the Dwight E. Harken Memorial Lecturer and the founder of the Archimedes Center for Medical Device Security in his career, which spans over more than 20 years.

Fu has always been an advocate of bridging the gap between medicine and computer technology. He believes that the marriage of these two fields is inadvertent in today’s digital world. Looking at his resume and expertise in the associated field of medical device security, it is obvious why he is the most suitable candidate for the job. However, there was one more thing that could have added as brownie points in his selection – his stint as the Federal Advisory Board Member who advised the National Institute of Standards and Technology (NIST).

Fu worked for four years (from 2011 – 2015) with NIST and advised them, the Secretary of Commerce, and the Director of the Office of Management and Budget, on information security and privacy issues about the federal government’s information systems. His responsibilities included a thorough review of proposed standards and guidelines developed by NIST and annually addressing the congress about his findings.

Naturally, his experience of how government policies and agencies work, made him a perfect fit for the position.

Fu’s Immediate Plan of Action

In comparison to a decade ago, today’s medical devices are heavily dependent on computer software. However, Fu states that changing legacy device software is a huge task. And this is what the threat actors seem to be exploiting, as was evident in the recent spate of ransomware attacks on hundreds of hospitals. Thus, keeping the medical devices safe despite the growing cybersecurity risks is Fu’s top priority.

Fu, in an interview for his University’s publication, discussed the importance of building cybersecurity into the design of medical devices itself. He finds it amusing that legal experts, engineers, patients, and clinicians, are all considered as stakeholders, but “there simply is no software security expert at the table.”

Fu also highlighted the importance of imparting security training to manufacturers of both IoT and medical devices. He said, “We are not providing the necessary level of security engineering training that companies need. Right now, though, I’m focused on medical device safety. I’m really looking forward to working at the FDA to help build public trust in the safety and effectiveness of medical devices despite the inherent cybersecurity risks.”

During his 12-month long appointment as the director, Fu shall retain his other positions and appointments, including his work at the University of Michigan.

Related News:

45 Mn Unique Medical Images Exposed Online via Unprotected Servers

The post Meet Kevin Fu – The FDA’s First Acting Director of Medical Device Cybersecurity appeared first on CISO MAG | Cyber Security Magazine.

 Key Highlights 

• A Russian-speaking, non-U.S. citizen working at Tesla’s Gigafactory Nevada was contacted by Egor Igorevich Kriuchkov (conspirator) on July 16, 2020.
• He told the employee about a “Special Project” that would require him to install malware on the company’s system.
• Kriuchkov offered a payout of $1 million for carrying out this activity.
• The employee, however, reported this to its employer who in turn reported it to the FBI.
• The FBI finally arrested Kriuchkov on August 22, 2020, in Los Angeles on the count of “Conspiracy to Intentionally Cause Damage to a Protected Computer” under Title 18, United States Code, Section 371.

The Story, as it Happened

On July 16, 2020, a Russian-speaking, non-U.S. citizen working at Tesla’s Gigafactory Nevada was contacted by another Russian speaking person named, Egor Igorevich Kriuchkov, over WhatsApp under the pretext of meeting him in person in the District of Nevada. The meeting was set for August 1, 2020, at a hotel in Reno, Nevada.

Initially, Kriuchkov befriended Tesla’s employee and spent time with his associates at the employee’s home and other public places. Only after gaining enough trust, on August 3, 2020, Kriuchkov told the employee about a “Special Project” that he and some others were working on, which would require a Tesla insider to install malware on the company’s computer system. This malware would be provided by his co-conspirators and would require him to do a manual installation once. With the help of this malware, the conspirators planned to carry out DDoS attacks on the company’s computer network and search for private and confidential information, probably with the intent of withholding it for a ransom. To woo the employee into carrying out this cybercriminal activity, Kriuchkov offered a $1 million payout to the Tesla employee.

