Tag Archives: cybersecurity

🛡️ Cyberattack on St. Paul Disrupts Systems, Triggers National Guard Response: A Wake-Up Call for City Infrastructure and Public-Private Security

Fig. 1. St. Paul Cyber Attack, St. Paul, 2025.

A major cyberattack brought critical systems across the City of St. Paul to a halt this week, prompting Governor Tim Walz to take the rare step of activating the Minnesota National Guard’s 177th Cyber Protection Team through Executive Order 24-25. The breach, which has yet to be fully disclosed in technical detail, forced the shutdown of municipal networks, libraries, payment systems, and internal applications—raising alarms about the fragility of local government infrastructure in the digital age.

This crisis has not only impacted operations but also exposed deeper vulnerabilities—from disruption of city services to potential legal and evidentiary breakdowns, especially concerning the chain of custody for digital evidence and sensitive case management platforms used by law enforcement and legal teams.

“The cyberattack… has resulted in a disruption of city services and operations, and the city has requested assistance from the State of Minnesota in the form of technical expertise and personnel,” Gov. Walz stated in the executive order. “The incident poses a threat to the delivery of critical government services.” (Walz, 2025)

Legal and Infrastructure Ramifications:

One often overlooked consequence of cyberattacks on public systems is the risk to legal integrity. City governments often store digital evidence for court cases, police body cam footage, and case records within networked systems. When such systems are compromised or taken offline, the chain of custody—a legal requirement for maintaining the integrity of evidence—may be broken. This could lead to dismissed charges, delayed court proceedings, or contested verdicts.

Beyond the courts, St. Paul’s systems underpin essential infrastructure. From 911 backend operations to building permits, utility management, and emergency communications, these disruptions ripple into residents’ lives and civic trust. Any delay in fire dispatch systems, real-time weather alerts, or even payroll processing for emergency responders can escalate into broader crisis.

Why Public-Private Partnerships Are Essential:

The attack illustrates the need for stronger collaboration between public entities and private cybersecurity firms. Municipalities often operate with limited budgets, aging infrastructure, and insufficient security staff. In contrast, private-sector vendors—ranging from cloud security providers to endpoint monitoring specialists—offer scalable defenses and expertise that cities can’t always sustain in-house.

Governor Walz’s executive order underscores this reality, stating:

“Cooperation between the Minnesota Department of Information Technology Services (MNIT), the National Guard, and other partners is necessary to protect public assets and respond to cybersecurity threats.” (Walz, 2025)

This partnership must also extend beyond technical vendors. Insurance carriers, legal risk consultants, and incident response firms should be part of proactive city planning, not just post-breach triage.

The Human Factor: Employee Training Matters:

While technical systems are critical, human error remains the top vector for cyberattacks, especially through phishing and social engineering. A well-crafted phishing email clicked by a single city employee can introduce malware into core systems.

St. Paul’s situation shows how cybersecurity education is no longer optional. Ongoing staff training—including:

  • Simulated phishing attacks
  • Clear escalation protocols
  • “Stop and verify” culture for email attachments and access requests

…is essential. Cities should treat their staff as the first line of defense, not just passive users.

The Road Ahead: What Cities Must Do Now:

The cyberattack on St. Paul should serve as a regional and national inflection point. Other cities must take this as a cue to reassess their cyber posture through the following:

Strategic Priorities:

  1. Zero Trust Implementation Limit internal access and require constant authentication, even for trusted users.
  2. Third-Party Risk Audits Review vendors, contractors, and outsourced services for security gaps.
  3. Resilient Backup and Recovery Ensure data is stored offsite and tested regularly for recovery readiness.
  4. Legal and Digital Forensics Planning Build frameworks for protecting the chain of custody in case of breach.
  5. Integrated Public-Private Playbooks Define shared roles between city staff, Guard units, and private partners in cyber response drills.
  6. Community Transparency Proactively inform the public about risks, responses, and what’s being done to rebuild digital trust.

Final Thoughts:

The breach in St. Paul is not just a local IT issue—it is a civic security event that affects courts, emergency services, legal integrity, and public confidence. Governor Walz’s activation of the National Guard is a bold signal that digital defense is now a matter of public safety.

“Immediate action is necessary to provide technical support and ensure continuity of operations,” reads Executive Order 24-25 (Walz, 2025).

Moving forward, public-private partnerships, cybersecurity training, and legal readiness must become foundational to how cities govern in the digital era. The stakes are no longer theoretical—they are real, operational, and deeply human.

References:

  1. FOX 9. (2025, July 29). Gov. Walz activates National Guard after cyberattack on city of St. Paul. https://www.fox9.com/news/gov-walz-activates-national-guard-after-cyberattack-st-paul
  2. KSTP. (2025, July 29). City of St. Paul experiencing unplanned technology disruptions. https://kstp.com/kstp-news/top-news/city-of-st-paul-experiencing-unplanned-technology-disruptions/
  3. League of Minnesota Cities. (2024, October). Cybersecurity Incident Reporting Requirements for Cities. https://www.lmc.org/news-publications/news/all/fonl-cybersecurity-incident-reporting-requirements/
  4. Reddit. (2025, July 29). Minnesota National Guard activated after city cyberattack [Discussion threads]. https://www.reddit.com/r/minnesota
  5. Walz, T. (2025, July 29). Executive Order 24-25: Activating the Minnesota National Guard Cyber Protection Team. Office of the Governor, State of Minnesota. https://mn.gov/governor/assets/EO-24-25_tcm1055-621842.pdf

About the Author:

Jeremy Swenson is a disruptive-thinking security entrepreneur, futurist/researcher, and senior management tech risk consultant. Over 17 years, he has held progressive roles at many banks, insurance companies, retailers, healthcare organizations, and even government entities. Organizations appreciate his talent for bridging gaps, uncovering hidden risk management solutions, and simultaneously enhancing processes. He is a frequent speaker, podcaster, and a published writer – CISA Magazine and the ISSA Journal, among others. He holds a certificate in Media Technology from Oxford University’s Media Policy Summer Institute, an MBA from Saint Mary’s University of MN, an MSST (Master of Science in Security Technologies) degree from the University of Minnesota, and a BA in political science from the University of Wisconsin Eau Claire. He is an alum of the Cyber Security Summit Think Tank , the Federal Reserve Secure Payment Task Force, the Crystal, Robbinsdale and New Hope Citizens Police Academy, and the Minneapolis FBI Citizens Academy. He also has certifications from Intel and the Department of Homeland Security.

Digital vs. Physical Heists: Does Crypto Theft Impact Cryptocurrency Value?

Fig. 1. Digital vs. Physical Financial Theft Graphic, Jeremy Swenson, 2025.

Minneapolis—

Cryptocurrencies have revolutionized the financial landscape, offering decentralized and borderless transactions. However, the rise of crypto fraud and theft poses significant challenges to the stability and perception of digital currencies. With large-scale hacks and scams frequently making headlines, the question arises: do these fraudulent activities ultimately raise or lower the value of cryptocurrencies? This article examines the immediate and long-term effects of crypto theft on digital asset valuation, comparing these incidents with traditional cash heists and analyzing market reactions, investor psychology, and regulatory responses.

High-Profile Crypto Thefts and Their Immediate Impact:

One of the most significant incidents in recent history is the Bybit exchange hack in February 2025, where approximately $1.5 billion worth of Ethereum was stolen during a routine transfer from a cold wallet to a warm wallet. The breach led to a temporary decline in Ethereum’s value and prompted over 350,000 withdrawal requests from concerned users. Bybit’s CEO, Ben Zhou, assured clients of the company’s solvency and commitment to reimbursing affected users, highlighting the exchange’s $20 billion in assets to cover the losses.[1] Yet this is hard to believe considering the firm’s newer status. This event underscores the immediate negative impact such breaches can have on cryptocurrency values and investor confidence.

Similarly, the 2016 Bitfinex hack resulted in the theft of 119,756 Bitcoins, causing a sharp decline in Bitcoin’s price by 20%. The exchange managed to recover and reimburse affected users over time, but the incident highlighted vulnerabilities in crypto security and the potential for significant market disruptions.[2] Other major breaches, such as the infamous Mt. Gox collapse in 2014 and the Ronin Network hack of 2022, further illustrate how large-scale thefts can shake the market.[3]

Digital Heists vs. Traditional Bank Robberies:

The magnitude of the Bybit crypto heist becomes more striking when compared to traditional bank robberies. Stealing $1.5 billion in cash presents substantial logistical challenges. For instance, $1 billion in $100 bills weighs approximately 10,000 kilograms (22,046 pounds) and would occupy significant physical space.[4] Transporting such a massive amount would require meticulous planning, heavy machinery, and considerable risk of detection.

