Resources

Republished from October 2019

Last week I was asked by one of the 24-hour news networks to comment on camera about Jared Kushner’s use of WhatsApp for official White House business. The news network wanted my thoughts on the vulnerabilities and risks associated with this behavior. My first thought was that this was outside the core focus of what we do at GroupSense, but before I declined I gathered my thoughts on the topic. I quickly realized that this falls squarely in line with the GroupSense mission. Since the networks only want sound bites, I thought I would crystalize the concerns with greater context here. It is my intention to make this post apolitical, but in today’s climate, people are likely to trigger on the particular individual, so replace “Mr. Kushner” with “WH Staffer with critical national intelligence information”, and the risks remain.

Twitter is a fun and easy way to engage with pop culture and maybe even spark a spirited discussion. Many of us on twitter can retweet/share without thinking or researching what tweets truly say, causing them to spread quickly to a larger audience. But, the sad fact is, some tweets might end up being misinformation or disinformation, especially politically-oriented tweets.

In August 2020, Microsoft posted an article focused on email authentication utilizing their Azure Active Directory (AD) authentication and the use of Multi-Factor Authentication (MFA).

The dark web has been around for 20 years, and in “celebration” we’ve put together a timeline of the major events from these past two decades. It’s important to note that many events have formed it into the dark web we see today. This is only a taste of its history…

Using biometrics for authentication has always been a source of controversy. At face value, it seems like a fool-proof way to authenticate users (everyone has unique fingerprints, right?). But dig a level deeper, and biometric access management systems store that fingerprint (or iris, or facial map, or walking gait) as data. And, we all know what happens to data if it’s not protected properly. Which brings us to the big problem with biometrics: while passwords can be changed if there’s a data breach, fingerprints and other biometric data are permanent. One breach of a biometrics database is all it takes for someone to lose their identity for a lifetime.

As a CISO, you constantly worry if today is the day you’ll have a security incident. It’s a common problem. There are huge expectations on you and your team, but the support from the business is not always in line with those expectations.

Stolen digital information accelerates and enables fraud. This simple truth is changing the way organizations think about protecting themselves from fraudsters. A recent example drives this point home. Ridesharing has become part of our daily life—Uber and Lyft are ubiquitous across the United States and abroad. Not long ago, someone began ordering rides and then contacting the drivers via phone. This is possible given that rideshare applications offer up the driver’s phone number once a ride is hailed. The fraudster would spoof the calling number to look like it came from the rideshare HQ and then tell the driver to cancel their ride with “Mark,” which the driver recognized as the passenger’s name, and pull over.

One of the most fundamental aspects in the world of intelligence is the application of a process known as The Intelligence Cycle.  It enables intelligence professionals regardless of the area of focus – from Counterterrorism to Cyber security – to establish a plan of action and execute on that plan to deliver a high-quality intelligence product to the client.