The Earnest Hero

The offer was tempting, but the earnest employee instead turned in the cyber conspirators. He reported these inappropriate advances to the authorities at Tesla, who in turn informed the FBI. The FBI asked the employee to continue communications with the conspirator to expose the entire nexus. Over the next couple of weeks, the FBI wired the Tesla employee and monitored Kriuchkov’s movements. On August 21, 2020, Kriuchkov informed the employee that the plan was getting postponed by a few days and that he shall soon get his money through Bitcoins. He also informed that he was going away for a few days and handed a mobile phone, which he asked to keep on airplane mode until further intimation.

The FBI went on a high alert since this communication and followed Kriuchkov from Reno to Los Angeles (LA), where he drove down on the same night. He was in readiness to flee the country from LA and, thus, the FBI eventually arrested Kriuchkov on August 22, 2020. The cybercriminal was charged under Title 18, United States Code, Section 371, on the count of “Conspiracy to Intentionally Cause Damage to a Protected Computer.”

Tesla CEO Elon Musk accepted that the tech giant avoided a planned cyberattack owing to an earnest employee and acknowledged him on Twitter saying, “Much appreciated.”

Much appreciated. This was a serious attack.

— Elon Musk (@elonmusk) August 27, 2020

However, it’s time for corporates to stay vigilant about such insider threats because, “Buddy, money can make you do things that you don’t want to do.”

The post Tesla Avoids a Cyberattack Bump; Acknowledges the Earnest Employee appeared first on CISO MAG | Cyber Security Magazine.

 Key Findings 

• In Singapore, COVID-19 has accelerated digital transformation by 83% and cloud adoption by 78%.
• Companies in Singapore reported a 61% increase in business productivity since the shift towards remote working, with 81% planning to retain it even after the pandemic is over.
• 51% of Singapore businesses report suffering at least one data breach or cybersecurity incident since moving to remote working.
• 48% of businesses in Singapore do not have an updated cybersecurity strategy/solution in place to protect its remote workforce against potential threats.

COVID-19 is the Transformation Catalyst

According to the study, COVID-19 has been a prime catalyst for accelerated digital transformation and the key component of this transformation is cloud computing. On average, 78% of Singapore businesses have fast-tracked plans to move their data onto cloud. This specifically includes sectors like education (89%), IT and telecommunications (88%), manufacturing & utilities (86%), finance (75%), and healthcare (75%). Of the 204 Singapore-based respondents, 79% believed that embracing digital and the cloud will help reduce the overall IT costs and help support business growth in these testing times.

The Other Side of the Coin

However, the flipside of this unprecedented transformation is the emergence of security challenges for businesses in the new normal. Already, more than half of Singapore’s organizations claim that they have suffered at least one data breach or cybersecurity incident since shifting to the remote working model, and nearly 48% said they expected an incident to occur in the coming month itself.

Another alarming fact is that 53% of organizations allow employees to BYOD (Bring Your Own Device) for conducting office work. Personal devices are beyond traditional and advance security perimeters, and thus pose one of the greatest security threats to any business. Added to this, 48% of organizations in Singapore still do not have an updated cybersecurity strategy/solution. This further exposes the full-time remote workforce currently in place.

What Experts Say

James Forbes-May, Vice President, Barracuda, Asia-Pacific said, “Remote working is here to stay, but security must be addressed, and should not be an afterthought. Singapore businesses remain optimistic and resilient and as a hub of innovation and technology in the region; it’s encouraging to see businesses of all sizes here using this difficult time to accelerate exciting transformation plans. While many companies in Singapore are used to facilitating remote workers, the scale required due to the pandemic has left many companies CIOs and IT departments overstretched, as they jostle with business continuity planning as the key priority.”

“As a financial business center, companies in Singapore are particularly vulnerable to attack from fraudsters keen on exploiting any available weakness. Make sure to educate your employees around potential threats like phishing scams and ransomware. Additionally, have a cloud-enabled cybersecurity solution in place to monitor all traffic across the network. This could be the key to staying safe virtually in these unprecedented times”.

The post Singapore is Seeing Accelerated Digital Transformation, Yet Cybersecurity Remains a Concern appeared first on CISO MAG | Cyber Security Magazine.

McChesney is an industry veteran who has an experience in client-facing roles and served several leadership positions at F5 Networks, Druva, and Visio. He also held roles in Midisoft and Egghead Software.