In contrast, the largest cash robbery in U.S. history, the Dunbar Armored robbery in 1997, involved the theft of $18.9 million.[5] This amount, while substantial, pales in comparison to the $1.5 billion stolen digitally from Bybit. The largest known cash heist globally was the 2005 Banco Central burglary in Brazil, where thieves stole approximately $70 million by tunneling underground to access the vault.[6] Even this record-setting crime is dwarfed by the scale and ease of execution of digital heists, which require no physical transport or direct confrontation with law enforcement.

Statistical Trends in Crypto Fraud and Theft:

The prevalence of crypto-related fraud and theft has seen a marked increase over the years. In 2022, the FBI reported that Americans lost over $2.57 billion to cryptocurrency investment fraud, a staggering 183% increase from the previous year.[7] This figure represented more than two-thirds of all internet investment scam losses reported that year. By 2023, losses had escalated to over $5.6 billion, indicating a 45% surge from 2022.[8] These statistics reflect a growing trend of illicit activities within the crypto space, which can erode investor trust and negatively impact cryptocurrency values.

Long-Term Effects on Cryptocurrency Value:

While immediate reactions to fraud and theft often result in sharp declines in cryptocurrency values, the long-term effects can vary. In some cases, the market demonstrates resilience, with values rebounding as security measures are enhanced and regulatory frameworks are strengthened. For instance, despite the significant losses from various hacks and scams, the overall market capitalization of cryptocurrencies has continued to grow over the past decade.[9]

However, persistent incidents of fraud and theft can lead to increased volatility and deter potential investors, hindering mainstream adoption. The perception of cryptocurrencies as high-risk assets may be reinforced, leading to more cautious investment approaches and potentially suppressing value growth. Large institutional investors, who could provide market stability, may hesitate to enter the crypto space due to security concerns.[10]

Regulatory Responses and Market Confidence:

Regulatory bodies worldwide are becoming increasingly vigilant in addressing crypto-related fraud and theft. Enhanced regulations aim to protect investors and ensure the integrity of the financial system. While some argue that increased regulation may stifle innovation, others believe it is essential for building trust and stability in the crypto market.[11]

For example, the U.S. government’s recovery of funds from the Bitfinex hack and the subsequent legal actions against the perpetrators demonstrate a commitment to combating crypto-related crimes. Such actions can bolster investor confidence, potentially leading to a positive impact on cryptocurrency values over time.[12] Similarly, stricter Know Your Customer (KYC) and Anti-Money Laundering (AML) requirements for crypto exchanges have been implemented to deter illicit activities and restore trust in the industry.

Conclusion:

Crypto fraud and theft present significant challenges to the stability and perception of cryptocurrencies. While the immediate consequences often include sharp value declines and shaken investor confidence, the long-term impact hinges on the industry’s ability to strengthen security, implement effective regulations, and promote transparency. For crypto thieves and threat actors, the profitability of theft can incentivize further attacks, potentially driving up cryptocurrency values. The real question is: how much theft and insecurity can the system withstand before it collapses, or will its architects continue propping it up just long enough to cash out? As the crypto ecosystem evolves, addressing these vulnerabilities is essential for sustaining growth and maintaining public trust.

About the Author:

Jeremy Swenson is a disruptive-thinking security entrepreneur, futurist/researcher, and senior management tech risk consultant. Over 17 years, he has held progressive roles at many banks, insurance companies, retailers, healthcare organizations, and even government entities. Organizations appreciate his talent for bridging gaps, uncovering hidden risk management solutions, and simultaneously enhancing processes. He is a frequent speaker, podcaster, and a published writer – CISA Magazine and the ISSA Journal, among others. He holds a certificate in Media Technology from Oxford University’s Media Policy Summer Institute, an MBA from Saint Mary’s University of MN, an MSST (Master of Science in Security Technologies) degree from the University of Minnesota, and a BA in political science from the University of Wisconsin Eau Claire. He is an alum of the Cyber Security Summit Think Tank , the Federal Reserve Secure Payment Task Force, the Crystal, Robbinsdale and New Hope Citizens Police Academy, and the Minneapolis FBI Citizens Academy. He also has certifications from Intel and the Department of Homeland Security.

References:

  1. “Hackers steal $1.5bn from crypto exchange in ‘biggest digital heist ever,'” The Guardian, February 23, 2025.
  2. “Bitcoin Exchange Bitfinex Hacked, Loses $72 Million,” Reuters, August 3, 2016.
  3. “The Mt. Gox Bankruptcy and Its Lasting Impact on Crypto,” CoinDesk, March 2022.
  4. “Money Weight Calculator,” Good Calculators.
  5. “Dunbar Armored robbery,” Wikipedia.
  6. “The Biggest Bank Robbery in History,” Guinness World Records.
  7. “Fact Sheet: Crypto Harms by the Numbers,” Americans for Financial Reform, May 2024.
  8. “Americans lost $5.6 billion last year in cryptocurrency fraud scams,” AP News, September 2024.
  9. “Cryptocurrency Market Capitalization Hits New High Despite Scams,” Bloomberg, January 2025.
  10. “How Institutional Investors Approach Cryptocurrency,” Financial Times, November 2024.
  11. “How Global Regulators Are Cracking Down on Cryptocurrency Fraud,” Financial Times, December 2024.
  12. “US Recovers $3.6B Stolen in Bitfinex Hack, Arrests Two,” CNBC, February 8, 2022.

Digital Horizons: 8 Transformative Trends Reshaping AI, Cybersecurity, Strategy, and Crypto for a Smarter 2025

Fig. 1. Digital Horizons Infographic, Jeremy Swenson, 2025.

Minneapolis—

The rapid technological developments of 2024 have established a foundation for significant shifts in artificial intelligence (AI), cybersecurity, digital strategy, and cryptocurrency. Business executives, policy leaders, and tech enthusiasts must pay attention to these key learnings and trends as they navigate the opportunities and challenges of 2025 and beyond. Here are eight insights to keep in mind.

1. AI Alignment with Business Goals:

2024 underscored the importance of aligning AI initiatives with overarching business strategies. Companies that successfully integrated AI into their workflows—particularly in areas like customer service automation, predictive analytics, tech orchestration, and supply chain optimization—reported not only significant productivity gains but also enhanced customer satisfaction. For instance, AI-powered tools allowed firms to anticipate customer needs with remarkable accuracy, leading to a 35% improvement in retention rates. However, misalignment of AI projects often resulted in wasted resources, showcasing the need for thorough planning. To succeed in 2025, organizations must create cross-functional AI task forces and establish KPIs tailored to their unique business objectives.[1]

2. The Rise of Responsible AI:

As AI adoption grows, so does scrutiny over its ethical implications. 2024 saw regulatory frameworks such as the EU’s AI Act and similar policies in Asia gain traction, emphasizing transparency, accountability, and fairness in AI deployments. Companies that proactively implemented explainable AI models—capable of detailing how decisions are made—not only avoided legal risks but also gained consumer trust. Moreover, organizations adopting responsible AI practices observed better team morale, as employees felt more confident about using ethically sound tools. The NIST AI Risk Management Framework is a good start. Leaders in 2025 must view responsible AI as a strategic advantage, embedding ethical considerations into every stage of AI development.[2]

3. Cyber Resilience Becomes Non-Negotiable:

The escalation of sophisticated cyber threats—including AI-driven malware and deepfake fraud—led to a dramatic increase in cybersecurity investments. Many businesses adopted zero-trust models, ensuring that no user or device is trusted by default, even within corporate networks. Product owners must build products with a DevSecOps mindset and must think out misuse cases from many angles. Additionally, the integration of machine learning for anomaly detection enabled real-time identification of threats, reducing breach response times by over 50%. As the cost of cybercrime is projected to exceed $10 trillion globally by 2025, organizations must prioritize cyber resilience through advanced threat intelligence, employee training, and frequent vulnerability assessments. Cyber resilience is no longer a luxury but a fundamental pillar of operational stability.[3]

4. Quantum Readiness Emerges as a Critical Strategy:

Quantum computing made significant strides in 2024, with breakthroughs in error correction and hardware scalability bringing the technology closer to mainstream use. While practical quantum computers remain years away, their potential to break traditional encryption methods has already prompted a cybersecurity rethink. Forward-looking organizations have begun transitioning to quantum-safe cryptographic algorithms, ensuring that their sensitive data remains secure against future quantum attacks. Industries like finance and healthcare—where data sensitivity is paramount—are leading the charge. By adopting a proactive quantum readiness strategy, businesses can mitigate long-term risks and position themselves as leaders in a post-quantum era.[4]

