Posts

NowSecure’s Brian Reed: Agencies Need Continuous Monitoring Model to Protect Mobile App Portfolios



Brian Reed, chief mobility officer at NowSecure, said government agencies should have programs in place to facilitate continuous monitoring of mobile applications to detect and address vulnerabilities that could pose security risks to employees and data.

Reed wrote that agencies should commit to ensuring the security of mobile apps and establish mission data protections and access restrictions.

He called on agencies to conduct a thorough review of employees’ access to mission-oriented apps by developing “profile differences based on levels of device control and authority versus mission requirements.”

Agencies should come up with a vetting program for mobile apps, which Reed said involves three stages. The initial stage calls for organizations to develop an inventory of all the devices and apps on the network and the second phase requires the establishment of a process for assessing new applications. The last stage focuses on continuous monitoring of every mobile app’s new version once it is launched.

“By understanding and addressing the risks associated with mobile apps, agencies can support employee productivity with mobile tools while protecting mission data on the device, in the apps and over the network,” Reed noted.

He cited NowSecure’s automated software offering and how it helps agencies perform continuous app monitoring to safeguard their app portfolios.

Source…

Cybersecurity jobs in Government Agencies


Cybersecurity

As technology continues to play a fundamental role in our day-to-day lives, it’s critical to protect the digitization we use, including data, applications, networks, and devices. It becomes crucial to educate technology end-users about the steps they should take to keep themselves safe. Cybersecurity jobs allow individuals to help government agencies and private organizations protect their information and assets from a broad range of cyberattacks.

With attacks like ransomware, malware, social engineering, and more on the rise, virtually every major company and government department rely on a trained team of specialists to help prevent loss from cybercrimes. Cyber Security Specialist, Cyber Threat Analyst, Network Security Engineer, Cyber Security Analyst, and more are crucial cybersecurity jobs.

Here is the list of the top 10 cybersecurity jobs in Government Agencies across the globe:

 

Cyber Security Specialist- The USA Department of State

As a cyber security specialist, your role will be to ensure that systems are continuously monitored to include the latest patch levels and for compliance with configuration guidance. Also, review the emerging threat and vulnerability notifications as part of the monitoring phase, and create risk-based security notifications whenever new vulnerabilities are discovered, or new threats emerge. Report IT security incidents (including computer viruses) in accordance with established procedures and serve as an information security advisor for annual reviews for all agencies on audits. As a cyber security specialist, you will also work closely with the regional system administrators in their regions to share information on systems issues. It is one of the best cybersecurity jobs currently available in the world.

 

Cyber Threat Analyst– CIA

As a Cyber Threat Analyst at the CIA, you will conduct all-source analysis, digital forensics, and targeting to identify, monitor, and counter threats posed by foreign cyber actors against the USA information systems, critical infrastructure, and cyber-related interests. Analysts will apply their scientific and technical knowledge to solve complex intelligence problems, produce short-term and long-term written…

Source…

Russian Intelligence Agencies Relying on ‘Bruce Force’ to Hack America


Recently, the U.S. and British intelligence communities issued an advisory uncovering the “Brute Force” cyber techniques used by the Russian GRU intelligence agency against hundreds of Western government and private targets. These revelations come in the wake of months of successive cyberattacks against American and European targets, including the SolarWinds, which saw Russian and Chinese hackers gain access to U.S. government systems, and Colonial Pipeline, which interfered with the flow of fuel on America’s East Coast this past May.

According to the Intelligence Community, the GRU cyberattacks started from the middle of 2019 and are likely still ongoing, with the GRU’s 85th Main Special Service Center (GTsSS) unit 26165 identified as the main perpetrator behind the attacks. The goal of this cyber warfare campaign is to access protected and classified databases in order to purloin information, but also to pave the way for future breaches.  

The advisory is a joint product of the U.S. National Security Agency (NSA), the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the British Government Communications Headquarters (GCHQ), the U.K.’s signals intelligence agency. 

Related: America needs new covert options for Great Power Competition

KGB Reloaded: Russian Intelligence

The Russian intelligence apparatus is composed of four main agencies.

The SVR (Sluzhba vneshney razvedki Rossiyskoy Federatsii) is the external intelligence agency that focuses on foreign intelligence collection and is often compared to America’s CIA. While not entirely accurate, the comparison is somewhat apt.

The FSB (Federal’naya sluzhba bezopasnosti Rossiyskoy Federatsii) is the internal security and counterintelligence service that focuses on domestic intelligence, and is roughly the equivalent of America’s FBI.

The GRU (Glavnoje Razvedyvatel’noje Upravlenije) is the military foreign intelligence service that commands the Spetsnaz special operations units and a very rough equivalent of the U.S. Defense Intelligence Agency (DIA) and the Joint Special Operations Command (JSOC).

Finally, the FSO (Federalnaya sluzhba okhrany) protects the Russian president but also…

Source…

How disinformation monitoring helps agencies break down attacks — GCN


online disinformation (SkyPics Studio/Shutterstock.com)

INDUSTRY INSIGHT

How disinformation monitoring helps agencies break down attacks

As hacks, ransomware attacks and data breaches continue to make their way into the spotlight, it can be easy to forget about another more subtle, yet perhaps more sinister, aspect of cyberwarfare: disinformation and influence campaigns.

As we’ve seen in recent years, instances of disinformation campaigns and cyberattacks targeting government agencies have increased, making monitoring tools vital in the fight against interference within elections, government initiatives, public health crises and more. Nefarious campaigns within these spaces can easily reach mainstream consumers, drawing more attention to false and even harmful narratives.

These efforts are believed to primarily target the U.S., based on data pulled from Facebook. The Justice Department recently seized 36 websites, linked to Iranian news website domains that were believed to be launching disinformation campaigns against the U.S. With tensions already on the rise, now is the perfect time for agencies to consider platforms and tools that can help them monitor and counter disinformation.

Disinformation detection platforms offer specific tools that help in identifying these attacks and breaking them down. An attack against a government agency will certainly affect the agency itself, but the impact on social media users and constituents could be even more damaging. As many across the U.S. saw last fall, false narratives about the election amplified by influential authors can take social media by storm. While Facebook, Twitter and YouTube all vowed to “clamp down on election misinformation,” false statements made by former President Donald Trump circled Twitter and were shared and engaged with widely, despite being flagged as “misleading.”

Through semi-supervised machine-learning algorithms, monitoring platforms can detect disinformation by defining suspicious behavior parameters and flagging unusual activity. Over time, the algorithm…

Source…