“I look forward to working closely with the Acronis team on the expansion of a new industry category – cyber protection. It’s clear that traditional backup practices are no longer sufficient, making cyber protection necessary,” said McChesney.

“Steven McChesney will help to extend our global leadership in cyber protection and bring Acronis’ marketing to the next level,” said Acronis Founder and CEO Serguei “SB” Beloussov.

Acronis offers cyber protection, solving safety, accessibility, privacy, authenticity, and security (SAPAS) challenges with innovative backup, disaster recovery, and enterprise file sync and share solutions to enterprises in hybrid cloud environments and on-premises.

Last September, the company secured $147 million in an investment round led by Goldman Sachs reaching to the valuation of over one billion dollars. Serguei Beloussov stated the new proceeds will be used to expand the company’s engineering team, build additional data centers, grow its business reach in North America, and pursue acquisitions.

“In 2018, Acronis achieved 20% business growth, and in 2019 it is on track for over 30% growth with the Acronis Cyber Cloud business growing by over 100%. Recently we announced the Acronis Cyber Platform, enabling third-parties to customize, extend, and integrate our cyber protection solutions to the needs of their customers and partners. The investment round led by Goldman Sachs will help us to fast-track the product development through acquisitions of companies and additional resources, and accelerate the growth.” he said.

The post Acronis Appoints Steven McChesney as Chief Marketing Officer appeared first on CISO MAG | Cyber Security Magazine.

Previously, John served as vice president and account executive in Culmen International and also held various leadership roles at KEYW, SIX3 SYSTEMS, and CACI. He holds more than 25 years of work experience in business development, pipeline development, strategic partnering, and campaign strategy development. In his new position, Johns will lead account management and customer engagement to grow Parsons’ long-standing support to the U.S. Intelligence Community.

Parsons provides next-gen technology to global defense, intelligence, and critical infrastructure markets, with capabilities across cybersecurity, missile defense, space, connected infrastructure, and smart cities.

Commenting on the new appointment, Robert Miller, senior vice president of Parsons’ cyber and intelligence market, said, “John is a proven business executive with total commitment to serving the sophisticated and dynamic technology needs of government agencies charged with national security missions. We will look to John to accelerate our support to the next level, advancing their missions with state-of-the-art technology solutions that deliver insights essential to ensuring strategic advantage.”

The post Johns Joins Parsons’ Cybersecurity Leadership appeared first on CISO MAG | Cyber Security Magazine.

Previously, Vega served as a Managing Director and CISO at CME Group, Inc. and as the Associate Chief Information Officer & CISO for the U.S. Department of Energy and U.S. Immigration & Customs Enforcement in Washington, DC. Vega also held various cybersecurity leadership posts within the Department of Defense (DoD) and the Intelligence Community.

Veeam stated that the new leadership will help the company scale internal security and compliance processes and successfully navigate the complex and evolving Cloud Data Management market as customers strive to secure and protect critical data. Founded in 2006, Veeam provides backup solutions that deliver Cloud Data Management services. It also offers a single platform for modernizing backup, accelerating hybrid cloud, and securing data.

Bill Largent, CEO of Veeam, said, “Data is the most critical asset in any organization, but protecting it against threats, both external and internal, is becoming more complex. Cybersecurity is a top concern for business leaders, which is why they look to Veeam to ensure that their data is managed and protected no matter where it resides. To ensure that we continue to pioneer this space and help build out our offerings across all sectors.”

The post Veeam Software Announces Gil Vega as its New Chief Information Security Officer appeared first on CISO MAG | Cyber Security Magazine.

“Jim will play a pivotal role in driving our technology modernization efforts as we embark on a new chapter in the company’s technology journey to support our future growth, both within our core lodging business and new ventures,” said Stephanie Linnartz, Group President, Consumer Operations, Technology & Emerging Businesses.

The appointment of Scholefield comes after the retirement of Bruce Hoffmeister, former Chief Information Officer at Marriott, who stepped down from his position after working for 30 years with Marriott.