5. The Blockchain Renaissance:

Blockchain technology continued to evolve beyond its cryptocurrency roots in 2024, finding innovative applications in sectors such as logistics, healthcare, and real estate. For example, blockchain’s immutable ledger capabilities enabled unprecedented transparency in supply chains, reducing fraud and enhancing consumer trust. Meanwhile, the tokenization of physical assets, such as real estate and fine art, democratized access to investment opportunities, attracting a broader range of participants. Organizations leveraging blockchain reported reduced operational costs and faster transaction times, proving that the technology’s value extends far beyond speculation. In 2025, businesses must explore blockchain’s potential as a tool for enhancing efficiency and fostering trust.[5]

6. Employee Upskilling for Digital Transformation:

The digital skills gap emerged as a critical bottleneck in 2024, prompting organizations to invest heavily in workforce development. Comprehensive upskilling programs focused on AI literacy, cybersecurity awareness, and digital strategy were launched across industries. Employees equipped with these skills demonstrated greater adaptability and productivity, enabling their organizations to better navigate technological disruptions. Additionally, companies that prioritized learning cultures saw higher retention rates, as employees valued the investment in their professional growth. As digital transformation accelerates, the ability to upskill and reskill the workforce will be a key differentiator for organizations aiming to remain competitive.[6]

7. Convergence of AI and IoT:

The integration of AI and the Internet of Things (IoT) reached new heights in 2024, driving advancements in smart factories, connected healthcare, and autonomous vehicles. AI-enabled IoT devices allowed businesses to predict equipment failures before they occurred, reducing downtime and maintenance costs by up to 20%. In healthcare, AI-powered wearable devices provided real-time insights into patient health, enabling early intervention and personalized treatment plans. The growing adoption of edge computing further enhanced the responsiveness of AI-IoT systems, enabling real-time decision-making at the device level. This convergence is set to redefine operational efficiency and customer experiences in 2025 and beyond.[7]

8. The Decentralized Finance (DeFi) Evolution:

Decentralized Finance (DeFi) continued to mature in 2024, overcoming early criticisms of security vulnerabilities and lack of regulation. Enhanced interoperability between DeFi platforms and traditional financial systems enabled seamless cross-border transactions, attracting institutional investors. Innovations such as decentralized insurance and automated compliance tools further bolstered confidence in the ecosystem. As traditional banks increasingly explore blockchain for settlement and lending services, the line between centralized and decentralized finance is beginning to blur. In 2025, DeFi’s scalability and innovation are poised to challenge the dominance of legacy financial institutions, creating new opportunities for both consumers and businesses.[8]

Looking Ahead:

The intersection of AI, cybersecurity, digital strategy, and cryptocurrency offers unprecedented opportunities for value creation. However, success will hinge on leaders’ ability to navigate complexity, embrace innovation, foster outstanding leadership, and prioritize ethical stewardship. As these trends continue to evolve, businesses must remain agile and forward-thinking.

About the Author:

Jeremy A. Swenson is a disruptive-thinking security entrepreneur, futurist/researcher, and seasoned senior management tech risk and digital strategy consultant. He is a frequent speaker, published writer, podcaster, and even does some pro bono consulting in these areas. He holds a certificate in Media Technology from Oxford University’s Media Policy Summer Institute, an MSST (Master of Science in Security Technologies) degree from the University of Minnesota’s Technological Leadership Institute, an MBA from Saint Mary’s University of Minnesota, and a BA in political science from the University of Wisconsin Eau Claire. He is an alum of the Federal Reserve Secure Payment Task Force, the Crystal, Robbinsdale, and New Hope Community Police Academy (MN), and the Minneapolis FBI Citizens Academy. You can follow him on LinkedIn and Twitter.

Footnotes:

  1. Smith, J. (2024). “AI’s Business Integration Challenges.” Tech Review.
  2. European Commission. (2024). “AI Act Regulatory Guidelines.” EU Tech Law Journal.
  3. Cybersecurity Ventures. (2024). “The Cost of Cybercrime: Annual Report.”
  4. Quantum Computing Report. (2024). “Quantum Progress and Cryptographic Implications.”
  5. Blockchain Association. (2024). “The Blockchain Beyond Crypto Study.”
  6. World Economic Forum. (2024). “The Future of Work: Digital Upskilling.”
  7. IoT Analytics. (2024). “The AI-IoT Convergence Report.”
  8. DeFi Pulse. (2024). “State of Decentralized Finance.”

Foreign Threat Actors Amplify Disinformation Ahead of 2024 U.S. Election, Warn FBI and CISA

Minneapolis—

As the 2024 U.S. general election nears, the FBI and CISA have issued a public service announcement to alert the public about foreign disinformation campaigns.[1] These campaigns, led by foreign adversaries, aim to undermine voter confidence by spreading false narratives before, during, and after Election Day. Despite these efforts, the FBI and CISA confirm that there is no evidence of malicious cyber activity compromising U.S. election infrastructure, including voter registration systems, ballots, or vote-counting processes.

Evolving Disinformation Tactics with AI:

The disinformation campaigns have become more sophisticated due to the use of generative AI tools, which allow foreign actors to create convincing fake content, such as AI-generated articles, deepfake videos, and synthetic media.[2] These false narratives are then spread across multiple platforms, both in the U.S. and abroad. By lowering the barrier for creating and distributing disinformation, AI has made it easier for foreign actors to mislead the public and erode trust in the election process.

Disinformation Campaigns from Russia and Iran:

Russia and Iran are identified as the primary foreign actors behind many of these disinformation efforts. Russian operatives have set up AI-enhanced social media bot farms and cybersquatted on domains mimicking legitimate news websites, such as “washingtonpost.pm” and “foxnews.in,” to disseminate propaganda. The DOJ responded by seizing over 30 of these domains and indicting individuals linked to Russian government-controlled media outlets that covertly funded U.S. influence campaigns.

Iran, too, has engaged in similar efforts, with recent DOJ charges against Iranian nationals accused of hacking and leaking U.S. campaign materials to manipulate the election outcome.

Public Recommendations:

To help combat the spread of disinformation, FBI and CISA urge the public to:

  • Educate themselves about foreign influence operations, especially AI-generated content.
  • Rely on trusted sources, such as state and local election officials, to verify election-related claims.
  • Understand AI-generated content by looking for clues that content may be doctored or synthetic.
  • Report suspicious activity or disinformation attempts to the FBI.

Election Security Efforts:

Federal, state, and local authorities are collaborating to safeguard U.S. elections. The FBI investigates election crimes and foreign influence campaigns, while CISA works to secure election infrastructure. Jen Easterly, director of CISA, has reassured voters that the systems are more secure than ever, with robust cybersecurity measures in place, including paper ballot records that verify vote counts in 97% of jurisdictions.

Easterly emphasized that, although foreign adversaries will continue to attempt to influence U.S. elections, they will not be able to alter the final outcome. She also encouraged patience as election results may take time to finalize and urged the public to trust official sources. Being an election judge is not a bad idea either.

Conclusion:

As Election Day approaches, foreign disinformation campaigns remain a threat, but significant efforts have been made to secure the election process. With the support of informed voters and coordinated efforts from election officials, the integrity of U.S. elections can be maintained. We in the private sector need to share and support these efforts, as CISA, and the FBI cannot be everywhere.

About the Author:

Jeremy A. Swenson is a disruptive-thinking security entrepreneur, futurist/researcher, and seasoned senior management tech risk and digital strategy consultant. He is a frequent speaker, published writer, podcaster, and even does some pro bono consulting in these areas. He holds a certificate in Media Technology from Oxford University’s Media Policy Summer Institute, an MSST (Master of Science in Security Technologies) degree from the University of Minnesota’s Technological Leadership Institute, an MBA from Saint Mary’s University of Minnesota, and a BA in political science from the University of Wisconsin Eau Claire. He is an alum of the Federal Reserve Secure Payment Task Force, the Crystal, Robbinsdale, and New Hope Community Police Academy (MN), and the Minneapolis FBI Citizens Academy. You can follow him on LinkedIn and Twitter.

