- TunnelBear VPN review: An affordable, easy-to-use VPN with few a few notable pitfalls
- VMware Product Release Tracker (vTracker)
- I use this cheap Android tablet more than my iPad Pro - and it costs a fraction of the price
- One of my favorite budget tablets this year managed to be replace both my Kindle and iPad
- I tested DJI's palm-sized drone, and it captured things I had never seen before
December 2021: Cyber Deception Month Continues…Halting Holiday Hackers…
Authored by: Gary Miliefsky of Cyber Defense Magazine
Deep fake, dropped USB sticks, free offers, vishing, smishing and deep phishing attacks, smart-everything (weak IoT devices), malicious apps, driveby malware, distributed denial of service attacks and so much more abound in our world – my team and yours is bombarded with this garbage, on a daily basis. There is one purpose – steal data. They want identities and they want money. It’s that simple. If we don’t stop the bad guys by using Time-based Security, they will deceive us and others we trust and therefore victimize our organizations. So, continuing on the formulas:
Risk = Threats x Vulnerabilities x Assets
R = T x V x A
To better comply with regulations, you need to better manage, measure and document risk:
- T = The latest Threat Detection/Blocking Tools at near WIRE SPEED…go faster!
- V = The Vulnerability Management offerings to close more holes, smaller exploit surface!
- A = The latest People, Cloud and Endpoint Protection offerings …control access, defend weaker assets!
Pt > Dt + Rt
Et = Dt + Rt
These may be the most important formulas for you as a CISO and/or IT Security staff to know and understand.
For your job security, family, corporate and government data protection, these will be your infosec lifeline.
I’ll explain more in part three of this article/series…
But what about our family and friends on the holidays?
As we continue through our series on Cyber Deception, sponsored by our good friends at Attivo Networks, I can’t help thinking about those who are being victimized right now, as you read this – it could be you, your relative, your children or even their grandparents. Thanks to the IdentityTheft.gov and our good friends at the FTC.gov, who can help you report and recover from identity theft. But as the experts in Cyber Deception teach us, why wait? Let’s get ahead of the problem and defeat the porch pirates and the cyber scrooges.
CYBER SCROOGES
Cyber security expert Gary Miliefsky joins WMUR to discuss best tips and practices for good cyber security as online shopping increases for the holiday season.
PORCH PIRATES
During the gift-giving season, land-locked Blackbeards who snatch packages from doorsteps may also hack into online tracking systems. Online shopping has made life easier for consumers and is especially handy during the holidays. But it’s also created more opportunities for “porch pirates,” the thieves who prey on those parcels left on doorsteps.
Many porch pirates are low tech, simply cruising neighborhoods where they know deliveries are taking place and grabbing the unattended packages. But porch pirates who also happen to be cyber criminals can use your own technology against you.
A more sophisticated porch pirate might send you an SMS message or email with malware. That would let them gain access to your computer or smartphone, and they could install a RAT (Remote Access Trojan). Then they can eavesdrop on your orders and deliveries.
They also might be able to locate you through the geolocation feature on your phone. That would tell them when you are away from home, the final link in their well-laid plan.
Here are tips for outwitting porch pirates and keeping those packages safe:
- Get permission to ship all your packages to work. That way they aren’t left unguarded at your doorstep for hours where anyone walking by could snatch them. If this arrangement works out, be sure to tell all your friends and family also to ship packages to your work address.
- Ask a friend or neighbor to receive your packages for you. You might not be home on work days, but plenty of people are. Trusted friends who are retired or who work at home might be happy to let you have packages delivered to them for safe keeping.
- If a neighbor can’t receive your packages and you can’t get them at work, another option is available. Try a service that lets you arrange for a package to be held at a warehouse until you arrive home. Then you can arrange delivery for evening hours that better suit you. More research you’ll need to do is available at Venture Radar.
- Disable geolocation on your smartphone so that porch pirates – or other hackers for that matter – can’t track your location. No need to make it easier on them.
- Set up a live recording video camera aimed at your porch. That could allow you to spot a theft as it happens and alert law enforcement, or at least provide you with video later that might help identify the porch pirates.
IdentityTheft.gov is the federal government’s one-stop resource for identity theft victims. The site provides streamlined checklists and sample letters to guide you through the recovery process. Visit for prevention tips and free resources to share in your community.
About our Publisher
Gary S. Miliefsky, fmDHS, CISSP
Publisher, Cyber Defense Magazine
Chairman & CEO, Cyber Defense Media Group
Gary Miliefsky is an internationally recognized cybersecurity expert, bestselling author and keynote speaker. He is a Founding Member of the US Department of Homeland Security, served on the National Information Security Group and served on the OVAL advisory board of MITRE responsible for the CVE Program. He also assisted the National Infrastructure Advisory Council (NIAC), which operates within the U.S. Department of Homeland Security, in their development of The National Strategy to Secure Cyberspace as well as the Center for the Study of Counter-Terrorism and Cyber Crime at Norwich University. Gary has been founder and/or inventor for technologies and corporations sold and licensed to Hexis Cyber, WatchGuard, Intel/McAfee, IBM, Computer Associates and BlackBox Corporation. Gary is a member of ISC2.org and is a CISSP®. He also helped enhance the original FTP protocol (RFC959) under DARPA funded research among many prolific projects. He has been a keynote speaker in over 40 countries. Gary is a non-partisan executive who denounces all conspiracy theories.
He founded and remains the Publisher of Cyber Defense Magazine since 2012 and on it’s 10th anniversary, has reacquired it.
He is a frequent invited guest on national and international media commenting on breaches, cyber crime, internet of things, cloud computing, digital transformation, artificial intelligence, privacy, cyber security, and cyber terrorism. He has also been covered in Forbes, Fortune and Inc. Magazines.
He is also an expert on Cryptocurrencies and related fraud as well as most issues pertaining to ICOs, Bitcoins, Blockchain technology and Ransomware. His recent bestselling book being update for an early 2022 release rated nearly 5.0 stars, is entitled Cryptoconomy – Bitcoins, Blockchains and Badguys, available here: https://www.amazon.com/Cryptoconomy-Bitcoins-Blockchains-Bad-Guys-ebook/dp/B07KPNS9NH/
Gary is actively on National TV, Radio and in Print.