Cybersecurity Pressure at Marriott

Scholefield will have a huge pressure toward guiding the cybersecurity policies of Marriott. Marriott was at the epicenter of a massive breach affecting up to 500 million guests. Hackers extracted people’s personal data as well as loyalty program, payment, reservation information as well as encrypted credit stole card data of 100 million customers. The first breach originated in 2014 at Starwood, which was acquired by Marriott International in 2016. It was uncovered after four years in September 2018, when a security tool alerted about an unauthorized data access. Consequently, the company faced a class-action suit, and its shares also fell around 5.6%.

In July 2019, the UK’s Information Commissioner’s Office (ICO) imposed a £99,200,396 (US$123,705,870) fine on Marriott International, for the data breach. The ICO stated that Marriott failed to protect its customers’ information, violating the EU’s General Data Protection Regulation (GDPR) regulations.

The post Jim Scholefield Joins Marriott International as CIDO appeared first on CISO MAG | Cyber Security Magazine.

The joint survey aims to uncover IT employers’ perceptions during the hiring process. The findings highlighted the importance of cybersecurity degree programs paired with stackable credentials aligned to military job roles and occupations. Of the 256 IT employers who were polled, 86% said that industry certifications aligned to cyber-affiliated U.S. military job roles and occupations play an important role when hiring candidates. In fact, almost half (48%) agreed they are either very important or essential, and 84% consider them to be the “gold standard” when hiring.

“Cyber threats are growing exponentially, and IT employers must ensure that the candidates they are hiring possess the proper education and skills to take on these threats,” said Stephanie Benoit-Kurtz, Lead Cybersecurity Faculty at the University’s Las Vegas Campus. “Organizations often don’t have the time or funding to invest in developing employees, and these industry certifications often provide the minimum standards to prepare professionals to combat today’s cyberthreats.”

Highly regarded cybersecurity industry certifications with aligned job roles and outcomes may be easier to obtain than you think. The survey found that nearly all IT executives (91%) said that they would be likely to provide tuition assistance to an employee seeking to earn a degree that helps prepare for industry certification aligned to U.S. military job roles and occupations.

“We tend to look at the bigger picture of career opportunities as a nation, when we should be focusing on what skills and credentials employers’ value most when considering a candidate,” said Wesley Alvarez, director of academics, EC-Council. “As much as they love to hack, it is paramount that graduating students who achieved these challenging credentials understand how to harness their skills in a professional environment.”

To help prepare the workforce for today’s cybersecurity positions, University of Phoenix and EC-Council have worked together to provide students with opportunities that focus on degrees which help prepare students for industry certifications. The University offers an Associate in Cybersecurity and electives that are aligned to EC-Council certifications. In October, the University received the EC-Council Academia Circle of Excellence Award for its suite of EC-Council certifications. They include:

• End-user security aligned to the Certified Secure Computer User Certification (CSCU)
• Cybersecurity and network defense aligned to the Certified Network Defender Certification (CND)
• Ethical hacking aligned to the Certified Ethical Hacker Certification (CEH)

In addition to these offerings, University of Phoenix this month announced the launch of a certificate in cybersecurity policy and governance aligned to the Certified Chief Information Security Officer Certification (CCISO). The CCISO is an industry-leading certification that helps prepare professionals to succeed in the highest level of information security.

During the polling, IT employers were asked which industry certifications they believe employees should possess and 44% said the Certified Chief Information Security Officer certification. The Certified Network Defender received 38% and Certified Ethical Hacker received 23%.

“The College of Business and Information Technology is dedicated to providing working adult learners access to the education and skills that are in high demand in today’s industries. These certifications can help prepare professionals to stay one step ahead of cyberattackers,” said Kevin Wilhelmsen, Dean of the College of Business and Information Technology. “The CCISO and other certification aligned programs are designed to help working adults balance work and life. Not only will they receive the technical foundation but be able to continue to work in their industry while pursuing their program.”

To learn more about the cybersecurity degrees and certificates offered at University of Phoenix, visit phoenix.edu/degrees/technology/cybersecurity.

For more information on EC-Council offerings, visit http://www.eccouncil.org.