[1] CISA. “FBI and CISA Issue Public Service Announcement Warning of Tactics Foreign Threat Actors are Using to Spread Disinformation in the 2024 U.S. General Election.” 10/18/24. https://www.cisa.gov/news-events/news/fbi-and-cisa-issue-public-service-announcement-warning-tactics-foreign-threat-actors-are-using

[2] CISA. “FBI and CISA Issue Public Service Announcement Warning of Tactics Foreign Threat Actors are Using to Spread Disinformation in the 2024 U.S. General Election.” 10/18/24. https://www.cisa.gov/news-events/news/fbi-and-cisa-issue-public-service-announcement-warning-tactics-foreign-threat-actors-are-using

8 Key AI Trends Driving Business Innovation in 2024 and Beyond

Minneapolis—

Artificial Intelligence (AI) continues to drive massive innovation across industries, reshaping business operations, customer interactions, and cybersecurity landscapes. As AI’s capabilities grow, companies are leveraging key trends to stay competitive and secure. Below are six crucial AI trends transforming businesses today, alongside critical insights on securing AI infrastructure, promoting responsible AI use, and enhancing workforce efficiency in a digital world.

1. Generative AI’s Creative Expansion

Generative AI, known for producing content from text and images to music and 3D models, is expanding its reach into business innovation.[1] AI systems like GPT-4 and DALL·E are being applied across industries to automate creativity, allowing businesses to scale their marketing efforts, design processes, and product innovation.

Business Application: Marketing teams are using generative AI to create personalized, dynamic campaigns across digital platforms. Coca-Cola and Nike, for instance, have employed AI to tailor advertising content to different customer segments, improving engagement and conversion rates. Product designers in industries like fashion and automotive are also using generative models to prototype new designs faster than ever before.

2. AI-Powered Personalization

AI’s ability to analyze vast datasets in real time is driving hyper-personalized experiences for consumers. This trend is especially important in sectors like e-commerce and entertainment, where personalized recommendations significantly impact user engagement and loyalty.

Business Application: Streaming platforms like Netflix and Spotify rely on AI algorithms to provide tailored content recommendations based on users’ preferences, viewing habits, and search history.[2] Retailers like Amazon are also leveraging AI to offer personalized shopping experiences, recommending products based on past purchases and browsing behavior, further boosting customer satisfaction.

3. AI-Driven Automation in Operations

Automation powered by AI is optimizing operations and processes across industries, from manufacturing to customer service. By automating repetitive and manual tasks, businesses are reducing costs, improving efficiency, and reallocating resources to higher-value activities.

Business Application: Tesla and Siemens are implementing AI in robotic process automation (RPA) to streamline production lines and monitor equipment for potential breakdowns. In customer service, AI chatbots and virtual assistants are being used to handle routine inquiries, providing real-time support to customers while freeing human agents to address more complex issues.

4. Securing AI Infrastructure and Development Practices

As AI adoption grows, so does the need for robust security measures to protect AI infrastructure and development processes. AI systems are vulnerable to cyberattacks, data breaches, and unauthorized access, highlighting the importance of securing AI from development to deployment.

Business Application: Organizations are recognizing the importance of securing AI models, data, and networks through multi-layered security frameworks. The U.S. AI Safety Institute Consortium is actively developing guidelines for AI safety and security, including red-teaming and risk management practices, to ensure AI systems are resilient to attacks. DevSecOps needs to be on the front end of this. To address challenges in securing AI, companies are pushing for standardization in AI audits and evaluations, ensuring consistency in security practices across industries.

5. AI in Predictive Analytics and Decision-Making

Predictive analytics, powered by AI, is enabling companies to forecast trends, predict consumer behavior, and make data-driven decisions with greater accuracy. This is particularly valuable in finance, healthcare, and retail, where anticipating demand or market shifts can lead to significant competitive advantages.

Business Application: Financial institutions like JPMorgan Chase are using AI for predictive analytics to evaluate market conditions, identify investment opportunities, and manage risk.[3] Retailers such as Walmart are employing AI to forecast inventory needs, helping to optimize supply chains and reduce waste. Predictive analytics also allows companies to make proactive decisions regarding customer retention and product development.

6. AI for Enhanced Cybersecurity

AI plays an increasingly pivotal role in improving cybersecurity defenses. AI-driven systems are capable of detecting anomalies, identifying potential threats, and responding to attacks in real-time, offering advanced protection for both physical and digital assets.

Business Application: Leading organizations are integrating AI into cybersecurity protocols to automate threat detection and enhance system defenses. IBM’s AI-powered QRadar platform helps companies identify and respond to cyberattacks by analyzing network traffic and detecting unusual activity.[4] AI systems are also improving identity authentication through biometrics, ensuring that only authorized users gain access to sensitive data.

Moreover, businesses are adopting AI governance frameworks to secure their AI infrastructure and ensure ethical deployment. Evaluating risks associated with open- and closed-source AI development allows for transparency and the implementation of tailored security strategies across sectors.

7. Promoting Responsible AI Use and Security Governance

Beyond technical innovation, AI governance and responsible use are paramount to ensure that AI is developed and applied ethically. Promoting responsible AI use means adhering to best practices and security standards to prevent misuse and unintended harm. The NIST AI risk management framework is a good reference for this.[5]

Business Application: Companies are actively developing frameworks that incorporate ethical principles throughout the lifecycle of AI systems. Microsoft and Google are leading initiatives to mitigate bias and ensure transparency in AI algorithms. Governments and private sectors are also collaborating to develop standardized guidelines and security metrics, helping organizations maintain ethical compliance and robust cybersecurity.

8. Enhancing Workforce Efficiency and Skills Development

AI’s role in enhancing workforce efficiency is not limited to automating tasks. AI-driven training and simulations are transforming how organizations develop and retain talent, particularly in cybersecurity, where skilled professionals are in high demand.

Business Application: Companies are investing in AI-driven educational platforms that simulate real-world cybersecurity scenarios, helping employees hone their skills in a dynamic, hands-on environment. These AI-powered platforms allow for personalized learning, adapting to individual skill levels and providing targeted feedback. Additionally, AI is being used to identify skill gaps within teams and recommend tailored training programs, improving workforce readiness for future challenges. Yet, people who are AI capable still need to support these apps and managerial efforts.

Conclusion: AI’s Role in Business and Security Transformation

As AI tools advance rapidly, it’s wise to assume they can access and analyze all publicly available content, including social media posts and articles like this one. While AI can offer valuable insights, organizations must remain vigilant about how these tools interact with one another, ensuring that application-to-application permissions are thoroughly scrutinized. Public-private partnerships, such as InfraGard, need to be strengthened to address these evolving challenges. Not everyone needs to be a journalist, but having the common sense to detect AI- or malware-generated fake news is crucial. It’s equally important to report any AI bias within big tech from perspectives including IT, compliance, media, and security.

Amid the AI hype, organizations should resist the urge to adopt every new tool that comes along. Instead, they should evaluate each AI system or use case based on measurable, real-world outcomes. AI’s rapid evolution is transforming both business operations and cybersecurity practices. Companies that effectively leverage trends like generative AI, predictive analytics, and automation, while prioritizing security and responsible use, will be better positioned to lead in the digital era. Securing AI infrastructure, promoting ethical AI development, and investing in workforce skills are crucial for long-term success.

Cloud infrastructure is another area that will continue to expand quickly, adding complexity to both perimeter security and compliance. Organizations should invest in AI-based cloud solutions and prioritize hiring cloud-trained staff. Diversifying across multiple cloud providers can mitigate risk, promote vendor competition, and ensure employees gain cross-platform expertise.

To navigate this complex landscape, businesses should adopt ethical, innovative, and secure AI strategies. Forming an AI governance committee is essential to managing the unique risks posed by AI, ensuring they aren’t overlooked or mistakenly merged with traditional IT risks. The road ahead holds tremendous potential, and those who proceed with careful consideration and adaptability will lead the way in AI-driven transformation.

About the Author:

Jeremy A. Swenson is a disruptive-thinking security entrepreneur, futurist/researcher, and seasoned senior management tech risk and digital strategy consultant. He is a frequent speaker, published writer, podcaster, and even does some pro bono consulting in these areas. He holds a certificate in Media Technology from Oxford University’s Media Policy Summer Institute, an MSST (Master of Science in Security Technologies) degree from the University of Minnesota’s Technological Leadership Institute, an MBA from Saint Mary’s University of Minnesota, and a BA in political science from the University of Wisconsin Eau Claire. He is an alum of the Federal Reserve Secure Payment Task Force, the Crystal, Robbinsdale, and New Hope Community Police Academy (MN), and the Minneapolis FBI Citizens Academy. You can follow him on LinkedIn and Twitter.

References:

[1] PYMNTS. “AI Sparks a Creative Revolution in Business, With an Unexpected Twist.” 07/19/24. https://www.pymnts.com/artificial-intelligence-2/2024/ai-sparks-a-creative-revolution-in-business-with-an-unexpected-twist/

[2] Josifovski, Vanja. “The Future Of AI-Powered Personalization: The Potential Of Choices.” Forbes. https://www.forbes.com/councils/forbestechcouncil/2023/07/03/the-future-of-ai-powered-personalization-the-potential-of-choices/

[3] Son, Hugh. “JPMorgan Chase is giving its employees an AI assistant powered by ChatGPT maker OpenAI.” 08/09/24. https://www.cnbc.com/2024/08/09/jpmorgan-chase-ai-artificial-intelligence-assistant-chatgpt-openai.html

[4] Culafi, Alexander. “IBM launches AI-powered security offering QRadar Suite.” Tech Target. 04/23/23. https://www.techtarget.com/searchsecurity/news/365535549/IBM-launches-AI-powered-security-offering-QRadar-Suite

[5] NIST. “AI Risk Management Framework.” 07/26/24. https://www.nist.gov/itl/ai-risk-management-framework

Interview and Update on Ransomware Leader LockbitSupp

#lockbit #ransomware #cybersecurity #fraud #cyberextortion

Fig. 1. Dmitry Yuryevich Khoroshev, aka LockBitSupp.[1]

Law enforcement agencies spanning the United States, United Kingdom, and Australia have collectively pinpointed Russian national Dmitry Yuryevich Khoroshev as the suspected architect behind the infamous LockBit ransomware crime gang, operating under the moniker LockBitSupp. The government asserts LockBit victims span a wide array of entities, including individuals, small businesses, multinational corporations, hospitals, schools, nonprofit organizations, critical infrastructure, and government and law enforcement agencies. They are responsible for draining an estimated $500 million from its victims over an extensive hacking spree including:[2]

1)       148 built attacks.

2)       119 engaged in negotiations with victims, meaning they definitely deployed attacks.

3)       Of the 119 who began negotiations, there are 39 who appear not to have ever received a ransom payment.

4)       75 did not engage in any negotiation, so also appear not to have received any ransom payments.

The group has long evaded identification, with LockBitSupp shrouded in online anonymity due to multiple VPNs, VMs, and fake pass-through names and entities. He was so bold that he even offered a $10 million reward to anyone that could reveal his identity.[3]

This revelation comes in the wake of a substantial operation by UK law enforcement, which infiltrated LockBit’s systems, executed multiple arrests, dismantled its infrastructure, and intercepted internal communications, effectively reducing LockBit’s criminal operations but not stopping or deterring them. This was dubbed Operation Cronos and initiated in February 2024.[4]

Details disclosed by the United States Office of Foreign Assets Control (OFAC) reveal Khoroshev, aged 31 and residing in Russia, is under sanction, with his designation including various email and cryptocurrency addresses, alongside details from his Russian passport. Furthermore, the United States has filed a comprehensive indictment against him.[5] He also faces 26 criminal charges, including extortion and hacking, carrying a cumulative maximum penalty of 185 years in prison. The Justice Department has also issued a $10 million bounty for information leading to his arrest.

‘”This identification and charging of Khoroshev mark a significant milestone,” remarked Principal Deputy Assistant Attorney General Nicole Argentieri in a statement on Tuesday. “Through the meticulous efforts of our investigators and prosecutors, we have unveiled the individual behind LockBitSupp.”’[6]

According to the indictment, Khoroshev is alleged to have served as the developer and administrator of the LockBit ransomware group from its inception in September 2019 through May 2024, typically receiving a 20 percent share of each ransom payment extorted from LockBit victims.

Federal authorities utilized LockBit’s existing victim shaming website layout to disseminate press releases and provide free decryption tools. Following the FBI’s intervention, LockBitSupp reassured partners and affiliates via Russian cybercrime forums that the ransomware operation remained fully operational. Additional darknet websites were launched, promising the release of data stolen from several LockBit victims prior to the FBI’s intervention.

Fig. 2. Lockbit Victim Shaming Portal With FBI Takeover.[7]

Despite LockBitSupp’s claims of invincibility, law enforcement efforts have made strides. The group’s modus operandi included “double extortion,” demanding separate ransom payments for both unlocking hijacked systems and promising to delete stolen data. However, the Justice Department asserts LockBit never followed through on deleting victim data, regardless of ransom payments made — all the more reason why you should not pay or trust these types.

Khoroshev marks the sixth individual indicted as an active member of LockBit. Among those indicted are Russian nationals Artur Sungatov and Ivan Gennadievich Kondratyev, alias “Bassterlord,” charged with deploying LockBit against targets in various industries across multiple countries.[8]

Lastly, leading threat intel consultancy Recorded Future facilitated an interview with LockbitSupp over an encrypted app via the dark web, where he said they got the wrong guy, among other things. [9] The interview is linked here thanks to hard work of The Record from Recorded Future News and Dmitry Smilyanets!

Disclaimer:

All citations and statements are from publicly available reports. No private info was disclosed in this article. Feedback is welcome. Attempts to retaliate against or censor my research and/or writing will be reported (you will be blocked). This was drafted with the current info, and future info could change things.

About the Author:

Jeremy Swenson is a disruptive-thinking security entrepreneur, futurist/researcher, and senior management tech risk consultant. He is a frequent speaker, published writer, podcaster, and even does some pro bono consulting in these areas. He holds an MBA from St. Mary’s University of MN, an MSST (Master of Science in Security Technologies) degree from the University of Minnesota, and a BA in political science from the University of Wisconsin Eau Claire. He is an alum of the Federal Reserve Secure Payment Task Force, the Crystal, Robbinsdale and New Hope Citizens Police Academy, and the Minneapolis FBI Citizens Academy.

References:

[1] Goodin, Dan. “Ransomware mastermind LockBitSupp reveled in his anonymity—now he’s been ID’d.” Ars Technical. 05/07/24. https://arstechnica.com/security/2024/05/the-mastermind-of-the-prolific-ransomware-group-lockbit-has-finally-been-unmasked/

[2] National Crime Agency (NCA). “LockBit leader unmasked and sanctioned.” Viewed 05/10/24. https://www.nationalcrimeagency.gov.uk/news/lockbit-leader-unmasked-and-sanctioned

[3] Burgess, Matt. “The Alleged LockBit Ransomware Mastermind Has Been Identified.” Wired. 05/07/24. https://www.wired.com/story/lockbitsupp-lockbit-ransomware/

[4] Boyton, Christopher. “Unveiling the Fallout: Operation Cronos’ Impact on LockBit Following Landmark Disruption.” Trend Micro. 04/03/24. https://www.trendmicro.com/en_us/research/24/d/operation-cronos-aftermath.html

[5] US Attorneys Office: NJ. “U.S. Charges Russian National with Developing and Operating Lockbit Ransomware.” 05/07/24. https://www.justice.gov/usao-nj/pr/us-charges-russian-national-developing-and-operating-lockbit-ransomware

[6] Sean Powers, Sean; Abdul-Malik, Jade; Temple Raston, Dina. “In interview, LockbitSupp says authorities outed the wrong guy.” The Record by Recorded Future. 05/09/24. https://therecord.media/lockbitsupp-interview-ransomware-cybercrime-lockbit  

[7] Boyton, Christopher. “Unveiling the Fallout: Operation Cronos’ Impact on LockBit Following Landmark Disruption.” Trend Micro. 04/03/24. https://www.trendmicro.com/en_us/research/24/d/operation-cronos-aftermath.html

[8] FlashPoint. “Indictment-USA-v.-Ivan-Kondratyev.” 05/17/22. https://flashpoint.io/wp-content/uploads/Indictment-USA-v.-Ivan-Kondratyev.pdf

[9] Sean Powers, Sean; Abdul-Malik, Jade; Temple Raston, Dina. “In interview, LockbitSupp says authorities outed the wrong guy.” The Record by Recorded Future. 05/09/24. https://therecord.media/lockbitsupp-interview-ransomware-cybercrime-lockbit

Secure Cloud Best Practices — A Collaborative Endeavor for Business Resilience

Fig. 1. Cloud Shared Security Responsibility Model, Microsoft, 2024.