Survey Methodology

This survey was conducted online within the United States by The Harris Poll on behalf of the University of Phoenix from October 10–21, 2019 among 256 U.S. adults aged 18 and older who are employed full-time at a company with 100 or more employees, work in IT, and have the job titles of CTO, CIO, Chief Security Officer, Chief Information Security Officer, Information Security Manager, Director of Information Security, or Cybersecurity Manager. Data were weighted where necessary by employee size to bring them into line with their actual proportions in the population. For the purposes of this report, qualified respondents will be referred to as “IT executives.” For complete survey methodology, please contact mcooper.nelson@phoenix.edu.

About University of Phoenix

University of Phoenix is innovating to help working adults move efficiently from education to careers in a rapidly changing world. Flexible schedules, relevant and engaging courses, and interactive learning can help students more effectively pursue career and personal aspirations while balancing their busy lives. University of Phoenix serves a diverse student population, offering associate, bachelor’s, master’s and doctoral degree programs online and from select campuses and learning centers. For more information, visit phoenix.edu.

About EC-Council

EC-Council’s sole purpose is to build and refine the Cybersecurity profession, globally. We help individuals, organizations, educators, and governments address global workforce problems through the development and curation of world-class Cyber Security Education programs and their corresponding certifications and provide cybersecurity services to some of the largest businesses globally. Trusted by 7 of the Fortune 10, 47 of the Fortune 100, the Department of Defense, Intelligence Community, NATO, and over 2000 of the best Universities, Colleges, and Training Companies, our programs have proliferated through over 140 Countries and have set the bar in Cyber Security Education. Best known for the Certified Ethical Hacker program, we are dedicated to equipping over 230,000 information age soldiers with the knowledge, skills and abilities required to fight and win against their black hat adversaries. EC-Council builds individual and team/organization cyber capabilities through the Certified Ethical Hacker Program, followed by a variety of other Cyber programs including Certified Secure Computer User, Computer Hacking Forensic Investigator, Certified Security Analyst, Certified Network Defender, Certified SOC Analyst, Certified Threat Intelligence Analyst, Certified Incident Handler, as well as the Certified Chief Information Security Officer. We are an ANSI 17024 accredited organization and have earned recognition by the DoD under Directive 8570/8140, in the UK by the GCHQ, CREST, and a variety of other authoritative bodies that influence the entire profession. Founded in 2001, EC-Council employs over 400 people worldwide with 10 offices in USA, UK, Malaysia, Singapore, India and Indonesia. Our US offices are in Albuquerque, NM and Tampa, FL.

The post Industry Certifications Aligned to Cyber-Affiliated U.S. Military Job Roles are Important when Hiring Candidates: Survey appeared first on CISO MAG | Cyber Security Magazine.

A report from Cybersecurity Ventures suggests that cybercrime damages will cost the world US$6 trillion annually by 2021. Thus, law enforcement agencies like TMPD need to revamp their traditional law enforcement tactics and embrace the latest cybersecurity toolsets and expertise to counter the rising global cyberthreat scenario.

Wesley Simpson, COO, Chief Operating Officer of (ISC)², said, “It’s become increasingly important that we arm our law enforcement and government agencies with the tools they need to keep us safe and secure in digital environments, and the Tokyo Metropolitan Police Department is taking steps to grow cybersecurity competencies within Japan.” Matsushita Tokuya, Deputy Director of Cyber Security Control Task Force and Assistant Commissioner at the Tokyo Metropolitan Police Department further added that, “This partnership will help our men and women fighting on the front lines of cybersecurity. It will help our cause of better (cybersecurity) protection to the people of Tokyo.”

Earlier, during the launch of the annual cybersecurity month on February 3, 2020, Chief Cabinet Secretary Yoshihide Suga, emphasized that the government of Japan is making every possible effort to enhance its cybersecurity posture and called for greater awareness towards it. Japan also allocated 25.6 billion yen (approximately US$23.2 billion) in its defense budget for this fiscal year to improve its cybersecurity posture. Along with this, Japan also plans to increase the headcount of its cybersecurity unit, which was established in 2014, from 220 to 290 personnel.

The post Tokyo Metropolitan Police Department and (ISC)2 Unite Against Cybercrime appeared first on CISO MAG | Cyber Security Magazine.