#CloudSecurity #CyberSecurity #SharedResponsibility #IAM #DataEncryption #PolicyCompliance #EmployeeTraining #EndpointSecurity #RiskMitigation #DataProtection #BusinessResilience #InfoSec #SecurityAwareness #CloudMigration #CIOInsights

In today’s digitally interconnected world, the cloud has emerged as a cornerstone of modern business operations, offering scalability, flexibility, and efficiency like never before. Leading vendors like Amazon Web Services (AWS), Microsoft, Oracle, Dell, and Oracle offer public, private, and hybrid cloud formats. However, as businesses increasingly migrate their operations to the cloud, ensuring robust security measures becomes paramount. Here, we delve into seven essential strategies for securing the cloud effectively, emphasizing collaboration between C-suite leaders and IT stakeholders.

1)      Understanding the Cloud-Shared Responsibility Model:

The first step in securing the cloud is grasping the nuances of the shared responsibility model (Fig. 1.). While cloud providers manage the security of the infrastructure platform, customers are responsible for securing their data and applications, including who gets access to them and at what level (Fig 1.). This necessitates a clear delineation of responsibilities, ensuring no security gaps exist. CIOs and CISOs must thoroughly educate themselves and their teams on this model to make informed security decisions.

2)      Asking Detailed Security Questions:

It is imperative to engage cloud providers in detailed discussions regarding security measures, digging far deeper than boilerplate questions and checkbox forms. C-suite executives should inquire about specific security protocols, compliance certifications, incident response procedures, and data protection mechanisms. Organizations can mitigate risks and build trust in their cloud ecosystem by seeking transparency and understanding the provider’s security posture.

3)      Implementing IAM Solutions:

Identity and access management (IAM) lies at the core of cloud security. Robust IAM solutions enable organizations to authenticate, authorize, and manage user access effectively. CIOs and CISOs should invest in IAM platforms equipped with features like multi-factor authentication, role-based access control, least privilege, and privileged access management (PAM) governance. By enforcing the principle of least privilege, businesses can minimize the risk of unauthorized access and insider threats.

4)      Establishing Modern Cloud Security Policies:

A proactive approach to security entails the formulation of comprehensive cloud security policies aligned with industry best practices and regulatory requirements. Business leaders must collaborate with security professionals to develop policies covering data classification, incident response, encryption standards, and employee responsibilities. Regularly updating and reviewing these policies are essential to adapting to evolving threats and technologies — can be country specific.

5)      Encrypting Data in Motion and at Rest:

Encryption serves as a critical safeguard for data confidentiality and integrity in the cloud. Organizations should employ robust encryption mechanisms to protect data both in transit and at rest. Utilizing encryption protocols such as TLS for network communications and AES for data storage adds an extra layer of defense against unauthorized access. Additionally, implementing reliable backup solutions ensures data resilience in the event of breaches or disasters. Having all key files backed up via the 3-2-1 rule — three copies of files in two different media forms with one offsite — thus reducing ransomware attack damage.

6)      Educating Staff Regularly:

Human error remains one of the most significant vulnerabilities in cloud security. Therefore, ongoing employee education and awareness initiatives are indispensable. C-suite leaders must prioritize security training programs to cultivate a security-conscious culture across the organization. By educating staff on security best practices, threat awareness, and incident response protocols, businesses can fortify their defense against social engineering attacks and insider threats. Importantly, this education is far more effective when interactive and gamified to ensure participation and sustained learning outcomes.

7)      Mapping and Securing Endpoints:

Endpoints serve as crucial entry points for cyber threats targeting cloud environments. CIOs and CISOs should conduct thorough assessments to identify and secure all endpoints accessing the cloud infrastructure. Visually mapping endpoints is the first step to confirm how many, what type, and where they actually are at present — this can and does change. Implementing endpoint protection solutions, enforcing device management policies, and promptly deploying security patches are essential to mitigate endpoint vulnerabilities. Furthermore, embracing technologies like zero-trust architecture enhances endpoint security by continuously verifying user identities and device integrity.

In conclusion, securing the cloud demands a multifaceted approach encompassing collaboration, diligence, vendor communication and partnership, and innovation. By embracing the principles outlined above, organizations can strengthen their cloud security posture, mitigate risks, and foster a resilient business environment. C-suite leaders, in conjunction with IT professionals, must champion these strategies to navigate the evolving threat landscape and safeguard the future of their enterprises.

About the Author:

Jeremy Swenson is a disruptive-thinking security entrepreneur, futurist/researcher, and senior management tech risk consultant. He is a frequent speaker, published writer, podcaster, and even does some pro bono consulting in these areas. He holds an MBA from St. Mary’s University of MN, an MSST (Master of Science in Security Technologies) degree from the University of Minnesota, and a BA in political science from the University of Wisconsin Eau Claire. He is an alum of the Federal Reserve Secure Payment Task Force, the Crystal, Robbinsdale and New Hope Citizens Police Academy, and the Minneapolis FBI Citizens Academy.

AT&T Faces Massive Data Breach Impacting 73 Million and Negligence Lawsuits

Fig 1. AT&T Data Breach Infographic, WLBT3, 2024.

After weeks of denials, AT&T Inc. (NYSE:T), a leading player in the telecommunications sector, has recently unveiled a substantial data breach originating from 2021, leading to the compromise of sensitive information belonging to 73 million users [1]. This data breach has since surfaced on the dark web, exposing a trove of personal data including Social Security numbers, email addresses, phone numbers, and dates of birth, impacting both current and past account holders. The compromised information encompasses names, addresses, phone numbers, and for numerous individuals, highly sensitive data such as Social Security numbers, dates of birth, and AT&T passcodes.

How can you determine if you were impacted by the AT&T data breach? Firstly, ask yourself if you ever were a customer, and do not rely solely on AT&T to notify you. By utilizing services like Have I Been Pwned, you can ascertain if your data has been compromised. Additionally, Google’s Password Checkup tool can notify you if your account details are exposed, especially if you store password information in a Google account. For enhanced security, the premium edition of Bitwarden, a top-rated recommended password manager, offers the capability to scan for compromised passwords across the internet.

One prevalent issue concerning data breaches is the tendency for individuals to overlook safeguarding their data until it’s too late. It’s a common scenario – we often don’t anticipate our personal information falling into the hands of hackers who then sell it to malicious entities online. Regrettably, given the frequency and magnitude of cyber-attacks, the likelihood of your data being exposed has shifted from an “if” to a “when” scenario.

Given this reality, it’s imperative to adopt measures to safeguard your identity and data online, including [2]:

  1. Implementing multi-factor authentication – a crucial step in thwarting hackers’ attempts to infiltrate your accounts, even if your email address is publicly available.
  2. Avoiding password reuse and promptly changing passwords if they are compromised in a data breach – this practice ensures that even if your login credentials are exposed, hackers cannot infiltrate other accounts you utilize, including the one that has experienced a breach.
  3. Investing in identity protection services, either as standalone solutions or as part of comprehensive internet security suites – identity protection software can actively monitor the web for data breaches involving you, enabling you to take proactive measures to safeguard your identity.

AT&T defines a customer’s passcode as a numeric Personal Identification Number (PIN), typically consisting of four digits. Distinguishing it from a password, a passcode is necessary for finalizing an AT&T installation, conducting personal account activities over the phone, or reaching out to technical support, according to AT&T.

How to reset your AT&T passcode:

AT&T has taken steps to reset passcodes for active accounts affected by the data breach. However, as a precautionary measure, AT&T advises users who haven’t altered their passcodes within the last year to do so. Below are the steps to change your AT&T passcode:

  1. Navigate to your myAT&T Profile.
  2. Sign in when prompted. (If additional security measures are in place and sign-in isn’t possible, AT&T suggests opting for “Get a new passcode.”)
  3. Locate “My linked accounts” and select “Edit” for the passcode you wish to update.
  4. Follow the provided prompts to complete the process.

Here is AT&T’s official statement on the matter from 03/03/24 [3]:

“Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders. Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set. The company is communicating proactively with those impacted and will be offering credit monitoring at our expense where applicable. We encourage current and former customers with questions to visit http://www.att.com/accountsafety for more information.”

The hackers behind this, allegedly ShiningHacker, endeavored to profit from the pilfered data by listing it for sale on the RaidForums data theft forum, initiating the bidding at $200,000 and entertaining additional offers in increments of $30,000 [4]. Moreover, they demonstrated readiness to promptly sell the data for $1 million, highlighting the gravity and boldness of the cyber offense.

Not surprisingly, AT&T is currently confronting numerous class-action lawsuits subsequent to the company’s acknowledgment of this data breach, which compromised the sensitive information of 73 million existing and former customers [5]. Among the ten lawsuits filed, one is being handled by Morgan & Morgan, representing plaintiff Patricia Dean and individuals in similar circumstances.

The lawsuit levels allegations of negligence, breach of implied contract, and unjust enrichment against AT&T, contending that the company’s deficient security measures and failure to promptly provide adequate notification about the data breach exposed customers to significant risks, including identity theft and various forms of fraud. It seeks compensatory damages, restitution, injunctive relief, enhancements to AT&T’s data security protocols, future audits, credit monitoring services funded by the company, and a trial by jury [6].


About the Author:

Jeremy Swenson is a disruptive-thinking security entrepreneur, futurist/researcher, and senior management tech risk consultant. He is a frequent speaker, published writer, podcaster, and even does some pro bono consulting in these areas. He holds an MBA from St. Mary’s University of MN, an MSST (Master of Science in Security Technologies) degree from the University of Minnesota, and a BA in political science from the University of Wisconsin Eau Claire. He is an alum of the Federal Reserve Secure Payment Task Force, the Crystal, Robbinsdale and New Hope Citizens Police Academy, and the Minneapolis FBI Citizens Academy.

References:

[1] AT&T. “AT&T Addresses Recent Data Set Released on the Dark Web.” 03/30/24: https://about.att.com/story/2024/addressing-data-set-released-on-dark-web.html

[2] Colby, Clifford, Combs, Mary-Elisabeth; “Data From 73 Million AT&T Accounts Stolen: How You Can Protect Yourself.” CNET. 04/02/24: https://www.cnet.com/tech/mobile/data-from-73-million-at-t-accounts-stolen-how-you-can-protect-yourself/

[3] AT&T. “AT&T Addresses Recent Data Set Released on the Dark Web.” 03/30/24: https://about.att.com/story/2024/addressing-data-set-released-on-dark-web.html

[4] Naysmith, Caleb. “73 Million AT&T Users’ Data Leaked As Hacker Said, ‘I Don’t Care If They Don’t Admit. I’m Just Selling’ Auctioned At Starting Price Of $200K”. https://finance.yahoo.com/news/73-million-t-users-data-173015617.html

[5] Kan, Michael. “AT&T Faces Class-Action Lawsuit Over Leak of Data on 73M Customers.” PC Mag. 04/02/24: https://www.pcmag.com/news/att-faces-class-action-lawsuit-over-leak-of-data-on-73m-customers

[6] Kan, Michael. “AT&T Faces Class-Action Lawsuit Over Leak of Data on 73M Customers.” PC Mag. 04/02/24: https://www.pcmag.com/news/att-faces-class-action-lawsuit-over-leak-of-data-on-73m-customers

Four Key Emerging Considerations with Artificial Intelligence (AI) in Cyber Security

#cryptonews #cyberrisk #techrisk #techinnovation #techyearinreview #infosec #musktwitter #disinformation #cio #ciso #cto #chatgpt #openai #airisk #iam #rbac #artificialintelligence #samaltman #aiethics #nistai #futurereadybusiness #futureofai

By Jeremy Swenson

Fig. 1. Zero Trust Components to Orchestration AI Mashup; Microsoft, 09/17/21; and Swenson, Jeremy, 03/29/24.

1. The Zero-Trust Security Model Becomes More Orchestrated via Artificial Intelligence (AI):

      The zero-trust model represents a paradigm shift in cybersecurity, advocating for the premise that no user or system, irrespective of their position within the corporate network, should be automatically trusted. This approach entails stringent enforcement of access controls and continual verification processes to validate the legitimacy of users and devices. By adopting a need-to-know-only access philosophy, often referred to as the principle of least privilege, organizations operate under the assumption of compromise, necessitating robust security measures at every level.

      Implementing a zero-trust framework involves a comprehensive overhaul of traditional security practices. It entails the adoption of single sign-on functionalities at the individual device level and the enhancement of multifactor authentication protocols. Additionally, it requires the implementation of advanced role-based access controls (RBAC), fortified network firewalls, and the formulation of refined need-to-know policies. Effective application whitelisting and blacklisting mechanisms, along with regular group membership reviews, play pivotal roles in bolstering security posture. Moreover, deploying state-of-the-art privileged access management (PAM) tools, such as CyberArk for password check out and vaulting, enables organizations to enhance toxic combination monitoring and reporting capabilities.

      App-to-app orchestration refers to the process of coordinating and managing interactions between different applications within a software ecosystem to achieve specific business objectives or workflows. It involves the seamless integration and synchronization of multiple applications to automate complex tasks or processes, facilitating efficient data flow and communication between them. Moreover, it aims to streamline and optimize various operational workflows by orchestrating interactions between disparate applications in a cohesive manner. This orchestration process typically involves defining the sequence of actions, dependencies, and data exchanges required to execute a particular task or workflow across multiple applications.

      However, while the concept of zero-trust offers a compelling vision for fortifying cybersecurity, its effective implementation relies on selecting and integrating the right technological components seamlessly within the existing infrastructure stack. This necessitates careful consideration to ensure that these components complement rather than undermine the orchestration of security measures. Nonetheless, there is optimism that the rapid development and deployment of AI-based custom middleware can mitigate potential complexities inherent in orchestrating zero-trust capabilities. Through automation and orchestration, these technologies aim to streamline security operations, ensuring that the pursuit of heightened security does not inadvertently introduce operational bottlenecks or obscure visibility through complexity.

      2. Artificial Intelligence (AI) Powered Threat Detection Has Improved Analytics:

      The utilization of artificial intelligence (AI) is on the rise to bolster threat detection capabilities. Through machine learning algorithms, extensive datasets are scrutinized to discern patterns suggestive of potential security risks. This facilitates swifter and more precise identification of malicious activities. Enhanced with refined machine learning algorithms, security information and event management (SIEM) systems are adept at pinpointing anomalies in network traffic, application logs, and data flow, thereby expediting the identification of potential security incidents for organizations.

      There will be reduced false positives which has been a sustained issue in the past with large overconfident companies repeatedly wasting millions of dollars per year fine tuning useless data security lakes that mostly produce garbage anomaly detection reports [1], [2]. Literally the kind good artificial intelligence (AI) laughs at – we are getting there. All the while, the technology vendors try to solve this via better SIEM functionality for an increased price at present. Yet we expect prices to drop really low as the automation matures.  

      With enhanced natural language processing (NLP) methodologies, artificial intelligence (AI) systems possess the capability to analyze unstructured data originating from various sources such as social media feeds, images, videos, and news articles. This proficiency enables organizations to compile valuable threat intelligence, staying abreast of indicators of compromise (IOCs) and emerging attack strategies. Notable vendors offering such services include Dark Trace, IBM, CrowdStrike, and numerous startups poised to enter the market. The landscape presents ample opportunities for innovation, necessitating the abandonment of past biases. Young, innovative minds well-versed in web 3.0 technologies hold significant value in this domain. Consequently, in the future, more companies are likely to opt for building their tailored threat detection tools, leveraging advancements in AI platform technology, rather than purchasing pre-existing solutions.

      3. Artificial Intelligence (AI) Driven Threat Response Ability Advances:

      Artificial intelligence (AI) isn’t just confined to threat detection; it’s increasingly playing a pivotal role in automating response actions within cybersecurity operations. This encompasses a range of tasks, including the automatic isolation of compromised systems, the blocking of malicious internet protocol (IP) addresses, the adjustment of firewall configurations, and the coordination of responses to cyber incidents—all achieved with greater efficiency and cost-effectiveness. By harnessing AI-driven algorithms, security orchestration, automation, and response (SOAR) platforms empower organizations to analyze and address security incidents swiftly and intelligently.

      SOAR platforms capitalize on AI capabilities to streamline incident response processes, enabling security teams to automate repetitive tasks and promptly react to evolving threats. These platforms leverage AI not only to detect anomalies but also to craft tailored responses, thereby enhancing the overall resilience of cybersecurity infrastructures. Leading examples of such platforms include Microsoft Sentinel, Rapid7 InsightConnect, and FortiSOAR, each exemplifying the fusion of AI-driven automation with comprehensive security orchestration capabilities.

      Microsoft Sentinel, for instance, utilizes AI algorithms to sift through vast volumes of security data, identifying potential threats and anomalies in real-time. It then orchestrates response actions, such as isolating compromised systems or blocking suspicious IP addresses, with precision and speed. Similarly, Rapid7 InsightConnect integrates AI-driven automation to streamline incident response workflows, enabling security teams to mitigate risks more effectively. FortiSOAR, on the other hand, offers a comprehensive suite of AI-powered tools for incident analysis, response automation, and threat intelligence correlation, empowering organizations to proactively defend against cyber threats. Basically, AI tools will help SOAR tools mature so security operations centers (SOCs) can catch the low hanging fruit; thus, they will have more time for analysis of more complex threats. These AI tools will employ the observe, orient, decide, act (OODA) Loop methodology [3]. This will allow them to stay up to date, customized, and informed of many zero-day exploits. At the same time, threat actors will constantly try to avert this with the same AI but with no governance.

        4. Artificial Intelligence (AI) Streamlines Cloud Security Posture Management (CSPM):

        With the escalating migration of organizations to cloud environments, safeguarding the security of cloud assets emerges as a paramount concern. While industry giants like Microsoft, Oracle, and Amazon Web Services (AWS) dominate this landscape with their comprehensive cloud offerings, numerous large organizations opt to establish and maintain their own cloud infrastructures to retain greater control over their data and operations. In response to the evolving security landscape, the adoption of cloud security posture management (CSPM) tools has become imperative for organizations seeking to effectively manage and fortify their cloud environments.

        CSPM tools play a pivotal role in enhancing the security posture of cloud infrastructures by facilitating continuous monitoring of configurations and swiftly identifying any misconfigurations that could potentially expose vulnerabilities. These tools operate by autonomously assessing cloud configurations against established security best practices, ensuring adherence to stringent compliance standards. Key facets of their functionality include the automatic identification of unnecessary open ports and the verification of proper encryption configurations, thereby mitigating the risk of unauthorized access and data breaches. “Keeping data safe in the cloud requires a layered defense that gives organizations clear visibility into the state of their data. This includes enabling organizations to monitor how each storage bucket is configured across all their storage services to ensure their data is not inadvertently exposed to unauthorized applications or users” [4]. This has considerations at both the cloud user and provider level especially considering artificial intelligence (AI) applications can be built and run inside the cloud for a variety of reasons. Importantly, these build designs often use approved plug ins from different vendors making it all the more complex.

        Furthermore, CSPM solutions enable organizations to proactively address security gaps and bolster their resilience against emerging threats in the dynamic cloud landscape. By providing real-time insights into the security status of cloud assets, these tools empower security teams to swiftly remediate vulnerabilities and enforce robust security controls. Additionally, CSPM platforms facilitate comprehensive compliance management by generating detailed reports and audit trails, facilitating adherence to regulatory requirements and industry standards.

        In essence, as organizations navigate the complexities of cloud adoption and seek to safeguard their digital assets, CSPM tools serve as indispensable allies in fortifying cloud security postures. By offering automated monitoring, proactive threat detection, and compliance management capabilities, these solutions empower organizations to embrace the transformative potential of cloud technologies while effectively mitigating associated security risks.

        About the Author:

        Jeremy Swenson is a disruptive-thinking security entrepreneur, futurist / researcher, and senior management tech risk consultant. He is a frequent speaker, published writer, podcaster, and even does some pro bono consulting in these areas. He holds an MBA from St. Mary’s University of MN, an MSST (Master of Science in Security Technologies) degree from the University of Minnesota, and a BA in political science from the University of Wisconsin Eau Claire. He is an alum of the Federal Reserve Secure Payment Task Force, the Crystal, Robbinsdale and New Hope Citizens Police Academy, and the Minneapolis FBI Citizens Academy.

        References:

        [1] Tobin, Donal; “What Challenges Are Hindering the Success of Your Data Lake Initiative?” Integrate.io. 10/05/22: https://www.integrate.io/blog/data-lake-initiative/

        [2] Chuvakin, Anton; “Why Your Security Data Lake Project Will … Well, Actually …” Medium. 10/22/22. https://medium.com/anton-on-security/why-your-security-data-lake-project-will-well-actually-78e0e360c292

        [3] Michael, Katina, Abbas, Roba, and Roussos, George; “AI in Cybersecurity: The Paradox.” IEEE Transactions on Technology and Society. Vol. 4, no. 2: pg. 104-109. 2023: https://ieeexplore.ieee.org/abstract/document/10153442

        [4] Rosencrance, Linda; “How to choose the best cloud security posture management tools.” CSO Online. 10/30/23: https://www.csoonline.com/article/657138/how-to-choose-the-best-cloud-security-posture-management-tools.html

        NIST Cybersecurity Framework (CSF) New Version 2.0 Summary

        Fig. 1. NIST CSF 2.0 Stepper, NIST, 2024.

        #cyberresilience #cybersecurity #generativeai #cyberthreats #enterprisearchitecture #CIO #CTO #riskmanagement #bias #governance #RBAC #CybersecurityFramework #Cybersecurity #NISTCSF #RiskManagement #DigitalResilience #nist #nistframework #cyberawareness

        The National Institute of Standards and Technology (NIST) has updated its widely used Cybersecurity Framework (CSF) — a free respected landmark guidance document for reducing cybersecurity risk. However, it’s important to note that most of the framework core has remained the same. Here are the core components the security community knows:

        Govern (GV): Sets forth the strategic path and guidelines for managing cybersecurity risks, ensuring harmony with business goals and adherence to legal requirements and standards. This is the newest addition which was inferred before but is specifically illustrated to touch every aspect of the framework. It seeks to establish and monitor your company’s cybersecurity risk management strategy, expectations, and policy.

        1.      Identify (ID): Entails cultivating a comprehensive organizational comprehension of managing cybersecurity risks to systems, assets, data, and capabilities.

        2.      Protect (PR): Concentrates on deploying suitable measures to guarantee the provision of vital services.

        3.      Detect (DE): Specifies the actions for recognizing the onset of a cybersecurity incident.

        4.      Respond (RS): Outlines the actions to take in the event of a cybersecurity incident.

        5.      Recover (RC): Focuses on restoring capabilities or services that were impaired due to a cybersecurity incident.

        The new 2.0 edition is structured for all audiences, industry sectors, and organization types, from the smallest startups and nonprofits to the largest corporations and government departments — regardless of their level of cybersecurity preparedness and complexity.

        Fig. 2. NIST CSF 2.0 Function Breakdown, NIST, 2024.

        Here are some key updates:

        Emphasis is placed on the framework’s expanded scope, extending beyond critical infrastructure to encompass all organizations. Importantly, it better incorporates and expands upon supply chain risk management processes. It also introduces a new focus on governance, highlighting cybersecurity as a critical enterprise risk with many dependencies. This is critically important with the emergence of artificial intelligence.

        To make it easier for a wide variety of organizations to implement the CSF 2.0, NIST has developed quick-start guides customized for various audiences, along with case studies showcasing successful implementations, and a searchable catalog of references, all aimed at facilitating the adoption of CSF 2.0 by diverse organizations.

        The CSF 2.0 is aligned with the National Cybersecurity Strategy and includes a suite of resources to adapt to evolving cybersecurity needs, emphasizing a comprehensive approach to managing cybersecurity risk. New adopters can benefit from implementation examples and quick-start guides tailored to specific user types, facilitating easier integration into their cybersecurity practices. The CSF 2.0 Reference Tool simplifies implementation, enabling users to access, search, and export core guidance data in user-friendly and machine-readable formats. A searchable catalog of references allows organizations to cross-reference their actions with the CSF, linking to over 50 other cybersecurity documents – facilitating comprehensive risk management. The Cybersecurity and Privacy Reference Tool (CPRT) contextualizes NIST resources with other popular references, facilitating communication across all levels of an organization.

        NIST aims to continually enhance CSF resources based on community feedback, encouraging users to share their experiences to improve collective understanding and management of cybersecurity risk. The CSF’s international adoption is significant, with translations of previous versions into 13 languages. NIST expects CSF 2.0 to follow suit, further expanding its global reach. NIST’s collaboration with ISO/IEC aligns cybersecurity frameworks internationally, enabling organizations to utilize CSF functions in conjunction with ISO/IEC resources for comprehensive cybersecurity management.

        Resources:

        1. NIST CSF 2.0 Fact Sheet.
        2. NIST CSF 2.0 PDF.
        3. NIST CSF 2.0 Reference Tool.
        4. NIST CSF 2.0 YouTube Breakdown.

        About the Author:

        Jeremy Swenson is a disruptive-thinking security entrepreneur, futurist/researcher, and senior management tech risk consultant. He is a frequent speaker, published writer, podcaster, and even does some pro bono consulting in these areas. He holds an MBA from St. Mary’s University of MN, an MSST (Master of Science in Security Technologies) degree from the University of Minnesota, and a BA in political science from the University of Wisconsin Eau Claire. He is an alum of the Federal Reserve Secure Payment Task Force, the Crystal, Robbinsdale and New Hope Citizens Police Academy, and the Minneapolis FBI Citizens Academy.